Add new wrappers functions for IP Set using VDC Groups

.changes/v2.15.0/451-features.md

@@ -0,0 +1 @@
+* Added functions `VdcGroup.GetNsxtFirewallGroupByName` and `VdcGroup.GetNsxtFirewallGroupById` [GH-451]

govcd/nsxt_firewall_group.go

@@ -124,6 +124,27 @@ func (vdc *Vdc) GetNsxtFirewallGroupByName(name, firewallGroupType string) (*Nsx
 	return getNsxtFirewallGroupByName(vdc.client, name, queryParameters)
 }
 
+// GetNsxtFirewallGroupByName allows users to retrieve Firewall Group by Name in a particular Vdc Group
+// firewallGroupType can be one of the following:
+// * types.FirewallGroupTypeSecurityGroup - for NSX-T Security Groups
+// * types.FirewallGroupTypeIpSet - for NSX-T IP Sets
+// * "" (empty) - search will not be limited and will get both - IP Sets and Security Groups
+//
+// Note. One might get an error if IP Set and Security Group exist with the same name (two objects
+// of the same type cannot exist) and firewallGroupType is left empty.
+func (vdcGroup *VdcGroup) GetNsxtFirewallGroupByName(name string, firewallGroupType string) (*NsxtFirewallGroup, error) {
+	queryParameters := url.Values{}
+
+	if firewallGroupType != "" {
+		queryParameters = queryParameterFilterAnd("type=="+firewallGroupType, queryParameters)
+	}
+
+	// Automatically inject Edge Gateway filter because this is an Edge Gateway scoped query
+	queryParameters = queryParameterFilterAnd("ownerRef.id=="+vdcGroup.VdcGroup.Id, queryParameters)
+
+	return getNsxtFirewallGroupByName(vdcGroup.client, name, queryParameters)
+}
+
 // GetNsxtFirewallGroupByName allows users to retrieve Firewall Group by Name in a particular Edge Gateway
 // firewallGroupType can be one of the following:
 // * types.FirewallGroupTypeSecurityGroup - for NSX-T Security Groups
@@ -160,6 +181,11 @@ func (egw *NsxtEdgeGateway) GetNsxtFirewallGroupById(id string) (*NsxtFirewallGr
 	return getNsxtFirewallGroupById(egw.client, id)
 }
 
+// GetNsxtFirewallGroupById retrieves NSX-T Firewall Group by ID
+func (vdcGroup *VdcGroup) GetNsxtFirewallGroupById(id string) (*NsxtFirewallGroup, error) {
+	return getNsxtFirewallGroupById(vdcGroup.client, id)
+}
+
 // Update allows users to update NSX-T Firewall Group
 func (firewallGroup *NsxtFirewallGroup) Update(firewallGroupConfig *types.NsxtFirewallGroup) (*NsxtFirewallGroup, error) {
 	endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointFirewallGroups

govcd/nsxt_firewall_group_ip_set_test.go

@@ -23,10 +23,10 @@ func (vcd *TestVCD) Test_NsxtIpSet(check *C) {
 	check.Assert(err, IsNil)
 
 	ipSetDefinition := &types.NsxtFirewallGroup{
-		Name:           check.TestName(),
-		Description:    check.TestName() + "-Description",
-		Type:           types.FirewallGroupTypeIpSet,
-		EdgeGatewayRef: &types.OpenApiReference{ID: edge.EdgeGateway.ID},
+		Name:        check.TestName(),
+		Description: check.TestName() + "-Description",
+		Type:        types.FirewallGroupTypeIpSet,
+		OwnerRef:    &types.OpenApiReference{ID: edge.EdgeGateway.ID},
 
 		IpAddresses: []string{
 			"12.12.12.1",
@@ -96,6 +96,62 @@ func (vcd *TestVCD) Test_NsxtIpSet(check *C) {
 	check.Assert(edgeIpSetByName.NsxtFirewallGroup, DeepEquals, orgIpSetByName.NsxtFirewallGroup)
 	check.Assert(edgeIpSetById.NsxtFirewallGroup, DeepEquals, edgeIpSetByName.NsxtFirewallGroup)
 
+	// Get Firewall Group using VDC Group
+	adminOrg, err := vcd.client.GetAdminOrgByName(vcd.config.VCD.Org)
+	check.Assert(err, IsNil)
+
+	nsxtExternalNetwork, err := GetExternalNetworkV2ByName(vcd.client, vcd.config.VCD.Nsxt.ExternalNetwork)
+	check.Assert(err, IsNil)
+	check.Assert(nsxtExternalNetwork, NotNil)
+
+	vdc, vdcGroup := test_CreateVdcGroup(check, adminOrg, vcd)
+	egwDefinition := &types.OpenAPIEdgeGateway{
+		Name:        "nsx-for-IpSet-edge",
+		Description: "nsx-for-IpSet-edge-description",
+		OwnerRef: &types.OpenApiReference{
+			ID: vdc.Vdc.ID,
+		},
+		EdgeGatewayUplinks: []types.EdgeGatewayUplinks{{
+			UplinkID: nsxtExternalNetwork.ExternalNetwork.ID,
+			Subnets: types.OpenAPIEdgeGatewaySubnets{Values: []types.OpenAPIEdgeGatewaySubnetValue{{
+				Gateway:      "1.1.1.1",
+				PrefixLength: 24,
+				Enabled:      true,
+			}}},
+			Connected: true,
+			Dedicated: false,
+		}},
+	}
+
+	// Create Edge Gateway in VDC Group
+	createdEdge, err := adminOrg.CreateNsxtEdgeGateway(egwDefinition)
+	check.Assert(err, IsNil)
+	check.Assert(createdEdge.EdgeGateway.OwnerRef.ID, Matches, `^urn:vcloud:vdc:.*`)
+	openApiEndpoint = types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointEdgeGateways + createdEdge.EdgeGateway.ID
+	PrependToCleanupListOpenApi(createdEdge.EdgeGateway.Name, check.TestName(), openApiEndpoint)
+
+	check.Assert(createdEdge.EdgeGateway.Name, Equals, egwDefinition.Name)
+	check.Assert(createdEdge.EdgeGateway.OwnerRef.ID, Equals, egwDefinition.OwnerRef.ID)
+
+	movedGateway, err := createdEdge.MoveToVdcOrVdcGroup(vdcGroup.VdcGroup.Id)
+	check.Assert(err, IsNil)
+	check.Assert(movedGateway.EdgeGateway.OwnerRef.ID, Equals, vdcGroup.VdcGroup.Id)
+	check.Assert(movedGateway.EdgeGateway.OwnerRef.ID, Matches, `^urn:vcloud:vdcGroup:.*`)
+
+	ipSetDefinition.Name = check.TestName() + "VdcGroup"
+	ipSetDefinition.OwnerRef.ID = vdcGroup.VdcGroup.Id
+	createdIpSetInVdcGroup, err := createdEdge.CreateNsxtFirewallGroup(ipSetDefinition)
+	check.Assert(err, IsNil)
+	check.Assert(createdIpSetInVdcGroup, NotNil)
+	openApiEndpoint = types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointFirewallGroups + createdIpSetInVdcGroup.NsxtFirewallGroup.ID
+	AddToCleanupListOpenApi(createdIpSet.NsxtFirewallGroup.Name, check.TestName(), openApiEndpoint)
+	vdcGroupIpSetByName, err := vdcGroup.GetNsxtFirewallGroupByName(createdIpSetInVdcGroup.NsxtFirewallGroup.Name, types.FirewallGroupTypeIpSet)
+	check.Assert(err, IsNil)
+	vdcGroupIpSetById, err := vdcGroup.GetNsxtFirewallGroupById(createdIpSetInVdcGroup.NsxtFirewallGroup.ID)
+	check.Assert(err, IsNil)
+	check.Assert(vdcGroupIpSetByName.NsxtFirewallGroup, DeepEquals, vdcGroupIpSetById.NsxtFirewallGroup)
+	check.Assert(vdcGroupIpSetById.NsxtFirewallGroup, DeepEquals, vdcGroupIpSetByName.NsxtFirewallGroup)
+
 	associatedVms, err := edgeIpSetByName.GetAssociatedVms()
 	// IP_SET type Firewall Groups do not have VM associations and throw an error on API call.
 	// The error is: only Security Groups have associated VMs. This Firewall Group has type 'IP_SET'
@@ -117,7 +173,7 @@ func (vcd *TestVCD) Test_NsxtIpSet(check *C) {
 	AddToCleanupListOpenApi(createdIpSet.NsxtFirewallGroup.Name, check.TestName(), openApiEndpoint)
 
 	check.Assert(edgeCreatedIpSet.NsxtFirewallGroup.ID, Not(Equals), "")
-	check.Assert(edgeCreatedIpSet.NsxtFirewallGroup.EdgeGatewayRef.Name, Equals, vcd.config.VCD.Nsxt.EdgeGateway)
+	check.Assert(edgeCreatedIpSet.NsxtFirewallGroup.OwnerRef.Name, Equals, vcd.config.VCD.Nsxt.EdgeGateway)
 
 	err = edgeCreatedIpSet.Delete()
 	check.Assert(err, IsNil)