Add cidr_list attribute to nsxt_policy_ip_block

ksamoray · ksamoray · commit 58784e2f1b06 · 2025-05-08T14:57:54.000+03:00
This attribute is added for NSX v9.1.0.

Signed-off-by: Kobi Samoray &lt;kobi.samoray@broadcom.com&gt;
diff --git a/docs/resources/policy_ip_block.md b/docs/resources/policy_ip_block.md
@@ -30,6 +30,26 @@ resource "nsxt_policy_ip_block" "block1" {
 }
 ```
 
+## Example Usage - CIDR List
+
+```hcl
+resource "nsxt_policy_ip_block" "block1" {
+  display_name = "ip-block1"
+  cidr_list    = ["192.168.1.0/24"]
+  visibility   = "PRIVATE"
+
+  tag {
+    scope = "color"
+    tag   = "blue"
+  }
+
+  tag {
+    scope = "env"
+    tag   = "test"
+  }
+}
+```
+
 ## Example Usage - Multi-Tenancy
 
 ```hcl
@@ -63,7 +83,14 @@ The following arguments are supported:
 
 * `display_name` - (Required) The display name for the IP Block.
 * `description` - (Optional) Description of the resource.
-* `cidr` - (Required) Network address and the prefix length which will be associated with a layer-2 broadcast domain.
+* `cidr` - (Optional) Network address and the prefix length which will be associated with a layer-2 broadcast domain. This attribute is deprecated for NSX 9.1.0 onwards.
+* `cidr_list` - (Optional) Array of contiguous IP address spaces represented by network address and prefix length. This attribute is supported with NSX 9.1.0 onwards.
+* `range_list` - (Optional) Represents list of IP address ranges in the form of start and end IPs. This attribute is supported with NSX 9.1.0 onwards.
+  * `start` - (Required) The start IP address for the allocation range.
+  * `end` - (Required) The end IP address for the allocation range.
+* `reserved_ips` - (Optional) Represents list of reserved IP address in the form of start and end IPs. This attribute is supported with NSX 9.1.0 onwards.
+  * `start` - (Required) The start IP address for the allocation range.
+  * `end` - (Required) The end IP address for the allocation range.
 * `visibility` - (Optional) Visibility of the IP Block. Valid options are `PRIVATE`, `EXTERNAL` or unset. Visibility cannot be changed once the block is associated with other resources.
 * `nsx_id` - (Optional) The NSX ID of this resource. If set, this ID will be used to create the resource.
 * `tag` - (Optional) A list of scope + tag pairs to associate with this IP Block.
diff --git a/nsxt/policy_common.go b/nsxt/policy_common.go
@@ -755,6 +755,33 @@ func getAllocationRangeListSchema(required bool, description string) *schema.Sch
 	}
 }
 
+func getAllocationRangeListFromSchema(allocRanges []interface{}) []model.IpPoolRange {
+	var poolRanges []model.IpPoolRange
+	for _, allocRange := range allocRanges {
+		allocMap := allocRange.(map[string]interface{})
+		start := allocMap["start"].(string)
+		end := allocMap["end"].(string)
+		ipRange := model.IpPoolRange{
+			Start: &start,
+			End:   &end,
+		}
+		poolRanges = append(poolRanges, ipRange)
+	}
+	return poolRanges
+}
+
+func setAllocationRangeListInSchema(allocRanges []model.IpPoolRange) []map[string]interface{} {
+	var allocations []map[string]interface{}
+	for _, allocRange := range allocRanges {
+		allocMap := make(map[string]interface{})
+		allocMap["start"] = allocRange.Start
+		allocMap["end"] = allocRange.End
+		allocations = append(allocations, allocMap)
+	}
+
+	return allocations
+}
+
 func localManagerOnlyError() error {
 	return fmt.Errorf("This configuration is not supported with NSX Global Manager")
 }
diff --git a/nsxt/resource_nsxt_policy_ip_block.go b/nsxt/resource_nsxt_policy_ip_block.go
@@ -46,15 +46,29 @@ func resourceNsxtPolicyIPBlock() *schema.Resource {
 			"cidr": {
 				Type:         schema.TypeString,
 				Description:  "Network address and the prefix length which will be associated with a layer-2 broadcast domain",
-				Required:     true,
+				Optional:     true,
 				ValidateFunc: validateCidr(),
+				Deprecated:   "Use cidr_list attribute instead, for v9.1 and above",
 			},
 			"visibility": {
 				Type:         schema.TypeString,
 				Description:  "Visibility of the Ip Block. Cannot be updated once associated with other resources.",
 				Optional:     true,
 				ValidateFunc: validation.StringInSlice(visibilityTypes, false),
 			},
+			"cidr_list": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				Computed:    true, // For v9.1.0 and above, when setting cidr attribute, it's being reflected here as well
+				Description: "Array of contiguous IP address spaces represented by network address and prefix length",
+				Elem: &schema.Schema{
+					Type:         schema.TypeString,
+					ValidateFunc: validateCidr(),
+				},
+				ConflictsWith: []string{"cidr"},
+			},
+			"range_list":   getAllocationRangeListSchema(false, "Represents list of IP address ranges in the form of start and end IPs"),
+			"reserved_ips": getAllocationRangeListSchema(false, "Represents list of reserved IP address in the form of start and end IPs"),
 		},
 	}
 }
@@ -100,10 +114,19 @@ func resourceNsxtPolicyIPBlockRead(d *schema.ResourceData, m interface{}) error
 	d.Set("nsx_id", block.Id)
 	d.Set("path", block.Path)
 	d.Set("revision", block.Revision)
-	d.Set("cidr", block.Cidr)
 	if util.NsxVersionHigherOrEqual("4.2.0") {
 		d.Set("visibility", block.Visibility)
 	}
+	if util.NsxVersionHigherOrEqual("9.1.0") {
+		d.Set("cidr_list", block.CidrList)
+		d.Set("range_list", setAllocationRangeListInSchema(block.RangeList))
+		d.Set("reserved_ips", setAllocationRangeListInSchema(block.ReservedIps))
+		if block.Cidr != nil {
+			d.Set("cidr", block.Cidr)
+		}
+	} else {
+		d.Set("cidr", block.Cidr)
+	}
 
 	return nil
 }
@@ -125,16 +148,26 @@ func resourceNsxtPolicyIPBlockCreate(d *schema.ResourceData, m interface{}) erro
 	cidr := d.Get("cidr").(string)
 	visibility := d.Get("visibility").(string)
 	tags := getPolicyTagsFromSchema(d)
+	cidrList := getStringListFromSchemaList(d, "cidr_list")
+	rangeList := getAllocationRangeListFromSchema(d.Get("range_list").([]interface{}))
+	reservedIPs := getAllocationRangeListFromSchema(d.Get("reserved_ips").([]interface{}))
 
 	obj := model.IpAddressBlock{
 		DisplayName: &displayName,
 		Description: &description,
-		Cidr:        &cidr,
 		Tags:        tags,
 	}
 	if util.NsxVersionHigherOrEqual("4.2.0") && len(visibility) > 0 {
 		obj.Visibility = &visibility
 	}
+	if util.NsxVersionHigherOrEqual("9.1.0") && len(cidrList) > 0 {
+		obj.CidrList = cidrList
+		obj.RangeList = rangeList
+		obj.ReservedIps = reservedIPs
+	} else {
+		obj.Cidr = &cidr
+	}
+
 	// Create the resource using PATCH
 	log.Printf("[INFO] Creating IP Block with ID %s", id)
 	err = client.Patch(id, obj)
@@ -166,18 +199,27 @@ func resourceNsxtPolicyIPBlockUpdate(d *schema.ResourceData, m interface{}) erro
 	visibility := d.Get("visibility").(string)
 	revision := int64(d.Get("revision").(int))
 	tags := getPolicyTagsFromSchema(d)
+	cidrList := getStringListFromSchemaList(d, "cidr_list")
+	rangeList := getAllocationRangeListFromSchema(d.Get("range_list").([]interface{}))
+	reservedIPs := getAllocationRangeListFromSchema(d.Get("reserved_ips").([]interface{}))
 
 	obj := model.IpAddressBlock{
 		Id:          &id,
 		DisplayName: &displayName,
 		Description: &description,
-		Cidr:        &cidr,
 		Tags:        tags,
 		Revision:    &revision,
 	}
 	if util.NsxVersionHigherOrEqual("4.2.0") && len(visibility) > 0 {
 		obj.Visibility = &visibility
 	}
+	if util.NsxVersionHigherOrEqual("9.1.0") && len(cidrList) > 0 {
+		obj.CidrList = cidrList
+		obj.RangeList = rangeList
+		obj.ReservedIps = reservedIPs
+	} else {
+		obj.Cidr = &cidr
+	}
 
 	_, err := client.Update(id, obj)
 	if err != nil {
diff --git a/nsxt/resource_nsxt_policy_ip_block_test.go b/nsxt/resource_nsxt_policy_ip_block_test.go
@@ -42,6 +42,86 @@ func TestAccResourceNsxtPolicyIPBlock_minimal(t *testing.T) {
 	})
 }
 
+func TestAccResourceNsxtPolicyIPBlock_v910(t *testing.T) {
+	name := getAccTestResourceName()
+	testResourceName := "nsxt_policy_ip_block.test"
+	cidr := "192.168.1.0/24"
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			testAccOnlyLocalManager(t)
+			testAccPreCheck(t)
+			testAccNSXVersion(t, "9.1.0")
+		},
+		Providers: testAccProviders,
+		CheckDestroy: func(state *terraform.State) error {
+			return testAccNSXPolicyIPBlockCheckDestroy(state)
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNSXPolicyIPBlockCreateV910Template(name, cidr, false, false),
+				Check: resource.ComposeTestCheckFunc(
+					testAccNSXPolicyIPBlockCheckExists(testResourceName),
+					resource.TestCheckResourceAttr(testResourceName, "display_name", name),
+					resource.TestCheckResourceAttr(testResourceName, "cidr_list.#", "1"),
+					resource.TestCheckResourceAttr(testResourceName, "cidr_list.0", cidr),
+					resource.TestCheckResourceAttr(testResourceName, "reserved_ips.#", "1"),
+					resource.TestCheckResourceAttr(testResourceName, "range_list.#", "1"),
+					resource.TestCheckResourceAttr(testResourceName, "tag.#", "0"),
+					resource.TestCheckResourceAttrSet(testResourceName, "revision"),
+					resource.TestCheckResourceAttrSet(testResourceName, "nsx_id"),
+					resource.TestCheckResourceAttrSet(testResourceName, "path"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccResourceNsxtPolicyIPBlock_v910_migrate(t *testing.T) {
+	name := getAccTestResourceName()
+	testResourceName := "nsxt_policy_ip_block.test"
+	cidr := "192.168.1.0/24"
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			testAccOnlyLocalManager(t)
+			testAccPreCheck(t)
+			testAccNSXVersion(t, "9.1.0")
+		},
+		Providers: testAccProviders,
+		CheckDestroy: func(state *terraform.State) error {
+			return testAccNSXPolicyIPBlockCheckDestroy(state)
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, cidr, false, false),
+				Check: resource.ComposeTestCheckFunc(
+					testAccNSXPolicyIPBlockCheckExists(testResourceName),
+					resource.TestCheckResourceAttr(testResourceName, "display_name", name),
+					resource.TestCheckResourceAttr(testResourceName, "cidr", cidr),
+					resource.TestCheckResourceAttr(testResourceName, "tag.#", "0"),
+					resource.TestCheckResourceAttrSet(testResourceName, "revision"),
+					resource.TestCheckResourceAttrSet(testResourceName, "nsx_id"),
+					resource.TestCheckResourceAttrSet(testResourceName, "path"),
+				),
+			},
+			{
+				Config: testAccNSXPolicyIPBlockCreateV910Template(name, cidr, false, false),
+				Check: resource.ComposeTestCheckFunc(
+					testAccNSXPolicyIPBlockCheckExists(testResourceName),
+					resource.TestCheckResourceAttr(testResourceName, "display_name", name),
+					resource.TestCheckResourceAttr(testResourceName, "cidr_list.#", "1"),
+					resource.TestCheckResourceAttr(testResourceName, "cidr_list.0", cidr),
+					resource.TestCheckResourceAttr(testResourceName, "reserved_ips.#", "1"),
+					resource.TestCheckResourceAttr(testResourceName, "range_list.#", "1"),
+					resource.TestCheckResourceAttr(testResourceName, "tag.#", "0"),
+					resource.TestCheckResourceAttrSet(testResourceName, "revision"),
+					resource.TestCheckResourceAttrSet(testResourceName, "nsx_id"),
+					resource.TestCheckResourceAttrSet(testResourceName, "path"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccResourceNsxtPolicyIPBlock_basic(t *testing.T) {
 	testAccResourceNsxtPolicyIPBlockBasic(t, false, false, func() {
 		testAccPreCheck(t)
@@ -254,6 +334,36 @@ resource "nsxt_policy_ip_block" "test" {
 }`, context, displayName, cidr, visibility)
 }
 
+func testAccNSXPolicyIPBlockCreateV910Template(displayName string, cidr string, withContext, withVisibility bool) string {
+	context := ""
+	if withContext {
+		context = testAccNsxtPolicyMultitenancyContext()
+	}
+
+	visibility := ""
+	if withVisibility {
+		visibility = "  visibility   = \"EXTERNAL\""
+	}
+
+	return fmt.Sprintf(`
+resource "nsxt_policy_ip_block" "test" {
+%s
+  display_name = "%s"
+  cidr_list    = ["%s"]
+  reserved_ips {
+    start = "192.168.1.10"
+    end   = "192.168.1.11"
+  }
+
+  range_list {
+    start = "192.168.2.20"
+    end   = "192.168.2.39"
+  }
+
+%s
+}`, context, displayName, cidr, visibility)
+}
+
 func testAccNSXPolicyIPBlockUpdateTemplate(displayName string, cidr string, withContext, withVisibility bool) string {
 	context := ""
 	if withContext {
