vmware
diff --git a/‎nsxt/gateway_common.go
Lines changed: 5 additions & 0 deletions b/‎nsxt/gateway_common.go
Lines changed: 5 additions & 0 deletions
diff --git a/‎nsxt/policy_common.go
Lines changed: 6 additions & 3 deletions b/‎nsxt/policy_common.go
Lines changed: 6 additions & 3 deletions
diff --git a/‎nsxt/provider.go
Lines changed: 1 addition & 0 deletions b/‎nsxt/provider.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎nsxt/resource_nsxt_policy_intrusion_service_policy.go
Lines changed: 1 addition & 1 deletion b/‎nsxt/resource_nsxt_policy_intrusion_service_policy.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎nsxt/resource_nsxt_policy_parent_security_policy.go
Lines changed: 12 additions & 7 deletions b/‎nsxt/resource_nsxt_policy_parent_security_policy.go
Lines changed: 12 additions & 7 deletions
diff --git a/‎nsxt/resource_nsxt_policy_predefined_security_policy.go
Lines changed: 73 additions & 9 deletions b/‎nsxt/resource_nsxt_policy_predefined_security_policy.go
Lines changed: 73 additions & 9 deletions
diff --git a/‎nsxt/resource_nsxt_policy_security_policy.go
Lines changed: 22 additions & 15 deletions b/‎nsxt/resource_nsxt_policy_security_policy.go
Lines changed: 22 additions & 15 deletions
@@ -436,6 +436,11 @@ func policyInfraPatch(context utl.SessionContext, obj model.Infra, connector cli
 		}
 
 		return infraClient.Patch(gmObj.(gm_model.Infra), &enforceRevision)
+	} else if context.ClientType == utl.VPC {
+		context = utl.SessionContext{
+			ClientType: utl.Multitenancy,
+			ProjectID:  context.ProjectID,
+		}
 	}
 
 	infraClient := nsx_policy.NewInfraClient(context, connector)
 
@@ -311,7 +311,7 @@ func getSecurityPolicyAndGatewayRuleSchema(scopeRequired bool, isIds bool, nsxID
 }
 
 func getPolicyGatewayPolicySchema() map[string]*schema.Schema {
-	secPolicy := getPolicySecurityPolicySchema(false, true, true)
+	secPolicy := getPolicySecurityPolicySchema(false, true, true, true)
 	// GW Policies don't support scope
 	delete(secPolicy, "scope")
 	secPolicy["category"].ValidateFunc = validation.StringInSlice(gatewayPolicyCategoryWritableValues, false)
@@ -320,15 +320,15 @@ func getPolicyGatewayPolicySchema() map[string]*schema.Schema {
 	return secPolicy
 }
 
-func getPolicySecurityPolicySchema(isIds, withContext, withRule bool) map[string]*schema.Schema {
+func getPolicySecurityPolicySchema(isIds, withContext, withRule, withDomain bool) map[string]*schema.Schema {
 	result := map[string]*schema.Schema{
 		"nsx_id":       getNsxIDSchema(),
 		"path":         getPathSchema(),
 		"display_name": getDisplayNameSchema(),
 		"description":  getDescriptionSchema(),
 		"revision":     getRevisionSchema(),
 		"tag":          getTagsSchema(),
-		"context":      getContextSchema(false, false, false),
+		"context":      getContextSchema(!withDomain, false, !withDomain),
 		"domain":       getDomainNameSchema(),
 		"category": {
 			Type:         schema.TypeString,
@@ -392,6 +392,9 @@ func getPolicySecurityPolicySchema(isIds, withContext, withRule bool) map[string
 	if !withRule {
 		delete(result, "rule")
 	}
+	if !withDomain {
+		delete(result, "domain")
+	}
 	return result
 }
 
 
@@ -496,6 +496,7 @@ func Provider() *schema.Provider {
 			"nsxt_policy_gateway_flood_protection_profile_binding":     resourceNsxtPolicyGatewayFloodProtectionProfileBinding(),
 			"nsxt_policy_compute_sub_cluster":                          resourceNsxtPolicyComputeSubCluster(),
 			"nsxt_policy_tier0_inter_vrf_routing":                      resourceNsxtPolicyTier0InterVRFRouting(),
+			"nsxt_vpc_security_policy":                                 resourceNsxtVPCSecurityPolicy(),
 		},
 
 		ConfigureFunc: providerConfigure,
 
@@ -29,7 +29,7 @@ func resourceNsxtPolicyIntrusionServicePolicy() *schema.Resource {
 		Importer: &schema.ResourceImporter{
 			State: nsxtDomainResourceImporter,
 		},
-		Schema: getPolicySecurityPolicySchema(true, true, true),
+		Schema: getPolicySecurityPolicySchema(true, true, true, true),
 	}
 }
 
 
@@ -21,7 +21,7 @@ func resourceNsxtPolicyParentSecurityPolicy() *schema.Resource {
 		Importer: &schema.ResourceImporter{
 			State: nsxtDomainResourceImporter,
 		},
-		Schema: getPolicySecurityPolicySchema(false, true, false),
+		Schema: getPolicySecurityPolicySchema(false, true, false, true),
 	}
 }
 
@@ -55,10 +55,13 @@ func parentSecurityPolicySchemaToModel(d *schema.ResourceData, id string) model.
 	}
 }
 
-func parentSecurityPolicyModelToSchema(d *schema.ResourceData, m interface{}) (*model.SecurityPolicy, error) {
+func parentSecurityPolicyModelToSchema(d *schema.ResourceData, m interface{}, withDomain bool) (*model.SecurityPolicy, error) {
 	connector := getPolicyConnector(m)
 	id := d.Id()
-	domainName := d.Get("domain").(string)
+	domainName := ""
+	if withDomain {
+		domainName = d.Get("domain").(string)
+	}
 	if id == "" {
 		return nil, fmt.Errorf("Error obtaining Security Policy id")
 	}
@@ -75,7 +78,9 @@ func parentSecurityPolicyModelToSchema(d *schema.ResourceData, m interface{}) (*
 	setPolicyTagsInSchema(d, obj.Tags)
 	d.Set("nsx_id", id)
 	d.Set("path", obj.Path)
-	d.Set("domain", getDomainFromResourcePath(*obj.Path))
+	if withDomain {
+		d.Set("domain", getDomainFromResourcePath(*obj.Path))
+	}
 	d.Set("category", obj.Category)
 	d.Set("comments", obj.Comments)
 	d.Set("locked", obj.Locked)
@@ -92,15 +97,15 @@ func parentSecurityPolicyModelToSchema(d *schema.ResourceData, m interface{}) (*
 }
 
 func resourceNsxtPolicyParentSecurityPolicyCreate(d *schema.ResourceData, m interface{}) error {
-	return resourceNsxtPolicySecurityPolicyGeneralCreate(d, m, false)
+	return resourceNsxtPolicySecurityPolicyGeneralCreate(d, m, false, true)
 }
 
 func resourceNsxtPolicyParentSecurityPolicyRead(d *schema.ResourceData, m interface{}) error {
-	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, false)
+	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, false, true)
 }
 
 func resourceNsxtPolicyParentSecurityPolicyUpdate(d *schema.ResourceData, m interface{}) error {
-	return resourceNsxtPolicySecurityPolicyGeneralUpdate(d, m, false)
+	return resourceNsxtPolicySecurityPolicyGeneralUpdate(d, m, false, true)
 }
 
 func resourceNsxtPolicyParentSecurityPolicyDelete(d *schema.ResourceData, m interface{}) error {
 
@@ -12,6 +12,7 @@ import (
 
 	"github.com/vmware/vsphere-automation-sdk-go/runtime/bindings"
 	"github.com/vmware/vsphere-automation-sdk-go/runtime/data"
+	nsxt "github.com/vmware/vsphere-automation-sdk-go/services/nsxt"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model"
 
 	"github.com/vmware/terraform-provider-nsxt/api/infra/domains"
@@ -178,6 +179,60 @@ func revertSecurityPolicyDefaultRule(rule model.Rule) model.Rule {
 	return rule
 }
 
+func strPtr(s string) *string {
+	v := s
+	return &v
+}
+
+func createChildVPCWithSecurityPolicy(context utl.SessionContext, policyID string, policy model.SecurityPolicy) (*data.StructValue, error) {
+	converter := bindings.NewTypeConverter()
+
+	childPolicy := model.ChildSecurityPolicy{
+		ResourceType:   "ChildSecurityPolicy",
+		SecurityPolicy: &policy,
+	}
+
+	dataValue, errors := converter.ConvertToVapi(childPolicy, model.ChildSecurityPolicyBindingType())
+	if len(errors) > 0 {
+		return nil, errors[0]
+	}
+
+	childVPC := model.ChildResourceReference{
+		Id:           &context.VPCID,
+		ResourceType: "ChildResourceReference",
+		TargetType:   strPtr("Vpc"),
+		Children:     []*data.StructValue{dataValue.(*data.StructValue)},
+	}
+
+	dataValue, errors = converter.ConvertToVapi(childVPC, model.ChildResourceReferenceBindingType())
+	if len(errors) > 0 {
+		return nil, errors[0]
+	}
+	childProject := model.ChildResourceReference{
+		Id:           &context.ProjectID,
+		ResourceType: "ChildResourceReference",
+		TargetType:   strPtr("Project"),
+		Children:     []*data.StructValue{dataValue.(*data.StructValue)},
+	}
+	dataValue, errors = converter.ConvertToVapi(childProject, model.ChildResourceReferenceBindingType())
+	if len(errors) > 0 {
+		return nil, errors[0]
+	}
+
+	childOrg := model.ChildResourceReference{
+		Id:           strPtr(defaultOrgID),
+		ResourceType: "ChildResourceReference",
+		TargetType:   strPtr("Org"),
+		Children:     []*data.StructValue{dataValue.(*data.StructValue)},
+	}
+	dataValue, errors = converter.ConvertToVapi(childOrg, model.ChildResourceReferenceBindingType())
+	if len(errors) > 0 {
+		return nil, errors[0]
+	}
+
+	return dataValue.(*data.StructValue), nil
+}
+
 func createChildDomainWithSecurityPolicy(domain string, policyID string, policy model.SecurityPolicy) (*data.StructValue, error) {
 	converter := bindings.NewTypeConverter()
 
@@ -409,20 +464,29 @@ func resourceNsxtPolicyPredefinedSecurityPolicyDelete(d *schema.ResourceData, m
 }
 
 func securityPolicyInfraPatch(context utl.SessionContext, policy model.SecurityPolicy, domain string, m interface{}) error {
+	connector := getPolicyConnector(m)
+	if context.ClientType == utl.VPC {
+		childVPC, err := createChildVPCWithSecurityPolicy(context, *policy.Id, policy)
+		if err != nil {
+			return fmt.Errorf("Failed to create H-API for VPC Security Policy: %s", err)
+		}
+		orgRoot := model.OrgRoot{
+			ResourceType: strPtr("OrgRoot"),
+			Children:     []*data.StructValue{childVPC},
+		}
+
+		client := nsxt.NewOrgRootClient(connector)
+		return client.Patch(orgRoot, nil)
+	}
+
 	childDomain, err := createChildDomainWithSecurityPolicy(domain, *policy.Id, policy)
 	if err != nil {
 		return fmt.Errorf("Failed to create H-API for Predefined Security Policy: %s", err)
 	}
-
-	var infraChildren []*data.StructValue
-	infraChildren = append(infraChildren, childDomain)
-
-	infraType := "Infra"
 	infraObj := model.Infra{
-		Children:     infraChildren,
-		ResourceType: &infraType,
+		Children:     []*data.StructValue{childDomain},
+		ResourceType: strPtr("Infra"),
 	}
 
-	return policyInfraPatch(context, infraObj, getPolicyConnector(m), false)
-
+	return policyInfraPatch(context, infraObj, connector, false)
 }
@@ -24,7 +24,7 @@ func resourceNsxtPolicySecurityPolicy() *schema.Resource {
 		Importer: &schema.ResourceImporter{
 			State: nsxtDomainResourceImporter,
 		},
-		Schema: getPolicySecurityPolicySchema(false, true, true),
+		Schema: getPolicySecurityPolicySchema(false, true, true, true),
 	}
 }
 
@@ -61,9 +61,12 @@ func resourceNsxtPolicySecurityPolicyExistsPartial(domainName string) func(sessi
 	}
 }
 
-func policySecurityPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, id string, createFlow, withRule bool) error {
+func policySecurityPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, id string, createFlow, withRule, withDomain bool) error {
 	obj := parentSecurityPolicySchemaToModel(d, id)
-	domain := d.Get("domain").(string)
+	domain := ""
+	if withDomain {
+		domain = d.Get("domain").(string)
+	}
 	revision := int64(d.Get("revision").(int))
 	log.Printf("[INFO] Creating Security Policy with ID %s", id)
 
@@ -92,15 +95,15 @@ func policySecurityPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, id
 }
 
 func resourceNsxtPolicySecurityPolicyCreate(d *schema.ResourceData, m interface{}) error {
-	return resourceNsxtPolicySecurityPolicyGeneralCreate(d, m, true)
+	return resourceNsxtPolicySecurityPolicyGeneralCreate(d, m, true, true)
 }
 
 func resourceNsxtPolicySecurityPolicyRead(d *schema.ResourceData, m interface{}) error {
-	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, true)
+	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, true, true)
 }
 
 func resourceNsxtPolicySecurityPolicyUpdate(d *schema.ResourceData, m interface{}) error {
-	return resourceNsxtPolicySecurityPolicyGeneralUpdate(d, m, true)
+	return resourceNsxtPolicySecurityPolicyGeneralUpdate(d, m, true, true)
 }
 
 func resourceNsxtPolicySecurityPolicyDelete(d *schema.ResourceData, m interface{}) error {
@@ -124,14 +127,18 @@ func resourceNsxtPolicySecurityPolicyDelete(d *schema.ResourceData, m interface{
 	return nil
 }
 
-func resourceNsxtPolicySecurityPolicyGeneralCreate(d *schema.ResourceData, m interface{}, withRule bool) error {
+func resourceNsxtPolicySecurityPolicyGeneralCreate(d *schema.ResourceData, m interface{}, withRule, withDomain bool) error {
 	// Initialize resource Id and verify this ID is not yet used
-	id, err := getOrGenerateID2(d, m, resourceNsxtPolicySecurityPolicyExistsPartial(d.Get("domain").(string)))
+	domain := ""
+	if withDomain {
+		domain = d.Get("domain").(string)
+	}
+	id, err := getOrGenerateID2(d, m, resourceNsxtPolicySecurityPolicyExistsPartial(domain))
 	if err != nil {
 		return err
 	}
 
-	err = policySecurityPolicyBuildAndPatch(d, m, id, true, withRule)
+	err = policySecurityPolicyBuildAndPatch(d, m, id, true, withRule, withDomain)
 
 	if err != nil {
 		return handleCreateError("Security Policy", id, err)
@@ -140,11 +147,11 @@ func resourceNsxtPolicySecurityPolicyGeneralCreate(d *schema.ResourceData, m int
 	d.SetId(id)
 	d.Set("nsx_id", id)
 
-	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, withRule)
+	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, withRule, withDomain)
 }
 
-func resourceNsxtPolicySecurityPolicyGeneralRead(d *schema.ResourceData, m interface{}, withRule bool) error {
-	obj, err := parentSecurityPolicyModelToSchema(d, m)
+func resourceNsxtPolicySecurityPolicyGeneralRead(d *schema.ResourceData, m interface{}, withRule, withDomain bool) error {
+	obj, err := parentSecurityPolicyModelToSchema(d, m, withDomain)
 	if err != nil {
 		return handleReadError(d, "SecurityPolicy", d.Id(), err)
 	}
@@ -154,15 +161,15 @@ func resourceNsxtPolicySecurityPolicyGeneralRead(d *schema.ResourceData, m inter
 	return nil
 }
 
-func resourceNsxtPolicySecurityPolicyGeneralUpdate(d *schema.ResourceData, m interface{}, withRule bool) error {
+func resourceNsxtPolicySecurityPolicyGeneralUpdate(d *schema.ResourceData, m interface{}, withRule, withDomain bool) error {
 	id := d.Id()
 	if id == "" {
 		return fmt.Errorf("Error obtaining Security Policy id")
 	}
-	err := policySecurityPolicyBuildAndPatch(d, m, id, false, withRule)
+	err := policySecurityPolicyBuildAndPatch(d, m, id, false, withRule, withDomain)
 	if err != nil {
 		return handleUpdateError("Security Policy", id, err)
 	}
 
-	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, withRule)
+	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, withRule, withDomain)
 }
Original file line number	Diff line number	Diff line change
`@@ -436,6 +436,11 @@ func policyInfraPatch(context utl.SessionContext, obj model.Infra, connector cli`
`436`	`436`	`}`
`437`	`437`
`438`	`438`	`return infraClient.Patch(gmObj.(gm_model.Infra), &enforceRevision)`
	`439`	`+ } else if context.ClientType == utl.VPC {`
	`440`	`+ context = utl.SessionContext{`
	`441`	`+ ClientType: utl.Multitenancy,`
	`442`	`+ ProjectID: context.ProjectID,`
	`443`	`+ }`
`439`	`444`	`}`
`440`	`445`
`441`	`446`	`infraClient := nsx_policy.NewInfraClient(context, connector)`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ func resourceNsxtPolicyIntrusionServicePolicy() *schema.Resource {`
`29`	`29`	`Importer: &schema.ResourceImporter{`
`30`	`30`	`State: nsxtDomainResourceImporter,`
`31`	`31`	`},`
`32`		`- Schema: getPolicySecurityPolicySchema(true, true, true),`
	`32`	`+ Schema: getPolicySecurityPolicySchema(true, true, true, true),`
`33`	`33`	`}`
`34`	`34`	`}`
`35`	`35`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ func resourceNsxtPolicyParentSecurityPolicy() *schema.Resource {`
`21`	`21`	`Importer: &schema.ResourceImporter{`
`22`	`22`	`State: nsxtDomainResourceImporter,`
`23`	`23`	`},`
`24`		`- Schema: getPolicySecurityPolicySchema(false, true, false),`
	`24`	`+ Schema: getPolicySecurityPolicySchema(false, true, false, true),`
`25`	`25`	`}`
`26`	`26`	`}`
`27`	`27`
`@@ -55,10 +55,13 @@ func parentSecurityPolicySchemaToModel(d *schema.ResourceData, id string) model.`
`55`	`55`	`}`
`56`	`56`	`}`
`57`	`57`
`58`		`-func parentSecurityPolicyModelToSchema(d schema.ResourceData, m interface{}) (model.SecurityPolicy, error) {`
	`58`	`+func parentSecurityPolicyModelToSchema(d schema.ResourceData, m interface{}, withDomain bool) (model.SecurityPolicy, error) {`
`59`	`59`	`connector := getPolicyConnector(m)`
`60`	`60`	`id := d.Id()`
`61`		`- domainName := d.Get("domain").(string)`
	`61`	`+ domainName := ""`
	`62`	`+ if withDomain {`
	`63`	`+ domainName = d.Get("domain").(string)`
	`64`	`+ }`
`62`	`65`	`if id == "" {`
`63`	`66`	`return nil, fmt.Errorf("Error obtaining Security Policy id")`
`64`	`67`	`}`
`@@ -75,7 +78,9 @@ func parentSecurityPolicyModelToSchema(d schema.ResourceData, m interface{}) (`
`75`	`78`	`setPolicyTagsInSchema(d, obj.Tags)`
`76`	`79`	`d.Set("nsx_id", id)`
`77`	`80`	`d.Set("path", obj.Path)`
`78`		`- d.Set("domain", getDomainFromResourcePath(*obj.Path))`
	`81`	`+ if withDomain {`
	`82`	`+ d.Set("domain", getDomainFromResourcePath(*obj.Path))`
	`83`	`+ }`
`79`	`84`	`d.Set("category", obj.Category)`
`80`	`85`	`d.Set("comments", obj.Comments)`
`81`	`86`	`d.Set("locked", obj.Locked)`
`@@ -92,15 +97,15 @@ func parentSecurityPolicyModelToSchema(d schema.ResourceData, m interface{}) (`
`92`	`97`	`}`
`93`	`98`
`94`	`99`	`func resourceNsxtPolicyParentSecurityPolicyCreate(d *schema.ResourceData, m interface{}) error {`
`95`		`- return resourceNsxtPolicySecurityPolicyGeneralCreate(d, m, false)`
	`100`	`+ return resourceNsxtPolicySecurityPolicyGeneralCreate(d, m, false, true)`
`96`	`101`	`}`
`97`	`102`
`98`	`103`	`func resourceNsxtPolicyParentSecurityPolicyRead(d *schema.ResourceData, m interface{}) error {`
`99`		`- return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, false)`
	`104`	`+ return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, false, true)`
`100`	`105`	`}`
`101`	`106`
`102`	`107`	`func resourceNsxtPolicyParentSecurityPolicyUpdate(d *schema.ResourceData, m interface{}) error {`
`103`		`- return resourceNsxtPolicySecurityPolicyGeneralUpdate(d, m, false)`
	`108`	`+ return resourceNsxtPolicySecurityPolicyGeneralUpdate(d, m, false, true)`
`104`	`109`	`}`
`105`	`110`
`106`	`111`	`func resourceNsxtPolicyParentSecurityPolicyDelete(d *schema.ResourceData, m interface{}) error {`
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ func resourceNsxtPolicySecurityPolicy() *schema.Resource {`
`24`	`24`	`Importer: &schema.ResourceImporter{`
`25`	`25`	`State: nsxtDomainResourceImporter,`
`26`	`26`	`},`
`27`		`- Schema: getPolicySecurityPolicySchema(false, true, true),`
	`27`	`+ Schema: getPolicySecurityPolicySchema(false, true, true, true),`
`28`	`28`	`}`
`29`	`29`	`}`
`30`	`30`
`@@ -61,9 +61,12 @@ func resourceNsxtPolicySecurityPolicyExistsPartial(domainName string) func(sessi`
`61`	`61`	`}`
`62`	`62`	`}`
`63`	`63`
`64`		`-func policySecurityPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, id string, createFlow, withRule bool) error {`
	`64`	`+func policySecurityPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, id string, createFlow, withRule, withDomain bool) error {`
`65`	`65`	`obj := parentSecurityPolicySchemaToModel(d, id)`
`66`		`- domain := d.Get("domain").(string)`
	`66`	`+ domain := ""`
	`67`	`+ if withDomain {`
	`68`	`+ domain = d.Get("domain").(string)`
	`69`	`+ }`
`67`	`70`	`revision := int64(d.Get("revision").(int))`
`68`	`71`	`log.Printf("[INFO] Creating Security Policy with ID %s", id)`
`69`	`72`
`@@ -92,15 +95,15 @@ func policySecurityPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, id`
`92`	`95`	`}`
`93`	`96`
`94`	`97`	`func resourceNsxtPolicySecurityPolicyCreate(d *schema.ResourceData, m interface{}) error {`
`95`		`- return resourceNsxtPolicySecurityPolicyGeneralCreate(d, m, true)`
	`98`	`+ return resourceNsxtPolicySecurityPolicyGeneralCreate(d, m, true, true)`
`96`	`99`	`}`
`97`	`100`
`98`	`101`	`func resourceNsxtPolicySecurityPolicyRead(d *schema.ResourceData, m interface{}) error {`
`99`		`- return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, true)`
	`102`	`+ return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, true, true)`
`100`	`103`	`}`
`101`	`104`
`102`	`105`	`func resourceNsxtPolicySecurityPolicyUpdate(d *schema.ResourceData, m interface{}) error {`
`103`		`- return resourceNsxtPolicySecurityPolicyGeneralUpdate(d, m, true)`
	`106`	`+ return resourceNsxtPolicySecurityPolicyGeneralUpdate(d, m, true, true)`
`104`	`107`	`}`
`105`	`108`
`106`	`109`	`func resourceNsxtPolicySecurityPolicyDelete(d *schema.ResourceData, m interface{}) error {`
`@@ -124,14 +127,18 @@ func resourceNsxtPolicySecurityPolicyDelete(d *schema.ResourceData, m interface{`
`124`	`127`	`return nil`
`125`	`128`	`}`
`126`	`129`
`127`		`-func resourceNsxtPolicySecurityPolicyGeneralCreate(d *schema.ResourceData, m interface{}, withRule bool) error {`
	`130`	`+func resourceNsxtPolicySecurityPolicyGeneralCreate(d *schema.ResourceData, m interface{}, withRule, withDomain bool) error {`
`128`	`131`	`// Initialize resource Id and verify this ID is not yet used`
`129`		`- id, err := getOrGenerateID2(d, m, resourceNsxtPolicySecurityPolicyExistsPartial(d.Get("domain").(string)))`
	`132`	`+ domain := ""`
	`133`	`+ if withDomain {`
	`134`	`+ domain = d.Get("domain").(string)`
	`135`	`+ }`
	`136`	`+ id, err := getOrGenerateID2(d, m, resourceNsxtPolicySecurityPolicyExistsPartial(domain))`
`130`	`137`	`if err != nil {`
`131`	`138`	`return err`
`132`	`139`	`}`
`133`	`140`
`134`		`- err = policySecurityPolicyBuildAndPatch(d, m, id, true, withRule)`
	`141`	`+ err = policySecurityPolicyBuildAndPatch(d, m, id, true, withRule, withDomain)`
`135`	`142`
`136`	`143`	`if err != nil {`
`137`	`144`	`return handleCreateError("Security Policy", id, err)`
`@@ -140,11 +147,11 @@ func resourceNsxtPolicySecurityPolicyGeneralCreate(d *schema.ResourceData, m int`
`140`	`147`	`d.SetId(id)`
`141`	`148`	`d.Set("nsx_id", id)`
`142`	`149`
`143`		`- return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, withRule)`
	`150`	`+ return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, withRule, withDomain)`
`144`	`151`	`}`
`145`	`152`
`146`		`-func resourceNsxtPolicySecurityPolicyGeneralRead(d *schema.ResourceData, m interface{}, withRule bool) error {`
`147`		`- obj, err := parentSecurityPolicyModelToSchema(d, m)`
	`153`	`+func resourceNsxtPolicySecurityPolicyGeneralRead(d *schema.ResourceData, m interface{}, withRule, withDomain bool) error {`
	`154`	`+ obj, err := parentSecurityPolicyModelToSchema(d, m, withDomain)`
`148`	`155`	`if err != nil {`
`149`	`156`	`return handleReadError(d, "SecurityPolicy", d.Id(), err)`
`150`	`157`	`}`
`@@ -154,15 +161,15 @@ func resourceNsxtPolicySecurityPolicyGeneralRead(d *schema.ResourceData, m inter`
`154`	`161`	`return nil`
`155`	`162`	`}`
`156`	`163`
`157`		`-func resourceNsxtPolicySecurityPolicyGeneralUpdate(d *schema.ResourceData, m interface{}, withRule bool) error {`
	`164`	`+func resourceNsxtPolicySecurityPolicyGeneralUpdate(d *schema.ResourceData, m interface{}, withRule, withDomain bool) error {`
`158`	`165`	`id := d.Id()`
`159`	`166`	`if id == "" {`
`160`	`167`	`return fmt.Errorf("Error obtaining Security Policy id")`
`161`	`168`	`}`
`162`		`- err := policySecurityPolicyBuildAndPatch(d, m, id, false, withRule)`
	`169`	`+ err := policySecurityPolicyBuildAndPatch(d, m, id, false, withRule, withDomain)`
`163`	`170`	`if err != nil {`
`164`	`171`	`return handleUpdateError("Security Policy", id, err)`
`165`	`172`	`}`
`166`	`173`
`167`		`- return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, withRule)`
	`174`	`+ return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, withRule, withDomain)`
`168`	`175`	`}`