Support constraint resource #1583
Conversation
annakhm
force-pushed
the
constraint-resource
branch
2 times, most recently
from
9c66200 to
08c6e8a
Compare
|
/test-all |
annakhm
force-pushed
the
constraint-resource
branch
2 times, most recently
from
55d0970 to
a95e930
Compare
|
/test-all |
annakhm
force-pushed
the
constraint-resource
branch
from
a95e930 to
8335adf
Compare
|
/test-all |
annakhm
force-pushed
the
constraint-resource
branch
3 times, most recently
from
ee8bfdd to
3491de5
Compare
|
/test-all |
annakhm
force-pushed
the
constraint-resource
branch
from
3491de5 to
13c8872
Compare
|
/test-all |
| @@ -178,7 +178,7 @@ func testAccNsxtVpcExists(displayName string, resourceName string) resource.Test | |||
| return fmt.Errorf("Policy Vpc resource ID not set in resources") | |||
| } | |||
|
|
|||
| exists, err := resourceNsxtVpcExists(testAccGetProjectContext(), resourceID, connector) | |||
| exists, err := resourceNsxtVpcExists(testAccGetMultitenancyContext(), resourceID, connector) | |||
There was a problem hiding this comment.
Is this change (and the other similar ones) unrelated to this commit?
There was a problem hiding this comment.
I've renamed this helper as part of PR, for improved code readability.
annakhm
force-pushed
the
constraint-resource
branch
from
13c8872 to
8ae9025
Compare
| @@ -0,0 +1,137 @@ | |||
| //nolint:revive | |||
There was a problem hiding this comment.
Do we store the updated api_list.yaml anywhere?
There was a problem hiding this comment.
In the generator repository
There was a problem hiding this comment.
OK, I guess that the correct thing would be merging the one in the provider repo with the one in the generator repo (they are different), and delete the one in the provider repo. Makes sense?
docs/resources/policy_constraint.md
Outdated
| * `description` - (Optional) Description of the resource. | ||
| * `message` - (Optional) User friendly message to be shown to users upon violation. | ||
| * `target` - (Optional) Targets for the constraints to be enforced | ||
| * `path_prefix` - (Optional) Prefix match to the path, needs to end with `\` |
There was a problem hiding this comment.
Examples above start with /. So I'm guessing that one of these is wrong.
| Type: schema.TypeList, | ||
| Elem: &metadata.ExtendedResource{ | ||
| Schema: map[string]*metadata.ExtendedSchema{ | ||
| "path_prefix": { |
There was a problem hiding this comment.
Can we validate that / or \ suffix?
There was a problem hiding this comment.
No need to add the slash anymore, as per your suggestion below
There was a problem hiding this comment.
So now we can validatePolicyPath here, I think.
There was a problem hiding this comment.
I'd rather give the user an option to configure with trailing slash, in case they would want to follow the API exactly. Unless we want to deviate from the API and also rename this attribute to vpc_path, assuming that NSX will not extend functionality to support other types of path prefixes
There was a problem hiding this comment.
To follow the API, they have to look into the API spec, I doubt that anyone will bother. But yeah it's not important.
There was a problem hiding this comment.
Users sometimes probe the API and copy values from response
|
|
||
| ## Target resource types | ||
|
|
||
| |Object|project + VPC|project only|VPC only| |
There was a problem hiding this comment.
How do we maintain this list? Do we gather this from some doc?
There was a problem hiding this comment.
This is not documented anywhere as far as I know. I followed the UI to build the table
| message = "%s" | ||
|
|
||
| target { | ||
| path_prefix = "${data.nsxt_vpc.test.path}/" |
There was a problem hiding this comment.
This is a bit ugly - if users will have to manipulate paths in that manner. Can we do that automatically if not suffixed by /?
annakhm
force-pushed
the
constraint-resource
branch
2 times, most recently
from
2f2b05e to
7d957c1
Compare
|
/test-all |
annakhm
force-pushed
the
constraint-resource
branch
from
7d957c1 to
a6ff05a
Compare
|
/test-all |
docs/resources/policy_constraint.md
Outdated
| message = "too many objects mate" | ||
|
|
||
| target { | ||
| path_prefix = "/orgs/default/projects/demo/" |
There was a problem hiding this comment.
So now we don't need the trailing slash in the example, right?
docs/resources/policy_constraint.md
Outdated
| display_name = "demo1-quota" | ||
|
|
||
| target { | ||
| path_prefix = "/orgs/default/projects/demo/vpcs/demo1/" |
| Type: schema.TypeList, | ||
| Elem: &metadata.ExtendedResource{ | ||
| Schema: map[string]*metadata.ExtendedSchema{ | ||
| "path_prefix": { |
There was a problem hiding this comment.
So now we can validatePolicyPath here, I think.
annakhm
force-pushed
the
constraint-resource
branch
from
a6ff05a to
7d68b46
Compare
Signed-off-by: Anna Khmelnitsky <[email protected]>
annakhm
force-pushed
the
constraint-resource
branch
from
7d68b46 to
3be751f
Compare
No description provided.