Policy group support in policy resource

Author: mdmohan

docs/resources/policy.md

@@ -14,15 +14,15 @@ Resource to configure policies on a switch
 
 ```terraform
 resource "ndfc_policy" "test_resource_policy_1" {
-  is_policy_group      = false
-  deploy               = true
-  entity_name          = "Switch"
-  entity_type          = "SWITCH"
-  description          = "Policy for switch"
-  template_name        = "TelemetryDst_EF"
-  source               = "CLI"
-  priority             = 500
-  device_serial_number = "FDO245206N5"
+  is_policy_group = false
+  deploy          = true
+  entity_name     = "Switch"
+  entity_type     = "SWITCH"
+  description     = "Policy for switch"
+  template_name   = "TelemetryDst_EF"
+  source          = "CLI"
+  priority        = 500
+  serial_numbers  = ["FDO245206N5", "FDO245206N6"]
   policy_parameters = {
     DSTGRP = "501"
     IPADDR = "5.5.5.6"
@@ -37,9 +37,9 @@ resource "ndfc_policy" "test_resource_policy_1" {
 
 ### Required
 
-- `device_serial_number` (String) Serial number of the device
 - `entity_name` (String) Policy Name
 - `entity_type` (String) Type of the entity
+- `serial_numbers` (Set of String) Serial numbers of the device. Use only one device for policy. Multiple devices can be in the list if this is a  policygroup
 - `template_name` (String) Name of the template
 
 ### Optional
@@ -54,6 +54,8 @@ resource "ndfc_policy" "test_resource_policy_1" {
 ### Read-Only
 
 - `auto_generated` (Boolean) Auto generated policy
+- `computed_parameters` (Map of String) List of name value pairs not set in config, but returned by NDFC
+- `generated_config` (String) Generated configuration
 - `id` (Number) ID of the policy
 - `policy_id` (String) Policy ID
 

examples/resources/ndfc_policy/resource.tf

@@ -1,14 +1,14 @@
 
 resource "ndfc_policy" "test_resource_policy_1" {
-  is_policy_group      = false
-  deploy               = true
-  entity_name          = "Switch"
-  entity_type          = "SWITCH"
-  description          = "Policy for switch"
-  template_name        = "TelemetryDst_EF"
-  source               = "CLI"
-  priority             = 500
-  device_serial_number = "FDO245206N5"
+  is_policy_group = false
+  deploy          = true
+  entity_name     = "Switch"
+  entity_type     = "SWITCH"
+  description     = "Policy for switch"
+  template_name   = "TelemetryDst_EF"
+  source          = "CLI"
+  priority        = 500
+  serial_numbers  = ["FDO245206N5", "FDO245206N6"]
   policy_parameters = {
     DSTGRP = "501"
     IPADDR = "5.5.5.6"

generator/defs/policy.yaml

@@ -66,19 +66,23 @@ resource:
       type: String
       description: "Source of the policy"
       example: "CLI"
+      include_empty: true
     - model_name: priority
       tf_name: priority
       type: Int64
       description: "Priority of the policy"
       default_value: 500
       example: 500
     - model_name: serialNumber
-      tf_name: device_serial_number
-      type: String
-      description: "Serial number of the device"
+      tf_name: serial_numbers
+      type: List:String
       mandatory: true
-      tf_requires_replace: true
-      example: FDO245206N5
+      description: "Serial numbers of the device. Use only one device for policy. Multiple devices can be in the list if this is a  policygroup"
+      example: "[\"FDO245206N5\", \"FDO245206N6\"]"
+      tf_requires_replace_if_key: is_policy_group
+      tf_requires_replace_if_value: false
+      tf_requires_replace_if_type: bool
+      ndfc_type: csv
     - model_name: nvPairs
       tf_name: policy_parameters
       type: "Map:String"
@@ -99,5 +103,18 @@ resource:
       ndfc_type: bool
       description: "Deleted policy"
       tf_hide: true
+  
+    - model_name: generatedConfig
+      tf_name: generated_config
+      type: String
+      description: "Generated configuration"
+      computed: true
+    
+    - model_name: computed_parameters
+      tf_name: computed_parameters
+      type: "Map:String"
+      description: "List of name value pairs not set in config, but returned by NDFC"
+      computed: true
+      
 
 

go.mod

@@ -63,13 +63,13 @@ require (
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
-	golang.org/x/crypto v0.37.0 // indirect
-	golang.org/x/mod v0.24.0 // indirect
-	golang.org/x/net v0.39.0 // indirect
-	golang.org/x/sync v0.13.0 // indirect
-	golang.org/x/sys v0.32.0 // indirect
-	golang.org/x/text v0.24.0 // indirect
-	golang.org/x/tools v0.32.0 // indirect
+	golang.org/x/crypto v0.39.0 // indirect
+	golang.org/x/mod v0.25.0 // indirect
+	golang.org/x/net v0.41.0 // indirect
+	golang.org/x/sync v0.15.0 // indirect
+	golang.org/x/sys v0.33.0 // indirect
+	golang.org/x/text v0.26.0 // indirect
+	golang.org/x/tools v0.34.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20250409194420-de1ac958c67a // indirect
 	google.golang.org/grpc v1.71.1 // indirect

go.sum

@@ -193,22 +193,22 @@ go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC
 go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
-golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
+golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
+golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
-golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
+golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
+golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
-golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
+golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw=
+golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
-golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
+golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -220,21 +220,21 @@ golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
-golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
+golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
-golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
+golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
+golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU=
-golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s=
+golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
+golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=

internal/provider/ndfc/api/api.go

@@ -13,6 +13,7 @@ import (
 	"log"
 	"strings"
 	"sync"
+	"time"
 
 	"github.com/netascode/go-nd"
 
@@ -33,6 +34,8 @@ type NDFCAPI interface {
 type NDFCAPICommon struct {
 	NDFCAPI
 	LockedForDeploy bool
+	DeployStartTime time.Time
+	DeployEndTime   time.Time
 	client          *nd.Client
 }
 
@@ -136,6 +139,8 @@ func (c NDFCAPICommon) Delete() (gjson.Result, error) {
 	c.NDFCAPI.GetLock().Lock()
 	defer c.NDFCAPI.GetLock().Unlock()
 	qp := c.NDFCAPI.GetDeleteQP()
+	log.Printf("Delete URL: %s\n", c.NDFCAPI.DeleteUrl())
+	log.Printf("Delete Query Parameters: %v\n", qp)
 	var res nd.Res
 	var err error
 	if qp != nil {
@@ -183,7 +188,6 @@ func (c NDFCAPICommon) DeployPost(payload []byte) (gjson.Result, error) {
 	} else {
 		log.Printf("Deploy write lock is already acquired for %s", c.NDFCAPI.RscName())
 	}
-
 	log.Printf("Deploy Post URL: %s\n", c.NDFCAPI.PostUrl())
 	lock := c.NDFCAPI.GetLock()
 	lock.Lock()

internal/provider/ndfc/api/config_deploy_api.go

@@ -22,6 +22,7 @@ type ConfigDeploymentAPI struct {
 	SerialNumbers []string
 	Deploy        bool
 	Preview       bool
+	History       bool
 	FabricName    string
 }
 
@@ -34,6 +35,8 @@ const UrlGetFabricErrors = "/lan-fabric/rest/control/fabrics/%s/errors"
 const UrlGetGlobalConfigPreview = "/lan-fabric/rest/control/fabrics/%s/config-preview/%s"
 const UrlGetConfigPreview = "/lan-fabric/rest/control/fabrics/%s/config-preview"
 
+const UrlGetDeploymentHistory = "/lan-fabric/rest/config/delivery/deployerHistoryByFabric/%s?serialNumber=%s&sort=%s"
+
 func (c *ConfigDeploymentAPI) GetLock() *sync.Mutex {
 	return c.mutex
 }
@@ -44,6 +47,8 @@ func (c *ConfigDeploymentAPI) GetUrl() string {
 			return fmt.Sprintf(UrlGetGlobalConfigPreview, c.FabricName, strings.Join(c.SerialNumbers, ","))
 		}
 		return fmt.Sprintf(UrlGetConfigPreview, c.FabricName)
+	} else if c.History {
+		return fmt.Sprintf(UrlGetDeploymentHistory, c.FabricName, strings.Join(c.SerialNumbers, ","), "completedTime%3ADES")
 	} else {
 		return fmt.Sprintf(UrlGetFabricErrors, c.FabricName)
 	}

internal/provider/ndfc/api/policy_api.go

@@ -10,6 +10,7 @@ package api
 
 import (
 	"fmt"
+	"strings"
 	"sync"
 
 	"github.com/netascode/go-nd"
@@ -21,7 +22,9 @@ const UrlPolicy = "/lan-fabric/rest/control/policies/%s"
 const UrlPolicyDeploy = "/lan-fabric/rest/control/policies/deploy"
 
 const UrlPolicyGroup = "/lan-fabric/rest/control/policies/policygroup/%s"
-const UrlPolicyGroupCreate = "lan-fabric/rest/control/policies/policygroup/create"
+const UrlPolicyGroupCreate = "/lan-fabric/rest/control/policies/policygroup/create?serialNumbers=%s"
+const UrlPolicyGroupUpdate = "/lan-fabric/rest/control/policies/policygroup/%s?serialNumbers=%s&mark-delete-and-update=true"
+const UrlPolicyGroupDelete = "/lan-fabric/rest/control/policies/policygroup/policyIds"
 
 type PolicyAPI struct {
 	NDFCAPICommon
@@ -37,25 +40,59 @@ func (c *PolicyAPI) GetLock() *sync.Mutex {
 }
 
 func (c *PolicyAPI) GetUrl() string {
+	if c.PolicyGroup {
+		return fmt.Sprintf(UrlPolicyGroup, c.PolicyID)
+	}
 	return fmt.Sprintf(UrlPolicy, c.PolicyID)
 }
 
 func (c *PolicyAPI) PostUrl() string {
 	if c.Deploy {
+		if c.PolicyGroup {
+			if len(c.DeploySwitches) != 0 {
+				return fmt.Sprintf("%s?serialNumber=%s", UrlPolicyDeploy, strings.Join(c.DeploySwitches, ","))
+			} else {
+				panic("Switches cannot be empty")
+			}
+		}
 		return UrlPolicyDeploy
 	}
+	if c.PolicyGroup {
+		if len(c.DeploySwitches) != 0 {
+			return fmt.Sprintf(UrlPolicyGroupCreate, strings.Join(c.DeploySwitches, ","))
+		} else {
+			panic("Switches cannot be empty")
+		}
+	}
 	return UrlPolicyCreate
 }
 
 func (c *PolicyAPI) PutUrl() string {
+	if c.PolicyGroup {
+		if len(c.DeploySwitches) != 0 {
+			return fmt.Sprintf(UrlPolicyGroupUpdate, c.PolicyID, strings.Join(c.DeploySwitches, ","))
+		} else {
+			panic("Switches cannot be empty")
+		}
+	}
 	return fmt.Sprintf(UrlPolicy, c.PolicyID)
 }
 
 func (c *PolicyAPI) DeleteUrl() string {
+	if c.PolicyGroup {
+		return UrlPolicyGroupDelete
+	}
 	return fmt.Sprintf(UrlPolicy, c.PolicyID)
 }
 
 func (c *PolicyAPI) GetDeleteQP() []string {
+	if c.PolicyGroup {
+		if len(c.DeploySwitches) != 0 {
+			return []string{"policyIds=" + c.PolicyID, "serialNumbers=" + strings.Join(c.DeploySwitches, ",")}
+		} else {
+			panic("Switches cannot be empty")
+		}
+	}
 	return nil
 }