From 47cfcbd7b9746f767f88630dd808715d5761275e Mon Sep 17 00:00:00 2001
From: Kobi Samoray <ksamoray@vmware.com>
Date: Sun, 9 Jul 2023 09:32:59 +0300
Subject: [PATCH] Error use of gateway DNS forwarder with T0

T0 gateways do not have multitenancy support

Signed-off-by: Kobi Samoray <ksamoray@vmware.com>
---
 ...ource_nsxt_policy_gateway_dns_forwarder.go | 36 ++++++++++++++-----
 nsxt/resource_nsxt_policy_nat_rule.go         | 26 +++++++++++---
 nsxt/resource_nsxt_policy_static_route.go     | 24 ++++++++++---
 3 files changed, 69 insertions(+), 17 deletions(-)

diff --git a/nsxt/resource_nsxt_policy_gateway_dns_forwarder.go b/nsxt/resource_nsxt_policy_gateway_dns_forwarder.go
index 5bb2dd4d8..c6991be15 100644
--- a/nsxt/resource_nsxt_policy_gateway_dns_forwarder.go
+++ b/nsxt/resource_nsxt_policy_gateway_dns_forwarder.go
@@ -97,7 +97,12 @@ func resourceNsxtPolicyGatewayDNSForwarderRead(d *schema.ResourceData, m interfa
 		return fmt.Errorf("gateway_path is not valid")
 	}
 
-	obj, err := policyGatewayDNSForwarderGet(getSessionContext(d, m), connector, gwID, isT0)
+	context := getSessionContext(d, m)
+	if isT0 && context.ClientType == utl.Multitenancy {
+		return fmt.Errorf("multitenancy not supported with Tier0 gateways")
+	}
+
+	obj, err := policyGatewayDNSForwarderGet(context, connector, gwID, isT0)
 
 	if err != nil {
 		return handleReadError(d, "Gateway Dns Forwarder", gwID, err)
@@ -167,12 +172,17 @@ func resourceNsxtPolicyGatewayDNSForwarderCreate(d *schema.ResourceData, m inter
 
 	// Verify DNS forwarder is not yet defined for this Gateway
 	var err error
-	sessionContext := getSessionContext(d, m)
+	context := getSessionContext(d, m)
+
+	if isT0 && context.ClientType == utl.Multitenancy {
+		return fmt.Errorf("multitenancy not supported with Tier0 gateways")
+	}
+
 	if isT0 {
-		client := tier0s.NewDnsForwarderClient(sessionContext, connector)
+		client := tier0s.NewDnsForwarderClient(context, connector)
 		_, err = client.Get(gwID)
 	} else {
-		client := tier1s.NewDnsForwarderClient(sessionContext, connector)
+		client := tier1s.NewDnsForwarderClient(context, connector)
 		_, err = client.Get(gwID)
 	}
 	if err == nil {
@@ -183,7 +193,7 @@ func resourceNsxtPolicyGatewayDNSForwarderCreate(d *schema.ResourceData, m inter
 
 	log.Printf("[INFO] Creating Dns Forwarder for Gateway %s", gwID)
 
-	err = patchNsxtPolicyGatewayDNSForwarder(sessionContext, connector, d, gwID, isT0)
+	err = patchNsxtPolicyGatewayDNSForwarder(context, connector, d, gwID, isT0)
 	if err != nil {
 		return handleCreateError("Gateway Dns Forwarder", gwID, err)
 	}
@@ -201,8 +211,12 @@ func resourceNsxtPolicyGatewayDNSForwarderUpdate(d *schema.ResourceData, m inter
 		return fmt.Errorf("gateway_path is not valid")
 	}
 
+	context := getSessionContext(d, m)
+	if isT0 && context.ClientType == utl.Multitenancy {
+		return fmt.Errorf("multitenancy not supported with Tier0 gateways")
+	}
 	log.Printf("[INFO] Updating Gateway Dns Forwarder with ID %s", gwID)
-	err := patchNsxtPolicyGatewayDNSForwarder(getSessionContext(d, m), connector, d, gwID, isT0)
+	err := patchNsxtPolicyGatewayDNSForwarder(context, connector, d, gwID, isT0)
 	if err != nil {
 		return handleUpdateError("Gateway Dns Forwarder", gwID, err)
 	}
@@ -220,12 +234,16 @@ func resourceNsxtPolicyGatewayDNSForwarderDelete(d *schema.ResourceData, m inter
 	}
 
 	var err error
-	sessionContext := getSessionContext(d, m)
+	context := getSessionContext(d, m)
+	if isT0 && context.ClientType == utl.Multitenancy {
+		return fmt.Errorf("multitenancy not supported with Tier0 gateways")
+	}
+
 	if isT0 {
-		client := tier0s.NewDnsForwarderClient(sessionContext, connector)
+		client := tier0s.NewDnsForwarderClient(context, connector)
 		err = client.Delete(gwID)
 	} else {
-		client := tier1s.NewDnsForwarderClient(sessionContext, connector)
+		client := tier1s.NewDnsForwarderClient(context, connector)
 		err = client.Delete(gwID)
 	}
 	if err != nil {
diff --git a/nsxt/resource_nsxt_policy_nat_rule.go b/nsxt/resource_nsxt_policy_nat_rule.go
index 9f8394f0e..b9754818c 100644
--- a/nsxt/resource_nsxt_policy_nat_rule.go
+++ b/nsxt/resource_nsxt_policy_nat_rule.go
@@ -155,10 +155,14 @@ func resourceNsxtPolicyNATRuleDelete(d *schema.ResourceData, m interface{}) erro
 	if gwID == "" {
 		return fmt.Errorf("gateway_path is not valid")
 	}
+	context := getSessionContext(d, m)
+	if isT0 && context.ClientType == utl.Multitenancy {
+		return fmt.Errorf("multitenancy not supported with Tier0 gateways")
+	}
 
 	action := d.Get("action").(string)
 	natType := getNatTypeByAction(action)
-	err := deleteNsxtPolicyNATRule(getSessionContext(d, m), getPolicyConnector(m), gwID, isT0, natType, id)
+	err := deleteNsxtPolicyNATRule(context, getPolicyConnector(m), gwID, isT0, natType, id)
 	if err != nil {
 		return handleDeleteError("NAT Rule", id, err)
 	}
@@ -224,9 +228,14 @@ func resourceNsxtPolicyNATRuleRead(d *schema.ResourceData, m interface{}) error
 		return fmt.Errorf("gateway_path is not valid")
 	}
 
+	context := getSessionContext(d, m)
+	if isT0 && context.ClientType == utl.Multitenancy {
+		return fmt.Errorf("multitenancy not supported with Tier0 gateways")
+	}
+
 	action := d.Get("action").(string)
 	natType := getNatTypeByAction(action)
-	obj, err := getNsxtPolicyNATRuleByID(getSessionContext(d, m), connector, gwID, isT0, natType, id)
+	obj, err := getNsxtPolicyNATRuleByID(context, connector, gwID, isT0, natType, id)
 	if err != nil {
 		return handleReadError(d, "NAT Rule", id, err)
 	}
@@ -271,11 +280,16 @@ func resourceNsxtPolicyNATRuleCreate(d *schema.ResourceData, m interface{}) erro
 		return fmt.Errorf("gateway_path is not valid")
 	}
 
+	context := getSessionContext(d, m)
+	if isT0 && context.ClientType == utl.Multitenancy {
+		return fmt.Errorf("multitenancy not supported with Tier0 gateways")
+	}
+
 	id := d.Get("nsx_id").(string)
 	if id == "" {
 		id = newUUID()
 	} else {
-		_, err := getNsxtPolicyNATRuleByID(getSessionContext(d, m), connector, gwID, isT0, natType, id)
+		_, err := getNsxtPolicyNATRuleByID(context, connector, gwID, isT0, natType, id)
 		if err == nil {
 			return fmt.Errorf("NAT Rule with nsx_id '%s' already exists", id)
 		} else if !isNotFoundError(err) {
@@ -347,6 +361,10 @@ func resourceNsxtPolicyNATRuleUpdate(d *schema.ResourceData, m interface{}) erro
 	if gwID == "" {
 		return fmt.Errorf("gateway_path is not valid")
 	}
+	context := getSessionContext(d, m)
+	if isT0 && context.ClientType == utl.Multitenancy {
+		return fmt.Errorf("multitenancy not supported with Tier0 gateways")
+	}
 
 	displayName := d.Get("display_name").(string)
 	description := d.Get("description").(string)
@@ -388,7 +406,7 @@ func resourceNsxtPolicyNATRuleUpdate(d *schema.ResourceData, m interface{}) erro
 	}
 
 	log.Printf("[INFO] Updating NAT Rule with ID %s", id)
-	err := patchNsxtPolicyNATRule(getSessionContext(d, m), connector, gwID, ruleStruct, isT0)
+	err := patchNsxtPolicyNATRule(context, connector, gwID, ruleStruct, isT0)
 	if err != nil {
 		return handleUpdateError("NAT Rule", id, err)
 	}
diff --git a/nsxt/resource_nsxt_policy_static_route.go b/nsxt/resource_nsxt_policy_static_route.go
index 18e151c8b..dc7327c00 100644
--- a/nsxt/resource_nsxt_policy_static_route.go
+++ b/nsxt/resource_nsxt_policy_static_route.go
@@ -114,12 +114,16 @@ func resourceNsxtPolicyStaticRouteCreate(d *schema.ResourceData, m interface{})
 	if gwID == "" {
 		return fmt.Errorf("gateway_path is not a valid")
 	}
+	context := getSessionContext(d, m)
+	if isT0 && context.ClientType == utl.Multitenancy {
+		return fmt.Errorf("multitenancy not supported with Tier0 gateways")
+	}
 
 	id := d.Get("nsx_id").(string)
 	if id == "" {
 		id = newUUID()
 	} else {
-		_, err := getNsxtPolicyStaticRouteByID(getSessionContext(d, m), connector, gwID, isT0, id)
+		_, err := getNsxtPolicyStaticRouteByID(context, connector, gwID, isT0, id)
 		if err == nil {
 			return fmt.Errorf("Static Route with nsx_id '%s' already exists", id)
 		} else if !isNotFoundError(err) {
@@ -191,8 +195,12 @@ func resourceNsxtPolicyStaticRouteRead(d *schema.ResourceData, m interface{}) er
 	if gwID == "" {
 		return fmt.Errorf("gateway_path is not a valid")
 	}
+	context := getSessionContext(d, m)
+	if isT0 && context.ClientType == utl.Multitenancy {
+		return fmt.Errorf("multitenancy not supported with Tier0 gateways")
+	}
 
-	obj, err := getNsxtPolicyStaticRouteByID(getSessionContext(d, m), connector, gwID, isT0, id)
+	obj, err := getNsxtPolicyStaticRouteByID(context, connector, gwID, isT0, id)
 	if err != nil {
 		return handleReadError(d, "Static Route", id, err)
 	}
@@ -245,6 +253,10 @@ func resourceNsxtPolicyStaticRouteUpdate(d *schema.ResourceData, m interface{})
 	if gwID == "" {
 		return fmt.Errorf("gateway_path is not valid")
 	}
+	context := getSessionContext(d, m)
+	if isT0 && context.ClientType == utl.Multitenancy {
+		return fmt.Errorf("multitenancy not supported with Tier0 gateways")
+	}
 
 	displayName := d.Get("display_name").(string)
 	description := d.Get("description").(string)
@@ -285,7 +297,7 @@ func resourceNsxtPolicyStaticRouteUpdate(d *schema.ResourceData, m interface{})
 	}
 
 	log.Printf("[INFO] Updating Static Route with ID %s", id)
-	err := patchNsxtPolicyStaticRoute(getSessionContext(d, m), connector, gwID, routeStruct, isT0)
+	err := patchNsxtPolicyStaticRoute(context, connector, gwID, routeStruct, isT0)
 	if err != nil {
 		return handleUpdateError("Static Route", id, err)
 	}
@@ -307,8 +319,12 @@ func resourceNsxtPolicyStaticRouteDelete(d *schema.ResourceData, m interface{})
 	if gwID == "" {
 		return fmt.Errorf("gateway_path is not valid")
 	}
+	context := getSessionContext(d, m)
+	if isT0 && context.ClientType == utl.Multitenancy {
+		return fmt.Errorf("multitenancy not supported with Tier0 gateways")
+	}
 
-	err := deleteNsxtPolicyStaticRoute(getSessionContext(d, m), getPolicyConnector(m), gwID, isT0, id)
+	err := deleteNsxtPolicyStaticRoute(context, getPolicyConnector(m), gwID, isT0, id)
 	if err != nil {
 		return handleDeleteError("Static Route", id, err)
 	}