AV-95316 Removed deprecated resource ObjectAccessPolicy and added changes for CertificateManagementProfile test case

avi/data_source_avi_analyticsprofile_test.go

@@ -20,7 +20,7 @@ func TestAVIDataSourceAnalyticsProfileBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(
 						"avi_analyticsprofile.testAnalyticsProfile", "apdex_response_threshold", "500"),
 					resource.TestCheckResourceAttr(
-						"avi_analyticsprofile.testAnalyticsProfile", "disable_se_analytics", "false"),
+						"avi_analyticsprofile.testAnalyticsProfile", "enable_se_analytics", "true"),
 					resource.TestCheckResourceAttr(
 						"avi_analyticsprofile.testAnalyticsProfile", "apdex_server_rtt_tolerated_factor", "4"),
 					resource.TestCheckResourceAttr(
@@ -60,7 +60,7 @@ func TestAVIDataSourceAnalyticsProfileBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(
 						"avi_analyticsprofile.testAnalyticsProfile", "apdex_server_response_tolerated_factor", "4"),
 					resource.TestCheckResourceAttr(
-						"avi_analyticsprofile.testAnalyticsProfile", "disable_server_analytics", "false"),
+						"avi_analyticsprofile.testAnalyticsProfile", "enable_server_analytics", "true"),
 					resource.TestCheckResourceAttr(
 						"avi_analyticsprofile.testAnalyticsProfile", "conn_server_lossy_timeo_rexmt_threshold", "20"),
 					resource.TestCheckResourceAttr(
@@ -149,7 +149,7 @@ resource "avi_analyticsprofile" "testAnalyticsProfile" {
 	tenant_ref = data.avi_tenant.default_tenant.id
 	hs_event_throttle_window = "1209600"
 	apdex_response_threshold = "500"
-	disable_se_analytics = false
+	enable_se_analytics = true
 	apdex_server_rtt_tolerated_factor = "4"
 	hs_security_nonpfs_penalty = "1"
 	hs_security_tls12_score = "5"
@@ -170,7 +170,7 @@ resource "avi_analyticsprofile" "testAnalyticsProfile" {
 	hs_security_tls11_score = "5"
 	exclude_gs_down_as_error = false
 	apdex_server_response_tolerated_factor = "4"
-	disable_server_analytics = false
+	enable_server_analytics = true
 	conn_server_lossy_timeo_rexmt_threshold = "20"
 	exclude_client_close_before_request_as_error = true
 	hs_security_weak_signature_algo_penalty = "1"

avi/data_source_avi_certificatemanagementprofile_test.go

@@ -26,12 +26,148 @@ const testAccAVIDSCertificateManagementProfileConfig = `
 data "avi_tenant" "default_tenant"{
     name= "admin"
 }
+resource "avi_alertscriptconfig" "testAlertScriptConfig" {
+	name = "test-alertscriptconfig"
+	tenant_ref = data.avi_tenant.default_tenant.id
+	action_script = <<EOF
+#!/usr/bin/python3
+import os
+import json
+import sys
+import time
+from avi.sdk.avi_api import ApiSession
+import urllib3
+import requests
+
+if hasattr(requests.packages.urllib3, 'disable_warnings'):
+    requests.packages.urllib3.disable_warnings()
+
+if hasattr(urllib3, 'disable_warnings'):
+    urllib3.disable_warnings()
+
+
+def ParseAviParams(argv):
+    if len(argv) != 2:
+        return
+    alert_params = json.loads(argv[1])
+    print(str(alert_params))
+    return alert_params
+
+
+def get_api_token():
+    return os.environ.get('API_TOKEN')
+
+
+def cleanup_old_spec_se(se_grp_uuid, session):
+    if not se_grp_uuid:
+        print('%s Empty SE Group UUID received' % time.ctime())
+        return
+
+    print('%s ===== CLEANUP OLD SPEC SE BEGIN =====' % time.ctime())
+
+    rsp = session.get('serviceenginegroup/%s' % se_grp_uuid)
+    if rsp.status_code != 200:
+        print('%s Service Engine Group %s not found' % (time.ctime(), se_grp_uuid))
+    se_grp_data = json.loads(rsp.content)
+    print(se_grp_data)
+    if 'instance_flavor' not in se_grp_data:
+        print('%s No flavor information found in the SE Group data, '
+              'nothing to do.' % (time.ctime()))
+        return
+
+    # Get all SE referring to this SE Group
+    rsp = session.get('serviceengine?page_size=1000'
+                      '&refers_to=serviceenginegroup:%s' % se_grp_uuid)
+    if rsp.status_code != 200:
+        print('%s Service Engines could not be retrieved, status: %s' %
+              (time.ctime(), rsp.status_code))
+    se_dict = json.loads(rsp.content)['results']
+    old_spec_se = list()
+    for se_conf in se_dict:
+        if 'flavor' not in se_conf:
+            continue
+        if se_grp_data['instance_flavor'] != se_conf['flavor']:
+            old_spec_se.append(se_conf)
+
+    # Disable for placement all SE's using the older spec SE's
+    disabled_placement_old_spec_se = list()
+    for se_conf in old_spec_se:
+        se_conf['enable_state'] = 'SE_STATE_DISABLED_FOR_PLACEMENT'
+        rsp = session.put('serviceengine/%s/' % se_conf['uuid'], se_conf)
+        if rsp.status_code != 200:
+            print('%s Failed to disable for placement SE %s, status:%s, error:%s' %
+                  (time.ctime(), se_conf['name'], rsp.status_code, rsp.content))
+            continue
+        disabled_placement_old_spec_se.append(se_conf)
+
+    # Then, Disable all SE's using the older spec SE's
+    disabled_old_spec_se = list()
+    for se_conf in disabled_placement_old_spec_se:
+        se_conf['enable_state'] = 'SE_STATE_DISABLED'
+        rsp = session.put('serviceengine/%s/' % se_conf['uuid'], se_conf)
+        if rsp.status_code != 200:
+            print('%s Failed to disable for placement SE %s, status:%s, error:%s' %
+                  (time.ctime(), se_conf['name'], rsp.status_code, rsp.content))
+            continue
+        disabled_old_spec_se.append(se_conf)
+
+    # Wait for all SE to finish disabling
+    for se_conf in disabled_old_spec_se:
+        retry_count = 12
+        sleep_interval = 10
+        tries = 0
+        while True:
+            rsp = session.get('serviceengine/%s/runtime' % se_conf['uuid'])
+            if rsp.status_code != 200:
+                if rsp.status_code == 404:
+                    print('%s SE %s no longer exists' % (time.ctime(), se_conf['name']))
+                    break
+                print('%s Failed to fetch runtime for SE %s' %
+                      (time.ctime(), se_conf['name']))
+            else:
+                se_runtime = json.loads(rsp.content)
+                if 'oper_status' in se_runtime and 'state' in se_runtime['oper_status']:
+                    state = se_runtime['oper_status']['state']
+                    if state != 'OPER_DISABLED':
+                        print('%s SE %s not disabled yet, Oper state %s' %
+                              (time.ctime(), se_conf['name'], state))
+                    else:
+                        print('%s SE %s has been disabled' %
+                              (time.ctime(), se_conf['name']))
+                        break
+                else:
+                    print('%s Oper state not found for SE %s' %
+                          (time.ctime(), se_conf['name']))
+            time.sleep(sleep_interval)
+            tries += 1
+            if tries > retry_count:
+                print('%s Giving up disabling SE %s after %d seconds, trying next SE' %
+                      (time.ctime(), se_conf['name'], retry_count * sleep_interval))
+                break
+
+    print('%s ===== CLEANUP OLD SPEC SE DONE =====' % time.ctime())
+
+
+if __name__ == "__main__":
+    alert_params = ParseAviParams(sys.argv)
+    se_grp_uuid = None
+    tenant_uuid = 'admin'
+    for event in alert_params.get('events', []):
+        if event['event_id'] == 'CONFIG_SE_GRP_FLAVOR_UPDATE':
+            se_grp_uuid = event['obj_uuid']
+            tenant_uuid = event['event_details']['config_se_grp_flv_update_details']['tenant_uuid']
+    token = get_api_token()
+    print('token = %s\n' % token)
+    with ApiSession('localhost', 'admin', token=token,
+                    tenant_uuid=tenant_uuid) as session:
+        cleanup_old_spec_se(se_grp_uuid, session)
+EOF
+}
 resource "avi_certificatemanagementprofile" "testCertificateManagementProfile" {
 	name = "test-cert-test-abc"
-	script_path = "test script path"
+	run_script_ref = avi_alertscriptconfig.testAlertScriptConfig.id
 	tenant_ref = data.avi_tenant.default_tenant.id
 }
-
 data "avi_certificatemanagementprofile" "testCertificateManagementProfile" {
     name= "${avi_certificatemanagementprofile.testCertificateManagementProfile.name}"
 }

avi/datasource_avi_albservicesconfig.go

@@ -26,6 +26,10 @@ func dataSourceAviALBServicesConfig() *schema.Resource {
 				Computed: true,
 				Elem:     ResourceIpReputationConfigSchema(),
 			},
+			"mode": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			"polling_interval": {
 				Type:     schema.TypeInt,
 				Computed: true,
@@ -48,6 +52,10 @@ func dataSourceAviALBServicesConfig() *schema.Resource {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
+			"use_tls": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
 			"uuid": {
 				Type:     schema.TypeString,
 				Optional: true,

avi/datasource_avi_analyticsprofile.go

@@ -97,27 +97,27 @@ func dataSourceAviAnalyticsProfile() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-			"disable_ondemand_metrics": {
+			"enable_adaptive_config": {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
-			"disable_se_analytics": {
+			"enable_advanced_analytics": {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
-			"disable_server_analytics": {
+			"enable_ondemand_metrics": {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
-			"disable_vs_analytics": {
+			"enable_se_analytics": {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
-			"enable_adaptive_config": {
+			"enable_server_analytics": {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
-			"enable_advanced_analytics": {
+			"enable_vs_analytics": {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
@@ -311,6 +311,11 @@ func dataSourceAviAnalyticsProfile() *schema.Resource {
 				Type:     schema.TypeFloat,
 				Computed: true,
 			},
+			"labels": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     ResourceKeyValueSchema(),
+			},
 			"name": {
 				Type:     schema.TypeString,
 				Optional: true,

avi/datasource_avi_applicationpersistenceprofile.go

@@ -39,6 +39,11 @@ func dataSourceAviApplicationPersistenceProfile() *schema.Resource {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
+			"labels": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     ResourceKeyValueSchema(),
+			},
 			"name": {
 				Type:     schema.TypeString,
 				Optional: true,

avi/datasource_avi_autoscalelaunchconfig.go

@@ -19,6 +19,11 @@ func dataSourceAviAutoScaleLaunchConfig() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"labels": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     ResourceKeyValueSchema(),
+			},
 			"mesos": {
 				Type:     schema.TypeSet,
 				Computed: true,

avi/datasource_avi_certificatemanagementprofile.go

@@ -16,15 +16,15 @@ func dataSourceAviCertificateManagementProfile() *schema.Resource {
 				Optional: true,
 				Computed: true,
 			},
+			"run_script_ref": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			"script_params": {
 				Type:     schema.TypeList,
 				Computed: true,
 				Elem:     ResourceCustomParamsSchema(),
 			},
-			"script_path": {
-				Type:     schema.TypeString,
-				Computed: true,
-			},
 			"tenant_ref": {
 				Type:     schema.TypeString,
 				Optional: true,

avi/datasource_avi_controllerproperties.go

@@ -135,6 +135,10 @@ func dataSourceAviControllerProperties() *schema.Resource {
 				Type:     schema.TypeInt,
 				Computed: true,
 			},
+			"max_threads_cc_vip_bg_worker": {
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
 			"permission_scoped_shared_admin_networks": {
 				Type:     schema.TypeBool,
 				Computed: true,

avi/datasource_avi_dnspolicy.go

@@ -19,6 +19,11 @@ func dataSourceAviDnsPolicy() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"labels": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     ResourceKeyValueSchema(),
+			},
 			"name": {
 				Type:     schema.TypeString,
 				Optional: true,

avi/datasource_avi_errorpagebody.go

@@ -19,6 +19,11 @@ func dataSourceAviErrorPageBody() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"labels": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     ResourceKeyValueSchema(),
+			},
 			"name": {
 				Type:     schema.TypeString,
 				Optional: true,

avi/datasource_avi_errorpageprofile.go

@@ -16,6 +16,11 @@ func dataSourceAviErrorPageProfile() *schema.Resource {
 				Computed: true,
 				Elem:     ResourceErrorPageSchema(),
 			},
+			"labels": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     ResourceKeyValueSchema(),
+			},
 			"name": {
 				Type:     schema.TypeString,
 				Optional: true,

avi/datasource_avi_gslbgeodbprofile.go

@@ -24,6 +24,11 @@ func dataSourceAviGslbGeoDbProfile() *schema.Resource {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
+			"labels": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     ResourceKeyValueSchema(),
+			},
 			"name": {
 				Type:     schema.TypeString,
 				Optional: true,

avi/datasource_avi_gslbservice.go

@@ -63,6 +63,11 @@ func dataSourceAviGslbService() *schema.Resource {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
+			"labels": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     ResourceKeyValueSchema(),
+			},
 			"min_members": {
 				Type:     schema.TypeInt,
 				Computed: true,

avi/datasource_avi_hardwaresecuritymodulegroup.go

@@ -16,6 +16,11 @@ func dataSourceAviHardwareSecurityModuleGroup() *schema.Resource {
 				Computed: true,
 				Elem:     ResourceHardwareSecurityModuleSchema(),
 			},
+			"labels": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     ResourceKeyValueSchema(),
+			},
 			"name": {
 				Type:     schema.TypeString,
 				Optional: true,