[FIX] NPA-1042 - Added Validation for Vdiscoverytask Port, Protocol, and DriverType Fields (#279)

Tejashree-RS · dependabot[bot] · VishrutiBuddhadev · web-flow · commit e458a5162241 · 2025-12-02T14:19:54.000+05:30
* added validator for use_identity and allow_unsecured_connection attributes * modified comment * chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#265) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.43.0 to 0.45.0. - [Commits](golang/crypto@v0.43.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishruti Buddhadev <vbuddhadev@infoblox.com>
diff --git a/internal/service/discovery/vdiscoverytask_resource.go b/internal/service/discovery/vdiscoverytask_resource.go
@@ -282,6 +282,56 @@ func (r *VdiscoverytaskResource) ValidateConfig(ctx context.Context, req resourc
 			}
 		}
 	}
+
+	if !data.UseIdentity.IsNull() && !data.UseIdentity.IsUnknown() && data.UseIdentity.ValueBool() {
+		// When use_identity is true, enforce standard ports
+		if !data.Protocol.IsNull() && !data.Protocol.IsUnknown() && !data.Port.IsNull() && !data.Port.IsUnknown() {
+			protocol := data.Protocol.ValueString()
+			port := data.Port.ValueInt64()
+
+			if protocol == "HTTPS" && port != 443 {
+				resp.Diagnostics.AddAttributeError(
+					path.Root("port"),
+					"Invalid Port Configuration",
+					fmt.Sprintf("When use_identity is true and protocol is HTTPS, port must be 443. Got: %d", port),
+				)
+			}
+
+			if protocol == "HTTP" && port != 80 {
+				resp.Diagnostics.AddAttributeError(
+					path.Root("port"),
+					"Invalid Port Configuration",
+					fmt.Sprintf("When use_identity is true and protocol is HTTP, port must be 80. Got: %d", port),
+				)
+			}
+		}
+	}
+
+	// Validate allow_unsecured_connection requirements
+	if !data.AllowUnsecuredConnection.IsNull() && !data.AllowUnsecuredConnection.IsUnknown() && data.AllowUnsecuredConnection.ValueBool() {
+		// When allow_unsecured_connection is true, protocol must be HTTPS
+		if !data.Protocol.IsNull() && !data.Protocol.IsUnknown() {
+			if data.Protocol.ValueString() != "HTTPS" {
+				resp.Diagnostics.AddAttributeError(
+					path.Root("protocol"),
+					"Invalid Protocol Configuration",
+					fmt.Sprintf("When allow_unsecured_connection is true, protocol must be HTTPS. Got: %s", data.Protocol.ValueString()),
+				)
+			}
+		}
+
+		// When allow_unsecured_connection is true, driver_type must be VMware or OpenStack
+		if !data.DriverType.IsNull() && !data.DriverType.IsUnknown() {
+			driverType := data.DriverType.ValueString()
+			if driverType != "VMWARE" && driverType != "OPENSTACK" {
+				resp.Diagnostics.AddAttributeError(
+					path.Root("driver_type"),
+					"Invalid Driver Type Configuration",
+					fmt.Sprintf("When allow_unsecured_connection is true, driver_type must be either VMware or OpenStack. Got: %s", driverType),
+				)
+			}
+		}
+	}
 }
 
 func (r *VdiscoverytaskResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
