From 0eda4630b7511b8899f151b29b502238604b0e61 Mon Sep 17 00:00:00 2001
From: Knappek <andy.knapp.ak@gmail.com>
Date: Thu, 10 Oct 2024 17:28:25 +0200
Subject: [PATCH] support stateful active/active Tier-0 deployment

Signed-off-by: Knappek <andy.knapp.ak@gmail.com>
---
 plugins/modules/nsxt_policy_tier0.py | 52 +++++++++++++++++++++++++++-
 1 file changed, 51 insertions(+), 1 deletion(-)

diff --git a/plugins/modules/nsxt_policy_tier0.py b/plugins/modules/nsxt_policy_tier0.py
index 6129d125..2eb115cd 100644
--- a/plugins/modules/nsxt_policy_tier0.py
+++ b/plugins/modules/nsxt_policy_tier0.py
@@ -57,6 +57,30 @@
             - 'ACTIVE_ACTIVE'
         default: 'ACTIVE_ACTIVE'
         type: str
+    stateful_services:
+            description: For ACTIVE-ACTIVE, this is used to enable/disable
+                        stateful services.
+            type: dict
+            suboptions:
+                enabled:
+                    description: Flag to enable ACTIVE-ACTIVE stateful services
+                    type: bool
+                    default: False
+                redirection_policy:
+                    description:
+                        - Redirection policy configuration
+                        - Redirection policy to load balance traffic among nodes
+                          IP_HASH: Hash Source IP or destination ip to redirect
+                          packet for load sharing and stateful services.
+                          NONE: Disable redirection. It requires user to define
+                          static traffic group per edge node and expects external
+                          router to forward return packet back to the same edge node.
+                          SRC_DST_IP_HASH: Hash both source and desitnation ip to
+                          redirect packet for load sharing. This mode doesn't support
+                          NAT and presumes source and destination IP remains same in
+                          either direction.
+                    type: str
+                    default: "IP_HASH"
     disable_firewall:
         description: Disable or enable gateway fiewall.
         default: False
@@ -1162,7 +1186,10 @@
     validate_certs: False
     display_name: test-tier0-1
     state: present
-    ha_mode: "ACTIVE_STANDBY"
+    ha_mode: "ACTIVE_ACTIVE"
+    stateful_services:
+      enabled: True
+      redirection_policy: "IP_HASH"
     failover_mode: "PREEMPTIVE"
     disable_firewall: True
     force_whitelisting: True
@@ -1267,6 +1294,20 @@ def get_resource_spec():
                 default="ACTIVE_ACTIVE",
                 choices=['ACTIVE_STANDBY', 'ACTIVE_ACTIVE']
             ),
+            stateful_services=dict(
+                required=False,
+                type='dict',
+                options=dict(
+                    enabled=dict(
+                        required=False,
+                        type='bool'
+                    ),
+                    redirection_policy=dict(
+                        default="IP_HASH",
+                        type='str'
+                    ),
+                )
+            ),
             disable_firewall=dict(
                 required=False,
                 type='bool',
@@ -1451,6 +1492,15 @@ def update_resource_params(self, nsx_resource_params):
             nsx_resource_params["dhcp_config_paths"] = [
                 DHCP_RELAY_CONFIG_URL + "/" + dhcp_config_id]
 
+        if "stateful_services" in nsx_resource_params:
+            stateful_services = nsx_resource_params['stateful_services']
+            if stateful_services.get('enabled'):
+              ha_mode = nsx_resource_params['ha_mode']
+              if ha_mode != "ACTIVE_ACTIVE":
+                  self.exit_with_failure(msg="stateful_services can only be "
+                                        "enabled when ha_mode is set to "
+                                        "ACTIVE_ACTIVE")
+
         if 'vrf_config' in nsx_resource_params:
             # vrf config is attached
             vrf_config = nsx_resource_params['vrf_config']