govc: Add storage.policy.create '-e' option to enable encryption

- Simplify code using pbm.CapabilityProfileCreateSpec helper

Signed-off-by: Doug MacEachern <dougm@broadcom.com>

Author: dougm

cli/storage/policy/create.go

@@ -1,18 +1,6 @@
-/*
-Copyright (c) 2020-2024 VMware, Inc. All Rights Reserved.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
+// © Broadcom. All Rights Reserved.
+// The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
+// SPDX-License-Identifier: Apache-2.0
 
 package policy
 
@@ -23,17 +11,18 @@ import (
 
 	"github.com/vmware/govmomi/cli"
 	"github.com/vmware/govmomi/cli/flags"
+	"github.com/vmware/govmomi/pbm"
 	"github.com/vmware/govmomi/pbm/types"
-	vim "github.com/vmware/govmomi/vim25/types"
 )
 
 type create struct {
 	*flags.ClientFlag
 
-	spec types.PbmCapabilityProfileCreateSpec
+	spec pbm.CapabilityProfileCreateSpec
 	tag  string
 	cat  string
 	zone bool
+	enc  bool
 }
 
 func init() {
@@ -47,6 +36,7 @@ func (cmd *create) Register(ctx context.Context, f *flag.FlagSet) {
 	f.StringVar(&cmd.spec.Description, "d", "", "Description")
 	f.StringVar(&cmd.tag, "tag", "", "Tag")
 	f.StringVar(&cmd.cat, "category", "", "Category")
+	f.BoolVar(&cmd.enc, "e", false, "Enable encryption")
 	f.BoolVar(&cmd.zone, "z", false, "Enable Zonal topology for multi-zone Supervisor")
 }
 
@@ -69,70 +59,60 @@ func (cmd *create) Run(ctx context.Context, f *flag.FlagSet) error {
 
 	cmd.spec.Name = f.Arg(0)
 	cmd.spec.Category = string(types.PbmProfileCategoryEnumREQUIREMENT)
-	cmd.spec.ResourceType.ResourceType = string(types.PbmProfileResourceTypeEnumSTORAGE)
 
-	if cmd.tag == "" && !cmd.zone {
+	if cmd.tag == "" && !cmd.zone && !cmd.enc {
 		return flag.ErrHelp
 	}
 
-	var profiles []types.PbmCapabilitySubProfile
-
 	if cmd.tag != "" {
-		id := fmt.Sprintf("com.vmware.storage.tag.%s.property", cmd.cat)
-		instance := types.PbmCapabilityInstance{
-			Id: types.PbmCapabilityMetadataUniqueId{
-				Namespace: "http://www.vmware.com/storage/tag",
-				Id:        cmd.cat,
-			},
-			Constraint: []types.PbmCapabilityConstraintInstance{{
-				PropertyInstance: []types.PbmCapabilityPropertyInstance{{
-					Id: id,
-					Value: types.PbmCapabilityDiscreteSet{
-						Values: []vim.AnyType{cmd.tag},
-					},
-				}},
+		cmd.spec.CapabilityList = append(cmd.spec.CapabilityList, pbm.Capability{
+			ID:        cmd.cat,
+			Namespace: "http://www.vmware.com/storage/tag",
+			PropertyList: []pbm.Property{{
+				ID:       fmt.Sprintf("com.vmware.storage.tag.%s.property", cmd.cat),
+				Value:    cmd.tag,
+				DataType: "set",
 			}},
-		}
-		profiles = append(profiles, types.PbmCapabilitySubProfile{
-			Name:       "Tag based placement",
-			Capability: []types.PbmCapabilityInstance{instance},
 		})
 	}
 
 	if cmd.zone {
-		instance := types.PbmCapabilityInstance{
-			Id: types.PbmCapabilityMetadataUniqueId{
-				Namespace: "com.vmware.storage.consumptiondomain",
-				Id:        "StorageTopology",
-			},
-			Constraint: []types.PbmCapabilityConstraintInstance{
-				{
-					PropertyInstance: []types.PbmCapabilityPropertyInstance{
-						{
-							Id:       "StorageTopologyType",
-							Operator: "",
-							Value:    "Zonal",
-						},
-					},
-				},
-			},
-		}
-		profiles = append(profiles, types.PbmCapabilitySubProfile{
-			Name:       "Consumption domain",
-			Capability: []types.PbmCapabilityInstance{instance},
+		cmd.spec.CapabilityList = append(cmd.spec.CapabilityList, pbm.Capability{
+			ID:        "StorageTopology",
+			Namespace: "com.vmware.storage.consumptiondomain",
+			PropertyList: []pbm.Property{{
+				ID:       "StorageTopologyType",
+				Value:    "Zonal",
+				DataType: "string",
+			}},
 		})
 	}
 
-	cmd.spec.Constraints = &types.PbmCapabilitySubProfileConstraints{
-		SubProfiles: profiles,
+	if cmd.enc {
+		const encryptionCapabilityID = "ad5a249d-cbc2-43af-9366-694d7664fa52"
+
+		cmd.spec.CapabilityList = append(cmd.spec.CapabilityList, pbm.Capability{
+			ID:        encryptionCapabilityID,
+			Namespace: "com.vmware.storageprofile.dataservice",
+			PropertyList: []pbm.Property{{
+				ID:       encryptionCapabilityID,
+				Value:    encryptionCapabilityID,
+				DataType: "string",
+			}},
+		})
 	}
 
 	c, err := cmd.PbmClient()
 	if err != nil {
 		return err
 	}
 
-	pid, err := c.CreateProfile(ctx, cmd.spec)
+	spec, err := pbm.CreateCapabilityProfileSpec(cmd.spec)
+	if err != nil {
+		return err
+	}
+
+	pid, err := c.CreateProfile(ctx, *spec)
 	if err != nil {
 		return err
 	}

govc/USAGE.md

@@ -5930,6 +5930,7 @@ Examples:
 Options:
   -category=             Category
   -d=                    Description
+  -e=false               Enable encryption
   -tag=                  Tag
   -z=false               Enable Zonal topology for multi-zone Supervisor
 ```

govc/test/storage.bats

@@ -51,7 +51,13 @@ load test_helper
   run govc storage.policy.info MyZonalPolicy
   assert_success
 
-  run govc storage.policy.create -category my_cat -tag my_tag -z MyCombinedPolicy
+  run govc storage.policy.create -e MyEncryptionPolicy
+  assert_success
+
+  run govc storage.policy.info MyEncryptionPolicy
+  assert_success
+
+  run govc storage.policy.create -category my_cat -tag my_tag -z -e MyCombinedPolicy
   assert_success
 
   run govc storage.policy.info MyCombinedPolicy