-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VPC E-W security policy resource #1217
Conversation
/test-all |
c653eb5
to
9977b84
Compare
/test-all |
/test-all |
nsxt/provider.go
Outdated
ctxPtr := d.Get("context") | ||
if ctxPtr != nil { | ||
contexts := ctxPtr.([]interface{}) | ||
for _, context := range contexts { | ||
data := context.(map[string]interface{}) | ||
vpcID := "" | ||
if data["vpi_id"] != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
perhaps you have a typo here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed
/test-all |
0889a1b
to
1aaaf4f
Compare
7c83f69
to
5ece116
Compare
/test-all |
This PR does not cover the provider-defined VPC scope yet, correct? |
Indeed - the provider-level VPC specification is a global, non per-resource change. |
8134a41
to
77d6a6b
Compare
/test-all |
nsxt/provider.go
Outdated
@@ -496,6 +496,7 @@ func Provider() *schema.Provider { | |||
"nsxt_policy_gateway_flood_protection_profile_binding": resourceNsxtPolicyGatewayFloodProtectionProfileBinding(), | |||
"nsxt_policy_compute_sub_cluster": resourceNsxtPolicyComputeSubCluster(), | |||
"nsxt_policy_tier0_inter_vrf_routing": resourceNsxtPolicyTier0InterVRFRouting(), | |||
"nsxt_policy_vpc_security_policy": resourceNsxtPolicyVPCSecurityPolicy(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we remove the first policy
for all VPC resources? There is no other VPC.. Would love to hear also from @salv-orlando and @tvigneron
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree, also proposed that in design review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems a great idea - for vpc resources let's get rid of the Policy. We don't want the name to be unnecessarily long
Hi, a quick maybe dumb question: does this series of change support |
@qiyueyao I haven't got to handle these data sources yet but yeah - unless they use search API, they'll be affected by this change as the API wrapper is modified. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have no comment, and looks good to me.
Let's decide if we want to include also VPC support for parent_security_policy
and security_policy_rule
nsxt/provider.go
Outdated
@@ -496,6 +496,7 @@ func Provider() *schema.Provider { | |||
"nsxt_policy_gateway_flood_protection_profile_binding": resourceNsxtPolicyGatewayFloodProtectionProfileBinding(), | |||
"nsxt_policy_compute_sub_cluster": resourceNsxtPolicyComputeSubCluster(), | |||
"nsxt_policy_tier0_inter_vrf_routing": resourceNsxtPolicyTier0InterVRFRouting(), | |||
"nsxt_policy_vpc_security_policy": resourceNsxtPolicyVPCSecurityPolicy(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree, also proposed that in design review.
/test-all |
/test-all |
}, | ||
Providers: testAccProviders, | ||
CheckDestroy: func(state *terraform.State) error { | ||
return testAccNsxtPolicySecurityPolicyCheckDestroy(state, updatedName, defaultDomain) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should pass the resource name or use a VPC func here
0321054
to
0e0bd77
Compare
Children: []*data.StructValue{childVPC}, | ||
} | ||
|
||
client := nsxt.NewOrgRootClient(connector) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would work with VPC admin privilege?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested with v4.2.0, it does.
terraform import nsxt_vpc_security_policy.policy1 PATH | ||
``` | ||
|
||
The above command imports the VPC security policy named `policy1` under NSX domain `domain` with the NSX Policy path `PATH`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
domain
is irrelevant here
LGTM. There are some doc fixes needed, but feel free to address them in one of the following PRs if you prefer |
Implement the resource for east-west VPC security policy. Signed-off-by: Kobi Samoray <[email protected]>
/test-all |
Implement the resource for east-west VPC security policy.