Add vapp network resource

[vbauzys]

Ref: https://github.com/terraform-providers/terraform-provider-vcd/issues/97

New capability to create vapp network which will be isolated.
Example of usage:

resource "vcd_vapp_network" "terraform1" {
  name = "terraform1"

  vapp_name          = "vApp_system_1"
  gateway            = "192.168.2.1"
  netmask            = "255.255.255.0"
  dns1               = "192.168.2.1"
  dns2               = "192.168.2.2"
  dns_suffix         = "mano.biz"
  guest_vlan_allowed = true

  static_ip_pool {
    start_address = "192.168.2.5"
    end_address   = "192.168.2.10"
  }
}

[spengilley]

I'm waiting on this with relish :)

[vbauzys]

You may try and provide feedback :)

[lvirbalas]

The overall implementation looks quite nice. Three open (all related) conceptual questions though:

1.) Should we keep name of the resource vcd_vapp_network or vcd_vapp_network_isolated?

As a reference, we have three types for Org VDC networks:

• vcd_network_direct
• vcd_network_isolated
• vcd_network_routed

2.) How would you suggest modelling (in .tf) a vApp network which is connected to an Org VDC Network?

3.) How would you suggest modelling (in .tf) vApp network's services (DHCP, Firewall, NAT, Static Routing)?

[vbauzys]

Answers:

1. According vApp UI you can have isolated(when create adding new vapp network), natRouted when use connection dropdown and bridged when add exisitng org vdc network. So I recommend to stick with isolated for name.

2. There are a few possibilities:

• vcd_vapp_network Resource allows to configure connection with parent network and DHCP, NAT, Firewall, static routing - as such makes it very complex.
• vcd_vapp_network Resource allows to configure connection with parent network and additional resources or resources configure DHCP, NAT, Firewall, static routing for that network

3. I suggest to use existing configuration principles which we have already for DHCP, Firewall, NAT in other places

[lvirbalas]

We came to the following summary. In this PR:

1. Have a single vcd_vapp_network resource. This implements the isolated vApp network type.

In further PRs:

2. Add three new parameters to vcd_vapp_network which allow defining a routed vApp network:

resource "vcd_vapp_network" "VAppNetwork" {
  name         = "vapp-net"
  vapp_name = "vapp-test-net"

  # Parameters (all optional) which allow connecting this vApp network to the Org VDC network
  network = “org-vdc-net1” 
  nat_enabled = “true”
  firewall_enabled = “true”
...
}

3. Add new resources two manage Firewall, NAT and Static Routing at vApp network level:

• vcd_vapp_dnat
• vcd_vapp_snat
• vcd_vapp_firewall_rule
• vcd_vapp_static_route

[lvirbalas]

After discussing implementation of isolated vs routed vApp network I realised that the PR is missing the DHCP definition. DHCP configuration applies to both routed and isolated networks. We need that here.

For reference, Org VDC Network has it declared as follows:
https://www.terraform.io/docs/providers/vcd/r/network_routed.html

[spengilley]

My use case is that I have an isolated vApp network, but also I want the vApp connected to 2 other vOrg level networks. That doesn't appear possible in the above solution. Will this PR be done in concert with #74 ?

[lvirbalas]

@spengilley This PR is for vApp isolated network only. Multiple network support will be handled separately, hopefully, as part of #74

[dataclouder]

Some changes required. Will run a test once all the change requests have been addressed

[dataclouder]

This snippet is not formatted correctly. The properties should be aligned.

[vbauzys]

Fixed

[dataclouder]

What is this function returning?
Either add the definition of the return values in a comment or use named return types to show what we are returning.
For example:

func addVdcNetwork(d *schema.ResourceData, vdc govcd.Vdc, vapp govcd.VApp, vcdClient *VCDClient) (vdcNetworks []*types.OrgVDCNetwork, networkName string, err error) 

[vbauzys]

Fixed

[dataclouder]

"waiting from task" -> "waiting for task"

[vbauzys]

Fixed

[dataclouder]

"vAPP" -> "vApp"

[vbauzys]

Fixed

[dataclouder]

"waiting from task" -> "waiting for task"

[vbauzys]

Fixed

[dataclouder]

"vapp" -> "vApp"

[vbauzys]

Fixed

[dataclouder]

date ?

[vbauzys]

Fixed

[dataclouder]

"Vapp" -> "vApp"

[vbauzys]

Fixed

[dataclouder]

"vAPP" -> "vApp"

[vbauzys]

Fixed

[dn1s]

I don't agree with having this function added to this code base it should be in underlying go-vcloud-director library.

[vbauzys]

I agree regarding this and refactor will happen outside this PR. We will review vapp,vm and network functionality which is quite old code and functionality wise.

[dn1s]

Same here I don't agree with having this function added to this code base it should be in underlying go-vcloud-director library.

[vbauzys]

This functionality in latest commits was changed and just works as check.

[dn1s]

Let me propose some changes against your repo @vbauzysvmware which in my opinion would be better.

[vbauzys]

Add requested DHCP pool capabilities.
Add support for adding network when already exist others.

[lvirbalas]

Ask to update one comment in docs about the version, and then it's time to get this code to the branch and try everything out!

[lvirbalas]

Given that we are following semver, this new feature will bump the minor number, so we can point that in the comment above:
Supported in provider *v2.1+*

[vbauzys]

Updated

[lvirbalas]

Good addition. However, too many brackets and missing plus. Should be:
(Optional; *v2.1+*)

[vbauzys]

Good spot, fixed that

[jgreenback]

The below quote mentioned features that would be great to see for those of us vCD Terraform users who rely heavily on routed vapp networks (Enterprise vCD user). Any estimates on when these features will make it into a release?

We came to the following summary. In this PR:

1. Have a single vcd_vapp_network resource. This implements the isolated vApp network type.

In further PRs:

1. Add three new parameters to vcd_vapp_network which allow defining a routed vApp network:

resource "vcd_vapp_network" "VAppNetwork" {
  name         = "vapp-net"
  vapp_name = "vapp-test-net"

  # Parameters (all optional) which allow connecting this vApp network to the Org VDC network**
  network = “org-vdc-net1”
  nat_enabled = “true”
  firewall_enabled = “true”
...
}

1. Add new resources two manage Firewall, NAT and Static Routing at vApp network level:

• vcd_vapp_dnat
• vcd_vapp_snat
• vcd_vapp_firewall_rule
• vcd_vapp_static_route

[lvirbalas]

Hi @jgreenback , I created a separate issue to track this. Don't hesitate to comment there too:
https://github.com/terraform-providers/terraform-provider-vcd/issues/329

It's not planned for the current release, but is in the backlog as such.
BTW, which company are you coming from?

[vbauzys]

Hi @jgreenback would be nice if you attach on https://github.com/terraform-providers/terraform-provider-vcd/issues/329 some screenshot which resembles your business need :)

[jgreenback]

Thanks @lvirbalas / @vbauzysvmware for looking at this; I'll work on additional details as well as provide visuals for: #329

@lvirbalas; coming from Varian Medical Systems Inc.