terraform-provider-nsxt icon indicating copy to clipboard operation
terraform-provider-nsxt copied to clipboard
verified publisher icon vmware

nsxt_policy_group member_type policy evolve

Open llebotlan opened this issue 1 year ago • 5 comments

Describe the bug

Today, I have Version 4.1.1.0.0.22224312 NSXT which one can filter nsxt_policy_group member_type SegmentPort and Segment. But I tried from terraform : criteria { condition { member_type = "SegmentPort" <==== key = "Tag" operator = "EQUALS" value = "vsphere_port|${var.ports[0]}" } condition { member_type = "Segment" <==== key = "Tag" operator = "EQUALS" value = "*{var.nsx_tag}|${var.net}" } } I can do this nsxt

Reproduction steps

  1. write tf file with nsxt_policy_group defined earlier
  2. launch terraform
  3. observe Error : Error: Nested conditions must all use the same member_type, but found 'Segment' with 'SegmentPort' │ │ with nsxt_policy_group.networkTag["monitoring_support"], │ on 3-nsx.tf line 366, in resource "nsxt_policy_group" "networkTag": │ 366: resource "nsxt_policy_group" "networkTag" { ...

Expected behavior

Maybe let NSX API reply for you despite of avoiding unsupported configuration

Additional context

No response

llebotlan avatar Jul 19 '24 08:07 llebotlan

Thanks @llebotlan, indeed we should remove this validation as NSX allows combinations now

annakhm avatar Jul 22 '24 18:07 annakhm

Adding this issue to the 3.7.0 milestone after discussing it with @annakhm

salv-orlando avatar Aug 09 '24 17:08 salv-orlando

Moving this issue to 3.8.0 due to release timeline constraints.

salv-orlando avatar Sep 04 '24 20:09 salv-orlando

Moving this issue to 3.8.0 due to release timeline constraints.

Hi @salv-orlando , also following this issue as well, what's the 3.8.0 release timeline ?

For the context, need this for the following:

` resource "nsxt_policy_group" "test-app-group2" {

display_name = "test-app-group2"

criteria {
    condition {
        key         = "Name"
        member_type = "KubernetesCluster"
        operator    = "EQUALS"
        value       = "domain-c9_xxxxxxx-antrea"
    }
    condition {
        key         = "Name"
        member_type = "KubernetesNamespace"
        operator    = "EQUALS"
        value       = "test-app"
    }
    condition {
        key         = "Name"
        member_type = "KubernetesService"
        operator    = "EQUALS"
        value       = "test-app-service"
    }
}

} `

gorkemozlu avatar Oct 24 '24 09:10 gorkemozlu

Moving this issue to 3.8.0 due to release timeline constraints.

Hi @salv-orlando , also following this issue as well, what's the 3.8.0 release timeline ?

@gorkemozlu release timeline is available here

ksamoray avatar Oct 27 '24 11:10 ksamoray

Hi team @salv-orlando @ksamoray , it looks like tomorrow is the release day for 3.8.0, just checking in for this issue, we still need this :)

gorkemozlu avatar Dec 11 '24 08:12 gorkemozlu

@gorkemozlu Unfortunately we need to move this to the v3.9.0 as we're close to the 3.8.0 release (which will be moved by a week in any case). This is a relatively complex use case to address with NSX groups.

We will keep it however in our priority list for v3.9.0. Btw, the issue is assigned to @annakhm!

salv-orlando avatar Dec 12 '24 21:12 salv-orlando