terraform-provider-nsxt icon indicating copy to clipboard operation
terraform-provider-nsxt copied to clipboard

Published 20 hours ago verified publisher icon vmware

transport_zone_path is not optional on nsxt_policy_segment resource

Open scharrier-revolve opened this issue 2 years ago • 6 comments

Describe the bug

When creating a nsxt_policy_segment on a custom Tier-1 using VMC SDDC 1.18 version the argument transport_zone_path is not optional (but it is optional in the documentation - https://registry.terraform.io/providers/vmware/nsxt/latest/docs/resources/policy_segment#transport_zone_path)

So you must specify nsxt_policy_transport_zone resource before creating the segment :

data "nsxt_policy_transport_zone" "overlay_tz" {
  display_name = "vmc-overlay-tz"
}

resource "nsxt_policy_segment" "segment" {
  nsx_id              = "segment_name"
  display_name        = "segment_name"
  description         = "Segment description"
  connectivity_path   = nsxt_policy_tier1_gateway.tier1_gw.path
  transport_zone_path = data.nsxt_policy_transport_zone.overlay_tz.path

  [...]
}

This is not useful because in VMC there is only one existing Transport Zone (vmc-overlay-tz) and when you create a segment from NSX-T UI you don"t need to provide any Transport Zone parameter and the transport_zone_path field is not present in the NSX-T API

Terraform error detail :

nsxt_policy_segment.segment: Creating...
╷
│ Error: transport_zone_path needs to be specified for infra segment on local manager
│ 
│   with nsxt_policy_segment.segment,
│   on segments.tf line 20, in resource "nsxt_policy_segment" "segment":
│   20: resource "nsxt_policy_segment" "segment" {

Reproduction steps

Try to create a nsxt_policy_segment without transport_zone_path argument (with VMC SDDC 1.18/NSX-T 3.1.5)


resource "nsxt_policy_segment" "segment" {
  nsx_id              = "segment_name"
  display_name        = "segment_name"
  description         = "Segment description"
  connectivity_path   = nsxt_policy_tier1_gateway.tier1_gw.path

  advanced_config {
    connectivity = "ON"
    hybrid       = false
    local_egress = false
    urpf_mode    = "STRICT"
  }

  subnet {
    cidr = "10.0.0.254/24"
  }
}

Expected behavior

nsxt_policy_segment must be able to be created without need to provide transport_zone_path argument on VMC

Consider documentation should be updated in this context (using VMC SDDC 1.18/NSX-T 3.1.5 versions when creating segments on custom Tier-1)

Additional context

Coming to VMC SDDC 1.18/NSX-T 3.1.5 versions Multi Tier-1 support is possible

nsxt_policy_segment must be used when you creating a segment under a custom Tier-1 instead of nsxt_policy_fixed_segment

nsxt_policy_fixed_segment still needed for segments created under default Tier-1 (cgw)

scharrier-revolve avatar Apr 22 '22 10:04 scharrier-revolve

Hi @scharrier-revolve, Did I understand correctly that this is an enhancement ask, not a bug? You would like to skip TZ configuration, but there is no functional issue with supplying it? Also can you please clarify transport_zone_path field is not present in the NSX-T API - where do you see this? Thanks!

annakhm avatar Apr 25 '22 18:04 annakhm

Hello @annakhm you can consider it as a enhancement ask, as you wish

You're right there is no functional issue to supplying it but on VMC there is only one TZ available : vmc-overlay-tz. So it is not useful to have to provide it. In the provider's documentation it is written that it is Optional, it is not really true

About transport_zone_path field is not present in the NSX-T API

It can be verified by doing a GET API call on https://{{nsx_url}}/policy/api/v1/infra/segments, segments created by Terraform will contain the property

"transport_zone_path": "/infra/sites/default/enforcement-points/vmc-enforcementpoint/transport-zones/00aa0a00-0000-0a00-0aa0-0aa00aaa0000",

segments created by NSX-T UI will not have the property

Best regards,

scharrier-revolve avatar Apr 27 '22 22:04 scharrier-revolve

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

github-actions[bot] avatar May 06 '23 17:05 github-actions[bot]

Hi @scharrier-revolve, if you create nsxt_policy_fixed_segment rather than nsxt_policy_segment, transport zone will not be mandated. Would this work for your scenario?

annakhm avatar Jul 27 '23 18:07 annakhm