terraform-provider-tanzu-mission-control icon indicating copy to clipboard operation
terraform-provider-tanzu-mission-control copied to clipboard

Published 20 hours ago verified publisher icon vmware

Network Policies require to_pod_labels which should be optional

Open vrabbi opened this issue 1 year ago • 2 comments

Describe the bug

TMC allows for not defining a pod selector to apply a network policy to which in turn means it applies to all pods in the relevant namespace/workspace. the TMC resource requires supplying the to_pod_labels field and it is a map type, however when providing an empty map eg to_pod_labels = {} this fails as well as it complains about requiring the data structure to be an array in the API but it is being passed a value of null.

Reproduction steps

  1. create a network policy resource as such:
resource "tanzu-mission-control_network_policy" "kube_system_egress" {
  name = "allow-egress-to-kube-system"

  scope {
    workspace {
      workspace = "saample"
    }
  }

  spec {
    input {
      custom_egress {
        rules {
          ports {
            port = "53"
            protocol = "TCP"
          }
          ports {
            port = "53"
            protocol = "UDP"
          }
          rule_spec {
            custom_selector {
              namespace_selector = {
                "kubernetes.io/metadata.name" = "kube-system"
              }
            }
          }
        }
      }
    }
  }
}
  1. when this fails try adding the following under custom_egress and see it fail again with a different error:
        to_pod_labels = {}
  1. Add an actual label and see that it works
        to_pod_labels = {"demo" = "true"}

Expected behavior

network policy should allow not specifying the to_pod_labels and or allow an empty selector

Additional context

No response

vrabbi avatar Aug 18 '23 15:08 vrabbi