terraform-provider-vcd icon indicating copy to clipboard operation
terraform-provider-vcd copied to clipboard

Published 20 hours ago verified publisher icon vmware

vcd_nsxt_distributed_firewall issue

Open storbel opened this issue 2 years ago • 5 comments

Hi, vCloud console is blocked everytime i change the order of the distributed_firewall rules order, below the details

Terraform Version

terraform -v Terraform v1.1.6 on linux_amd64

  • provider registry.terraform.io/vmware/vcd v3.6.0

Affected Resource(s)

  • nsxt_distributed_firewall

Terraform Configuration Files

terraform {
  required_providers {
    vcd = {
      source  = "vmware/vcd"
      version = "3.6.0"
    }
  }
}

provider "vcd" {
  user                 = "none"
  password             = "none"
  auth_type            = "api_token"
  api_token            = "xxxxxxxxxxxxxxxxxxxxxxxxx"
  org                  = "xxxxxxxxxxxx"
  url                  = "https://xxxxx/api"
  vdc                  = "xxxxxxxxxxxx"
  max_retry_timeout    = 30
  allow_unverified_ssl = true
  logging              = true
}

data "vcd_vdc_group" "datacenter_group" {
  name = "DCGROUP"
}

resource "vcd_nsxt_distributed_firewall" "t1" {
  vdc_group_id = data.vcd_vdc_group.datacenter_group.id

rule {
   name        = "rule1"
   action      = "ALLOW"
   ip_protocol = "IPV4"
   direction   = "OUT"
 }
 rule {
   name        = "rule2"
   action      = "ALLOW"
   ip_protocol = "IPV4"
   direction   = "OUT"
 }

  rule {
    name        = "Default"
    action      = "DROP"
    ip_protocol = "IPV4"
    direction   = "IN"
  }


}

Debug Output


Terraform will perform the following actions:

  # vcd_nsxt_distributed_firewall.t1 will be updated in-place
  ~ resource "vcd_nsxt_distributed_firewall" "t1" {
        id           = "urn:vcloud:vdcGroup:9bdb7cf1-fb71-4201-8f20-b85f5b89f86c"
        # (1 unchanged attribute hidden)

      ~ rule {
            id                          = "220bbed1-0998-4618-978c-4bb67be4f7c6"
          ~ name                        = "rule2" -> "rule1"
            # (11 unchanged attributes hidden)
        }
      ~ rule {
            id                          = "a6256116-944c-4702-8da6-cf05ccbea01f"
          ~ name                        = "rule1" -> "rule2"
            # (11 unchanged attributes hidden)
        }
        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

vcd_nsxt_distributed_firewall.t1: Modifying... [id=urn:vcloud:vdcGroup:9bdb7cf1-fb71-4201-8f20-b85f5b89f86c]
vcd_nsxt_distributed_firewall.t1: Modifications complete after 4s [id=urn:vcloud:vdcGroup:9bdb7cf1-fb71-4201-8f20-b85f5b89f86c]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Expected Behavior

no issue on the console

Actual Behavior

the distibuted firewall menu on the vcloud director console is no longer accessible ( see screenshot)

Steps to Reproduce

  1. terraform plan & apply of the manifest shared above, when you change the order of the rules

storbel avatar Jun 20 '22 14:06 storbel

image

storbel avatar Jun 20 '22 14:06 storbel

image

storbel avatar Jun 20 '22 14:06 storbel

Hello @storbel, Wow this is strange. Which version of vcd does this happen on?

Didainius avatar Jun 20 '22 15:06 Didainius

Hello @storbel

Also, could you check VCD logs to see the exact error there?

vbauzys avatar Jun 21 '22 05:06 vbauzys

Hello @storbel , does this still happen for you?

Didainius avatar Aug 04 '22 07:08 Didainius

@storbel , I am closing this - feel free to reopen with info if this still happens

Didainius avatar Nov 22 '22 10:11 Didainius