vcd_vapp_vm: Add feature to add security tag during create

[jpbuecken]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

With provider 3.7.0 you added the possibility to manage vcd_nsxt_dynamic_security_group and vcd_security_tag, thanks for that.

But I need help for the following use case. I think the following is a typical usage of the script feature of the guestcustomization

During the create phase of a VM, you may run an update of your operation system or establish a connection to your configuration managment (CM) and the CM will deploy further OS settings and applications. The problem: To run updates or deploy a configuration, you already need firewall rules in place. Assume those rules are provided via security tags.

So you need the following process: Create the VM but do not run guest customization / keep it power off Add VM id to security tag PowerOn VM and run guest customization

New or Affected Resource(s)

• vcd_vapp_vm

Terraform Configuration (if it applies)

resource "vcd_vapp_vm" "vm" {
[...]
security_tags = ["tag1","tag2",...]
power_on                 = true
[...]
customization {
[...]
   initscript                 = <<EOF
#!/bin/bash
if [ "$1" == "precustomization" ]; then
  echo "precustomization tasks"
  yum -y update
elif [ "$1" == "postcustomization" ]; then
  # callout configuration managment
EOF
}
[...]

Additional information:

• So the api call for security_tags = ["tag1","tag2",...] must run before api call power_on = true is executed.
• Our NSX team told me the terraform NSX-T provider does it this way (Manage Tag at VM)
• how about /1.0.0/securityTags/vm/{id} ?

References

• Issue #459