Error applying imported distributed_firewall from statefile VCD

[storbel]

Hello,

I can't redo the distributed firewall from an imported statefile

$  terraform import  vcd_nsxt_distributed_firewall.t1   C0000001-001.VDC_GOUV
vcd_nsxt_distributed_firewall.t1: Importing from ID "C0000001-001.VDC_GOUV"...
vcd_nsxt_distributed_firewall.t1: Import prepared!
  Prepared vcd_nsxt_distributed_firewall for import
vcd_nsxt_distributed_firewall.t1: Refreshing state... [id=urn:vcloud:vdcGroup:54e971d3-b7a6-49f5-8d6c-5a80125d5295]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

$  terraform plan

 Error: Missing required argument

   on main.tf line 37, in resource "vcd_nsxt_distributed_firewall" "t1":
   37:  rule {

 The argument "action" is required, but no definition was found.

Terraform Version

Terraform v1.2.1 on linux_amd64

• provider registry.terraform.io/vmware/vcd v3.7.0

Affected Resource(s)

Please list the resources as a list, for example:

• vcd_nsxt_distributed_firewall

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

terraform {
  required_providers {
    vcd = {
      source  = "vmware/vcd"
      version = "3.7.0"
    }
  }
}

provider "vcd" {
  user                 = "none"
  password             = "none"
  auth_type            = "api_token"
  api_token            = "xxxxxxxxxxxxxxxxxxxxx"
  org                  = "C0000001-001"
  url                  = "https://console.xxxxxxxxxxxx.app/api"
  vdc                  = "C0000001-001_AZ1+AZ2_orgVDC03"
  max_retry_timeout    = 30
  allow_unverified_ssl = true
  logging              = true
}

data "vcd_vdc_group" "datacenter_group" {
  name = "VDC_GOUV"
}

data "vcd_nsxt_edgegateway" "gw-C0000001-001" {
  owner_id = data.vcd_vdc_group.datacenter_group.id
  name     = "gw-C0000001-001"
}




resource "vcd_nsxt_distributed_firewall" "t1" {
  vdc_group_id = data.vcd_vdc_group.datacenter_group.id
 rule {
    name        = "Default_VdcGroup_VDC_GOUV"
  }
}

Debug Output

Please provide a link to GitHub Gist(s) containing complete debug output. You can enable debug by using the commands below:

export TF_LOG_PATH=tf.log            
export TF_LOG=TRACE                  
export GOVCD_LOG_FILE=go-vcloud-director.log
export GOVCD_LOG=true     

On Windows the command instead of export is set.

Replicate the issue after setting the environment variables listed above and it should create two new files in the working directory: tf.log and go-vcloud-director.log. The tf.log is a general Terraform debug log (more information about it is in https://www.terraform.io/docs/internals/debugging.html) while the go-vcloud-director.log is a specific log file for terraform-provider-vcd containing debug information about performed API calls. Please attach both of them to your Gist.

Expected Behavior

terraform plan to recreate objects from the state file

Actual Behavior

it asks to populate the rules details

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform import vcd_nsxt_distributed_firewall.t1 C0000001-001.VDC_GOUV
2. terraform plan

User Access rights

Information about user used. Role and/or more exact rights if it is customized. Organisation Administrator

[dataclouder]

Hi, This is not a bug, but the way Terraform import works, as stated in the documentation.

Import will read the resource definition and put the data in the state file. but if the HCL is incomplete, it will not fill the gaps, which need to be done manually. Terraform documentation on import confirms that this is –as of now– the intended behavior.