Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

transport_zone_path is not optional on nsxt_policy_segment resource #742

Open
scharrier-revolve opened this issue Apr 22, 2022 · 4 comments
Open

transport_zone_path is not optional on nsxt_policy_segment resource #742

scharrier-revolve opened this issue Apr 22, 2022 · 4 comments
Labels
documentation enhancement waiting-response

Comments

@scharrier-revolve
Copy link

scharrier-revolve commented Apr 22, 2022
edited

Describe the bug

When creating a nsxt_policy_segment on a custom Tier-1 using VMC SDDC 1.18 version the argument transport_zone_path is not optional (but it is optional in the documentation - https://registry.terraform.io/providers/vmware/nsxt/latest/docs/resources/policy_segment#transport_zone_path)

So you must specify nsxt_policy_transport_zone resource before creating the segment :

data "nsxt_policy_transport_zone" "overlay_tz" {
  display_name = "vmc-overlay-tz"
}

resource "nsxt_policy_segment" "segment" {
  nsx_id              = "segment_name"
  display_name        = "segment_name"
  description         = "Segment description"
  connectivity_path   = nsxt_policy_tier1_gateway.tier1_gw.path
  transport_zone_path = data.nsxt_policy_transport_zone.overlay_tz.path

  [...]
}

This is not useful because in VMC there is only one existing Transport Zone (vmc-overlay-tz) and when you create a segment from NSX-T UI you don"t need to provide any Transport Zone parameter and the transport_zone_path field is not present in the NSX-T API

Terraform error detail :

nsxt_policy_segment.segment: Creating...
╷
│ Error: transport_zone_path needs to be specified for infra segment on local manager
│ 
│   with nsxt_policy_segment.segment,
│   on segments.tf line 20, in resource "nsxt_policy_segment" "segment":
│   20: resource "nsxt_policy_segment" "segment" {

Reproduction steps

Try to create a nsxt_policy_segment without transport_zone_path argument (with VMC SDDC 1.18/NSX-T 3.1.5)


resource "nsxt_policy_segment" "segment" {
  nsx_id              = "segment_name"
  display_name        = "segment_name"
  description         = "Segment description"
  connectivity_path   = nsxt_policy_tier1_gateway.tier1_gw.path

  advanced_config {
    connectivity = "ON"
    hybrid       = false
    local_egress = false
    urpf_mode    = "STRICT"
  }

  subnet {
    cidr = "10.0.0.254/24"
  }
}

Expected behavior

nsxt_policy_segment must be able to be created without need to provide transport_zone_path argument on VMC

Consider documentation should be updated in this context (using VMC SDDC 1.18/NSX-T 3.1.5 versions when creating segments on custom Tier-1)

Additional context

Coming to VMC SDDC 1.18/NSX-T 3.1.5 versions Multi Tier-1 support is possible

nsxt_policy_segment must be used when you creating a segment under a custom Tier-1 instead of nsxt_policy_fixed_segment

nsxt_policy_fixed_segment still needed for segments created under default Tier-1 (cgw)
@annakhm
Copy link
Collaborator

annakhm commented Apr 25, 2022

Hi @scharrier-revolve,
Did I understand correctly that this is an enhancement ask, not a bug? You would like to skip TZ configuration, but there is no functional issue with supplying it?
Also can you please clarify transport_zone_path field is not present in the NSX-T API - where do you see this? Thanks!

@scharrier-revolve
Copy link
Author

scharrier-revolve commented Apr 27, 2022
edited

Hello @annakhm you can consider it as a enhancement ask, as you wish

You're right there is no functional issue to supplying it but on VMC there is only one TZ available : vmc-overlay-tz.
So it is not useful to have to provide it. In the provider's documentation it is written that it is Optional, it is not really true

About transport_zone_path field is not present in the NSX-T API

It can be verified by doing a GET API call on https://{{nsx_url}}/policy/api/v1/infra/segments, segments created by Terraform will contain the property

"transport_zone_path": "/infra/sites/default/enforcement-points/vmc-enforcementpoint/transport-zones/00aa0a00-0000-0a00-0aa0-0aa00aaa0000",

segments created by NSX-T UI will not have the property

Best regards,

@github-actions
Copy link

github-actions bot commented May 6, 2023

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

@github-actions github-actions bot added the stale label May 6, 2023
@github-actions github-actions bot closed this as completed Jun 6, 2023
@annakhm annakhm reopened this Jul 27, 2023
@annakhm annakhm removed the stale label Jul 27, 2023
@annakhm
Copy link
Collaborator

annakhm commented Jul 27, 2023

Hi @scharrier-revolve, if you create nsxt_policy_fixed_segment rather than nsxt_policy_segment, transport zone will not be mandated. Would this work for your scenario?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation enhancement waiting-response
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@annakhm @scharrier-revolve