Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ignore_tags feature for segments #1212

Merged
merged 2 commits into from
Jun 4, 2024
Merged

Add ignore_tags feature for segments #1212

merged 2 commits into from
Jun 4, 2024

Conversation

annakhm
Copy link
Collaborator

@annakhm annakhm commented May 17, 2024
edited

Other tools (like VCD) may add tags to certain NSX objects managed by terraform, and expect those tags to be persisted. However, terraform provider assumes itself to be the only source of truth, and in case described above it detects drift in tags, and deletes them with apply.
This PR allows user to specify a list of tag scopes that should be ignored by the provider, more specifically:

  1. diff should not be detected when such tags are present on NSX but not in terraform config
  2. when provider applies tags from its own config, tags from the ignore list should not be deleted.

Implementation suggested here changes the Read function to sort tags into two buckets: regular tags and ignored tags. Regular tags are managed as before, whilw ignored tags (computed attribute) are appended to regular tag list on each apply.

Future enhancements:

  1. Add regexp to compare scopes
  2. Add this feature to more resources if needed

@annakhm annakhm linked an issue May 17, 2024 that may be closed by this pull request
Cannot ignore_changes on specific tags on objects like nsxt_policysegment #820
Closed
@annakhm
Copy link
Collaborator Author

annakhm commented May 17, 2024

/test-all

@ksamoray
Copy link
Collaborator

If VCD or such uses the same tag names across various resources, would it make sense to set these at the provider level, rather than on each resource individually?
That would be less cumbersome and prone to errors maybe - as if an environment is managed by both VCD and TF, these tags can be set at the provider level, then from there and on affect any resource. Instead in this solution a user should remember to set the ignore_tags attribute everywhere.

@annakhm
Copy link
Collaborator Author

annakhm commented May 22, 2024

If VCD or such uses the same tag names across various resources, would it make sense to set these at the provider level, rather than on each resource individually? That would be less cumbersome and prone to errors maybe - as if an environment is managed by both VCD and TF, these tags can be set at the provider level, then from there and on affect any resource. Instead in this solution a user should remember to set the ignore_tags attribute everywhere.

I have chosen to expose attribute on resource level for two reasons:

  • We need to store the state of ignored tags per resource, so new computed attribute is needed anyway
  • Scopes might be different for individual resources

ksamoray
ksamoray reviewed May 23, 2024
View reviewed changes
nsxt/policy_common.go
Description: "Tags matching scopes to ignore",
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can getTagsSchemaInternal() be recycled here in some way?
Other than this LGTM

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one is fully computed, I didn't want to add to many params to getTagsSchemaInternal

@ksamoray
Copy link
Collaborator

/test-all

salv-orlando
salv-orlando reviewed May 27, 2024
View reviewed changes
Copy link
Member

@salv-orlando salv-orlando left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All good, but I think we should have this capability validated in acceptance tests.
It won't be a trivial test, but also not a very complex one

@annakhm
Add ignore_tags feature for segments
8241f78 
Other tools (like VCD) may add tags to certain NSX objects managed
by terraform, and expects those tags to be persisted.
However, terraform provider assumes itself to be the only source of
truth, and in case described above it detect drift in tags, and delete
them with apply.
This PR allows user to specify a list of tag scopes that should be
ignored by the provider, more specifically:
1. diff should not be detected when such tags are present on NSX but
not in terraform config
2. when provider applies tags from its own config, tags from the
`ignore` list should not be deleted.

Implementation suggested here changes the Read function to sort tags
into two buckets: regular tags and ignored tags. Regular tags are
managed as before, whilw ignored tags (computed attribute) are appended
to regular tag list on each apply.

Future enhancements:
1. Add regexp to compare scopes
2. Add this feature to more resources if needed

Signed-off-by: Anna Khmelnitsky <akhmelnitsky@vmware.com>
@vmwclabot
Copy link
Member

@annakhm, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <john.doe@email.org> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

@annakhm
Copy link
Collaborator Author

annakhm commented Jun 1, 2024

/test-all

@annakhm annakhm merged commit 673b1dc into master Jun 4, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@salv-orlando salv-orlando salv-orlando left review comments

@ksamoray ksamoray ksamoray approved these changes

Assignees
No one assigned
Labels
dco-required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cannot ignore_changes on specific tags on objects like nsxt_policysegment
4 participants
@annakhm @ksamoray @vmwclabot @salv-orlando