You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
The rule order in nsxt_policy_security_policy defines the rule order configured within the NSX manager. When adding a new rule to an existing nsxt_policy_security_policy resource, all rules below it will be modified and "shifted down" by one rule id and the final rule will be created with a new rule id. This means a lot of modifications to existing rules, changes to rule ids, and a signification number of changes to be executed in the plan output when adding or deleting a single rule.
When modifying through the GUI, rule IDs always stay the same for a rule and sequence numbers change. If the policy runs out of sequence numbers between rules, it automatically refactors all sequence numbers and increments the sequence number for each policy by 10 starting at 10. This seems a more sane approach to policy updates rather than modifying all rules below to insert or delete a rule. I have tested using sequence numbers in the nsxt_policy_security_policy rules and it still shuffles the rule IDs when adding (even if there is a free sequence number) or deleting a rule.
Describe the solution you'd like
Ability for rules to maintain their rule ID and be able to assign manual (or automatically generated based on order) sequence numbers.
Hi @liftconfig, we have a task in our roadmap to provide a separate resource for a rule. This would solve this issue. However migration effort will be needed for existing configs.
Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.
If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!
Is your feature request related to a problem? Please describe.
The rule order in nsxt_policy_security_policy defines the rule order configured within the NSX manager. When adding a new rule to an existing nsxt_policy_security_policy resource, all rules below it will be modified and "shifted down" by one rule id and the final rule will be created with a new rule id. This means a lot of modifications to existing rules, changes to rule ids, and a signification number of changes to be executed in the plan output when adding or deleting a single rule.
When modifying through the GUI, rule IDs always stay the same for a rule and sequence numbers change. If the policy runs out of sequence numbers between rules, it automatically refactors all sequence numbers and increments the sequence number for each policy by 10 starting at 10. This seems a more sane approach to policy updates rather than modifying all rules below to insert or delete a rule. I have tested using sequence numbers in the nsxt_policy_security_policy rules and it still shuffles the rule IDs when adding (even if there is a free sequence number) or deleting a rule.
Describe the solution you'd like
Ability for rules to maintain their rule ID and be able to assign manual (or automatically generated based on order) sequence numbers.
Describe alternatives you've considered
No response
Additional context
Provider version: 3.3.0
NSX-T version: 3.2.2.0.0.20737185
The text was updated successfully, but these errors were encountered: