Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nsxt_policy_security_policy ability to maintain rule ID when adding/removing rules #842

Closed
liftconfig opened this issue Feb 27, 2023 · 3 comments
Closed

nsxt_policy_security_policy ability to maintain rule ID when adding/removing rules #842

liftconfig opened this issue Feb 27, 2023 · 3 comments
Labels
enhancement

Comments

@liftconfig
Copy link

liftconfig commented Feb 27, 2023
edited

Is your feature request related to a problem? Please describe.

The rule order in nsxt_policy_security_policy defines the rule order configured within the NSX manager. When adding a new rule to an existing nsxt_policy_security_policy resource, all rules below it will be modified and "shifted down" by one rule id and the final rule will be created with a new rule id. This means a lot of modifications to existing rules, changes to rule ids, and a signification number of changes to be executed in the plan output when adding or deleting a single rule.

When modifying through the GUI, rule IDs always stay the same for a rule and sequence numbers change. If the policy runs out of sequence numbers between rules, it automatically refactors all sequence numbers and increments the sequence number for each policy by 10 starting at 10. This seems a more sane approach to policy updates rather than modifying all rules below to insert or delete a rule. I have tested using sequence numbers in the nsxt_policy_security_policy rules and it still shuffles the rule IDs when adding (even if there is a free sequence number) or deleting a rule.

Describe the solution you'd like

Ability for rules to maintain their rule ID and be able to assign manual (or automatically generated based on order) sequence numbers.

Describe alternatives you've considered

No response

Additional context

Provider version: 3.3.0
NSX-T version: 3.2.2.0.0.20737185
@annakhm
Copy link
Collaborator

annakhm commented Feb 27, 2023

Hi @liftconfig, we have a task in our roadmap to provide a separate resource for a rule. This would solve this issue. However migration effort will be needed for existing configs.

@github-actions GitHub Actions
Copy link

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

@github-actions github-actions bot added the stale label Feb 23, 2024
@ksamoray ksamoray removed the stale label Feb 25, 2024
@annakhm
Copy link
Collaborator

annakhm commented May 17, 2024

This is solved with the newly supported pair of resources https://registry.terraform.io/providers/vmware/nsxt/latest/docs/resources/policy_parent_security_policy
https://registry.terraform.io/providers/vmware/nsxt/latest/docs/resources/policy_security_policy_rule

Those resources are still in Beta but expected to be promoted in next release.

With this support, rule is a separate resource, and you can specify nsx_id to control the id.

@annakhm annakhm closed this as completed May 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ksamoray @annakhm @liftconfig