Add support for nested security group in security group definition.

[Nareshcbit]

Is your feature request related to a problem? Please describe.

In NSX a security group can have other security groups as its members. However, Terraform doesn't support it.
Currently, it allows only VirtualMachine, VirtualNetworkInterface, CloudNativeServiceInstance, or PhysicalServer as members.

Describe the solution you'd like

Allow "SecurityGroup" as member_type for external_id_expression criteria in nsxt_policy_group_definition

resource "nsxt_policy_group" "group1" {
display_name = "tf-group1"
description = "Terraform provisioned Group"
criteria {
external_id_expression {
member_type = "SecurityGroup"
external_ids = ["520ba7b0-d9f8-87b1-6f44-15bbeb7935c7", "52748a9e-d61d-e29b-d54b-07f169ff0ee8-4000"]
}
}

Describe alternatives you've considered

There is no alternative to achieve it through Terraform

Additional context

[benzander]

@Nareshcbit: Static assignment of one Group to another group is possible via terraform. Here how that looks like:

resource "nsxt_policy_group" "group" {
  display_name = "group"
  
  criteria {
    path_expression {
          member_paths = [nsxt_policy_group.nestedGroup.path]
    }
  }
}

The TF Provider is only missing dynamic group in group memberships: #828

[annakhm]

Hello @Nareshcbit, I don't see SecurityGroup is one of the options for member_type in latest NSX spec:

member_type | External ID member type | string | RequiredEnum: VirtualMachine, VirtualNetworkInterface, CloudNativeServiceInstance, PhysicalServer

[github-actions]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!