Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to use data.vcd_nsxt_app_port_profile #1058

Closed
lpiob opened this issue May 20, 2023 · 7 comments
Closed

Unable to use data.vcd_nsxt_app_port_profile #1058

lpiob opened this issue May 20, 2023 · 7 comments
Assignees
@Didainius @adezxc

Comments

@lpiob
Copy link

lpiob commented May 20, 2023

The data data.vcd_nsxt_app_port_profile is unusable for fetching system port profiles.
It returns an error every time.

│ Error: Expected exactly one NSX-T Application Port Profile. Got '3'

Quick debug confirms that in fact the API Request returned 3 responses. There is no way to filter them.

Terraform Version

Terraform v1.4.6
on linux_amd64
+ provider registry.terraform.io/vmware/vcd v3.9.0

Affected Resource(s)

  • data.vcd_nsxt_app_port_profile

Terraform Configuration Files

Whole code below:

provider "vcd" {
  auth_type            = "integrated"
  org                  = "<removed>"
  vdc                  = "<removed>"
  url                  = "https://<removed>/api"
}

data "vcd_nsxt_app_port_profile" "custom" {
  name       = "SSH"
  scope      = "SYSTEM"
}

VCD_USER and VCD_PASSWORD are defined within environment variables. Other resources work correctly.

Actual Behavior

│ Error: Expected exactly one NSX-T Application Port Profile. Got '3'

Expected Behavior

One port profile should be returned OR I should be able to filter which one I'll get.

Debug Output

I'm uncomfortable with sharing the debug output, as it may contain sensitive information.

I'll do so if requested.

The TF_LOG_TRACE shows that the API call returns 3 different urn:vcloud:applicationPortProfile:uuid values. When copied manually, only one of them is correct, the rest return the following error:

Application Port Profile <uuid-removed> does not exist or is invalid for Firewall Rules Allow selected outbond traffic.

The web interface shows only one.

Steps to Reproduce

  1. terraform apply

User Access rights

Not sure, these are my first steps with VCD envuronment. I manage an organization in a commercial cluster.

Important Factoids

None.

References

None.
@Didainius
Copy link
Collaborator

Didainius commented Jun 6, 2023
edited
Loading

Hello @lpiob ,
I saw you can't provide full log, but could you find API response in function GetAllNsxtAppPortProfiles (should be searchable in the log) and share only it?

It should be possible to narrow the query down, but I'd like to see these 3 responses you get.

Edit: Logging can be enabled -> https://registry.terraform.io/providers/vmware/vcd/latest/docs#logging

@lpiob
Copy link
Author

lpiob commented Jun 6, 2023

@Didainius please see https://gist.github.com/lpiob/26b31115a87bcb89a4a6aeebc35dbf58

When I try to use any of the returned ids:

  • urn:vcloud:applicationPortProfile:ed5f2bde-cbd4-3d34-9d09-412d1ff6a6fb
  • urn:vcloud:applicationPortProfile:ac20c010-0cc3-4ee7-92a5-0cd6bce6baa2
  • urn:vcloud:applicationPortProfile:794d3c64-dbed-4511-9158-db68b3c0c8e4

by manually specifying them in the app_port_profile_ids of the vcd_nsxt_firewall rules, only the first one is accepted. Other return following error:

Application Port Profile ac20c010-0cc3-4ee7-92a5-0cd6bce6baa2 does not exist or is invalid for <rule name>

@Didainius
Copy link
Collaborator

That is so odd as I don't see how to distinguish between them. Do you also 3 items in the UI?

Do you know anything about your infrastructure setup? Does it have 3 NSX-T Managers configured?

@adezxc
Copy link

adezxc commented Jun 8, 2023
edited
Loading

Hello @lpiob,

Thanks for reporting this, we forgot to consider and document an important point regarding this datasource. You can get a 'SYSTEM' app port profile without any context only if you have 1 NSX-T Manager in your infrastructure, as VCD fetches the profiles from all of them. What you can do is provide a vcd_org_vdc datasource or create a resoursce and then use its' Id as context_id, something like this:

provider "vcd" {
  auth_type            = "integrated"
  org                  = "<removed>"
  vdc                  = "<removed>"
  url                  = "https://<removed>/api"
}

data "vcd_org_vdc" "example" {
  name = "example"
}

data "vcd_nsxt_app_port_profile" "custom" {
  name       = "SSH"
  scope      = "SYSTEM"

  context_id = data.vcd_org_vdc.example.id  
}

That way it should fetch the correct port profile.

EDIT: I got confused while working with this, it will work as described only after a bugfix PR has been merged.

@adezxc adezxc mentioned this issue Jun 9, 2023
Merged
@lpiob
Copy link
Author

lpiob commented Jun 11, 2023

@Didainius I see only 1 item in the UI. I don't have any information of amount of NSX-T at this provider. I'm just a user.

@adezxc thanks for the quick patch. I'll try it out as soon as new provider is released, unless it's important then I can try to compile it by myself.

@Didainius Didainius mentioned this issue Jul 19, 2023
Closed
@adezxc
Copy link

adezxc commented Jul 21, 2023

Hi @lpiob, provider version 3.10.0 was released with the fix applied, it should work now

@lpiob
Copy link
Author

lpiob commented Jul 21, 2023

@adezxc I can confirm that the data.vcd_nsxt_app_port_profile works correctly after upgrading to 3.10.0. Thanks for the quick fix!

@lpiob lpiob closed this as completed Jul 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Didainius Didainius

@adezxc adezxc

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lpiob @Didainius @adezxc