Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

resource and data for VPC - quotas for projects #1038

Open
msyretis opened this issue Nov 22, 2023 · 7 comments
Open

resource and data for VPC - quotas for projects #1038

msyretis opened this issue Nov 22, 2023 · 7 comments
Labels
enhancement Enhancement

Comments

@msyretis
Copy link

Is your feature request related to a problem? Please describe.

Hello, I was going down the project + VPC path to isolate and create a level of self service for the devops team, however halfway through - made it all the way from zero to project - when I noticed there are no resources for vpc, any plan to add them?
Also, there is no way to build quotas either for the projects, is that in the roadmap?

Describe the solution you'd like

It would be great if we could build using terraform all things to do with projects and vpcs

Describe alternatives you've considered

I don't think I have a workaround at this moment, at least by using only terraform.

Additional context

Great work so far. kudos.
@msyretis msyretis added the enhancement Enhancement label Nov 22, 2023
@salv-orlando
Copy link
Member

salv-orlando commented Nov 23, 2023
edited
Loading

Hello! VPC resources are supported by their own provider, which can work together with the "regular" NSX Terraform provider

Hashicorp registry: https://registry.terraform.io/providers/vmware/for-vmware-nsxt-virtual-private-cloud/latest/docs
Github: https://github.com/vmware/terraform-provider-nsxt-virtual-private-cloud

@msyretis
Copy link
Author

Thanks for your response @salv-orlando , I will have a look at that provider. What about quotas for projects? Anything in the roadmap for that?

@salv-orlando
Copy link
Member

Hello @msyretis I will let @ksamoray comment on the feasibility of supporting quotas for projects, it should not be too challenging

@ksamoray
Copy link
Collaborator

Supporting project quotas requires implementations of a resource for constraint API, e.g:

PUT https://NSXMANAGER/policy/api/v1/infra/constraints/test

With the payload

{ "constraint_expressions": [ { "resource_type": "EntityInstanceCountConstraintExpression", "operator": "<=", "count": 1, "target_resource_type": "Infra.Tier1" } ], "display_name": "test_t1_quota", "targets": [ { "path_prefix": "/orgs/default/projects/test/" } ], "constraint_expression": null, "target": null, "id": "test" }

To create a 1 T1 quota for test project.

@msyretis msyretis closed this as completed Dec 7, 2023
@msyretis msyretis reopened this Dec 7, 2023
@msyretis
Copy link
Author

msyretis commented Dec 7, 2023

Hello both, thanks for your responses.
I played around with the provider for vpc, however I must admit, I have not found a way to create a VPC through it. I understand that the multi-tenancy is handled by the nsxt provider, through the nsxt_policy_project, I assume IP blocks are through nsxt_policy_ip_block, but I cannot find how do add the external project ip block, and how to create a VPC.

any pointers you can offer?

thanks
Mel

@adarobin
Copy link

vpc_id is a provider level attribute on the NSX VPC provider https://github.com/vmware/terraform-provider-nsxt-virtual-private-cloud/blob/f433100ce0e4e7d345a939a3604f34f54790c1e1/website/docs/index.html.markdown?plain=1#L151. This means each VPC you want to work with requires its own instance of the provider to be declared. You'd have to completely rearchitect how that provider works in order for it to be able to create VPCs.

If you are a user consuming a few VPCs this makes sense, but if you want to administer a bunch of customers or provision VPCs for customers this does not work.

@adarobin
Copy link

This is my hacky workaround using the Mastercard/restapi provider to initially create the VPC. I left out the variable and provider declarations for brevity.

locals {
  vpc_path = "/policy/api/v1/orgs/${var.org_id}/projects/${var.project_id}/vpcs"
  vpc_body = {
    display_name = var.display_name
    id           = var.vpc_id
    short_id     = var.short_id
    site_infos = [{
      edge_cluster_paths = var.edge_cluster_paths
    }]
    load_balancer_vpc_endpoint = {
      enabled = var.load_balancer_vpc_endpoint_enabled
    }
    default_gateway_path = var.default_gateway_path
    service_gateway = {
      disable = var.service_gateway_disable
      qos_config = {
        ingress_qos_profile_path = var.ingress_qos_profile_path
        egress_qos_profile_path  = var.egress_qos_profile_path
      }
      auto_snat = var.service_gateway_auto_snat
    }
    ip_address_type      = var.ip_address_type
    private_ipv4_blocks  = var.private_ipv4_blocks
    external_ipv4_blocks = var.external_ipv4_blocks
    ipv6_profile_paths   = var.ipv6_profile_paths
    dhcp_config = {
      enable_dhcp = var.enable_dhcp,
      dns_client_config = {
        dns_server_ips = var.dns_server_ips
      }
    }
  }
}

resource "restapi_object" "vpc" {
  create_method = "PATCH"
  create_path   = "${local.vpc_path}/{id}"
  path          = local.vpc_path
  id_attribute  = "id"
  object_id     = var.vpc_id
  data          = jsonencode(local.vpc_body)
}

@adarobin adarobin mentioned this issue Nov 5, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@salv-orlando @ksamoray @adarobin @msyretis