Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nsxt_policy_group conjection default to OR #800

Open
jvboyle opened this issue Oct 7, 2022 · 7 comments
Open

nsxt_policy_group conjection default to OR #800

jvboyle opened this issue Oct 7, 2022 · 7 comments
Assignees
@annakhm
Labels
enhancement Enhancement

Comments

@jvboyle
Copy link

jvboyle commented Oct 7, 2022
edited
Loading

Is your feature request related to a problem? Please describe.

when setting dynamic criteria with for_each loops , the need to set conjunction is required for multi server sets , the default behavior of OR , limits the use of the group because it infers only 1 object in the list would added. if this is set to AND , you can built a list of objects and the function of the "grouping " would be as intended

Describe the solution you'd like

criteria {
condition {
key = "Name"
member_type = "VirtualMachine"
operator = "EQUALS"
value = "server1"
}
}
conjunction {
operator = "OR"
}

criteria {
condition {
key = "Name"
member_type = "VirtualMachine"
operator = "EQUALS"
value = "server2"
}
}

Describe alternatives you've considered

No response

Additional context

No response
@jvboyle jvboyle added the enhancement Enhancement label Oct 7, 2022
@annakhm
Copy link
Collaborator

annakhm commented Jul 25, 2023

Hi @jvboyle, sorry for delay in response.
Could you please provide an example of the for_each loop that is not possible today, thanks!

@annakhm annakhm added the awaiting-response Awaiting Response label Jul 25, 2023
@llebotlan
Copy link

llebotlan commented Jul 17, 2024
edited
Loading

Hello, thank you for the issue. I am wondering how to solve it. In my case, I have var.list = [ "porttag1", "porttag2" ], which are tag of interface on a segment. I want to create resources nsxt_policy_group "myPort" with both ports:
resource "nsxt_policy_group" "networkTag" {
...
dynamic "criteria" {
for_each = var.list
content {
condition {
member_type = "SegmentPort"
key = "Tag"
operator = "EQUALS"
value = "${criteria.value}"
}
conjunction { # <== how to iterate outside the criteria block
operator = "OR"
}
}
}
}
}

@llebotlan
Copy link

llebotlan commented Jul 17, 2024
edited
Loading

I want:
resource "nsxt_policy_group" "networkTag" {
...
criteria {
condition {
value = "porttag1"
...
}
}
conjunction {
operator = "OR"
}
// then the second item

criteria {
condition {
value = "porttag2"
...
}
}

@llebotlan
Copy link

I do not find another solution than with var.ports the list of port: :-(

resource "nsxt_policy_group" "networkTag" {
...
criteria {
condition {
member_type = "SegmentPort"
key = "Tag"
operator = "EQUALS"
value = "vsphere_port|${var.ports[0]}"
}
}

dynamic "conjunction" {
for_each = length(var.ports) >1 ? [1] : []
content {
operator = "OR"
}
}
dynamic "criteria" {
for_each = length(each.value.ports) >1 ? [1] : []
content {
condition {
member_type = "SegmentPort"
key = "Tag"
operator = "EQUALS"
value = "vsphere_port|${var.ports[1]}"
}
}
}

dynamic "conjunction" {
for_each = length(var.ports) >2 ? [1] : []
content {
operator = "OR"
}
}
dynamic "criteria" {
for_each = length(var.ports) >2 ? [1] : []
content {
condition {
member_type = "SegmentPort"
key = "Tag"
operator = "EQUALS"
value = "vsphere_port|${var.ports[2]}"
}
}
...
}

@martinrohrbach
Copy link
Contributor

I'm not sure that what @llebotlan is asking is the same as what @jvboyle initially created the issue for. However, I do have a suggestion for the latest problem.

Intuitively you might think that the resource definition must look like this:

criteria - conjunction - criteria - conjunction - criteria ...

The way the resource is defined though, the provider is totally fine with:

criteria - criteria - criteria - conjunction - conjunction

As long as the number of conjuctions is one less than the number of criteria. As such you can define a dynamic resource like this:

locals {
  tag_list = ["test1", "test2", "test3"]
}

resource "nsxt_policy_group" "trf-group-by-tags" {
  display_name = "trf-group-by-tags"

  dynamic "criteria" {
    for_each = local.tag_list

    content {
      condition {
        member_type = "SegmentPort"
        key         = "Tag"
        operator    = "EQUALS"
        value       = criteria.value
      }
    }
  }

  dynamic "conjunction" {
    for_each = slice(local.tag_list, 0, length(local.tag_list) - 1)

    content {
      operator = "OR"
    }
  }
}

Obviously the conjunction can be changed to "AND" and you could also have a seperate array variable for the conjunction if required. Maybe that helps?

@salv-orlando salv-orlando removed the awaiting-response Awaiting Response label Aug 9, 2024
@annakhm
Copy link
Collaborator

annakhm commented Dec 5, 2024

For the ease of dynamic blocks, we can change the terraform side code to ignore the last conjunction, so that the number of conjunctions and conditions will be equal. Would that help @llebotlan @jvboyle?
Thank you @martinrohrbach for the example above.

@llebotlan
Copy link

Hello, i do not think so, because it is a complexe(not logical) workaround. But a warning and the previous exemple in the manual, would be better (from my point of view)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@annakhm annakhm

Labels
enhancement Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@salv-orlando @martinrohrbach @jvboyle @annakhm @llebotlan