Add network object to existing object group

[xibriz]

Is it possible to add a network object to a object group that is created manually?

Or is it a requrement that the group is created by Terraform to be able to add/remove network objects?

[jeroenwittock]

You should be able to import the existing object with the terraform import command, this should add it to the terraform state file (and make terraform aware of it's id) You should than be able to reference the object group and add additional objects to it.

Let me know if this makes sense to you, if not I will try to build an example of how this should work. (This is the last week before Cisco Live so I don't know if I will be able to build the example before end of Cisco Live which is June 8th)

Thanks, J

[xibriz]

@jeroenwittock After a little research it does make sence.

This is my first time using Terraform and FMC so a tutorial on how to do it would be great. I will try my self first, so if I can't get it to work an example after Cisco Live would be nice much appreciated :)

[kgreeshm]

Hi @xibriz

You can add network objects to a manually created object group using the data block.



For example, write a data block which will fetch the object group using its name and then later use it in the resource block of the network object. Try it once and lemme know if you are not able to do that.

Thanks Greeshma

[jeroenwittock]

I'll close this for now, feel free to let us know if any follow up questions

[xibriz]

@jeroenwittock If i use a data block to first fetch the group, and then use the same group in a resource block, i get the following error:

[{The object name EXISTING_GTOUP already exists. Enter a new name.}]

I have the following code:

data "fmc_network_group_objects" "openstackapi" {
  name = "existing_group"
}

resource "fmc_network_group_objects" "openstackapi" {
  # name = "new_group"
  # description = "Managed by Terraform"
  name = data.fmc_network_group_objects.openstackapi.name

  # Add objects
}

[kgreeshm]

In your code, You are assigning the old network group objects name to new network group object, So it is throwing the error that you mentioned which is expected.

You cannot create 2 different network group objects with the same name

Thanks Greeshma

[xibriz]

@kgreeshm I tought you meant that I should fetch the existing network group created manually with the data block and then somehow update it with network objects created by Terraform?

If so, how do you write a resource block that appends network objects to the existing group?

[kgreeshm]

To make it clear, adding an example here.

data "fmc_network_objects" "test"{
  name = "test-object"
}

resource "fmc_network_group_objects" "TestPrivateGroup" {
  name = "Test-object-group"
  description = "Testing groups"
  objects {
      id = data.fmc_network_objects.test.id
      type = data.fmc_network_objects.test.type
  }
}

Explanation: From the data block, we are fetching already created(either manually or through Terraform) network object and using it in the resource block. Coming to the resource block, We are creating a network group object with the name Test-object-group and adding the network object(which was fetched using the data block) to it.

[xibriz]

@kgreeshm That is not what this issue is about.

I want to add a new network object to an existing object group that is created manually outside Terraform.

[kgreeshm]

Ohh got it, As @jeroenwittock mentioned using import is the way to do it. But currently terraform fmc provider is not supporting import. Thanks for bringing this up, We will work on it.

Thanks Greeshma