question: folder custom file modules.yaml in cisco ACI nexus as code

[micronemo]

I would like to know in which folder I have to put the custom modules.yaml file since it only uses the one inside the .terraform folder which enables all the modules creating resources not required with the default setting. also I would like to know how the external bridge domains can be created since it seems to be an absent feature

[danischm]

Can be any folder or file referenced by the yaml_files or yaml_directories module attribute. Not sure what you are referring to by "external bridge domains".

[micronemo]

I cannot put the modules.yaml anywhere as it does not overwrite the settings in the modules.yaml file present in .terraform/modules/aci/defaults where all modules are in true for example if I put in my yaml file aci_aaa: false, terraform will still try to create the module since it is active in the default yaml file

fabric-> access policies-> physical and external domains -> external bridged domain there is no module for this

[danischm]

Whatever you have in your "data" files/directories should always overwrite what is included in the module defaults. Could you share the content of your modules.yaml and main.tf file as well as the plan output?

[danischm]

"External bridge domain" is a legacy feature for tenant l2outs which is typically not used nowadays.

[micronemo]

main.tf required_providers { aci = { source = "CiscoDevNet/aci" } } }

locals { apic_config = yamldecode(file("${path.module}/data/defaults/apic.yaml")) }

provider "aci" { username = local.apic_config.apic.credentials.username password = local.apic_config.apic.credentials.password url = local.apic_config.apic.credentials.url insecure = true }

module "aci" { source = "netascode/nac-aci/aci"

yaml_directories = ["data"]

manage_access_policies = true manage_fabric_policies = true manage_pod_policies = false manage_node_policies = false manage_interface_policies = false manage_tenants = true

data/defaults/modules.yaml

modules: aci_aaa: false

plan:

module.aci.module.aci_aaa[0].aci_rest_managed.aaaAuthRealm will be created

• resource "aci_rest_managed" "aaaAuthRealm" {

  • annotation = "orchestrator:terraform"
  • class_name = "aaaAuthRealm"
  • content = {
    • "defRolePolicy" = "no-login" }
  • dn = "uni/userext/authrealm"
  • id = (known after apply) }

  module.aci.module.aci_aaa[0].aci_rest_managed.aaaConsoleAuth will be created

• resource "aci_rest_managed" "aaaConsoleAuth" {

  • annotation = "orchestrator:terraform"
  • class_name = "aaaConsoleAuth"
  • content = {
    • "providerGroup" = null
    • "realm" = "local" }
  • dn = "uni/userext/authrealm/consoleauth"
  • id = (known after apply) }

  module.aci.module.aci_aaa[0].aci_rest_managed.aaaDefaultAuth will be created

• resource "aci_rest_managed" "aaaDefaultAuth" {

  • annotation = "orchestrator:terraform"
  • class_name = "aaaDefaultAuth"
  • content = {
    • "fallbackCheck" = "false"
    • "providerGroup" = null
    • "realm" = "local" }
  • dn = "uni/userext/authrealm/defaultauth"
  • id = (known after apply) }

  module.aci.module.aci_aaa[0].aci_rest_managed.aaaUserEp will be created

• resource "aci_rest_managed" "aaaUserEp" {

  • annotation = "orchestrator:terraform"
  • class_name = "aaaUserEp"
  • content = {
    • "pwdStrengthCheck" = "no" }
  • dn = "uni/userext"
  • id = (known after apply) }

  module.aci.module.aci_aaa[0].aci_rest_managed.pkiWebTokenData will be created

• resource "aci_rest_managed" "pkiWebTokenData" {
  • annotation = "orchestrator:terraform"
  • class_name = "pkiWebTokenData"
  • content = {
    • "maximumValidityPeriod" = "24"
    • "uiIdleTimeoutSeconds" = "1200"
    • "webtokenTimeoutSeconds" = "600" }
  • dn = "uni/userext/pkiext/webtokendata"
  • id = (known after apply) }

[danischm]

Try to put the modules.yaml file directly in the data/ directory, not a data/defaults/ subdirectory.

[micronemo]

thanks i try and woks only in main folder data/

[micronemo]

i solve the problem with this command in the main.tf yaml_directories = ["data", "defaults"]