search

netascode / terraform-aci-nac-aci

Terraform Cisco ACI Nexus-as-Code Module
https://registry.terraform.io/modules/netascode/nac-aci/aci
Apache License 2.0
21 stars 25 forks source link

Enhancement: Support VM attributes in uSeg EPGs #93

Open micronemo opened 6 months ago

micronemo commented 6 months ago

How can I create a useg epg

danischm commented 6 months ago

Will be included in the coming release.

micronemo commented 6 months ago

hi @danischm i see the new configuration of useg epg but i don't find a resource for fvVmAttr

resource "aci_rest_managed" "fvVmAttr" {
  class_name = "fvVmAttr"
  dn         = "${aci_rest_managed.fvCrtrn_ubuntu.dn}/vmattr-0"
  content = {
    operator = "startsWith"
    type     = "vm-name"
    value    = "ubuntu"
    name     = "0"
  }
}
guilinyan commented 6 months ago

Hi @micronemo,

Currently VM based uSeg attribute is not supported and it needs to be implemented by updating sub-module terraform-aci-useg-endpoint-group. In my undertanding, VM based uSeg attribute supports unlimited nesting which makes it more complex than network based IP/MAC uSeg attribute (not support nesting).

micronemo commented 5 months ago 
---
apic:
  tenants:
    - name: NWKT-T1
      application_profiles:
        - name: ANP1
          useg_endpoint_groups:
            - name: Ubuntu-SRV
              useg_attributes:
                match_type: any
                vm_attributes:
                  - block: 0
                    value: ubuntu
                    type: vm-name
                    operator: startsWith
            - name: Win10-EPG
              useg_attributes:
                match_type: any
                vm_attributes:
                  - block: 0
                    value: Win
                    type: vm-name
                    operator: startsWith
locals {
  model = yamldecode(file("${path.module}/../../custom_case_data/useg.yaml"))

  useg_epg_list = flatten([
    for tenant in local.model.apic.tenants : [
      for ap in tenant.application_profiles : [
        for epg in ap.useg_endpoint_groups : [
          for atb in epg.useg_attributes.vm_attributes :
          {
            tenant                = tenant.name
            application_profile   = ap.name
            useg_endpoint_group   = epg.name
            useg_attributes_match = epg.useg_attributes.match_type
            vm_attributes         = atb
          }
        ]
      ]
    ]
  ])
}

resource "aci_rest_managed" "fvCrtrn" {
  for_each   = { for blk in local.useg_epg_list : "blk_${blk.tenant}_${blk.application_profile}_${blk.useg_endpoint_group}_${blk.useg_attributes_match}_${blk.vm_attributes.block}" => blk }
  class_name = "fvCrtrn"
  dn         = "uni/tn-${each.value.tenant}/ap-${each.value.application_profile}/epg-${each.value.useg_endpoint_group}/crtrn"
  content = {
    match = each.value.useg_attributes_match
    name  = "default"
    prec  = "0"
    scope = "scope-bd"
  }
}

resource "aci_rest_managed" "fvVmAttr" {
  for_each   = { for blk in local.useg_epg_list : "blk_${blk.tenant}_${blk.application_profile}_${blk.useg_endpoint_group}_${blk.useg_attributes_match}_${blk.vm_attributes.block}" => blk }
  class_name = "fvVmAttr"
  dn         = "${aci_rest_managed.fvCrtrn[each.key].dn}/vmattr-${each.value.vm_attributes.block}"
  content = {
    operator = each.value.vm_attributes.operator
    type     = each.value.vm_attributes.type
    value    = each.value.vm_attributes.value
    name     = each.value.vm_attributes.block
  }
}
Exonical commented 5 months ago

VmAttr is much needed. Possibly could be supported by limiting the amount of tags so don't have to account for unlimited nesting? I don't think anyone uses huge amounts of nest so it could be limited to a certain number

guilinyan commented 5 months ago

Yeah, I'm also thinking this. Thanks for your suggestions and the sample code.