Add ignore_tags feature for segments

vmware / terraform-provider-nsxt

Terraform VMware NSX-T provider

https://www.terraform.io/docs/providers/nsxt/

Other

123 stars 80 forks source link

Add ignore_tags feature for segments #1212

Closed annakhm closed 1 month ago

annakhm commented 2 months ago

Other tools (like VCD) may add tags to certain NSX objects managed by terraform, and expect those tags to be persisted. However, terraform provider assumes itself to be the only source of truth, and in case described above it detects drift in tags, and deletes them with apply. This PR allows user to specify a list of tag scopes that should be ignored by the provider, more specifically:

diff should not be detected when such tags are present on NSX but not in terraform config
when provider applies tags from its own config, tags from the ignore list should not be deleted.

Implementation suggested here changes the Read function to sort tags into two buckets: regular tags and ignored tags. Regular tags are managed as before, whilw ignored tags (computed attribute) are appended to regular tag list on each apply.

Future enhancements:

Add regexp to compare scopes
Add this feature to more resources if needed

annakhm commented 2 months ago

/test-all

ksamoray commented 2 months ago

If VCD or such uses the same tag names across various resources, would it make sense to set these at the provider level, rather than on each resource individually? That would be less cumbersome and prone to errors maybe - as if an environment is managed by both VCD and TF, these tags can be set at the provider level, then from there and on affect any resource. Instead in this solution a user should remember to set the ignore_tags attribute everywhere.

annakhm commented 2 months ago

If VCD or such uses the same tag names across various resources, would it make sense to set these at the provider level, rather than on each resource individually? That would be less cumbersome and prone to errors maybe - as if an environment is managed by both VCD and TF, these tags can be set at the provider level, then from there and on affect any resource. Instead in this solution a user should remember to set the ignore_tags attribute everywhere.

I have chosen to expose attribute on resource level for two reasons:

We need to store the state of ignored tags per resource, so new computed attribute is needed anyway
Scopes might be different for individual resources

ksamoray commented 2 months ago

/test-all

vmwclabot commented 1 month ago

@annakhm, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <john.doe@email.org> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

Commit 03d3e238bc50f91143a890536e860c8db248468e has a no-reply/unreachable author email address: 32882380+annakhm@users.noreply.github.com

annakhm commented 1 month ago

/test-all