visibility not set on creation of nsxt_policy_ip_block

vmware / terraform-provider-nsxt

Terraform VMware NSX-T provider

https://www.terraform.io/docs/providers/nsxt/

Other

123 stars 80 forks source link

visibility not set on creation of nsxt_policy_ip_block #1227

Closed adarobin closed 1 month ago

adarobin commented 1 month ago

Describe the bug

If you create a nsxt_policy_ip_block resource with the visibility attribute set, the value does not seem to be set on the initial creation. If you do a plan after creating the resource, you will see an update to set the visibility attribute.

Reproduction steps

Apply a plan that creates a new nsxt_policy_ip_block resource with the visibility attribute set.
Perform another terraform plan and observe that an update to the visibility attribute is needed.

Expected behavior

The value of visibility is set when the resource is initially created and a second plan and apply is not needed.

Additional context

No response

ksamoray commented 1 month ago

Hi, Seems like we've added the support for this attribute only from v4.2.0 and above in both create and update.

I'm not sure why it does work with update but not on create - I expect this to be consistent (either work or not work for both transactions). @wsquan171 might be able to elaborate further.

BTW @adarobin which version of NSX is in use?

adarobin commented 1 month ago

Hi @ksamoray, this is my non-prod environment which is currently on 4.1.2.3

Just looking at the documentation, it was not apparent that this was for 4.2.x and newer only. It does seem to work aside from this issue.

wsquan171 commented 1 month ago

Most likely this is due to setting the tf state visibility attr from the value read back from NSX after resource creation regardless of NSX version: https://github.com/vmware/terraform-provider-nsxt/blob/master/nsxt/resource_nsxt_policy_ip_block.go#L95 Since the value is left out in the create call, tf plan will find a diff on this field for update.

ksamoray commented 1 month ago

Thanks @wsquan171 - so this attribute won't be applied also during update in that case.

wsquan171 commented 1 month ago

@ksamoray Yes. It won't be sent to NSX on either create or update. I think aside from ip block we have other resources sliently leave out params if NSX version is not met. For all the cases it will show up as diff after apply. Should we add version checks on read and avoid setting nil values to tf state, and only maybe log a warning that some fields are ignored?