search

vmware / terraform-provider-tanzu-mission-control

Terraform Provider for VMware Tanzu Mission Control
https://registry.terraform.io/providers/vmware/tanzu-mission-control/latest/docs
Mozilla Public License 2.0
37 stars 33 forks source link

Network Policies require to_pod_labels which should be optional #240

Open vrabbi opened 1 year ago

vrabbi commented 1 year ago

Describe the bug

TMC allows for not defining a pod selector to apply a network policy to which in turn means it applies to all pods in the relevant namespace/workspace. the TMC resource requires supplying the to_pod_labels field and it is a map type, however when providing an empty map eg to_pod_labels = {} this fails as well as it complains about requiring the data structure to be an array in the API but it is being passed a value of null.

Reproduction steps

  1. create a network policy resource as such:

    resource "tanzu-mission-control_network_policy" "kube_system_egress" {
name = "allow-egress-to-kube-system"

scope {
workspace {
  workspace = "saample"
}
}

spec {
input {
  custom_egress {
    rules {
      ports {
        port = "53"
        protocol = "TCP"
      }
      ports {
        port = "53"
        protocol = "UDP"
      }
      rule_spec {
        custom_selector {
          namespace_selector = {
            "kubernetes.io/metadata.name" = "kube-system"
          }
        }
      }
    }
  }
}
}
}
  2. when this fails try adding the following under custom_egress and see it fail again with a different error: 
        to_pod_labels = {}
  3. Add an actual label and see that it works 
        to_pod_labels = {"demo" = "true"}

Expected behavior

network policy should allow not specifying the to_pod_labels and or allow an empty selector

Additional context

No response

ramya-bangera commented 1 year ago

@vrabbi - This is a known issue and tracked already in our Jira

ramya-bangera commented 1 year ago

@vrabbi - I have tagged you in the Jira ticket

github-actions[bot] commented 1 week ago

'Marking this issue as stale due to inactivity. This helps us focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!'