-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vcd_nsxt_firewall resource issues: logging state not being applied and missing 'REJECT' support #1211
Comments
I confirm the logging attribute issue also:
Observed behaviour: terraform apply and firewall rules are created, with code having logging=true but VCD UI shows logging=false. Then the next terraform apply wants to update logging=true, it confirms the operation succesfully, however logging is still false. This repeats itself then on each terraform apply. |
Hello, |
Hi, VCD version is 10.4.2.21954589 However I have tried to enable logging from VCD UI and it does not work, with the same behavior as above. Updated Firewall rule successfully, however logging is still disabled. This happens only for Firewall from Edge Gateway. On Distributed Firewall from Datacenter Group, enabling/disabling logging works. (tested from VCD UI) |
Hello, [EDIT] As for the 'REJECT' option, will this be implemented in an upcoming release? :) |
Yes, I believe so. As quoted here one should probably expect it to work on 10.4.2.2. You could check it against your build number - https://docs.vmware.com/en/VMware-Cloud-Director/10.4.2/rn/vmware-cloud-director-1042-release-notes/index.html
Can't yet promise, but I will keep that in mind. While it looks simple to implement, it still needs testing on our side as we never release features that are not covered by tests. This helps to keep the provider stable. |
Looking at your build number it is 10.4.2.1 (check in the page https://docs.vmware.com/en/VMware-Cloud-Director/10.4.2.1/rn/vmware-cloud-director-10421-release-notes/index.html), while it was mentioned that the fix is in 10.4.2.2. https://docs.vmware.com/en/VMware-Cloud-Director/10.4.2.2/rn/vmware-cloud-director-10422-release-notes/index.html |
Alright! Thank you for you help and quick responses! I'll look into the version number and request an update on our side :) |
For the logging issue: |
Hi, here, the fix was that "Gateway: Configure System Logging" had to be allowed in "Default Rights Bundle", according to my VDC colleagues, so yeah that's probably it. |
Thank you very much! |
Description
Hi! We are currently working on implementing the ‘vcd_nsxt_firewall’ resource into our code. We came across 2 issues of which one appears to be a bug.
1. The ‘logging’ attribute doesn’t seem to be applied. When running the terraform apply command, terraform does see the required changes:
However, when the apply has completed, the logging state hasn't changed. It will see (and tries to apply) this change every run.
2. the 'Action' attribute only allowes 'DROP' and 'ALLOW'. We would like to see the 'REJECT' to be supported as well.
Affected Resource(s)
vcd_nsxt_firewall
The text was updated successfully, but these errors were encountered: