Adding support for unidirectional contracts #95
Conversation
|
closes #94 |
| priority = try(filter.priority, local.defaults.apic.tenants.contracts.subjects.filters.priority) | ||
| log = try(filter.log, local.defaults.apic.tenants.contracts.subjects.filters.log) | ||
| no_stats = try(filter.no_stats, local.defaults.apic.tenants.contracts.subjects.filters.no_stats) | ||
| directions = try(filter.directions, []) |
There was a problem hiding this comment.
Change to direction = try(subject.apply_both_directions, local.defaults.apic.tenants.contracts.apply_both_directions) ? null : filter.direction
This will throw an error if someone disables apply both directions but fails to set a direction in the filter.
| name = "${subject.name}${local.defaults.apic.tenants.contracts.subjects.name_suffix}" | ||
| alias = try(subject.alias, "") | ||
| description = try(subject.description, "") | ||
| apply_both_directions = try(subject.apply_both_directions, true) |
There was a problem hiding this comment.
Don't hardcode true, use the default value local.defaults.apic.tenants.contracts.apply_both_directions
| alias = try(subject.alias, "") | ||
| description = try(subject.description, "") | ||
| apply_both_directions = try(subject.apply_both_directions, true) | ||
| reverse_filter_ports = try(subject.reverse_filter_ports, true) |
There was a problem hiding this comment.
Don't hardcode true, use the default value local.defaults.apic.tenants.contracts.reverse_filter_ports
| directives = join(",", concat(flt.log == true ? ["log"] : [], flt.no_stats == true ? ["no_stats"] : [])) | ||
| priority = flt.priority | ||
| apply_both_directions = subj.apply_both_directions | ||
| directions = flt.directions |
There was a problem hiding this comment.
Rename directions to direction
| action = flt.action | ||
| directives = join(",", concat(flt.log == true ? ["log"] : [], flt.no_stats == true ? ["no_stats"] : [])) | ||
| priority = flt.priority | ||
| apply_both_directions = subj.apply_both_directions |
There was a problem hiding this comment.
We don't need apply_both_directions here as a null value for direction will imply both directions.
| } | ||
|
|
||
| resource "aci_rest_managed" "vzRsFiltAtt_provcons" { | ||
| for_each = { for filter in local.subj_filter_list : filter.id => filter if filter.apply_both_directions == false && contains(filter.directions, "provider_to_consumer") } |
There was a problem hiding this comment.
Make the condition if filter.direction == "provider_to_consumer"
|
|
||
| resource "aci_rest_managed" "vzRsFiltAtt_consprov" { | ||
| for_each = { for filter in local.subj_filter_list : filter.id => filter if filter.apply_both_directions == false && contains(filter.directions, "consumer_to_provider") } | ||
| dn = "${aci_rest_managed.vzSubj_unidir[each.value.subj].dn}/intmnl/rsfiltAtt-${each.value.filter}" |
There was a problem hiding this comment.
Update aci_rest_managed.vzSubj_unidir to aci_rest_managed.vzSubj
|
|
||
| resource "aci_rest_managed" "vzRsFiltAtt_provcons" { | ||
| for_each = { for filter in local.subj_filter_list : filter.id => filter if filter.apply_both_directions == false && contains(filter.directions, "provider_to_consumer") } | ||
| dn = "${aci_rest_managed.vzSubj_unidir[each.value.subj].dn}/outtmnl/rsfiltAtt-${each.value.filter}" |
There was a problem hiding this comment.
Update aci_rest_managed.vzSubj_unidir to aci_rest_managed.vzSubj
|
|
||
| resource "aci_rest_managed" "vzRsInTermGraphAtt" { | ||
| for_each = { for subj in var.subjects : subj.name => subj if subj.service_graph_consumer_to_provider != null && subj.apply_both_directions == false } | ||
| dn = "${aci_rest_managed.vzSubj_unidir[each.key].dn}/intmnl/rsInTermGraphAtt" |
There was a problem hiding this comment.
Update aci_rest_managed.vzSubj_unidir to aci_rest_managed.vzSubj
|
|
||
| resource "aci_rest_managed" "vzRsOutTermGraphAtt" { | ||
| for_each = { for subj in var.subjects : subj.name => subj if subj.service_graph_provider_to_consumer != null && subj.apply_both_directions == false } | ||
| dn = "${aci_rest_managed.vzSubj_unidir[each.key].dn}/outtmnl/rsOutTermGraphAtt" |
There was a problem hiding this comment.
Update aci_rest_managed.vzSubj_unidir to aci_rest_managed.vzSubj
Adding support for unidirectional contracts in the aci_contracts module.
Modified subject attributes to include:
apply_both_directions (toggling this knob will force recreation of the subject)
reverse_filter_ports (set to false/no if apply_both_directions is false)
service_graph_consumer_to_provider
service_graph_provider_to_consumer
Modified filter to subject attributes to include:
directions (provider_to_consumer, consumer_to_provider)