-
Notifications
You must be signed in to change notification settings - Fork 359
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: data source: openstack_networking_port_v2 #512
Comments
I believe the kind of functionality you've described has been discussed as future features in Terraform core, but they're not in a state beyond discussion right now. It would be great to have Terraform able to automatically generate Terraform code when importing resources, but right now, the resource will only be imported into the state and the user must write the Terraform code to do any further changes. It's a limitation in some use-cases for sure, but at least it's possible to do some kind of importing right now :)
This has also been discussed and there are some data sources in other providers that return multiple results. I inquired about these kinds of resources a while ago and learned that they were more for experimenting and edge cases. With that in mind, if there was a valid case to have a data source return a list of multiple port UUIDs, we can see how that would look. But the limitation here would be that only a list of UUIDs would be returned - no other attributes. Someone previously started work on https://github.com/terraform-providers/terraform-provider-openstack/pull/139 which would do this for images. But ideally, data sources should return a single resource. Again, I can see how these are limitations for some use-cases. Perhaps future versions of Terraform will allow more flexibility here. Let me know if this helps clarify anything or if you have any questions. |
What do you think about the idea below:
|
Re-reading the original post, I think I misunderstood a number of things. For some reason, I thought you were asking about Terraform's ability to generate HCL code when doing an import. My comment starting with "I believe the kind of functionality you've described has been discussed as future features in Terraform core," applies here. Secondly, I thought you were also asking about a data source's ability to return more than one result. My comment starting with "This has also been discussed and there are some data sources in other providers that return multiple results" applies here.
A data source named
This feels like a workaround for having to do I recall an earlier discussion about a similar situation: a user wanted to apply security groups to a load balancer's port: hashicorp/terraform#11066 The way this works is isn't optimal and my comment from the above link still stands:
When a load balancer is created, the If Neutron is creating ports that are failing to meet important requirements (ie: no security groups are applied, so they area open to the world), then I recommend modifying resources with a similar pattern (ie: add But these situations are pointing out limitations of the OpenStack API: the Share and LBaaS API should provide the ability to apply security groups to the port/instance or provide the ability specify a port ID upon creation. Since they don't, Terraform is now making up for that lack of basic functionality, and that's not a good situation to be in. One reason it's not good is because these limitations might be fixed in the future. Using the Making decisions about when this is appropriate will need to be handled case-by-case. Having Terraform provide the ability to circumvent arbitrary limitations of the OpenStack API isn't a situation I want to be in (ie: To summarize: Amending Let me know if I am totally misunderstanding something here. |
@jtopjian Thanks for your thoughts. I expected an answer like this. LB security groups function manages only the LB port, but not the LB instance ports (from which the monitoring checks are happen). The same applies for the It will allow to use port IDs by an independent terraform provider. |
Do you mean the individual I really want to make sure I'm understanding your use-case because I absolutely do not want to dismiss something valid. My current understanding is that you primarily want to modify service-created ports and secondarily want to do it in bulk? Can you sketch out some HCL code (you can even use non-existent resources for illustration) on what you're trying to achieve? |
An example for lbaasMy environment creates tree LBaaS ports for each hardware load balancer assigned to the network:
First two are used by a lbaas member monitor. An example for manilaOnce you create a sharednetwork + share, manila driver automatically creates two ports, corresponding to the share server (usually two: master, backup)
These IP addresses are reflected in the HCL sketchHere is the combination example of the both data sources referenced in this issue: data "openstack_networking_port_ids_v2" "port" {
device_owner = "network:f5lbaasv2"
}
data "openstack_networking_port_v2" "port" {
count = "${length(data.openstack_networking_port_ids_v2.port.ids)}"
port_id = "${element(data.openstack_networking_port_ids_v2.port.ids, count.index)}"
}
output "foo" {
value = "${data.openstack_networking_port_ids_v2.port.ids}"
}
output "bar" {
value = "${data.openstack_networking_port_v2.port.*.all_security_group_ids}"
} Once we get the IDs, I'm planning to create a combined data source/resource networking_port_manage_v2 {
count = "${length(data.openstack_networking_port_ids_v2.port.ids)}"
port_id = "${element(data.openstack_networking_port_ids_v2.port.ids, count.index)}"
# ensure that referenced ports have a security group
security_group_ids = [
"%UUID%",
]
} This will allow me to get rid of the hacky |
Thanks!
We have an
I think creating a resource called This would benefit your use-case as well as users who, for some reason or another, are prevented from creating ports in their clouds (which is an unfortunate real situation). The only remaining piece here is the Even if you had to declare 5 |
data "openstack_sharedfilesystem_share_v2" "hostctrl" {
name = "${var.sid}_hostctrl"
}
data "openstack_sharedfilesystem_share_v2" "tempdata" {
name = "${var.sid}_tempdata"
}
data "openstack_sharedfilesystem_share_v2" "scripts" {
name = "${var.sid}_scripts"
}
data "openstack_sharedfilesystem_share_v2" "repository" {
name = "${var.sid}_repository"
}
#### manila ports security groups START
data "openstack_networking_secgroup_v2" "manila" {
name = "manila"
}
locals {
share_ips = "${sort(distinct(list(
element(split(":", data.openstack_sharedfilesystem_share_v2.hostctrl.export_locations.0.path), 0),
element(split(":", data.openstack_sharedfilesystem_share_v2.hostctrl.export_locations.1.path), 0),
element(split(":", data.openstack_sharedfilesystem_share_v2.tempdata.export_locations.0.path), 0),
element(split(":", data.openstack_sharedfilesystem_share_v2.tempdata.export_locations.1.path), 0),
element(split(":", data.openstack_sharedfilesystem_share_v2.scripts.export_locations.0.path), 0),
element(split(":", data.openstack_sharedfilesystem_share_v2.scripts.export_locations.1.path), 0),
element(split(":", data.openstack_sharedfilesystem_share_v2.repository.export_locations.0.path), 0),
element(split(":", data.openstack_sharedfilesystem_share_v2.repository.export_locations.1.path), 0),
)))}"
}
data "openstack_networking_port_v2" "manila_ports" {
count = "${length(local.share_ips)}"
fixed_ip = "${element(local.share_ips, count.index)}"
}
resource "openstack_networking_port_secgroup_associate_v2" "ports" {
count = "${length(local.share_ips)}"
port_id = "${element(data.openstack_networking_port_v2.manila_ports.*.id, count.index)}"
security_group_ids = [
"${data.openstack_networking_secgroup_v2.manila.id}",
]
}
#### manila ports security groups END But I'm not able to find any hooks for lbaas monitor ports. |
@jtopjian, I noticed #435 issue by accident. Could be another case for the |
Additionally it might me useful to add a name/description regex, especially when port names/descriptions contain some hints, like in this situation:
UPD: But I believe regex is not supported on the neutron side and this feature will try to list all available ports, then regexp them on the client side. It should be used with a combination of other fields... |
Found another use case for the port security groups #383 |
Affected Resource(s)
Please list the resources as a list, for example:
Expected Behavior
Import neutron ports, which were created automatically by the backend, e.g. owner:
Actual Behavior
There is no
openstack_networking_port_v2
data resource availableImportant Factoids
Ideally it should be possible to import multiple ports, filtered by ListOpts. Then there should be a way to modify them, like add these ports into the security group. I don't like
terraform import
way, because I'd expect to import resources dynamically in the TF manifest. Maybe someone have another thought on it.References
Some thoughts could be found here: hashicorp/terraform#10123
https://www.terraform.io/docs/plugins/provider.html#importer
The text was updated successfully, but these errors were encountered: