Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't set Enable IP Masquerade for vcd_vapp_nat_rules #759

Closed
tcinbis opened this issue Dec 22, 2021 · 4 comments
Closed

Can't set Enable IP Masquerade for vcd_vapp_nat_rules #759

tcinbis opened this issue Dec 22, 2021 · 4 comments
Assignees
@vbauzys

Comments

@tcinbis
Copy link

tcinbis commented Dec 22, 2021

Hey everyone,

The title pretty much describes the issue. When I'm setting enable_ip_masquerade to true it is correctly shown in the terraform plan output, but after I have applied the plan the option is disabled in vCloud when checking it via the UI.
When running terraform apply again it also doesn't pickup the change and reports that the infrastructure matches the configuration.

Am I missing something here?

Thanks for your help!

Terraform Version

Terraform v1.1.1
on windows_amd64
+ provider registry.terraform.io/hashicorp/null v3.1.0
+ provider registry.terraform.io/vmware/vcd v3.4.0

VMware Cloud Director version: 10.2.2.17855680

Affected Resource(s)

  • vcd_vapp_nat_rules

Terraform Configuration Files

provider "registry.terraform.io/hashicorp/null" {
  version = "3.1.0"
  hashes = [
    "h1:SFT7X3zY18CLWjoH2GfQyapxsRv6GDKsy9cF1aRwncc=",
  ]
}

provider "registry.terraform.io/vmware/vcd" {
  version     = "3.4.0"
  constraints = "~> 3.4.0"
  hashes = [
    "h1:YAGmqCFJiJJr/shs7P9UKVp3+LsJ8HBr9tYUnP3ZrRA=",
  ]
}

Debug Output

https://gist.github.com/tcinbis/bffddec898be2e31376ec9324de182a9

Expected Behavior

The Enable IP Masquerade option in the NAT setting should be enabled.

Actual Behavior

Enable IP Masquerade is not enabled.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply

User Access rights

  • User that Terraform uses for authentication has admin rights.
@tcinbis
Copy link
Author

tcinbis commented Dec 22, 2021

So I poked around a bit with PowerCLI and read through the Go code for the NAT configuration. And what I find interesting is at line 156-157.

My interpretation of the code snippet is the following. By default the policy is set to allowTrafficIn and is changed to
allowTraffic if enable_ip_masquerade is false.
And I think that this is the issue since allowTraffic should be set if enable_ip_masquerade is true (at least I could enable the feature with PowerCLI when setting the policy to allowTraffic).

These are just my observations while looking only at this very tiny part of the code and playing with the API. Maybe I am missing something.

@tcinbis
Copy link
Author

tcinbis commented Feb 8, 2022

I know right before Christmas is almost a bad time to come up with new issues.... :)
Just wanted to ask is there any update on this?

Tagging @dataclouder and @vbauzysvmware, thanks!

@vbauzys
Copy link
Contributor

vbauzys commented Feb 9, 2022

Hi @tcinbis I am checking it.

@vbauzys vbauzys mentioned this issue Feb 10, 2022
Merged
@tcinbis
Copy link
Author

tcinbis commented Mar 2, 2022

Closing this since #784 was merged and is scheduled for release in April.

@tcinbis tcinbis closed this as completed Mar 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vbauzys vbauzys

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dataclouder @tcinbis @vbauzys