HOW-TO aci_contract with filter and filter entry? #162
Comments
|
You need another resource with the subject to attach the two. Below is an example |
|
@scotttyso Thanks. It's just my wishful thinking of having all done in one resource. 👍 It would be cool though as in our space, we always create one contract -> one subject -> one filter which is always provided by one EPG. |
|
@jhtut , as @scotttyso example shows the filter section in the aci_contract is incomplete and does not associated the contract with the filter through a subject. We have made the decision to start deprecating the filter section under aci_contract and will be removing it from the documentation in the next release. We are also updating the example to show how to do a complete contract without it. Those changes are in progress and will be part of #515 I think the use case of creating a contract with single subject and a series of filters is valid so I have created this issue (CiscoDevNet/terraform-aci-modules#1) on our module development repository. |
* Updated Read function in access_switch_policy_group * User security role update (#151) * Updated fabricNodeControl and userSecurityDomainRole * Updated user security domain * Updated Read Function for UI Deletion Test case (#152) * added set for annotation in ldap_group_map * Updated resources (#155) * aaep_to_domain resource file updated, dn changed and description removed (#156) * updated documentation * updated documentation for match_rule * resource_tagannotation updated (#159) Co-authored-by: Parth-CDS <[email protected]> * tag_resource schema updated * Updated Index file of Interface Blacklist * Updated Mgmt Zone (#162) * updated docs
* Updated Read function in access_switch_policy_group * User security role update (#151) * Updated fabricNodeControl and userSecurityDomainRole * Updated user security domain * Updated Read Function for UI Deletion Test case (#152) * added set for annotation in ldap_group_map * Updated resources (#155) * aaep_to_domain resource file updated, dn changed and description removed (#156) * updated documentation * updated documentation for match_rule * resource_tagannotation updated (#159) * tag_resource schema updated * Updated Index file of Interface Blacklist * Updated Mgmt Zone (#162) * updated docs
Hi
I tried the example provided in aci_contract with filter and filter entry. Is it suppose to create the subject as well which basically tied contract and filter. I think allowing to create filter/filter entry is good starting point but really need subject to make it complete. Are we expecting this in 0.5.2? Thanks.
resource "aci_contract" "foocontract" {
tenant_dn = "${aci_tenant.dev_tenant.id}"
description = "%s"
name = "demo_contract"
annotation = "tag_contract"
name_alias = "alias_contract"
prio = "level1"
scope = "tenant"
target_dscp = "unspecified"
filter {
annotation = "tag_filter"
description = "first filter from contract resource"
filter_entry {
entry_description = "hello world"
filter_entry_name = "check_entry3"
d_from_port = "http"
ether_t = "ipv4"
prot = "tcp"
}
filter_entry {
entry_description = "world"
filter_entry_name = "check_entry1"
d_from_port = "443"
ether_t = "ipv4"
prot = "tcp"
}
filter_name = "abcd"
name_alias = "abcd"
}
filter {
filter_name = "example2"
description = "second filter from contract resource"
annotation = "tag_filter"
name_alias = "example2"
}
The text was updated successfully, but these errors were encountered: