tested new functionality for NDO 4.2

README.md

@@ -23,8 +23,8 @@ A Terraform module to configure ACI Tenant Policies.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_mso"></a> [mso](#provider\_mso) | 1.0.0 |
 | <a name="provider_aci"></a> [aci](#provider\_aci) | 2.13.2 |
+| <a name="provider_mso"></a> [mso](#provider\_mso) | 1.0.0 |
 ## Inputs
 
 | Name | Description | Type | Default | Required |
@@ -42,8 +42,6 @@ A Terraform module to configure ACI Tenant Policies.
 | <a name="output_nd_orchestrator"></a> [nd\_orchestrator](#output\_nd\_orchestrator) | n/a |
 | <a name="output_policies"></a> [policies](#output\_policies) | n/a |
 | <a name="output_tenants"></a> [tenants](#output\_tenants) | n/a |
-| <a name="output_aaeps"></a> [aaeps](#output\_aaeps) | n/a |
-| <a name="output_zepgs"></a> [zepgs](#output\_zepgs) | n/a |
 ## Resources
 
 | Name | Type |
@@ -166,7 +164,7 @@ A Terraform module to configure ACI Tenant Policies.
 | [aci_vrf_snmp_context.map](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/vrf_snmp_context) | resource |
 | [mso_schema.map](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema) | resource |
 | [mso_schema_site.map](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_site) | resource |
-| [mso_schema_site_anp_epg_bulk_staticport.static_port](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_site_anp_epg_bulk_staticport) | resource |
+| [mso_schema_site_anp_epg_bulk_staticport.map](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_site_anp_epg_bulk_staticport) | resource |
 | [mso_schema_site_anp_epg_domain.map](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_site_anp_epg_domain) | resource |
 | [mso_schema_site_bd.map](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_site_bd) | resource |
 | [mso_schema_site_bd_l3out.map](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_site_bd_l3out) | resource |

application-epgs.tf

@@ -363,26 +363,6 @@ GUI Location:
 Tenants > {tenant} > Application Profiles > {application_profile} > Application EPGs > {application_epg} > Static Ports > {GUI_Static}
 _______________________________________________________________________________________________________________________
 */
-#resource "aci_rest_managed" "epg_to_static_paths" {
-#  depends_on = [aci_application_epg.map]
-#  for_each   = { for k, v in local.epg_to_static_paths : k => v if local.controller.type == "apic" }
-#  dn         = "${each.value.distinguished_name}[${each.value.tdn}]"
-#  class_name = "fvRsPathAtt"
-#  content = {
-#    encap = length(
-#      regexall("micro_seg", each.value.encapsulation_type)
-#      ) > 0 ? "vlan-${element(each.value.vlans, 0)}" : length(
-#      regexall("qinq", each.value.encapsulation_type)
-#      ) > 0 ? "qinq-${element(each.value.vlans, 0)}-${element(each.value.vlans, 1)}" : length(
-#      regexall("vlan", each.value.encapsulation_type)
-#      ) > 0 ? "vlan-${element(each.value.vlans, 0)}" : length(
-#      regexall("vxlan", each.value.encapsulation_type)
-#    ) > 0 ? "vxlan-${element(each.value.vlans, 0)}" : ""
-#    mode         = each.value.mode
-#    primaryEncap = each.value.encapsulation_type == "micro_seg" ? "vlan-${element(each.value.vlans, 1)}" : "unknown"
-#    tDn          = each.value.tdn
-#  }
-#}
 resource "aci_bulk_epg_to_static_path" "map" {
   depends_on         = [aci_application_epg.map]
   for_each           = { for k, v in local.epg_to_static_paths : k => v if local.controller.type == "apic" && length(v.static_paths) > 0 }
@@ -401,7 +381,7 @@ resource "aci_bulk_epg_to_static_path" "map" {
         regexall("vxlan", static_path.value.encapsulation_type)
       ) > 0 ? "vxlan-${element(static_path.value.vlans, 0)}" : ""
       interface_dn = "${static_path.value.distinguished_name}[${static_path.value.tdn}]"
-      mode         = static_path.value.mode
+      mode         = static_path.value.mode == "trunk" ? "regular" : static_path.value.mode == "access" ? "untagged" : "native"
       primary_encap = length(regexall("micro_seg", static_path.value.encapsulation_type)
       ) > 0 ? "vlan-${element(static_path.value.vlans, 1)}" : "unknown"
     }
@@ -450,28 +430,51 @@ resource "mso_schema_site_anp_epg_domain" "map" {
   }
   allow_micro_segmentation = length(regexall("vmm", each.value.domain_type)
   ) > 0 ? each.value.allow_micro_segmentation : null
-  anp_name                 = each.value.application_profile
-  deploy_immediacy         = each.value.deploy_immediacy == "on-demand" ? "lazy" : each.value.deploy_immediacy
-  domain_name              = each.value.domain
-  domain_type              = length(regexall("vmm", each.value.domain_type)) > 0 ? "vmmDomain" : "physicalDomain"
-  enhanced_lag_policy_name = length(regexall("vmm", each.value.domain_type)) > 0 ? each.value.enhanced_lag_policy : null
+  allow_promiscuous = length(regexall("vmm", each.value.domain_type)
+  ) > 0 ? each.value.security.allow_promiscuous : null
+  anp_name = each.value.application_profile
+  binding_type = each.value.port_binding == "static_binding" && length(
+    regexall("vmm", each.value.domain_type)) > 0 ? "static" : each.value.port_binding == "dynamic_binding" && length(
+    regexall("vmm", each.value.domain_type)) > 0 ? "dynamic" : each.value.port_binding == "ephemeral" && length(
+    regexall("vmm", each.value.domain_type)) > 0 ? each.value.port_binding : length(
+  regexall("vmm", each.value.domain_type)) > 0 ? "none" : null
+  custom_epg_name = length(regexall("vmm", each.value.domain_type)
+  ) > 0 ? each.value.custom_epg_name : null
+  delimiter = length(regexall("vmm", each.value.domain_type)
+  ) > 0 ? each.value.delimiter : null
+  deploy_immediacy = each.value.deploy_immediacy == "on-demand" ? "lazy" : each.value.deploy_immediacy
+  domain_name      = each.value.domain
+  domain_type      = length(regexall("vmm", each.value.domain_type)) > 0 ? "vmmDomain" : "physicalDomain"
   enhanced_lag_policy_dn = length(regexall("vmm", each.value.domain_type)) > 0 && length(
     compact([each.value.enhanced_lag_policy])
   ) > 0 ? "uni/vmmp-${each.value.switch_provider}/dom-${each.value.domain}/vswitchpolcont/enlacplagp-${each.value.enhanced_lag_policy}" : null
-  epg_name = each.value.application_epg
-  micro_seg_vlan_type = length(regexall("vmm", each.value.domain_type)
-  ) > 0 && length(regexall("static", each.value.vlan_mode)) > 0 ? "vlan" : null
+  enhanced_lag_policy_name = length(regexall("vmm", each.value.domain_type)) > 0 ? each.value.enhanced_lag_policy : null
+  epg_name                 = each.value.application_epg
+  forged_transmits = length(regexall("vmm", each.value.domain_type)
+  ) > 0 ? each.value.security.forged_transmits : null
+  mac_changes = length(regexall("vmm", each.value.domain_type)
+  ) > 0 ? each.value.security.mac_changes : null
   micro_seg_vlan = length(regexall("vmm", each.value.domain_type)) > 0 && length(regexall("static", each.value.vlan_mode)
   ) > 0 && length(each.value.vlans) > 1 ? element(each.value.vlans, 2) : null
-  port_encap_vlan_type = length(regexall("vmm", each.value.domain_type)
+  micro_seg_vlan_type = length(regexall("vmm", each.value.domain_type)
   ) > 0 && length(regexall("static", each.value.vlan_mode)) > 0 ? "vlan" : null
+  netflow = length(regexall("vmm", each.value.domain_type)
+  ) > 0 ? "disabled" : null
+  num_ports = length(regexall("vmm", each.value.domain_type)) > 0 && (length(regexall(
+    "dynamic_binding", each.value.port_binding)) > 0 || length(regexall("static_binding", each.value.port_binding)) > 0
+  ) ? each.value.number_of_ports : 0
+  port_allocation = length(regexall("vmm", each.value.domain_type)) > 0 && length(regexall(
+    "static_binding", each.value.port_binding)
+  ) > 0 ? each.value.port_allocation : null
   port_encap_vlan = length(regexall("vmm", each.value.domain_type)) > 0 && length(regexall("static", each.value.vlan_mode)
   ) > 0 && length(each.value.vlans) > 0 ? element(each.value.vlans, 1) : null
+  port_encap_vlan_type = length(regexall("vmm", each.value.domain_type)
+  ) > 0 && length(regexall("static", each.value.vlan_mode)) > 0 ? "vlan" : null
   resolution_immediacy = each.value.resolution_immediacy == "on-demand" ? "lazy" : each.value.resolution_immediacy
   schema_id            = data.mso_schema.map[each.value.ndo.schema].id
   site_id              = data.mso_site.map[each.value.site].id
-  switching_mode       = length(regexall("vmm", each.value.domain_type)) > 0 ? "native" : null
   switch_type          = length(regexall("vmm", each.value.domain_type)) > 0 ? "default" : null
+  switching_mode       = length(regexall("vmm", each.value.domain_type)) > 0 ? "native" : null
   template_name        = each.value.ndo.template
   vlan_encap_mode = length(regexall("vmm", each.value.domain_type)
   ) > 0 ? each.value.vlan_mode : null
@@ -499,26 +502,26 @@ resource "mso_schema_template_anp_epg_contract" "map" {
   lifecycle { ignore_changes = [contract_schema_id, schema_id] }
 }
 
-resource "mso_schema_site_anp_epg_bulk_staticport" "static_port" {
+resource "mso_schema_site_anp_epg_bulk_staticport" "map" {
   provider      = mso
   depends_on    = [mso_schema_template_anp_epg.map]
-  for_each      = { for k, v in local.epg_to_static_paths : k => v if local.controller.type == "ndo" && length(v.static_paths) > 0 }
+  for_each      = { for k, v in local.ndo_epg_to_static_paths : k => v if local.controller.type == "ndo" && length(v.static_paths) > 0 }
   anp_name      = each.value.application_profile
   epg_name      = each.value.application_epg
   schema_id     = data.mso_schema.map[each.value.ndo.schema].id
   site_id       = data.mso_site.map[each.value.site].id
   template_name = each.value.ndo.template
   dynamic "static_ports" {
-    for_each = { for v in each.value.static_ports : "${v.pod}:${v.leaf}:${v.path}" => v }
+    for_each = { for v in each.value.static_paths : "${v.pod_id}/${v.leaf}/${v.interface}" => v }
     content {
       deployment_immediacy = static_ports.value.instrumentation_immediacy
-      leaf                 = static_ports.value.path_type == "vpc" ? static_ports.value.vpc_pair : static_ports.value.node_id
+      leaf                 = static_ports.value.leaf
       micro_seg_vlan = static_ports.value.encapsulation_type == "micro_seg" && length(static_ports.value.vlans
       ) == 2 ? element(static_ports.value.vlans, 1) : null
-      mode      = static_ports.value.node
-      path      = static_ports.value.interface
+      mode      = static_ports.value.mode == "trunk" ? "regular" : static_ports.value.mode == "access" ? "untagged" : "native"
+      path      = length(regexall("vpc|dpc", static_ports.value.interface)) > 0 ? static_ports.value.interface : "eth${static_ports.value.interface}"
       path_type = static_ports.value.path_type
-      pod       = static_ports.value.pod_id
+      pod       = "pod-${static_ports.value.pod_id}"
       vlan      = element(static_ports.value.vlans, 0)
     }
   }

bridge-domains.tf

@@ -282,7 +282,7 @@ resource "mso_schema_template_bd_subnet" "map" {
   depends_on         = [mso_schema_template_bd.map, mso_schema_site_bd.map]
   for_each           = { for k, v in local.bridge_domain_subnets : k => v if local.controller.type == "ndo" && v.create == true }
   bd_name            = each.value.bridge_domain
-  description        = each.value.description
+  description        = length(each.value.description) > 0 ? length(each.value.description) : each.value.gateway_ip
   ip                 = each.value.gateway_ip
   no_default_gateway = each.value.subnet_control.no_default_svi_gateway
   schema_id          = data.mso_schema.map[each.value.ndo.schema].id

locals.tf

@@ -225,14 +225,13 @@ locals {
         local.general, lookup(v, "general", {}), {
           description = lookup(lookup(v, "general", {}), "description", lookup(v, "description", ""))
           tenant      = var.tenant
-        },
-        { vrf = [for s in [lookup(lookup(v, "general", {}), "vrf", {})] : merge(
-          local.general.vrf, lookup(lookup(v, "general", {}), "vrf", {}),
-          {
-            name   = "${local.npfx.vrfs}${s.name}${local.nsfx.vrfs}"
-            tenant = lookup(s, "tenant", var.tenant)
-          }
-        )][0] }
+          vrf = [for s in [lookup(lookup(v, "general", {}), "vrf", {})] : merge(
+            local.general.vrf, lookup(lookup(v, "general", {}), "vrf", {}), {
+              name   = "${local.npfx.vrfs}${s.name}${local.nsfx.vrfs}"
+              tenant = lookup(s, "tenant", var.tenant)
+            }
+          )][0]
+        }
       )
       l3_configurations = merge(local.l3, lookup(v, "l3_configurations", {}), {
         associated_l3outs = flatten([for e in lookup(lookup(v, "l3_configurations", {}), "associated_l3outs", {}) : [
@@ -254,7 +253,6 @@ locals {
       tenant = var.tenant
     }
   }
-  #ndo_bd_sites = {}
   ndo_bd_sites = { for i in flatten([
     for k, v in local.bridge_domains : [
       for s in range(length(v.ndo.sites)) : {
@@ -358,7 +356,6 @@ locals {
       template = lookup(v, "template", "")
     } if length(compact([lookup(v, "template", "")])) > 0
   ]
-
   merge_templates = { for i in flatten([
     for v in local.epgs_with_template : [
       merge(local.template_epgs[index(local.template_epgs[*].template_name, v.template)], local.epgs[v.name])
@@ -470,8 +467,8 @@ locals {
         pod_id                    = lookup(v, "pod_id", 1)
         site                      = lookup(v, "site", "")
         instrumentation_immediacy = lookup(i, "instrumentation_immediacy", lookup(v, "instrumentation_immediacy", "immediate"))
-        vpc_pair = flatten([for e in lookup(var.model.switch, "vpc_domains", []
-        ) : e.switches if contains([for d in e.switches : tostring(d)], tostring(v.node_id))])
+        vpc_pair = distinct(flatten([for e in lookup(var.model.switch, "vpc_domains", []
+        ) : e.switches if contains([for d in e.switches : tostring(d)], tostring(v.node_id))]))
         mode = length(regexall("(,|-)", jsonencode(lookup(i, "allowed_vlans", "")))
         ) > 0 ? "trunk" : "native"
         vlan_split = length(regexall("-", lookup(i, "allowed_vlans", ""))
@@ -494,18 +491,24 @@ locals {
   })]
   epg_to_static_paths = {
     for k, v in local.application_epgs : k => {
+      application_profile = v.application_profile
+      application_epg     = v.name
+      ndo                 = v.ndo
+      sites               = distinct(compact([for e in local.switch_loop_3 : lookup(e, "site", "")]))
       static_paths = [
         for e in local.switch_loop_3 : {
-          access                    = e.access
-          distinguished_name        = "${aci_application_epg.map[k].id}/rspathAtt-"
+          access = e.access
+          distinguished_name = length(regexall("apic", local.controller.type)
+          ) > 0 ? "${aci_application_epg.map[k].id}/rspathAtt-" : ""
           encapsulation_type        = e.encapsulation_type
           instrumentation_immediacy = e.instrumentation_immediacy == "on-demand" ? "lazy" : "immediate"
-          mode                      = contains(v.vlans, tonumber(e.access)) ? "native" : e.mode
-          ndo                       = v.ndo
-          node_id                   = e.node_id
-          path_type                 = e.path_type
-          pod_id                    = e.pod_id
-          site                      = e.site
+          interface                 = e.interface
+          leaf = length(regexall("^vpc$", e.path_type)
+          ) > 0 ? "${element(e.vpc_pair, 0)}-${element(e.vpc_pair, 1)}" : e.node_id
+          mode      = contains(v.vlans, tonumber(e.access)) ? "native" : e.mode
+          node_id   = e.node_id
+          path_type = e.path_type
+          pod_id    = e.pod_id
           tdn = length(regexall("^vpc$", e.path_type)
             ) > 0 ? "topology/pod-${e.pod_id}/protpaths-${element(e.vpc_pair, 0)}-${element(e.vpc_pair, 1)}/pathep-[${e.interface}]" : length(
             regexall("^dpc$", e.path_type)
@@ -521,6 +524,13 @@ locals {
     } if v.epg_type == "standard"
   }
 
+  ndo_epg_to_static_paths = { for i in flatten([
+    for k, v in local.epg_to_static_paths : [
+      for e in v.sites : merge({ site = e }, v)
+    ] if local.controller.type == "ndo"
+    ]
+  ) : "${i.application_profile}/${i.application_epg}/${i.site}" => i }
+
   contract_to_epgs = { for i in flatten([
     for key, value in local.application_epgs : [
       for v in value.contracts : {
@@ -649,7 +659,7 @@ locals {
         }
       )
     ]
-  ]) : "${i.filter_name}/${i.name}" => i }
+  ]) : "${i.filter_name}:path${i.name}" => i }
 
 
   #__________________________________________________________
@@ -733,7 +743,7 @@ locals {
       for v in value.contracts : merge(
         local.l3out.external_epgs.contracts, v, {
           contract     = "${local.npfx.contracts}${v.name}${local.nsfx.contracts}",
-          external_epg = value.name, l3out = value.l3out,
+          external_epg = key,
           ndo = {
             schema   = lookup(lookup(v, "ndo", {}), "schema", value.ndo.schema)
             sites    = lookup(lookup(v, "ndo", {}), "sites", value.ndo.sites)
@@ -743,7 +753,7 @@ locals {
         }
       )
     ]
-  ]) : "${i.l3out}/${i.external_epg}/${i.contract_type}/${i.contract}" => i }
+  ]) : "${i.external_epg}/${i.contract_type}/${i.contract}" => i }
 
   l3out_external_epg_subnets = { for i in flatten([
     for key, value in local.l3out_external_epgs : [for v in lookup(value, "subnets", []) : [

outputs.tf

@@ -29,7 +29,11 @@ output "application_profiles" {
       for v in sort(keys(aci_bulk_epg_to_static_path.map)) : v => [
         for e in aci_bulk_epg_to_static_path.map[v].static_path : e.interface_dn
       ]
-    } : local.controller.type == "ndo" ? {} : {}
+      } : local.controller.type == "ndo" ? {
+      for v in sort(keys(mso_schema_site_anp_epg_bulk_staticport.map)) : v => [
+        for e in mso_schema_site_anp_epg_bulk_staticport.map[v].static_ports : "${e.pod}/${e.leaf}/${e.path}"
+      ]
+    } : {}
   }
 }
 
@@ -165,11 +169,3 @@ output "tenants" {
     for v in sort(keys(mso_tenant.map)) : v => mso_tenant.map[v].id
   } : {}
 }
-
-output "aaeps" {
-  value = var.model.aaep_to_epgs
-}
-
-output "zepgs" {
-  value = local.application_epgs
-}

schemas.tf

@@ -34,3 +34,28 @@ resource "mso_schema_site" "map" {
 }
 
 
+#resource "mso_schema_template_deploy_ndo" "name" {
+#  depends_on = [
+#    mso_schema.map,
+#    mso_schema_site.map,
+#    mso_schema_site_anp_epg_bulk_staticport.static_port,
+#    mso_schema_site_anp_epg_domain.map,
+#    mso_schema_site_bd.map,
+#    mso_schema_site_bd_l3out.map,
+#    mso_schema_site_vrf.map,
+#    mso_schema_template_anp.map,
+#    mso_schema_template_anp_epg.map,
+#    mso_schema_template_bd.map,
+#    mso_schema_template_bd_subnet.map,
+#    mso_schema_template_contract.map,
+#    mso_schema_template_filter_entry.map,
+#    mso_schema_template_l3out.map,
+#    mso_tenant.map
+#  ]
+#  for_each      = { for k, v in local.template_sites : k => v }
+#  schema_id     = data.mso_schema.map[each.value.schema].id
+#  template_name = each.value.template
+#  lifecycle {
+#    ignore_changes = [schema_id]
+#  }
+#}