Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

'rule_priority' attribute in resource 'nsxt_policy_nat_rule' does not create NAT under (INTERNAL, USER, DEFAULT) section #1341

Open
NonoCX opened this issue Aug 30, 2024 · 0 comments
Assignees
Labels
bug Bug
Milestone

Comments

@NonoCX
Copy link

NonoCX commented Aug 30, 2024

Describe the bug

With the API of NSX it can be possible to create NAT under 3 differents categories/sections (INTERNAL, USER and DEFAULT).

https://dp-downloads.broadcom.com/api-content/apis/API_NTDCRA_001/3.2.1/html/api_includes/method_PatchPolicyNatRule.html

But when i use the resource nsxt_policy_nat_rule it is not possible to create nat rule under INTERNAL categorie/section. All rules are created under USER section

According to the documention and my first case #1301, In the terraform provider the rule_priority attribute control where the NAT rule will be put (INTERNAL, USER and DEFAULT section), but all NAT rule create with rule rule_priority = 0are put to USER section ....

Reproduction steps

  1. create NAT rule with rule_priority = 0
resource "nsxt_policy_nat_rule" "dnat1" {
  display_name          = "dnat_rule1"
  action                = "DNAT"
  source_networks       = ["9.1.1.1", "9.2.1.1"]
  destination_networks  = ["11.1.1.1"]
  translated_networks   = ["10.1.1.1"]
  gateway_path          = data.nsxt_policy_tier1_gateway.this.path
  logging               = false
  firewall_match        = "MATCH_INTERNAL_ADDRESS"

  rule_priority         = 0

  tag {
    scope = "color"
    tag   = "blue"
  }
}

The rule is created under USER section with sequence_number: 0, not under INTERNAL section
image
The are nothing under INTERNAL section
image

For test, I was created a NAT rule under DEFAULT section, i was set the max value of rule_priority rule_priority = 2147483647, i have a error because terraform put the NAT under USER section and the max value of rule_priority in USER section is 2147482623
image

Expected behavior

I would like, when a use rule_priority the NAT are put under section in the correct section according to the value in the documention of NSX API :

The valid range of
rule_priority number is from 0 to 2147483647(MAX_INT).

  1. INTERNAL section
    rule_priority reserved from 0 - 1023 (1024 rules)
    valid sequence_number range 0 - 1023
  2. USER section
    rule_priority reserved from 1024 - 2147482623 (2147481600 rules)
    valid sequence_number range 0 - 2147481599
  3. DEFAULT section
    rule_priority reserved from 2147482624 - 2147483647 (1024 rules)
    valid sequence_number range 0 - 1023

Source : https://dp-downloads.broadcom.com/api-content/apis/API_NTDCRA_001/3.2.1/html/api_includes/method_PatchPolicyNatRule.html

Additional context

No response

@NonoCX NonoCX added the bug Bug label Aug 30, 2024
@salv-orlando salv-orlando added this to the v3.7.0 milestone Sep 4, 2024
@annakhm annakhm modified the milestones: v3.7.0, v3.8.0 Oct 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Bug
Projects
None yet
Development

No branches or pull requests

4 participants