data vcd_resource_list with vcd_nsxv_firewall_rule is working incorrectly.

[AlexDubel]

Hi,

I found several issues while running the command data vcd_resource_list with vcd_nsxv_firewall_rule.

Terraform Version

Terraform v1.7.5
on windows_amd64

• provider registry.terraform.io/hashicorp/hcp v0.84.1
• provider registry.terraform.io/hashicorp/vault v4.1.0
• provider registry.terraform.io/vmware/nsxt v3.5.0
• provider registry.terraform.io/vmware/vcd v3.12.0

Affected Resource(s)

vcd_resource_list with vcd_nsxv_firewall_rule

data "vcd_resource_list" "import_firewall_rules" {
  name              = "firewall-rules-list"
  org               = var.org_name
  vdc               = local.vdc_name
  resource_type     = "vcd_nsxv_firewall_rule"
  list_mode         = "import"
  import_file_name  = "import-firewall-rules.tf" 
  parent            = data.vcd_edgegateway.egw-nsxv.name
  name_id_separator = "."
}

The output from the generated file import-firewall-rules.tf is below

# Generated by vcd_resource_list - 2024-03-25T09:02:44+02:00
# Import directive for vcd_nsxv_firewall_rule TTO-1.TTO-1_oVDC.TTO-1_EDGE.firewall 
import {
  to = vcd_nsxv_firewall_rule.firewall-131289
  id = "TTO-1.TTO-1_oVDC.TTO-1_EDGE.firewall"
}

# Import directive for vcd_nsxv_firewall_rule TTO-1.TTO-1_oVDC.TTO-1_EDGE.dhcp 
import {
  to = vcd_nsxv_firewall_rule.dhcp-131290
  id = "TTO-1.TTO-1_oVDC.TTO-1_EDGE.dhcp"
}

# Import directive for vcd_nsxv_firewall_rule TTO-1.TTO-1_oVDC.TTO-1_EDGE.dns 
import {
  to = vcd_nsxv_firewall_rule.dns-131291
  id = "TTO-1.TTO-1_oVDC.TTO-1_EDGE.dns"
}

# Import directive for vcd_nsxv_firewall_rule TTO-1.TTO-1_oVDC.TTO-1_EDGE.Allow_ICMP1 
import {
  to = vcd_nsxv_firewall_rule.Allow_ICMP1-131090
  id = "TTO-1.TTO-1_oVDC.TTO-1_EDGE.Allow_ICMP1"
}

# Import directive for vcd_nsxv_firewall_rule TTO-1.TTO-1_oVDC.TTO-1_EDGE.Allow_ICMP 
import {
  to = vcd_nsxv_firewall_rule.Allow_ICMP-131128
  id = "TTO-1.TTO-1_oVDC.TTO-1_EDGE.Allow_ICMP"
}

# Import directive for vcd_nsxv_firewall_rule TTO-1.TTO-1_oVDC.TTO-1_EDGE.default rule for ingress traffic 
import {
  to = vcd_nsxv_firewall_rule.default rule for ingress traffic-131287
  id = "TTO-1.TTO-1_oVDC.TTO-1_EDGE.default rule for ingress traffic"
}

1. All generated IDs are incorrect

Id from the generated file are

  id = "TTO-1.TTO-1_oVDC.TTO-1_EDGE.firewall"
  id = "TTO-1.TTO-1_oVDC.TTO-1_EDGE.dhcp"
  id = "TTO-1.TTO-1_oVDC.TTO-1_EDGE.dns"
  id = "TTO-1.TTO-1_oVDC.TTO-1_EDGE.Allow_ICMP1"
  id = "TTO-1.TTO-1_oVDC.TTO-1_EDGE.Allow_ICMP"
  id = "TTO-1.TTO-1_oVDC.TTO-1_EDGE.default rule for ingress traffic"

id getting from the command below are different.

data "vcd_resource_list" "import_fw_rules_id" {
    name              = "firewall-rules-list"
    org               = var.org_name
    vdc               = local.vdc_name
    resource_type     = "vcd_nsxv_firewall_rule"
    list_mode         = "hierarchy"
    parent            = data.vcd_edgegateway.egw-nsxv.name
    name_id_separator = "."
}
output "test_test4" {
   value = data.vcd_resource_list.import_fw_rules_id
 }

output

+ test_test4          = {
      + id                = "firewall-rules-list"
      + import_file_name  = null
      + list              = [
          + "TTO-1.TTO-1_oVDC.TTO-1_EDGE.TTO-1_EDGE.firewall",
          + "TTO-1.TTO-1_oVDC.TTO-1_EDGE.TTO-1_EDGE.dhcp",
          + "TTO-1.TTO-1_oVDC.TTO-1_EDGE.TTO-1_EDGE.dns",
          + "TTO-1.TTO-1_oVDC.TTO-1_EDGE.TTO-1_EDGE.Allow_ICMP1",
          + "TTO-1.TTO-1_oVDC.TTO-1_EDGE.TTO-1_EDGE.Allow_ICMP",
          + "TTO-1.TTO-1_oVDC.TTO-1_EDGE.TTO-1_EDGE.default rule for ingress traffic",
        ]
      + list_mode         = "hierarchy"
      + name              = "firewall-rules-list"
      + name_id_separator = "."
      + name_regex        = null
      + org               = "TTO-1"
      + parent            = "TTO-1_EDGE"
      + resource_type     = "vcd_nsxv_firewall_rule"
      + vdc               = "TTO-1_oVDC"
    }

Expected Behavior

it should be
TTO-1.TTO-1_oVDC.TTO-1_EDGE.TTO-1_EDGE.firewall

Actual Behavior

but the generated ID is
TTO-1.TTO-1_oVDC.TTO-1_EDGE.firewall

2. Firewall rules with spaces in their names, which also include the default rule "default rule for ingress traffic"

are processed incorrectly. Spaces should be replaced with some symbol, e.g., an underscore, as spaces are prohibited in Terraform.

Expected Behavior

# Import directive for vcd_nsxv_firewall_rule TTO-1.TTO-1_oVDC.TTO-1_EDGE.default rule for ingress traffic 
import {
  to = vcd_nsxv_firewall_rule.default rule for ingress traffic-131287
  id = "TTO-1.TTO-1_oVDC.TTO-1_EDGE.default_rule_for_ingress_traffic"

}

Actual Behavior

# Import directive for vcd_nsxv_firewall_rule TTO-1.TTO-1_oVDC.TTO-1_EDGE.default rule for ingress traffic 
import {
  to = vcd_nsxv_firewall_rule.default rule for ingress traffic-131287
  id = "TTO-1.TTO-1_oVDC.TTO-1_EDGE.default rule for ingress traffic"
}

[adambarreiro]

Hi @AlexDubel, thanks for your patience.
This should be fixed with PR #1302, if you want to check it out and try.