6

What’s new in Terraform VMware Cloud Director Provider 3.3.0

 2 years ago
source link: https://blogs.vmware.com/cloudprovider/2021/07/terraform-vmware-cloud-director-3-3-0.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
What’s new in Terraform VMware Cloud Director Provider 3.3.0?

We have a new release of Terraform VMware Cloud Director Provider. Version 3.3.0 is now available, with some substantial improvements. We have expanded support for NSX-T with six new resources and corresponding data sources:

Some of these resources like vcd_nsxt_nat_rule are ready to consume new VCD 10.3 features (Reflexive NAT rule)

The release also introduces roles and rights management, with a dedicated operations guide, that explains what providers and tenants can do with the new resources. There are three resources and four data sources:

  • vcd_role allows providers and tenants to create, modify, and delete roles
  • vcd_global_role allows providers to define roles for tenants
  • vcd_rights_bundle allows providers to manage tenants rights allocation
  • vcd_right allows providers and tenants to inspect individual rights (only data source).

IPsec VPN tunnel in action

VMware Cloud Director (starting with 10.1) supports IPSec VPN. IPSec VPN offers site-to-site connectivity between an edge gateway and remote sites which also use NSX-T Data Center or which have either third-party hardware routers or VPN gateways that support IPSec.

Here is a quick minimal example to configure IPSec VPN Tunnel on NSX-T Edge Gateway using Terraform:

data "vcd_nsxt_edgegateway" "existing" {
  org  = "org"
  vdc  = "nsxt-vdc"
  name = "nsxt-gateway"
resource "vcd_nsxt_ipsec_vpn_tunnel" "first-tunnel" {
  org = "org"
  vdc = "nsxt-vdc"
  edge_gateway_id = data.vcd_nsxt_edgegateway.existing.id
  name           = "IPSec VPN tunnel 3.3.0"
  # The pre-shared key must be the same on the other end of the IPSec VPN tunnel.
  pre_shared_key = "secret-shared-key"
  # Primary IP address extracted from Edge Gateway data source
  local_ip_address = tolist(data.vcd_nsxt_edgegateway.existing.subnet)[0].primary_ip
  local_networks   = ["10.10.10.0/24"]
  # Remote peer IP address
  remote_ip_address = "1.2.3.4"
  remote_networks   = ["192.168.1.0/24", "192.168.10.0/24", "192.168.20.0/28"]

This example uses default security profile, but it can be customized using security_profile_customization block.

A taste of roles management

Global roles are roles templates defined at provider level and inherited by tenants, Using a combination of the new resources and a built-in Terraform function, we can create a new global role by combining the rights of two existing roles, and adding a custom right:

data "vcd_global_role" "vapp-author" {
  name = "vApp Author"
data "vcd_global_role" "catalog-author" {
  name = "Catalog Author"
# super-vapp-author combines the rights of "vApp Author" and "Catalog Author"
resource "vcd_global_role" "super-vapp-author" {
  name                   = "super-vapp-author"
  description            = "A global role from CLI"
  publish_to_all_tenants = true
  rights = setunion(
    data.vcd_global_role.vapp-author.rights,    # rights from existing global role
    data.vcd_global_role.catalog-author.rights, # rights from existing global role
    ["API Explorer: View"],                     # more rights to be added

Further information

This 3.3.0 release is hosted in the Terraform registry and supports the latest Terraform 1.0 version.

Provider is available in the registry as of 3.0.0 release.

Documentation can be accessed on the site.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK