Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement: Need support for uni-directional contracts #94

Open
robvand opened this issue May 30, 2024 · 1 comment · May be fixed by #95
Open

Enhancement: Need support for uni-directional contracts #94

robvand opened this issue May 30, 2024 · 1 comment · May be fixed by #95
Labels
enhancement New feature or request

Comments

@robvand
Copy link
Contributor

robvand commented May 30, 2024
edited
Loading

The current contract implementation does not allow for uni directional contracts under the subject.

Currently revFltPorts is hardcoded to "yes"

Uni directional contracts are required for situations where DSR is required with a SG to return flows to a L4-7 devices, and also when configuring leaking between VRFs where consumer and provider contracts are required in both directions.

resource "aci_rest_managed" "vzSubj" {
  for_each   = { for subj in var.subjects : subj.name => subj }
  dn         = "${aci_rest_managed.vzBrCP.dn}/subj-${each.value.name}"
  class_name = "vzSubj"
  content = {
    name        = each.value.name
    nameAlias   = each.value.alias
    descr       = each.value.description
    revFltPorts = "yes"
    prio        = each.value.qos_class
    targetDscp  = each.value.target_dscp
  }
}

Unidirectional contract payload:

{
    "vzSubj": {
        "attributes": {
            "dn": "uni/tn-demo-05/brc-test/subj-test1",
            "name": "test1",
            "revFltPorts": "false",
            "rn": "subj-test1",
            "status": "created"
        },
        "children": [
            {
                "vzInTerm": {
                    "attributes": {
                        "dn": "uni/tn-demo-05/brc-test/subj-test1/intmnl",
                        "status": "created",
                        "targetDscp": "64"
                    },
                    "children": []
                }
            },
            {
                "vzOutTerm": {
                    "attributes": {
                        "dn": "uni/tn-demo-05/brc-test/subj-test1/outtmnl",
                        "status": "created",
                        "targetDscp": "64"
                    },
                    "children": []
                }
            }
        ]
    }
}
@therealdoug
Copy link
Contributor

Also need support for this. Resorting to an additional native hcl for these specific use cases.

@robvand robvand linked a pull request May 30, 2024 that will close this issue
Open
@andbyrne andbyrne linked a pull request Jun 21, 2024 that will close this issue
Adding support for unidirectional contracts #95
Open
@danischm danischm added the enhancement New feature or request label Jul 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adding support for unidirectional contracts robvand/terraform-aci-nac-aci
3 participants
@robvand @therealdoug @danischm