Skip to content

Add ESG external subnet selectors support #287

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add ESG external subnet selectors support #287

wants to merge 3 commits into from

Conversation

camrossi
Copy link

  • Add external_subnet_selectors to endpoint security groups
  • Support for external subnet selection in ESG configuration
  • Update documentation and examples for external subnet selectors
  • Include validation and proper variable definitions

@camrossi
Add ESG external subnet selectors support
fa8ef5e 
- Add external_subnet_selectors to endpoint security groups
- Support for external subnet selection in ESG configuration
- Update documentation and examples for external subnet selectors
- Include validation and proper variable definitions
@camrossi camrossi mentioned this pull request Aug 14, 2025
Open
@robvand
Copy link
Contributor

robvand commented Aug 18, 2025
edited
Loading

Few remarks:

The shared bool is not idempotent:

  # module.aci.module.aci_endpoint_security_group["ts-ocp-1/openshift/egress"].aci_rest_managed.fvExternalSubnetSelector["10.61.6.80/28"] will be updated in-place
  ~ resource "aci_rest_managed" "fvExternalSubnetSelector" {
      ~ content     = {
          ~ "shared" = "yes" -> "true"
            # (1 unchanged element hidden)
        }
        id          = "uni/tn-ts-ocp-1/ap-openshift/esg-egress/extsubselector-[10.61.6.80/28]"
        # (4 unchanged attributes hidden)

Value key should probably be ip: for consistency.

@camrossi
Copy link
Author

@robvand fixed it
However I only changed from value to ip in the ip_external_subnet_selectors. value was already used in all the other instances so I do not wanna introduce any breaking change. Perhaps a different PR should address this for ip_subnet_selectors

@robvand
Copy link
Contributor

robvand commented Aug 19, 2025

Thanks for the fixes. Seems your PR includes some changes to the set-rule module which should be omitted.

@juchowan juchowan linked an issue Sep 25, 2025 that may be closed by this pull request
Enhancement: Support for esg_external_subnet_selectors #286
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Enhancement: Support for esg_external_subnet_selectors

2 participants

@camrossi @robvand