- vcd_nsxt_firewall Module Release Version 1.3.0

- Added a Locals Block to create a global lookup table (map) that will contain all the different entities' ids with their names as keys. This will simplify and generalize the id resolution in the firewall rule creation.

- Updated the "source_ids", "destination_ids", and "app_port_profile_ids" in the firewall rule creation to use the new map

- Updated the Source URL in the Example Usage Section to the latest (v1.3.0) version of the vcd_nsxt_distributed_firewall Module

- Updated the app_port_profiles Variable Required Value to "yes" in the Inputs Section of the README

Author: scafeman

README.md

@@ -25,7 +25,7 @@ This Terraform module deploys NSX-T Edge Gateway Firewall Rules into an existing
 | vdc_org_name | The name of the Data Center Group Organization in VCD | string | `"Organization Name Format: <Account_Number>-<Region>-<Account_Name>"` | yes |
 | vdc_group_name | The name of the Data Center Group in VCD | string | `"Data Center Group Name Format: <Account_Number>-<Region>-<Account_Name> <datacenter group>"` | yes |
 | vdc_edge_name | Name of the Data Center Group Edge Gateway | string | `"Edge Gateway Name Format: <Account_Number>-<Region>-<Edge_GW_Identifier>-<edge>"` | yes |
-| app_port_profiles | Map of app port profiles with their corresponding scopes | map(string) | {} | no |
+| app_port_profiles | Map of app port profiles with their corresponding scopes | map(string) | {} | yes |
 | ip_set_names | List of IP set names | list(string) | [] | yes |
 | dynamic_security_group_names | List of dynamic security group names | list(string) | [] | no |
 | security_group_names | List of security group names | list(string) | [] | no |
@@ -42,7 +42,7 @@ This Terraform module deploys NSX-T Edge Gateway Firewall Rules into an existing
 
 ```terraform
 module "vcd_nsxt_firewall" {
-  source = "github.com/global-vmware/vcd_nsxt_firewall.git?ref=v1.1.0"
+  source = "github.com/global-vmware/vcd_nsxt_firewall.git?ref=v1.3.0"
 
   vdc_org_name          = "<VDC-ORG-NAME>"
   vdc_group_name        = "<VDC-GRP-NAME>"

main.tf

@@ -50,6 +50,15 @@ data "vcd_nsxt_security_group" "security_groups" {
   name            = each.value
 }
 
+locals {
+  id_lookup = merge(
+    { for name, profile in data.vcd_nsxt_app_port_profile.app_port_profiles : name => profile.id },
+    { for name, group in data.vcd_nsxt_security_group.security_groups : name => group.id },
+    { for name, group in data.vcd_nsxt_dynamic_security_group.dynamic_security_groups : name => group.id },
+    { for name, set in data.vcd_nsxt_ip_set.ip_sets : name => set.id }
+  )
+}
+
 resource "vcd_nsxt_firewall" "edge_firewall" {
   edge_gateway_id = data.vcd_nsxt_edgegateway.edge_gateway.id
 
@@ -62,9 +71,9 @@ resource "vcd_nsxt_firewall" "edge_firewall" {
       action               = rule.value["action"]
       enabled              = lookup(rule.value, "enabled", true)
       logging              = lookup(rule.value, "logging", false)
-      source_ids           = try(length(rule.value["source_ids"]), 0) > 0 ? [for id in rule.value["source_ids"]: try(data.vcd_nsxt_security_group.security_groups[id].id, try(data.vcd_nsxt_dynamic_security_group.dynamic_security_groups[id].id, data.vcd_nsxt_ip_set.ip_sets[id].id)) if id != null && id != ""] : null
-      destination_ids      = try(length(rule.value["destination_ids"]), 0) > 0 ? [for id in rule.value["destination_ids"]: try(data.vcd_nsxt_security_group.security_groups[id].id, try(data.vcd_nsxt_dynamic_security_group.dynamic_security_groups[id].id, data.vcd_nsxt_ip_set.ip_sets[id].id)) if id != null && id != ""] : null
-      app_port_profile_ids = try(length(rule.value["app_port_profile_ids"]), 0) > 0 ? [for name in rule.value["app_port_profile_ids"]: data.vcd_nsxt_app_port_profile.app_port_profiles[name].id if name != null && name != ""] : null
+      source_ids           = try(length(rule.value["source_ids"]), 0) > 0 ? [for name in rule.value["source_ids"]: local.id_lookup[name] if contains(keys(local.id_lookup), name) && name != null && name != ""] : null
+      destination_ids      = try(length(rule.value["destination_ids"]), 0) > 0 ? [for name in rule.value["destination_ids"]: local.id_lookup[name] if contains(keys(local.id_lookup), name) && name != null && name != ""] : null
+      app_port_profile_ids = try(length(rule.value["app_port_profile_ids"]), 0) > 0 ? [for name in rule.value["app_port_profile_ids"]: local.id_lookup[name] if contains(keys(local.id_lookup), name) && name != null && name != ""] : null
     }
   }
 }