Add support for configuring security_profile_paths in nsxt_policy_fixed_segment #1747
Description
Description
Description
In NSX-T Manager UI fixed segments allow attaching Segment Security Profiles
However, when using the Terraform provider resource nsxt_policy_fixed_segment, attempting to assign a security_profile_paths attribute results in: Error: Unexpected attribute An attribute named "security_profile_paths" is not expected here
This blocks us from managing segment security profiles via Terraform for fixed segments.
Feature Gap
The resource nsxt_policy_segment does support security_profile_paths, allowing full policy automation via Terraform.
This inconsistency prevents automation of segment security profiles on fixed segments, even though the NSX-T UI allow it.
We would like to:
- Attach segment security profiles directly in Terraform
- Eliminate manual configuration steps in the UI or API
- Maintain consistency between
nsxt_policy_segmentandnsxt_policy_fixed_segment
Environment
- NSX-T version: v4.2.0
- Terraform version: v1.11.1
- Provider version:
vmware/nsxtv3.8.2
Workaround (Current)
Currently we must:
- Apply the
nsxt_policy_fixed_segmentresource via Terraform - Manually assign the Segment Security Profile in the NSX-T GUI or via API
This breaks infrastructure-as-code principles and CI/CD workflows.
Request
Please add support for the security_profile_paths attribute in the nsxt_policy_fixed_segment resource, just like it exists in nsxt_policy_segment.
This will bring Terraform's capabilities in line with NSX-T’s policy API and UI.
Thank you!
Use Case(s)
This will bring Terraform's capabilities in line with NSX-T’s policy API and UI.
Potential Configuration
resource "nsxt_policy_fixed_segment" "web_vlan_10" {
display_name = "web-vlan-10"
transport_zone_path = data.nsxt_policy_transport_zone.vlan.path
vlan_ids = [10]
security_profile_paths = [
data.nsxt_policy_segment_security_profile.default.path
]
}
References
No response