Add support for project VPCs in network data source

ksamoray · ksamoray · commit a6af00e3f6a2 · 2025-09-15T12:12:02.000+03:00
Network datasource has a capability to find a network which belongs to NSX
default project.

But VPC subnets can be nested under different project, and as network names are
not unique, it is required to use the project id as part of the network
identification.

Signed-off-by: Kobi Samoray &lt;kobi.samoray@broadcom.com&gt;
diff --git a/docs/data-sources/network.md b/docs/data-sources/network.md
@@ -62,6 +62,7 @@ The following arguments are supported:
   * `network_type`: This is required if you have multiple port groups with the same name. This will be one of `DistributedVirtualPortgroup` for distributed port groups, `Network` for standard (host-based) port groups, or `OpaqueNetwork` for networks managed externally, such as those managed by NSX.
 * `retry_timeout` - (Optional) The timeout duration in seconds for the data source to retry read operations.
 * `retry_interval` - (Optional) The interval in milliseconds to retry the read operation if `retry_timeout` is set. Default: 500.
+* `project_id` - (Optional) Select a project scope for retrieval of VPC subnets.
 * `vpc_id` - (Optional) Select a VPC scope for retrieval of VPC subnets.
   [docs-about-morefs]: /docs/providers/vsphere/index.html#use-of-managed-object-references-by-the-vsphere-provider
 
diff --git a/vsphere/data_source_vsphere_network.go b/vsphere/data_source_vsphere_network.go
@@ -47,6 +47,11 @@ func dataSourceVSphereNetwork() *schema.Resource {
 				Description: "Id of the distributed virtual switch of which the port group is a part of",
 				Optional:    true,
 			},
+			"project_id": {
+				Type:        schema.TypeString,
+				Description: "Id of the project object, which the VPC and network belongs to",
+				Optional:    true,
+			},
 			"vpc_id": {
 				Type:        schema.TypeString,
 				Description: "Id of the VPC which the network belongs to",
@@ -89,6 +94,7 @@ func dataSourceVSphereNetworkRead(d *schema.ResourceData, meta interface{}) erro
 	name := d.Get("name").(string)
 	dvSwitchUUID := d.Get("distributed_virtual_switch_uuid").(string)
 	vpcID := d.Get("vpc_id").(string)
+	projectID := d.Get("project_id").(string)
 	var dc *object.Datacenter
 	if dcID, ok := d.GetOk("datacenter_id"); ok {
 		var err error
@@ -128,7 +134,7 @@ func dataSourceVSphereNetworkRead(d *schema.ResourceData, meta interface{}) erro
 			return net, waitForNetworkCompleted, nil
 		} else if vpcID != "" {
 			// Handle VPC network
-			net, err = network.FromNameAndVPCId(client, name, dc, vpcID)
+			net, err = network.FromNameAndVPCId(client, name, dc, projectID, vpcID)
 			if err != nil {
 				var notFoundError *network.NotFoundError
 				if errors.As(err, &notFoundError) {
diff --git a/vsphere/data_source_vsphere_network_test.go b/vsphere/data_source_vsphere_network_test.go
@@ -184,3 +184,32 @@ func TestAccDataSourceVSphereNetwork_vpcNetwork(t *testing.T) {
 		},
 	})
 }
+
+func testAccDataSourceVSphereNetworkConfigProjectVPCNetwork() string {
+	return fmt.Sprintf(`
+%s
+`,
+		testhelper.CombineConfigs(testhelper.ConfigDataRootDC1(), testhelper.ConfigDataProjectVPCNetwork(), testhelper.ConfigDataRootVMNet()),
+	)
+}
+
+func TestAccDataSourceVSphereNetwork_vpcNetworkAndProject(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			RunSweepers()
+			testAccPreCheck(t)
+			if os.Getenv("TF_VAR_VSPHERE_PROJECT_VPC_SUBNET") == "" || os.Getenv("TF_VAR_VSPHERE_PROJECT_VPC_ID") == "" || os.Getenv("TF_VAR_VSPHERE_PROJECT_ID") == "" {
+				t.Skipf("This test requires project and VPC settings, please set TF_VAR_VSPHERE_PROJECT_VPC_SUBNET, TF_VAR_VSPHERE_PROJECT_VPC_ID and TF_VAR_VSPHERE_PROJECT_ID environment variables")
+			}
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceVSphereNetworkConfigProjectVPCNetwork(),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.vsphere_network.vmnet", "type", "Network"),
+				),
+			},
+		},
+	})
+}
diff --git a/vsphere/internal/helper/network/network_helper.go b/vsphere/internal/helper/network/network_helper.go
@@ -109,7 +109,7 @@ func FromNameAndDVSUuid(client *govmomi.Client, name string, dc *object.Datacent
 	return nil, NotFoundError{Name: name}
 }
 
-func FromNameAndVPCId(client *govmomi.Client, name string, dc *object.Datacenter, vpcID string) (object.NetworkReference, error) {
+func FromNameAndVPCId(client *govmomi.Client, name string, dc *object.Datacenter, projectID, vpcID string) (object.NetworkReference, error) {
 	ctx := context.TODO()
 	finder := find.NewFinder(client.Client, true)
 
@@ -127,10 +127,23 @@ func FromNameAndVPCId(client *govmomi.Client, name string, dc *object.Datacenter
 	for _, network := range networks {
 		path := network.GetInventoryPath()
 		pathSplit := strings.Split(path, "/")
-
-		vpcIndex := slices.Index(pathSplit, "Virtual Private Clouds")
-		// Path format is /<datacenter>/network/Virtual Private Clouds/<VPC>/<subnet> ... And could contain folders as well
-		if vpcIndex != -1 && len(pathSplit) > vpcIndex && pathSplit[vpcIndex+1] == vpcID {
+		networkVPC := ""
+		networkProject := ""
+		if projectID == "" {
+			vpcIndex := slices.Index(pathSplit, "Virtual Private Clouds")
+			// Path format is /<datacenter>/network/Virtual Private Clouds/<VPC>/<subnet> ... And could contain folders as well
+			if vpcIndex != -1 && len(pathSplit) > vpcIndex {
+				networkVPC = pathSplit[vpcIndex+1]
+			}
+		} else {
+			projectIndex := slices.Index(pathSplit, "NSX Managed Folders")
+			// Path format is /<datacenter>/network/NSX Managed Folders/<project>/<VPC>/<subnet>
+			if projectIndex != -1 && len(pathSplit) > projectIndex+1 {
+				networkProject = pathSplit[projectIndex+1]
+				networkVPC = pathSplit[projectIndex+2]
+			}
+		}
+		if networkVPC != "" && networkVPC == vpcID && networkProject == projectID {
 
 			if network.Reference().Type == "DistributedVirtualPortgroup" {
 				dvPortGroup := object.NewDistributedVirtualPortgroup(client.Client, network.Reference())
diff --git a/vsphere/internal/helper/testhelper/testing.go b/vsphere/internal/helper/testhelper/testing.go
@@ -207,6 +207,17 @@ data "vsphere_network" "network1" {
 `, os.Getenv("TF_VAR_VSPHERE_VPC_SUBNET"), os.Getenv("TF_VAR_VSPHERE_VPC_ID"))
 }
 
+func ConfigDataProjectVPCNetwork() string {
+	return fmt.Sprintf(`
+data "vsphere_network" "network1" {
+  name          = "%s"
+  project_id    = "%s"
+  vpc_id        = "%s"
+  datacenter_id = data.vsphere_datacenter.rootdc1.id
+}
+`, os.Getenv("TF_VAR_VSPHERE_PROJECT_VPC_SUBNET"), os.Getenv("TF_VAR_VSPHERE_PROJECT_ID"), os.Getenv("TF_VAR_VSPHERE_PROJECT_VPC_ID"))
+}
+
 func ConfigDataRootVMNet() string {
 	return `
 data "vsphere_network" "vmnet" {
