terraform-provider-oci icon indicating copy to clipboard operation
terraform-provider-oci copied to clipboard

Published 20 hours ago verified publisher icon oracle

OCI Network resource limitations

Open mhca99 opened this issue 10 months ago • 0 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

We are currently facing some limitations for the following OCI resources: "oci_core_private_ip" "create_vnic_details" "oci_core_route_table"

In our use case , we first deploy the infrastructure including the VCN, subnets and Route tables via main pipeline and then deploy the firewall VMs via separate pipeline. In main pipeline code, we require Route Table entry with firewall IP as next hop to force traffic through the firewall. This entry requires IP OCID which is not available during the first run as FW is not deployed yet. We are forced to re-run the intial pipeline after the FW is deployed , so that Route table entries are refreshed/updated with FW IPs as next hop in routing rules. Also anytime FW is redeployed for some reason , the first pipeline needs to be run again.

  1. Can we enhance "oci_core_private_ip" so that : a) it can create the unattached IP (not attached to any VNIC) b) accepts the subnet_id while the vnic_id as optional

  2. Can we enahnce the "oci_core_vnic_attachment" so that : a) it can support multiple "create_vnic_details" blocks , so that we can attach additional IP with same interface. In our use case , FW VM requires two IPs on the same interface. Currently we have to use ""oci_core_private_ip" to attach second IP on the same interface. b) "private_ip" field in that block can accept the pre-exiting IP (which was earlier created with "oci_core_private_ip" resource)

  3. Can we enhance the "oci_core_route_table" so that : a) network_entity_id field can accept 32bit "IP Address" instead of IP OCID as next hop. This will help pre-populate the Route table (before the FW VM deployment)

  4. Further can we have some additional resource available to just update the route rules in Routing table ? In current "oci_core_route_table" resource , we are forced to define all the routing rules when creating this resource. We need something similar to "oci_core_drg_route_table_route_rule".

New or Affected Resource(s)

"oci_core_private_ip" "create_vnic_details" "oci_core_route_table"

Potential Terraform Configuration

References

mhca99 avatar Apr 26 '24 14:04 mhca99