feat: Add assign_dns var to support disabled DNS (#77)

devoncrouse · web-flow · commit a8a480187bdb · 2022-11-29T09:53:10.000+11:00
* feat: Add assign_dns var to support disabled DNS

Signed-off-by: Devon Crouse &lt;devon.crouse@oracle.com&gt;

* fix: Add unique suffix to instance principal policy name

Signed-off-by: Devon Crouse &lt;devon.crouse@oracle.com&gt;

Signed-off-by: Devon Crouse &lt;devon.crouse@oracle.com&gt;
diff --git a/compute.tf b/compute.tf
@@ -1,4 +1,4 @@
-# Copyright 2017, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
+# Copyright 2017, 2022 Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
 resource "oci_core_instance" "operator" {
@@ -26,7 +26,7 @@ resource "oci_core_instance" "operator" {
   create_vnic_details {
     assign_public_ip = false
     display_name     = var.label_prefix == "none" ? "operator-vnic" : "${var.label_prefix}-operator-vnic"
-    hostname_label   = var.label_prefix == "none" ? "operator" : "${var.label_prefix}-operator"
+    hostname_label   = var.assign_dns ? var.label_prefix == "none" ? "operator" : "${var.label_prefix}-operator" : null
     nsg_ids          = concat(var.nsg_ids, [oci_core_network_security_group.operator.id])
     subnet_id        = oci_core_subnet.operator.id
   }
diff --git a/instance_principal.tf b/instance_principal.tf
@@ -1,4 +1,4 @@
-# Copyright (c) 2022, Oracle Corporation and/or affiliates.  All rights reserved.
+# Copyright (c) 2022 Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
 resource "random_id" "dynamic_group_suffix" {
@@ -18,7 +18,7 @@ resource "oci_identity_dynamic_group" "operator_group" {
   description    = "dynamic group %{ if var.label_prefix != "none" }with label ${var.label_prefix}%{ endif } to allow operator to invoke services"
 
   lifecycle {
-    ignore_changes = [defined_tags]
+    ignore_changes = [defined_tags, name]
   }
 
   matching_rule = "ALL {instance.id = '${join(",", data.oci_core_instance.operator.*.id)}'}"
@@ -36,9 +36,17 @@ resource "oci_identity_policy" "operator_group_policy" {
 
   compartment_id = var.compartment_id
   description    = "policy to allow operator host to call services"
-  name           = join("-", compact([ local.dynamic_group_prefix, "operator-instance-principal" ]))
+  name           = join("-", compact([
+    random_id.dynamic_group_suffix.keepers.label_prefix,
+    "operator-instance-principal",
+    random_id.dynamic_group_suffix.hex
+  ]))
   statements     = ["Allow dynamic-group ${oci_identity_dynamic_group.operator_group[0].name} to manage all-resources in compartment id ${var.compartment_id}"]
 
+  lifecycle {
+    ignore_changes = [name]
+  }
+
   count = var.enable_operator_instance_principal == true ? 1 : 0
 }
 
diff --git a/subnets.tf b/subnets.tf
@@ -1,18 +1,18 @@
-# Copyright 2017, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
+# Copyright 2017, 2022 Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
 resource "oci_core_subnet" "operator" {
   cidr_block                 = local.operator_subnet
   compartment_id             = var.compartment_id
   display_name               = var.label_prefix == "none" ? "operator" : "${var.label_prefix}-operator"
-  dns_label                  = "operator"
+  dns_label                  = var.assign_dns ? "operator" : null
   freeform_tags              = var.freeform_tags
   prohibit_public_ip_on_vnic = true
   route_table_id             = var.nat_route_id
   security_list_ids          = [oci_core_security_list.operator.id]
   vcn_id                     = var.vcn_id
 
   lifecycle {
-    ignore_changes = [freeform_tags]
+    ignore_changes = [dns_label, freeform_tags]
   }
 }
diff --git a/variables.tf b/variables.tf
@@ -1,4 +1,4 @@
-# Copyright (c) 2019, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
+# Copyright (c) 2019, 2022 Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
 # provider parameters
@@ -24,6 +24,12 @@ variable "label_prefix" {
 
 # network parameters
 
+variable "assign_dns" {
+  default     = true
+  description = "Whether to assign DNS records for operator subnet"
+  type        = bool
+}
+
 variable "availability_domain" {
   description = "the AD to place the operator host"
   default     = 1
