fix: Compartment AD listing, ignore lifecycle changes, resolve deprecation warning (#68)

devoncrouse · web-flow · commit d55a93653bf1 · 2022-10-05T13:39:09.000+11:00
* Use compartment_id for availability_domain data source

Signed-off-by: Devon Crouse &lt;devon.crouse@oracle.com&gt;

* Fix deprecation warning for operator_subnet_id, ignore lifecycle changes

Signed-off-by: Devon Crouse &lt;devon.crouse@oracle.com&gt;

Signed-off-by: Devon Crouse &lt;devon.crouse@oracle.com&gt;
diff --git a/compute.tf b/compute.tf
@@ -39,10 +39,6 @@ resource "oci_core_instance" "operator" {
   }
 
   is_pv_encryption_in_transit_enabled = var.enable_pv_encryption_in_transit
-  # prevent the operator from destroying and recreating itself if the image ocid changes
-  lifecycle {
-    ignore_changes = [source_details[0].source_id]
-  }
 
   metadata = {
     ssh_authorized_keys = (var.ssh_public_key != "") ? var.ssh_public_key : (var.ssh_public_key_path != "none") ? file(var.ssh_public_key_path) : ""
@@ -67,6 +63,11 @@ resource "oci_core_instance" "operator" {
 
   state = var.operator_state
 
+  # prevent the operator from destroying and recreating itself if the image ocid/tagging/user data changes
+  lifecycle {
+    ignore_changes = [freeform_tags, metadata["user_data"], source_details[0].source_id]
+  }
+
   timeouts {
     create = "60m"
   }
diff --git a/datasources.tf b/datasources.tf
@@ -10,9 +10,8 @@ data "oci_core_services" "all_oci_services" {
 }
 
 data "oci_identity_availability_domain" "ad" {
-  compartment_id = var.tenancy_id
-
-  ad_number = var.availability_domain
+  compartment_id = var.compartment_id
+  ad_number      = var.availability_domain
 }
 
 data "oci_identity_tenancy" "tenancy" {
diff --git a/outputs.tf b/outputs.tf
@@ -10,7 +10,7 @@ output "operator_instance_principal_group_name" {
 }
 
 output "operator_subnet_id" {
-  value = data.oci_core_instance.operator.subnet_id
+  value = oci_core_subnet.operator.id
 }
 
 output "operator_nsg_id" {
diff --git a/security.tf b/security.tf
@@ -61,6 +61,7 @@ resource "oci_core_security_list" "operator" {
   compartment_id = var.compartment_id
   display_name   = var.label_prefix == "none" ? "operator" : "${var.label_prefix}-operator"
   freeform_tags  = var.freeform_tags
+  vcn_id         = var.vcn_id
 
   # egress rule to the same subnet to allow users to use OCI Bastion service to connect to the operator
   egress_security_rules {
@@ -73,5 +74,7 @@ resource "oci_core_security_list" "operator" {
     }
   }
 
-  vcn_id = var.vcn_id
+  lifecycle {
+    ignore_changes = [freeform_tags]
+  }
 }
diff --git a/subnets.tf b/subnets.tf
@@ -11,4 +11,8 @@ resource "oci_core_subnet" "operator" {
   route_table_id             = var.nat_route_id
   security_list_ids          = [oci_core_security_list.operator.id]
   vcn_id                     = var.vcn_id
+
+  lifecycle {
+    ignore_changes = [freeform_tags]
+  }
 }

Original file line number	Diff line number	Diff line change
`@@ -10,9 +10,8 @@ data "oci_core_services" "all_oci_services" {`
`10`	`10`	`}`
`11`	`11`
`12`	`12`	`data "oci_identity_availability_domain" "ad" {`
`13`		`- compartment_id = var.tenancy_id`
`14`		`-`
`15`		`- ad_number = var.availability_domain`
	`13`	`+ compartment_id = var.compartment_id`
	`14`	`+ ad_number = var.availability_domain`
`16`	`15`	`}`
`17`	`16`
`18`	`17`	`data "oci_identity_tenancy" "tenancy" {`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ output "operator_instance_principal_group_name" {`
`10`	`10`	`}`
`11`	`11`
`12`	`12`	`output "operator_subnet_id" {`
`13`		`- value = data.oci_core_instance.operator.subnet_id`
	`13`	`+ value = oci_core_subnet.operator.id`
`14`	`14`	`}`
`15`	`15`
`16`	`16`	`output "operator_nsg_id" {`
Original file line number	Diff line number	Diff line change
`@@ -61,6 +61,7 @@ resource "oci_core_security_list" "operator" {`
`61`	`61`	`compartment_id = var.compartment_id`
`62`	`62`	`display_name = var.label_prefix == "none" ? "operator" : "${var.label_prefix}-operator"`
`63`	`63`	`freeform_tags = var.freeform_tags`
	`64`	`+ vcn_id = var.vcn_id`
`64`	`65`
`65`	`66`	`# egress rule to the same subnet to allow users to use OCI Bastion service to connect to the operator`
`66`	`67`	`egress_security_rules {`
`@@ -73,5 +74,7 @@ resource "oci_core_security_list" "operator" {`
`73`	`74`	`}`
`74`	`75`	`}`
`75`	`76`
`76`		`- vcn_id = var.vcn_id`
	`77`	`+ lifecycle {`
	`78`	`+ ignore_changes = [freeform_tags]`
	`79`	`+ }`
`77`	`80`	`}`
Original file line number	Diff line number	Diff line change
`@@ -11,4 +11,8 @@ resource "oci_core_subnet" "operator" {`
`11`	`11`	`route_table_id = var.nat_route_id`
`12`	`12`	`security_list_ids = [oci_core_security_list.operator.id]`
`13`	`13`	`vcn_id = var.vcn_id`
	`14`	`+`
	`15`	`+ lifecycle {`
	`16`	`+ ignore_changes = [freeform_tags]`
	`17`	`+ }`
`14`	`18`	`}`