Impossible to create a route rule pointing to private IP in the same subnet

Author: afedorch

CHANGELOG.md

@@ -1,4 +1,9 @@
 ## 3.9.1 (Unreleased)
+
+### Added
+- Support for attaching Route Table to Subnet. Issue [#270](https://github.com/terraform-providers/terraform-provider-oci/issues/270)
+
+
 ## 3.9.0 (December 04, 2018)
 
 ### Added

docs/examples/networking/route_table/attachment/README.md

@@ -0,0 +1,8 @@
+### Use Route Table Attachment to avoid cyclic dependency between Subnet and Route Table
+
+This example uses the `oci_core_route_table_attachment` resource to resolve this dependency cycle problem:
+ * oci_core_vnic_attachment.ExampleVnicAttachment
+ * oci_core_private_ip.TFPrivateIP
+ * oci_core_route_table.ExampleRouteTable 
+ * oci_core_subnet.ExampleSubnet
+ * oci_core_instance.ExampleInstance

docs/examples/networking/route_table/attachment/route_table_attachment.tf

@@ -0,0 +1,105 @@
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "compartment_ocid" {}
+variable "region" {}
+
+variable "instance_image_ocid" {
+  type = "map"
+
+  default = {
+    // See https://docs.us-phoenix-1.oraclecloud.com/images/
+    // Oracle-provided image "Oracle-Linux-7.4-2018.02.21-1"
+    us-phoenix-1 = "ocid1.image.oc1.phx.aaaaaaaaupbfz5f5hdvejulmalhyb6goieolullgkpumorbvxlwkaowglslq"
+
+    us-ashburn-1   = "ocid1.image.oc1.iad.aaaaaaaajlw3xfie2t5t52uegyhiq2npx7bqyu4uvi2zyu3w3mqayc2bxmaa"
+    eu-frankfurt-1 = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaa7d3fsb6272srnftyi4dphdgfjf6gurxqhmv6ileds7ba3m2gltxq"
+    uk-london-1    = "ocid1.image.oc1.uk-london-1.aaaaaaaaa6h6gj6v4n56mqrbgnosskq63blyv2752g36zerymy63cfkojiiq"
+  }
+}
+
+variable "availability_domain" {
+  default = 3
+}
+
+data "oci_identity_availability_domains" "ADs" {
+  compartment_id = "${var.tenancy_ocid}"
+}
+
+variable "instance_shape" {
+  default = "VM.Standard1.8"
+}
+
+provider "oci" {
+  tenancy_ocid     = "${var.tenancy_ocid}"
+  user_ocid        = "${var.user_ocid}"
+  fingerprint      = "${var.fingerprint}"
+  private_key_path = "${var.private_key_path}"
+  region           = "${var.region}"
+}
+
+resource "oci_core_virtual_network" "ExampleVCN" {
+  cidr_block     = "10.1.0.0/16"
+  compartment_id = "${var.compartment_ocid}"
+  display_name   = "TFExampleVCN"
+  dns_label      = "tfexamplevcn"
+}
+
+resource "oci_core_subnet" "ExampleSubnet" {
+  availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain - 1],"name")}"
+  cidr_block          = "10.1.20.0/24"
+  display_name        = "TFExampleSubnet"
+  dns_label           = "tfexamplesubnet"
+
+  compartment_id = "${var.compartment_ocid}"
+  vcn_id         = "${oci_core_virtual_network.ExampleVCN.id}"
+}
+
+resource "oci_core_route_table_attachment" "ExampleRouteTableAttachment" {
+  subnet_id      = "${oci_core_subnet.ExampleSubnet.id}"
+  route_table_id = "${oci_core_route_table.ExampleRouteTable.id}"
+}
+
+resource "oci_core_private_ip" "TFPrivateIP" {
+  vnic_id        = "${oci_core_vnic_attachment.ExampleVnicAttachment.vnic_id}"
+  display_name   = "someDisplayName"
+  hostname_label = "somehostnamelabel"
+}
+
+resource "oci_core_route_table" "ExampleRouteTable" {
+  compartment_id = "${var.compartment_ocid}"
+  vcn_id         = "${oci_core_virtual_network.ExampleVCN.id}"
+  display_name   = "TFExampleRouteTable"
+
+  route_rules {
+    destination       = "0.0.0.0/0"
+    destination_type  = "CIDR_BLOCK"
+    network_entity_id = "${oci_core_private_ip.TFPrivateIP.id}"
+  }
+}
+
+resource "oci_core_vnic_attachment" "ExampleVnicAttachment" {
+  create_vnic_details {
+    subnet_id              = "${oci_core_subnet.ExampleSubnet.id}"
+    skip_source_dest_check = true
+  }
+
+  instance_id = "${oci_core_instance.ExampleInstance.id}"
+}
+
+# Create Instance
+resource "oci_core_instance" "ExampleInstance" {
+  availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain - 1],"name")}"
+  compartment_id      = "${var.compartment_ocid}"
+  display_name        = "TFInstance"
+  hostname_label      = "instance"
+  image               = "${var.instance_image_ocid[var.region]}"
+  shape               = "${var.instance_shape}"
+
+  create_vnic_details {
+    subnet_id              = "${oci_core_subnet.ExampleSubnet.id}"
+    skip_source_dest_check = true
+    assign_public_ip       = true
+  }
+}

oci/core_route_table_attachment_resource.go

@@ -0,0 +1,179 @@
+// Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/terraform/helper/schema"
+
+	oci_core "github.com/oracle/oci-go-sdk/core"
+)
+
+func RouteTableAttachmentResource() *schema.Resource {
+	return &schema.Resource{
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Timeouts: DefaultTimeout,
+		Create:   createRouteTableAttachment,
+		Delete:   deleteRouteTableAttachment,
+		Read:     readRouteTableAttachment,
+		Schema: map[string]*schema.Schema{
+			// Required
+			"subnet_id": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"route_table_id": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+		},
+	}
+}
+
+func createRouteTableAttachment(d *schema.ResourceData, m interface{}) error {
+	sync := &RouteTableAttachmentResourceCrud{}
+	sync.D = d
+	sync.Client = m.(*OracleClients).virtualNetworkClient
+
+	return CreateResource(d, sync)
+}
+
+func deleteRouteTableAttachment(d *schema.ResourceData, m interface{}) error {
+	sync := &RouteTableAttachmentResourceCrud{}
+	sync.D = d
+	sync.Client = m.(*OracleClients).virtualNetworkClient
+	sync.DisableNotFoundRetries = true
+
+	return DeleteResource(d, sync)
+}
+
+func readRouteTableAttachment(d *schema.ResourceData, m interface{}) error {
+	sync := &RouteTableAttachmentResourceCrud{}
+	sync.D = d
+	sync.Client = m.(*OracleClients).virtualNetworkClient
+	sync.DisableNotFoundRetries = true
+
+	return ReadResource(sync)
+}
+
+type RouteTableAttachmentResourceCrud struct {
+	BaseCrud
+	Client                 *oci_core.VirtualNetworkClient
+	Res                    *oci_core.Subnet
+	DisableNotFoundRetries bool
+}
+
+func getRouteTableAttachmentId(subnetId string, routeTableId string) string {
+	return subnetId + "/" + routeTableId
+}
+
+func parseRouteTableAttachmentId(id string) (subnetId string, routTableId string, err error) {
+	parts := strings.Split(id, "/")
+	if len(parts) < 2 {
+		err = fmt.Errorf("illegal id %s encountered", id)
+	}
+	subnetId, routTableId = parts[0], parts[1]
+
+	return
+}
+
+func (s *RouteTableAttachmentResourceCrud) ID() string {
+	return getRouteTableAttachmentId(*s.Res.Id, *s.Res.RouteTableId)
+}
+
+func (s *RouteTableAttachmentResourceCrud) Create() error {
+	request := oci_core.UpdateSubnetRequest{}
+
+	if routeTableId, ok := s.D.GetOkExists("route_table_id"); ok {
+		tmp := routeTableId.(string)
+		request.RouteTableId = &tmp
+	}
+
+	if subnetId, ok := s.D.GetOkExists("subnet_id"); ok {
+		tmp := subnetId.(string)
+		request.SubnetId = &tmp
+	}
+
+	request.RequestMetadata.RetryPolicy = getRetryPolicy(s.DisableNotFoundRetries, "core")
+	response, err := s.Client.UpdateSubnet(context.Background(), request)
+	if err != nil {
+		return err
+	}
+
+	s.Res = &response.Subnet
+	return nil
+}
+
+func (s *RouteTableAttachmentResourceCrud) Get() error {
+
+	subnetId, routeTableId, err := parseRouteTableAttachmentId(s.D.Id())
+	if err != nil {
+		return err
+	}
+	request := oci_core.GetSubnetRequest{}
+	request.SubnetId = &subnetId
+	request.RequestMetadata.RetryPolicy = getRetryPolicy(s.DisableNotFoundRetries, "core")
+	response, err := s.Client.GetSubnet(context.Background(), request)
+	if err != nil {
+		return err
+	}
+
+	if response.Subnet.RouteTableId == nil || *response.Subnet.RouteTableId != routeTableId {
+		return fmt.Errorf("inconsistent route table id received: %s expected: %s", *response.Subnet.RouteTableId, routeTableId)
+	}
+
+	s.Res = &response.Subnet
+	return nil
+}
+
+func (s *RouteTableAttachmentResourceCrud) Delete() error {
+
+	var subnetIdStr = s.D.Get("subnet_id").(string)
+	var retryPolicy = getRetryPolicy(s.DisableNotFoundRetries, "core")
+
+	subnetRequest := oci_core.GetSubnetRequest{}
+	subnetRequest.SubnetId = &subnetIdStr
+	subnetRequest.RequestMetadata.RetryPolicy = retryPolicy
+	subnetResponse, err := s.Client.GetSubnet(context.Background(), subnetRequest)
+	if err != nil {
+		return err
+	}
+
+	vcnRequest := oci_core.GetVcnRequest{}
+	vcnRequest.VcnId = subnetResponse.VcnId
+	vcnRequest.RequestMetadata.RetryPolicy = retryPolicy
+	vcnResponse, err := s.Client.GetVcn(context.Background(), vcnRequest)
+	if err != nil {
+		return err
+	}
+
+	updateSubnetRequest := oci_core.UpdateSubnetRequest{}
+	updateSubnetRequest.RouteTableId = vcnResponse.DefaultRouteTableId
+	updateSubnetRequest.SubnetId = &subnetIdStr
+	updateSubnetRequest.RequestMetadata.RetryPolicy = retryPolicy
+	updateSubnetResponse, err := s.Client.UpdateSubnet(context.Background(), updateSubnetRequest)
+	if err != nil {
+		return err
+	}
+
+	s.Res = &updateSubnetResponse.Subnet
+	return nil
+}
+
+func (s *RouteTableAttachmentResourceCrud) SetData() error {
+
+	s.D.Set("subnet_id", *s.Res.Id)
+
+	if s.Res.RouteTableId != nil {
+		s.D.Set("route_table_id", *s.Res.RouteTableId)
+	}
+
+	return nil
+}

oci/core_route_table_attachment_test.go

@@ -0,0 +1,93 @@
+// Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+
+package provider
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+var (
+	routeTableAttachmentRepresentation = map[string]interface{}{
+		"subnet_id":      Representation{repType: Required, create: `${oci_core_subnet.test_subnet.id}`},
+		"route_table_id": Representation{repType: Required, create: `${oci_core_route_table.test_route_table.id}`},
+	}
+
+	RouteTableResourceAttachmentDependencies = SubnetResourceConfig
+)
+
+func TestCoreRouteTableAttachmentResource_basic(t *testing.T) {
+	provider := testAccProvider
+	config := testProviderConfig()
+
+	compartmentId := getEnvSettingWithBlankDefault("compartment_ocid")
+	compartmentIdVariableStr := fmt.Sprintf("variable \"compartment_id\" { default = \"%s\" }\n", compartmentId)
+
+	resourceName := "oci_core_route_table_attachment.test_route_table_attachment"
+
+	var resId string
+	var routeTableIdFromRT string
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() { testAccPreCheck(t) },
+		Providers: map[string]terraform.ResourceProvider{
+			"oci": provider,
+		},
+		Steps: []resource.TestStep{
+			// verify create
+			{
+				Config: config + compartmentIdVariableStr + RouteTableResourceAttachmentDependencies +
+					generateResourceFromRepresentationMap("oci_core_route_table_attachment", "test_route_table_attachment", Required, Create, routeTableAttachmentRepresentation),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					func(s *terraform.State) (err error) {
+						resId, err = fromInstanceState(s, resourceName, "id")
+						if err != nil {
+							return err
+						}
+
+						routeTableIdFromRT, err := fromInstanceState(s, "oci_core_route_table.test_route_table", "id")
+						if err != nil {
+							return err
+						}
+
+						routeTableIdFromSubnet, err := fromInstanceState(s, "oci_core_subnet.test_subnet", "route_table_id")
+						if routeTableIdFromRT != routeTableIdFromSubnet {
+							return fmt.Errorf("requested routeTable was not attached to the subnet")
+						}
+						return err
+					},
+				),
+			},
+			// verify delete
+			{
+				Config:             config + compartmentIdVariableStr + RouteTableResourceAttachmentDependencies,
+				ExpectNonEmptyPlan: true,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					func(s *terraform.State) (err error) {
+						routeTableIdFromSubnet, err := fromInstanceState(s, "oci_core_subnet.test_subnet", "route_table_id")
+						if routeTableIdFromRT == routeTableIdFromSubnet {
+							return fmt.Errorf("requested routeTable was not detached from the subnet")
+						}
+						return err
+					},
+				),
+			},
+			// create attachment to import
+			{
+				Config: config + compartmentIdVariableStr + RouteTableResourceAttachmentDependencies +
+					generateResourceFromRepresentationMap("oci_core_route_table_attachment", "test_route_table_attachment", Required, Create, routeTableAttachmentRepresentation),
+			},
+			// verify resource import
+			{
+				Config:                  config,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{},
+				ResourceName:            resourceName,
+			},
+		},
+	})
+}