adding localGatewayPeering resource to enable VCN Local Peering

Author: rcohenma

crud/helpers.go

@@ -301,9 +301,7 @@ func UpdateResource(d *schema.ResourceData, sync ResourceUpdater) (e error) {
 func DeleteResource(d *schema.ResourceData, sync ResourceDeleter) (e error) {
 	if e = sync.Delete(); e != nil {
 		handleMissingResourceError(sync, &e)
-		if e != nil {
-			return
-		}
+		return
 	}
 
 	//d.SetId(sync.ID())

docs/core/local_peering_gateways.md

@@ -0,0 +1,93 @@
+# oci_core_local_peering_gateway
+
+## LocalPeeringGateway Resource
+
+### LocalPeeringGateway Reference
+
+The following attributes are exported:
+
+* `compartment_id` - The OCID of the compartment containing the Local Peering Gateway (LPG).
+* `display_name` - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information. 
+* `id` - The LPG's Oracle ID (OCID).
+* `is_cross_tenancy_peering` - Whether the VCN at the other end of the peering is in a different tenancy.  Cross tenancy local peering will be enabled when identity enables cross-tenancy authorization policies. Example: `false` 
+* `peer_advertised_cidr` - The range of IP addresses available on the VCN at the other end of the peering from this LPG. The value is `null` if the LPG is not peered. You can use this as the destination CIDR for a route rule to route a subnet's traffic to this LPG.  Example: `192.168.0.0/16` 
+* `peering_status` - Whether the LPG is peered with another LPG. `NEW` means the LPG has not yet been peered. `PENDING` means the peering is being established. `REVOKED` means the LPG at the other end of the peering has been deleted. 
+* `peering_status_details` - Additional information regarding the peering status, if applicable.
+* `state` - The LPG's current lifecycle state.
+* `time_created` - The date and time the LPG was created, in the format defined by RFC3339.  Example: `2016-08-25T21:10:29.600Z` 
+* `vcn_id` - The OCID of the VCN the LPG belongs to.
+
+
+
+### Create Operation
+Creates a new local peering gateway (LPG) for the specified VCN.
+
+* Specifying a peer_id creates a connection to the specified LPG ID. 
+* If the specified peer_id is also a resource in the terraform config you will have do a `terraform refresh` after the `terraform apply` in order to get the latest connection information on that resource.
+* To disconnect the peering connection at least one of the LPG resources in the connection will have to be destroyed, however in terraform we recommend that when one LPG is destroyed the peer should also be destroyed. If one of them is not destroyed it will have a `REVOKED` peering_status. If another LPG resource tries to connect to this LPG resource it will get a `400 Error: The Local Peering Gateway with ID X has already been connected`. To solve this you will have to run `terraform taint oci_core_local_peering_gateway.test_local_peering_gateway` on that resource or target delete it `terraform destroy -target="oci_core_local_peering_gateway.test_local_peering_gateway"`.
+
+
+The following arguments are supported:
+
+* `compartment_id` - (Required) The OCID of the compartment containing the local peering gateway (LPG).
+* `display_name` - (Optional) A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information. 
+* `peer_id` - (Optional) The OCID of the LPG you want to peer with. Specifying a peer_id connects this local peering gateway (LPG) to another one in the same region. This operation must be called by the VCN administrator who is designated as the *requestor* in the peering relationship. The *acceptor* must implement an Identity and Access Management (IAM) policy that gives the requestor permission to connect to LPGs in the acceptor's compartment. Without that permission, this operation will fail. For more information, see [VCN Peering](https://docs.us-phoenix-1.oraclecloud.com/Content/Network/Tasks/VCNpeering.htm).
+* `vcn_id` - (Required) The OCID of the VCN the LPG belongs to.
+
+
+### Update Operation
+Updates the specified local peering gateway (LPG).
+
+
+The following arguments support updates:
+* `display_name` - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information. 
+
+
+** IMPORTANT **
+Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
+
+### Example Usage
+
+```
+resource "oci_core_local_peering_gateway" "test_local_peering_gateway" {
+	#Required
+	compartment_id = "${var.compartment_id}"
+	vcn_id = "${oci_core_vcn.test_vcn.id}"
+
+	#Optional
+	display_name = "${var.local_peering_gateway_display_name}"
+	peer_id = "${oci_core_local_peering_gateway.test_local_peering_gateway2}"
+}
+```
+
+# oci_core_local_peering_gateways
+
+## LocalPeeringGateway DataSource
+
+Gets a list of local_peering_gateways.
+
+### List Operation
+Lists the local peering gateways (LPGs) for the specified VCN and compartment
+(the LPG's compartment).
+
+The following arguments are supported:
+
+* `compartment_id` - (Required) The OCID of the compartment.
+* `vcn_id` - (Required) The OCID of the VCN.
+
+
+The following attributes are exported:
+
+* `local_peering_gateways` - The list of local_peering_gateways.
+
+### Example Usage
+
+```
+data "oci_core_local_peering_gateways" "test_local_peering_gateways" {
+	#Required
+	compartment_id = "${var.compartment_id}"
+	vcn_id = "${oci_core_vcn.test_vcn.id}"
+
+	#Optional
+}
+```

docs/examples/networking/local_vcn_peering/local_vcn_peering.tf

@@ -0,0 +1,81 @@
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "compartment_ocid" {}
+variable "region" {}
+
+provider "oci" {
+  tenancy_ocid = "${var.tenancy_ocid}"
+  user_ocid = "${var.user_ocid}"
+  fingerprint = "${var.fingerprint}"
+  private_key_path = "${var.private_key_path}"
+  region = "${var.region}"
+}
+
+resource "oci_core_vcn" "vcn1" {
+  cidr_block = "10.0.1.0/24"
+  dns_label = "vcn1"
+  compartment_id = "${var.compartment_ocid}"
+  display_name = "vcn1"
+}
+
+resource "oci_core_vcn" "vcn2" {
+  cidr_block = "10.0.2.0/24"
+  dns_label = "vcn2"
+  compartment_id = "${var.compartment_ocid}"
+  display_name = "vcn2"
+}
+
+resource "oci_core_vcn" "vcn3" {
+  cidr_block = "10.0.3.0/24"
+  dns_label = "vcn3"
+  compartment_id = "${var.compartment_ocid}"
+  display_name = "vcn3"
+}
+
+# Peer vcn1 and vcn2 to vcn3. You need one peering gateway on each VCN per peering connection.
+
+resource "oci_core_local_peering_gateway" "test_local_peering_gateway_1" {
+	#Required
+	compartment_id = "${var.compartment_ocid}"
+	vcn_id = "${oci_core_vcn.vcn1.id}"
+
+	#Optional
+	display_name = "localPeeringGateway1"
+	peer_id = "${oci_core_local_peering_gateway.test_local_peering_gateway_3_A.id}"
+}
+
+resource "oci_core_local_peering_gateway" "test_local_peering_gateway_2" {
+	#Required
+	compartment_id = "${var.compartment_ocid}"
+	vcn_id = "${oci_core_vcn.vcn2.id}"
+
+	#Optional
+	display_name = "localPeeringGateway2"
+	peer_id = "${oci_core_local_peering_gateway.test_local_peering_gateway_3_B.id}"
+}
+
+resource "oci_core_local_peering_gateway" "test_local_peering_gateway_3_A" {
+    #Required
+    compartment_id = "${var.compartment_ocid}"
+    vcn_id = "${oci_core_vcn.vcn3.id}"
+
+    #Optional
+    display_name = "localPeeringGateway3A"
+}
+
+resource "oci_core_local_peering_gateway" "test_local_peering_gateway_3_B" {
+    #Required
+    compartment_id = "${var.compartment_ocid}"
+    vcn_id = "${oci_core_vcn.vcn3.id}"
+
+    #Optional
+    display_name = "localPeeringGateway3B"
+}
+
+data "oci_core_local_peering_gateways" "test_local_peering_gateways" {
+	#Required
+	compartment_id = "${var.compartment_ocid}"
+	vcn_id = "${oci_core_vcn.vcn3.id}"
+}

docs/examples/networking/local_vcn_peering_full/README.md

@@ -0,0 +1,17 @@
+# Local VCN Peering Example
+
+This example demonstrates how to do a VCN local peering connection using Local Peering Gateway (LPG) resources when you have different administrators of the VCNs in the connection.
+
+** IMPORTANT **
+You would not want to use this example the way it is written as it uses multiple users. This example is there to demonstrate the workflow of establishing a local peering connection when the 2 VCNs are administered by different users.
+
+This example creates policies so it should be run in the home region.
+
+One of the users will have the `requestor` LPG that will request a local peering connection to the `acceptor` LPG that is managed by a different user. See [Local VCN Peering](https://docs.us-phoenix-1.oraclecloud.com/Content/Network/Tasks/localVCNpeering.htm) for more details.
+
+* policies.tf show the policies that are needed for each of the users.
+* requestor.tf shows what the requestor config would look like, including the LPG, the Route Table and the Security List.
+* acceptor.tf shows what the acceptor config would look like, including the LPG, the Route Table and the Security List.
+
+An instance is created on the requestor side and the acceptor side so that you can test the connection. 
+You can SSH to one of the instances using its public IP and try to PING from there the other instance using its Private IP.

docs/examples/networking/local_vcn_peering_full/acceptor.tf

@@ -0,0 +1,121 @@
+variable "user_acceptor" {}
+variable "compartment_ocid_acceptor" {}
+variable "compartment_name_acceptor" {}
+variable "fingerprint_acceptor" {}
+variable "private_key_path_acceptor" {}
+
+variable "acceptor_cidr" {
+	default = "10.1.0.0/16"
+}
+
+provider "oci" {
+  alias = "acceptor"
+  region = "${var.region}"
+  tenancy_ocid = "${var.tenancy_ocid}"
+  user_ocid = "${var.user_acceptor}"
+  fingerprint = "${var.fingerprint_acceptor}"
+  private_key_path = "${var.private_key_path_acceptor}"
+}
+
+resource "oci_core_vcn" "vcn2" {
+  depends_on = ["oci_identity_policy.acceptor_policy", "oci_identity_user_group_membership.acceptor_user_group_membership"]
+  provider = "oci.acceptor"
+  display_name = "vcn2"
+  dns_label = "vcn2"
+  cidr_block = "${var.acceptor_cidr}"
+  compartment_id = "${var.compartment_ocid_acceptor}"
+}
+
+resource "oci_core_local_peering_gateway" "acceptor" {
+  depends_on = ["oci_identity_policy.acceptor_policy", "oci_identity_user_group_membership.acceptor_user_group_membership"]
+  provider = "oci.acceptor"
+  compartment_id = "${var.compartment_ocid_acceptor}"
+  vcn_id = "${oci_core_vcn.vcn2.id}"
+  display_name = "localPeeringGateway2"
+}
+
+resource "oci_core_internet_gateway" "acceptorIG" {
+  depends_on = ["oci_identity_policy.acceptor_policy", "oci_identity_user_group_membership.acceptor_user_group_membership"]
+  provider = "oci.acceptor"
+  compartment_id = "${var.compartment_ocid_acceptor}"
+  display_name = "acceptorIG"
+  vcn_id = "${oci_core_vcn.vcn2.id}"
+}
+
+resource "oci_core_route_table" "acceptor_route_table" {
+  depends_on = ["oci_identity_policy.acceptor_policy", "oci_identity_user_group_membership.acceptor_user_group_membership"]
+  provider = "oci.acceptor"
+  compartment_id = "${var.compartment_ocid_acceptor}"
+  vcn_id = "${oci_core_vcn.vcn2.id}"
+  display_name = "acceptorRouteTable"
+  route_rules {
+    cidr_block = "${var.requestor_cidr}"
+    network_entity_id = "${oci_core_local_peering_gateway.acceptor.id}"
+  }
+  route_rules {
+    cidr_block = "0.0.0.0/0"
+    network_entity_id = "${oci_core_internet_gateway.acceptorIG.id}"	
+  }
+}
+
+resource "oci_core_security_list" "acceptor_security_list" {
+  depends_on = ["oci_identity_policy.acceptor_policy", "oci_identity_user_group_membership.acceptor_user_group_membership"]
+  provider = "oci.acceptor"
+  compartment_id = "${var.compartment_ocid_acceptor}"
+  vcn_id = "${oci_core_vcn.vcn2.id}"
+  display_name = "AcceptorSecurityList"
+
+  egress_security_rules {
+    destination = "${var.requestor_cidr}"
+    protocol = "all"
+  }
+
+  ingress_security_rules {
+    protocol = "all" 
+    source = "${var.requestor_cidr}"
+  }
+
+  ingress_security_rules {
+    protocol = "${var.tcp_protocol}"
+    source = "0.0.0.0/0"
+	tcp_options {
+      max = "${var.ssh_port}"
+      min = "${var.ssh_port}"
+	}
+  }
+}
+
+resource "oci_core_subnet" "acceptor_subnet" {
+  depends_on = ["oci_identity_policy.acceptor_policy", "oci_identity_user_group_membership.acceptor_user_group_membership"]
+  provider = "oci.acceptor"
+  availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[0],"name")}"
+  cidr_block = "${cidrsubnet("${var.acceptor_cidr}", 4, 0)}"
+  display_name = "AcceptorSubnet"
+  dns_label = "acceptorsubnet"
+  compartment_id = "${var.compartment_ocid_acceptor}"
+  vcn_id = "${oci_core_vcn.vcn2.id}"
+  security_list_ids = ["${oci_core_security_list.acceptor_security_list.id}"]
+  route_table_id = "${oci_core_route_table.acceptor_route_table.id}"
+  dhcp_options_id = "${oci_core_vcn.vcn2.default_dhcp_options_id}"
+}
+
+resource "oci_core_instance" "acceptor_instance" {
+  depends_on = ["oci_identity_policy.acceptor_policy", "oci_identity_user_group_membership.acceptor_user_group_membership"]
+  provider = "oci.acceptor"
+  availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[0],"name")}"
+  compartment_id = "${var.compartment_ocid_acceptor}"
+  display_name = "acceptorInstance"
+  image = "${var.InstanceImageOCID[var.region]}"
+  shape = "${var.InstanceShape}"
+
+  create_vnic_details {
+    subnet_id = "${oci_core_subnet.acceptor_subnet.id}"
+    display_name = "primaryvnic"
+    assign_public_ip = true
+    hostname_label = "acceptorinstance"
+  },
+
+  metadata {
+    ssh_authorized_keys = "${var.ssh_public_key}"
+  }
+}

docs/examples/networking/local_vcn_peering_full/common.tf

@@ -0,0 +1,31 @@
+variable "ssh_public_key" {}
+
+variable "InstanceShape" {
+    default = "VM.Standard1.2"
+}
+
+variable "InstanceImageOCID" {
+    type = "map"
+    default = {
+        // See https://docs.us-phoenix-1.oraclecloud.com/Content/Resources/Assets/OracleProvidedImageOCIDs.pdf
+        // Oracle-provided image "Oracle-Linux-7.4-2018.02.21-1"
+        us-phoenix-1 = "ocid1.image.oc1.phx.aaaaaaaaupbfz5f5hdvejulmalhyb6goieolullgkpumorbvxlwkaowglslq"
+        us-ashburn-1 = "ocid1.image.oc1.iad.aaaaaaaajlw3xfie2t5t52uegyhiq2npx7bqyu4uvi2zyu3w3mqayc2bxmaa"
+        eu-frankfurt-1 = "ocid1.image.oc1.eu-frankfurt1.aaaaaaaa7d3fsb6272srnftyi4dphdgfjf6gurxqhmv6ileds7ba3m2gltxq"
+        uk-london-1 = "ocid1.image.oc1.uk-london1.aaaaaaaaa6h6gj6v4n56mqrbgnosskq63blyv2752g36zerymy63cfkojiiq"
+    }
+}
+
+variable "tcp_protocol" {
+	default = "6"
+}
+
+variable "ssh_port" {
+	default = "22"
+}
+
+data "oci_identity_availability_domains" "ADs" {
+  provider = "oci.admin"
+  compartment_id = "${var.tenancy_ocid}"
+}
+

docs/examples/networking/local_vcn_peering_full/output.tf

@@ -0,0 +1,18 @@
+# You can test the peering connection by ssh-ing into an instance (using the public_ip) and doing a ping command to the private IP address of the other instance"]
+
+output "requestorInstancePublicIP" {
+    value = ["${oci_core_instance.requestor_instance.public_ip}"]
+}
+
+output "requestorInstancePrivateIP" {
+    value = ["${oci_core_instance.requestor_instance.private_ip}"]
+}
+
+output "acceptorInstancePublicIP" {
+    value = ["${oci_core_instance.acceptor_instance.public_ip}"]
+}
+
+output "acceptorInstancePrivateIP" {
+    value = ["${oci_core_instance.acceptor_instance.private_ip}"]
+}
+