You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
We are currently facing some limitations for the following OCI resources:
"oci_core_private_ip"
"create_vnic_details"
"oci_core_route_table"
In our use case , we first deploy the infrastructure including the VCN, subnets and Route tables via main pipeline and then deploy the firewall VMs via separate pipeline.
In main pipeline code, we require Route Table entry with firewall IP as next hop to force traffic through the firewall. This entry requires IP OCID which is not available during the first run as FW is not deployed yet. We are forced to re-run the intial pipeline after the FW is deployed , so that Route table entries are refreshed/updated with FW IPs as next hop in routing rules. Also anytime FW is redeployed for some reason , the first pipeline needs to be run again.
Can we enhance "oci_core_private_ip" so that :
a) it can create the unattached IP (not attached to any VNIC)
b) accepts the subnet_id while the vnic_id as optional
Can we enahnce the "oci_core_vnic_attachment" so that :
a) it can support multiple "create_vnic_details" blocks , so that we can attach additional IP with same interface.
In our use case , FW VM requires two IPs on the same interface. Currently we have to use ""oci_core_private_ip" to attach second IP on the same interface.
b) "private_ip" field in that block can accept the pre-exiting IP (which was earlier created with "oci_core_private_ip" resource)
Can we enhance the "oci_core_route_table" so that :
a) network_entity_id field can accept 32bit "IP Address" instead of IP OCID as next hop.
This will help pre-populate the Route table (before the FW VM deployment)
Further can we have some additional resource available to just update the route rules in Routing table ? In current "oci_core_route_table" resource , we are forced to define all the routing rules when creating this resource. We need something similar to "oci_core_drg_route_table_route_rule".
Community Note
Description
We are currently facing some limitations for the following OCI resources:
"oci_core_private_ip"
"create_vnic_details"
"oci_core_route_table"
In our use case , we first deploy the infrastructure including the VCN, subnets and Route tables via main pipeline and then deploy the firewall VMs via separate pipeline.
In main pipeline code, we require Route Table entry with firewall IP as next hop to force traffic through the firewall. This entry requires IP OCID which is not available during the first run as FW is not deployed yet. We are forced to re-run the intial pipeline after the FW is deployed , so that Route table entries are refreshed/updated with FW IPs as next hop in routing rules. Also anytime FW is redeployed for some reason , the first pipeline needs to be run again.
Can we enhance "oci_core_private_ip" so that :
a) it can create the unattached IP (not attached to any VNIC)
b) accepts the subnet_id while the vnic_id as optional
Can we enahnce the "oci_core_vnic_attachment" so that :
a) it can support multiple "create_vnic_details" blocks , so that we can attach additional IP with same interface.
In our use case , FW VM requires two IPs on the same interface. Currently we have to use ""oci_core_private_ip" to attach second IP on the same interface.
b) "private_ip" field in that block can accept the pre-exiting IP (which was earlier created with "oci_core_private_ip" resource)
Can we enhance the "oci_core_route_table" so that :
a) network_entity_id field can accept 32bit "IP Address" instead of IP OCID as next hop.
This will help pre-populate the Route table (before the FW VM deployment)
Further can we have some additional resource available to just update the route rules in Routing table ? In current "oci_core_route_table" resource , we are forced to define all the routing rules when creating this resource. We need something similar to "oci_core_drg_route_table_route_rule".
New or Affected Resource(s)
"oci_core_private_ip"
"create_vnic_details"
"oci_core_route_table"
Potential Terraform Configuration
References
The text was updated successfully, but these errors were encountered: