Enabling later Reassignment of reserved Public IPs to Private IPs in Terraform (as in the console) #1802
Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
We would like to reuse existing reserved public IPs created using resource "oci_core_public_ip". But assign it afterward to any compute resource (lb,instance).
But for now there is no way to do it in terraform.
- If the oci_core_public_ip is created with the instance it will be destroyed as well which defeats the purpose of reserved IPs.
- The block resource "oci_core_instance" does not have an option to attach or associate the VNIC to an existing public IP.
create_vnic_details {} has only a boolean attribute linked to public IPs.
#assign_public_ip ⇒ BOOLEAN Whether the VNIC should be assigned a public IP address.
However it is definitely possible to later assign an existing Public IP to a VNIC through rest API (UpdatePublicIp) or via the console as shown below
- Similar issues/requests were created Use reserved public IP when creating instance #1565 and oci_core_instance assigning oci_core_public_ip #1730 and here Option to Choose IP address when creating compute instance #1458
New or Affected Resource(s)
either of the 2
- resource "oci_core_instance" could be modified to allow this option. Maybe a new resource to assign and unassign public ip.
- new/updated resource "oci_core_public_ip_assign/modify" to allow assignment modification
Potential Terraform Configuration
since REST API has it already it won't require reinventing the wheel.
- Option A. A new section that assign a VNIC. This would be the most basic since OCI allows more VNIC.
resource "oci_core_instance" "test_instance" {
...
assign_vnic_details {
public_ip = oci_core_public_ip.test_public_ip.id
...
}
...
}
- Option B. new oci_core_public_ip_assign resource
resource "oci_core_public_ip_assign" "test_public_ip_assign" {
#Required
compartment_id = var.compartment_id # target private IP compartment
id = oci_core_public_ip.test_public_ip.id
private_ip_id = var.public_ip_private_ip_id # oci_core_private_ip.myvnic_private_ip.id
...
}
Proposed Workaround that doesn't work
A workaround has already proposed couple of times here #1565 (comment) and here #1649 (comment)
But it doesn't work
example :
resource "oci_core_public_ip" "bastion_ip" {
compartment_id = var.network_compartment_id != "" ? var.network_compartment_id : var.compartment_id
display_name = var.bastion_identifier != "" ? join("-", ["ip-bastion-pub", var.bastion_identifier]) : "ip-bastion-pub"
lifetime = "RESERVED"
private_ip_id = data.oci_core_private_ips.bastion.private_ips[0]["id"]
defined_tags = var.defined_tags
lifecycle {
prevent_destroy = true
}
}
But your terraform destroy will fail miserably as shown below .
╷
│ Error: Instance cannot be destroyed
│
│ on compute.tf line 91:
│ 91: resource "oci_core_public_ip" "bastion_ip" {
│
│ Resource oci_core_public_ip.bastion has lifecycle.prevent_destroy set, but the plan calls for this resource to be destroyed. To
│ avoid this error and continue with the plan, either disable lifecycle.prevent_destroy or reduce the scope of the plan using the -target flag.
╵
terraform is clean, don't make it dirty.