Allow VPC attachment to a DRG located in another compartment

[thpham]

Community note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

In the context of VPC attachments to a DRG which is in another compartment (because potentially managed by other Network dept.), we would like to be able to use this module close to where we create the VPCs which will be attached to it. Therefore, beside the policies statements* required to do the attachments, we would need to adapt the current code with the terraform proposition below.

Note:

policy statements required to attach VPCs in another compartment than the DRG.

Allow group '<group-name>' to use drg in compartment '<drg-cmp-ocid>',
Allow group '<group-name>' to manage drg-route-tables in compartment '<drg-cmp-ocid>',
Allow group '<group-name>' to manage drg-attachment in compartment '<drg-cmp-ocid>'

New or existing resource(s)

• add a new variable drg_compartment_id which is null by default
• modify the datasource data.oci_core_drgs.drg_data to use it in case the DRG is in another compartment.

Example Terraform configuration

data "oci_core_drgs" "drg_data" {
  compartment_id = coalesce(var.drg_compartment_id, var.compartment_id)

  filter {
    name   = "id"
    values = [var.drg_id == null ? "none" : var.drg_id]
  }

}

References

[thpham]

The branch with the proposition is ready here: https://github.com/thpham/terraform-oci-drg/commits/fix/issue-14-drg-attachment-another-cmp

I'm just waiting the Oracle contribution Agreement to be validated and completed on my company side.