Difficulty importing network resources within VCN

[darkfibre]

Terraform Version

Terraform v0.11.1

OCI Provider Version

2.0.4 - 2017-11-2

Description:

I am having difficulties importing existing network resources that reside within a VCN, I'm not sure if this is an issue with the OCI provider or with Terraform itself. The import succeeds, but it looks like the import action does not associate the vcn_id with the imported resource so any subsequent terraform plan/apply wants to recreate everything. Details / steps to reproduce:

Manually create the "test1" VCN.

Manually create the "test1-IG" Internet gateway inside the VCN, in the same container.

Import the VCN-

# terraform import oci_core_virtual_network.test1 ocid1.vcn.oc1.iad.aaaaaaaazj46i3d75gkiirwsxb4wcwmnvfwhca55wqchxndkzl6j3wlwm4oa
oci_core_virtual_network.test1: Importing from ID "ocid1.vcn.oc1.iad.aaaaaaaazj46i3d75gkiirwsxb4wcwmnvfwhca55wqchxndkzl6j3wlwm4oa"...
oci_core_virtual_network.test1: Import complete!
  Imported oci_core_virtual_network (ID: ocid1.vcn.oc1.iad.aaaaaaaazj46i3d75gkiirwsxb4wcwmnvfwhca55wqchxndkzl6j3wlwm4oa)
oci_core_virtual_network.test1: Refreshing state... (ID: ocid1.vcn.oc1.iad.aaaaaaaazj46i3d75gkiirwsxb4wcwmnvfwhca55wqchxndkzl6j3wlwm4oa)

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

Import the IG-

terraform import oci_core_internet_gateway.test1-IG ocid1.internetgateway.oc1.iad.aaaaaaaaypy65vi3pvdw7xrnhc5e3treq3bbrv3uemumyfrwc6pvv3m7pzua
oci_core_internet_gateway.test1-IG: Importing from ID "ocid1.internetgateway.oc1.iad.aaaaaaaaypy65vi3pvdw7xrnhc5e3treq3bbrv3uemumyfrwc6pvv3m7pzua"...
oci_core_internet_gateway.test1-IG: Import complete!
  Imported oci_core_internet_gateway (ID: ocid1.internetgateway.oc1.iad.aaaaaaaaypy65vi3pvdw7xrnhc5e3treq3bbrv3uemumyfrwc6pvv3m7pzua)
oci_core_internet_gateway.test1-IG: Refreshing state... (ID: ocid1.internetgateway.oc1.iad.aaaaaaaay...rnhc5e3treq3bbrv3uemumyfrwc6pvv3m7pzua)

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

Make sure the resources in your terraform file match what you imported-

resource "oci_core_virtual_network" "test1" {
  cidr_block = "10.1.1.0/24"
  compartment_id = "${var.vcn_compartment_ocid}"
  display_name = "test1"
  dns_label = "test1"
}

resource "oci_core_internet_gateway" "test1-IG" {
    compartment_id = "${var.vcn_compartment_ocid}"
    display_name = "test1-internet"
    vcn_id = "${oci_core_virtual_network.test1.id}"
}

Then run a terraform plan-

# terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

oci_core_virtual_network.test1: Refreshing state... (ID: ocid1.vcn.oc1.iad.aaaaaaaazj46i3d75gkiirwsxb4wcwmnvfwhca55wqchxndkzl6j3wlwm4oa)
data.oci_identity_availability_domains.ADs: Refreshing state...
oci_core_internet_gateway.test1-IG: Refreshing state... (ID: ocid1.internetgateway.oc1.iad.aaaaaaaay...rnhc5e3treq3bbrv3uemumyfrwc6pvv3m7pzua)

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

-/+ oci_core_internet_gateway.test1-IG (new resource required)
      id:             "ocid1.internetgateway.oc1.iad.aaaaaaaaypy65vi3pvdw7xrnhc5e3treq3bbrv3uemumyfrwc6pvv3m7pzua" => <computed> (forces new resource)
      compartment_id: "ocid1.compartment.oc1..aaaaaaaaxqismqcwcjzbv3rgwb5ns5i7etdgqnbia3vbpstfol7o6l7zftua" => "ocid1.compartment.oc1..aaaaaaaaxqismqcwcjzbv3rgwb5ns5i7etdgqnbia3vbpstfol7o6l7zftua"
      display_name:   "test1-IG" => "test1-internet"
      enabled:        "true" => "true"
      state:          "AVAILABLE" => <computed>
      time_created:   "2017-12-08 15:55:35.87 +0000 UTC" => <computed>
      time_modified:  "0001-01-01 00:00:00 +0000 UTC" => <computed>
      vcn_id:         "" => "ocid1.vcn.oc1.iad.aaaaaaaazj46i3d75gkiirwsxb4wcwmnvfwhca55wqchxndkzl6j3wlwm4oa" (forces new resource)


Plan: 1 to add, 0 to change, 1 to destroy.

[parweza]

There is bug in OCI provider because of which we are not setting vcn_id during import https://github.com/oracle/terraform-provider-oci/blob/master/provider/core_internet_gateway_resource.go#L167-L173

[darkfibre]

Thank you for the quick fix. I should note that the Internet Gateway was one example, I was having the same issue with route tables. I kinda stopped trying after that, so I don't know if there are other resources with the same problem. Another edit: Quickly looking through the code for the other resources on my list, it seems dhcp_options also has the problem in addition to route tables and internet gateways- https://github.com/oracle/terraform-provider-oci/blob/master/provider/core_dhcp_options_resource.go#L169

[rohanbhattacharjee]

#388 Addresses this issue for the route_tables and dhcp_options.

[KnightOfNight]

I have encountered another case of this bug. When importing the default route table, the attribute "manage_default_resource_id" is not set so after importing it, the plan wants to delete and recreate it. Adding this attribute manually prevents that. I set it to the same ID as the resource itself.

[alexng-canuck]

Thanks for the feedback @KnightOfNight. We will look at addressing this.

One possible fix is to change ResourceImporter for default resources, to set the "manage_default_resource_id" attribute to the given ID.

[alexng-canuck]

@briangustafson also brought up a good point that default resources don't need to be imported in most cases. You could just add the default resource to your config with all the values you want it to have and Terraform would apply them to your existing resource (without deleting/recreating it).

That being said, there are cases where one may want to import the resource without modifying it and without having to supply all required resource values. In this case, import would help you get all the values of that resource since you only need to specify the ID.

The fix for this should be pretty simple and so we should go ahead with fixing it.

[KnightOfNight]

True rarely needed, except in the case of a loss of state, which is what I'm working on, which is to say it's actually two use cases: regaining lost state, and brining previously unmanaged resources under control.

[rohanbhattacharjee]

The vcn_id related issues were resolved with the release that we did last week - https://github.com/oracle/terraform-provider-oci/releases/tag/v2.0.5

[alexng-canuck]

All the related issues were fixed. No new reports of this issue.