Argument cidr_block
is now deprecated and cidr_blocks
should be preferred instead.
cidr_blocks
is a new argument that brings support for Modifiable VCNs feature from November 12, 2020.
Link to provider documentation
Current module implementation relies on var.vcn_cidr
with the following definiton
variable "vcn_cidr" {
description = "cidr block of VCN"
default = "10.0.0.0/16"
type = string
}
It is then used in resource definition like this
resource "oci_core_vcn" "vcn" {
cidr_block = var.vcn_cidr
compartment_id = var.compartment_id
display_name = var.label_prefix == "none" ? var.vcn_name : "${var.label_prefix}-${var.vcn_name}"
dns_label = var.vcn_dns_label
freeform_tags = var.tags
}
Internally, we need to stop using cidr_block
argument and start using cidr_blocks
. But there is many ways to handle it on our module API.
I see three ways to solve that problem:
- with incompatible API change: e.g changing the input type (from
string
to list(string)
)
- with backward compatible API change that mimic the service API choice: adding a new input
cidr_blocks
and deprecate cidr_block
- with no API change but non-explicit/standard way to declare CIDRs as a list : keeping the same input name and type, and internally parse it for a comma separator with a Terraform function
I would like to avoid (1) and offer a smooth transition for users and all downstream modules.
(3) is the most transparent way to handle it inside the module and hide the details from the user, but I am afraid of added complexity with this non-standard and non-explicit usage pattern.
That let us with (2) as the preferred option.
This change will also require good documentation and probably some input validation to handle the " usage rules" that comes with it from service API:
cidr_blocks update must be restricted to one operation at a time (either add/remove or modify one single cidr_block) or the operation will be declined.
new cidr_block to be added must be placed at the end of the list.
These two rules are the most critical/non-usual to take care of. For the other rules (valid CIDR, limits, etc), I think we can rely on the API error messages.
@hyder @slevey : what's your thoughts about this?