Terraform Configurations for OCI Cache Users
Review requirements and recommendations for Terraform configurations used with OCI Cache users.
Requirements and Recommendations
Terraform manages attachment and detachment of OCI Cache users resources to a Redis cluster using two distinct resources:
oci_redis_redis_cluster_attach_oci_cache_useroci_redis_redis_cluster_detach_oci_cache_user
Typically, one Terraform resource handles both attaching and detaching of OCI Cache users resources to a Redis cluster. For example, removing a user from the
oci_cache_users list automatically detaches them. However, detachment is explicitly modelled, though, given the limitations of the Terraform provider implementation. This limitations mean:- To attach OCI Cache users, you must use the
oci_redis_redis_cluster_attach_oci_cache_userresource. -
To detach OCI Cache users, you must remove them from the
attachresource and add them to theoci_redis_redis_cluster_detach_oci_cache_userresource.
To manage OCI Cache users and Redis clusters using Terraform configuration, we recommend the following:
- Don't specify the same user OCID in the
attachanddetachresources at the same time. - When detaching a user listed from the
attachresource, remove the user from thedetachresource and then add it to thedetachresource. Similarly, when attaching a user listed in thedetachresource, remove the user from thedetachresource and then add it to theattachresource. - Destroy the
attachanddetachresource blocks if theoci_cache_userslists are empty in these resources.
Example Terraform Configuration for OCI Cache users
The following examples show a Terraform configuration for various scenarios of OCI Cache users.
Example 1: Attach two OCI Cache users to a Redis cluster
To attach two existing OciCacheUsers to a Redis cluster, define an oci_redis_redis_cluster_attach_oci_cache_user resource and include both the user OCIDs in the oci_cache_users list.
variable "region" {}
provider "oci" {
auth = "SecurityToken"
config_file_profile = "DEFAULT"
region = "${var.region}"
}
resource "oci_redis_redis_cluster_attach_oci_cache_user" "attach_existing_users" {
redis_cluster_id = "OCID1.rediscluster.oc1.phx..<unique_ID>"
//cluster-id
oci_cache_users = [
"OCID1.ocicacheuser.oc1.phx..<unique_ID>", //user-1
"OCID1.ocicacheuser.oc1.phx..<unique_ID>". // user-2
]
}This Terraform configuration attaches user-1 and user-2 to the specified Redis cluster.
Example 2: Detach one OCI Cache user from a Redis cluster
To detach a user, remove user-2 from the oci_cache_users list in the attach resource and then add it to a new or existing oci_redis_redis_cluster_detach_oci_cache_user resource.
variable "region" {}
provider "oci" {
auth = "SecurityToken"
config_file_profile = "DEFAULT"
region = "${var.region}"
}
resource "oci_redis_redis_cluster_attach_oci_cache_user" "attach_existing_users" {
redis_cluster_id = "OCID1.rediscluster.oc1.phx..<unique_ID>"
//cluster-id
oci_cache_users = [
"OCID1.ocicacheuser.oc1.phx..<unique_ID>", //user-1
]
}
resource "oci_redis_redis_cluster_detach_oci_cache_user" "detach_existing_users" {
redis_cluster_id = "OCID1.rediscluster.oc1.phx..<unique_ID>"
oci_cache_users = [
"OCID1.ocicacheuser.oc1.phx..<unique_ID>", // user-2
]
}This Terraform configuration attaches user-1 to the specified Redis cluster and detaches user-2 by moving it from the attach resource and adding it to the detach resource.
Example 3: Detach all OCI Cache users from a Redis cluster
To detach all attached OciCacheUser resources from a Redis cluster, move all user OCIDs from the attach resource to the detach resource. Then, the attach resource has an empty list of OciCacheUsers and should be removed.
variable "region" {}
provider "oci" {
auth = "SecurityToken"
config_file_profile = "DEFAULT"
region = "${var.region}"
}
// Attach resource is removed since there are no users left to attach.
resource "oci_redis_redis_cluster_detach_oci_cache_user" "detach_existing_users" {
redis_cluster_id = "OCID1.rediscluster.oc1.phx..<unique_ID"
//cluster-id
oci_cache_users = [
"OCID1.ocicacheuser.oc1.phx..<unique_ID>", // user-2
"OCID1.ocicacheuser.oc1.phx..<unique_ID>", //user-1
]
}This Terraform configuration detaches all OciCacheUsers from the Redis cluster by placing them in the detach resource and removes the attach resource.
Example 4: Attach, detach, and reattach a user to a Redis cluster
To attach a user, detach the same user, and then reattach it to a Redis cluster requires the following steps:
- Attach
user-1: To attachuser-1, define theoci_redis_redis_cluster_attach_oci_cache_userresource with theuser-1OCID in the list.### attach user-1 variable "region" {} provider "oci" { auth = "SecurityToken" config_file_profile = "DEFAULT" region = "${var.region}" } resource "oci_redis_redis_cluster_attach_oci_cache_user" "attach_existing_users" { redis_cluster_id = "OCID1.rediscluster.oc1.phx..<unique_ID>" //cluster-id oci_cache_users = [ "OCID1.ocicacheuser.oc1.phx..<unique_ID>", //user-1 ] }This Terraform configuration attaches
user-1to the Redis cluster. - Detach
user-1: To detachuser-1, move it's OCID from theattachresource to a newdetachresource. Then, remove theattachresource becauseoci_cache_userslist is now empty.### detach user-1 variable "region" {} provider "oci" { auth = "SecurityToken" config_file_profile = "DEFAULT" region = "${var.region}" } # attach resource is nolonger needed. resource "oci_redis_redis_cluster_detach_oci_cache_user" "detach_existing_users" { redis_cluster_id = "OCID1.rediscluster.oc1.phx..<unique_ID>" //cluster-id oci_cache_users = [ "ocid1.ocicacheuser.oc1.phx..<unique_ID>", //user-1 ] }This Terraform configuration detaches
user-1from the Redis cluster. - Reattach
user-1: To reattachuser-1, remove OCID from thedetachresource and re-create theattachresource with an OCID. Then, remove thedetachresource becauseoci_cache_userslist is now empty.### attach user-1 again variable "region" {} provider "oci" { auth = "SecurityToken" config_file_profile = "DEFAULT" region = "${var.region}" } resource "oci_redis_redis_cluster_attach_oci_cache_user" "attach_existing_users" { redis_cluster_id = "OCID1.rediscluster.oc1.phx..<unique_ID>" //cluster-id oci_cache_users = [ "OCID1.ocicacheuser.oc1.phx..<unique_ID>", //user-1 ] }This Terraform configuration reattaches
user-1to the Redis cluster.
Example 5: Use same OCI Cache user in both attach and detach resources
To include the same
oci_cache_user OCID (for example, user-1) in both the attach and detach resources in the same apply cycle, use the following Terraform configuration:### attach user-1
variable "region" {}
provider "oci" {
auth = "SecurityToken"
config_file_profile = "DEFAULT"
region = "${var.region}"
}
resource "oci_redis_redis_cluster_attach_oci_cache_user" "attach_existing_users" {
redis_cluster_id = "OCID1.rediscluster.oc1.phx..<unique_ID>"
//cluster-id
oci_cache_users = [
"OCID1.ocicacheuser.oc1.phx..<unique_ID>", //user-1
]
}
resource "oci_redis_redis_cluster_detach_oci_cache_user" "detach_existing_users" {
redis_cluster_id = "OCID1.rediscluster.oc1.phx..<unique_ID>"
oci_cache_users = [
"OCID1.ocicacheuser.oc1.phx..<unique_ID>", //user-1
]
} Note
We don't recommend including the same
We don't recommend including the same
oci_cache_user OCID in both the attach and detach resources in the same cycle because although Terraform allows this configuration, it results in a no (neutral) operation where the attach and detach operations cancel each other in the single apply cycle.Example 6: Create a Redis cluster, OCI Cache user, and attach the user to the cluster
To create a Redis cluster,
OciCacheUser, and attach the user to the cluster, use the following Terraform configuration:
variable "region" {}
variable "compartment_ocid" {}
variable "redis_cluster_display_name" {
default = "test-tf-redis-cluster"
}
variable "redis_cluster_node_count" {
default = 2
}
variable "redis_cluster_node_memory_in_gbs" {
default = 2.0
}
variable "redis_cluster_software_version" {
default = "VALKEY_7_2"
}
variable "redis_cluster_freeform_tags" {
default = { "bar-key" = "value" }
}
variable "oci_cache_user_acl_string" {
default = "~* &* +discard +xsetid +zscore +hdel +bitpos +pttl +rpoplpush +mget +decr +unlink +pubsub
+zrangebylex +auth +rpush +zlexcount +zrangestore +geopos +lset +zremrangebyrank +scard +hexists +hmget +blmpop
+lastsave +fcall_ro +smismember +pexpiretime +llen +function +smembers +zrevrangebyscore +hstrlen +blpop +scan
+lpos +pexpireat +sunsubscribe +zcard +hset +geodist +lrange +flushdb +spop +object +xack +restore +renamenx
+mset +zinterstore +bzmpop +zinter +setnx +pexpire +smove +bitfield +xdel +zrange +lindex +srem +bitcount
+incrbyfloat +incrby +quit +lpushx +spublish +expiretime +zadd +srandmember +getset +monitor +rpop +zrank
+pfcount +geosearch +randomkey +setex +zrangebyscore +bitfield_ro +strlen +xlen +zintercard +xadd +zunionstore
+xread +expireat +zdiffstore +sunionstore +zscan +set +move +rename +time +msetnx +readonly +setbit +sunion
+hlen +brpop +replconf +unwatch +psetex +punsubscribe +watch +publish +zremrangebyscore +get +psubscribe
+sismember +persist +decrby +eval_ro +script +copy +lpop +zunion +zpopmax +hincrby +geoadd +fcall +multi +pfadd
+georadius_ro +hincrbyfloat +sort +dbsize +lolwut +zremrangebylex +hsetnx +xreadgroup +lmpop +swapdb +bitop
+exists +zrevrangebylex +pfdebug +hgetall +xinfo +sdiffstore +zmpop +lrem +keys +lpush +incr +xrevrange
+slowlog +sadd +getdel +getbit +sintercard +cluster +ltrim +hkeys +sscan +xtrim +xrange +evalsha_ro +hello
+sinterstore +substr +zmscore +blmove +zrandmember +subscribe +xclaim +pfselftest +exec +zrem +evalsha
+geosearchstore +hmset +ping +hscan +georadius +hvals +rpushx +unsubscribe +dump +georadiusbymember +touch
+zpopmin +command +zdiff +lcs +geohash +type +del +linsert +role +xgroup +bzpopmax +hrandfield +eval +readwrite
+append +info +client +zrevrange +xpending +wait +bzpopmin +sinter +select +restore-asking +latency +pfmerge
+getex +asking +xautoclaim +sdiff +zrevrank +zincrby +ttl +zcount +setrange +sort_ro +getrange
+georadiusbymember_ro +echo +flushall +ssubscribe +expire +hget +brpoplpush +lmove"
}
variable "oci_cache_user_description" {
default = "Default Cache user"
}
variable "oci_cache_user_status" {
default = "ON"
}
provider "oci" {
auth = "SecurityToken"
config_file_profile = "DEFAULT"
region = "${var.region}"
}
resource "oci_core_vcn" "test_vcn" {
cidr_block = "10.0.0.0/16"
compartment_id = "${var.compartment_ocid}"
}
resource "oci_core_security_list" "test_security_list" {
compartment_id = "${var.compartment_ocid}"
vcn_id = oci_core_vcn.test_vcn.id
display_name = "redis-security-list"
egress_security_rules {
destination = "0.0.0.0/0"
protocol = "17" // UDP
stateless = true
}
ingress_security_rules {
protocol = "6" // TCP
source = "0.0.0.0/0"
stateless = false
}
}
resource "oci_core_subnet" "test_subnet" {
cidr_block = "10.0.0.0/24"
compartment_id = "${var.compartment_ocid}"
vcn_id = oci_core_vcn.test_vcn.id
security_list_ids = [oci_core_security_list.test_security_list.id]
}
resource "oci_redis_redis_cluster" "test_redis_cluster" {
compartment_id = "${var.compartment_ocid}"
display_name = var.redis_cluster_display_name
node_count = var.redis_cluster_node_count
node_memory_in_gbs = var.redis_cluster_node_memory_in_gbs
software_version = var.redis_cluster_software_version
subnet_id = oci_core_subnet.test_subnet.id
freeform_tags = var.redis_cluster_freeform_tags
}
resource "oci_redis_oci_cache_user" "default_oci_cache_user" {
compartment_id = "${var.compartment_ocid}"
name = "default"
description = var.oci_cache_user_description
acl_string = var.oci_cache_user_acl_string
authentication_mode {
authentication_type = "PASSWORD"
hashed_passwords = ["741f67765bef6f01f37bf5cb1724509a83409324efa6ad258***************"]
}
status = var.oci_cache_user_status
depends_on = [oci_redis_redis_cluster.test_redis_cluster]
}
resource "oci_redis_redis_cluster_attach_oci_cache_user" "attach_default_user" {
redis_cluster_id = oci_redis_redis_cluster.test_redis_cluster.id
oci_cache_users = [oci_redis_oci_cache_user.default_oci_cache_user.id]
depends_on = [oci_redis_oci_cache_user.default_oci_cache_user]
}
output "default_cache_user_id" {
value = oci_redis_oci_cache_user.default_oci_cache_user.id
}