Merge branch 'development' of https://github.com/oracle-quickstart/weblogic-server-for-oci into development

Author: skommala

solutions/jrf/README.md

@@ -0,0 +1,62 @@
+## WebLogic JRF domain with OCI DB
+
+This solution creates single/multi node Weblogic cluster with OCI Database and Oracle Identity Cloud Service fronted by a load balancer. The solution will create only one stack at time and further modifications that are done will be done on the same stack.
+
+This topology uses existing infrastructure.
+- Existing VCN and existing subnets with private WebLogic subnet.
+- OCI DB in a different VCN
+- Existing public load balancer
+
+Oracle Identity Cloud Service (IDCS) is used to authenticate user.
+
+![Full Topology Diagram](Topology.png)
+
+The above diagram shows a topology that includes most of the components supported by the Terraform scripts. 
+In this scenario, the WebLogic servers are in a private subnet. To access the applications running on WebLogic, an existing OCI load balancer in public regional subnet is used. A bastion instance with a public IP address is provisioned to allow access to the VMs in the private subnet. The Oracle WebLogic Server domain is configured to use Oracle Identity Cloud Service for authentication.
+
+The diagram shows the stack using a database located in a VCN different from the one used by the WebLogic for OCI stack, with VCN peering. Peering is necessary because DB VCN is different from Weblogic VCN. Since existing VCNs are used here, VCNs for WebLogic Server compute instances and the Oracle Cloud Infrastructure Application Database are peered manually before creating the stack for the Oracle WebLogic Server for OCI domain. To peer the VCNs manually, see [Manual VCN Peering](https://docs.oracle.com/en/cloud/paas/weblogic-cloud/user/configure-database-parameters.html#GUID-6A39A2A7-EF6C-408E-B5C7-C44089A9B134__MANUAL_VCN_PEERING).
+
+## Before You Begin with Oracle WebLogic Server for OCI
+Refer to the [documentation](https://docs.oracle.com/en/cloud/paas/weblogic-cloud/user/you-begin-oracle-weblogic-cloud.html) for the pre-requisite steps to using Oracle WebLogic Server for OCI.
+
+## Workspace Checkout
+- Install latest version of git from http://git-scm.com/downloads
+- For Linux and Mac: Add the git to the PATH
+- Clone the code using the command:
+
+```bash
+git clone https://github.com/oracle-quickstart/weblogic-server-for-oci.git
+```
+
+## Organization
+The directory weblogic-server-for-oci/solutions/jrf consists of the following terraform files: 
+
+- jrf_instance.tfvars - WebLogic instance, bastion instance and network configuration
+- existing_lb.tfvars - Load balancer configuration
+- oci_db.tfvars  - OCI Database configuration
+- idcs.tfvars - IDCS configuration
+
+The directory weblogic-server-for-oci/solutions/common consists of the following:
+- tenancy.tfvars - tenancy configuration
+
+## Using the Terraform command line tool
+```bash
+cd weblogic-server-for-oci/terraform
+```
+
+Initialize the terraform provider plugin
+```bash
+terraform init
+```
+
+Update the variable values in tfvars files under directories terraform/solutions/common and terraform/solutions/jrf according to the user specific values
+Invoke apply passing all *.tfvars files as input
+```bash
+terraform apply -var-file=../solutions/common/tenancy.tfvars -var-file=inputs/mp_image_ee_byol.tfvars -var-file=../solutions/jrf/jrf_instance.tfvars -var-file=../solutions/jrf/existing_lb.tfvars -var-file=../solutions/jrf/idcs.tfvars var-file=../solutions/jrf/oci_db.tfvars
+```
+
+To destroy the infrastructure
+```bash
+terraform destroy var-file=../solutions/common/tenancy.tfvars -var-file=inputs/mp_image_ee_byol.tfvars -var-file=../solutions/jrf/jrf_instance.tfvars -var-file=../solutions/jrf/existing_lb.tfvars -var-file=../solutions/jrf/idcs.tfvars var-file=../solutions/jrf/oci_db.tfvars
+```
+**Important:** Refer to [documentation](https://docs.oracle.com/en/cloud/paas/weblogic-cloud/user/delete-domain.html) for steps to perform before running *terraform destroy*.

solutions/jrf/Topology.png

@@ -1,4 +1,4 @@
-# Copyright (c) 2022, Oracle and/or its affiliates.
+# Copyright (c) 2022, 2023, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 locals {
@@ -45,11 +45,15 @@ locals {
   vmscripts_zip_bundle_msg      = "WLSC-ERROR: The value for wlsoci vmscripts zip bundle path is not valid. The value must be obsolute path to vmscripts zip bundle."
   validate_vmscripts_zip_bundle = local.invalid_vmscripts_zip_bundle ? local.validators_msg_map[local.vmscripts_zip_bundle_msg] : null
 
-  missing_lb_availability_domains      = !var.use_regional_subnet && local.add_new_load_balancer && (var.is_lb_private ? var.lb_availability_domain_name1 == "" : (var.lb_availability_domain_name1 == "" || var.lb_availability_domain_name2 == ""))
+  new_ad_subnets                   = !var.use_regional_subnet && !var.use_existing_subnets
+  new_ad_subnets_not_supported_msg = "WLSC-ERROR: Creating new AD specific subnets is not supported."
+  new_ad_subnets_not_supported     = local.new_ad_subnets ? local.validators_msg_map[local.new_ad_subnets_not_supported_msg] : null
+
+  missing_lb_availability_domains      = !var.use_regional_subnet && var.use_existing_subnets && local.add_new_load_balancer && (var.is_lb_private ? var.lb_availability_domain_name1 == "" : (var.lb_availability_domain_name1 == "" || var.lb_availability_domain_name2 == ""))
   lb_availability_domains_required_msg = "WLSC-ERROR: The values for lb_subnet_1_availability_domain_name and lb_subnet_2_availability_domain_name are required for AD specific subnets."
   missing_lb_availability_domain_names = local.missing_lb_availability_domains ? local.validators_msg_map[local.lb_availability_domains_required_msg] : null
 
-  invalid_lb_availability_domain_indexes  = !var.use_regional_subnet && local.add_new_load_balancer && var.lb_availability_domain_name1 != "" && (var.lb_availability_domain_name1 == var.lb_availability_domain_name2)
+  invalid_lb_availability_domain_indexes  = !var.use_regional_subnet && var.use_existing_subnets && local.add_new_load_balancer && var.lb_availability_domain_name1 != "" && (var.lb_availability_domain_name1 == var.lb_availability_domain_name2)
   lb_availability_domain_indexes_msg      = "WLSC-ERROR: The value for lb_subnet_1_availability_domain_name=[${var.lb_availability_domain_name1}] and lb_subnet_2_availability_domain_name=[${var.lb_availability_domain_name2}] cannot be same."
   validate_lb_availability_domain_indexes = local.invalid_lb_availability_domain_indexes ? local.validators_msg_map[local.lb_availability_domain_indexes_msg] : null
 }

terraform/modules/validators/validators.tf

@@ -1,4 +1,4 @@
-# Copyright (c) 2022, Oracle and/or its affiliates.
+# Copyright (c) 2022, 2023, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 title: Oracle WebLogic Server for Oracle Cloud Infrastructure
@@ -1653,12 +1653,21 @@ variables:
       and:
         - ${orm_create_mode}
         - ${add_JRF}
-        - and:
-            - ${create_policies}
-            - or:
-                - ${create_new_vcn}
-                - not:
-                    - ${use_oci_db_connection_string}
+        - ${create_policies}
+        - or:
+            - and:
+                - eq:
+                    - ${db_strategy}
+                    - "Database System"
+                - or:
+                    - ${create_new_vcn}
+                    - not:
+                        - ${use_oci_db_connection_string}
+            - and:
+                - eq:
+                    - ${db_strategy}
+                    - "Autonomous Transaction Processing Database"
+                - ${atp_db_uses_private_endpoint}
     type: boolean
     default: true
     title: Create Database Security List