oracle
diff --git a/‎CHANGELOG.rst‎
Lines changed: 35 additions & 0 deletions b/‎CHANGELOG.rst‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎requirements.txt‎
Lines changed: 1 addition & 1 deletion b/‎requirements.txt‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎services/cloud_bridge/src/oci_cli_inventory/inventory_cli_extended.py‎
Lines changed: 1 addition & 1 deletion b/‎services/cloud_bridge/src/oci_cli_inventory/inventory_cli_extended.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎services/container_engine/src/oci_cli_container_engine/containerengine_cli_extended.py‎
Lines changed: 93 additions & 2 deletions b/‎services/container_engine/src/oci_cli_container_engine/containerengine_cli_extended.py‎
Lines changed: 93 additions & 2 deletions
diff --git a/‎services/container_engine/src/oci_cli_container_engine/generated/containerengine_cli.py‎
Lines changed: 5 additions & 1 deletion b/‎services/container_engine/src/oci_cli_container_engine/generated/containerengine_cli.py‎
Lines changed: 5 additions & 1 deletion
@@ -6,6 +6,41 @@ All notable changes to this project will be documented in this file.
 
 The format is based on `Keep a Changelog <http://keepachangelog.com/>`__.
 
+3.49.4 - 2024-10-29
+--------------------
+Added
+~~~~~
+* OKE Control Plane service
+
+  * Support for overriding an existing addon installation
+
+    * ``oci ce cluster install-addon --is-override-existing``
+
+* Network load balancer service
+
+  * Support for L3IP listener feature
+
+    * ``oci nlb listener create --l3-ip-idle-timeout --protocol l3ip``
+    * ``oci nlb listener update --l3-ip-idle-timeout --protocol l3ip``
+
+Fixed
+~~~~~
+* OKE Control Plane service
+
+  * Support for new Open Id Connect Authentication and Open Id Connect Discovery feature
+
+    * ``oci ce cluster create --oidc-ca-certificate``
+    * ``oci ce cluster create --oidc-client-id``
+    * ``oci ce cluster create --oidc-groups-claim``
+    * ``oci ce cluster create --oidc-groups-prefix``
+    * ``oci ce cluster create --oidc-issuer-url``
+    * ``oci ce cluster create --oidc-required-claims``
+    * ``oci ce cluster create --oidc-signing-algorithms``
+    * ``oci ce cluster create --oidc-username-claim``
+    * ``oci ce cluster create --oidc-username-prefix``
+    * ``oci ce cluster create --open-id-connect-auth-enabled``
+    * ``oci ce cluster create --open-id-connect-discovery-enabled``
+
 3.49.3 - 2024-10-22
 --------------------
 Added
 
@@ -15,7 +15,7 @@ Jinja2>=3.1.4; python_version >= '3.7'
 jmespath==0.10.0
 ndg-httpsclient==0.4.2
 mock==2.0.0
-oci==2.137.0
+oci==2.137.1
 packaging==20.2
 pluggy==0.13.0
 py==1.11.0
 
@@ -277,7 +277,7 @@ def create_asset(ctx, from_json, wait_for_state, max_wait_seconds, wait_interval
 @cli_util.wrap_exceptions
 def update_asset(ctx, from_json, force, wait_for_state, max_wait_seconds, wait_interval_seconds, asset_id, asset_type,
                  display_name, asset_source_ids, freeform_tags, defined_tags, compute, vm, vmware_vm, vmware_v_center,
-                aws_ebs, aws_ec2, aws_ec2_cost, attached_ebs_volumes_cost, if_match):
+                 aws_ebs, aws_ec2, aws_ec2_cost, attached_ebs_volumes_cost, if_match):
     if isinstance(asset_id, six.string_types) and len(asset_id.strip()) == 0:
         raise click.UsageError('Parameter --asset-id cannot be whitespace or empty string')
     if not force:
 
@@ -103,6 +103,26 @@ def generate_token(ctx, from_json, cluster_id):
  deploy and troubleshoot containerized applications, and to manage Kubernetes resources. Default value is false.""")
 @cli_util.option('--tiller-enabled', type=click.BOOL, help="""Select if you want Tiller (the server portion of Helm)\
  to run in the Kubernetes cluster. Default value is false.""")
+@cli_util.option('--oidc-issuer-url', help="""URL of the provider that allows the API server to discover public signing keys.
+            Only URLs that use the https:// scheme are accepted. This is typically the provider's discovery URL,
+            changed to have an empty path.""")
+@cli_util.option('--oidc-client-id', help="""A client id that all tokens must be issued for.""")
+@cli_util.option('--oidc-username-claim', help="""JWT claim to use as the user name. By default sub, which is expected to be a unique identifier of the end
+            user. Admins can choose other claims, such as email or name, depending on their provider. However, claims
+            other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.""")
+@cli_util.option('--oidc-username-prefix', help="""Prefix prepended to username claims to prevent clashes with existing names (such as system:users).
+            For example, the value oidc: will create usernames like oidc:jane.doe. If this flag isn't provided and
+            --oidc-username-claim is a value other than email the prefix defaults to ( Issuer URL )# where
+            ( Issuer URL ) is the value of --oidc-issuer-url. The value - can be used to disable all prefixing.""")
+@cli_util.option('--oidc-groups-claim', help="""JWT claim to use as the user's group. If the claim is present it must be an array of strings.""")
+@cli_util.option('--oidc-groups-prefix', help="""Prefix prepended to group claims to prevent clashes with existing names (such as system:groups).""")
+@cli_util.option('--oidc-required-claims', type=custom_types.CLI_COMPLEX_TYPE, help="""A key=value pair that describes a required claim in the ID Token. If set, the claim is verified to be present
+            in the ID Token with a matching value. Repeat this flag to specify multiple claims.""" + custom_types.cli_complex_type.COMPLEX_TYPE_HELP)
+@cli_util.option('--oidc-ca-certificate', help="""The path to the certificate for the CA that signed your identity provider's web certificate. Defaults to the
+            host's root CAs.""")
+@cli_util.option('--oidc-signing-algorithms', type=custom_types.CLI_COMPLEX_TYPE, help="""The signing algorithms accepted. Default is ["RS256"].""" + custom_types.cli_complex_type.COMPLEX_TYPE_HELP)
+@cli_util.option('--open-id-connect-auth-enabled', type=click.BOOL, help="""Whether the cluster has OIDC Auth Config enabled. Defaults to false.""")
+@cli_util.option('--open-id-connect-discovery-enabled', type=click.BOOL, help="""Whether the cluster has OIDC Discovery enabled. Defaults to false. If set to true, the cluster will be assigned a public OIDC Discovery endpoint.""")
 @cli_util.option('--pods-cidr', help="""The available group of network addresses that can be allocated to pods running\
  in the cluster, expressed as a single, contiguous IPv4 CIDR block. For example, 10.244.0.0/16.""")
 @cli_util.option('--services-cidr', help="""The available group of network addresses that can be exposed as Kubernetes\
@@ -126,7 +146,10 @@ def generate_token(ctx, from_json, cluster_id):
      'persistent-volume-defined-tags': {'module': 'container_engine', 'class': 'dict(str, dict(str, object))'},
      'persistent-volume-freeform-tags': {'module': 'container_engine', 'class': 'dict(str, string)'},
      'image-policy-config': {'module': 'container_engine', 'class': 'CreateImagePolicyConfigDetails'},
-     'cluster-pod-network-options': {'module': 'container_engine', 'class': 'list[ClusterPodNetworkOptionDetails]'}})
+     'governance-policy-config': {'module': 'container_engine', 'class': 'CreateGovernancePolicyConfigDetails'},
+     'cluster-pod-network-options': {'module': 'container_engine', 'class': 'list[ClusterPodNetworkOptionDetails]'},
+     'oidc-signing-algorithms': {'module': 'container_engine', 'class': 'list[string]'},
+     'oidc-required-claims': {'module': 'container_engine', 'class': 'list[KeyValue]'}})
 @click.pass_context
 @json_skeleton_utils.json_skeleton_generation_handler(
     input_params_to_complex_types={'defined-tags': {'module': 'container_engine', 'class': 'dict(str, dict(str, object))'},
@@ -138,7 +161,10 @@ def generate_token(ctx, from_json, cluster_id):
                                    'persistent-volume-defined-tags': {'module': 'container_engine', 'class': 'dict(str, dict(str, object))'},
                                    'persistent-volume-freeform-tags': {'module': 'container_engine', 'class': 'dict(str, string)'},
                                    'image-policy-config': {'module': 'container_engine', 'class': 'CreateImagePolicyConfigDetails'},
-                                   'cluster-pod-network-options': {'module': 'container_engine', 'class': 'list[ClusterPodNetworkOptionDetails]'}})
+                                   'governance-policy-config': {'module': 'container_engine', 'class': 'CreateGovernancePolicyConfigDetails'},
+                                   'cluster-pod-network-options': {'module': 'container_engine', 'class': 'list[ClusterPodNetworkOptionDetails]'},
+                                   'oidc-signing-algorithms': {'module': 'container_engine', 'class': 'list[string]'},
+                                   'oidc-required-claims': {'module': 'container_engine', 'class': 'list[KeyValue]'}})
 @cli_util.wrap_exceptions
 def create_cluster(ctx, **kwargs):
     kwargs['options'] = {}
@@ -158,6 +184,71 @@ def create_cluster(ctx, **kwargs):
         kwargs['options']['addOns']['isTillerEnabled'] = kwargs['tiller_enabled']
     kwargs.pop('tiller_enabled', None)
 
+    if 'oidc_issuer_url' in kwargs and kwargs['oidc_issuer_url'] is not None:
+        if 'openIdConnectTokenAuthenticationConfig' not in kwargs['options']:
+            kwargs['options']['openIdConnectTokenAuthenticationConfig'] = {}
+        kwargs['options']['openIdConnectTokenAuthenticationConfig']['issuerUrl'] = kwargs['oidc_issuer_url']
+    kwargs.pop('oidc_issuer_url', None)
+
+    if 'oidc_client_id' in kwargs and kwargs['oidc_client_id'] is not None:
+        if 'openIdConnectTokenAuthenticationConfig' not in kwargs['options']:
+            kwargs['options']['openIdConnectTokenAuthenticationConfig'] = {}
+        kwargs['options']['openIdConnectTokenAuthenticationConfig']['clientId'] = kwargs['oidc_client_id']
+    kwargs.pop('oidc_client_id', None)
+
+    if 'oidc_username_claim' in kwargs and kwargs['oidc_username_claim'] is not None:
+        if 'openIdConnectTokenAuthenticationConfig' not in kwargs['options']:
+            kwargs['options']['openIdConnectTokenAuthenticationConfig'] = {}
+        kwargs['options']['openIdConnectTokenAuthenticationConfig']['usernameClaim'] = kwargs['oidc_username_claim']
+    kwargs.pop('oidc_username_claim', None)
+
+    if 'oidc_username_prefix' in kwargs and kwargs['oidc_username_prefix'] is not None:
+        if 'openIdConnectTokenAuthenticationConfig' not in kwargs['options']:
+            kwargs['options']['openIdConnectTokenAuthenticationConfig'] = {}
+        kwargs['options']['openIdConnectTokenAuthenticationConfig']['usernamePrefix'] = kwargs['oidc_username_prefix']
+    kwargs.pop('oidc_username_prefix', None)
+
+    if 'oidc_groups_claim' in kwargs and kwargs['oidc_groups_claim'] is not None:
+        if 'openIdConnectTokenAuthenticationConfig' not in kwargs['options']:
+            kwargs['options']['openIdConnectTokenAuthenticationConfig'] = {}
+        kwargs['options']['openIdConnectTokenAuthenticationConfig']['groupsClaim'] = kwargs['oidc_groups_claim']
+    kwargs.pop('oidc_groups_claim', None)
+
+    if 'oidc_groups_prefix' in kwargs and kwargs['oidc_groups_prefix'] is not None:
+        if 'openIdConnectTokenAuthenticationConfig' not in kwargs['options']:
+            kwargs['options']['openIdConnectTokenAuthenticationConfig'] = {}
+        kwargs['options']['openIdConnectTokenAuthenticationConfig']['groupsPrefix'] = kwargs['oidc_groups_prefix']
+    kwargs.pop('oidc_groups_prefix', None)
+
+    if 'oidc_required_claims' in kwargs and kwargs['oidc_required_claims'] is not None:
+        if 'openIdConnectTokenAuthenticationConfig' not in kwargs['options']:
+            kwargs['options']['openIdConnectTokenAuthenticationConfig'] = {}
+        kwargs['options']['openIdConnectTokenAuthenticationConfig']['requiredClaims'] = cli_util.parse_json_parameter("oidc_required_claims", kwargs['oidc_required_claims'])
+    kwargs.pop('oidc_required_claims', None)
+
+    if 'oidc_ca_certificate' in kwargs and kwargs['oidc_ca_certificate'] is not None:
+        if 'openIdConnectTokenAuthenticationConfig' not in kwargs['options']:
+            kwargs['options']['openIdConnectTokenAuthenticationConfig'] = {}
+        kwargs['options']['openIdConnectTokenAuthenticationConfig']['caCertificate'] = kwargs['oidc_ca_certificate']
+    kwargs.pop('oidc_ca_certificate', None)
+
+    if 'oidc_signing_algorithms' in kwargs and kwargs['oidc_signing_algorithms'] is not None:
+        if 'openIdConnectTokenAuthenticationConfig' not in kwargs['options']:
+            kwargs['options']['openIdConnectTokenAuthenticationConfig'] = {}
+        kwargs['options']['openIdConnectTokenAuthenticationConfig']['signingAlgorithms'] = cli_util.parse_json_parameter("oidc_signing_algorithms", kwargs['oidc_signing_algorithms'])
+    kwargs.pop('oidc_signing_algorithms', None)
+
+    if 'open_id_connect_auth_enabled' in kwargs and kwargs['open_id_connect_auth_enabled'] is not None:
+        if 'openIdConnectTokenAuthenticationConfig' not in kwargs['options']:
+            kwargs['options']['openIdConnectTokenAuthenticationConfig'] = {}
+        kwargs['options']['openIdConnectTokenAuthenticationConfig']['isOpenIdConnectAuthEnabled'] = kwargs['open_id_connect_auth_enabled']
+    kwargs.pop('open_id_connect_auth_enabled', None)
+    if 'open_id_connect_discovery_enabled' in kwargs and kwargs['open_id_connect_discovery_enabled'] is not None:
+        if 'openIdConnectDiscovery' not in kwargs['options']:
+            kwargs['options']['openIdConnectDiscovery'] = {}
+        kwargs['options']['openIdConnectDiscovery']['isOpenIdConnectDiscoveryEnabled'] = kwargs['open_id_connect_discovery_enabled']
+    kwargs.pop('open_id_connect_discovery_enabled', None)
+
     if 'pods_cidr' in kwargs and kwargs['pods_cidr'] is not None:
         kwargs['options']['kubernetesNetworkConfig'] = {}
         kwargs['options']['kubernetesNetworkConfig']['podsCidr'] = kwargs['pods_cidr']
 
@@ -1429,6 +1429,7 @@ def get_workload_mapping(ctx, from_json, cluster_id, workload_mapping_id):
 @cli_util.option('--configurations', type=custom_types.CLI_COMPLEX_TYPE, help=u"""Addon configuration details.
 
 This option is a JSON list with items of type AddonConfiguration.  For documentation on AddonConfiguration please see our API reference: https://docs.cloud.oracle.com/api/#/en/containerengine/20180222/datatypes/AddonConfiguration.""" + custom_types.cli_complex_type.COMPLEX_TYPE_HELP)
+@cli_util.option('--is-override-existing', type=click.BOOL, help=u"""Whether or not to override an existing addon installation. Defaults to false. If set to true, any existing addon installation would be overridden as per new installation details.""")
 @cli_util.option('--if-match', help=u"""For optimistic concurrency control. In the PUT or DELETE call for a resource, set the `if-match` parameter to the value of the etag from a previous GET or POST response for that resource.  The resource will be updated or deleted only if the etag you provide matches the resource's current etag value.""")
 @cli_util.option('--wait-for-state', type=custom_types.CliCaseInsensitiveChoice(["ACCEPTED", "IN_PROGRESS", "FAILED", "SUCCEEDED", "CANCELING", "CANCELED"]), multiple=True, help="""This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.""")
 @cli_util.option('--max-wait-seconds', type=click.INT, help="""The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.""")
@@ -1438,7 +1439,7 @@ def get_workload_mapping(ctx, from_json, cluster_id, workload_mapping_id):
 @click.pass_context
 @json_skeleton_utils.json_skeleton_generation_handler(input_params_to_complex_types={'configurations': {'module': 'container_engine', 'class': 'list[AddonConfiguration]'}})
 @cli_util.wrap_exceptions
-def install_addon(ctx, from_json, wait_for_state, max_wait_seconds, wait_interval_seconds, cluster_id, addon_name, version_parameterconflict, configurations, if_match):
+def install_addon(ctx, from_json, wait_for_state, max_wait_seconds, wait_interval_seconds, cluster_id, addon_name, version_parameterconflict, configurations, is_override_existing, if_match):
 
     if isinstance(cluster_id, six.string_types) and len(cluster_id.strip()) == 0:
         raise click.UsageError('Parameter --cluster-id cannot be whitespace or empty string')
@@ -1457,6 +1458,9 @@ def install_addon(ctx, from_json, wait_for_state, max_wait_seconds, wait_interva
     if configurations is not None:
         _details['configurations'] = cli_util.parse_json_parameter("configurations", configurations)
 
+    if is_override_existing is not None:
+        _details['isOverrideExisting'] = is_override_existing
+
     client = cli_util.build_client('container_engine', 'container_engine', ctx)
     result = client.install_addon(
         cluster_id=cluster_id,