Add support to discover tenancy level resources if the compartmentId is for a root compartment

Author: parrneet

oci/export_compartment.go

@@ -43,6 +43,7 @@ var resourceNameCount map[string]int
 var resourcesMap map[string]*schema.Resource
 var datasourcesMap map[string]*schema.Resource
 var compartmentScopeServices []string
+var tenancyScopeServices []string
 var isMissingRequiredAttributes bool
 var exportConfigProvider oci_common.ConfigurationProvider
 var tfHclVersion TfHclVersion
@@ -59,6 +60,13 @@ func init() {
 		idx++
 	}
 
+	tenancyScopeServices = make([]string, len(tenancyResourceGraphs))
+	idx = 0
+	for mode := range tenancyResourceGraphs {
+		tenancyScopeServices[idx] = mode
+		idx++
+	}
+
 	isMissingRequiredAttributes = false
 }
 
@@ -155,15 +163,30 @@ func RunExportCommand(args *ExportCommandArgs) (error, Status) {
 		}
 	}
 
-	args.finalizeServices()
+	/*
+		We do not get customer tenancy ocid from configuration provider in case of Instance Principals auth
+		Getting the tenancy ocid by repeated Get calls on parent for compartment
+	*/
+	var tenancyOcid string
+	if args.CompartmentId != nil && *args.CompartmentId != "" {
+		tenancyOcid, err = getTenancyOcidFromCompartment(clients.(*OracleClients), *args.CompartmentId)
+		if err != nil {
+			return err, StatusFail
+		}
+	} else {
+		// If compartment ocid not provided in arguments, get it from configuration provider
 
-	tenancyOcid, exists := clients.(*OracleClients).configuration["tenancy_ocid"]
-	if !exists {
-		return fmt.Errorf("[ERROR] could not get a tenancy OCID during initialization"), StatusFail
+		tenancyId, exists := clients.(*OracleClients).configuration["tenancy_ocid"]
+		if !exists {
+			return fmt.Errorf("[ERROR] could not get a tenancy OCID during initialization"), StatusFail
+		}
+		tenancyOcid = tenancyId
 	}
 
 	ctx := createResourceDiscoveryContext(clients.(*OracleClients), args, tenancyOcid)
 
+	args.finalizeServices(ctx)
+
 	/*
 		Setting retry timeout to a lower value for resource discovery
 		This is done to handle the 404 and 500 errors in case
@@ -199,9 +222,16 @@ func convertStringSliceToSet(slice []string, omitEmptyStrings bool) map[string]b
 	return result
 }
 
-func (args *ExportCommandArgs) finalizeServices() {
+func (args *ExportCommandArgs) finalizeServices(ctx *resourceDiscoveryContext) {
 	if len(args.Services) == 0 {
 		args.Services = compartmentScopeServices
+
+		/*
+			If compartmentId provided is not provided or is a root compartment then discover tenancy scope resources too
+		*/
+		if args.CompartmentId != nil && (*args.CompartmentId == "" || *args.CompartmentId == ctx.tenancyOcid) {
+			args.Services = append(args.Services, tenancyScopeServices...)
+		}
 	}
 
 	// Dedupes possible repeating services from command line and sorts them
@@ -429,33 +459,37 @@ func getDiscoverResourceSteps(ctx *resourceDiscoveryContext) ([]resourceDiscover
 }
 
 func getDiscoverResourceWithGraphSteps(ctx *resourceDiscoveryContext) ([]resourceDiscoveryStep, error) {
-	result := []resourceDiscoveryStep{}
 
-	tenancyResource := &OCIResource{
-		compartmentId: ctx.tenancyOcid,
-		TerraformResource: TerraformResource{
-			id:             ctx.tenancyOcid,
-			terraformClass: "oci_identity_tenancy",
-			terraformName:  "export",
-		},
+	if ctx.CompartmentId == nil || *ctx.CompartmentId == "" {
+		*ctx.CompartmentId = ctx.tenancyOcid
 	}
+	result := []resourceDiscoveryStep{}
 
-	for _, mode := range ctx.Services {
-		if resourceGraph, exists := tenancyResourceGraphs[mode]; exists {
-			result = append(result, &resourceDiscoveryWithGraph{
-				root:                      tenancyResource,
-				resourceGraph:             resourceGraph,
-				resourceDiscoveryBaseStep: resourceDiscoveryBaseStep{name: mode, ctx: ctx},
-			})
+	// Discover tenancy scope resources only if compartmentId is tenancy ocid
+	if *ctx.CompartmentId == ctx.tenancyOcid {
+		tenancyResource := &OCIResource{
+			compartmentId: ctx.tenancyOcid,
+			TerraformResource: TerraformResource{
+				id:             ctx.tenancyOcid,
+				terraformClass: "oci_identity_tenancy",
+				terraformName:  "export",
+			},
+		}
+
+		for _, mode := range ctx.Services {
+			if resourceGraph, exists := tenancyResourceGraphs[mode]; exists {
+				result = append(result, &resourceDiscoveryWithGraph{
+					root:                      tenancyResource,
+					resourceGraph:             resourceGraph,
+					resourceDiscoveryBaseStep: resourceDiscoveryBaseStep{name: mode, ctx: ctx},
+				})
 
-			vars["tenancy_ocid"] = fmt.Sprintf("\"%s\"", ctx.tenancyOcid)
-			referenceMap[ctx.tenancyOcid] = tfHclVersion.getVarHclString("tenancy_ocid")
+				vars["tenancy_ocid"] = fmt.Sprintf("\"%s\"", ctx.tenancyOcid)
+				referenceMap[ctx.tenancyOcid] = tfHclVersion.getVarHclString("tenancy_ocid")
+			}
 		}
 	}
 
-	if ctx.CompartmentId == nil || *ctx.CompartmentId == "" {
-		*ctx.CompartmentId = ctx.tenancyOcid
-	}
 	compartmentResource := &OCIResource{
 		compartmentId: *ctx.CompartmentId,
 		TerraformResource: TerraformResource{
@@ -1242,3 +1276,25 @@ func readEnvironmentVars(d *schema.ResourceData) error {
 	}
 	return nil
 }
+
+func getTenancyOcidFromCompartment(clients *OracleClients, compartmentId string) (string, error) {
+
+	for true {
+		response, err := clients.identityClient().GetCompartment(context.Background(), oci_identity.GetCompartmentRequest{
+			CompartmentId: &compartmentId,
+			RequestMetadata: oci_common.RequestMetadata{
+				RetryPolicy: getRetryPolicy(true, "identity"),
+			},
+		})
+		if err != nil {
+			return "", fmt.Errorf("[ERROR] could not get tenancy ocid from compartment ocid %v", err)
+		}
+		if response.CompartmentId == nil {
+			log.Printf("[INFO] root compartment found %v", compartmentId)
+			return *response.Id, nil
+		}
+		compartmentId = *response.CompartmentId
+	}
+
+	return "", fmt.Errorf("[ERROR] could not get tenancy ocid from compartment ocid")
+}

oci/export_resource_helpers.go

@@ -155,7 +155,10 @@ func getNotFoundChildren(parent string, resourceGraph *TerraformResourceGraph, c
 	if exists {
 		for _, child := range childResources {
 			*children = append(*children, child.resourceClass)
-			getNotFoundChildren(child.resourceClass, resourceGraph, children)
+			// Avoid recursion if a resource can be nested within itself e.g. compartments
+			if child.resourceClass != parent {
+				getNotFoundChildren(child.resourceClass, resourceGraph, children)
+			}
 		}
 	}
 }

website/docs/guides/resource_discovery.html.markdown

@@ -132,7 +132,16 @@ The generated `.tf` files contain the Terraform configuration with the resources
     * 0.11
     * 0.12
 
-> **Note**: The compartment export functionality currently supports discovery of the target compartment. The ability to discover resources in child compartments is not yet supported.
+| Arguments | Resources discovered |
+| ----------| -------------------- |
+| compartment_id = \<empty or tenancy ocid\>  <br> services= \<empty\> or not specified | all tenancy and compartment scope resources <br>  |
+| compartment_id = \<empty or tenancy ocid\>  <br> services= \<comma separated list of services\> | tenancy and compartment scope resources for the services specified |
+| compartment_id = \<non-root compartment\> <br> services= \<empty\> or not specified | all compartment scope resources only |
+| compartment_id = \<non-root compartment\> services=\<comma separated list of services\> | compartment scope resources for the services specified<br>tenancy scope resources will not be discovered even if services with such resources are specified |
+
+> **Notes**:
+* The compartment export functionality currently supports discovery of the target compartment. The ability to discover resources in child compartments is not yet supported.
+* If using Instance Principals, resources can not be discovered if compartment_id is not specified
 
 ### Exit status