Added - Support for ZPR Security Attributes

Author: destinjo

internal/integrationtest/database_tools_database_tools_private_endpoint_test.go

@@ -59,6 +59,7 @@ var (
 		"freeform_tags":       acctest.Representation{RepType: acctest.Optional, Create: map[string]string{"bar-key": "value"}, Update: map[string]string{"Department": "Accounting"}},
 		"nsg_ids":             acctest.Representation{RepType: acctest.Optional, Create: []string{`${oci_core_network_security_group.test_network_security_group.id}`}},
 		"private_endpoint_ip": acctest.Representation{RepType: acctest.Optional, Create: `10.0.0.4`},
+		"security_attributes": acctest.Representation{RepType: acctest.Optional, Create: map[string]string{"oracle-zpr.MaxEgressCount.value": "42", "oracle-zpr.MaxEgressCount.mode": "enforce"}, Update: map[string]string{"oracle-zpr.MaxEgressCount.value": "1", "oracle-zpr.MaxEgressCount.mode": "enforce"}}, // "{\"maxegresscount\": {\"value\": \"42\", \"mode\": \"audit\"}}"}},
 		"lifecycle":           acctest.RepresentationGroup{RepType: acctest.Required, Group: ignoreChangesDatabaseToolsPrivateEndpointRepresentation},
 	}
 
@@ -137,6 +138,7 @@ func TestDatabaseToolsDatabaseToolsPrivateEndpointResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
 					resource.TestCheckResourceAttrSet(resourceName, "id"),
 					resource.TestCheckResourceAttr(resourceName, "private_endpoint_ip", "10.0.0.4"),
+					resource.TestCheckResourceAttr(resourceName, "security_attributes.%", "2"),
 					resource.TestCheckResourceAttrSet(resourceName, "state"),
 					resource.TestCheckResourceAttrSet(resourceName, "subnet_id"),
 					resource.TestCheckResourceAttrSet(resourceName, "time_created"),
@@ -171,6 +173,7 @@ func TestDatabaseToolsDatabaseToolsPrivateEndpointResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
 					resource.TestCheckResourceAttrSet(resourceName, "id"),
 					resource.TestCheckResourceAttr(resourceName, "private_endpoint_ip", "10.0.0.4"),
+					resource.TestCheckResourceAttr(resourceName, "security_attributes.%", "2"),
 					resource.TestCheckResourceAttrSet(resourceName, "state"),
 					resource.TestCheckResourceAttrSet(resourceName, "subnet_id"),
 					resource.TestCheckResourceAttrSet(resourceName, "time_created"),
@@ -200,6 +203,7 @@ func TestDatabaseToolsDatabaseToolsPrivateEndpointResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
 					resource.TestCheckResourceAttrSet(resourceName, "id"),
 					resource.TestCheckResourceAttr(resourceName, "private_endpoint_ip", "10.0.0.4"),
+					resource.TestCheckResourceAttr(resourceName, "security_attributes.%", "2"),
 					resource.TestCheckResourceAttrSet(resourceName, "state"),
 					resource.TestCheckResourceAttrSet(resourceName, "subnet_id"),
 					resource.TestCheckResourceAttrSet(resourceName, "time_created"),
@@ -251,6 +255,7 @@ func TestDatabaseToolsDatabaseToolsPrivateEndpointResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(singularDatasourceName, "private_endpoint_ip", "10.0.0.4"),
 					resource.TestCheckResourceAttrSet(singularDatasourceName, "private_endpoint_vnic_id"),
 					resource.TestCheckResourceAttr(singularDatasourceName, "reverse_connection_configuration.#", "1"),
+					resource.TestCheckResourceAttr(singularDatasourceName, "security_attributes.%", "2"),
 					resource.TestCheckResourceAttrSet(singularDatasourceName, "state"),
 					resource.TestCheckResourceAttrSet(singularDatasourceName, "time_created"),
 					resource.TestCheckResourceAttrSet(singularDatasourceName, "time_updated"),
@@ -265,8 +270,7 @@ func TestDatabaseToolsDatabaseToolsPrivateEndpointResource_basic(t *testing.T) {
 				ImportStateVerifyIgnore: []string{},
 				ResourceName:            resourceName,
 			},
-		},
-	})
+		}})
 }
 
 func testAccCheckDatabaseToolsDatabaseToolsPrivateEndpointDestroy(s *terraform.State) error {

internal/service/database_tools/database_tools_database_tools_private_endpoint_data_source.go

@@ -120,6 +120,10 @@ func (s *DatabaseToolsDatabaseToolsPrivateEndpointDataSourceCrud) SetData() erro
 		s.D.Set("reverse_connection_configuration", nil)
 	}
 
+	if s.Res.SecurityAttributes != nil {
+		s.D.Set("security_attributes", tfresource.SecurityAttributesToMap(s.Res.SecurityAttributes))
+	}
+
 	s.D.Set("state", s.Res.LifecycleState)
 
 	if s.Res.SubnetId != nil {

internal/service/database_tools/database_tools_database_tools_private_endpoint_resource.go

@@ -123,6 +123,12 @@ func DatabaseToolsDatabaseToolsPrivateEndpointResource() *schema.Resource {
 				Computed: true,
 				ForceNew: true,
 			},
+			"security_attributes": {
+				Type:     schema.TypeMap,
+				Optional: true,
+				Computed: true,
+				Elem:     schema.TypeString,
+			},
 
 			// Computed
 			"additional_fqdns": {
@@ -338,6 +344,10 @@ func (s *DatabaseToolsDatabaseToolsPrivateEndpointResourceCrud) Create() error {
 		request.PrivateEndpointIp = &tmp
 	}
 
+	if securityAttributes, ok := s.D.GetOkExists("security_attributes"); ok {
+		request.SecurityAttributes = tfresource.MapToSecurityAttributes(securityAttributes.(map[string]interface{}))
+	}
+
 	if subnetId, ok := s.D.GetOkExists("subnet_id"); ok {
 		tmp := subnetId.(string)
 		request.SubnetId = &tmp
@@ -547,6 +557,10 @@ func (s *DatabaseToolsDatabaseToolsPrivateEndpointResourceCrud) Update() error {
 		}
 	}
 
+	if securityAttributes, ok := s.D.GetOkExists("security_attributes"); ok {
+		request.SecurityAttributes = tfresource.MapToSecurityAttributes(securityAttributes.(map[string]interface{}))
+	}
+
 	request.RequestMetadata.RetryPolicy = tfresource.GetRetryPolicy(s.DisableNotFoundRetries, "database_tools")
 
 	response, err := s.Client.UpdateDatabaseToolsPrivateEndpoint(context.Background(), request)
@@ -642,6 +656,9 @@ func (s *DatabaseToolsDatabaseToolsPrivateEndpointResourceCrud) SetData() error
 		s.D.Set("reverse_connection_configuration", nil)
 	}
 
+	if s.Res.SecurityAttributes != nil {
+		s.D.Set("security_attributes", tfresource.SecurityAttributesToMap(s.Res.SecurityAttributes))
+	}
 	s.D.Set("state", s.Res.LifecycleState)
 
 	if s.Res.SubnetId != nil {
@@ -756,6 +773,10 @@ func DatabaseToolsPrivateEndpointSummaryToMap(obj oci_database_tools.DatabaseToo
 		result["reverse_connection_configuration"] = []interface{}{DatabaseToolsPrivateEndpointReverseConnectionConfigurationToMap(obj.ReverseConnectionConfiguration)}
 	}
 
+	if obj.SecurityAttributes != nil {
+		result["security_attributes"] = tfresource.SecurityAttributesToMap(obj.SecurityAttributes)
+	}
+
 	result["state"] = string(obj.LifecycleState)
 
 	if obj.SubnetId != nil {

website/docs/d/database_tools_database_tools_connection.html.markdown

@@ -58,7 +58,7 @@ The following attributes are exported:
 	* `proxy_authentication_type` - The proxy authentication type.
 	* `roles` - A list of database roles for the client. These roles are enabled if the proxy is authorized to use the roles on behalf of the client.
 	* `user_name` - The user name.
-	* `user_password` - The user password.
+	* `user_password` - The database user password.
 		* `secret_id` - The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the secret containing the user password.
 		* `value_type` - The value type of the user password.
 * `related_resource` - A related resource
@@ -68,11 +68,11 @@ The following attributes are exported:
 * `state` - The current state of the Database Tools connection.
 * `system_tags` - Usage of system tag keys. These predefined keys are scoped to namespaces. Example: `{"orcl-cloud.free-tier-retained": "true"}` 
 * `time_created` - The time the Database Tools connection was created. An RFC3339 formatted datetime string.
-* `time_updated` - The time the DatabaseToolsConnection was updated. An RFC3339 formatted datetime string.
+* `time_updated` - The time the Database Tools connection was updated. An RFC3339 formatted datetime string.
 * `type` - The Database Tools connection type.
 * `url` - The JDBC URL used to connect to the Generic JDBC database system.
 * `user_name` - The database user name.
-* `user_password` - The user password.
+* `user_password` - The database user password.
 	* `secret_id` - The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the secret containing the user password.
 	* `value_type` - The value type of the user password.
 

website/docs/d/database_tools_database_tools_connections.html.markdown

@@ -33,10 +33,10 @@ data "oci_database_tools_database_tools_connections" "test_database_tools_connec
 
 The following arguments are supported:
 
-* `compartment_id` - (Required) The ID of the compartment in which to list resources.
+* `compartment_id` - (Required) The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment in which to list resources.
 * `display_name` - (Optional) A filter to return only resources that match the entire specified display name.
-* `related_resource_identifier` - (Optional) A filter to return only resources associated to the related resource identifier OCID passed in the query string.
-* `runtime_support` - (Optional) A filter to return only resources with one of the specified runtimeSupport values.
+* `related_resource_identifier` - (Optional) The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the related resource.
+* `runtime_support` - (Optional) A filter to return only resources with one of the specified type values.
 * `state` - (Optional) A filter to return only resources their `lifecycleState` matches the specified `lifecycleState`.
 * `type` - (Optional) A filter to return only resources their type matches the specified type.
 
@@ -77,7 +77,7 @@ The following attributes are exported:
 	* `proxy_authentication_type` - The proxy authentication type.
 	* `roles` - A list of database roles for the client. These roles are enabled if the proxy is authorized to use the roles on behalf of the client.
 	* `user_name` - The user name.
-	* `user_password` - The user password.
+	* `user_password` - The database user password.
 		* `secret_id` - The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the secret containing the user password.
 		* `value_type` - The value type of the user password.
 * `related_resource` - A related resource
@@ -87,11 +87,11 @@ The following attributes are exported:
 * `state` - The current state of the Database Tools connection.
 * `system_tags` - Usage of system tag keys. These predefined keys are scoped to namespaces. Example: `{"orcl-cloud.free-tier-retained": "true"}` 
 * `time_created` - The time the Database Tools connection was created. An RFC3339 formatted datetime string.
-* `time_updated` - The time the DatabaseToolsConnection was updated. An RFC3339 formatted datetime string.
+* `time_updated` - The time the Database Tools connection was updated. An RFC3339 formatted datetime string.
 * `type` - The Database Tools connection type.
 * `url` - The JDBC URL used to connect to the Generic JDBC database system.
 * `user_name` - The database user name.
-* `user_password` - The user password.
+* `user_password` - The database user password.
 	* `secret_id` - The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the secret containing the user password.
 	* `value_type` - The value type of the user password.
 

website/docs/d/database_tools_database_tools_endpoint_services.html.markdown

@@ -31,7 +31,7 @@ data "oci_database_tools_database_tools_endpoint_services" "test_database_tools_
 
 The following arguments are supported:
 
-* `compartment_id` - (Required) The ID of the compartment in which to list resources.
+* `compartment_id` - (Required) The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment in which to list resources.
 * `display_name` - (Optional) A filter to return only resources that match the entire specified display name.
 * `name` - (Optional) A filter to return only resources that match the entire specified name.
 * `state` - (Optional) A filter to return only resources their `lifecycleState` matches the specified `lifecycleState`.

website/docs/d/database_tools_database_tools_private_endpoint.html.markdown

@@ -53,6 +53,7 @@ The following attributes are exported:
 * `reverse_connection_configuration` - Reverse connection configuration details of the private endpoint.
 	* `reverse_connections_source_ips` - A list of IP addresses in the customer VCN to be used as the source IPs for reverse connection packets traveling from the service's VCN to the customer's VCN. 
 		* `source_ip` - The IP address in the customer's VCN to be used as the source IP for reverse connection packets traveling from the customer's VCN to the service's VCN. 
+* `security_attributes` - Zero trust Packet Routing (ZPR) Security Attributes for this resource. Each key is predefined and scoped to a namespace. For more information, see [ZPR Artifacts](https://docs.oracle.com/en-us/iaas/Content/zero-trust-packet-routing/zpr-artifacts.htm). Example: `{"Oracle-ZPR": {"MaxEgressCount": {"value": "42", "mode": "audit"}}}` 
 * `state` - The current state of the Database Tools private endpoint.
 * `subnet_id` - The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the subnet that the private endpoint belongs to.
 * `system_tags` - Usage of system tag keys. These predefined keys are scoped to namespaces. Example: `{"orcl-cloud.free-tier-retained": "true"}` 

website/docs/d/database_tools_database_tools_private_endpoints.html.markdown

@@ -32,7 +32,7 @@ data "oci_database_tools_database_tools_private_endpoints" "test_database_tools_
 
 The following arguments are supported:
 
-* `compartment_id` - (Required) The ID of the compartment in which to list resources.
+* `compartment_id` - (Required) The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment in which to list resources.
 * `display_name` - (Optional) A filter to return only resources that match the entire specified display name.
 * `endpoint_service_id` - (Optional) A filter to return only resources their `endpointServiceId` matches the specified `endpointServiceId`.
 * `state` - (Optional) A filter to return only resources their `lifecycleState` matches the specified `lifecycleState`.
@@ -70,6 +70,7 @@ The following attributes are exported:
 * `reverse_connection_configuration` - Reverse connection configuration details of the private endpoint.
 	* `reverse_connections_source_ips` - A list of IP addresses in the customer VCN to be used as the source IPs for reverse connection packets traveling from the service's VCN to the customer's VCN. 
 		* `source_ip` - The IP address in the customer's VCN to be used as the source IP for reverse connection packets traveling from the customer's VCN to the service's VCN. 
+* `security_attributes` - Zero trust Packet Routing (ZPR) Security Attributes for this resource. Each key is predefined and scoped to a namespace. For more information, see [ZPR Artifacts](https://docs.oracle.com/en-us/iaas/Content/zero-trust-packet-routing/zpr-artifacts.htm). Example: `{"Oracle-ZPR": {"MaxEgressCount": {"value": "42", "mode": "audit"}}}` 
 * `state` - The current state of the Database Tools private endpoint.
 * `subnet_id` - The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the subnet that the private endpoint belongs to.
 * `system_tags` - Usage of system tag keys. These predefined keys are scoped to namespaces. Example: `{"orcl-cloud.free-tier-retained": "true"}` 

website/docs/r/database_tools_database_tools_connection.html.markdown

@@ -110,17 +110,17 @@ The following arguments are supported:
 	* `proxy_authentication_type` - (Required) (Updatable) The proxy authentication type.
 	* `roles` - (Applicable when proxy_authentication_type=USER_NAME) (Updatable) A list of database roles for the client. These roles are enabled if the proxy is authorized to use the roles on behalf of the client.
 	* `user_name` - (Required when proxy_authentication_type=USER_NAME) (Updatable) The user name.
-	* `user_password` - (Applicable when proxy_authentication_type=USER_NAME) (Updatable) The user password.
+	* `user_password` - (Applicable when proxy_authentication_type=USER_NAME) (Updatable) The database user password.
 		* `secret_id` - (Required) (Updatable) The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the secret containing the user password.
 		* `value_type` - (Required) (Updatable) The value type of the user password.
 * `related_resource` - (Applicable when type=MYSQL | ORACLE_DATABASE | POSTGRESQL) (Updatable) The related resource
 	* `entity_type` - (Required when type=MYSQL | ORACLE_DATABASE | POSTGRESQL) (Updatable) The resource entity type.
 	* `identifier` - (Required when type=MYSQL | ORACLE_DATABASE | POSTGRESQL) (Updatable) The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the related resource.
 * `runtime_support` - (Optional) Specifies whether this connection is supported by the Database Tools Runtime.
-* `type` - (Required) (Updatable) The DatabaseToolsConnection type.
+* `type` - (Required) (Updatable) The Database Tools connection type.
 * `url` - (Required when type=GENERIC_JDBC) (Updatable) The JDBC URL used to connect to the Generic JDBC database system.
 * `user_name` - (Required) (Updatable) The database user name.
-* `user_password` - (Required) (Updatable) The user password.
+* `user_password` - (Required) (Updatable) The database user password.
 	* `secret_id` - (Required) (Updatable) The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the secret containing the user password.
 	* `value_type` - (Required) (Updatable) The value type of the user password.
 
@@ -158,7 +158,7 @@ The following attributes are exported:
 	* `proxy_authentication_type` - The proxy authentication type.
 	* `roles` - A list of database roles for the client. These roles are enabled if the proxy is authorized to use the roles on behalf of the client.
 	* `user_name` - The user name.
-	* `user_password` - The user password.
+	* `user_password` - The database user password.
 		* `secret_id` - The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the secret containing the user password.
 		* `value_type` - The value type of the user password.
 * `related_resource` - A related resource
@@ -168,11 +168,11 @@ The following attributes are exported:
 * `state` - The current state of the Database Tools connection.
 * `system_tags` - Usage of system tag keys. These predefined keys are scoped to namespaces. Example: `{"orcl-cloud.free-tier-retained": "true"}` 
 * `time_created` - The time the Database Tools connection was created. An RFC3339 formatted datetime string.
-* `time_updated` - The time the DatabaseToolsConnection was updated. An RFC3339 formatted datetime string.
+* `time_updated` - The time the Database Tools connection was updated. An RFC3339 formatted datetime string.
 * `type` - The Database Tools connection type.
 * `url` - The JDBC URL used to connect to the Generic JDBC database system.
 * `user_name` - The database user name.
-* `user_password` - The user password.
+* `user_password` - The database user password.
 	* `secret_id` - The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the secret containing the user password.
 	* `value_type` - The value type of the user password.