Added - IAM DB Federated SSO for Oracle DB

Author: varmax2511

examples/identity_data_plane/scopedaccesstoken.tf

@@ -0,0 +1,17 @@
+// Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+
+variable "public_key" {
+  default = "-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYNxKqyNSTPApIVh1xiR3914Q8Ex+goi8kbMUjMa/b47A12SGdh18SAsZTTkld09MGhIswyv2Eln5MQKyupf646zk0E0kxH4llpfSAtUEaa5bxRXhko5BejvimMy4hCMn+kYkzAre7CoAw97rZ96L+TgkqdtwYXl0JzE4xYwfM7OqkH9/3TIeiX4q8kVDi0CsHMGbBo4gMIIunLoEn27ej/Vm6Nbkgl8AnJaWZq8gG8y6ojDLrJhnTK4IVYZ3XYx2uxz/E5VcjMaTdWVjKVCS4F2yK9hFbL1G2KDDh8k3G7dFDFwGI6qxwidbZW7JtcXQWu0Qx0tBNdB28VlsDWZEQIDAQAB-----END PUBLIC KEY-----"
+}
+
+variable "scope" {
+  default = "urn:oracle:db::id::*"
+}
+
+resource "oci_identity_data_plane_generate_scoped_access_token" "test_scoped_access_token" {
+  #Required
+  public_key = var.public_key
+  scope    = var.scope
+}

oci/export_definitions.go

@@ -1982,6 +1982,11 @@ var exportIdentityDomainHints = &TerraformResourceHints{
 	},
 }
 
+var exportIdentityDataPlaneGenerateScopedAccessTokenHints = &TerraformResourceHints{
+	resourceClass:        "oci_identity_data_plane_generate_scoped_access_token",
+	resourceAbbreviation: "generate_scoped_access_token",
+}
+
 var exportIdentityDbCredentialHints = &TerraformResourceHints{
 	resourceClass:        "oci_identity_db_credential",
 	datasourceClass:      "oci_identity_db_credentials",

oci/export_graphs.go

@@ -48,6 +48,7 @@ var compartmentResourceGraphs = map[string]TerraformResourceGraph{
 	"functions":               functionsResourceGraph,
 	"golden_gate":             goldenGateResourceGraph,
 	"health_checks":           healthChecksResourceGraph,
+	"identity_data_plane":     identityDataPlaneResourceGraph,
 	"integration":             integrationResourceGraph,
 	"jms":                     jmsResourceGraph,
 	"kms":                     kmsResourceGraph,
@@ -749,6 +750,10 @@ var identityResourceGraph = TerraformResourceGraph{
 	},
 }
 
+var identityDataPlaneResourceGraph = TerraformResourceGraph{
+	"oci_identity_compartment": {},
+}
+
 var integrationResourceGraph = TerraformResourceGraph{
 	"oci_identity_compartment": {
 		{TerraformResourceHints: exportIntegrationIntegrationInstanceHints},

oci/identity_data_plane_clients.go

@@ -0,0 +1,34 @@
+// Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package oci
+
+import (
+	oci_identity_data_plane "github.com/oracle/oci-go-sdk/v53/identitydataplane"
+
+	oci_common "github.com/oracle/oci-go-sdk/v53/common"
+)
+
+func init() {
+	RegisterOracleClient("oci_identity_data_plane.DataplaneClient", &OracleClient{InitClientFn: initIdentitydataplaneDataplaneClient})
+}
+
+func initIdentitydataplaneDataplaneClient(configProvider oci_common.ConfigurationProvider, configureClient ConfigureClient, serviceClientOverrides ServiceClientOverrides) (interface{}, error) {
+	client, err := oci_identity_data_plane.NewDataplaneClientWithConfigurationProvider(configProvider)
+	if err != nil {
+		return nil, err
+	}
+	err = configureClient(&client.BaseClient)
+	if err != nil {
+		return nil, err
+	}
+
+	if serviceClientOverrides.hostUrlOverride != "" {
+		client.Host = serviceClientOverrides.hostUrlOverride
+	}
+	return &client, nil
+}
+
+func (m *OracleClients) dataplaneClient() *oci_identity_data_plane.DataplaneClient {
+	return m.GetClient("oci_identity_data_plane.DataplaneClient").(*oci_identity_data_plane.DataplaneClient)
+}

oci/identity_data_plane_generate_scoped_access_token_resource.go

@@ -0,0 +1,108 @@
+// Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package oci
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+
+	oci_identity_data_plane "github.com/oracle/oci-go-sdk/v53/identitydataplane"
+)
+
+func init() {
+	RegisterResource("oci_identity_data_plane_generate_scoped_access_token", IdentityDataPlaneGenerateScopedAccessTokenResource())
+}
+
+func IdentityDataPlaneGenerateScopedAccessTokenResource() *schema.Resource {
+	return &schema.Resource{
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Timeouts: DefaultTimeout,
+		Create:   createIdentityDataPlaneGenerateScopedAccessToken,
+		Read:     readIdentityDataPlaneGenerateScopedAccessToken,
+		Delete:   deleteIdentityDataPlaneGenerateScopedAccessToken,
+		Schema: map[string]*schema.Schema{
+			// Required
+			"public_key": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"scope": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			// Optional
+
+			// Computed
+			"token": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func createIdentityDataPlaneGenerateScopedAccessToken(d *schema.ResourceData, m interface{}) error {
+	sync := &IdentityDataPlaneGenerateScopedAccessTokenResourceCrud{}
+	sync.D = d
+	sync.Client = m.(*OracleClients).dataplaneClient()
+
+	return CreateResource(d, sync)
+}
+
+func readIdentityDataPlaneGenerateScopedAccessToken(d *schema.ResourceData, m interface{}) error {
+	return nil
+}
+
+func deleteIdentityDataPlaneGenerateScopedAccessToken(d *schema.ResourceData, m interface{}) error {
+	return nil
+}
+
+type IdentityDataPlaneGenerateScopedAccessTokenResourceCrud struct {
+	BaseCrud
+	Client                 *oci_identity_data_plane.DataplaneClient
+	Res                    *oci_identity_data_plane.SecurityToken
+	DisableNotFoundRetries bool
+}
+
+func (s *IdentityDataPlaneGenerateScopedAccessTokenResourceCrud) ID() string {
+	return *s.Res.Token
+}
+
+func (s *IdentityDataPlaneGenerateScopedAccessTokenResourceCrud) Create() error {
+	request := oci_identity_data_plane.GenerateScopedAccessTokenRequest{}
+
+	if publicKey, ok := s.D.GetOkExists("public_key"); ok {
+		tmp := publicKey.(string)
+		request.PublicKey = &tmp
+	}
+
+	if scope, ok := s.D.GetOkExists("scope"); ok {
+		tmp := scope.(string)
+		request.Scope = &tmp
+	}
+
+	request.RequestMetadata.RetryPolicy = GetRetryPolicy(s.DisableNotFoundRetries, "identity_data_plane")
+
+	response, err := s.Client.GenerateScopedAccessToken(context.Background(), request)
+	if err != nil {
+		return err
+	}
+
+	s.Res = &response.SecurityToken
+	return nil
+}
+
+func (s *IdentityDataPlaneGenerateScopedAccessTokenResourceCrud) SetData() error {
+	if s.Res.Token != nil {
+		s.D.Set("token", *s.Res.Token)
+	}
+
+	return nil
+}

oci/identity_data_plane_generate_scoped_access_token_test.go

@@ -0,0 +1,64 @@
+// Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package oci
+
+import (
+	"fmt"
+	"strconv"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+
+	"github.com/terraform-providers/terraform-provider-oci/httpreplay"
+)
+
+var (
+	generateScopedAccessTokenRepresentation = map[string]interface{}{
+		"public_key": Representation{RepType: Required, Create: `-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYNxKqyNSTPApIVh1xiR3914Q8Ex+goi8kbMUjMa/b47A12SGdh18SAsZTTkld09MGhIswyv2Eln5MQKyupf646zk0E0kxH4llpfSAtUEaa5bxRXhko5BejvimMy4hCMn+kYkzAre7CoAw97rZ96L+TgkqdtwYXl0JzE4xYwfM7OqkH9/3TIeiX4q8kVDi0CsHMGbBo4gMIIunLoEn27ej/Vm6Nbkgl8AnJaWZq8gG8y6ojDLrJhnTK4IVYZ3XYx2uxz/E5VcjMaTdWVjKVCS4F2yK9hFbL1G2KDDh8k3G7dFDFwGI6qxwidbZW7JtcXQWu0Qx0tBNdB28VlsDWZEQIDAQAB-----END PUBLIC KEY-----`},
+		"scope":      Representation{RepType: Required, Create: `urn:oracle:db::id::*`},
+	}
+
+	GenerateScopedAccessTokenResourceDependencies = ""
+)
+
+// issue-routing-tag: identity_data_plane/default
+func TestIdentityDataPlaneGenerateScopedAccessTokenResource_basic(t *testing.T) {
+	httpreplay.SetScenario("TestIdentityDataPlaneGenerateScopedAccessTokenResource_basic")
+	defer httpreplay.SaveScenario()
+
+	config := testProviderConfig()
+
+	compartmentId := getEnvSettingWithBlankDefault("compartment_ocid")
+	compartmentIdVariableStr := fmt.Sprintf("variable \"compartment_id\" { default = \"%s\" }\n", compartmentId)
+
+	resourceName := "oci_identity_data_plane_generate_scoped_access_token.test_generate_scoped_access_token"
+
+	var resId string
+	// Save TF content to Create resource with only required properties. This has to be exactly the same as the config part in the create step in the test.
+	SaveConfigContent(config+compartmentIdVariableStr+GenerateScopedAccessTokenResourceDependencies+
+		GenerateResourceFromRepresentationMap("oci_identity_data_plane_generate_scoped_access_token", "test_generate_scoped_access_token", Required, Create, generateScopedAccessTokenRepresentation), "identitydataplane", "generateScopedAccessToken", t)
+
+	ResourceTest(t, nil, []resource.TestStep{
+		// verify Create
+		{
+			Config: config + compartmentIdVariableStr + GenerateScopedAccessTokenResourceDependencies +
+				GenerateResourceFromRepresentationMap("oci_identity_data_plane_generate_scoped_access_token", "test_generate_scoped_access_token", Required, Create, generateScopedAccessTokenRepresentation),
+			Check: ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttr(resourceName, "public_key", "-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYNxKqyNSTPApIVh1xiR3914Q8Ex+goi8kbMUjMa/b47A12SGdh18SAsZTTkld09MGhIswyv2Eln5MQKyupf646zk0E0kxH4llpfSAtUEaa5bxRXhko5BejvimMy4hCMn+kYkzAre7CoAw97rZ96L+TgkqdtwYXl0JzE4xYwfM7OqkH9/3TIeiX4q8kVDi0CsHMGbBo4gMIIunLoEn27ej/Vm6Nbkgl8AnJaWZq8gG8y6ojDLrJhnTK4IVYZ3XYx2uxz/E5VcjMaTdWVjKVCS4F2yK9hFbL1G2KDDh8k3G7dFDFwGI6qxwidbZW7JtcXQWu0Qx0tBNdB28VlsDWZEQIDAQAB-----END PUBLIC KEY-----"),
+				resource.TestCheckResourceAttr(resourceName, "scope", "urn:oracle:db::id::*"),
+
+				func(s *terraform.State) (err error) {
+					resId, err = FromInstanceState(s, resourceName, "id")
+					if isEnableExportCompartment, _ := strconv.ParseBool(getEnvSettingWithDefault("enable_export_compartment", "true")); isEnableExportCompartment {
+						if errExport := TestExportCompartmentWithResourceName(&resId, &compartmentId, resourceName); errExport != nil {
+							return errExport
+						}
+					}
+					return err
+				},
+			),
+		},
+	})
+}

website/docs/guides/resource_discovery.html.markdown

@@ -149,6 +149,7 @@ The generated `.tf` files contain the Terraform configuration with the resources
     * `golden_gate` - Discovers golden_gate resources within the specified compartment
     * `health_checks` - Discovers health_checks resources within the specified compartment
     * `identity` - Discovers identity resources across the entire tenancy
+    * `identity_data_plane` - Discovers identity_data_plane resources within the specified compartment
     * `integration` - Discovers integration resources within the specified compartment
     * `jms` - Discovers jms resources within the specified compartment
     * `kms` - Discovers kms resources within the specified compartment
@@ -565,6 +566,10 @@ identity
 * oci\_identity\_domain
 * oci\_identity\_db\_credential
 
+identity_data_plane
+    
+* oci\_identity\_data\_plane\_generate\_scoped\_access\_token
+
 integration
 
 * oci\_integration\_integration\_instance

website/docs/r/identity_data_plane_generate_scoped_access_token.html.markdown

@@ -0,0 +1,58 @@
+---
+subcategory: "Identity Data Plane"
+layout: "oci"
+page_title: "Oracle Cloud Infrastructure: oci_identity_data_plane_generate_scoped_access_token"
+sidebar_current: "docs-oci-resource-identity_data_plane-generate_scoped_access_token"
+description: |-
+  Provides the Generate Scoped Access Token resource in Oracle Cloud Infrastructure Identity Data Plane service
+---
+
+# oci_identity_data_plane_generate_scoped_access_token
+This resource provides the Generate Scoped Access Token resource in Oracle Cloud Infrastructure Identity Data Plane service.
+
+Based on the calling principal and the input payload, derive the claims and create a security token.
+
+
+## Example Usage
+
+```hcl
+resource "oci_identity_data_plane_generate_scoped_access_token" "test_generate_scoped_access_token" {
+	#Required
+	public_key = var.generate_scoped_access_token_public_key
+	scope = var.generate_scoped_access_token_scope
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `public_key` - (Required) A temporary public key, owned by the service. The service also owns the corresponding private key. This public key will by put inside the security token by the auth service after successful validation of the certificate. 
+* `scope` - (Required) Scope definition for the scoped access token 
+
+
+** IMPORTANT **
+Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `token` - The security token, signed by auth service
+
+## Timeouts
+
+The `timeouts` block allows you to specify [timeouts](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/guides/changing_timeouts) for certain operations:
+	* `create` - (Defaults to 20 minutes), when creating the Generate Scoped Access Token
+	* `update` - (Defaults to 20 minutes), when updating the Generate Scoped Access Token
+	* `delete` - (Defaults to 20 minutes), when destroying the Generate Scoped Access Token
+
+
+## Import
+
+GenerateScopedAccessToken can be imported using the `id`, e.g.
+
+```
+$ terraform import oci_identity_data_plane_generate_scoped_access_token.test_generate_scoped_access_token "id"
+```
+