Added - Support for NLB Active/Standby Purist Mode

Author: Rich Choi

examples/network_load_balancer/backend_set_unified/backend_set_unified.tf

@@ -228,12 +228,49 @@ resource "oci_network_load_balancer_network_load_balancers_backend_sets_unified"
   depends_on = [oci_network_load_balancer_network_load_balancer.nlb1]
 }
 
+resource "oci_network_load_balancer_network_load_balancers_backend_sets_unified" "nlb-bes2" {
+  name                     = "nlb-bes2"
+  network_load_balancer_id = oci_network_load_balancer_network_load_balancer.nlb1.id
+  policy                   = "TWO_TUPLE"
+  is_instant_failover_enabled = true
+  is_instant_failover_tcp_reset_enabled = true
+  are_operationally_active_backends_preferred = true
+
+  health_checker {
+    port                = "80"
+    protocol            = "TCP"
+    request_data        = "SGVsbG9Xb3JsZA=="
+    response_data       = "SGVsbG9Xb3JsZA=="
+    timeout_in_millis   = 10000
+    interval_in_millis  = 10000
+    retries             = 3
+  }
+
+  backends {
+    ip_address               = "10.0.0.11"
+    port                     = 80
+    is_backup                = true
+    is_drain                 = false
+    is_offline               = false
+  }
+
+  backends {
+    ip_address                = "10.0.0.12"
+    port                     = 80
+    is_backup                = false
+    is_drain                 = false
+    is_offline               = false
+  }
+
+  depends_on = [oci_network_load_balancer_network_load_balancers_backend_sets_unified.nlb-bes1]
+}
+
 resource "oci_network_load_balancer_listener" "nlb-listener1" {
   network_load_balancer_id    = oci_network_load_balancer_network_load_balancer.nlb1.id
   name                        = "tcp_listener"
   default_backend_set_name    = oci_network_load_balancer_network_load_balancers_backend_sets_unified.nlb-bes1.name
   port                        = 80
   protocol                    = "TCP"
 
-  depends_on = [oci_network_load_balancer_network_load_balancers_backend_sets_unified.nlb-bes1]
+  depends_on = [oci_network_load_balancer_network_load_balancers_backend_sets_unified.nlb-bes2]
 }

examples/network_load_balancer/network_load_balancer_full/nlb_full.tf

@@ -19,17 +19,13 @@ variable "compartment_ocid" {
 variable "region" {
 }
 
-variable "instance_image_ocid" {
-  type = map(string)
-
-  default = {
-    # See https://docs.us-phoenix-1.oraclecloud.com/images/
-    # Oracle-provided image "Oracle-Linux-7.5-2018.10.16-0"
-    us-phoenix-1   = "ocid1.image.oc1.phx.aaaaaaaaoqj42sokaoh42l76wsyhn3k2beuntrh5maj3gmgmzeyr55zzrwwa"
-    us-ashburn-1   = "ocid1.image.oc1.iad.aaaaaaaageeenzyuxgia726xur4ztaoxbxyjlxogdhreu3ngfj2gji3bayda"
-    eu-frankfurt-1 = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaaitzn6tdyjer7jl34h2ujz74jwy5nkbukbh55ekp6oyzwrtfa4zma"
-    uk-london-1    = "ocid1.image.oc1.uk-london-1.aaaaaaaa32voyikkkzfxyo4xbdmadc2dmvorfxxgdhpnk6dw64fa3l4jh7wa"
-  }
+data "oci_core_images" "test_images" {
+  compartment_id           = var.compartment_ocid
+  operating_system         = "Oracle Linux"
+  operating_system_version = "8"
+  shape                    = var.instance_shape
+  sort_by                  = "TIMECREATED"
+  sort_order               = "DESC"
 }
 
 variable "instance_shape" {
@@ -241,7 +237,7 @@ resource "oci_core_instance" "instance1" {
 
   source_details {
     source_type = "image"
-    source_id   = var.instance_image_ocid[var.region]
+    source_id   = lookup(data.oci_core_images.test_images.images[0], "id")
   }
 }
 
@@ -293,6 +289,11 @@ resource "oci_network_load_balancer_network_load_balancer" "nlb-symmetic" {
 
   is_preserve_source_destination = true
   is_symmetric_hash_enabled = true
+
+  security_attributes = {
+    "secAttriZprNlb.secAttri.mode" = "enforce"
+    "secAttriZprNlb.secAttri.value" = "someVal"
+  }
 }
 
 resource "oci_network_load_balancer_backend_set" "nlb-bes-symmetric" {
@@ -350,6 +351,7 @@ resource "oci_network_load_balancer_backend_set" "nlb-bes1" {
   network_load_balancer_id    = oci_network_load_balancer_network_load_balancer.nlb1.id
   policy                      = "TWO_TUPLE"
   is_instant_failover_enabled = true
+  is_instant_failover_tcp_reset_enabled = true
 
   health_checker {
     port                = "80"
@@ -368,6 +370,7 @@ resource "oci_network_load_balancer_backend_set" "nlb-bes2" {
   network_load_balancer_id    = oci_network_load_balancer_network_load_balancer.nlb1.id
   policy                      = "THREE_TUPLE"
   is_instant_failover_enabled = true
+  is_instant_failover_tcp_reset_enabled = false
   is_fail_open                = true
 
   health_checker {
@@ -390,6 +393,7 @@ resource "oci_network_load_balancer_backend_set" "nlb-bes3" {
   policy                   = "THREE_TUPLE"
   is_fail_open = false
   is_instant_failover_enabled = true
+  are_operationally_active_backends_preferred = true
 
 
   health_checker {
@@ -503,6 +507,29 @@ resource "oci_network_load_balancer_backend" "nlb-be2" {
   depends_on = [oci_network_load_balancer_backend.nlb-be1]
 }
 
+resource "oci_network_load_balancer_backend" "nlb-be3" {
+  network_load_balancer_id = oci_network_load_balancer_network_load_balancer.nlb1.id
+  backend_set_name         = oci_network_load_balancer_backend_set.nlb-bes3.name
+  ip_address                = "10.1.20.11"
+  port                     = 22
+  is_backup                = false
+  is_drain                 = false
+  is_offline               = false
+  weight                   = 1
+  depends_on = [oci_network_load_balancer_backend.nlb-be2]
+}
+
+resource "oci_network_load_balancer_backend" "nlb-be4" {
+  network_load_balancer_id = oci_network_load_balancer_network_load_balancer.nlb1.id
+  backend_set_name         = oci_network_load_balancer_backend_set.nlb-bes3.name
+  ip_address                = "10.1.20.12"
+  port                     = 22
+  is_backup                = true
+  is_drain                 = false
+  is_offline               = false
+  weight                   = 1
+  depends_on = [oci_network_load_balancer_backend.nlb-be3]
+}
 
 /* Network Load Balancer IPv6*/
 

internal/integrationtest/network_load_balancer_backend_set_test.go

@@ -45,14 +45,16 @@ var (
 	}
 
 	NetworkLoadBalancerBackendSetRepresentation = map[string]interface{}{
-		"health_checker":              acctest.RepresentationGroup{RepType: acctest.Required, Group: NetworkLoadBalancerBackendSetHealthCheckerRepresentation},
-		"name":                        acctest.Representation{RepType: acctest.Required, Create: `example_backend_set`},
-		"network_load_balancer_id":    acctest.Representation{RepType: acctest.Required, Create: `${oci_network_load_balancer_network_load_balancer.test_network_load_balancer.id}`},
-		"policy":                      acctest.Representation{RepType: acctest.Required, Create: `FIVE_TUPLE`, Update: `THREE_TUPLE`},
-		"ip_version":                  acctest.Representation{RepType: acctest.Optional, Create: `IPV4`},
-		"is_fail_open":                acctest.Representation{RepType: acctest.Optional, Create: `false`, Update: `true`},
-		"is_preserve_source":          acctest.Representation{RepType: acctest.Optional, Create: `false`, Update: `true`},
-		"is_instant_failover_enabled": acctest.Representation{RepType: acctest.Optional, Create: `false`, Update: `true`},
+		"health_checker":           acctest.RepresentationGroup{RepType: acctest.Required, Group: NetworkLoadBalancerBackendSetHealthCheckerRepresentation},
+		"name":                     acctest.Representation{RepType: acctest.Required, Create: `example_backend_set`},
+		"network_load_balancer_id": acctest.Representation{RepType: acctest.Required, Create: `${oci_network_load_balancer_network_load_balancer.test_network_load_balancer.id}`},
+		"policy":                   acctest.Representation{RepType: acctest.Required, Create: `FIVE_TUPLE`, Update: `THREE_TUPLE`},
+		"are_operationally_active_backends_preferred": acctest.Representation{RepType: acctest.Optional, Create: `false`, Update: `true`},
+		"ip_version":                            acctest.Representation{RepType: acctest.Optional, Create: `IPV4`},
+		"is_fail_open":                          acctest.Representation{RepType: acctest.Optional, Create: `false`, Update: `true`},
+		"is_instant_failover_enabled":           acctest.Representation{RepType: acctest.Optional, Create: `false`, Update: `true`},
+		"is_instant_failover_tcp_reset_enabled": acctest.Representation{RepType: acctest.Optional, Create: `false`, Update: `true`},
+		"is_preserve_source":                    acctest.Representation{RepType: acctest.Optional, Create: `false`, Update: `true`},
 	}
 	NetworkLoadBalancerBackendSetHealthCheckerRepresentation = map[string]interface{}{
 		"protocol":           acctest.Representation{RepType: acctest.Required, Create: `TCP`, Update: `TCP`},
@@ -174,6 +176,7 @@ func TestNetworkLoadBalancerBackendSetResource_basic(t *testing.T) {
 			Config: config + compartmentIdVariableStr + NetworkLoadBalancerBackendSetResourceDependencies +
 				acctest.GenerateResourceFromRepresentationMap("oci_network_load_balancer_backend_set", "test_backend_set", acctest.Optional, acctest.Create, NetworkLoadBalancerBackendSetRepresentation),
 			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttr(resourceName, "are_operationally_active_backends_preferred", "false"),
 				resource.TestCheckResourceAttr(resourceName, "backends.#", "0"),
 				resource.TestCheckResourceAttr(resourceName, "health_checker.#", "1"),
 				resource.TestCheckResourceAttr(resourceName, "health_checker.0.dns.#", "0"),
@@ -189,6 +192,7 @@ func TestNetworkLoadBalancerBackendSetResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(resourceName, "health_checker.0.url_path", ""),
 				resource.TestCheckResourceAttr(resourceName, "ip_version", "IPV4"),
 				resource.TestCheckResourceAttr(resourceName, "is_instant_failover_enabled", "false"),
+				resource.TestCheckResourceAttr(resourceName, "is_instant_failover_tcp_reset_enabled", "false"),
 				resource.TestCheckResourceAttr(resourceName, "is_fail_open", "false"),
 				resource.TestCheckResourceAttr(resourceName, "is_preserve_source", "false"),
 				resource.TestCheckResourceAttr(resourceName, "name", "example_backend_set"),
@@ -224,6 +228,9 @@ func TestNetworkLoadBalancerBackendSetResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(resourceName, "health_checker.0.retries", "5"),
 				resource.TestCheckResourceAttr(resourceName, "health_checker.0.timeout_in_millis", "30000"),
 				resource.TestCheckResourceAttr(resourceName, "health_checker.0.url_path", ""),
+				resource.TestCheckResourceAttr(resourceName, "is_instant_failover_enabled", "true"),
+				resource.TestCheckResourceAttr(resourceName, "is_instant_failover_tcp_reset_enabled", "true"),
+				resource.TestCheckResourceAttr(resourceName, "are_operationally_active_backends_preferred", "true"),
 				resource.TestCheckResourceAttr(resourceName, "is_preserve_source", "true"),
 				resource.TestCheckResourceAttr(resourceName, "name", "example_backend_set"),
 				resource.TestCheckResourceAttrSet(resourceName, "network_load_balancer_id"),
@@ -285,6 +292,8 @@ func TestNetworkLoadBalancerBackendSetResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(resourceName, "ip_version", "IPV4"),
 				resource.TestCheckResourceAttr(resourceName, "is_fail_open", "true"),
 				resource.TestCheckResourceAttr(resourceName, "is_instant_failover_enabled", "true"),
+				resource.TestCheckResourceAttr(resourceName, "is_instant_failover_tcp_reset_enabled", "true"),
+				resource.TestCheckResourceAttr(resourceName, "are_operationally_active_backends_preferred", "true"),
 				resource.TestCheckResourceAttr(resourceName, "health_checker.0.return_code", "204"),
 				resource.TestCheckResourceAttr(resourceName, "health_checker.0.timeout_in_millis", "30000"),
 				resource.TestCheckResourceAttr(resourceName, "health_checker.0.url_path", "/urlPath2"),
@@ -400,6 +409,9 @@ func TestNetworkLoadBalancerBackendSetResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(resourceName, "health_checker.0.response_body_regex", "^(?i)(false)$"),
 				resource.TestCheckResourceAttr(resourceName, "health_checker.0.retries", "5"),
 				resource.TestCheckResourceAttr(resourceName, "is_fail_open", "true"),
+				resource.TestCheckResourceAttr(resourceName, "is_instant_failover_enabled", "true"),
+				resource.TestCheckResourceAttr(resourceName, "is_instant_failover_tcp_reset_enabled", "true"),
+				resource.TestCheckResourceAttr(resourceName, "are_operationally_active_backends_preferred", "true"),
 				resource.TestCheckResourceAttr(resourceName, "health_checker.0.return_code", "204"),
 				resource.TestCheckResourceAttr(resourceName, "health_checker.0.timeout_in_millis", "30000"),
 				resource.TestCheckResourceAttr(resourceName, "health_checker.0.url_path", "/urlPath2"),
@@ -482,7 +494,8 @@ func TestNetworkLoadBalancerBackendSetResource_basic(t *testing.T) {
 			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
 				resource.TestCheckResourceAttr(datasourceName, "backend_set_collection.#", "1"),
 				resource.TestCheckResourceAttr(datasourceName, "backend_set_collection.0.items.#", "1"),
-				resource.TestCheckNoResourceAttr(datasourceName, "backend_set_collection.0.items.0.backends"),
+				resource.TestCheckResourceAttr(datasourceName, "backend_set_collection.0.items.0.backends.#", "0"),
+				//resource.TestCheckNoResourceAttr(datasourceName, "backend_set_collection.0.items.0.backends"),
 				resource.TestCheckResourceAttr(resourceName, "health_checker.#", "1"),
 				resource.TestCheckResourceAttr(resourceName, "health_checker.0.interval_in_millis", "30000"),
 				resource.TestCheckResourceAttr(resourceName, "health_checker.0.port", "8080"),
@@ -532,6 +545,7 @@ func TestNetworkLoadBalancerBackendSetResource_basic(t *testing.T) {
 			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
 				resource.TestCheckResourceAttrSet(singularDatasourceName, "backend_set_name"),
 				resource.TestCheckResourceAttrSet(singularDatasourceName, "network_load_balancer_id"),
+				resource.TestCheckResourceAttr(singularDatasourceName, "are_operationally_active_backends_preferred", "true"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "backends.#", "0"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "health_checker.#", "1"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "health_checker.0.interval_in_millis", "30000"),
@@ -542,6 +556,7 @@ func TestNetworkLoadBalancerBackendSetResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(singularDatasourceName, "health_checker.0.response_data", ""),
 				resource.TestCheckResourceAttr(singularDatasourceName, "health_checker.0.retries", "5"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "is_instant_failover_enabled", "true"),
+				resource.TestCheckResourceAttr(singularDatasourceName, "is_instant_failover_tcp_reset_enabled", "true"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "health_checker.0.return_code", "204"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "health_checker.0.timeout_in_millis", "30000"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "health_checker.0.url_path", "/urlPath2"),

internal/integrationtest/network_load_balancer_network_load_balancer_backend_set_backend_operational_status_test.go

@@ -0,0 +1,61 @@
+// Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package integrationtest
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/oracle/terraform-provider-oci/httpreplay"
+	"github.com/oracle/terraform-provider-oci/internal/acctest"
+
+	"github.com/oracle/terraform-provider-oci/internal/utils"
+)
+
+var (
+	NetworkLoadBalancerNetworkLoadBalancerBackendSetBackendOperationalStatusSingularDataSourceRepresentation = map[string]interface{}{
+		"backend_name":             acctest.Representation{RepType: acctest.Required, Create: `${oci_network_load_balancer_backend.test_backend.name}`},
+		"backend_set_name":         acctest.Representation{RepType: acctest.Required, Create: `${oci_network_load_balancer_backend_set.test_backend_set.name}`},
+		"network_load_balancer_id": acctest.Representation{RepType: acctest.Required, Create: `${oci_network_load_balancer_network_load_balancer.test_network_load_balancer.id}`},
+	}
+
+	NetworkLoadBalancerNetworkLoadBalancerBackendSetBackendOperationalStatusResourceConfig = acctest.GenerateResourceFromRepresentationMap("oci_core_subnet", "test_subnet", acctest.Required, acctest.Create, CoreSubnetRepresentation) +
+		acctest.GenerateResourceFromRepresentationMap("oci_core_vcn", "test_vcn", acctest.Required, acctest.Create, CoreVcnRepresentation) +
+		acctest.GenerateResourceFromRepresentationMap("oci_network_load_balancer_backend_set", "test_backend_set", acctest.Required, acctest.Create, NetworkLoadBalancerBackendSetRepresentation) +
+		acctest.GenerateResourceFromRepresentationMap("oci_network_load_balancer_backend", "test_backend", acctest.Required, acctest.Create, NetworkLoadBalancerBackendRepresentation) +
+		acctest.GenerateResourceFromRepresentationMap("oci_network_load_balancer_network_load_balancer", "test_network_load_balancer", acctest.Required, acctest.Create, NetworkLoadBalancerNetworkLoadBalancerRepresentation)
+)
+
+// issue-routing-tag: network_load_balancer/default
+func TestNetworkLoadBalancerNetworkLoadBalancerBackendSetBackendOperationalStatusResource_basic(t *testing.T) {
+	httpreplay.SetScenario("TestNetworkLoadBalancerNetworkLoadBalancerBackendSetBackendOperationalStatusResource_basic")
+	defer httpreplay.SaveScenario()
+
+	config := acctest.ProviderTestConfig()
+
+	compartmentId := utils.GetEnvSettingWithBlankDefault("compartment_ocid")
+	compartmentIdVariableStr := fmt.Sprintf("variable \"compartment_id\" { default = \"%s\" }\n", compartmentId)
+
+	singularDatasourceName := "data.oci_network_load_balancer_network_load_balancer_backend_set_backend_operational_status.test_network_load_balancer_backend_set_backend_operational_status"
+
+	acctest.SaveConfigContent("", "", "", t)
+
+	acctest.ResourceTest(t, nil, []resource.TestStep{
+		// verify singular datasource
+		{
+			Config: config +
+				acctest.GenerateDataSourceFromRepresentationMap("oci_network_load_balancer_network_load_balancer_backend_set_backend_operational_status", "test_network_load_balancer_backend_set_backend_operational_status", acctest.Required, acctest.Create, NetworkLoadBalancerNetworkLoadBalancerBackendSetBackendOperationalStatusSingularDataSourceRepresentation) +
+				compartmentIdVariableStr + NetworkLoadBalancerNetworkLoadBalancerBackendSetBackendOperationalStatusResourceConfig,
+			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttrSet(singularDatasourceName, "backend_name"),
+				resource.TestCheckResourceAttrSet(singularDatasourceName, "backend_set_name"),
+				resource.TestCheckResourceAttrSet(singularDatasourceName, "network_load_balancer_id"),
+
+				resource.TestCheckResourceAttrSet(singularDatasourceName, "status"),
+			),
+		},
+	})
+}

internal/integrationtest/network_load_balancer_network_load_balancer_test.go

@@ -63,7 +63,7 @@ var (
 		"reserved_ips":                   acctest.RepresentationGroup{RepType: acctest.Optional, Group: networkLoadBalancerReservedIpsRepresentation},
 		"network_security_group_ids":     acctest.Representation{RepType: acctest.Optional, Create: []string{`${oci_core_network_security_group.test_network_security_group.id}`}},
 		"lifecycle":                      acctest.RepresentationGroup{RepType: acctest.Required, Group: NetworkLoadBalancerIgnoreChangesRepresentation},
-		"security_attributes":            acctest.Representation{RepType: acctest.Optional, Create: map[string]string{"secAttriZprNlbIAD.secAttriIAD.mode": "enforce", "secAttriZprNlbIAD.secAttriIAD.value": "someVal"}},
+		"security_attributes":            acctest.Representation{RepType: acctest.Optional, Create: map[string]string{"secAttriZprNlb.secAttri.mode": "enforce", "secAttriZprNlb.secAttri.value": "someVal"}},
 	}
 
 	NetworkLoadBalancerSubnetIpv6CidrRepresentation = map[string]interface{}{