Added - 9/24- Support for ZPR v1

Author: Terraform Team Automation

examples/networking/vcn/vcn.tf

@@ -26,6 +26,8 @@ provider "oci" {
   fingerprint      = var.fingerprint
   private_key_path = var.private_key_path
   region           = var.region
+  auth = "SecurityToken"
+  config_file_profile = "terraform-federation-test"
   ignore_defined_tags      = ["testexamples-tag-namespace.tf-example-tag"]
 }
 
@@ -34,6 +36,7 @@ resource "oci_core_vcn" "vcn" {
   dns_label      = "vcn"
   compartment_id = var.compartment_ocid
   display_name   = "vcn"
+  security_attributes = {"sample-namespace.value": "examplevalue", "sample-namespace.mode": "examplemode"}
 }
 
 output "vcn_id" {

internal/integrationtest/core_vcn_test.go

@@ -45,13 +45,14 @@ var (
 	}
 
 	CoreVcnRepresentation = map[string]interface{}{
-		"cidr_block":     acctest.Representation{RepType: acctest.Required, Create: `10.0.0.0/16`},
-		"compartment_id": acctest.Representation{RepType: acctest.Required, Create: `${var.compartment_id}`},
-		"defined_tags":   acctest.Representation{RepType: acctest.Optional, Create: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "value")}`, Update: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "updatedValue")}`},
-		"display_name":   acctest.Representation{RepType: acctest.Optional, Create: `displayName`, Update: `displayName2`},
-		"dns_label":      acctest.Representation{RepType: acctest.Optional, Create: `dnslabel`},
-		"freeform_tags":  acctest.Representation{RepType: acctest.Optional, Create: map[string]string{"Department": "Finance"}, Update: map[string]string{"Department": "Accounting"}},
-		"lifecycle":      acctest.RepresentationGroup{RepType: acctest.Required, Group: ignoreDefinedTagsChangesRep},
+		"cidr_block":          acctest.Representation{RepType: acctest.Required, Create: `10.0.0.0/16`},
+		"compartment_id":      acctest.Representation{RepType: acctest.Required, Create: `${var.compartment_id}`},
+		"defined_tags":        acctest.Representation{RepType: acctest.Optional, Create: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "value")}`, Update: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "updatedValue")}`},
+		"display_name":        acctest.Representation{RepType: acctest.Optional, Create: `displayName`, Update: `displayName2`},
+		"dns_label":           acctest.Representation{RepType: acctest.Optional, Create: `dnslabel`},
+		"freeform_tags":       acctest.Representation{RepType: acctest.Optional, Create: map[string]string{"Department": "Finance"}, Update: map[string]string{"Department": "Accounting"}},
+		"lifecycle":           acctest.RepresentationGroup{RepType: acctest.Required, Group: ignoreDefinedTagsChangesRep},
+		"security_attributes": acctest.Representation{RepType: acctest.Optional, Create: map[string]string{"vcncp-canary-test-security-attribute-namespace-56.vcncp-canary-test-security-attribute-57.value": "somevalue", "vcncp-canary-test-security-attribute-namespace-56.vcncp-canary-test-security-attribute-57.mode": "enforce"}, Update: map[string]string{"vcncp-canary-test-security-attribute-namespace-56.vcncp-canary-test-security-attribute-57.value": "updatedValue", "vcncp-canary-test-security-attribute-namespace-56.vcncp-canary-test-security-attribute-57.mode": "enforce"}},
 	}
 
 	CoreVcnRequiredOnlyResourceDependencies = ``
@@ -106,15 +107,18 @@ func TestCoreVcnResource_basic(t *testing.T) {
 			Config: config + compartmentIdVariableStr + VcnResourceDependencies +
 				acctest.GenerateResourceFromRepresentationMap("oci_core_vcn", "test_vcn", acctest.Optional, acctest.Create,
 					acctest.RepresentationCopyWithNewProperties(acctest.RepresentationCopyWithRemovedProperties(CoreVcnRepresentation, []string{"cidr_blocks"}), map[string]interface{}{
-						"is_ipv6enabled": acctest.Representation{RepType: acctest.Optional, Create: `true`},
-					})),
+						"is_ipv6enabled":                   acctest.Representation{RepType: acctest.Optional, Create: `true`},
+						"is_oracle_gua_allocation_enabled": acctest.Representation{RepType: acctest.Optional, Create: `true`}})),
 			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
 				resource.TestCheckResourceAttr(resourceName, "cidr_block", "10.0.0.0/16"),
 				resource.TestCheckResourceAttr(resourceName, "compartment_id", compartmentId),
 				resource.TestCheckResourceAttr(resourceName, "display_name", "displayName"),
 				resource.TestCheckResourceAttr(resourceName, "dns_label", "dnslabel"),
 				resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
 				resource.TestCheckResourceAttr(resourceName, "ipv6cidr_blocks.#", "1"),
+				resource.TestCheckResourceAttr(resourceName, "security_attributes.vcncp-canary-test-security-attribute-namespace-56.vcncp-canary-test-security-attribute-57.value", "somevalue"),
+				resource.TestCheckResourceAttr(resourceName, "security_attributes.vcncp-canary-test-security-attribute-namespace-56.vcncp-canary-test-security-attribute-57.mode", "enforce"),
+				resource.TestCheckResourceAttr(resourceName, "is_oracle_gua_allocation_enabled", "true"),
 				resource.TestCheckResourceAttrSet(resourceName, "id"),
 				resource.TestCheckResourceAttrSet(resourceName, "state"),
 
@@ -132,7 +136,7 @@ func TestCoreVcnResource_basic(t *testing.T) {
 		{
 			Config: config + compartmentIdVariableStr + VcnResourceDependencies +
 				acctest.GenerateResourceFromRepresentationMap("oci_core_vcn", "test_vcn", acctest.Optional, acctest.Update, acctest.RepresentationCopyWithNewProperties(CoreVcnRepresentation, map[string]interface{}{
-					"ipv6private_cidr_blocks": acctest.Representation{RepType: acctest.Required, Create: []string{`2000:1000::/52`}},
+					"ipv6private_cidr_blocks": acctest.Representation{RepType: acctest.Required, Update: []string{`2000:1000::/52`}},
 				})),
 			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
 				resource.TestCheckResourceAttr(resourceName, "cidr_block", "10.0.0.0/16"),
@@ -141,6 +145,10 @@ func TestCoreVcnResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(resourceName, "dns_label", "dnslabel"),
 				resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
 				resource.TestCheckResourceAttr(resourceName, "ipv6cidr_blocks.#", "1"),
+				resource.TestCheckResourceAttr(resourceName, "security_attributes.vcncp-canary-test-security-attribute-namespace-56.vcncp-canary-test-security-attribute-57.value", "updatedValue"),
+				resource.TestCheckResourceAttr(resourceName, "security_attributes.vcncp-canary-test-security-attribute-namespace-56.vcncp-canary-test-security-attribute-57.mode", "enforce"),
+				resource.TestCheckResourceAttr(resourceName, "is_oracle_gua_allocation_enabled", "true"),
+				resource.TestCheckResourceAttr(resourceName, "ipv6private_cidr_blocks.#", "1"),
 				resource.TestCheckResourceAttrSet(resourceName, "id"),
 				resource.TestCheckResourceAttrSet(resourceName, "state"),
 
@@ -170,6 +178,8 @@ func TestCoreVcnResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(resourceName, "dns_label", "dnslabel"),
 				resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
 				resource.TestCheckResourceAttr(resourceName, "ipv6cidr_blocks.#", "1"),
+				resource.TestCheckResourceAttr(resourceName, "is_oracle_gua_allocation_enabled", "true"),
+				resource.TestCheckResourceAttr(resourceName, "security_attributes.%", "2"),
 				resource.TestCheckResourceAttrSet(resourceName, "id"),
 				resource.TestCheckResourceAttrSet(resourceName, "state"),
 
@@ -186,16 +196,18 @@ func TestCoreVcnResource_basic(t *testing.T) {
 		// verify updates to updatable parameters
 		{
 			Config: config + compartmentIdVariableStr + VcnResourceDependencies +
-				acctest.GenerateResourceFromRepresentationMap("oci_core_vcn", "test_vcn", acctest.Optional, acctest.Update, acctest.RepresentationCopyWithNewProperties(CoreVcnRepresentation, map[string]interface{}{
-					"is_ipv6enabled": acctest.Representation{RepType: acctest.Optional, Update: `true`},
-				})),
+				acctest.GenerateResourceFromRepresentationMap("oci_core_vcn", "test_vcn", acctest.Optional, acctest.Update, CoreVcnRepresentation),
 			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
 				resource.TestCheckResourceAttr(resourceName, "cidr_block", "10.0.0.0/16"),
 				resource.TestCheckResourceAttr(resourceName, "compartment_id", compartmentId),
 				resource.TestCheckResourceAttr(resourceName, "display_name", "displayName2"),
 				resource.TestCheckResourceAttr(resourceName, "dns_label", "dnslabel"),
 				resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
 				resource.TestCheckResourceAttr(resourceName, "ipv6cidr_blocks.#", "1"),
+				resource.TestCheckResourceAttr(resourceName, "security_attributes.vcncp-canary-test-security-attribute-namespace-56.vcncp-canary-test-security-attribute-57.value", "updatedValue"),
+				resource.TestCheckResourceAttr(resourceName, "security_attributes.vcncp-canary-test-security-attribute-namespace-56.vcncp-canary-test-security-attribute-57.mode", "enforce"),
+				resource.TestCheckResourceAttr(resourceName, "is_oracle_gua_allocation_enabled", "true"),
+				resource.TestCheckResourceAttr(resourceName, "is_ipv6enabled", "true"),
 				resource.TestCheckResourceAttrSet(resourceName, "id"),
 				resource.TestCheckResourceAttrSet(resourceName, "state"),
 
@@ -213,9 +225,7 @@ func TestCoreVcnResource_basic(t *testing.T) {
 			Config: config +
 				acctest.GenerateDataSourceFromRepresentationMap("oci_core_vcns", "test_vcns", acctest.Optional, acctest.Update, CoreCoreVcnDataSourceRepresentation) +
 				compartmentIdVariableStr + VcnResourceDependencies +
-				acctest.GenerateResourceFromRepresentationMap("oci_core_vcn", "test_vcn", acctest.Optional, acctest.Update, acctest.RepresentationCopyWithNewProperties(CoreVcnRepresentation, map[string]interface{}{
-					"is_ipv6enabled": acctest.Representation{RepType: acctest.Optional, Update: `true`},
-				})),
+				acctest.GenerateResourceFromRepresentationMap("oci_core_vcn", "test_vcn", acctest.Optional, acctest.Update, CoreVcnRepresentation),
 			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
 				resource.TestCheckResourceAttr(datasourceName, "compartment_id", compartmentId),
 				resource.TestCheckResourceAttr(datasourceName, "display_name", "displayName2"),
@@ -231,6 +241,7 @@ func TestCoreVcnResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(datasourceName, "virtual_networks.0.dns_label", "dnslabel"),
 				resource.TestCheckResourceAttr(datasourceName, "virtual_networks.0.freeform_tags.%", "1"),
 				resource.TestCheckResourceAttr(datasourceName, "virtual_networks.0.ipv6cidr_blocks.#", "1"),
+				resource.TestCheckResourceAttr(datasourceName, "virtual_networks.0.security_attributes.%", "2"),
 				resource.TestCheckResourceAttrSet(datasourceName, "virtual_networks.0.id"),
 				resource.TestCheckResourceAttrSet(datasourceName, "virtual_networks.0.state"),
 				resource.TestCheckResourceAttrSet(datasourceName, "virtual_networks.0.time_created"),
@@ -242,9 +253,7 @@ func TestCoreVcnResource_basic(t *testing.T) {
 			Config: config +
 				acctest.GenerateDataSourceFromRepresentationMap("oci_core_vcn", "test_vcn", acctest.Required, acctest.Create, CoreCoreVcnSingularDataSourceRepresentation) +
 				compartmentIdVariableStr + VcnResourceDependencies +
-				acctest.GenerateResourceFromRepresentationMap("oci_core_vcn", "test_vcn", acctest.Optional, acctest.Update, acctest.RepresentationCopyWithNewProperties(CoreVcnRepresentation, map[string]interface{}{
-					"is_ipv6enabled": acctest.Representation{RepType: acctest.Optional, Create: `true`},
-				})),
+				acctest.GenerateResourceFromRepresentationMap("oci_core_vcn", "test_vcn", acctest.Optional, acctest.Update, CoreVcnRepresentation),
 			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
 				resource.TestCheckResourceAttrSet(singularDatasourceName, "vcn_id"),
 
@@ -257,6 +266,8 @@ func TestCoreVcnResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(singularDatasourceName, "dns_label", "dnslabel"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "freeform_tags.%", "1"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "ipv6cidr_blocks.#", "1"),
+				resource.TestCheckResourceAttr(resourceName, "security_attributes.vcncp-canary-test-security-attribute-namespace-56.vcncp-canary-test-security-attribute-57.value", "updatedValue"),
+				resource.TestCheckResourceAttr(resourceName, "security_attributes.vcncp-canary-test-security-attribute-namespace-56.vcncp-canary-test-security-attribute-57.mode", "enforce"),
 				resource.TestCheckResourceAttrSet(singularDatasourceName, "id"),
 				resource.TestCheckResourceAttrSet(singularDatasourceName, "state"),
 				resource.TestCheckResourceAttrSet(singularDatasourceName, "time_created"),
@@ -270,6 +281,7 @@ func TestCoreVcnResource_basic(t *testing.T) {
 			ImportStateVerify: true,
 			ImportStateVerifyIgnore: []string{
 				"is_ipv6enabled",
+				"is_oracle_gua_allocation_enabled",
 			},
 			ResourceName: resourceName,
 		},

internal/integrationtest/core_vnic_attachment_resource_test.go

@@ -130,6 +130,7 @@ func (s *ResourceCoreVnicAttachmentTestSuite) TestAccResourceCoreVnicAttachment_
 							defined_tags = "${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "updatedValue")}"
 							freeform_tags = { "Department" = "Finance" }
 							nsg_ids = ["${oci_core_network_security_group.test_network_security_group1.id}", "${oci_core_network_security_group.test_network_security_group2.id}"]
+							security_attributes = {"security-attribute-test-1.security-attribute.value" = "somevalue", "security-attribute-test-1.security-attribute.mode" = "enforce"}
 						}
 					}
 					data "oci_core_vnic" "v" {
@@ -153,6 +154,7 @@ func (s *ResourceCoreVnicAttachmentTestSuite) TestAccResourceCoreVnicAttachment_
 					resource.TestCheckResourceAttr(s.ResourceName, "create_vnic_details.0.display_name", "-tf-vnic-2"),
 					resource.TestCheckResourceAttr(s.ResourceName, "create_vnic_details.0.nsg_ids.#", "2"),
 					resource.TestCheckResourceAttrSet(s.VnicResourceName, "private_ip_address"),
+					resource.TestCheckResourceAttr(s.VnicResourceName, "security_attributes.%", "2"),
 					// @SDK 1/2018: Since we don't assign a public IP to this vnic, we will get a response from server
 					// without a public_ip_address. Old SDK would have set it to empty, but new SDK will set it to nil.
 					// Commenting out until we have a better way of handling this.

internal/service/core/core_vcn_data_source.go

@@ -110,6 +110,10 @@ func (s *CoreVcnDataSourceCrud) SetData() error {
 
 	s.D.Set("ipv6private_cidr_blocks", s.Res.Ipv6PrivateCidrBlocks)
 
+	if s.Res.SecurityAttributes != nil {
+		s.D.Set("security_attributes", tfresource.SecurityAttributesToMap(s.Res.SecurityAttributes))
+	}
+
 	s.D.Set("state", s.Res.LifecycleState)
 
 	if s.Res.TimeCreated != nil {

internal/service/core/core_vcn_resource.go

@@ -117,6 +117,12 @@ func CoreVcnResource() *schema.Resource {
 				Computed: true,
 				// ForceNew: true,
 			},
+			"security_attributes": {
+				Type:     schema.TypeMap,
+				Optional: true,
+				Computed: true,
+				Elem:     schema.TypeString,
+			},
 
 			// Computed
 			"byoipv6cidr_blocks": {
@@ -317,6 +323,11 @@ func (s *CoreVcnResourceCrud) Create() error {
 		request.IsOracleGuaAllocationEnabled = &tmp
 	}
 
+	if securityAttributes, ok := s.D.GetOkExists("security_attributes"); ok {
+		convertedAttributes := tfresource.MapToSecurityAttributes(securityAttributes.(map[string]interface{}))
+		request.SecurityAttributes = convertedAttributes
+	}
+
 	request.RequestMetadata.RetryPolicy = tfresource.GetRetryPolicy(s.DisableNotFoundRetries, "core")
 
 	response, err := s.Client.CreateVcn(context.Background(), request)
@@ -439,6 +450,11 @@ func (s *CoreVcnResourceCrud) Update() error {
 		request.FreeformTags = tfresource.ObjectMapToStringMap(freeformTags.(map[string]interface{}))
 	}
 
+	if securityAttributes, ok := s.D.GetOkExists("security_attributes"); ok {
+		convertedAttributes := tfresource.MapToSecurityAttributes(securityAttributes.(map[string]interface{}))
+		request.SecurityAttributes = convertedAttributes
+	}
+
 	tmp := s.D.Id()
 	request.VcnId = &tmp
 
@@ -579,6 +595,8 @@ func (s *CoreVcnResourceCrud) SetData() error {
 
 	s.D.Set("ipv6private_cidr_blocks", s.Res.Ipv6PrivateCidrBlocks)
 
+	s.D.Set("security_attributes", tfresource.SecurityAttributesToMap(s.Res.SecurityAttributes))
+
 	if s.Res.Ipv6CidrBlocks != nil && len(s.Res.Ipv6CidrBlocks) > 0 {
 		s.D.Set("is_ipv6enabled", true)
 	} else {

internal/service/core/core_vcns_data_source.go

@@ -154,6 +154,10 @@ func (s *CoreVcnsDataSourceCrud) SetData() error {
 
 		vcn["ipv6private_cidr_blocks"] = r.Ipv6PrivateCidrBlocks
 
+		if r.SecurityAttributes != nil {
+			vcn["security_attributes"] = tfresource.SecurityAttributesToMap(r.SecurityAttributes)
+		}
+
 		vcn["state"] = r.LifecycleState
 
 		if r.TimeCreated != nil {

internal/service/core/core_vnic_attachment_resource.go

@@ -542,8 +542,9 @@ func (s *CoreVnicAttachmentResourceCrud) mapToCreateVnicDetails(fieldKeyFormat s
 		result.PrivateIp = &tmp
 	}
 
-	if securityAttributes, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "security_attributes")); ok {
-		result.SecurityAttributes = securityAttributes.(map[string]map[string]interface{})
+	if securityAttributes, ok := s.D.GetOkExists("security_attributes"); ok {
+		convertedAttributes := tfresource.MapToSecurityAttributes(securityAttributes.(map[string]interface{}))
+		result.SecurityAttributes = convertedAttributes
 	}
 
 	if skipSourceDestCheck, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "skip_source_dest_check")); ok {
@@ -607,6 +608,11 @@ func (s *CoreVnicAttachmentResourceCrud) mapToUpdateVnicDetails(fieldKeyFormat s
 		result.SkipSourceDestCheck = &tmp
 	}
 
+	if securityAttributes, ok := s.D.GetOkExists("security_attributes"); ok {
+		convertedAttributes := tfresource.MapToSecurityAttributes(securityAttributes.(map[string]interface{}))
+		result.SecurityAttributes = convertedAttributes
+	}
+
 	return result, nil
 }
 
@@ -667,7 +673,9 @@ func VnicDetailsToMap(obj *oci_core.Vnic, createVnicDetails map[string]interface
 		result["private_ip"] = string(*obj.PrivateIp)
 	}
 
-	result["security_attributes"] = obj.SecurityAttributes
+	if obj.SecurityAttributes != nil {
+		result["security_attributes"] = tfresource.SecurityAttributesToMap(obj.SecurityAttributes)
+	}
 
 	if obj.SkipSourceDestCheck != nil {
 		result["skip_source_dest_check"] = bool(*obj.SkipSourceDestCheck)

internal/service/core/core_vnic_data_source.go

@@ -78,6 +78,11 @@ func CoreVnicDataSource() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"security_attributes": {
+				Type:     schema.TypeMap,
+				Computed: true,
+				Elem:     schema.TypeString,
+			},
 			"skip_source_dest_check": {
 				Type:     schema.TypeBool,
 				Computed: true,
@@ -188,6 +193,10 @@ func (s *CoreVnicDataSourceCrud) SetData() error {
 		s.D.Set("public_ip_address", *s.Res.PublicIp)
 	}
 
+	if s.Res.SecurityAttributes != nil {
+		s.D.Set("security_attributes", tfresource.SecurityAttributesToMap(s.Res.SecurityAttributes))
+	}
+
 	if s.Res.SkipSourceDestCheck != nil {
 		s.D.Set("skip_source_dest_check", *s.Res.SkipSourceDestCheck)
 	}