Migrate oci docs to guides

Author: ccushing

GNUmakefile

@@ -3,7 +3,7 @@ GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor)
 PKG_NAME=oci
 WEBSITE_REPO=github.com/hashicorp/terraform-website
 
-prefix := $(if $(debug),TF_LOG=DEBUG DEBUG=true OCI_GO_SDK_DEBUG=1, )
+prefix := $(if $(debug),TF_LOG=DEBUG OCI_GO_SDK_DEBUG=1, )
 timeout := $(if $(timeout), $(timeout), 120m)
 run_regex := $(if $(run), -run $(run), )
 skip_goimports_check_flag := $(if $(skip_goimports_check), -s, )

README.md

@@ -40,9 +40,20 @@ $ make build
 ```
 
 
-Using the provider
+Using the Provider
 ----------------------
-If you're building the provider, follow the instructions to [install it as a plugin.](https://www.terraform.io/docs/plugins/basics.html#installing-a-plugin) After placing it into your plugins directory,  run `terraform init` to initialize it.
+If you're building the provider, follow the instructions to [install it as a plugin.](https://www.terraform.io/docs/plugins/basics.html#installing-a-plugin) 
+After placing it into your plugins directory,  run `terraform init` to initialize it and begin using Terraform with the Oracle Cloud Infrastructure provider.
+
+
+Troubleshooting the Provider
+----------------------
+To get verbose console output when the provider is running, precede your Terraform command with the `TF_LOG` and `OCI_GO_SDK_DEBUG` flags:
+```sh
+TF_LOG=DEBUG OCI_GO_SDK_DEBUG=1 terraform plan
+```
+
+The [tf_log](https://www.terraform.io/docs/internals/debugging.html) level and `OCI_GO_SDK_DEBUG` flags can also be set as environment variables.
 
 
 Developing the Provider

website/docs/guides/best_practices.html.markdown

@@ -0,0 +1,128 @@
+---
+layout: "oci"
+page_title: "Provider: Oracle Cloud Infrastructure"
+sidebar_current: "docs-oci-guide-best_practices"
+description: |-
+  The Oracle Cloud Infrastructure provider. Best Practices
+---
+
+## Terraform Provider Best Practices
+
+Following are recommended best practices for writing configurations for the Oracle Cloud Infrastructure Terraform provider.
+
+### Referencing Images
+
+When launching Compute instances, your Terraform configuration should use the same image every time you execute a Terraform Apply command.
+
+To ensure this, specify the image OCID directly, rather than locating it using the `oci_core_image` data source. 
+This is because the `oci_core_image` data source calls into the ListImages API, whose return values can change over 
+time as new images are periodically added and older ones deleted. For a list of Oracle-Provided images and their OCIDs, 
+see [Oracle-Provided Images](https://docs.cloud.oracle.com/iaas/Content/Compute/References/images.htm). 
+For more information, see the write up in this issue: [Results of oci_core_images will change over time for Oracle-provided images](https://github.com/oracle/terraform-provider-oci/issues/352).
+
+We recommend the following pattern for specifying an image for a given region:
+
+```hcl
+variable "image_id" {
+  type = "map"
+  default = {
+    // See https://docs.cloud.oracle.com/iaas/images/
+    // Oracle-provided image "Oracle-Linux-7.4-2018.02.21-1"
+    us-phoenix-1 = "ocid1.image.oc1.phx.aaaaaaaaupbfz5f5hdvejulmalhyb6goieolullgkpumorbvxlwkaowglslq"
+    us-ashburn-1 = "ocid1.image.oc1.iad.aaaaaaaajlw3xfie2t5t52uegyhiq2npx7bqyu4uvi2zyu3w3mqayc2bxmaa"
+    eu-frankfurt-1 = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaa7d3fsb6272srnftyi4dphdgfjf6gurxqhmv6ileds7ba3m2gltxq"
+    uk-london-1 = "ocid1.image.oc1.uk-london-1.aaaaaaaaa6h6gj6v4n56mqrbgnosskq63blyv2752g36zerymy63cfkojiiq"
+  }
+}
+```
+
+A Compute instance can use this in the following way:
+
+```hcl
+resource "oci_core_instance" "TFInstance" {
+  image = "${var.image_id[var.region]}"
+  ...
+}
+```
+
+
+### Availability Domains
+
+With respect to Availability Domains, we caution against the common pattern of iterating over the results of the `oci_identity_availability_domains` data source, as shown here:
+
+```hcl
+// Get all availability domains for the region
+data "oci_identity_availability_domains" "ads" {
+  compartment_id = "${var.tenancy_ocid}"
+}
+  
+// Then either use it to get a single AD name based on the index:
+resource "oci_core_instance" "nat" {
+  availability_domain = "${lookup(data.oci_identity_availability_domains.ads.availability_domains[var.nat_instance_ad],"name")}"
+  ...
+}
+  
+// Or iterate through all the ADs:
+resource "oci_core_subnet" "nat" {
+  count = "${length(data.oci_identity_availability_domains.ads.availability_domains)}"
+  availability_domain = "${lookup(data.oci_identity_availability_domains.ad.availability_domains[count.index], "name")}"
+  ...
+}
+```
+
+The recommendation is to explicitly list the Availability Domain names for the regions in your configuration. To do so, use a variable that you have defined as follows:
+
+```hcl
+variable "ad_list" {
+  type = "list"
+}
+```
+
+You can then use the variable as shown here:
+
+```hcl
+// Index:
+resource "oci_core_instance" "nat" {
+  availability_domain = "${var.ad_list[var.nat_instance_ad_index]}"
+  ...
+}
+  
+// Or iterate through all the ADs:
+resource "oci_core_subnet" "nat" {
+  count = "${length(var.ad_list)}"
+  availability_domain = "${var.ad_list[count.index]}"
+  ...
+}
+```
+
+You can then set the ad_list variable directly by using the availability domain names for your tenant and region, as shown here:
+
+```hcl
+variable "ad_list" {
+  type = "list"
+  default = ["kIdk:PHX-AD-1","kIdk:PHX-AD-2","kIdk:PHX-AD-3"]
+}
+```
+
+The advantage of using this method is that it gives you control over your availability domain usage and prevents unexpected changes over time. 
+However, this approach is problematic when configurations are shared between tenancies and regions, since availability domain names are tenancy and region-specific.
+
+A convenient alternative is to instead set the ad_list value by using the oci_identity_availability_domains data source. 
+You should do this in the configuration, then pass them into the resources or modules. This effectively centralizes the list of ADs, 
+making it is easy to switch to an explicit list later, should that become necessary.
+
+```hcl
+data "oci_identity_availability_domains" "ad" {
+  compartment_id = "${var.tenancy_ocid}"
+}
+ 
+data "template_file" "ad_names" {
+  count = "${length(data.oci_identity_availability_domains.ad.availability_domains)}"
+  template = "${lookup(data.oci_identity_availability_domains.ad.availability_domains[count.index], "name")}"
+}
+  
+module "ssm_network" {
+  ad_list = "${data.template_file.ad_names.*.rendered}"
+  ...
+}
+```

website/docs/guides/object_store_backend.html.markdown

@@ -0,0 +1,142 @@
+---
+layout: "oci"
+page_title: "Provider: Oracle Cloud Infrastructure"
+sidebar_current: "docs-oci-guide-object_store_backend"
+description: |-
+  The Oracle Cloud Infrastructure provider. Object Store Backend
+---
+
+## Using the Object Store for Terraform State Files
+You can store [Terraform state files](https://www.terraform.io/docs/state/index.html) in the 
+Oracle Cloud Infrastructure Object Storage. Doing so requires that you configure a backend using one of the Terraform backend types.
+
+Terraform supports various backend types to allow flexibility in how state files are loaded into Terraform. (For more 
+information, see [Terraform Backend Types](https://www.terraform.io/docs/backends/types/index.html).) For our purposes, we address two of these approaches:
+
+- Using an HTTP remote state backend
+- Using an S3-compatible remote state backend
+
+### Using an HTTP Backend
+
+Using the [HTTP backend type](https://www.terraform.io/docs/backends/types/http.html) allows you to store state using a simple REST client. With the HTTP backend type, you can 
+easily fetch, update, and purge state using the HTTP GET, POST, and DELETE methods.
+
+To configure the HTTP backend to store your Oracle Cloud Infrastructure Terraform state files, do the following:
+
+
+#### Create a Pre-Authenticated Request
+
+Creating a pre-authenticated request in Oracle Object Storage enables accessing a bucket or object in the Oracle Cloud 
+Infrastructure without needing to provide credentials. To do so, you must create a pre-authenticated request that has 
+read/write permissions to the object store where you intend to save the Terraform state file. You can do so in any of 
+three ways: by using the Console UI, by using the command line interface (CLI), or by using the REST APIs.
+
+>    **Note**  
+A state file must exist in the bucket before you create the pre-authenticated request. This file can be an existing state file, or an empty file for the initial state.
+
+For guidance, see [Using Pre-Authenticated Requests](https://docs.cloud.oracle.com/iaas/Content/Object/Tasks/usingpreauthenticatedrequests.htm).
+
+
+#### Upload Existing State
+
+If you have an existing state file, you can upload it using Curl to make an HTTP Put request to the object store URL, as shown here:
+
+```sh
+curl -X PUT -H "Content-Type: text/plain" --data-binary "@path/to/local/tfstate" http://<prefix>/<my-access-uri>
+```
+
+
+#### Configure HTTP as a Terraform Backend
+
+The [HTTP backend type](https://www.terraform.io/docs/backends/types/http.html) stores state using a simple REST client 
+and allows you to easily fetch, update, and purge state using the HTTP GET, POST, and DELETE methods.
+
+The access URI for addressing Oracle Cloud Infrastructure Terraform configurations must be of the form: 
+https://objectstorage.us-phoenix-1.oraclecloud.com/my-access-uri (where region and access URI are specific to you).
+
+For more example configuration and state files that reference code, and a summary of configuration variables, 
+see [Standard Backends: HTTP](https://www.terraform.io/docs/backends/types/http.html).
+
+Following is an example Terraform configuration. The region in the URL can be something other than the Phoenix region.
+
+```hcl-terraform
+terraform {
+   backend "http" {
+     address = "https://objectstorage.us-phoenix-1.oraclecloud.com/<my-access-uri>" update_method = "PUT" }
+}
+```
+
+
+#### Reinitialize Terraform
+
+Finally, you must reinitialize Terraform and then run the apply command, as shown following.
+
+```sh
+terraform init
+terraform apply
+```
+
+After completing these steps, you are able to use Oracle Cloud Infrastructure as the backend for storing Terraform state files.
+
+
+### Using an S3-Compatible Backend
+
+Configuring the S3-compatible backend requires that the account be enabled with S3 authentication keys, which are set on a per-user basis.
+
+1. In the Console, open the navigation menu, then, under Governance and Administration, navigate to Identity, then Users. 
+Under User Details, click Amazon S3 Compatibility API Keys. For more guidance, 
+see [Working with Amazon S3 Compatibility API Keys](https://docs.cloud.oracle.com/Content/Identity/Tasks/managingcredentials.htm#s3).
+
+2. Set the location for the credentials file. The default location is `~/.aws/credentials`. You can set an alternate location by using the S3 backend `shared_credentials_file` option. 
+    
+    > **Warning**  
+    Never set the access_key and the secret_key attributes in the same Terraform backend configuration, since this creates a security risk.
+
+3. Configure the `[default]` entry in the credentials file with the appropriate object storage credentials. 
+The file can contain any number of credential profiles. If you provide a different profile name, you must also 
+update the backend `profile` option in your Terraform configuration file.
+    
+    Following is an example of Object Storage credentials:
+    
+    ```
+    [default]
+    aws_access_key_id=ocid1.credential.oc1..aaaaaaaasbmhehdmefolvqwtbdjgwfsxjsgxgipdbph7odn2brgurgsyztca
+    aws_secret_access_key=mSTdaWhlbWj3ty4JZXlm0NUZV52xlImWjayJLJ6OH9A=
+    ```
+    
+    Where `aws_access_key_id and aws_secret_access_key` are user-specific values provided from the Console. 
+    The key values provided in the example are not valid and provided as examples only.
+
+4. Set the object storage endpoint value in the following format: `https://{tenancy}.compat.objectstorage.{region}.oraclecloud.com`
+
+Following is a full example of an Object Storage backend configuration:
+
+```hcl-terraform
+terraform {
+  backend "s3" {
+    bucket   = "terraform-state"
+    key      = "terraform.tfstate"
+    region   = "us-phoenix-1"
+    endpoint = "https://acme.compat.objectstorage.us-phoenix-1.oraclecloud.com"
+
+    skip_region_validation      = true
+    skip_credentials_validation = true
+    skip_requesting_account_id  = true
+    skip_get_ec2_platforms      = true
+    skip_metadata_api_check     = true
+    force_path_style            = true
+  }
+}
+```
+
+The S3 backend configuration can also be used for the terraform_remote_state data source to enable sharing state across Terraform projects.
+
+Once you have configured the backend, you must run `terraform init` to finish the setup. 
+If you already have an existing `terraform.tfstate` file, then Terraform prompts you to confirm that the current state file is the one to upload to the remote state.
+
+
+### For More Information
+
+- [Using Pre-Authenticated Requests](https://docs.cloud.oracle.com/iaas/Content/Object/Tasks/usingpreauthenticatedrequests.htm)
+- [State Files](https://www.terraform.io/docs/state/index.html)
+- [Terraform Backend Types](https://www.terraform.io/docs/backends/types/index.html)

website/oci.erb

@@ -11,15 +11,21 @@
         <li<%= sidebar_current("docs-oci-guide") %>>
         <a href="#">Guides</a>
         <ul class="nav nav-visible">
-            <li<%= sidebar_current("docs-oci-guide-filters") %>>
-                <a href="/docs/providers/oci/guides/filters.html">Filters</a>
+            <li<%= sidebar_current("docs-oci-guide-best_practices") %>>
+                <a href="/docs/providers/oci/guides/best_practices.html">Best Practices</a>
             </li>
             <li<%= sidebar_current("docs-oci-guide-faq") %>>
                 <a href="/docs/providers/oci/guides/faq.html">Frequently Asked Questions</a>
             </li>
+            <li<%= sidebar_current("docs-oci-guide-filters") %>>
+                <a href="/docs/providers/oci/guides/filters.html">Filters</a>
+            </li>
             <li<%= sidebar_current("docs-oci-guide-managing_default_resources") %>>
                 <a href="/docs/providers/oci/guides/managing_default_resources.html">Managing Default Resources</a>
             </li>
+            <li<%= sidebar_current("docs-oci-guide-object_store_backend") %>>
+                <a href="/docs/providers/oci/guides/object_store_backend.html">Object Store Backend</a>
+            </li>
             <li<%= sidebar_current("docs-oci-guide-tagging_resources") %>>
                 <a href="/docs/providers/oci/guides/tagging_resources.html">Tagging Resources</a>
             </li>