Added - Support for ADB-S: Customer Managed Keys via Azure Key Vault and AWS KMS

Author: ikuzevan

examples/database/adb/encryption_key/autonomous_database_encryption_key.tf

@@ -0,0 +1,42 @@
+// Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+variable "tenancy_ocid" {
+}
+
+variable "user_ocid" {
+}
+
+variable "fingerprint" {
+}
+
+variable "private_key_path" {
+}
+
+variable "region" {
+}
+
+variable "compartment_ocid" {
+}
+
+provider "oci" {
+  tenancy_ocid     = var.tenancy_ocid
+  user_ocid        = var.user_ocid
+  fingerprint      = var.fingerprint
+  private_key_path = var.private_key_path
+  region           = var.region
+}
+
+resource "oci_database_autonomous_database" "test_autonomous_database" {
+  admin_password           = "BEstrO0ng_#11"
+  compartment_id           = var.compartment_ocid
+  cpu_core_count           = "1"
+  data_storage_size_in_tbs = "1"
+  db_name                  = "Xsk5djnfdl23423"
+  db_version               = "19c"
+  db_workload              = "AJD"
+  license_model            = "LICENSE_INCLUDED"
+  encryption_key {
+    autonomous_database_provider = "ORACLE_MANAGED"
+  }
+}

internal/integrationtest/database_autonomous_database_test.go

@@ -216,7 +216,11 @@ var (
 	DatabaseAutonomousDatabaseLongTermBackupDelete = map[string]interface{}{
 		"is_disabled": acctest.Representation{RepType: acctest.Optional, Create: `true`},
 	}
-
+	DatabaseAutonomousDatabaseEncryptionKeyRepresentation = map[string]interface{}{
+		"kms_key_id":                   acctest.Representation{RepType: acctest.Required, Update: `${lookup(data.oci_kms_keys.test_keys_dependency.keys[0], "id")}`},
+		"vault_id":                     acctest.Representation{RepType: acctest.Required, Update: kmsVaultId},
+		"autonomous_database_provider": acctest.Representation{RepType: acctest.Required, Update: `OCI`},
+	}
 	DatabaseAutonomousDatabaseResourcePoolSummaryRepresentation = map[string]interface{}{
 		"is_disabled": acctest.Representation{RepType: acctest.Optional, Create: `false`, Update: `true`},
 		"pool_size":   acctest.Representation{RepType: acctest.Optional, Create: `128`, Update: `256`},
@@ -1623,6 +1627,50 @@ func TestDatabaseAutonomousDatabaseResource_basic(t *testing.T) {
 				},
 			),
 		},
+		//36. Remove any previously created resources
+		{
+			Config: config + compartmentIdVariableStr + DatabaseAutonomousDatabaseResourceDependencies,
+		},
+		//37. Create ADB using default Oracle Managed key
+		{
+			Config: config + compartmentIdVariableStr + DatabaseAutonomousDatabaseResourceDependencies +
+				acctest.GenerateResourceFromRepresentationMap("oci_database_autonomous_database", "test_autonomous_database", acctest.Required, acctest.Create, DatabaseAutonomousDatabaseRepresentation),
+			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttr(resourceName, "admin_password", "BEstrO0ng_#11"),
+				resource.TestCheckResourceAttr(resourceName, "compartment_id", compartmentId),
+				resource.TestCheckResourceAttr(resourceName, "cpu_core_count", "1"),
+				resource.TestCheckResourceAttr(resourceName, "db_name", adbName),
+				// verify computed field db_workload to be defaulted to OLTP
+				resource.TestCheckResourceAttr(resourceName, "db_workload", "OLTP"),
+				resource.TestCheckResourceAttr(resourceName, "encryption_key.#", "1"),
+				resource.TestCheckResourceAttr(resourceName, "encryption_key.0.autonomous_database_provider", "ORACLE_MANAGED"),
+
+				func(s *terraform.State) (err error) {
+					resId, err = acctest.FromInstanceState(s, resourceName, "id")
+					return err
+				},
+			),
+		},
+		//38. Update ADB using encryptionKey
+		{
+			Config: config + compartmentIdVariableStr + DatabaseAutonomousDatabaseResourceDependencies +
+				acctest.GenerateResourceFromRepresentationMap("oci_database_autonomous_database", "test_autonomous_database", acctest.Required, acctest.Update,
+					acctest.RepresentationCopyWithRemovedProperties(acctest.RepresentationCopyWithNewProperties(DatabaseAutonomousDatabaseRepresentation, map[string]interface{}{
+						"encryption_key": acctest.RepresentationGroup{RepType: acctest.Required, Group: DatabaseAutonomousDatabaseEncryptionKeyRepresentation},
+					}), []string{"admin_password"})),
+			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttr(resourceName, "encryption_key.#", "1"),
+				resource.TestCheckResourceAttr(resourceName, "encryption_key.0.autonomous_database_provider", "OCI"),
+				resource.TestCheckResourceAttrSet(resourceName, "encryption_key.0.kms_key_id"),
+				resource.TestCheckResourceAttrSet(resourceName, "encryption_key.0.vault_id"),
+
+				func(s *terraform.State) (err error) {
+					resId, err = acctest.FromInstanceState(s, resourceName, "id")
+					fmt.Println(resId)
+					return err
+				},
+			),
+		},
 	})
 }
 

internal/service/database/database_autonomous_database_data_source.go

@@ -201,6 +201,22 @@ func (s *DatabaseAutonomousDatabaseDataSourceCrud) SetData() error {
 		s.D.Set("display_name", *s.Res.DisplayName)
 	}
 
+	if s.Res.EncryptionKey != nil {
+		encryptionKeyArray := []interface{}{}
+		if encryptionKeyMap := AutonomousDatabaseEncryptionKeyDetailsToMap(&s.Res.EncryptionKey); encryptionKeyMap != nil {
+			encryptionKeyArray = append(encryptionKeyArray, encryptionKeyMap)
+		}
+		s.D.Set("encryption_key", encryptionKeyArray)
+	} else {
+		s.D.Set("encryption_key", nil)
+	}
+
+	encryptionKeyHistoryEntry := []interface{}{}
+	for _, item := range s.Res.EncryptionKeyHistoryEntry {
+		encryptionKeyHistoryEntry = append(encryptionKeyHistoryEntry, AutonomousDatabaseEncryptionKeyHistoryEntryToMap(item))
+	}
+	s.D.Set("encryption_key_history_entry", encryptionKeyHistoryEntry)
+
 	if s.Res.FailedDataRecoveryInSeconds != nil {
 		s.D.Set("failed_data_recovery_in_seconds", *s.Res.FailedDataRecoveryInSeconds)
 	}