Added - Support for OIC: ZPR security attribute support for private endpoint

Author: Xu Zhang

examples/integration/main.tf

@@ -72,6 +72,12 @@ resource "oci_integration_integration_instance" "test_integration_instance" {
   #Required
   compartment_id            = var.compartment_id
   integration_instance_type = var.instance_type
+
+  security_attributes = {
+    "oracle-zpr.sensitivity.value" = "low"
+    "oracle-zpr.sensitivity.mode" = "enforce"
+  }
+
   shape                     = "DEVELOPMENT"
   display_name              = "instance-created-via-tf-${random_integer.seq.result}"
   is_byol                   = "false"
@@ -183,6 +189,8 @@ resource "oci_integration_private_endpoint_outbound_connection" "integration_pri
   depends_on = [
     oci_integration_oracle_managed_custom_endpoint.integretion_custom_endpoint
   ]
+}
+
 # resource "oci_integration_integration_instance" "test_integration_instance_idcs" {
 #   #Required
 #   compartment_id            = var.compartment_id
@@ -195,23 +203,19 @@ resource "oci_integration_private_endpoint_outbound_connection" "integration_pri
 #   idcs_at                   = var.integration_instance_idcs_access_token
 # }
 
-resource "oci_integration_private_endpoint_outbound_connection" "integration_private_endpoint" {
-  integration_instance_id = oci_integration_integration_instance.test_integration_instance.id
-  nsg_ids = [var.nsg_id]
-  subnet_id = var.subnet_id
-}
-
-resource "oci_integration_integration_instance" "test_integration_instance_with_dr" {
-  #Required
-  compartment_id            = var.compartment_id
-  integration_instance_type = "STANDARDX"
-  shape                     = "DEVELOPMENT"
-  display_name              = "DR"
-  is_byol                   = "false"
-  message_packs             = "1"
-  domain_id                 = var.domain_id
-  is_disaster_recovery_enabled = "true"
-  lifecycle {
-    ignore_changes = ["system_tags"]
-  }
-}
+# resource "oci_integration_integration_instance" "test_integration_instance_with_dr" {
+#   #Required
+#   compartment_id            = var.compartment_id
+#   integration_instance_type = var.instance_type
+#   shape                     = "DEVELOPMENT"
+#   display_name              = "DR"
+#   is_byol                   = "false"
+#   message_packs             = "1"
+#   domain_id                 = var.domain_id
+#
+#   is_disaster_recovery_enabled = "true"
+#
+#   lifecycle {
+#     ignore_changes = ["system_tags"]
+#   }
+# }

internal/integrationtest/integration_integration_instance_test.go

@@ -130,6 +130,8 @@ func (s *IntegrationIntegrationInstanceDataSourceCrud) SetData() error {
 
 	if s.Res.IsDisasterRecoveryEnabled != nil {
 		s.D.Set("is_disaster_recovery_enabled", *s.Res.IsDisasterRecoveryEnabled)
+	} else {
+		s.D.Set("is_disaster_recovery_enabled", false)
 	}
 
 	if s.Res.IsFileServerEnabled != nil {
@@ -170,6 +172,10 @@ func (s *IntegrationIntegrationInstanceDataSourceCrud) SetData() error {
 		s.D.Set("private_endpoint_outbound_connection", nil)
 	}
 
+	s.D.Set("security_attributes", tfresource.SecurityAttributesToMap(s.Res.SecurityAttributes))
+
+	s.D.Set("shape", s.Res.Shape)
+
 	s.D.Set("state", s.Res.LifecycleState)
 
 	if s.Res.StateMessage != nil {

internal/service/integration/integration_integration_instance_data_source.go

@@ -270,6 +270,14 @@ func IntegrationIntegrationInstanceResource() *schema.Resource {
 					},
 				},
 			},
+			"security_attributes": {
+				Type:     schema.TypeMap,
+				Optional: true,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
 			"shape": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -794,6 +802,10 @@ func (s *IntegrationIntegrationInstanceResourceCrud) Create() error {
 		}
 	}
 
+	if securityAttributes, ok := s.D.GetOkExists("security_attributes"); ok {
+		request.SecurityAttributes = tfresource.MapToSecurityAttributes(securityAttributes.(map[string]interface{}))
+	}
+
 	if shape, ok := s.D.GetOkExists("shape"); ok {
 		request.Shape = oci_integration.CreateIntegrationInstanceDetailsShapeEnum(shape.(string))
 	}
@@ -1050,6 +1062,10 @@ func (s *IntegrationIntegrationInstanceResourceCrud) Update() error {
 		request.MessagePacks = &tmp
 	}
 
+	if securityAttributes, ok := s.D.GetOkExists("security_attributes"); ok {
+		request.SecurityAttributes = tfresource.MapToSecurityAttributes(securityAttributes.(map[string]interface{}))
+	}
+
 	request.RequestMetadata.RetryPolicy = tfresource.GetRetryPolicy(s.DisableNotFoundRetries, "integration")
 
 	response, err := s.Client.UpdateIntegrationInstance(context.Background(), request)
@@ -1192,6 +1208,10 @@ func (s *IntegrationIntegrationInstanceResourceCrud) SetData() error {
 		s.D.Set("private_endpoint_outbound_connection", nil)
 	}
 
+	s.D.Set("security_attributes", tfresource.SecurityAttributesToMap(s.Res.SecurityAttributes))
+
+	s.D.Set("shape", s.Res.Shape)
+
 	s.D.Set("state", s.Res.LifecycleState)
 
 	if s.Res.StateMessage != nil {

internal/service/integration/integration_integration_instance_resource.go

@@ -156,6 +156,8 @@ func (s *IntegrationIntegrationInstancesDataSourceCrud) SetData() error {
 
 		if r.IsDisasterRecoveryEnabled != nil {
 			integrationInstance["is_disaster_recovery_enabled"] = *r.IsDisasterRecoveryEnabled
+		} else {
+			integrationInstance["is_disaster_recovery_enabled"] = false
 		}
 
 		if r.IsFileServerEnabled != nil {
@@ -196,6 +198,8 @@ func (s *IntegrationIntegrationInstancesDataSourceCrud) SetData() error {
 			integrationInstance["private_endpoint_outbound_connection"] = nil
 		}
 
+		integrationInstance["security_attributes"] = tfresource.SecurityAttributesToMap(r.SecurityAttributes)
+
 		integrationInstance["shape"] = r.Shape
 
 		integrationInstance["state"] = r.LifecycleState

internal/service/integration/integration_integration_instances_data_source.go

@@ -58,8 +58,8 @@ The following attributes are exported:
 	* `dns_zone_name` - DNS Zone name
 	* `hostname` - A custom hostname to be used for the integration instance URL, in FQDN format.
 * `defined_tags` - Usage of predefined tag keys. These predefined keys are scoped to namespaces. Example: `{"foo-namespace.bar-key": "value"}`
-* `disaster_recovery_details` - Disaster recovery details for the integration instance created in the region. 
-	* `cross_region_integration_instance_details` - Details of integration instance created in cross region for disaster recovery. 
+* `disaster_recovery_details` - Disaster recovery details for the integration instance created in the region.
+	* `cross_region_integration_instance_details` - Details of integration instance created in cross region for disaster recovery.
 		* `id` - Cross region integration instance identifier
 		* `region` - Cross region where integration instance is created
 		* `role` - Role of the integration instance in the region
@@ -79,7 +79,7 @@ The following attributes are exported:
 	* `idcs_app_name` - The IDCS application name associated with the instance
 	* `instance_primary_audience_url` - The URL used as the primary audience for integration flows in this instance type: string* `instance_design_time_url` - The Integration Instance Design Time URL
 * `instance_url` - The Integration Instance URL.
-* `integration_instance_type` - Standard or Enterprise type, Oracle Integration Generation 2 uses ENTERPRISE and STANDARD, Oracle Integration 3 uses ENTERPRISEX and STANDARDX
+* `integration_instance_type` - Standard or Enterprise type, Oracle Integration Generation 2 uses ENTERPRISE and STANDARD, Oracle Integration 3 uses ENTERPRISEX, STANDARDX and HEALTHCARE
 * `is_byol` - Bring your own license.
 * `is_disaster_recovery_enabled` - Is Disaster Recovery enabled for the integrationInstance
 * `is_file_server_enabled` - The file server is enabled or not.
@@ -98,6 +98,12 @@ The following attributes are exported:
 	* `nsg_ids` - One or more Network security group Ids. This is an optional argument.
 	* `outbound_connection_type` - The type of Outbound Connection.
 	* `subnet_id` - Customer Private Network VCN Subnet OCID. This is a required argument.
+* `security_attributes` - Security attributes for this resource. Each key is predefined and scoped to a namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm).  Example: `{
+    "oracle-zpr.sensitivity.value" = "low"
+    "oracle-zpr.sensitivity.mode" = "enforce"
+  }
+`
+* `shape` - Shape
 * `state` - The current state of the integration instance.
 * `state_message` - An message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.
 * `system_tags` - Usage of system tag keys. These predefined keys are scoped to namespaces. Example: `{"orcl-cloud.free-tier-retained": "true"}`

website/docs/d/integration_integration_instance.html.markdown

@@ -74,9 +74,9 @@ The following attributes are exported:
 	* `certificate_secret_version` - The secret version used for the certificate-secret-id (if certificate-secret-id is specified).* `dns_type` - Type of DNS.
 	* `dns_zone_name` - DNS Zone name
 	* `hostname` - A custom hostname to be used for the integration instance URL, in FQDN format.
-* `defined_tags` - Usage of predefined tag keys. These predefined keys are scoped to namespaces. Example: `{"foo-namespace.bar-key": "value"}` 
-* `disaster_recovery_details` - Disaster recovery details for the integration instance created in the region. 
-	* `cross_region_integration_instance_details` - Details of integration instance created in cross region for disaster recovery. 
+* `defined_tags` - Usage of predefined tag keys. These predefined keys are scoped to namespaces. Example: `{"foo-namespace.bar-key": "value"}`
+* `disaster_recovery_details` - Disaster recovery details for the integration instance created in the region.
+	* `cross_region_integration_instance_details` - Details of integration instance created in cross region for disaster recovery.
 		* `id` - Cross region integration instance identifier
 		* `region` - Cross region where integration instance is created
 		* `role` - Role of the integration instance in the region
@@ -96,7 +96,7 @@ The following attributes are exported:
 	* `idcs_app_name` - The IDCS application name associated with the instance
 	* `instance_primary_audience_url` - The URL used as the primary audience for integration flows in this instance type: string* `instance_design_time_url` - The Integration Instance Design Time URL
 * `instance_url` - The Integration Instance URL.
-* `integration_instance_type` - Standard or Enterprise type, Oracle Integration Generation 2 uses ENTERPRISE and STANDARD, Oracle Integration 3 uses ENTERPRISEX and STANDARDX
+* `integration_instance_type` - Standard or Enterprise type, Oracle Integration Generation 2 uses ENTERPRISE and STANDARD, Oracle Integration 3 uses ENTERPRISEX, STANDARDX and HEALTHCARE
 * `is_byol` - Bring your own license.
 * `is_disaster_recovery_enabled` - Is Disaster Recovery enabled for the integrationInstance
 * `is_file_server_enabled` - The file server is enabled or not.
@@ -115,6 +115,11 @@ The following attributes are exported:
 	* `nsg_ids` - One or more Network security group Ids. This is an optional argument.
 	* `outbound_connection_type` - The type of Outbound Connection.
 	* `subnet_id` - Customer Private Network VCN Subnet OCID. This is a required argument.
+* `security_attributes` - Security attributes for this resource. Each key is predefined and scoped to a namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm).  Example: `{
+    "oracle-zpr.sensitivity.value" = "low"
+    "oracle-zpr.sensitivity.mode" = "enforce"
+  }`
+* `shape` - Shape
 * `state` - The current state of the integration instance.
 * `state_message` - An message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.
 * `system_tags` - Usage of system tag keys. These predefined keys are scoped to namespaces. Example: `{"orcl-cloud.free-tier-retained": "true"}`

website/docs/d/integration_integration_instances.html.markdown

@@ -62,6 +62,12 @@ resource "oci_integration_integration_instance" "test_integration_instance" {
 		}
 		is_integration_vcn_allowlisted = var.integration_instance_network_endpoint_details_is_integration_vcn_allowlisted
 	}
+
+    security_attributes = {
+     "oracle-zpr.sensitivity.value" = "low"
+     "oracle-zpr.sensitivity.mode" = "enforce"
+    }
+
 	shape = var.integration_instance_shape
 	state = var.integration_instance_target_state
 }
@@ -88,7 +94,6 @@ The following arguments are supported:
 * `domain_id` - (Optional) The OCID of the identity domain, that will be used to determine the  corresponding Idcs Stripe and create an Idcs application within the stripe.  This parameter is mutually exclusive with parameter: idcsAt, i.e only one of  two parameters should be specified.
 * `freeform_tags` - (Optional) (Updatable) Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: `{"bar-key": "value"}`
 * `idcs_at` - (Optional) (Updatable) IDCS Authentication token. This is required for all realms with IDCS. Its optional as its not required for non IDCS realms.
-* `integration_instance_type` - (Required) (Updatable) Standard or Enterprise type,  Oracle Integration Generation 2 uses ENTERPRISE and STANDARD,  Oracle Integration 3 uses ENTERPRISEX and STANDARDX
 * `is_byol` - (Required) (Updatable) Bring your own license.
 * `is_disaster_recovery_enabled` - (Optional) Is Disaster Recovery enabled or not.
 * `is_file_server_enabled` - (Optional) (Updatable) The file server is enabled or not.
@@ -101,6 +106,10 @@ The following arguments are supported:
 		* `id` - (Required) The Virtual Cloud Network OCID.
 	* `is_integration_vcn_allowlisted` - (Optional) The Integration service's VCN is allow-listed to allow integrations to call back into other integrations
 	* `network_endpoint_type` - (Required) The type of network endpoint.
+* `security_attributes` - (Optional) (Updatable) Security attributes for this resource. Each key is predefined and scoped to a namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm).  Example: `{
+    "oracle-zpr.sensitivity.value" = "low"
+    "oracle-zpr.sensitivity.mode" = "enforce"
+  }`
 * `shape` - (Optional) Shape
 * `enable_process_automation_trigger` - (Optional) (Updatable) An optional property when incremented triggers Enable Process Automation. Could be set to any integer value.
 * `extend_data_retention_trigger` - (Optional) (Updatable) An optional property when incremented triggers Extend Data Retention. Could be set to any integer value.
@@ -130,8 +139,8 @@ The following attributes are exported:
 	* `dns_zone_name` - DNS Zone name
 	* `hostname` - A custom hostname to be used for the integration instance URL, in FQDN format.
 * `managed_type` - Indicates if custom endpoint is managed by oracle or customer.
-* `attachments` - A list of associated attachments to other services 
-	* `is_implicit` - 
+* `attachments` - A list of associated attachments to other services
+	* `is_implicit` -
 		* If role == `PARENT`, the attached instance was created by this service instance
 		* If role == `CHILD`, this instance was created from attached instance on behalf of a user
 	* `target_id` - The OCID of the target instance (which could be any other Oracle Cloud Infrastructure PaaS/SaaS resource), to which this instance is attached.
@@ -176,9 +185,9 @@ The following attributes are exported:
 * `instance_url` - The Integration Instance URL.
 * `integration_instance_type` - Standard or Enterprise type, Oracle Integration Generation 2 uses ENTERPRISE and STANDARD, Oracle Integration 3 uses ENTERPRISEX and STANDARDX
 * `instance_url` - The Integration Instance URL.
+* `integration_instance_type` - Standard or Enterprise type, Oracle Integration Generation 2 uses ENTERPRISE and STANDARD, Oracle Integration 3 uses ENTERPRISEX, STANDARDX and HEALTHCARE
 	* `instance_primary_audience_url` - The URL used as the primary audience for integration flows in this instance type: string
 * `instance_url` - The Integration Instance URL.
-* `integration_instance_type` - Standard or Enterprise type, Oracle Integration Generation 2 uses ENTERPRISE and STANDARD, Oracle Integration 3 uses ENTERPRISEX and STANDARDX
 * `is_byol` - Bring your own license.
 * `is_disaster_recovery_enabled` - Is Disaster Recovery enabled for the integrationInstance
 * `is_file_server_enabled` - The file server is enabled or not.
@@ -197,6 +206,10 @@ The following attributes are exported:
 	* `nsg_ids` - One or more Network security group Ids. This is an optional argument.
 	* `outbound_connection_type` - The type of Outbound Connection.
 	* `subnet_id` - Customer Private Network VCN Subnet OCID. This is a required argument.
+* `security_attributes` - Security attributes for this resource. Each key is predefined and scoped to a namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm).  Example: `{
+    "oracle-zpr.sensitivity.value" = "low"
+    "oracle-zpr.sensitivity.mode" = "enforce"
+  }`
 * `shape` - Shape
 * `state` - The current state of the integration instance.
 * `state_message` - An message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.