Added - Support for RMS - ZPR security attribute support for PE

Author: Naga Jahnavi Kommareddy

examples/resourcemanager/create_private_endpoint.tf

@@ -85,6 +85,13 @@ resource "oci_resourcemanager_private_endpoint" "rms_private_endpoint" {
   description    = "rms_private_endpoint_description"
   vcn_id         = oci_core_vcn.private_endpoint_integ_test_temp_vcn.id
   subnet_id      = oci_core_subnet.private_endpoint_integ_test_temp_subnet.id
+  security_attributes = {
+    "oracle-zpr.maxegresscount.mode" = "enforce"
+    "oracle-zpr.maxegresscount.value" = "42"
+  }
+  freeform_tags = {
+    "freeformkey" = "freeformvalue"
+  }
 }
 
 // Resolves the private IP of the customer's private endpoint to a NAT IP. Used as the host address in the "remote-exec" resource

examples/resourcemanager/privateendpoint/main.tf

@@ -0,0 +1,96 @@
+variable "tenancy_ocid" {}
+variable "compartment_ocid" {}
+variable "region" {}
+variable "auth" {}
+variable "config_file_profile" {}
+variable "user_ocid" {
+}
+variable "fingerprint" {
+}
+variable "private_key_path" {
+}
+
+provider "oci" {
+  tenancy_ocid     = var.tenancy_ocid
+  user_ocid        = var.user_ocid
+  fingerprint      = var.fingerprint
+  private_key_path = var.private_key_path
+  region           = var.region
+}
+
+# Locals and data
+locals {
+  vcn_cidr_block           = "10.12.0.0/16"
+  default_shape_name       = "VM.Standard.E3.Flex"
+  operating_system         = "Oracle Linux"
+  operating_system_version = "8"
+  tcp_protocol             = 6
+}
+
+resource "oci_core_vcn" "test_vcn" {
+  cidr_block     = local.vcn_cidr_block
+  compartment_id = var.compartment_ocid
+  display_name   = "test_vcn"
+}
+
+resource "oci_core_subnet" "test_subnet" {
+  compartment_id             = var.compartment_ocid
+  vcn_id                     = oci_core_vcn.test_vcn.id
+  display_name               = "test_subnet"
+  prohibit_public_ip_on_vnic = true
+  cidr_block                 = cidrsubnet(local.vcn_cidr_block, 8, 1)
+}
+
+resource "oci_resourcemanager_private_endpoint" "my_private_endpoint" {
+  compartment_id = var.compartment_ocid
+  display_name   = "my_private_endpoint"
+  description    = "Example"
+  vcn_id         = oci_core_vcn.test_vcn.id
+  subnet_id      = oci_core_subnet.test_subnet.id
+  /*security_attributes = {
+    "oracle-zpr.maxegresscount.mode"  = "enforce"
+    "oracle-zpr.maxegresscount.value" = "42"
+  }*/
+}
+
+data "oci_identity_availability_domains" "ads" { compartment_id = var.tenancy_ocid }
+
+data "oci_core_images" "ol" {
+  compartment_id           = var.compartment_ocid
+  operating_system         = local.operating_system
+  operating_system_version = local.operating_system_version
+  shape                    = local.default_shape_name
+}
+
+resource "tls_private_key" "ssh" { algorithm = "RSA" }
+
+resource "oci_core_instance" "test_instance" {
+  compartment_id      = var.compartment_ocid
+  display_name        = "test_instance"
+  availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name
+  shape               = local.default_shape_name
+  create_vnic_details {
+    subnet_id        = oci_core_subnet.test_subnet.id
+    assign_public_ip = false
+  }
+  extended_metadata = {
+    ssh_authorized_keys = tls_private_key.ssh.public_key_openssh
+  }
+  source_details {
+    source_id   = data.oci_core_images.ol.images[0].id
+    source_type = "image"
+  }
+  shape_config {
+    memory_in_gbs = 4
+    ocpus         = 1
+  }
+}
+
+data "oci_resourcemanager_private_endpoint_reachable_ip" "instance_ip" {
+  private_endpoint_id = oci_resourcemanager_private_endpoint.my_private_endpoint.id
+  private_ip          = oci_core_instance.test_instance.private_ip
+}
+
+output "reachable_ip" {
+  value = data.oci_resourcemanager_private_endpoint_reachable_ip.instance_ip.ip_address
+}

internal/integrationtest/resourcemanager_private_endpoint_test.go

@@ -27,7 +27,7 @@ import (
 
 var (
 	ResourcemanagerPrivateEndpointRequiredOnlyResource = acctest.GenerateResourceFromRepresentationMap("oci_resourcemanager_private_endpoint", "test_rms_private_endpoint", acctest.Required, acctest.Create, ResourceManagerprivateEndpointRepresentation)
-
+	// dummy change
 	ResourcemanagerPrivateEndpointResourceConfig = acctest.GenerateResourceFromRepresentationMap("oci_resourcemanager_private_endpoint", "test_rms_private_endpoint", acctest.Optional, acctest.Update, ResourceManagerprivateEndpointRepresentation)
 
 	ResourcemanagerResourcemanagerPrivateEndpointSingularDataSourceRepresentation = map[string]interface{}{
@@ -55,7 +55,8 @@ var (
 		"dns_zones":      acctest.Representation{RepType: acctest.Optional, Create: []string{`dnsZones`}, Update: []string{`dnsZones2`}},
 		"freeform_tags":  acctest.Representation{RepType: acctest.Optional, Create: map[string]string{"Department": "Finance"}, Update: map[string]string{"Department": "Accounting"}},
 		"is_used_with_configuration_source_provider": acctest.Representation{RepType: acctest.Optional, Create: `false`, Update: `true`},
-		"nsg_id_list": acctest.Representation{RepType: acctest.Optional, Create: []string{`nsgIdList`}, Update: []string{`nsgIdList2`}},
+		"nsg_id_list":         acctest.Representation{RepType: acctest.Optional, Create: []string{`nsgIdList`}, Update: []string{`nsgIdList2`}},
+		"security_attributes": acctest.Representation{RepType: acctest.Optional, Create: map[string]string{"oracle-zpr.maxegresscount.value": "42", "oracle-zpr.maxegresscount.mode": "enforce"}, Update: map[string]string{"oracle-zpr.maxegresscount.value": "updatedValue", "oracle-zpr.maxegresscount.mode": "enforce"}},
 	}
 
 	ResourcemanagerPrivateEndpointResourceDependencies = acctest.GenerateResourceFromRepresentationMap("oci_core_subnet", "test_subnet", acctest.Required, acctest.Create, CoreSubnetRepresentation) +
@@ -121,6 +122,7 @@ func TestResourcemanagerPrivateEndpointResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttrSet(resourceName, "id"),
 				resource.TestCheckResourceAttr(resourceName, "is_used_with_configuration_source_provider", "false"),
 				resource.TestCheckResourceAttr(resourceName, "nsg_id_list.#", "1"),
+				resource.TestCheckResourceAttr(resourceName, "security_attributes.%", "1"),
 				resource.TestCheckResourceAttrSet(resourceName, "subnet_id"),
 				resource.TestCheckResourceAttrSet(resourceName, "vcn_id"),
 
@@ -152,6 +154,7 @@ func TestResourcemanagerPrivateEndpointResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttrSet(resourceName, "id"),
 				resource.TestCheckResourceAttr(resourceName, "is_used_with_configuration_source_provider", "false"),
 				resource.TestCheckResourceAttr(resourceName, "nsg_id_list.#", "1"),
+				resource.TestCheckResourceAttr(resourceName, "security_attributes.%", "1"),
 				resource.TestCheckResourceAttrSet(resourceName, "subnet_id"),
 				resource.TestCheckResourceAttrSet(resourceName, "vcn_id"),
 
@@ -178,6 +181,7 @@ func TestResourcemanagerPrivateEndpointResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttrSet(resourceName, "id"),
 				resource.TestCheckResourceAttr(resourceName, "is_used_with_configuration_source_provider", "true"),
 				resource.TestCheckResourceAttr(resourceName, "nsg_id_list.#", "1"),
+				resource.TestCheckResourceAttr(resourceName, "security_attributes.%", "1"),
 				resource.TestCheckResourceAttrSet(resourceName, "subnet_id"),
 				resource.TestCheckResourceAttrSet(resourceName, "vcn_id"),
 
@@ -222,6 +226,7 @@ func TestResourcemanagerPrivateEndpointResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttrSet(singularDatasourceName, "id"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "is_used_with_configuration_source_provider", "true"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "nsg_id_list.#", "1"),
+				resource.TestCheckResourceAttr(singularDatasourceName, "security_attributes.%", "1"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "source_ips.#", "1"),
 				resource.TestCheckResourceAttrSet(singularDatasourceName, "state"),
 				resource.TestCheckResourceAttrSet(singularDatasourceName, "time_created"),

internal/integrationtest/resourcemanager_stack_test.go

@@ -76,6 +76,7 @@ func TestResourcemanagerStackResource_basic(t *testing.T) {
 		Providers: map[string]*schema.Provider{
 			"oci": provider,
 		},
+		// verify singular datasource
 		Steps: []resource.TestStep{
 			// verify datasource
 			{

internal/service/resourcemanager/resourcemanager_private_endpoint_data_source.go

@@ -92,6 +92,8 @@ func (s *ResourcemanagerPrivateEndpointDataSourceCrud) SetData() error {
 
 	s.D.Set("nsg_id_list", s.Res.NsgIdList)
 
+	s.D.Set("security_attributes", s.Res.SecurityAttributes)
+
 	s.D.Set("source_ips", s.Res.SourceIps)
 
 	s.D.Set("state", s.Res.LifecycleState)
@@ -100,6 +102,10 @@ func (s *ResourcemanagerPrivateEndpointDataSourceCrud) SetData() error {
 		s.D.Set("subnet_id", *s.Res.SubnetId)
 	}
 
+	if s.Res.SystemTags != nil {
+		s.D.Set("system_tags", tfresource.SystemTagsToMap(s.Res.SystemTags))
+	}
+
 	if s.Res.TimeCreated != nil {
 		s.D.Set("time_created", s.Res.TimeCreated.String())
 	}