oracle
diff --git a/‎CHANGELOG.md‎
Lines changed: 4 additions & 1 deletion b/‎CHANGELOG.md‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎docs/examples/identity/user.tf‎
Lines changed: 29 additions & 0 deletions b/‎docs/examples/identity/user.tf‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎oci/identity_availability_domains_data_source.go‎
Lines changed: 8 additions & 0 deletions b/‎oci/identity_availability_domains_data_source.go‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎oci/identity_identity_provider_group_test.go‎
Lines changed: 49 additions & 0 deletions b/‎oci/identity_identity_provider_group_test.go‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎oci/identity_identity_provider_groups_data_source.go‎
Lines changed: 156 additions & 0 deletions b/‎oci/identity_identity_provider_groups_data_source.go‎
Lines changed: 156 additions & 0 deletions
diff --git a/‎oci/identity_identity_provider_resource.go‎
Lines changed: 14 additions & 0 deletions b/‎oci/identity_identity_provider_resource.go‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎oci/identity_identity_provider_test.go‎
Lines changed: 13 additions & 9 deletions b/‎oci/identity_identity_provider_test.go‎
Lines changed: 13 additions & 9 deletions
diff --git a/‎oci/identity_identity_providers_data_source.go‎
Lines changed: 2 additions & 0 deletions b/‎oci/identity_identity_providers_data_source.go‎
Lines changed: 2 additions & 0 deletions
@@ -1,11 +1,14 @@
 ## 3.10.1 (Unreleased)
 
 ### Added
-- Support for importing tag. Note tag uses custom Id(import only) format (tagNamespaces/{tagNamespaceId}/tags/{tagName}) to support import.
 - Support for tagging in `oci_dns_zone`
 - New attribute `nameservers` is added to `oci_dns_zone`
 - Support for in-transit encryption for paravirtualized boot and data attachment
 - Identify latest database version with `oci_databse_db_versions` data source using `is_latest_for_major_version` property
+- Support for importing tag. Note tag uses custom Id(import only) format (tagNamespaces/{tagNamespaceId}/tags/{tagName}) to support import.
+- Support for provisioning user capabilities for native and federation shadow users
+- Support `id` attribute for `oci_identity_availability_domains` 
+- Support `freeform_attributes` attribute for the `oci_identity_identity_provider`
 
 ## 3.10.0 (December 11, 2018)
 
 
@@ -8,6 +8,22 @@ resource "oci_identity_user" "user1" {
   compartment_id = "${var.tenancy_ocid}"
 }
 
+// Use the "user2" to have non-default values of capabilities without corresponding authentication resources being actually created
+resource "oci_identity_user" "user2" {
+  name           = "tf-example-user2"
+  description    = "user2 created by terraform"
+  compartment_id = "${var.tenancy_ocid}"
+}
+
+resource "oci_identity_user_capabilities_management" "user2-capabilities-management" {
+  user_id                      = "${oci_identity_user.user2.id}"
+  can_use_api_keys             = "false"
+  can_use_auth_tokens          = "false"
+  can_use_console_password     = "false"
+  can_use_customer_secret_keys = "false"
+  can_use_smtp_credentials     = "false"
+}
+
 data "oci_identity_users" "users1" {
   compartment_id = "${oci_identity_user.user1.compartment_id}"
 
@@ -17,10 +33,23 @@ data "oci_identity_users" "users1" {
   }
 }
 
+data "oci_identity_users" "users2" {
+  compartment_id = "${oci_identity_user.user1.compartment_id}"
+
+  filter {
+    name   = "id"
+    values = ["${oci_identity_user.user2.id}"]
+  }
+}
+
 output "users1" {
   value = "${data.oci_identity_users.users1.users}"
 }
 
+output "users2" {
+  value = "${data.oci_identity_users.users2.users}"
+}
+
 resource "oci_identity_ui_password" "password1" {
   user_id = "${oci_identity_user.user1.id}"
 }
 
@@ -32,6 +32,10 @@ func AvailabilityDomainsDataSource() *schema.Resource {
 							Type:     schema.TypeString,
 							Computed: true,
 						},
+						"id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
 						"name": {
 							Type:     schema.TypeString,
 							Computed: true,
@@ -93,6 +97,10 @@ func (s *AvailabilityDomainsDataSourceCrud) SetData() error {
 			"compartment_id": *r.CompartmentId,
 		}
 
+		if r.Id != nil {
+			availabilityDomain["id"] = *r.Id
+		}
+
 		if r.Name != nil {
 			availabilityDomain["name"] = *r.Name
 		}
 
@@ -0,0 +1,49 @@
+// Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+
+package provider
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+var (
+	identityProviderGroupDataSourceRepresentation = map[string]interface{}{
+		"identity_provider_id": Representation{repType: Required, create: `${oci_identity_identity_provider.test_identity_provider.id}`},
+	}
+
+	IdentityProviderGroupResourceConfig = IdentityProviderRequiredOnlyResource
+)
+
+func TestIdentityIdentityProviderGroupResource_basic(t *testing.T) {
+	provider := testAccProvider
+	config := testProviderConfig()
+
+	compartmentId := getEnvSettingWithBlankDefault("compartment_ocid")
+	compartmentIdVariableStr := fmt.Sprintf("variable \"compartment_id\" { default = \"%s\" }\n", compartmentId)
+
+	datasourceName := "data.oci_identity_identity_provider_groups.test_identity_provider_groups"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() { testAccPreCheck(t) },
+		Providers: map[string]terraform.ResourceProvider{
+			"oci": provider,
+		},
+		Steps: []resource.TestStep{
+			// verify datasource
+			{
+				Config: config +
+					generateDataSourceFromRepresentationMap("oci_identity_identity_provider_groups", "test_identity_provider_groups", Required, Create, identityProviderGroupDataSourceRepresentation) +
+					compartmentIdVariableStr + IdentityProviderGroupResourceConfig,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttrSet(datasourceName, "identity_provider_id"),
+
+					resource.TestCheckResourceAttrSet(datasourceName, "identity_provider_groups.#"),
+				),
+			},
+		},
+	})
+}
@@ -0,0 +1,156 @@
+// Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+
+package provider
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	oci_identity "github.com/oracle/oci-go-sdk/identity"
+)
+
+func IdentityProviderGroupsDataSource() *schema.Resource {
+	return &schema.Resource{
+		Read: readIdentityProviderGroups,
+		Schema: map[string]*schema.Schema{
+			"filter": dataSourceFiltersSchema(),
+			"identity_provider_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"identity_provider_groups": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						// Required
+
+						// Optional
+
+						// Computed
+						"display_name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"external_identifier": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"identity_provider_id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"time_created": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"time_modified": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func readIdentityProviderGroups(d *schema.ResourceData, m interface{}) error {
+	sync := &IdentityProviderGroupsDataSourceCrud{}
+	sync.D = d
+	sync.Client = m.(*OracleClients).identityClient
+
+	return ReadResource(sync)
+}
+
+type IdentityProviderGroupsDataSourceCrud struct {
+	D      *schema.ResourceData
+	Client *oci_identity.IdentityClient
+	Res    *oci_identity.ListIdentityProviderGroupsResponse
+}
+
+func (s *IdentityProviderGroupsDataSourceCrud) VoidState() {
+	s.D.SetId("")
+}
+
+func (s *IdentityProviderGroupsDataSourceCrud) Get() error {
+	request := oci_identity.ListIdentityProviderGroupsRequest{}
+
+	if identityProviderId, ok := s.D.GetOkExists("identity_provider_id"); ok {
+		tmp := identityProviderId.(string)
+		request.IdentityProviderId = &tmp
+	}
+
+	request.RequestMetadata.RetryPolicy = getRetryPolicy(false, "identity")
+
+	response, err := s.Client.ListIdentityProviderGroups(context.Background(), request)
+	if err != nil {
+		return err
+	}
+
+	s.Res = &response
+	request.Page = s.Res.OpcNextPage
+
+	for request.Page != nil {
+		listResponse, err := s.Client.ListIdentityProviderGroups(context.Background(), request)
+		if err != nil {
+			return err
+		}
+
+		s.Res.Items = append(s.Res.Items, listResponse.Items...)
+		request.Page = listResponse.OpcNextPage
+	}
+
+	return nil
+}
+
+func (s *IdentityProviderGroupsDataSourceCrud) SetData() error {
+	if s.Res == nil {
+		return nil
+	}
+
+	s.D.SetId(GenerateDataSourceID())
+	resources := []map[string]interface{}{}
+
+	for _, r := range s.Res.Items {
+		identityProviderGroup := map[string]interface{}{
+			"identity_provider_id": *r.IdentityProviderId,
+		}
+
+		if r.DisplayName != nil {
+			identityProviderGroup["display_name"] = *r.DisplayName
+		}
+
+		if r.ExternalIdentifier != nil {
+			identityProviderGroup["external_identifier"] = *r.ExternalIdentifier
+		}
+
+		if r.Id != nil {
+			identityProviderGroup["id"] = *r.Id
+		}
+
+		if r.TimeCreated != nil {
+			identityProviderGroup["time_created"] = r.TimeCreated.String()
+		}
+
+		if r.TimeModified != nil {
+			identityProviderGroup["time_modified"] = *r.TimeModified
+		}
+
+		resources = append(resources, identityProviderGroup)
+	}
+
+	if f, fOk := s.D.GetOkExists("filter"); fOk {
+		resources = ApplyFilters(f.(*schema.Set), resources, IdentityProviderGroupsDataSource().Schema["identity_provider_groups"].Elem.(*schema.Resource).Schema)
+	}
+
+	if err := s.D.Set("identity_provider_groups", resources); err != nil {
+		return err
+	}
+
+	return nil
+}
@@ -71,6 +71,12 @@ func IdentityProviderResource() *schema.Resource {
 				DiffSuppressFunc: definedTagsDiffSuppressFunction,
 				Elem:             schema.TypeString,
 			},
+			"freeform_attributes": {
+				Type:     schema.TypeMap,
+				Optional: true,
+				Computed: true,
+				Elem:     schema.TypeString,
+			},
 			"freeform_tags": {
 				Type:     schema.TypeMap,
 				Optional: true,
@@ -242,6 +248,8 @@ func (s *IdentityProviderResourceCrud) SetData() error {
 	case oci_identity.Saml2IdentityProvider:
 		s.D.Set("protocol", "SAML2")
 
+		s.D.Set("freeform_attributes", v.FreeformAttributes)
+
 		if v.MetadataUrl != nil {
 			s.D.Set("metadata_url", *v.MetadataUrl)
 		}
@@ -308,6 +316,9 @@ func (s *IdentityProviderResourceCrud) populateTopLevelPolymorphicCreateIdentity
 	switch strings.ToLower(protocol) {
 	case strings.ToLower("SAML2"):
 		details := oci_identity.CreateSaml2IdentityProviderDetails{}
+		if freeformAttributes, ok := s.D.GetOkExists("freeform_attributes"); ok {
+			details.FreeformAttributes = objectMapToStringMap(freeformAttributes.(map[string]interface{}))
+		}
 		if metadata, ok := s.D.GetOkExists("metadata"); ok {
 			tmp := metadata.(string)
 			details.Metadata = &tmp
@@ -360,6 +371,9 @@ func (s *IdentityProviderResourceCrud) populateTopLevelPolymorphicUpdateIdentity
 	switch strings.ToLower(protocol) {
 	case strings.ToLower("SAML2"):
 		details := oci_identity.UpdateSaml2IdentityProviderDetails{}
+		if freeformAttributes, ok := s.D.GetOkExists("freeform_attributes"); ok {
+			details.FreeformAttributes = objectMapToStringMap(freeformAttributes.(map[string]interface{}))
+		}
 		if metadata, ok := s.D.GetOkExists("metadata"); ok {
 			tmp := metadata.(string)
 			details.Metadata = &tmp
 
@@ -37,15 +37,16 @@ var (
 	}
 
 	identityProviderRepresentation = map[string]interface{}{
-		"compartment_id": Representation{repType: Required, create: `${var.tenancy_ocid}`},
-		"description":    Representation{repType: Required, create: `description`, update: `description2`},
-		"metadata":       Representation{repType: Required, create: `${file("${var.identity_provider_metadata_file}")}`, update: `${file("${var.identity_provider_metadata_file}")}`},
-		"metadata_url":   Representation{repType: Required, create: `metadataUrl`, update: `metadataUrl2`},
-		"name":           Representation{repType: Required, create: `test-idp-saml2-adfs`},
-		"product_type":   Representation{repType: Required, create: `ADFS`},
-		"protocol":       Representation{repType: Required, create: `SAML2`},
-		"defined_tags":   Representation{repType: Optional, create: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "value")}`, update: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "updatedValue")}`},
-		"freeform_tags":  Representation{repType: Optional, create: map[string]string{"Department": "Finance"}, update: map[string]string{"Department": "Accounting"}},
+		"compartment_id":      Representation{repType: Required, create: `${var.tenancy_ocid}`},
+		"description":         Representation{repType: Required, create: `description`, update: `description2`},
+		"metadata":            Representation{repType: Required, create: `${file("${var.identity_provider_metadata_file}")}`},
+		"metadata_url":        Representation{repType: Required, create: `metadataUrl`, update: `metadataUrl2`},
+		"name":                Representation{repType: Required, create: `test-idp-saml2-adfs`},
+		"product_type":        Representation{repType: Required, create: `ADFS`},
+		"protocol":            Representation{repType: Required, create: `SAML2`},
+		"defined_tags":        Representation{repType: Optional, create: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "value")}`, update: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "updatedValue")}`},
+		"freeform_attributes": Representation{repType: Optional, create: map[string]string{"clientId": "app_sf3kdjf3"}},
+		"freeform_tags":       Representation{repType: Optional, create: map[string]string{"Department": "Finance"}, update: map[string]string{"Department": "Accounting"}},
 	}
 
 	IdentityProviderResourceDependencies = DefinedTagsDependencies + IdentityProviderPropertyVariables
@@ -115,6 +116,7 @@ func TestIdentityIdentityProviderResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "compartment_id", tenancyId),
 					resource.TestCheckResourceAttr(resourceName, "defined_tags.%", "1"),
 					resource.TestCheckResourceAttr(resourceName, "description", "description"),
+					resource.TestCheckResourceAttr(resourceName, "freeform_attributes.%", "1"),
 					resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
 					resource.TestCheckResourceAttrSet(resourceName, "id"),
 					resource.TestCheckResourceAttr(resourceName, "metadata", metadata),
@@ -141,6 +143,7 @@ func TestIdentityIdentityProviderResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "compartment_id", tenancyId),
 					resource.TestCheckResourceAttr(resourceName, "defined_tags.%", "1"),
 					resource.TestCheckResourceAttr(resourceName, "description", "description2"),
+					resource.TestCheckResourceAttr(resourceName, "freeform_attributes.%", "1"),
 					resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
 					resource.TestCheckResourceAttrSet(resourceName, "id"),
 					resource.TestCheckResourceAttr(resourceName, "metadata", metadata),
@@ -175,6 +178,7 @@ func TestIdentityIdentityProviderResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(datasourceName, "identity_providers.0.compartment_id", tenancyId),
 					resource.TestCheckResourceAttr(datasourceName, "identity_providers.0.defined_tags.%", "1"),
 					resource.TestCheckResourceAttr(datasourceName, "identity_providers.0.description", "description2"),
+					resource.TestCheckResourceAttr(datasourceName, "identity_providers.0.freeform_attributes.%", "1"),
 					resource.TestCheckResourceAttr(datasourceName, "identity_providers.0.freeform_tags.%", "1"),
 					resource.TestCheckResourceAttrSet(datasourceName, "identity_providers.0.id"),
 					resource.TestCheckResourceAttr(datasourceName, "identity_providers.0.name", "test-idp-saml2-adfs"),
 
@@ -100,6 +100,8 @@ func (s *IdentityProvidersDataSourceCrud) SetData() error {
 		case oci_identity.Saml2IdentityProvider:
 			result["protocol"] = "SAML2"
 
+			result["freeform_attributes"] = v.FreeformAttributes
+
 			if v.MetadataUrl != nil {
 				result["metadata_url"] = string(*v.MetadataUrl)
 			}
Original file line number	Diff line number	Diff line change
`@@ -100,6 +100,8 @@ func (s *IdentityProvidersDataSourceCrud) SetData() error {`
`100`	`100`	`case oci_identity.Saml2IdentityProvider:`
`101`	`101`	`result["protocol"] = "SAML2"`
`102`	`102`
	`103`	`+ result["freeform_attributes"] = v.FreeformAttributes`
	`104`	`+`
`103`	`105`	`if v.MetadataUrl != nil {`
`104`	`106`	`result["metadata_url"] = string(*v.MetadataUrl)`
`105`	`107`	`}`