Added - Support for ADB-S: Allow Public Access to Databases on Private Endpoint

Author: Sandeep Koka

internal/integrationtest/database_autonomous_database_resource_test.go

@@ -209,6 +209,17 @@ var (
 				"subnet_id":              acctest.Representation{RepType: acctest.Optional, Create: `${oci_core_subnet.test_subnet.id}`},
 			}), []string{"whitelisted_ips", "scheduled_operations"})
 
+	autonomousDatabasePEWithPublicAccessRepresentation = acctest.RepresentationCopyWithRemovedProperties(
+		acctest.RepresentationCopyWithNewProperties(
+			DatabaseAutonomousDatabaseRepresentation,
+			map[string]interface{}{
+				"nsg_ids":                acctest.Representation{RepType: acctest.Optional, Create: []string{`${oci_core_network_security_group.test_network_security_group.id}`}, Update: []string{`${oci_core_network_security_group.test_network_security_group.id}`, `${oci_core_network_security_group.test_network_security_group2.id}`}},
+				"private_endpoint_label": acctest.Representation{RepType: acctest.Optional, Create: `xlx4fc9y`},
+				"private_endpoint_ip":    acctest.Representation{RepType: acctest.Optional, Create: `10.0.0.97`},
+				"subnet_id":              acctest.Representation{RepType: acctest.Optional, Create: `${oci_core_subnet.test_subnet.id}`},
+				"whitelisted_ips":        acctest.Representation{RepType: acctest.Optional, Create: []string{`1.1.1.1/28`}},
+			}), []string{"scheduled_operations"})
+
 	AutonomousDatabasePrivateEndpointResourceDependencies = acctest.GenerateResourceFromRepresentationMap("oci_core_subnet", "test_subnet", acctest.Required, acctest.Create, CoreSubnetRepresentation) +
 		acctest.GenerateResourceFromRepresentationMap("oci_core_vcn", "test_vcn", acctest.Required, acctest.Create, CoreVcnRepresentation) +
 		acctest.GenerateResourceFromRepresentationMap("oci_core_network_security_group", "test_network_security_group", acctest.Required, acctest.Create, CoreNetworkSecurityGroupRepresentation) +
@@ -1934,6 +1945,138 @@ func TestResourceDatabaseAutonomousDatabaseResource_privateEndpoint(t *testing.T
 	})
 }
 
+// issue-routing-tag: database/dbaas-adb
+func TestResourceDatabaseAutonomousDatabaseResource_privateEndpointWithPublicAccess(t *testing.T) {
+	httpreplay.SetScenario("TestResourceDatabaseAutonomousDatabaseResource_privateEndPointWithPublicAccess")
+	defer httpreplay.SaveScenario()
+
+	config := acctest.ProviderTestConfig()
+
+	compartmentId := utils.GetEnvSettingWithBlankDefault("compartment_ocid")
+	compartmentIdVariableStr := fmt.Sprintf("variable \"compartment_id\" { default = \"%s\" }\n", compartmentId)
+
+	resourceName := "oci_database_autonomous_database.test_autonomous_database"
+
+	var resId, resId2 string
+
+	acctest.ResourceTest(t, testAccCheckDatabaseAutonomousDatabaseDestroy, []resource.TestStep{
+		//0. verify create
+		{
+			Config: config + compartmentIdVariableStr + AutonomousDatabasePrivateEndpointResourceDependencies +
+				acctest.GenerateResourceFromRepresentationMap("oci_database_autonomous_database", "test_autonomous_database", acctest.Optional, acctest.Create, autonomousDatabasePEWithPublicAccessRepresentation),
+			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttr(resourceName, "admin_password", "BEstrO0ng_#11"),
+				resource.TestCheckResourceAttr(resourceName, "compartment_id", compartmentId),
+				resource.TestCheckResourceAttr(resourceName, "cpu_core_count", "1"),
+				resource.TestCheckResourceAttr(resourceName, "data_storage_size_in_tbs", "1"),
+				resource.TestCheckResourceAttr(resourceName, "db_name", adbName),
+				resource.TestCheckResourceAttr(resourceName, "db_workload", "OLTP"),
+				resource.TestCheckResourceAttr(resourceName, "display_name", "example_autonomous_database"),
+				resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
+				resource.TestCheckResourceAttrSet(resourceName, "id"),
+				resource.TestCheckResourceAttr(resourceName, "is_auto_scaling_enabled", "false"),
+				resource.TestCheckResourceAttr(resourceName, "is_dedicated", "false"),
+				resource.TestCheckResourceAttr(resourceName, "is_preview_version_with_service_terms_accepted", "false"),
+				resource.TestCheckResourceAttr(resourceName, "license_model", "LICENSE_INCLUDED"),
+				resource.TestCheckResourceAttr(resourceName, "private_endpoint_ip", "10.0.0.97"),
+				resource.TestCheckResourceAttr(resourceName, "private_endpoint_label", "xlx4fc9y"),
+				resource.TestCheckResourceAttr(resourceName, "whitelisted_ips", "1.1.1.1/28"),
+				resource.TestCheckResourceAttr(resourceName, "nsg_ids.#", "1"),
+				resource.TestCheckResourceAttrSet(resourceName, "state"),
+				resource.TestCheckResourceAttrSet(resourceName, "subnet_id"),
+				resource.TestCheckResourceAttr(resourceName, "is_mtls_connection_required", "false"),
+				resource.TestCheckResourceAttr(resourceName, "connection_strings.0.profiles.#", "6"),
+
+				func(s *terraform.State) (err error) {
+					resId, err = acctest.FromInstanceState(s, resourceName, "id")
+					return err
+				},
+			),
+		},
+
+		//2. modify acl's of pe database
+		{
+			Config: config + compartmentIdVariableStr + AutonomousDatabasePrivateEndpointResourceDependencies +
+				acctest.GenerateResourceFromRepresentationMap("oci_database_autonomous_database", "test_autonomous_database", acctest.Optional, acctest.Update,
+					acctest.RepresentationCopyWithNewProperties(autonomousDatabasePrivateEndpointRepresentation, map[string]interface{}{
+						"whitelisted_ips": acctest.Representation{RepType: acctest.Optional, Update: []string{"1.1.1.29"}},
+					})),
+			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttr(resourceName, "admin_password", "BEstrO0ng_#12"),
+				resource.TestCheckResourceAttr(resourceName, "compartment_id", compartmentId),
+				resource.TestCheckResourceAttr(resourceName, "cpu_core_count", "1"),
+				resource.TestCheckResourceAttr(resourceName, "data_storage_size_in_tbs", "1"),
+				resource.TestCheckResourceAttr(resourceName, "db_name", adbName),
+				resource.TestCheckResourceAttr(resourceName, "db_workload", "OLTP"),
+				resource.TestCheckResourceAttr(resourceName, "display_name", "displayName2"),
+				resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
+				resource.TestCheckResourceAttrSet(resourceName, "id"),
+				resource.TestCheckResourceAttr(resourceName, "is_auto_scaling_enabled", "false"),
+				resource.TestCheckResourceAttr(resourceName, "is_dedicated", "false"),
+				resource.TestCheckResourceAttr(resourceName, "is_preview_version_with_service_terms_accepted", "false"),
+				resource.TestCheckResourceAttr(resourceName, "license_model", "LICENSE_INCLUDED"),
+				resource.TestCheckResourceAttr(resourceName, "nsg_ids.#", "1"),
+				resource.TestCheckResourceAttr(resourceName, "private_endpoint_ip", "10.0.0.97"),
+				resource.TestCheckResourceAttr(resourceName, "private_endpoint_label", "xlx4fc9y"),
+				resource.TestCheckResourceAttr(resourceName, "whitelisted_ips", "1.1.1.1/29"),
+				resource.TestCheckResourceAttrSet(resourceName, "state"),
+				resource.TestCheckResourceAttr(resourceName, "is_mtls_connection_required", "true"),
+				resource.TestCheckResourceAttr(resourceName, "connection_strings.0.profiles.#", "3"),
+
+				func(s *terraform.State) (err error) {
+					resId2, err = acctest.FromInstanceState(s, resourceName, "id")
+					if resId != resId2 {
+						return fmt.Errorf("Resource recreated when it was supposed to be updated.")
+					}
+					return err
+				},
+			),
+		},
+
+		//3. change network access to public
+		{
+			Config: config + compartmentIdVariableStr + AutonomousDatabasePrivateEndpointResourceDependencies +
+				acctest.GenerateResourceFromRepresentationMap("oci_database_autonomous_database", "test_autonomous_database", acctest.Optional, acctest.Update,
+					acctest.RepresentationCopyWithNewProperties(acctest.RepresentationCopyWithRemovedProperties(autonomousDatabasePEWithPublicAccessRepresentation, []string{"nsg_ids", "private_endpoint_label", "subnet_id"}), map[string]interface{}{
+						"nsg_ids":                acctest.Representation{RepType: acctest.Optional, Create: []string{`${oci_core_network_security_group.test_network_security_group.id}`}, Update: []string{}},
+						"private_endpoint_label": acctest.Representation{RepType: acctest.Optional, Create: `null`},
+						"private_endpoint_ip":    acctest.Representation{RepType: acctest.Optional, Create: `null`},
+						"subnet_id":              acctest.Representation{RepType: acctest.Optional, Create: `null`},
+						"db_version":             acctest.Representation{RepType: acctest.Optional, Create: `19c`, Update: `19c`},
+					})),
+			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttr(resourceName, "admin_password", "BEstrO0ng_#12"),
+				resource.TestCheckResourceAttr(resourceName, "compartment_id", compartmentId),
+				resource.TestCheckResourceAttr(resourceName, "cpu_core_count", "1"),
+				resource.TestCheckResourceAttr(resourceName, "data_storage_size_in_tbs", "1"),
+				resource.TestCheckResourceAttr(resourceName, "db_name", adbName),
+				resource.TestCheckResourceAttr(resourceName, "db_workload", "OLTP"),
+				resource.TestCheckResourceAttr(resourceName, "display_name", "displayName2"),
+				resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
+				resource.TestCheckResourceAttrSet(resourceName, "id"),
+				resource.TestCheckResourceAttr(resourceName, "is_auto_scaling_enabled", "false"),
+				resource.TestCheckResourceAttr(resourceName, "is_dedicated", "false"),
+				resource.TestCheckResourceAttr(resourceName, "is_preview_version_with_service_terms_accepted", "false"),
+				resource.TestCheckResourceAttr(resourceName, "license_model", "LICENSE_INCLUDED"),
+				resource.TestCheckResourceAttr(resourceName, "nsg_ids.#", "0"),
+				resource.TestCheckResourceAttr(resourceName, "private_endpoint_ip", "null"),
+				resource.TestCheckResourceAttr(resourceName, "private_endpoint_label", "null"),
+				resource.TestCheckResourceAttrSet(resourceName, "state"),
+				resource.TestCheckResourceAttr(resourceName, "is_mtls_connection_required", "true"),
+				resource.TestCheckResourceAttr(resourceName, "connection_strings.0.profiles.#", "3"),
+
+				func(s *terraform.State) (err error) {
+					resId2, err = acctest.FromInstanceState(s, resourceName, "id")
+					if resId != resId2 {
+						return fmt.Errorf("Resource recreated when it was supposed to be updated.")
+					}
+					return err
+				},
+			),
+		},
+	})
+}
+
 // issue-routing-tag: database/dbaas-adb
 func TestResourceDatabaseAutonomousDatabaseResource_dbVersion(t *testing.T) {
 	httpreplay.SetScenario("TestResourceDatabaseAutonomousDatabaseResource_dbVersion")

internal/service/database/database_autonomous_database_data_source.go

@@ -357,6 +357,16 @@ func (s *DatabaseAutonomousDatabaseDataSourceCrud) SetData() error {
 
 	s.D.Set("provisionable_cpus", s.Res.ProvisionableCpus)
 
+	if s.Res.PublicConnectionUrls != nil {
+		s.D.Set("public_connection_urls", []interface{}{AutonomousDatabaseConnectionUrlsToMap(s.Res.PublicConnectionUrls)})
+	} else {
+		s.D.Set("public_connection_urls", nil)
+	}
+
+	if s.Res.PublicEndpoint != nil {
+		s.D.Set("public_endpoint", *s.Res.PublicEndpoint)
+	}
+
 	s.D.Set("refreshable_mode", s.Res.RefreshableMode)
 
 	s.D.Set("refreshable_status", s.Res.RefreshableStatus)

internal/service/database/database_autonomous_database_resource.go

@@ -953,6 +953,55 @@ func DatabaseAutonomousDatabaseResource() *schema.Resource {
 					Type: schema.TypeFloat,
 				},
 			},
+			"public_connection_urls": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						// Required
+
+						// Optional
+
+						// Computed
+						"apex_url": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"database_transforms_url": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"graph_studio_url": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"machine_learning_notebook_url": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"machine_learning_user_management_url": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"mongo_db_url": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"ords_url": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"sql_dev_web_url": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+			"public_endpoint": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			"refreshable_status": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -2204,6 +2253,16 @@ func (s *DatabaseAutonomousDatabaseResourceCrud) SetData() error {
 
 	s.D.Set("provisionable_cpus", s.Res.ProvisionableCpus)
 
+	if s.Res.PublicConnectionUrls != nil {
+		s.D.Set("public_connection_urls", []interface{}{AutonomousDatabaseConnectionUrlsToMap(s.Res.PublicConnectionUrls)})
+	} else {
+		s.D.Set("public_connection_urls", nil)
+	}
+
+	if s.Res.PublicEndpoint != nil {
+		s.D.Set("public_endpoint", *s.Res.PublicEndpoint)
+	}
+
 	if s.Res.RefreshableMode != "" {
 		s.D.Set("refreshable_mode", s.Res.RefreshableMode)
 	}

internal/service/database/database_autonomous_databases_clones_data_source.go

@@ -638,6 +638,55 @@ func DatabaseAutonomousDatabasesClonesDataSource() *schema.Resource {
 								Type: schema.TypeFloat,
 							},
 						},
+						"public_connection_urls": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									// Required
+
+									// Optional
+
+									// Computed
+									"apex_url": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+									"database_transforms_url": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+									"graph_studio_url": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+									"machine_learning_notebook_url": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+									"machine_learning_user_management_url": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+									"mongo_db_url": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+									"ords_url": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+									"sql_dev_web_url": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+								},
+							},
+						},
+						"public_endpoint": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
 						"refreshable_mode": {
 							Type:     schema.TypeString,
 							Computed: true,
@@ -1262,6 +1311,16 @@ func (s *DatabaseAutonomousDatabasesClonesDataSourceCrud) SetData() error {
 
 		autonomousDatabasesClone["provisionable_cpus"] = r.ProvisionableCpus
 
+		if r.PublicConnectionUrls != nil {
+			autonomousDatabasesClone["public_connection_urls"] = []interface{}{AutonomousDatabaseConnectionUrlsToMap(r.PublicConnectionUrls)}
+		} else {
+			autonomousDatabasesClone["public_connection_urls"] = nil
+		}
+
+		if r.PublicEndpoint != nil {
+			autonomousDatabasesClone["public_endpoint"] = *r.PublicEndpoint
+		}
+
 		autonomousDatabasesClone["refreshable_mode"] = r.RefreshableMode
 
 		autonomousDatabasesClone["refreshable_status"] = r.RefreshableStatus

internal/service/database/database_autonomous_databases_data_source.go

@@ -472,6 +472,16 @@ func (s *DatabaseAutonomousDatabasesDataSourceCrud) SetData() error {
 
 		autonomousDatabase["provisionable_cpus"] = r.ProvisionableCpus
 
+		if r.PublicConnectionUrls != nil {
+			autonomousDatabase["public_connection_urls"] = []interface{}{AutonomousDatabaseConnectionUrlsToMap(r.PublicConnectionUrls)}
+		} else {
+			autonomousDatabase["public_connection_urls"] = nil
+		}
+
+		if r.PublicEndpoint != nil {
+			autonomousDatabase["public_endpoint"] = *r.PublicEndpoint
+		}
+
 		autonomousDatabase["refreshable_mode"] = r.RefreshableMode
 
 		autonomousDatabase["refreshable_status"] = r.RefreshableStatus

website/docs/d/database_autonomous_database.html.markdown

@@ -202,6 +202,16 @@ The following attributes are exported:
 * `private_endpoint_ip` - The private endpoint Ip address for the resource.
 * `private_endpoint_label` - The private endpoint label for the resource.
 * `provisionable_cpus` - An array of CPU values that an Autonomous Database can be scaled to.
+* `public_connection_urls` - The Public URLs of Private Endpoint database for accessing Oracle Application Express (APEX) and SQL Developer Web with a browser from a Compute instance within your VCN or that has a direct connection to your VCN.
+	* `apex_url` - Oracle Application Express (APEX) URL.
+	* `database_transforms_url` - The URL of the Database Transforms for the Autonomous Database.
+	* `graph_studio_url` - The URL of the Graph Studio for the Autonomous Database.
+	* `machine_learning_notebook_url` - The URL of the Oracle Machine Learning (OML) Notebook for the Autonomous Database.
+	* `machine_learning_user_management_url` - Oracle Machine Learning user management URL.
+	* `mongo_db_url` - The URL of the MongoDB API for the Autonomous Database.
+	* `ords_url` - The Oracle REST Data Services (ORDS) URL of the Web Access for the Autonomous Database.
+	* `sql_dev_web_url` - Oracle SQL Developer Web URL.
+* `public_endpoint` - The public endpoint for the private endpoint enabled resource.
 * `refreshable_mode` - The refresh mode of the clone. AUTOMATIC indicates that the clone is automatically being refreshed with data from the source Autonomous Database.
 * `refreshable_status` - The refresh status of the clone. REFRESHING indicates that the clone is currently being refreshed with data from the source Autonomous Database.
 * `remote_disaster_recovery_configuration` - Configurations of a Disaster Recovery.

website/docs/d/database_autonomous_databases.html.markdown

@@ -231,6 +231,16 @@ The following attributes are exported:
 * `private_endpoint_ip` - The private endpoint Ip address for the resource.
 * `private_endpoint_label` - The private endpoint label for the resource.
 * `provisionable_cpus` - An array of CPU values that an Autonomous Database can be scaled to.
+* `public_connection_urls` - The Public URLs of Private Endpoint database for accessing Oracle Application Express (APEX) and SQL Developer Web with a browser from a Compute instance within your VCN or that has a direct connection to your VCN.
+	* `apex_url` - Oracle Application Express (APEX) URL.
+	* `database_transforms_url` - The URL of the Database Transforms for the Autonomous Database.
+	* `graph_studio_url` - The URL of the Graph Studio for the Autonomous Database.
+	* `machine_learning_notebook_url` - The URL of the Oracle Machine Learning (OML) Notebook for the Autonomous Database.
+	* `machine_learning_user_management_url` - Oracle Machine Learning user management URL.
+	* `mongo_db_url` - The URL of the MongoDB API for the Autonomous Database.
+	* `ords_url` - The Oracle REST Data Services (ORDS) URL of the Web Access for the Autonomous Database.
+	* `sql_dev_web_url` - Oracle SQL Developer Web URL.
+* `public_endpoint` - The public endpoint for the private endpoint enabled resource.
 * `refreshable_mode` - The refresh mode of the clone. AUTOMATIC indicates that the clone is automatically being refreshed with data from the source Autonomous Database.
 * `refreshable_status` - The refresh status of the clone. REFRESHING indicates that the clone is currently being refreshed with data from the source Autonomous Database.
 * `remote_disaster_recovery_configuration` - Configurations of a Disaster Recovery.