Add support for VCN Transit Routing to Oracle Services via Service Gateways

Author: parrneet

CHANGELOG.md

@@ -15,6 +15,7 @@
 - Support for moving `identity_compartment` resource tree across compartments
 - Support for moving `dns_zone` and `dns_steering_policy` resources across compartments
 - Support in autonomous database and object data sources for encoding downloaded binary content as base64. This works around behavior in Terraform v0.12 that could cause binary content to be corrupted if written directly to state.
+- Support for VCN Transit Routing to Oracle Services via Service Gateways
 
 ### Fixed
 - Address panics caused by invalid type assertions in object map conversion. This could potentially affect attributes

examples/networking/service_gateway/service_gateway.tf

@@ -48,7 +48,8 @@ resource "oci_core_service_gateway" "test_service_gateway" {
   vcn_id = "${oci_core_vcn.test_vcn.id}"
 
   #Optional
-  display_name = "testServiceGateway"
+  display_name   = "testServiceGateway"
+  route_table_id = "${oci_core_route_table.test_route_table_transit_routing.id}"
 }
 
 data "oci_core_service_gateways" "test_service_gateways" {
@@ -76,6 +77,12 @@ resource "oci_core_route_table" "test_route_table" {
   }
 }
 
+resource "oci_core_route_table" "test_route_table_transit_routing" {
+  compartment_id = "${var.compartment_ocid}"
+  vcn_id         = "${oci_core_vcn.test_vcn.id}"
+  display_name   = "testRouteTableTransitRouting"
+}
+
 resource "oci_core_security_list" "test_security_list" {
   compartment_id = "${var.compartment_ocid}"
   vcn_id         = "${oci_core_vcn.test_vcn.id}"

oci/core_service_gateway_resource.go

@@ -76,6 +76,11 @@ func CoreServiceGatewayResource() *schema.Resource {
 				Computed: true,
 				Elem:     schema.TypeString,
 			},
+			"route_table_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
 
 			// Computed
 			"block_traffic": {
@@ -187,6 +192,11 @@ func (s *CoreServiceGatewayResourceCrud) Create() error {
 		request.FreeformTags = objectMapToStringMap(freeformTags.(map[string]interface{}))
 	}
 
+	if routeTableId, ok := s.D.GetOkExists("route_table_id"); ok {
+		tmp := routeTableId.(string)
+		request.RouteTableId = &tmp
+	}
+
 	request.Services = []oci_core.ServiceIdRequestDetails{}
 	if services, ok := s.D.GetOkExists("services"); ok {
 		set := services.(*schema.Set)
@@ -271,6 +281,11 @@ func (s *CoreServiceGatewayResourceCrud) Update() error {
 		request.FreeformTags = objectMapToStringMap(freeformTags.(map[string]interface{}))
 	}
 
+	if routeTableId, ok := s.D.GetOkExists("route_table_id"); ok {
+		tmp := routeTableId.(string)
+		request.RouteTableId = &tmp
+	}
+
 	tmp := s.D.Id()
 	request.ServiceGatewayId = &tmp
 
@@ -333,6 +348,10 @@ func (s *CoreServiceGatewayResourceCrud) SetData() error {
 
 	s.D.Set("freeform_tags", s.Res.FreeformTags)
 
+	if s.Res.RouteTableId != nil {
+		s.D.Set("route_table_id", *s.Res.RouteTableId)
+	}
+
 	services := []interface{}{}
 	for _, item := range s.Res.Services {
 		services = append(services, ServiceIdResponseDetailsToMap(item))

oci/core_service_gateway_test.go

@@ -36,17 +36,17 @@ var (
 		"services":       RepresentationGroup{Required, serviceGatewayServicesRepresentation},
 		"vcn_id":         Representation{repType: Required, create: `${oci_core_vcn.test_vcn.id}`},
 		"defined_tags":   Representation{repType: Optional, create: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "value")}`, update: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "updatedValue")}`},
-		"display_name":   Representation{repType: Optional, create: `displayName`, update: `displayName2`},
+		"display_name":   Representation{repType: Optional, create: `MyServiceGateway`, update: `displayName2`},
 		"freeform_tags":  Representation{repType: Optional, create: map[string]string{"Department": "Finance"}, update: map[string]string{"Department": "Accounting"}},
+		"route_table_id": Representation{repType: Optional, create: `${oci_core_vcn.test_vcn.default_route_table_id}`, update: `${oci_core_route_table.test_route_table.id}`},
 	}
 	serviceGatewayServicesRepresentation = map[string]interface{}{
 		"service_id": Representation{repType: Required, create: `${lookup(data.oci_core_services.test_services.services[0], "id")}`},
 	}
 
-	ServiceGatewayResourceDependencies = VcnRequiredOnlyResource + VcnResourceDependencies + `
-data "oci_core_services" "test_services" {
-}
-`
+	ServiceGatewayResourceDependencies = DefinedTagsDependencies + VcnResourceConfig + ObjectStorageCoreService +
+		generateResourceFromRepresentationMap("oci_core_route_table", "test_route_table", Required, Create, routeTableRepresentation) +
+		generateResourceFromRepresentationMap("oci_core_internet_gateway", "test_network_entity", Required, Create, internetGatewayRepresentation)
 )
 
 func TestCoreServiceGatewayResource_basic(t *testing.T) {
@@ -106,9 +106,10 @@ func TestCoreServiceGatewayResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttrSet(resourceName, "block_traffic"),
 					resource.TestCheckResourceAttr(resourceName, "compartment_id", compartmentId),
 					resource.TestCheckResourceAttr(resourceName, "defined_tags.%", "1"),
-					resource.TestCheckResourceAttr(resourceName, "display_name", "displayName"),
+					resource.TestCheckResourceAttr(resourceName, "display_name", "MyServiceGateway"),
 					resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
 					resource.TestCheckResourceAttrSet(resourceName, "id"),
+					resource.TestCheckResourceAttrSet(resourceName, "route_table_id"),
 					resource.TestCheckResourceAttr(resourceName, "services.#", "1"),
 					CheckResourceSetContainsElementWithProperties(resourceName, "services", map[string]string{},
 						[]string{
@@ -136,9 +137,10 @@ func TestCoreServiceGatewayResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttrSet(resourceName, "block_traffic"),
 					resource.TestCheckResourceAttr(resourceName, "compartment_id", compartmentIdU),
 					resource.TestCheckResourceAttr(resourceName, "defined_tags.%", "1"),
-					resource.TestCheckResourceAttr(resourceName, "display_name", "displayName"),
+					resource.TestCheckResourceAttr(resourceName, "display_name", "MyServiceGateway"),
 					resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
 					resource.TestCheckResourceAttrSet(resourceName, "id"),
+					resource.TestCheckResourceAttrSet(resourceName, "route_table_id"),
 					resource.TestCheckResourceAttr(resourceName, "services.#", "1"),
 					CheckResourceSetContainsElementWithProperties(resourceName, "services", map[string]string{},
 						[]string{
@@ -169,6 +171,7 @@ func TestCoreServiceGatewayResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "display_name", "displayName2"),
 					resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
 					resource.TestCheckResourceAttrSet(resourceName, "id"),
+					resource.TestCheckResourceAttrSet(resourceName, "route_table_id"),
 					resource.TestCheckResourceAttr(resourceName, "services.#", "1"),
 					CheckResourceSetContainsElementWithProperties(resourceName, "services", map[string]string{},
 						[]string{

oci/core_service_gateways_data_source.go

@@ -124,6 +124,10 @@ func (s *CoreServiceGatewaysDataSourceCrud) SetData() error {
 			serviceGateway["id"] = *r.Id
 		}
 
+		if r.RouteTableId != nil {
+			serviceGateway["route_table_id"] = *r.RouteTableId
+		}
+
 		services := []interface{}{}
 		for _, item := range r.Services {
 			services = append(services, ServiceIdResponseDetailsToMap(item))

oci/oci_dependency_graph.go

@@ -72,6 +72,7 @@ func initDependencyGraph() {
 	DependencyGraph["providerService"] = append(DependencyGraph["providerService"], "CoreVirtualCircuit")
 	DependencyGraph["routeTable"] = append(DependencyGraph["routeTable"], "CoreDrgAttachment")
 	DependencyGraph["routeTable"] = append(DependencyGraph["routeTable"], "CoreLocalPeeringGateway")
+	DependencyGraph["routeTable"] = append(DependencyGraph["routeTable"], "CoreServiceGateway")
 	DependencyGraph["routeTable"] = append(DependencyGraph["routeTable"], "CoreSubnet")
 	DependencyGraph["steeringPolicy"] = append(DependencyGraph["steeringPolicy"], "DnsSteeringPolicyAttachment")
 	DependencyGraph["subnet"] = append(DependencyGraph["subnet"], "CoreInstance")

website/docs/d/core_service_gateways.html.markdown

@@ -51,6 +51,7 @@ The following attributes are exported:
 * `display_name` - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information. 
 * `freeform_tags` - Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm).  Example: `{"Department": "Finance"}` 
 * `id` - The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the service gateway. 
+* `route_table_id` - The OCID of the route table the service gateway is using. For information about why you would associate a route table with a service gateway, see [Transit Routing: Private Access to Oracle Services Network](https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/transitroutingoracleservices.htm). 
 * `services` - List of the [Service](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/Service/) objects enabled for this service gateway. The list can be empty. You can enable a particular `Service` by using [AttachServiceId](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/ServiceGateway/AttachServiceId) or [UpdateServiceGateway](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/ServiceGateway/UpdateServiceGateway). 
 	* `service_id` - The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the service. 
 	* `service_name` - The name of the service.

website/docs/r/core_service_gateway.html.markdown

@@ -36,6 +36,7 @@ resource "oci_core_service_gateway" "test_service_gateway" {
 	defined_tags = {"Operations.CostCenter"= "42"}
 	display_name = "${var.service_gateway_display_name}"
 	freeform_tags = {"Department"= "Finance"}
+	route_table_id = "${oci_core_route_table.test_route_table.id}"
 }
 ```
 
@@ -47,6 +48,11 @@ The following arguments are supported:
 * `defined_tags` - (Optional) (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm).  Example: `{"Operations.CostCenter": "42"}` 
 * `display_name` - (Optional) (Updatable) A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information. 
 * `freeform_tags` - (Optional) (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm).  Example: `{"Department": "Finance"}` 
+* `route_table_id` - (Optional) (Updatable) The OCID of the route table the service gateway will use.
+
+	If you don't specify a route table here, the service gateway is created without an associated route table. The Networking service does NOT automatically associate the attached VCN's default route table with the service gateway.
+
+	For information about why you would associate a route table with a service gateway, see [Transit Routing: Private Access to Oracle Services Network](https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/transitroutingoracleservices.htm). 
 * `services` - (Required) (Updatable) List of the OCIDs of the [Service](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/Service/) objects to enable for the service gateway. This list can be empty if you don't want to enable any `Service` objects when you create the gateway. You can enable a `Service` object later by using either [AttachServiceId](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/ServiceGateway/AttachServiceId) or [UpdateServiceGateway](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/ServiceGateway/UpdateServiceGateway).
 
 	For each enabled `Service`, make sure there's a route rule with the `Service` object's `cidrBlock` as the rule's destination and the service gateway as the rule's target. See [Route Table](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/RouteTable/). 
@@ -67,6 +73,7 @@ The following attributes are exported:
 * `display_name` - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information. 
 * `freeform_tags` - Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm).  Example: `{"Department": "Finance"}` 
 * `id` - The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the service gateway. 
+* `route_table_id` - The OCID of the route table the service gateway is using. For information about why you would associate a route table with a service gateway, see [Transit Routing: Private Access to Oracle Services Network](https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/transitroutingoracleservices.htm). 
 * `services` - List of the [Service](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/Service/) objects enabled for this service gateway. The list can be empty. You can enable a particular `Service` by using [AttachServiceId](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/ServiceGateway/AttachServiceId) or [UpdateServiceGateway](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/ServiceGateway/UpdateServiceGateway). 
 	* `service_id` - The [OCID](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the service. 
 	* `service_name` - The name of the service.