Added - Support for Encrypted FastConnect

Author: sreesaiteja-lanka

examples/fast_connect/cross_connect.tf

@@ -33,3 +33,5 @@ output "cross_connects" {
   value = data.oci_core_cross_connects.cross_connects.cross_connects
 }
 
+
+

examples/fast_connect/cross_connect_group.tf

@@ -9,6 +9,22 @@ variable "cross_connect_group_state" {
   default = "AVAILABLE"
 }
 
+variable "secret_ocid_ckn" {
+
+}
+
+variable "secret_version_cak" {
+
+}
+
+variable "secret_ocid_cak" {
+
+}
+
+variable "secret_version_ckn" {
+
+}
+
 resource "oci_core_cross_connect_group" "cross_connect_group" {
   #Required
   compartment_id = var.compartment_ocid
@@ -30,3 +46,48 @@ output "cross_connect_groups" {
   value = data.oci_core_cross_connect_groups.cross_connect_groups.cross_connect_groups
 }
 
+resource "oci_core_cross_connect_group" "test_cross_connect_group" {
+    #Required
+    compartment_id = "${var.compartment_ocid}"
+    #Optional
+    customer_reference_name = "customerReferenceName"
+    defined_tags = "${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "value")}"
+    display_name = "displayName"
+    freeform_tags = {
+        "Department" = "Finance"
+    }
+    macsec_properties {
+        #Required
+        state = "ENABLED"
+        #Optional
+        encryption_cipher = "AES256_GCM"
+        primary_key {
+            #Required
+            connectivity_association_key_secret_id = "${var.secret_ocid_ckn}"
+            connectivity_association_key_secret_version = "${var.secret_version_cak}"
+            connectivity_association_name_secret_id = "${var.secret_ocid_cak}"
+            connectivity_association_name_secret_version = "${var.secret_version_ckn}"
+        }
+
+    }
+}
+
+variable defined_tag_namespace_name { default = "" }
+resource "oci_identity_tag_namespace" "tag-namespace1" {
+        #Required
+        compartment_id = "${var.tenancy_ocid}"
+        description = "example tag namespace"
+        name = "${var.defined_tag_namespace_name != "" ? var.defined_tag_namespace_name : "example-tag-namespace-all"}"
+
+        is_retired = false
+}
+
+resource "oci_identity_tag" "tag1" {
+        #Required
+        description = "example tag"
+        name = "example-tag"
+        tag_namespace_id = "${oci_identity_tag_namespace.tag-namespace1.id}"
+
+        is_retired = false
+}
+

oci/core_cross_connect_data_source.go

@@ -93,6 +93,12 @@ func (s *CoreCrossConnectDataSourceCrud) SetData() error {
 		s.D.Set("location_name", *s.Res.LocationName)
 	}
 
+	if s.Res.MacsecProperties != nil {
+		s.D.Set("macsec_properties", []interface{}{MacsecPropertiesToMap(s.Res.MacsecProperties)})
+	} else {
+		s.D.Set("macsec_properties", nil)
+	}
+
 	if s.Res.PortName != nil {
 		s.D.Set("port_name", *s.Res.PortName)
 	}

oci/core_cross_connect_group_data_source.go

@@ -85,6 +85,12 @@ func (s *CoreCrossConnectGroupDataSourceCrud) SetData() error {
 
 	s.D.Set("freeform_tags", s.Res.FreeformTags)
 
+	if s.Res.MacsecProperties != nil {
+		s.D.Set("macsec_properties", []interface{}{MacsecPropertiesToMap(s.Res.MacsecProperties)})
+	} else {
+		s.D.Set("macsec_properties", nil)
+	}
+
 	s.D.Set("state", s.Res.LifecycleState)
 
 	if s.Res.TimeCreated != nil {

oci/core_cross_connect_group_resource.go

@@ -5,6 +5,8 @@ package oci
 
 import (
 	"context"
+	"fmt"
+	"strconv"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 
@@ -56,6 +58,61 @@ func CoreCrossConnectGroupResource() *schema.Resource {
 				Computed: true,
 				Elem:     schema.TypeString,
 			},
+			"macsec_properties": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Computed: true,
+				MaxItems: 1,
+				MinItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						// Required
+						"state": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+
+						// Optional
+						"encryption_cipher": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Computed: true,
+						},
+						"primary_key": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Computed: true,
+							MaxItems: 1,
+							MinItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									// Required
+									"connectivity_association_key_secret_id": {
+										Type:     schema.TypeString,
+										Required: true,
+									},
+									"connectivity_association_name_secret_id": {
+										Type:     schema.TypeString,
+										Required: true,
+									},
+
+									// Required
+									"connectivity_association_key_secret_version": {
+										Type:     schema.TypeString,
+										Required: true,
+									},
+									"connectivity_association_name_secret_version": {
+										Type:     schema.TypeString,
+										Required: true,
+									},
+								},
+							},
+						},
+
+						// Computed
+					},
+				},
+			},
 
 			// Computed
 			"state": {
@@ -182,6 +239,17 @@ func (s *CoreCrossConnectGroupResourceCrud) Create() error {
 		request.FreeformTags = ObjectMapToStringMap(freeformTags.(map[string]interface{}))
 	}
 
+	if macsecProperties, ok := s.D.GetOkExists("macsec_properties"); ok {
+		if tmpList := macsecProperties.([]interface{}); len(tmpList) > 0 {
+			fieldKeyFormat := fmt.Sprintf("%s.%d.%%s", "macsec_properties", 0)
+			tmp, err := s.mapToCreateMacsecProperties(fieldKeyFormat)
+			if err != nil {
+				return err
+			}
+			request.MacsecProperties = &tmp
+		}
+	}
+
 	request.RequestMetadata.RetryPolicy = GetRetryPolicy(s.DisableNotFoundRetries, "core")
 
 	response, err := s.Client.CreateCrossConnectGroup(context.Background(), request)
@@ -247,6 +315,17 @@ func (s *CoreCrossConnectGroupResourceCrud) Update() error {
 		request.FreeformTags = ObjectMapToStringMap(freeformTags.(map[string]interface{}))
 	}
 
+	if macsecProperties, ok := s.D.GetOkExists("macsec_properties"); ok {
+		if tmpList := macsecProperties.([]interface{}); len(tmpList) > 0 {
+			fieldKeyFormat := fmt.Sprintf("%s.%d.%%s", "macsec_properties", 0)
+			tmp, err := s.mapToUpdateMacsecProperties(fieldKeyFormat)
+			if err != nil {
+				return err
+			}
+			request.MacsecProperties = &tmp
+		}
+	}
+
 	request.RequestMetadata.RetryPolicy = GetRetryPolicy(s.DisableNotFoundRetries, "core")
 
 	response, err := s.Client.UpdateCrossConnectGroup(context.Background(), request)
@@ -289,6 +368,12 @@ func (s *CoreCrossConnectGroupResourceCrud) SetData() error {
 
 	s.D.Set("freeform_tags", s.Res.FreeformTags)
 
+	if s.Res.MacsecProperties != nil {
+		s.D.Set("macsec_properties", []interface{}{MacsecPropertiesToMap(s.Res.MacsecProperties)})
+	} else {
+		s.D.Set("macsec_properties", nil)
+	}
+
 	s.D.Set("state", s.Res.LifecycleState)
 
 	if s.Res.TimeCreated != nil {
@@ -298,6 +383,106 @@ func (s *CoreCrossConnectGroupResourceCrud) SetData() error {
 	return nil
 }
 
+func (s *CoreCrossConnectGroupResourceCrud) mapToCreateMacsecKey(fieldKeyFormat string) (oci_core.CreateMacsecKey, error) {
+	result := oci_core.CreateMacsecKey{}
+
+	if connectivityAssociationKeySecretId, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "connectivity_association_key_secret_id")); ok {
+		tmp := connectivityAssociationKeySecretId.(string)
+		result.ConnectivityAssociationKeySecretId = &tmp
+	}
+
+	if connectivityAssociationNameSecretId, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "connectivity_association_name_secret_id")); ok {
+		tmp := connectivityAssociationNameSecretId.(string)
+		result.ConnectivityAssociationNameSecretId = &tmp
+	}
+
+	return result, nil
+}
+
+func (s *CoreCrossConnectGroupResourceCrud) mapToUpdateMacsecKey(fieldKeyFormat string) (oci_core.UpdateMacsecKey, error) {
+	result := oci_core.UpdateMacsecKey{}
+
+	if connectivityAssociationKeySecretId, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "connectivity_association_key_secret_id")); ok {
+		tmp := connectivityAssociationKeySecretId.(string)
+		result.ConnectivityAssociationKeySecretId = &tmp
+	}
+
+	if connectivityAssociationNameSecretId, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "connectivity_association_name_secret_id")); ok {
+		tmp := connectivityAssociationNameSecretId.(string)
+		result.ConnectivityAssociationNameSecretId = &tmp
+	}
+
+	if connectivityAssociationKeySecretVersion, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "connectivity_association_key_secret_version")); ok {
+		tmp := connectivityAssociationKeySecretVersion.(string)
+		tmpInt64, err := strconv.ParseInt(tmp, 10, 64)
+		if err != nil {
+			return result, fmt.Errorf("unable to convert connectivityAssociationKeySecretVersion string: %s to an int64 and encountered error: %v", tmp, err)
+		}
+		result.ConnectivityAssociationKeySecretVersion = &tmpInt64
+	}
+
+	if connectivityAssociationNameSecretVersion, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "connectivity_association_name_secret_version")); ok {
+		tmp := connectivityAssociationNameSecretVersion.(string)
+		tmpInt64, err := strconv.ParseInt(tmp, 10, 64)
+		if err != nil {
+			return result, fmt.Errorf("unable to convert connectivityAssociationNameSecretVersion string: %s to an int64 and encountered error: %v", tmp, err)
+		}
+		result.ConnectivityAssociationNameSecretVersion = &tmpInt64
+	}
+
+	return result, nil
+}
+
+func (s *CoreCrossConnectGroupResourceCrud) mapToCreateMacsecProperties(fieldKeyFormat string) (oci_core.CreateMacsecProperties, error) {
+	result := oci_core.CreateMacsecProperties{}
+
+	if encryptionCipher, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "encryption_cipher")); ok {
+		result.EncryptionCipher = oci_core.MacsecEncryptionCipherEnum(encryptionCipher.(string))
+	}
+
+	if primaryKey, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "primary_key")); ok {
+		if tmpList := primaryKey.([]interface{}); len(tmpList) > 0 {
+			fieldKeyFormatNextLevel := fmt.Sprintf("%s.%d.%%s", fmt.Sprintf(fieldKeyFormat, "primary_key"), 0)
+			tmp, err := s.mapToCreateMacsecKey(fieldKeyFormatNextLevel)
+			if err != nil {
+				return result, fmt.Errorf("unable to convert primary_key, encountered error: %v", err)
+			}
+			result.PrimaryKey = &tmp
+		}
+	}
+
+	if state, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "state")); ok {
+		result.State = oci_core.MacsecStateEnum(state.(string))
+	}
+
+	return result, nil
+}
+
+func (s *CoreCrossConnectGroupResourceCrud) mapToUpdateMacsecProperties(fieldKeyFormat string) (oci_core.UpdateMacsecProperties, error) {
+	result := oci_core.UpdateMacsecProperties{}
+
+	if encryptionCipher, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "encryption_cipher")); ok {
+		result.EncryptionCipher = oci_core.MacsecEncryptionCipherEnum(encryptionCipher.(string))
+	}
+
+	if primaryKey, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "primary_key")); ok {
+		if tmpList := primaryKey.([]interface{}); len(tmpList) > 0 {
+			fieldKeyFormatNextLevel := fmt.Sprintf("%s.%d.%%s", fmt.Sprintf(fieldKeyFormat, "primary_key"), 0)
+			tmp, err := s.mapToUpdateMacsecKey(fieldKeyFormatNextLevel)
+			if err != nil {
+				return result, fmt.Errorf("unable to convert primary_key, encountered error: %v", err)
+			}
+			result.PrimaryKey = &tmp
+		}
+	}
+
+	if state, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "state")); ok {
+		result.State = oci_core.MacsecStateEnum(state.(string))
+	}
+
+	return result, nil
+}
+
 func (s *CoreCrossConnectGroupResourceCrud) updateCompartment(compartment interface{}) error {
 	changeCompartmentRequest := oci_core.ChangeCrossConnectGroupCompartmentRequest{}