Field tsig has been removed from oci_dns_zone resource

Author: rashik-bhasin

CHANGELOG.md

@@ -1,11 +1,14 @@
-## 4.35.0 (July 14, 2021)
+## 4.35.0 (Unreleased)
 
 ### Added
 - Support for Oracle distribution of Hadoop with Big Data service
 - Support for APM Synthetics service added
 - Support for Regional VLANs added to `core`
 - Support added for VCN DNS Namespace Collision Remediation
 
+### Deprecated
+- Field `tsig` has been removed from `oci_dns_zone` resource and will be a breaking change for customers who have it defined in their Terraform configuration file
+
 ## 4.34.0 (July 07, 2021)
 
 ### Added

oci/dns_tsig_key_resource.go

@@ -141,11 +141,15 @@ func (s *DnsTsigKeyResourceCrud) CreatedTarget() []string {
 }
 
 func (s *DnsTsigKeyResourceCrud) DeletedPending() []string {
-	return []string{}
+	return []string{
+		string(oci_dns.TsigKeyLifecycleStateDeleting),
+	}
 }
 
 func (s *DnsTsigKeyResourceCrud) DeletedTarget() []string {
-	return []string{}
+	return []string{
+		string(oci_dns.TsigKeyLifecycleStateDeleted),
+	}
 }
 
 func (s *DnsTsigKeyResourceCrud) Create() error {

oci/dns_tsig_key_test.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"strconv"
 	"testing"
+	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -247,10 +248,18 @@ func testAccCheckDnsTsigKeyDestroy(s *terraform.State) error {
 
 			request.RequestMetadata.RetryPolicy = getRetryPolicy(true, "dns")
 
-			_, err := client.GetTsigKey(context.Background(), request)
+			response, err := client.GetTsigKey(context.Background(), request)
 
 			if err == nil {
-				return fmt.Errorf("resource still exists")
+				deletedLifecycleStates := map[string]bool{
+					string(oci_dns.TsigKeyLifecycleStateDeleted): true,
+				}
+				if _, ok := deletedLifecycleStates[string(response.LifecycleState)]; !ok {
+					//resource lifecycle state is not in expected deleted lifecycle states.
+					return fmt.Errorf("resource lifecycle state: %s is not in expected deleted lifecycle states", response.LifecycleState)
+				}
+				//resource lifecycle state is in expected deleted lifecycle states. continue with next one.
+				continue
 			}
 
 			//Verify that exception is for '404 not found'.
@@ -297,6 +306,8 @@ func sweepDnsTsigKeyResource(compartment string) error {
 				fmt.Printf("Error deleting TsigKey %s %s, It is possible that the resource is already deleted. Please verify manually \n", tsigKeyId, error)
 				continue
 			}
+			waitTillCondition(testAccProvider, &tsigKeyId, tsigKeySweepWaitCondition, time.Duration(3*time.Minute),
+				tsigKeySweepResponseFetchOperation, "dns", true)
 		}
 	}
 	return nil
@@ -313,6 +324,7 @@ func getTsigKeyIds(compartment string) ([]string, error) {
 
 	listTsigKeysRequest := oci_dns.ListTsigKeysRequest{}
 	listTsigKeysRequest.CompartmentId = &compartmentId
+	listTsigKeysRequest.LifecycleState = oci_dns.TsigKeySummaryLifecycleStateActive
 	listTsigKeysResponse, err := dnsClient.ListTsigKeys(context.Background(), listTsigKeysRequest)
 
 	if err != nil {
@@ -325,3 +337,21 @@ func getTsigKeyIds(compartment string) ([]string, error) {
 	}
 	return resourceIds, nil
 }
+
+func tsigKeySweepWaitCondition(response common.OCIOperationResponse) bool {
+	// Only stop if the resource is available beyond 3 mins. As there could be an issue for the sweeper to delete the resource and manual intervention required.
+	if tsigKeyResponse, ok := response.Response.(oci_dns.GetTsigKeyResponse); ok {
+		return tsigKeyResponse.LifecycleState != oci_dns.TsigKeyLifecycleStateDeleted
+	}
+	return false
+}
+
+func tsigKeySweepResponseFetchOperation(client *OracleClients, resourceId *string, retryPolicy *common.RetryPolicy) error {
+	_, err := client.dnsClient().GetTsigKey(context.Background(), oci_dns.GetTsigKeyRequest{
+		TsigKeyId: resourceId,
+		RequestMetadata: common.RequestMetadata{
+			RetryPolicy: retryPolicy,
+		},
+	})
+	return err
+}

oci/dns_zone_resource.go

@@ -77,35 +77,6 @@ func DnsZoneResource() *schema.Resource {
 							Optional: true,
 							Computed: true,
 						},
-						"tsig": {
-							Type:     schema.TypeList,
-							Optional: true,
-							Computed: true,
-							MaxItems: 1,
-							MinItems: 1,
-							Elem: &schema.Resource{
-								Schema: map[string]*schema.Schema{
-									// Required
-									"algorithm": {
-										Type:     schema.TypeString,
-										Required: true,
-									},
-									"name": {
-										Type:     schema.TypeString,
-										Required: true,
-									},
-									"secret": {
-										Type:      schema.TypeString,
-										Required:  true,
-										Sensitive: true,
-									},
-
-									// Optional
-
-									// Computed
-								},
-							},
-						},
 						"tsig_key_id": {
 							Type:     schema.TypeString,
 							Optional: true,
@@ -500,17 +471,6 @@ func (s *DnsZoneResourceCrud) mapToExternalMaster(fieldKeyFormat string) (oci_dn
 		result.Port = &tmp
 	}
 
-	if tsig, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "tsig")); ok {
-		if tmpList := tsig.([]interface{}); len(tmpList) > 0 {
-			fieldKeyFormatNextLevel := fmt.Sprintf("%s.%d.%%s", fmt.Sprintf(fieldKeyFormat, "tsig"), 0)
-			tmp, err := s.mapToTSIG(fieldKeyFormatNextLevel)
-			if err != nil {
-				return result, fmt.Errorf("unable to convert tsig, encountered error: %v", err)
-			}
-			result.Tsig = &tmp
-		}
-	}
-
 	if tsigKeyId, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "tsig_key_id")); ok {
 		tmp := tsigKeyId.(string)
 		result.TsigKeyId = &tmp
@@ -530,10 +490,6 @@ func ExternalMasterToMap(obj oci_dns.ExternalMaster) map[string]interface{} {
 		result["port"] = int(*obj.Port)
 	}
 
-	if obj.Tsig != nil {
-		result["tsig"] = []interface{}{TSIGToMap(obj.Tsig)}
-	}
-
 	if obj.TsigKeyId != nil {
 		result["tsig_key_id"] = string(*obj.TsigKeyId)
 	}
@@ -551,45 +507,6 @@ func NameserverToMap(obj oci_dns.Nameserver) map[string]interface{} {
 	return result
 }
 
-func (s *DnsZoneResourceCrud) mapToTSIG(fieldKeyFormat string) (oci_dns.Tsig, error) {
-	result := oci_dns.Tsig{}
-
-	if algorithm, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "algorithm")); ok {
-		tmp := algorithm.(string)
-		result.Algorithm = &tmp
-	}
-
-	if name, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "name")); ok {
-		tmp := name.(string)
-		result.Name = &tmp
-	}
-
-	if secret, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "secret")); ok {
-		tmp := secret.(string)
-		result.Secret = &tmp
-	}
-
-	return result, nil
-}
-
-func TSIGToMap(obj *oci_dns.Tsig) map[string]interface{} {
-	result := map[string]interface{}{}
-
-	if obj.Algorithm != nil {
-		result["algorithm"] = string(*obj.Algorithm)
-	}
-
-	if obj.Name != nil {
-		result["name"] = string(*obj.Name)
-	}
-
-	if obj.Secret != nil {
-		result["secret"] = string(*obj.Secret)
-	}
-
-	return result
-}
-
 func (s *DnsZoneResourceCrud) updateCompartment(compartment interface{}) error {
 	changeCompartmentRequest := oci_dns.ChangeZoneCompartmentRequest{}
 

oci/dns_zones_data_source.go

@@ -57,6 +57,10 @@ func DnsZonesDataSource() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
+			"tsig_key_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 			"view_id": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -144,6 +148,11 @@ func (s *DnsZonesDataSourceCrud) Get() error {
 		request.TimeCreatedLessThan = &oci_common.SDKTime{Time: tmp}
 	}
 
+	if tsigKeyId, ok := s.D.GetOkExists("tsig_key_id"); ok {
+		tmp := tsigKeyId.(string)
+		request.TsigKeyId = &tmp
+	}
+
 	if viewId, ok := s.D.GetOkExists("view_id"); ok {
 		tmp := viewId.(string)
 		request.ViewId = &tmp

website/docs/d/dns_records.html.markdown

@@ -13,9 +13,11 @@ description: |-
 
 This data source provides the list of Records in Oracle Cloud Infrastructure DNS service.
 
-Gets all records in the specified zone. The results are
-sorted by `domain` in alphabetical order by default. For more
-information about records, see [Resource Record (RR) TYPEs](https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4).
+Gets all records in the specified zone. The results are sorted by `domain` in alphabetical order by default.
+For more information about records, see [Resource Record (RR) TYPEs](https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4).
+For private zones, the scope query parameter is required with a value of `PRIVATE`. When the zone name is
+provided as a path parameter and `PRIVATE` is used for the scope query parameter then the viewId query
+parameter is required.
 
 
 ## Example Usage

website/docs/d/dns_resolver.html.markdown

@@ -10,9 +10,9 @@ description: |-
 # Data Source: oci_dns_resolver
 This data source provides details about a specific Resolver resource in Oracle Cloud Infrastructure DNS service.
 
-Get information about a specific resolver. Note that attempting to get a
-resolver in the DELETED lifecycleState will result in a 404 to be
-consistent with other operations of the API.
+Gets information about a specific resolver. Note that attempting to get a
+resolver in the DELETED lifecycleState will result in a `404` response to be
+consistent with other operations of the API. Requires a `PRIVATE` scope query parameter.
 
 
 ## Example Usage
@@ -54,8 +54,8 @@ The following attributes are exported:
 	* `forwarding_address` - An IP address from which forwarded queries may be sent. For VNIC endpoints, this IP address must be part of the subnet and will be assigned by the system if unspecified when isForwarding is true. 
 	* `is_forwarding` - A Boolean flag indicating whether or not the resolver endpoint is for forwarding. 
 	* `is_listening` - A Boolean flag indicating whether or not the resolver endpoint is for listening. 
-	* `listening_address` - An IP address to listen to queries on. For VNIC endpoints this IP address must be part of the subnet and will be assigned by the system if unspecified. 
-	* `name` - The name of the resolver endpoint. Must be unique within the resolver. 
+	* `listening_address` - An IP address to listen to queries on. For VNIC endpoints this IP address must be part of the subnet and will be assigned by the system if unspecified when isListening is true. 
+	* `name` - The name of the resolver endpoint. Must be unique, case-insensitive, within the resolver. 
 	* `self` - The canonical absolute URL of the resource.
 	* `state` - The current state of the resource.
 	* `subnet_id` - The OCID of a subnet. Must be part of the VCN that the resolver is attached to.
@@ -71,12 +71,12 @@ The following attributes are exported:
 * `id` - The OCID of the resolver.
 * `is_protected` - A Boolean flag indicating whether or not parts of the resource are unable to be explicitly managed. 
 * `rules` - Rules for the resolver. Rules are evaluated in order. 
-	* `action` - The action determines the behavior of the rule. If a query matches a supplied condition then the action will apply. If there are no conditions on the rule then all queries are subject to the specified action.
+	* `action` - The action determines the behavior of the rule. If a query matches a supplied condition, the action will apply. If there are no conditions on the rule, all queries are subject to the specified action.
 		* `FORWARD` - Matching requests will be forwarded from the source interface to the destination address. 
 	* `client_address_conditions` - A list of CIDR blocks. The query must come from a client within one of the blocks in order for the rule action to apply. 
 	* `destination_addresses` - IP addresses to which queries should be forwarded. Currently limited to a single address. 
 	* `qname_cover_conditions` - A list of domain names. The query must be covered by one of the domains in order for the rule action to apply. 
-	* `source_endpoint_name` - Name of an endpoint, that is a sub-resource of the resolver, to use as the forwarding interface. The endpoint must have isForwarding set to true. 
+	* `source_endpoint_name` - Case-insensitive name of an endpoint, that is a sub-resource of the resolver, to use as the forwarding interface. The endpoint must have isForwarding set to true. 
 * `self` - The canonical absolute URL of the resource.
 * `state` - The current state of the resource.
 * `time_created` - The date and time the resource was created in "YYYY-MM-ddThh:mm:ssZ" format with a Z offset, as defined by RFC 3339.

website/docs/d/dns_resolver_endpoint.html.markdown

@@ -10,8 +10,9 @@ description: |-
 # Data Source: oci_dns_resolver_endpoint
 This data source provides details about a specific Resolver Endpoint resource in Oracle Cloud Infrastructure DNS service.
 
-Get information about a specific resolver endpoint. Note that attempting to get a resolver endpoint
-in the DELETED lifecycle state will result in a 404 to be consistent with other operations of the API.
+Gets information about a specific resolver endpoint. Note that attempting to get a resolver endpoint
+in the DELETED lifecycle state will result in a `404` response to be consistent with other operations of the
+API. Requires a `PRIVATE` scope query parameter.
 
 
 ## Example Usage
@@ -45,9 +46,9 @@ The following attributes are exported:
 * `forwarding_address` - An IP address from which forwarded queries may be sent. For VNIC endpoints, this IP address must be part of the subnet and will be assigned by the system if unspecified when isForwarding is true. 
 * `is_forwarding` - A Boolean flag indicating whether or not the resolver endpoint is for forwarding. 
 * `is_listening` - A Boolean flag indicating whether or not the resolver endpoint is for listening. 
-* `listening_address` - An IP address to listen to queries on. For VNIC endpoints this IP address must be part of the subnet and will be assigned by the system if unspecified. 
-* `name` - The name of the resolver endpoint. Must be unique within the resolver. 
-* `nsg_ids` - An array of NSG OCIDs for the resolver endpoint. 
+* `listening_address` - An IP address to listen to queries on. For VNIC endpoints this IP address must be part of the subnet and will be assigned by the system if unspecified when isListening is true. 
+* `name` - The name of the resolver endpoint. Must be unique, case-insensitive, within the resolver. 
+* `nsg_ids` - An array of network security group OCIDs for the resolver endpoint. These must be part of the VCN that the resolver endpoint is a part of. 
 * `self` - The canonical absolute URL of the resource.
 * `state` - The current state of the resource.
 * `subnet_id` - The OCID of a subnet. Must be part of the VCN that the resolver is attached to.

website/docs/d/dns_resolver_endpoints.html.markdown

@@ -12,8 +12,8 @@ This data source provides the list of Resolver Endpoints in Oracle Cloud Infrast
 
 Gets a list of all endpoints within a resolver. The collection can be filtered by name or lifecycle state.
 It can be sorted on creation time or name both in ASC or DESC order. Note that when no lifecycleState
-query parameter is provided that the collection does not include resolver endpoints in the DELETED
-lifecycle state to be consistent with other operations of the API.
+query parameter is provided, the collection does not include resolver endpoints in the DELETED
+lifecycle state to be consistent with other operations of the API. Requires a `PRIVATE` scope query parameter.
 
 
 ## Example Usage
@@ -55,9 +55,9 @@ The following attributes are exported:
 * `forwarding_address` - An IP address from which forwarded queries may be sent. For VNIC endpoints, this IP address must be part of the subnet and will be assigned by the system if unspecified when isForwarding is true. 
 * `is_forwarding` - A Boolean flag indicating whether or not the resolver endpoint is for forwarding. 
 * `is_listening` - A Boolean flag indicating whether or not the resolver endpoint is for listening. 
-* `listening_address` - An IP address to listen to queries on. For VNIC endpoints this IP address must be part of the subnet and will be assigned by the system if unspecified. 
-* `name` - The name of the resolver endpoint. Must be unique within the resolver. 
-* `nsg_ids` - An array of NSG OCIDs for the resolver endpoint. 
+* `listening_address` - An IP address to listen to queries on. For VNIC endpoints this IP address must be part of the subnet and will be assigned by the system if unspecified when isListening is true. 
+* `name` - The name of the resolver endpoint. Must be unique, case-insensitive, within the resolver. 
+* `nsg_ids` - An array of network security group OCIDs for the resolver endpoint. These must be part of the VCN that the resolver endpoint is a part of. 
 * `self` - The canonical absolute URL of the resource.
 * `state` - The current state of the resource.
 * `subnet_id` - The OCID of a subnet. Must be part of the VCN that the resolver is attached to.

website/docs/d/dns_resolvers.html.markdown

@@ -13,9 +13,9 @@ This data source provides the list of Resolvers in Oracle Cloud Infrastructure D
 Gets a list of all resolvers within a compartment. The collection can
 be filtered by display name, id, or lifecycle state. It can be sorted
 on creation time or displayName both in ASC or DESC order. Note that
-when no lifecycleState query parameter is provided that the collection
+when no lifecycleState query parameter is provided, the collection
 does not include resolvers in the DELETED lifecycleState to be consistent
-with other operations of the API.
+with other operations of the API. Requires a `PRIVATE` scope query parameter.
 
 
 ## Example Usage