Releasing version 4.21.0

Releasing version 4.21.0

Author: jotruon

CHANGELOG.md

@@ -1,3 +1,19 @@
+## 4.21.0 (Unreleased)
+
+### Added
+- Support for Container Image Signing
+- Support for Scheduled Compute Instance Suspension
+- Support for KMS Cross Region Replication
+- Support for Casper - Enhancing PARs
+- Support for ExaCC | Software Images
+- Support for Cross-region asynchronous volume replication
+- Support for Compute DVH E3 shape added
+- Support for Container Engine Image Signing and Deploy Authorization
+- Support for `routing_policy` added to `virtual_circuit` resource
+
+### Notes
+- The OCI Terraform provider no longer automatically retries operations after receiving an HTTP 404 error. If your Terraform configurations expect automatic retries in this scenario, you should update them accordingly.
+
 ## 4.20.0 (March 31, 2021)
 
 ### Added

examples/artifacts/ContainerImageSignature/artifacts_container_image_signature_message_json.tmpl

@@ -0,0 +1 @@
+{"description":"${description}","imageDigest":"${digest}","kmsKeyId":"${kms_key_id}","kmsKeyVersionId":"${kms_key_version_id}","metadata":"${metadata}","region":"${region}","repositoryName":"${repository_name}","signingAlgorithm":"${signing_algorithm}"}

examples/artifacts/ContainerImageSignature/container_image_signature.tf

@@ -0,0 +1,93 @@
+// Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "region" {}
+variable "compartment_ocid" {}
+
+provider "oci" {
+  tenancy_ocid     = var.tenancy_ocid
+  user_ocid        = var.user_ocid
+  fingerprint      = var.fingerprint
+  private_key_path = var.private_key_path
+  region           = var.region
+}
+
+variable "container_image_signature_compartment_id_in_subtree" {}
+
+// specify the container image to upload to
+variable "container_image_id" {}
+
+// specify the management endpoint for the key
+variable "crypto_endpoint" {}
+
+// specify the kms key to sign the message
+variable "kms_rsa_key_id" {}
+
+// specify the kms key version to sign the message
+variable "kms_rsa_key_version_id" {}
+
+// the algorithm to sign with the key
+variable "kms_signing_algorithm" {}
+
+// user inputted description to include in the signature
+variable "description" {}
+
+// user defined a json string to include in the signature (eg. use escape character for the key/value string)
+// ex. "{\\\"buildNumber\\\":\\\"123\\\"}"
+variable "metadata" {}
+
+data "oci_artifacts_container_image" "test_container_image" {
+  image_id = var.container_image_id
+}
+
+output "oci_test_container_image" {
+  value = data.oci_artifacts_container_image.test_container_image.repository_name
+}
+
+locals {
+  message = templatefile("./artifacts_container_image_signature_message_json.tmpl", {
+    "description" = var.description
+    "digest" = data.oci_artifacts_container_image.test_container_image.digest
+    "kms_key_id" = var.kms_rsa_key_id
+    "kms_key_version_id" = var.kms_rsa_key_version_id
+    "metadata" = var.metadata
+    "region" = var.region
+    "repository_name" = data.oci_artifacts_container_image.test_container_image.repository_name
+    "signing_algorithm" = var.kms_signing_algorithm
+  })
+}
+
+resource "oci_kms_sign" "test_sign" {
+  crypto_endpoint      = var.crypto_endpoint
+  key_id               = var.kms_rsa_key_id
+  message              = base64encode(local.message)
+  signing_algorithm    = var.kms_signing_algorithm
+
+  key_version_id = var.kms_rsa_key_version_id
+  message_type = "RAW"
+}
+
+resource "oci_artifacts_container_image_signature" "test_container_image_signature" {
+  #Required
+  compartment_id = var.compartment_ocid
+  image_id = var.container_image_id
+  kms_key_id = var.kms_rsa_key_id
+  kms_key_version_id = var.kms_rsa_key_version_id
+  message = base64encode(local.message)
+  signature = oci_kms_sign.test_sign.signature
+  signing_algorithm = var.kms_signing_algorithm
+}
+
+data "oci_artifacts_container_image_signatures" "test_container_image_signatures" {
+  #Required
+  compartment_id = var.compartment_ocid
+
+  #Optional
+  compartment_id_in_subtree = var.container_image_signature_compartment_id_in_subtree
+  image_id = var.container_image_id
+  kms_key_id = var.kms_rsa_key_id
+}

examples/autoscaling/compute.tf

@@ -82,6 +82,19 @@ resource "oci_core_instance_pool" "TFInstancePoolForScheduledPolicy" {
   }
 }
 
+resource "oci_core_instance_pool" "TFInstancePoolForScheduledPolicyResourceAction" {
+  compartment_id            = var.compartment_ocid
+  instance_configuration_id = oci_core_instance_configuration.TFInstanceConfiguration.id
+  size                      = 1
+  state                     = "RUNNING"
+  display_name              = "TFInstancePoolResourceAction"
+
+  placement_configurations {
+    availability_domain = data.oci_identity_availability_domain.AD.name
+    primary_subnet_id   = oci_core_subnet.ExampleSubnet.id
+  }
+}
+
 resource "oci_autoscaling_auto_scaling_configuration" "TFAutoScalingConfiguration" {
   compartment_id       = var.compartment_ocid
   cool_down_in_seconds = "300"
@@ -90,7 +103,7 @@ resource "oci_autoscaling_auto_scaling_configuration" "TFAutoScalingConfiguratio
 
   policies {
     capacity {
-      initial = "4"
+      initial = "2"
       max     = "4"
       min     = "2"
     }
@@ -111,7 +124,7 @@ resource "oci_autoscaling_auto_scaling_configuration" "TFAutoScalingConfiguratio
 
         threshold {
           operator = "GT"
-          value    = "1"
+          value    = "90"
         }
       }
     }
@@ -170,3 +183,29 @@ resource "oci_autoscaling_auto_scaling_configuration" "TFAutoScalingConfiguratio
   }
 }
 
+resource "oci_autoscaling_auto_scaling_configuration" "TFAutoScalingConfigurationScheduledPolicyResourceAction" {
+  compartment_id       = var.compartment_ocid
+  cool_down_in_seconds = "300"
+  display_name         = "TFAutoScalingConfigurationScheduledPolicyResourceAction"
+  is_enabled           = "true"
+
+  policies {
+    resource_action {
+      action = "STOP"
+      action_type = "power"
+    }
+    display_name = "TFScheduledPolicyResourceAction"
+    policy_type  = "scheduled"
+
+    execution_schedule {
+      expression = "0 15 10 ? * *"
+      timezone   = "UTC"
+      type       = "cron"
+    }
+  }
+
+  auto_scaling_resources {
+    id   = oci_core_instance_pool.TFInstancePoolForScheduledPolicyResourceAction.id
+    type = "instancePool"
+  }
+}

examples/autoscaling/datasources.tf

@@ -49,6 +49,10 @@ data "oci_autoscaling_auto_scaling_configuration" "TFAutoScalingConfigurationSch
   auto_scaling_configuration_id = oci_autoscaling_auto_scaling_configuration.TFAutoScalingConfigurationScheduledPolicy.id
 }
 
+data "oci_autoscaling_auto_scaling_configuration" "TFAutoScalingConfigurationScheduledPolicyResourceActionDatasource" {
+  auto_scaling_configuration_id = oci_autoscaling_auto_scaling_configuration.TFAutoScalingConfigurationScheduledPolicyResourceAction.id
+}
+
 data "oci_autoscaling_auto_scaling_configurations" "TFAutoScalingConfigurationDatasources" {
   compartment_id = var.compartment_ocid
   display_name   = "TFAutoScalingConfiguration"

examples/container_engine/main.tf

@@ -25,6 +25,10 @@ variable "node_pool_ssh_public_key" {
 
 }
 
+variable "kms_vault_id" {
+
+}
+
 provider "oci" {
   region           = var.region
   tenancy_ocid     = var.tenancy_ocid
@@ -43,6 +47,23 @@ data "oci_identity_availability_domain" "ad2" {
   ad_number      = 2
 }
 
+data "oci_kms_vault" "test_vault" {
+  #Required
+  vault_id = var.kms_vault_id
+}
+
+data "oci_kms_keys" "test_keys_dependency_RSA" {
+  #Required
+  compartment_id = var.tenancy_ocid
+  management_endpoint = data.oci_kms_vault.test_vault.management_endpoint
+  algorithm = "RSA"
+
+  filter {
+    name = "state"
+    values = ["ENABLED", "UPDATING"]
+  }
+}
+
 resource "oci_core_vcn" "test_vcn" {
   cidr_block     = "10.0.0.0/16"
   compartment_id = var.compartment_ocid
@@ -126,6 +147,14 @@ resource "oci_containerengine_cluster" "test_cluster" {
   name               = "tfTestCluster"
   vcn_id             = oci_core_vcn.test_vcn.id
 
+  #Optional
+  image_policy_config {
+    is_policy_enabled = "true"
+    key_details {
+      kms_key_id = data.oci_kms_keys.test_keys_dependency_RSA.keys[0].id
+    }
+  }
+
   #Optional
   options {
     service_lb_subnet_ids = [oci_core_subnet.clusterSubnet_1.id, oci_core_subnet.clusterSubnet_2.id]

examples/kms/data_sources.tf

@@ -43,6 +43,21 @@ data "oci_core_volumes" "test_volumes" {
   }
 }
 
+// Get replication status of a vault.
+// Currently only support virtual private vault.
+/*data "oci_kms_replication_status" "test_replication_status" {
+  # Required
+  management_endpoint = data.oci_kms_vault.test_vault.management_endpoint
+  replication_id = data.oci_kms_vault.test_vault.replica_details[0].replication_id
+}*/
+
+// List replicas of a vault.
+// Currently only support virtual private vault.
+/*data "oci_kms_vault_replicas" "test_vault_replicas" {
+  # Required
+  vault_id = data.oci_kms_vault.test_vault.id
+}*/
+
 //bucket object details where key was backed up
 /*data "oci_objectstorage_object" "key_backup_object" {
   #Required

examples/kms/variables.tf

@@ -16,12 +16,18 @@ variable "private_key_path" {
 variable "region" {
 }
 
+variable "destination_region" {
+}
+
 variable "compartment_id" {
 }
 
 variable "vault_id" {
 }
 
+variable "key_id" {
+}
+
 variable "key_display_name" {
   default = "Key C"
 }

examples/kms/vault.tf

@@ -33,3 +33,12 @@ resource "oci_kms_vault" "private-vault-kms" {
   //restore_trigger = var.vault_restore_trigger
 }
 
+// Use oci_kms_vault_replication to create, update and delete a replica of a vault.
+// Currently only support virtual private vault.
+
+/*resource "oci_kms_vault_replication" "test_replica" {
+  # Required
+  vault_id = data.oci_kms_vault.test_vault.id
+  replica_region = var.destination_region
+}*/
+

examples/object_storage/preauthrequest.tf

@@ -9,7 +9,7 @@ resource "oci_objectstorage_preauthrequest" "bucket_par" {
   namespace    = data.oci_objectstorage_namespace.ns.namespace
   bucket       = oci_objectstorage_bucket.bucket1.name
   name         = "parOnBucket"
-  access_type  = "AnyObjectWrite" //Other configurations accepted are ObjectWrite, ObjectReadWrite
+  access_type  = "AnyObjectWrite" //Other configurations accepted are ObjectWrite, ObjectRead, ObjectReadWrite, AnyObjectRead, AnyObjectReadWrite,
   time_expires = "2021-12-10T23:00:00Z"
 }
 
@@ -18,7 +18,7 @@ resource "oci_objectstorage_preauthrequest" "object_par" {
   bucket       = oci_objectstorage_bucket.bucket1.name
   object       = oci_objectstorage_object.object1.object
   name         = "objectPar"
-  access_type  = "ObjectRead" // ObjectRead, ObjectWrite, ObjectReadWrite, AnyObjectWrite
+  access_type  = "ObjectRead"
   time_expires = "2021-12-29T23:00:00Z"
 }