Added - Support for Integrate native Redis Service authentication with OCI IAM/Identity

Author: uma shanker oruganti

examples/redis/identity_token/main.tf

@@ -0,0 +1,119 @@
+// Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+
+variable "region" {
+  default = "us-ashburn-1"
+}
+
+variable "compartment_id" {
+  default  = "compartment.r47eayq"
+}
+ #OciCacheCluster vars
+
+variable "redis_cluster_freeform_tags" {
+  default = { "bar-key" = "value" }
+}
+
+variable "redis_cluster_node_count" {
+  default = 2
+}
+
+variable "redis_cluster_node_memory_in_gbs" {
+  default = 2.0
+}
+
+variable "redis_cluster_software_version" {
+  default = "VALKEY_7_2"
+}
+
+
+variable "redis_cluster_display_name" {
+  type = string
+  default = "test-tf-redis-cluster"
+}
+
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+
+variable "redis_cluster_create_identity_token_defined_tags_value" {
+  default = "definedTags"
+}
+
+
+variable "redis_cluster_create_identity_token_public_key" {
+  default = "ssh-rsa KKKLK3NzaC1yc2EAAAADAQABAAABAQC+UC9MFNA55NIVtKPIBCNw7++ACXhD0hx+Zyj25JfHykjz/QU3Q5FAU3DxDbVXyubgXfb/GJnrKRY8O4QDdvnZZRvQFFEOaApThAmCAM5MuFUIHdFvlqP+0W+ZQnmtDhwVe2NCfcmOrMuaPEgOKO3DOW6I/qOOdO691Xe2S9NgT9HhN0ZfFtEODVgvYulgXuCCXsJs+NUqcHAOxxFUmwkbPvYi0P0e2DT8JKeiOOC8VKUEgvVx+GKmqasm+Y6zHFW7vv3g2GstE1aRs3mttHRoC/JPM86PRyIxeWXEMzyG5wHqUu4XZpDbnWNxi6ugxnAGiL3CrIFdCgRNgHz5qS1l MustWin"
+}
+
+variable "redis_cluster_create_identity_token_redis_user" {
+  default = "OCI_REDIS_OWNER"
+}
+
+
+provider "oci" {
+  tenancy_ocid     = var.tenancy_ocid
+  user_ocid        = var.user_ocid
+  fingerprint      = var.fingerprint
+  private_key_path = var.private_key_path
+  region           = var.region
+}
+
+resource "oci_core_vcn" "test_vcn" {
+  cidr_block     = "10.0.0.0/16"
+  compartment_id = var.compartment_id
+}
+
+resource "oci_core_security_list" "test_security_list" {
+  compartment_id = var.compartment_id
+  vcn_id         = oci_core_vcn.test_vcn.id
+  display_name   = "redis-security-list"
+
+  // allow outbound udp traffic on a port range
+  egress_security_rules {
+    destination = "0.0.0.0/0"
+    protocol    = "17" // udp
+    stateless   = true
+  }
+
+  // allow inbound ssh traffic from a specific port
+  ingress_security_rules {
+    protocol  = "6" // tcp
+    source    = "0.0.0.0/0"
+    stateless = false
+  }
+}
+
+resource "oci_core_subnet" "test_subnet" {
+  cidr_block     = "10.0.0.0/24"
+  compartment_id = var.compartment_id
+  vcn_id         = oci_core_vcn.test_vcn.id
+  security_list_ids = [oci_core_security_list.test_security_list.id]
+}
+
+resource "oci_redis_redis_cluster" "test_redis_cluster" {
+  #Required
+  compartment_id     = var.compartment_id
+  display_name       = var.redis_cluster_display_name
+  node_count         = var.redis_cluster_node_count
+  node_memory_in_gbs = var.redis_cluster_node_memory_in_gbs
+  software_version   = var.redis_cluster_software_version
+  subnet_id          = oci_core_subnet.test_subnet.id
+
+  #Optional
+  //  defined_tags  = 
+}
+
+
+
+resource "oci_redis_redis_cluster_create_identity_token" "test_redis_cluster_create_identity_token" {
+  #Required
+  public_key       = var.redis_cluster_create_identity_token_public_key
+  redis_cluster_id = oci_redis_redis_cluster.test_redis_cluster.id
+  redis_user       = var.redis_cluster_create_identity_token_redis_user
+
+  #Optional
+}
+
+

internal/client/redis_clients.go

@@ -12,6 +12,7 @@ import (
 func init() {
 	RegisterOracleClient("oci_redis.OciCacheUserClient", &OracleClient{InitClientFn: initRedisOciCacheUserClient})
 	RegisterOracleClient("oci_redis.RedisClusterClient", &OracleClient{InitClientFn: initRedisRedisClusterClient})
+	RegisterOracleClient("oci_redis.RedisIdentityClient", &OracleClient{InitClientFn: initRedisRedisIdentityClient})
 }
 
 func initRedisOciCacheUserClient(configProvider oci_common.ConfigurationProvider, configureClient ConfigureClient, serviceClientOverrides ServiceClientOverrides) (interface{}, error) {
@@ -53,3 +54,23 @@ func initRedisRedisClusterClient(configProvider oci_common.ConfigurationProvider
 func (m *OracleClients) RedisClusterClient() *oci_redis.RedisClusterClient {
 	return m.GetClient("oci_redis.RedisClusterClient").(*oci_redis.RedisClusterClient)
 }
+
+func initRedisRedisIdentityClient(configProvider oci_common.ConfigurationProvider, configureClient ConfigureClient, serviceClientOverrides ServiceClientOverrides) (interface{}, error) {
+	client, err := oci_redis.NewRedisIdentityClientWithConfigurationProvider(configProvider)
+	if err != nil {
+		return nil, err
+	}
+	err = configureClient(&client.BaseClient)
+	if err != nil {
+		return nil, err
+	}
+
+	if serviceClientOverrides.HostUrlOverride != "" {
+		client.Host = serviceClientOverrides.HostUrlOverride
+	}
+	return &client, nil
+}
+
+func (m *OracleClients) RedisIdentityClient() *oci_redis.RedisIdentityClient {
+	return m.GetClient("oci_redis.RedisIdentityClient").(*oci_redis.RedisIdentityClient)
+}

internal/integrationtest/redis_redis_cluster_create_identity_token_test.go

@@ -0,0 +1,70 @@
+// Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package integrationtest
+
+import (
+	"fmt"
+	"log"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+
+	"github.com/oracle/terraform-provider-oci/httpreplay"
+	"github.com/oracle/terraform-provider-oci/internal/acctest"
+
+	"github.com/oracle/terraform-provider-oci/internal/utils"
+)
+
+var (
+	RedisRedisClusterCreateIdentityTokenRequiredOnlyResource = RedisRedisClusterCreateIdentityTokenResourceDependencies +
+		acctest.GenerateResourceFromRepresentationMap("oci_redis_redis_cluster_create_identity_token", "test_redis_cluster_create_identity_token", acctest.Required, acctest.Create, RedisRedisClusterCreateIdentityTokenRepresentation)
+
+	RedisRedisClusterCreateIdentityTokenRepresentation = map[string]interface{}{
+		"public_key":       acctest.Representation{RepType: acctest.Required, Create: `LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFycHJDUWl5RVpwWFlaY044c0RGSAp4QVlYZ0hXRFd1NTF2ejBFWDg5dzMzaDgwNllQbUVBcFFjYzRETjJFbGNvcWJ0K1djb3lZWGdMemVmWGswcnVICjI1TDR4alZPQXJWQ2FwbVRubXBUVFY4RW9zYVorUjdBbmFkZC9LYjVHa21NV2ZZbmwvT05hT3RPQ1ZBMVZzOWsKTXZoZTFJZEJZNWM2bTlHYWxEanlaL2hOamlONVZyRkh1K0puajhodzNOSk9XSEtMNW9JT3NIU3A4MFozWmZHRApvUDFHREs3SVpXNUJ5bEhXSzhPU1pzYjJ6cDQ5d3JGVjZEWVJlR1F1RHFPbzhpR0lXUzJFQk9MU2xvMk9OU3RJCktySUJ3eTN5aElXK2hPVXVheWorRnc5OEpmdjVhYnpNK2hPa3BXUktqeWhsUGY0b05FK2J2bm9xT1NFdTIwUnoKR1FJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg`},
+		"redis_cluster_id": acctest.Representation{RepType: acctest.Required, Create: `rediscluster.luiw7q`},
+		"redis_user":       acctest.Representation{RepType: acctest.Required, Create: `OCI_REDIS_OWNER`},
+		"defined_tags":     acctest.Representation{RepType: acctest.Optional, Create: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "value")}`, Update: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "updatedValue")}`},
+		"freeform_tags":    acctest.Representation{RepType: acctest.Optional, Create: map[string]string{"freeformTags": "freeformTags"}, Update: map[string]string{"freeformTags2": "freeformTags2"}},
+	}
+
+	RedisRedisClusterCreateIdentityTokenResourceDependencies = ""
+
+	// RedisRedisClusterCreateIdentityTokenResourceDependencies = acctest.GenerateResourceFromRepresentationMap("oci_core_subnet", "test_subnet", acctest.Required, acctest.Create, CoreSubnetRepresentation) +
+	//
+	//	acctest.GenerateResourceFromRepresentationMap("oci_core_vcn", "test_vcn", acctest.Required, acctest.Create, CoreVcnRepresentation) +
+	//	DefinedTagsDependencies +
+	//	acctest.GenerateResourceFromRepresentationMap("oci_redis_redis_cluster", "test_redis_cluster", acctest.Required, acctest.Create, RedisRedisClusterRepresentation)
+)
+
+// issue-routing-tag: redis/default
+func TestRedisRedisClusterCreateIdentityTokenResource_basic(t *testing.T) {
+	httpreplay.SetScenario("TestRedisRedisClusterCreateIdentityTokenResource_basic")
+	defer httpreplay.SaveScenario()
+
+	config := acctest.ProviderTestConfig()
+
+	compartmentId := utils.GetEnvSettingWithBlankDefault("compartment_ocid")
+	compartmentIdVariableStr := fmt.Sprintf("variable \"compartment_id\" { default = \"%s\" }\n", compartmentId)
+
+	resourceName := "oci_redis_redis_cluster_create_identity_token.test_redis_cluster_create_identity_token"
+
+	// var resId string
+	// Save TF content to Create resource with optional properties. This has to be exactly the same as the config part in the "create with optionals" step in the test.
+	acctest.SaveConfigContent(config+compartmentIdVariableStr+RedisRedisClusterCreateIdentityTokenResourceDependencies+
+		acctest.GenerateResourceFromRepresentationMap("oci_redis_redis_cluster_create_identity_token", "test_redis_cluster_create_identity_token", acctest.Optional, acctest.Create, RedisRedisClusterCreateIdentityTokenRepresentation), "redis", "redisClusterCreateIdentityToken", t)
+	log.Printf("[DEBUG] *** 0010 RedisRedisClusterCreateIdentityTokenRepresentation ***: %v", RedisRedisClusterCreateIdentityTokenRepresentation)
+
+	acctest.ResourceTest(t, nil, []resource.TestStep{
+		// verify Create
+		{
+			Config: config + compartmentIdVariableStr + RedisRedisClusterCreateIdentityTokenResourceDependencies +
+				acctest.GenerateResourceFromRepresentationMap("oci_redis_redis_cluster_create_identity_token", "test_redis_cluster_create_identity_token", acctest.Required, acctest.Create, RedisRedisClusterCreateIdentityTokenRepresentation),
+			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttr(resourceName, "public_key", "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFycHJDUWl5RVpwWFlaY044c0RGSAp4QVlYZ0hXRFd1NTF2ejBFWDg5dzMzaDgwNllQbUVBcFFjYzRETjJFbGNvcWJ0K1djb3lZWGdMemVmWGswcnVICjI1TDR4alZPQXJWQ2FwbVRubXBUVFY4RW9zYVorUjdBbmFkZC9LYjVHa21NV2ZZbmwvT05hT3RPQ1ZBMVZzOWsKTXZoZTFJZEJZNWM2bTlHYWxEanlaL2hOamlONVZyRkh1K0puajhodzNOSk9XSEtMNW9JT3NIU3A4MFozWmZHRApvUDFHREs3SVpXNUJ5bEhXSzhPU1pzYjJ6cDQ5d3JGVjZEWVJlR1F1RHFPbzhpR0lXUzJFQk9MU2xvMk9OU3RJCktySUJ3eTN5aElXK2hPVXVheWorRnc5OEpmdjVhYnpNK2hPa3BXUktqeWhsUGY0b05FK2J2bm9xT1NFdTIwUnoKR1FJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg"),
+				resource.TestCheckResourceAttrSet(resourceName, "redis_cluster_id"),
+				resource.TestCheckResourceAttr(resourceName, "redis_user", "OCI_REDIS_OWNER"),
+			),
+		},
+	})
+}

internal/service/redis/redis_redis_cluster_create_identity_token_resource.go

@@ -0,0 +1,146 @@
+// Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package redis
+
+import (
+	"context"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	oci_redis "github.com/oracle/oci-go-sdk/v65/redis"
+
+	"github.com/oracle/terraform-provider-oci/internal/client"
+	"github.com/oracle/terraform-provider-oci/internal/tfresource"
+)
+
+func RedisRedisClusterCreateIdentityTokenResource() *schema.Resource {
+	return &schema.Resource{
+		Timeouts: tfresource.DefaultTimeout,
+		Create:   createRedisRedisClusterCreateIdentityToken,
+		Read:     readRedisRedisClusterCreateIdentityToken,
+		Delete:   deleteRedisRedisClusterCreateIdentityToken,
+		Schema: map[string]*schema.Schema{
+			// Required
+			"public_key": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"redis_cluster_id": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"redis_user": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			// Optional
+			"defined_tags": {
+				Type:             schema.TypeMap,
+				Optional:         true,
+				ForceNew:         true,
+				DiffSuppressFunc: tfresource.DefinedTagsDiffSuppressFunction,
+				Elem:             schema.TypeString,
+			},
+			"freeform_tags": {
+				Type:     schema.TypeMap,
+				Optional: true,
+				ForceNew: true,
+				Elem:     schema.TypeString,
+			},
+
+			// Computed
+			"identity_token": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func createRedisRedisClusterCreateIdentityToken(d *schema.ResourceData, m interface{}) error {
+	sync := &RedisRedisClusterCreateIdentityTokenResourceCrud{}
+	sync.D = d
+	sync.Client = m.(*client.OracleClients).RedisIdentityClient()
+
+	return tfresource.CreateResource(d, sync)
+}
+
+func readRedisRedisClusterCreateIdentityToken(d *schema.ResourceData, m interface{}) error {
+	return nil
+}
+
+func deleteRedisRedisClusterCreateIdentityToken(d *schema.ResourceData, m interface{}) error {
+	return nil
+}
+
+type RedisRedisClusterCreateIdentityTokenResourceCrud struct {
+	tfresource.BaseCrud
+	Client                 *oci_redis.RedisIdentityClient
+	Res                    *oci_redis.IdentityTokenDetailsResponse
+	DisableNotFoundRetries bool
+}
+
+func (s *RedisRedisClusterCreateIdentityTokenResourceCrud) ID() string {
+	return tfresource.GenerateDataSourceHashID("RedisRedisClusterCreateIdentityTokenResource-", RedisRedisClusterCreateIdentityTokenResource(), s.D)
+}
+
+func (s *RedisRedisClusterCreateIdentityTokenResourceCrud) Create() error {
+	request := oci_redis.CreateIdentityTokenRequest{}
+
+	if definedTags, ok := s.D.GetOkExists("defined_tags"); ok {
+		convertedDefinedTags, err := tfresource.MapToDefinedTags(definedTags.(map[string]interface{}))
+		if err != nil {
+			return err
+		}
+		request.DefinedTags = convertedDefinedTags
+	}
+
+	if freeformTags, ok := s.D.GetOkExists("freeform_tags"); ok {
+		request.FreeformTags = tfresource.ObjectMapToStringMap(freeformTags.(map[string]interface{}))
+	}
+
+	if publicKey, ok := s.D.GetOkExists("public_key"); ok {
+		tmp := publicKey.(string)
+		request.PublicKey = &tmp
+	}
+
+	if redisClusterId, ok := s.D.GetOkExists("redis_cluster_id"); ok {
+		tmp := redisClusterId.(string)
+		request.RedisClusterId = &tmp
+	}
+
+	if redisUser, ok := s.D.GetOkExists("redis_user"); ok {
+		tmp := redisUser.(string)
+		request.RedisUser = &tmp
+	}
+
+	request.RequestMetadata.RetryPolicy = tfresource.GetRetryPolicy(s.DisableNotFoundRetries, "redis")
+	log.Printf("[DEBUG] *** 00100 request ***: %v", request)
+
+	response, err := s.Client.CreateIdentityToken(context.Background(), request)
+	if err != nil {
+		return err
+	}
+
+	s.Res = &response.IdentityTokenDetailsResponse
+	return nil
+}
+
+func (s *RedisRedisClusterCreateIdentityTokenResourceCrud) SetData() error {
+	if s.Res.IdentityToken != nil {
+		s.D.Set("identity_token", *s.Res.IdentityToken)
+	}
+
+	if s.Res.RedisUser != nil {
+		s.D.Set("redis_user", *s.Res.RedisUser)
+	}
+
+	s.D.SetId(s.ID())
+	return nil
+}

internal/service/redis/register_resource.go

@@ -12,4 +12,5 @@ func RegisterResource() {
 	tfresource.RegisterResource("oci_redis_redis_cluster_attach_oci_cache_user", RedisRedisClusterAttachOciCacheUserResource())
 	tfresource.RegisterResource("oci_redis_redis_cluster_detach_oci_cache_user", RedisRedisClusterDetachOciCacheUserResource())
 	tfresource.RegisterResource("oci_redis_redis_cluster_get_oci_cache_user", RedisRedisClusterGetOciCacheUserResource())
+	tfresource.RegisterResource("oci_redis_redis_cluster_create_identity_token", RedisRedisClusterCreateIdentityTokenResource())
 }