Added - Support for Ekm-Xrr

Author: Akshay Mall

examples/kms/ekm/externalVaultReplication/ReplicaExternalVaultMetadata.tf

@@ -0,0 +1,28 @@
+variable "secondary_idcs_account_name_url" {
+  default = "secondary_idcs_account_name_url"
+}
+
+variable "secondary_private_endpoint_id" {
+  default = "secondary_private_endpoint_id"
+}
+
+variable "replica_region" {
+  default = "us-dcc-phoenix-4"
+}
+
+variable vault_id {
+  default  = "vault_id"
+}
+
+variable virtual_vault_id {
+  default = "virtual_vault_id"
+}
+
+variable "vault_type" {
+  default = "EXTERNAL"
+}
+
+resource "oci_kms_vault_replication" "test_replication" {
+  replica_region = var.replica_region
+  vault_id = var.virtual_vault_id
+}

examples/kms/ekm/externalVaultReplication/variable.tf

@@ -0,0 +1,33 @@
+variable "tenancy_ocid" {
+}
+
+variable "user_ocid" {
+}
+
+variable "fingerprint" {
+}
+
+variable "private_key_path" {
+}
+
+variable "region" {
+}
+
+variable "compartment_ocid" {
+}
+
+variable "ext_vault" {
+}
+
+variable "ext_key_version_id" {
+}
+
+
+provider "oci" {
+  version          = "6.27.0"
+  tenancy_ocid     = var.tenancy_ocid
+  user_ocid        = var.user_ocid
+  fingerprint      = var.fingerprint
+  private_key_path = var.private_key_path
+  region           = var.region
+}

internal/integrationtest/kms_vault_replication_test.go

@@ -17,9 +17,53 @@ var (
 		"vault_id":       acctest.Representation{RepType: acctest.Required, Create: `${data.oci_kms_vault.test_vault.id}`},
 	}
 
+	ekmVaultReplicaMetadataRepresentation = map[string]interface{}{
+		"vault_type":            acctest.Representation{RepType: acctest.Required, Create: `EXTERNAL`},
+		"private_endpoint_id":   acctest.Representation{RepType: acctest.Required, Create: utils.GetEnvSettingWithBlankDefault("secondary_private_endpoint_id")},
+		"idcs_account_name_url": acctest.Representation{RepType: acctest.Required, Create: utils.GetEnvSettingWithBlankDefault("secondary_idcs_account_name_url")},
+	}
+
+	ekmVaultReplicaRepresentation = map[string]interface{}{
+		"replica_region":         acctest.Representation{RepType: acctest.Required, Create: `us-dcc-phoenix-2`},
+		"vault_id":               acctest.Representation{RepType: acctest.Required, Create: utils.GetEnvSettingWithBlankDefault("kms_external_vault_ocid")},
+		"replica_vault_metadata": acctest.RepresentationGroup{RepType: acctest.Required, Group: ekmVaultReplicaMetadataRepresentation},
+	}
+
 	KmsVaultReplicationResourceDependencies = KmsKeyResourceDependencies
+
+	KmsExternalVaultReplicationResourceDependencies = KmsExternalKeyResourceDependencies
 )
 
+func TestEkmVaultReplicationResource_basic(t *testing.T) {
+	httpreplay.SetScenario("TestKmsVaultReplicationResource_basic")
+	defer httpreplay.SaveScenario()
+
+	config := acctest.ProviderTestConfig()
+
+	compartmentId := utils.GetEnvSettingWithBlankDefault("compartment_ocid")
+	compartmentIdVariableStr := fmt.Sprintf("variable \"compartment_id\" { default = \"%s\" }\n", compartmentId)
+
+	//resourceName := "oci_kms_vault_replication.test_replica"
+
+	// Save TF content to Create resource with only required properties. This has to be exactly the same as the config part in the Create step in the test.
+	acctest.SaveConfigContent(config+compartmentIdVariableStr+KmsExternalVaultReplicationResourceDependencies+
+		acctest.GenerateResourceFromRepresentationMap("oci_kms_vault_replication", "test_replica", acctest.Required, acctest.Create, ekmVaultReplicaRepresentation), "keymanagement", "vaultReplica", t)
+
+	fmt.Println(acctest.GenerateResourceFromRepresentationMap("oci_kms_vault_replication", "test_replica", acctest.Required, acctest.Create, ekmVaultReplicaRepresentation))
+
+	/*acctest.ResourceTest(t, nil, []resource.TestStep{
+		// verify Create
+		{
+			Config: config + compartmentIdVariableStr + KmsExternalVaultReplicationResourceDependencies +
+				acctest.GenerateResourceFromRepresentationMap("oci_kms_vault_replication", "test_replica", acctest.Required, acctest.Create, ekmVaultReplicaRepresentation),
+			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttr(resourceName, "replica_region", "us-dcc-phoenix-2"),
+				resource.TestCheckResourceAttrSet(resourceName, "vault_id"),
+			),
+		},
+	})*/
+}
+
 // issue-routing-tag: kms/default
 func TestKmsVaultReplicationResource_basic(t *testing.T) {
 	t.Skip("Skip this test because virtual private vault is needed")

internal/service/kms/kms_vault_replication_resource.go

@@ -2,6 +2,7 @@ package kms
 
 import (
 	"context"
+	"fmt"
 	"strings"
 
 	"github.com/oracle/terraform-provider-oci/internal/client"
@@ -32,8 +33,38 @@ func KmsVaultReplicationResource() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 			},
-
-			// Optional
+			"replica_vault_metadata": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+				MaxItems: 1,
+				MinItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						// Required
+						"idcs_account_name_url": {
+							Type:     schema.TypeString,
+							Required: true,
+							ForceNew: true,
+						},
+						"vault_type": {
+							Type:     schema.TypeString,
+							Required: true,
+							ForceNew: true,
+						},
+						"private_endpoint_id": {
+							Type:     schema.TypeString,
+							Required: true,
+							ForceNew: true,
+						},
+
+						// Optional
+
+						// Computed
+					},
+				},
+			},
 
 			// Computed
 		},
@@ -172,6 +203,17 @@ func (s *KmsVaultReplicaResourceCrud) createVaultReplicaHelper(vaultId string, r
 		request.ReplicaRegion = &replicaRegion
 	}
 
+	if replicaVaultMetadata, ok := s.D.GetOkExists("replica_vault_metadata"); ok {
+		if tmpList := replicaVaultMetadata.([]interface{}); len(tmpList) > 0 {
+			fieldKeyFormat := fmt.Sprintf("%s.%d.%%s", "replica_vault_metadata", 0)
+			tmp, err := s.mapToReplicaVaultMetadata(fieldKeyFormat)
+			if err != nil {
+				return err
+			}
+			request.ReplicaVaultMetadata = &tmp
+		}
+	}
+
 	request.RequestMetadata.RetryPolicy = tfresource.GetRetryPolicy(s.DisableNotFoundRetries, "kms")
 
 	_, err := s.Client.CreateVaultReplica(context.Background(), request)
@@ -242,3 +284,19 @@ func (s *KmsVaultReplicaResourceCrud) DeletedTarget() []string {
 		string(oci_kms.VaultReplicaSummaryStatusDeleted),
 	}
 }
+
+func (s *KmsVaultReplicaResourceCrud) mapToReplicaVaultMetadata(fieldKeyFormat string) (oci_kms.ReplicaExternalVaultMetadata, error) {
+	result := oci_kms.ReplicaExternalVaultMetadata{}
+
+	if privateEndpointId, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "private_endpoint_id")); ok {
+		tmp := privateEndpointId.(string)
+		result.PrivateEndpointId = &tmp
+	}
+
+	if idcsAccountNameUrl, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "idcs_account_name_url")); ok {
+		tmp := idcsAccountNameUrl.(string)
+		result.IdcsAccountNameUrl = &tmp
+	}
+
+	return result, nil
+}