Added - Support for Configure backend NSG at OKE cluster level

Author: AkarshES

internal/integrationtest/containerengine_cluster_test.go

@@ -129,8 +129,9 @@ var (
 "freeform_tags": acctest.Representation{RepType: acctest.Optional, Create: map[string]string{"Department": "Finance"}, Update: map[string]string{"Department": "Accounting"}},
 }
 ContainerengineClusterOptionsServiceLbConfigRepresentation = map[string]interface{}{
-"defined_tags": acctest.Representation{RepType: acctest.Optional, Create: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "value")}`, Update: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "updatedValue")}`},
-"freeform_tags": acctest.Representation{RepType: acctest.Optional, Create: map[string]string{"Department": "Finance"}, Update: map[string]string{"Department": "Accounting"}},
+"backend_nsg_ids": acctest.Representation{RepType: acctest.Optional, Create: []string{`backendNsgIds`}, Update: []string{`backendNsgIds2`}},
+"defined_tags": acctest.Representation{RepType: acctest.Optional, Create: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "value")}`, Update: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "updatedValue")}`},
+"freeform_tags": acctest.Representation{RepType: acctest.Optional, Create: map[string]string{"Department": "Finance"}, Update: map[string]string{"Department": "Accounting"}},
 }
 ContainerengineClusterOptionsOpenIdConnectTokenAuthenticationConfigRequiredClaimsRepresentation = map[string]interface{}{
 "key": acctest.Representation{RepType: acctest.Optional, Create: `key`, Update: `key2`},
@@ -237,6 +238,7 @@ func TestContainerengineClusterResource_basic(t *testing.T) {
 resource.TestCheckResourceAttr(resourceName, "options.0.persistent_volume_config.#", "1"),
 resource.TestCheckResourceAttr(resourceName, "options.0.persistent_volume_config.0.freeform_tags.%", "1"),
 resource.TestCheckResourceAttr(resourceName, "options.0.service_lb_config.#", "1"),
+resource.TestCheckResourceAttr(resourceName, "options.0.service_lb_config.0.backend_nsg_ids.#", "1"),
 resource.TestCheckResourceAttr(resourceName, "options.0.service_lb_config.0.freeform_tags.%", "1"),
 resource.TestCheckResourceAttr(resourceName, "options.0.service_lb_subnet_ids.#", "2"),
 resource.TestCheckResourceAttr(resourceName, "type", "ENHANCED_CLUSTER"),
@@ -304,6 +306,7 @@ func TestContainerengineClusterResource_basic(t *testing.T) {
 resource.TestCheckResourceAttr(resourceName, "options.0.persistent_volume_config.#", "1"),
 resource.TestCheckResourceAttr(resourceName, "options.0.persistent_volume_config.0.freeform_tags.%", "1"),
 resource.TestCheckResourceAttr(resourceName, "options.0.service_lb_config.#", "1"),
+resource.TestCheckResourceAttr(resourceName, "options.0.service_lb_config.0.backend_nsg_ids.#", "1"),
 resource.TestCheckResourceAttr(resourceName, "options.0.service_lb_config.0.freeform_tags.%", "1"),
 resource.TestCheckResourceAttr(resourceName, "options.0.service_lb_subnet_ids.#", "2"),
 resource.TestCheckResourceAttr(resourceName, "type", "ENHANCED_CLUSTER"),
@@ -373,6 +376,7 @@ func TestContainerengineClusterResource_basic(t *testing.T) {
 resource.TestCheckResourceAttr(datasourceName, "clusters.0.options.0.persistent_volume_config.#", "1"),
 resource.TestCheckResourceAttr(datasourceName, "clusters.0.options.0.persistent_volume_config.0.freeform_tags.%", "1"),
 resource.TestCheckResourceAttr(datasourceName, "clusters.0.options.0.service_lb_config.#", "1"),
+resource.TestCheckResourceAttr(datasourceName, "clusters.0.options.0.service_lb_config.0.backend_nsg_ids.#", "1"),
 resource.TestCheckResourceAttr(datasourceName, "clusters.0.options.0.service_lb_config.0.freeform_tags.%", "1"),
 resource.TestCheckResourceAttr(datasourceName, "clusters.0.options.0.service_lb_subnet_ids.#", "2"),
 resource.TestCheckResourceAttrSet(datasourceName, "clusters.0.state"),
@@ -432,6 +436,7 @@ func TestContainerengineClusterResource_basic(t *testing.T) {
 resource.TestCheckResourceAttr(singularDatasourceName, "options.0.persistent_volume_config.#", "1"),
 resource.TestCheckResourceAttr(singularDatasourceName, "options.0.persistent_volume_config.0.freeform_tags.%", "1"),
 resource.TestCheckResourceAttr(singularDatasourceName, "options.0.service_lb_config.#", "1"),
+resource.TestCheckResourceAttr(singularDatasourceName, "options.0.service_lb_config.0.backend_nsg_ids.#", "1"),
 resource.TestCheckResourceAttr(singularDatasourceName, "options.0.service_lb_config.0.freeform_tags.%", "1"),
 resource.TestCheckResourceAttr(singularDatasourceName, "options.0.service_lb_subnet_ids.#", "2"),
 resource.TestCheckResourceAttrSet(resourceName, "open_id_connect_discovery_endpoint"),

internal/service/containerengine/containerengine_cluster_resource.go

@@ -416,6 +416,14 @@ func ContainerengineClusterResource() *schema.Resource {
 // Required
 
 // Optional
+"backend_nsg_ids": {
+Type: schema.TypeList,
+Optional: true,
+Computed: true,
+Elem: &schema.Schema{
+Type: schema.TypeString,
+},
+},
 "defined_tags": {
 Type: schema.TypeMap,
 Optional: true,
@@ -2034,6 +2042,19 @@ func PersistentVolumeConfigDetailsToMap(obj *oci_containerengine.PersistentVolum
 func (s *ContainerengineClusterResourceCrud) mapToServiceLbConfigDetails(fieldKeyFormat string) (oci_containerengine.ServiceLbConfigDetails, error) {
 result := oci_containerengine.ServiceLbConfigDetails{}
 
+if backendNsgIds, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "backend_nsg_ids")); ok {
+interfaces := backendNsgIds.([]interface{})
+tmp := make([]string, len(interfaces))
+for i := range interfaces {
+if interfaces[i] != nil {
+tmp[i] = interfaces[i].(string)
+}
+}
+if len(tmp) != 0 || s.D.HasChange(fmt.Sprintf(fieldKeyFormat, "backend_nsg_ids")) {
+result.BackendNsgIds = tmp
+}
+}
+
 if definedTags, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "defined_tags")); ok {
 tmp, err := tfresource.MapToDefinedTags(definedTags.(map[string]interface{}))
 if err != nil {
@@ -2052,6 +2073,8 @@ func (s *ContainerengineClusterResourceCrud) mapToServiceLbConfigDetails(fieldKe
 func ServiceLbConfigDetailsToMap(obj *oci_containerengine.ServiceLbConfigDetails) map[string]interface{} {
 result := map[string]interface{}{}
 
+result["backend_nsg_ids"] = obj.BackendNsgIds
+
 if obj.DefinedTags != nil {
 result["defined_tags"] = tfresource.DefinedTagsToMap(obj.DefinedTags)
 }

website/docs/d/containerengine_cluster.html.markdown

@@ -104,6 +104,7 @@ The following attributes are exported:
 * `defined_tags` - Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Operations.CostCenter": "42"}` 
 * `freeform_tags` - Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Department": "Finance"}` 
 * `service_lb_config` - Configuration to be applied to load balancers created by Kubernetes services
+* `backend_nsg_ids` - A list of the OCIDs of the network security groups (NSGs) associated to backends to LBs (pods/nodes/virtual pods, etc.). Rules necessary for LB to backend communication would be added when rule management mode is set to NSG via annotations. see [NetworkSecurityGroup](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/NetworkSecurityGroup/). 
 * `defined_tags` - Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Operations.CostCenter": "42"}` 
 * `freeform_tags` - Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Department": "Finance"}` 
 * `service_lb_subnet_ids` - The OCIDs of the subnets used for Kubernetes services load balancers.

website/docs/d/containerengine_clusters.html.markdown

@@ -112,6 +112,7 @@ The following attributes are exported:
 * `defined_tags` - Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Operations.CostCenter": "42"}` 
 * `freeform_tags` - Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Department": "Finance"}` 
 * `service_lb_config` - Configuration to be applied to load balancers created by Kubernetes services
+* `backend_nsg_ids` - A list of the OCIDs of the network security groups (NSGs) associated to backends to LBs (pods/nodes/virtual pods, etc.). Rules necessary for LB to backend communication would be added when rule management mode is set to NSG via annotations. see [NetworkSecurityGroup](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/NetworkSecurityGroup/). 
 * `defined_tags` - Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Operations.CostCenter": "42"}` 
 * `freeform_tags` - Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Department": "Finance"}` 
 * `service_lb_subnet_ids` - The OCIDs of the subnets used for Kubernetes services load balancers.

website/docs/r/containerengine_cluster.html.markdown

@@ -106,6 +106,7 @@ resource "oci_containerengine_cluster" "test_cluster" {
 service_lb_config {
 
 #Optional
+backend_nsg_ids = var.cluster_options_service_lb_config_backend_nsg_ids
 defined_tags = {"Operations.CostCenter"= "42"}
 freeform_tags = {"Department"= "Finance"}
 }
@@ -165,6 +166,7 @@ The following arguments are supported:
 * `defined_tags` - (Optional) (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Operations.CostCenter": "42"}` 
 * `freeform_tags` - (Optional) (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Department": "Finance"}` 
 * `service_lb_config` - (Optional) (Updatable) Configuration to be applied to load balancers created by Kubernetes services
+* `backend_nsg_ids` - (Optional) (Updatable) A list of the OCIDs of the network security groups (NSGs) associated to backends to LBs (pods/nodes/virtual pods, etc.). Rules necessary for LB to backend communication would be added when rule management mode is set to NSG via annotations. see [NetworkSecurityGroup](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/NetworkSecurityGroup/). 
 * `defined_tags` - (Optional) (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Operations.CostCenter": "42"}` 
 * `freeform_tags` - (Optional) (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Department": "Finance"}` 
 * `service_lb_subnet_ids` - (Optional) The OCIDs of the subnets used for Kubernetes services load balancers.
@@ -247,6 +249,7 @@ The following attributes are exported:
 * `defined_tags` - Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Operations.CostCenter": "42"}` 
 * `freeform_tags` - Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Department": "Finance"}` 
 * `service_lb_config` - Configuration to be applied to load balancers created by Kubernetes services
+* `backend_nsg_ids` - A list of the OCIDs of the network security groups (NSGs) associated to backends to LBs (pods/nodes/virtual pods, etc.). Rules necessary for LB to backend communication would be added when rule management mode is set to NSG via annotations. see [NetworkSecurityGroup](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/NetworkSecurityGroup/). 
 * `defined_tags` - Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Operations.CostCenter": "42"}` 
 * `freeform_tags` - Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Department": "Finance"}` 
 * `service_lb_subnet_ids` - The OCIDs of the subnets used for Kubernetes services load balancers.