Added - Support for Multitenant support for Workload Identity (WRIS)

Author: XinruXiao-9

examples/container_engine/main.tf

@@ -52,6 +52,22 @@ variable "node_pool_state" {
   default = []
 }
 
+variable "cluster_workload_mapping_namespace" {
+  default = "namespace"
+}
+
+variable "cluster_workload_mapping_defined_tags_value" {
+  default = "value"
+}
+
+variable "cluster_workload_mapping_freeform_tags" {
+  default = { "Department" = "Finance" }
+}
+
+variable defined_tag_namespace_name {
+  default = "test"
+}
+
 provider "oci" {
   region           = var.region
   tenancy_ocid     = var.tenancy_ocid
@@ -60,6 +76,24 @@ provider "oci" {
   private_key_path = var.private_key_path
 }
 
+resource "oci_identity_tag_namespace" "tag-namespace1" {
+  #Required
+  compartment_id = var.tenancy_ocid
+  description = "example tag namespace"
+  name = var.defined_tag_namespace_name != "" ? var.defined_tag_namespace_name : "example-tag-namespace-all"
+
+  is_retired = false
+}
+
+resource "oci_identity_tag" "tag1" {
+  #Required
+  description = "example tag"
+  name = "example-tag"
+  tag_namespace_id = oci_identity_tag_namespace.tag-namespace1.id
+
+  is_retired = false
+}
+
 data "oci_identity_availability_domain" "ad1" {
   compartment_id = var.tenancy_ocid
   ad_number      = 1
@@ -268,6 +302,17 @@ resource "oci_containerengine_node_pool" "test_flex_shape_node_pool" {
   ssh_public_key      = var.node_pool_ssh_public_key
 }
 
+resource "oci_containerengine_cluster_workload_mapping" "test_cluster_workload_mapping" {
+  #Required"
+  cluster_id            = oci_containerengine_cluster.test_cluster.id
+  mapped_compartment_id = var.compartment_ocid
+  namespace             = var.cluster_workload_mapping_namespace
+
+  #Optional
+  defined_tags  = {"${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}" = "${var.cluster_workload_mapping_defined_tags_value}"}
+  freeform_tags = var.cluster_workload_mapping_freeform_tags
+}
+
 output "cluster" {
   value = {
     id                 = oci_containerengine_cluster.test_cluster.id

internal/integrationtest/containerengine_cluster_workload_mapping_test.go

@@ -0,0 +1,103 @@
+// Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package containerengine
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	oci_containerengine "github.com/oracle/oci-go-sdk/v65/containerengine"
+
+	"github.com/oracle/terraform-provider-oci/internal/client"
+	"github.com/oracle/terraform-provider-oci/internal/tfresource"
+)
+
+func ContainerengineClusterWorkloadMappingDataSource() *schema.Resource {
+	fieldMap := make(map[string]*schema.Schema)
+	fieldMap["cluster_id"] = &schema.Schema{
+		Type:     schema.TypeString,
+		Required: true,
+	}
+	fieldMap["workload_mapping_id"] = &schema.Schema{
+		Type:     schema.TypeString,
+		Required: true,
+	}
+	return tfresource.GetSingularDataSourceItemSchema(ContainerengineClusterWorkloadMappingResource(), fieldMap, readSingularContainerengineClusterWorkloadMapping)
+}
+
+func readSingularContainerengineClusterWorkloadMapping(d *schema.ResourceData, m interface{}) error {
+	sync := &ContainerengineClusterWorkloadMappingDataSourceCrud{}
+	sync.D = d
+	sync.Client = m.(*client.OracleClients).ContainerEngineClient()
+
+	return tfresource.ReadResource(sync)
+}
+
+type ContainerengineClusterWorkloadMappingDataSourceCrud struct {
+	D      *schema.ResourceData
+	Client *oci_containerengine.ContainerEngineClient
+	Res    *oci_containerengine.GetWorkloadMappingResponse
+}
+
+func (s *ContainerengineClusterWorkloadMappingDataSourceCrud) VoidState() {
+	s.D.SetId("")
+}
+
+func (s *ContainerengineClusterWorkloadMappingDataSourceCrud) Get() error {
+	request := oci_containerengine.GetWorkloadMappingRequest{}
+
+	if clusterId, ok := s.D.GetOkExists("cluster_id"); ok {
+		tmp := clusterId.(string)
+		request.ClusterId = &tmp
+	}
+
+	if workloadMappingId, ok := s.D.GetOkExists("workload_mapping_id"); ok {
+		tmp := workloadMappingId.(string)
+		request.WorkloadMappingId = &tmp
+	}
+
+	request.RequestMetadata.RetryPolicy = tfresource.GetRetryPolicy(false, "containerengine")
+
+	response, err := s.Client.GetWorkloadMapping(context.Background(), request)
+	if err != nil {
+		return err
+	}
+
+	s.Res = &response
+	return nil
+}
+
+func (s *ContainerengineClusterWorkloadMappingDataSourceCrud) SetData() error {
+	if s.Res == nil {
+		return nil
+	}
+
+	s.D.SetId(*s.Res.Id)
+
+	if s.Res.DefinedTags != nil {
+		s.D.Set("defined_tags", tfresource.DefinedTagsToMap(s.Res.DefinedTags))
+	}
+
+	s.D.Set("freeform_tags", s.Res.FreeformTags)
+
+	if s.Res.MappedCompartmentId != nil {
+		s.D.Set("mapped_compartment_id", *s.Res.MappedCompartmentId)
+	}
+
+	if s.Res.MappedTenancyId != nil {
+		s.D.Set("mapped_tenancy_id", *s.Res.MappedTenancyId)
+	}
+
+	if s.Res.Namespace != nil {
+		s.D.Set("namespace", *s.Res.Namespace)
+	}
+
+	s.D.Set("state", s.Res.LifecycleState)
+
+	if s.Res.TimeCreated != nil {
+		s.D.Set("time_created", s.Res.TimeCreated.String())
+	}
+
+	return nil
+}