Added - Support for Support Cross region Backup copy & Replication for volumes encrypted with Customer KMS Keys

Author: Atul Aditya

examples/storage/block/volume_replica/main.tf

@@ -0,0 +1,36 @@
+// Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+variable "tenancy_ocid" {
+}
+
+variable "user_ocid" {
+}
+
+variable "fingerprint" {
+}
+
+variable "private_key_path" {
+}
+
+variable "region" {
+}
+
+variable "compartment_ocid" {
+}
+
+
+data "oci_identity_availability_domain" "ad" {
+  compartment_id = var.tenancy_ocid
+  ad_number      = 1
+}
+
+provider "oci" {
+#  version          = "6.9.0"
+  tenancy_ocid     = var.tenancy_ocid
+  user_ocid        = var.user_ocid
+  fingerprint      = var.fingerprint
+  private_key_path = var.private_key_path
+  region           = var.region
+
+}

examples/storage/block/volume_replica/volume_replica_kms.tf

@@ -0,0 +1,31 @@
+
+resource "oci_core_volume" "test_volume_with_required_parameter" {
+  availability_domain = data.oci_identity_availability_domain.ad.name
+  compartment_id = var.compartment_ocid
+}
+
+variable "kms_key_ocid_cross_region" {
+  default = ""
+}
+resource "oci_core_volume" "test_volume_with_optional_parameter" {
+  availability_domain = data.oci_identity_availability_domain.ad.name
+  compartment_id = var.compartment_ocid
+  display_name = "test_volume"
+
+  // please find allowed other region's availability_domain and hardcode here
+  block_volume_replicas {
+    availability_domain = data.oci_identity_availability_domain.ad.name
+    display_name = "test_replicas"
+  }
+
+  // if you want delete volume and this volume has replicas, please disable replicas at first, set this "block_volume_replicas_deletion" to true
+   block_volume_replicas_deletion = true
+
+}
+
+output "volume" {
+  value = {
+    test_volume_with_required_parameter = oci_core_volume.test_volume_with_required_parameter.id
+    test_volume_with_optional_parameter = oci_core_volume.test_volume_with_optional_parameter.id
+  }
+}

internal/integrationtest/core_block_volume_replica_test.go

@@ -38,7 +38,7 @@ var (
 
 	//hardcode availability_domain here to meet the cross region replicas requirement
 	CoreBlockDependenceVolumeBlockVolumeReplicasRepresentation = map[string]interface{}{
-		"availability_domain": acctest.Representation{RepType: acctest.Required, Create: `KvuH:US-ASHBURN-AD-1`},
+		"availability_domain": acctest.Representation{RepType: acctest.Required, Create: `pjBI:US-ASHBURN-AD-1`},
 		"display_name":        acctest.Representation{RepType: acctest.Optional, Create: `displayName`},
 	}
 

internal/integrationtest/core_boot_volume_replica_test.go

@@ -39,7 +39,7 @@ var (
 		"boot_volume_replicas_deletion": acctest.Representation{RepType: acctest.Optional, Create: `false`, Update: `true`},
 	}
 	CoreCoreBootVolumeDependenceBootVolumeReplicasRepresentation = map[string]interface{}{
-		"availability_domain": acctest.Representation{RepType: acctest.Required, Create: `KvuH:US-ASHBURN-AD-1`},
+		"availability_domain": acctest.Representation{RepType: acctest.Required, Create: `pjBI:US-ASHBURN-AD-1`},
 		"display_name":        acctest.Representation{RepType: acctest.Optional, Create: `displayName`},
 	}
 	CoreBootVolumeReplicaResourceConfig = CoreBootVolumeResourceDependencies
@@ -56,7 +56,6 @@ func TestCoreBootVolumeReplicaResource_basic(t *testing.T) {
 	compartmentIdVariableStr := fmt.Sprintf("variable \"compartment_id\" { default = \"%s\" }\n", compartmentId)
 
 	resourceName := "oci_core_boot_volume.test_boot_volume"
-
 	acctest.SaveConfigContent("", "", "", t)
 
 	acctest.ResourceTest(t, nil, []resource.TestStep{

internal/integrationtest/core_boot_volume_test.go

@@ -61,6 +61,10 @@ var (
 		"values": acctest.Representation{RepType: acctest.Required, Create: []string{`${oci_core_boot_volume.test_boot_volume.id}`}},
 	}
 
+	IgnoreSystemTagsChangesRep = map[string]interface{}{
+		"ignore_changes": acctest.Representation{RepType: acctest.Required, Create: []string{`system_tags`, `defined_tags`, `freeform_tags`, `xrc_kms_key_id`}},
+	}
+
 	CoreBootVolumeRepresentation = map[string]interface{}{
 		"availability_domain":        acctest.Representation{RepType: acctest.Required, Create: `${data.oci_identity_availability_domains.test_availability_domains.availability_domains.0.name}`},
 		"compartment_id":             acctest.Representation{RepType: acctest.Required, Create: `${var.compartment_id}`},
@@ -75,7 +79,8 @@ var (
 		"vpus_per_gb":                acctest.Representation{RepType: acctest.Optional, Create: `10`, Update: `10`},
 		"autotune_policies":          acctest.RepresentationGroup{RepType: acctest.Optional, Group: CoreBootVolumeAutotunePoliciesRepresentation},
 		"is_auto_tune_enabled":       acctest.Representation{RepType: acctest.Optional, Create: `false`, Update: `false`},
-		"lifecycle":                  acctest.RepresentationGroup{RepType: acctest.Required, Group: CoreIgnoreSystemTagsChangesRepresentation},
+		"xrc_kms_key_id":             acctest.Representation{RepType: acctest.Optional, Create: `${lookup(data.oci_kms_keys.test_keys_dependency.keys[0], "id")}`},
+		"lifecycle":                  acctest.RepresentationGroup{RepType: acctest.Required, Group: IgnoreSystemTagsChangesRep},
 	}
 
 	CoreDeltaRestoreBootVolumeRepresentation = map[string]interface{}{
@@ -111,6 +116,7 @@ var (
 	CoreBootVolumeBootVolumeReplicasRepresentation = map[string]interface{}{
 		"availability_domain": acctest.Representation{RepType: acctest.Required, Create: `${data.oci_identity_availability_domains.test_availability_domains.availability_domains.0.name}`, Update: `availabilityDomain2`},
 		"display_name":        acctest.Representation{RepType: acctest.Optional, Create: `displayName`, Update: `displayName2`},
+		"xrr_kms_key_id":      acctest.Representation{RepType: acctest.Optional, Create: `${lookup(data.oci_kms_keys.test_keys_dependency.keys[0], "id")}`},
 	}
 
 	CoreBootVolumeResourceDependencies = acctest.GenerateResourceFromRepresentationMap("oci_core_subnet", "test_subnet", acctest.Required, acctest.Create, CoreSubnetRepresentation) +
@@ -366,6 +372,7 @@ func TestCoreBootVolumeResource_basic(t *testing.T) {
 			ImportStateVerifyIgnore: []string{
 				"backup_policy_id",
 				"cluster_placement_group_id",
+				"xrc_kms_key_id",
 			},
 			ResourceName: resourceName,
 		},

internal/integrationtest/core_volume_backup_policy_assignment_test.go

@@ -18,14 +18,16 @@ import (
 	"github.com/oracle/terraform-provider-oci/internal/acctest"
 	tf_client "github.com/oracle/terraform-provider-oci/internal/client"
 	"github.com/oracle/terraform-provider-oci/internal/resourcediscovery"
+
 	"github.com/oracle/terraform-provider-oci/internal/tfresource"
 	"github.com/oracle/terraform-provider-oci/internal/utils"
 )
 
 var (
-	CoreCoreVolumeBackupPolicyAssignmentRequiredOnlyResource = acctest.GenerateResourceFromRepresentationMap("oci_core_volume_backup_policy_assignment", "test_volume_backup_policy_assignment", acctest.Required, acctest.Create, CoreVolumeBackupPolicyAssignmentRepresentation)
+	CoreVolumeBackupPolicyAssignmentRequiredOnlyResource = acctest.GenerateResourceFromRepresentationMap("oci_core_volume_backup_policy_assignment", "test_volume_backup_policy_assignment", acctest.Required, acctest.Create, CoreVolumeBackupPolicyAssignmentRepresentation)
 
 	CoreCoreVolumeBackupPolicyAssignmentDataSourceRepresentation = map[string]interface{}{
+
 		"asset_id": acctest.Representation{RepType: acctest.Required, Create: `${oci_core_volume.test_volume.id}`},
 		"filter":   acctest.RepresentationGroup{RepType: acctest.Required, Group: CoreVolumeBackupPolicyAssignmentDataSourceFilterRepresentation}}
 	CoreVolumeBackupPolicyAssignmentDataSourceFilterRepresentation = map[string]interface{}{
@@ -34,13 +36,15 @@ var (
 	}
 
 	CoreVolumeBackupPolicyAssignmentRepresentation = map[string]interface{}{
-		"asset_id":  acctest.Representation{RepType: acctest.Required, Create: `${oci_core_volume.test_volume.id}`},
-		"policy_id": acctest.Representation{RepType: acctest.Required, Create: `${data.oci_core_volume_backup_policies.test_volume_backup_policies.volume_backup_policies.0.id}`},
+		"asset_id":       acctest.Representation{RepType: acctest.Required, Create: `${oci_core_volume.test_volume.id}`},
+		"policy_id":      acctest.Representation{RepType: acctest.Required, Create: `${data.oci_core_volume_backup_policies.test_volume_backup_policies.volume_backup_policies.0.id}`},
+		"xrc_kms_key_id": acctest.Representation{RepType: acctest.Optional, Create: `${var.kms_key_ocid_cross_region}`},
 	}
 
 	CoreVolumeBackupPolicyAssignmentResourceDependencies = utils.VolumeBackupPolicyDependency +
 		acctest.GenerateResourceFromRepresentationMap("oci_core_volume", "test_volume", acctest.Required, acctest.Create, CoreVolumeRepresentation) +
-		AvailabilityDomainConfig
+		AvailabilityDomainConfig +
+		KeyResourceDependencyConfig
 )
 
 // issue-routing-tag: core/blockStorage
@@ -59,13 +63,27 @@ func TestCoreVolumeBackupPolicyAssignmentResource_basic(t *testing.T) {
 	var resId string
 	// Save TF content to Create resource with only required properties. This has to be exactly the same as the config part in the Create step in the test.
 	acctest.SaveConfigContent(config+compartmentIdVariableStr+CoreVolumeBackupPolicyAssignmentResourceDependencies+
-		acctest.GenerateResourceFromRepresentationMap("oci_core_volume_backup_policy_assignment", "test_volume_backup_policy_assignment", acctest.Required, acctest.Create, CoreVolumeBackupPolicyAssignmentRepresentation), "core", "volumeBackupPolicyAssignment", t)
+		acctest.GenerateResourceFromRepresentationMap("oci_core_volume_backup_policy_assignment", "test_volume_backup_policy_assignment", acctest.Optional, acctest.Create, CoreVolumeBackupPolicyAssignmentRepresentation), "core", "volumeBackupPolicyAssignment", t)
 
 	acctest.ResourceTest(t, testAccCheckCoreVolumeBackupPolicyAssignmentDestroy, []resource.TestStep{
 		// verify Create
 		{
 			Config: config + compartmentIdVariableStr + CoreVolumeBackupPolicyAssignmentResourceDependencies +
 				acctest.GenerateResourceFromRepresentationMap("oci_core_volume_backup_policy_assignment", "test_volume_backup_policy_assignment", acctest.Required, acctest.Create, CoreVolumeBackupPolicyAssignmentRepresentation),
+			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttrSet(resourceName, "asset_id"),
+				resource.TestCheckResourceAttrSet(resourceName, "policy_id"),
+			),
+		},
+
+		// delete before next Create
+		{
+			Config: config + compartmentIdVariableStr + CoreVolumeBackupPolicyAssignmentResourceDependencies,
+		},
+		// verify Create with optionals
+		{
+			Config: config + compartmentIdVariableStr + CoreVolumeBackupPolicyAssignmentResourceDependencies +
+				acctest.GenerateResourceFromRepresentationMap("oci_core_volume_backup_policy_assignment", "test_volume_backup_policy_assignment", acctest.Optional, acctest.Create, CoreVolumeBackupPolicyAssignmentRepresentation),
 			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
 				resource.TestCheckResourceAttrSet(resourceName, "asset_id"),
 				resource.TestCheckResourceAttrSet(resourceName, "policy_id"),
@@ -100,7 +118,7 @@ func TestCoreVolumeBackupPolicyAssignmentResource_basic(t *testing.T) {
 		},
 		// verify resource import
 		{
-			Config:                  config + CoreCoreVolumeBackupPolicyAssignmentRequiredOnlyResource,
+			Config:                  config + CoreVolumeBackupPolicyAssignmentRequiredOnlyResource,
 			ImportState:             true,
 			ImportStateVerify:       true,
 			ImportStateVerifyIgnore: []string{},

internal/integrationtest/core_volume_group_replica_test.go

@@ -26,12 +26,14 @@ var (
 		"volume_group_replicas":          acctest.RepresentationGroup{RepType: acctest.Optional, Group: CoreVolumeGroupVolumeGroupReplicasRepresentation},
 		"volume_group_replicas_deletion": acctest.Representation{RepType: acctest.Optional, Create: `false`, Update: `true`},
 		"preserve_volume_replica":        acctest.Representation{RepType: acctest.Optional, Create: `false`, Update: `false`},
+		"lifecycle":                      acctest.RepresentationGroup{RepType: acctest.Required, Group: CoreIgnoreSystemTagsChangesRepresentation},
 	}
 
 	//hardcode availability_domain here to meet the cross region replicas requirement
 	CoreVolumeGroupVolumeGroupReplicasRepresentation = map[string]interface{}{
-		"availability_domain": acctest.Representation{RepType: acctest.Required, Create: `KvuH:US-ASHBURN-AD-1`},
+		"availability_domain": acctest.Representation{RepType: acctest.Required, Create: `pjBI:US-ASHBURN-AD-1`},
 		"display_name":        acctest.Representation{RepType: acctest.Optional, Create: `displayName`},
+		"xrr_kms_key_id":      acctest.Representation{RepType: acctest.Optional, Create: `${var.kms_key_ocid_cross_region}`},
 	}
 )
 
@@ -70,7 +72,7 @@ func TestCoreVolumeGroupReplicaResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttrSet(resourceName, "volume_group_replicas.0.display_name"),
 
 				func(s *terraform.State) (err error) {
-					time.Sleep(2 * time.Minute)
+					time.Sleep(35 * time.Minute)
 					return
 				},
 			),
@@ -82,11 +84,9 @@ func TestCoreVolumeGroupReplicaResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttrSet(resourceName, "availability_domain"),
 				resource.TestCheckResourceAttr(resourceName, "compartment_id", compartmentId),
 				resource.TestCheckResourceAttr(resourceName, "display_name", "displayName2"),
-				resource.TestCheckResourceAttr(resourceName, "state", "AVAILABLE"),
-				resource.TestCheckNoResourceAttr(resourceName, "volume_group_replicas"),
-
+				resource.TestCheckResourceAttr(resourceName, "state", "UPDATE_PENDING"),
 				func(s *terraform.State) (err error) {
-					time.Sleep(2 * time.Minute)
+					time.Sleep(10 * time.Minute)
 					return
 				},
 			),

internal/integrationtest/core_volume_group_test.go

@@ -34,14 +34,17 @@ var (
 
 	volumeGroupDataSourceRepresentation = map[string]interface{}{
 		"compartment_id":      acctest.Representation{RepType: acctest.Required, Create: `${var.compartment_id}`},
-		"availability_domain": acctest.Representation{RepType: acctest.Optional, Create: `${data.oci_identity_availability_domains.test_availability_domains.availability_domains.0.name}`},
+		"availability_domain": acctest.Representation{RepType: acctest.Required, Create: `${data.oci_identity_availability_domains.test_availability_domains.availability_domains.0.name}`},
 		"display_name":        acctest.Representation{RepType: acctest.Optional, Create: `displayName`, Update: `displayName2`},
 		"state":               acctest.Representation{RepType: acctest.Optional, Create: `AVAILABLE`},
 		"filter":              acctest.RepresentationGroup{RepType: acctest.Required, Group: volumeGroupDataSourceFilterRepresentation}}
 	volumeGroupDataSourceFilterRepresentation = map[string]interface{}{
 		"name":   acctest.Representation{RepType: acctest.Required, Create: `id`},
 		"values": acctest.Representation{RepType: acctest.Required, Create: []string{`${oci_core_volume_group.test_volume_group.id}`}},
 	}
+	CoreIgnoreTagsChangesRepresentation = map[string]interface{}{
+		"ignore_changes": acctest.Representation{RepType: acctest.Required, Create: []string{`defined_tags`, `freeform_tags`}},
+	}
 
 	CoreVolumeGroupRepresentation = map[string]interface{}{
 		"availability_domain":        acctest.Representation{RepType: acctest.Required, Create: `${data.oci_identity_availability_domains.test_availability_domains.availability_domains.0.name}`},
@@ -53,11 +56,14 @@ var (
 		"display_name":               acctest.Representation{RepType: acctest.Optional, Create: `displayName`, Update: `displayName2`},
 		"volume_ids":                 acctest.Representation{RepType: acctest.Optional, Create: nil, Update: []string{`${oci_core_volume.source_volume_list.*.id[0]}`}},
 		"freeform_tags":              acctest.Representation{RepType: acctest.Optional, Create: map[string]string{"Department": "Finance"}, Update: map[string]string{"Department": "Accounting"}},
+		"xrc_kms_key_id":             acctest.Representation{RepType: acctest.Optional, Create: `${lookup(data.oci_kms_keys.test_keys_dependency.keys[0], "id")}`},
+		"lifecycle":                  acctest.RepresentationGroup{RepType: acctest.Required, Group: CoreIgnoreTagsChangesRepresentation},
 	}
 	CoreVolumeGroupSourceDetailsRepresentation = map[string]interface{}{
 		"type":       acctest.Representation{RepType: acctest.Required, Create: `volumeIds`},
 		"volume_ids": acctest.Representation{RepType: acctest.Required, Create: `${oci_core_volume.source_volume_list.*.id}`},
 	}
+
 	CoreVolumeSourceDetailsJumbledVolumeIdsRepresentation = map[string]interface{}{
 		"type":       acctest.Representation{RepType: acctest.Required, Create: `volumeIds`},
 		"volume_ids": acctest.Representation{RepType: acctest.Required, Create: []string{`${oci_core_volume.source_volume_list.*.id[1]}`, `${oci_core_volume.source_volume_list.*.id[0]}`}},
@@ -82,6 +88,8 @@ var (
 	}
 	` +
 		AvailabilityDomainConfig +
+		KeyResourceDependencyConfig +
+
 		utils.VolumeBackupPolicyDependency +
 		CoreVolumeBackupPolicyRequiredOnlyResource
 	VolumeGroupRequiredOnlyResourceDependencies = AvailabilityDomainConfig + SourceVolumeListDependency
@@ -170,6 +178,7 @@ func TestCoreVolumeGroupResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(resourceName, "source_details.#", "1"),
 				resource.TestCheckResourceAttr(resourceName, "source_details.0.type", "volumeIds"),
 				resource.TestCheckResourceAttrSet(resourceName, "time_created"),
+
 				resource.TestCheckResourceAttr(resourceName, "volume_ids.#", "2"),
 
 				func(s *terraform.State) (err error) {
@@ -287,6 +296,7 @@ func TestCoreVolumeGroupResource_basic(t *testing.T) {
 			ImportStateVerify: true,
 			ImportStateVerifyIgnore: []string{
 				"backup_policy_id",
+				"xrc_kms_key_id",
 				"cluster_placement_group_id",
 			},
 			ResourceName: resourceName,