Releasing version 17.0.0

Releasing version 17.0.0

Author: pelliu

CHANGELOG.md

@@ -4,6 +4,17 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 
+## 17.0.0 - 2020-03-17
+### Added
+- Support for serial console connections in the Database service
+- Support for preview database versions in the Database service
+- Support for node reboot migration maintenance status and maintenance windows in the Database service
+- Support for using instance metadata API v2 for instance principals authentication
+
+
+### Breaking changes
+- Removed the model of `AutonomousExadataInfrastructureMaintenanceWindow` from Database service
+
 ## 16.0.0 - 2020-03-10
 ### Added
 - Support for Events service integration with alerts in the Budgets service

common/auth/certificate_retriever.go

@@ -77,7 +77,7 @@ func (r *urlBasedX509CertificateRetriever) Refresh() error {
 
 func (r *urlBasedX509CertificateRetriever) renewCertificate(url string) (certificatePemRaw []byte, certificate *x509.Certificate, err error) {
 	var body bytes.Buffer
-	if body, err = httpGet(r.dispatcher, url); err != nil {
+	if body, _, err = httpGet(r.dispatcher, url); err != nil {
 		return nil, nil, fmt.Errorf("failed to get certificate from %s: %s", url, err.Error())
 	}
 
@@ -97,7 +97,7 @@ func (r *urlBasedX509CertificateRetriever) renewCertificate(url string) (certifi
 
 func (r *urlBasedX509CertificateRetriever) renewPrivateKey(url, passphrase string) (privateKeyPemRaw []byte, privateKey *rsa.PrivateKey, err error) {
 	var body bytes.Buffer
-	if body, err = httpGet(r.dispatcher, url); err != nil {
+	if body, _, err = httpGet(r.dispatcher, url); err != nil {
 		return nil, nil, fmt.Errorf("failed to get private key from %s: %s", url, err.Error())
 	}
 

common/auth/instance_principal_key_provider.go

@@ -6,20 +6,28 @@ import (
 	"bytes"
 	"crypto/rsa"
 	"fmt"
-	"github.com/oracle/oci-go-sdk/common"
 	"net/http"
+	"strings"
+	"github.com/oracle/oci-go-sdk/common"
 )
 
 const (
-	regionURL                            = `http://169.254.169.254/opc/v1/instance/region`
-	leafCertificateURL                   = `http://169.254.169.254/opc/v1/identity/cert.pem`
-	leafCertificateKeyURL                = `http://169.254.169.254/opc/v1/identity/key.pem`
+	metadataBaseURL             = `http://169.254.169.254/opc/v2`
+	metadataFallbackURL         = `http://169.254.169.254/opc/v1`
+	regionPath                  = `/instance/region`
+	leafCertificatePath         = `/identity/cert.pem`
+	leafCertificateKeyPath      = `/identity/key.pem`
+	intermediateCertificatePath = `/identity/intermediate.pem`
+
 	leafCertificateKeyPassphrase         = `` // No passphrase for the private key for Compute instances
-	intermediateCertificateURL           = `http://169.254.169.254/opc/v1/identity/intermediate.pem`
 	intermediateCertificateKeyURL        = ``
 	intermediateCertificateKeyPassphrase = `` // No passphrase for the private key for Compute instances
 )
 
+var (
+	regionURL, leafCertificateURL, leafCertificateKeyURL, intermediateCertificateURL string
+)
+
 // instancePrincipalKeyProvider implements KeyProvider to provide a key ID and its corresponding private key
 // for an instance principal by getting a security token via x509FederationClient.
 //
@@ -40,6 +48,7 @@ type instancePrincipalKeyProvider struct {
 // KeyID that is not expired at the moment, the PrivateRSAKey that the client acquires at a next moment could be
 // invalid because the KeyID could be already expired.
 func newInstancePrincipalKeyProvider(modifier func(common.HTTPRequestDispatcher) (common.HTTPRequestDispatcher, error)) (provider *instancePrincipalKeyProvider, err error) {
+	updateX509CertRetrieverURLParas(metadataBaseURL)
 	clientModifier := newDispatcherModifier(modifier)
 
 	client, err := clientModifier.Modify(&http.Client{})
@@ -83,12 +92,25 @@ func newInstancePrincipalKeyProvider(modifier func(common.HTTPRequestDispatcher)
 
 func getRegionForFederationClient(dispatcher common.HTTPRequestDispatcher, url string) (r common.Region, err error) {
 	var body bytes.Buffer
-	if body, err = httpGet(dispatcher, url); err != nil {
+	var statusCode int
+	if body, statusCode, err = httpGet(dispatcher, url); err != nil {
+		if statusCode == 404 && strings.Compare(url, metadataBaseURL+regionPath) == 0 {
+			common.Logf("Falling back to http://169.254.169.254/opc/v1 to try again...\n")
+			updateX509CertRetrieverURLParas(metadataFallbackURL)
+			return getRegionForFederationClient(dispatcher, regionURL)
+		}
 		return
 	}
 	return common.StringToRegion(body.String()), nil
 }
 
+func updateX509CertRetrieverURLParas(baseURL string) {
+	regionURL = baseURL + regionPath
+	leafCertificateURL = baseURL + leafCertificatePath
+	leafCertificateKeyURL = baseURL + leafCertificateKeyPath
+	intermediateCertificateURL = baseURL + intermediateCertificatePath
+}
+
 func (p *instancePrincipalKeyProvider) RegionForFederationClient() common.Region {
 	return p.Region
 }

common/auth/utils.go

@@ -15,7 +15,7 @@ import (
 
 // httpGet makes a simple HTTP GET request to the given URL, expecting only "200 OK" status code.
 // This is basically for the Instance Metadata Service.
-func httpGet(dispatcher common.HTTPRequestDispatcher, url string) (body bytes.Buffer, err error) {
+func httpGet(dispatcher common.HTTPRequestDispatcher, url string) (body bytes.Buffer, statusCode int, err error) {
 	var response *http.Response
 	request, err := http.NewRequest(http.MethodGet, url, nil)
 
@@ -25,6 +25,7 @@ func httpGet(dispatcher common.HTTPRequestDispatcher, url string) (body bytes.Bu
 		return
 	}
 
+	statusCode = response.StatusCode
 	common.IfDebug(func() {
 		if dump, e := httputil.DumpResponse(response, true); e == nil {
 			common.Logf("Dump Response %v", string(dump))
@@ -38,7 +39,7 @@ func httpGet(dispatcher common.HTTPRequestDispatcher, url string) (body bytes.Bu
 		return
 	}
 
-	if response.StatusCode != http.StatusOK {
+	if statusCode != http.StatusOK {
 		err = fmt.Errorf("HTTP Get failed: URL: %s, Status: %s, Message: %s",
 			url, response.Status, body.String())
 		return

common/version.go

@@ -95,7 +95,9 @@ type AutonomousDatabase struct {
 	// This restriction applies to both the client subnet and the backup subnet.
 	SubnetId *string `mandatory:"false" json:"subnetId"`
 
-	// A list of the OCIDs (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of the network security groups (NSGs) that this DB system belongs to. Setting this to an empty array after the list is created removes the resource from all NSGs. For more information about NSGs, see Security Rules (https://docs.cloud.oracle.com/Content/Network/Concepts/securityrules.htm).
+	// A list of the OCIDs (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of the network security groups (NSGs) that this resource belongs to. Setting this to an empty array after the list is created removes the resource from all NSGs. For more information about NSGs, see Security Rules (https://docs.cloud.oracle.com/Content/Network/Concepts/securityrules.htm).
+	// **NsgIds restrictions:**
+	// - Autonomous Databases with private access require at least 1 Network Security Group (NSG). The nsgIds array cannot be empty.
 	NsgIds []string `mandatory:"false" json:"nsgIds"`
 
 	// The private endpoint for the resource.
@@ -110,7 +112,9 @@ type AutonomousDatabase struct {
 	// Indicates if the Autonomous Database version is a preview version.
 	IsPreview *bool `mandatory:"false" json:"isPreview"`
 
-	// The Autonomous Database workload type. OLTP indicates an Autonomous Transaction Processing database and DW indicates an Autonomous Data Warehouse database.
+	// The Autonomous Database workload type. The following values are valid:
+	// - OLTP - indicates an Autonomous Transaction Processing database
+	// - DW - indicates an Autonomous Data Warehouse database
 	DbWorkload AutonomousDatabaseDbWorkloadEnum `mandatory:"false" json:"dbWorkload,omitempty"`
 
 	// The client IP access control list (ACL). This feature is available for databases on shared Exadata infrastructure (https://docs.cloud.oracle.com/Content/Database/Concepts/adboverview.htm#AEI) only.

database/autonomous_database.go

@@ -96,7 +96,9 @@ type AutonomousDatabaseSummary struct {
 	// This restriction applies to both the client subnet and the backup subnet.
 	SubnetId *string `mandatory:"false" json:"subnetId"`
 
-	// A list of the OCIDs (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of the network security groups (NSGs) that this DB system belongs to. Setting this to an empty array after the list is created removes the resource from all NSGs. For more information about NSGs, see Security Rules (https://docs.cloud.oracle.com/Content/Network/Concepts/securityrules.htm).
+	// A list of the OCIDs (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of the network security groups (NSGs) that this resource belongs to. Setting this to an empty array after the list is created removes the resource from all NSGs. For more information about NSGs, see Security Rules (https://docs.cloud.oracle.com/Content/Network/Concepts/securityrules.htm).
+	// **NsgIds restrictions:**
+	// - Autonomous Databases with private access require at least 1 Network Security Group (NSG). The nsgIds array cannot be empty.
 	NsgIds []string `mandatory:"false" json:"nsgIds"`
 
 	// The private endpoint for the resource.
@@ -111,7 +113,9 @@ type AutonomousDatabaseSummary struct {
 	// Indicates if the Autonomous Database version is a preview version.
 	IsPreview *bool `mandatory:"false" json:"isPreview"`
 
-	// The Autonomous Database workload type. OLTP indicates an Autonomous Transaction Processing database and DW indicates an Autonomous Data Warehouse database.
+	// The Autonomous Database workload type. The following values are valid:
+	// - OLTP - indicates an Autonomous Transaction Processing database
+	// - DW - indicates an Autonomous Data Warehouse database
 	DbWorkload AutonomousDatabaseSummaryDbWorkloadEnum `mandatory:"false" json:"dbWorkload,omitempty"`
 
 	// The client IP access control list (ACL). This feature is available for databases on shared Exadata infrastructure (https://docs.cloud.oracle.com/Content/Database/Concepts/adboverview.htm#AEI) only.

database/autonomous_database_summary.go

@@ -24,7 +24,9 @@ type AutonomousDbPreviewVersionSummary struct {
 	// The date and time when the preview version availability ends.
 	TimePreviewEnd *common.SDKTime `mandatory:"false" json:"timePreviewEnd"`
 
-	// The Autonomous Database workload type. OLTP indicates an Autonomous Transaction Processing database and DW indicates an Autonomous Data Warehouse database.
+	// The Autonomous Database workload type. The following values are valid:
+	// - OLTP - indicates an Autonomous Transaction Processing database
+	// - DW - indicates an Autonomous Data Warehouse database
 	DbWorkload AutonomousDbPreviewVersionSummaryDbWorkloadEnum `mandatory:"false" json:"dbWorkload,omitempty"`
 
 	// A URL that points to a detailed description of the preview version.

database/autonomous_db_preview_version_summary.go

@@ -18,7 +18,9 @@ type AutonomousDbVersionSummary struct {
 	// A valid Oracle Database version for Autonomous Database.
 	Version *string `mandatory:"true" json:"version"`
 
-	// The Autonomous Database workload type. OLTP indicates an Autonomous Transaction Processing database and DW indicates an Autonomous Data Warehouse database.
+	// The Autonomous Database workload type. The following values are valid:
+	// - OLTP - indicates an Autonomous Transaction Processing database
+	// - DW - indicates an Autonomous Data Warehouse database
 	DbWorkload AutonomousDbVersionSummaryDbWorkloadEnum `mandatory:"false" json:"dbWorkload,omitempty"`
 
 	// True if the database uses dedicated Exadata infrastructure (https://docs.cloud.oracle.com/Content/Database/Concepts/adbddoverview.htm).

database/autonomous_db_version_summary.go

@@ -49,7 +49,9 @@ type AutonomousExadataInfrastructure struct {
 
 	MaintenanceWindow *MaintenanceWindow `mandatory:"true" json:"maintenanceWindow"`
 
-	// A list of the OCIDs (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of the network security groups (NSGs) that this DB system belongs to. Setting this to an empty array after the list is created removes the resource from all NSGs. For more information about NSGs, see Security Rules (https://docs.cloud.oracle.com/Content/Network/Concepts/securityrules.htm).
+	// A list of the OCIDs (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of the network security groups (NSGs) that this resource belongs to. Setting this to an empty array after the list is created removes the resource from all NSGs. For more information about NSGs, see Security Rules (https://docs.cloud.oracle.com/Content/Network/Concepts/securityrules.htm).
+	// **NsgIds restrictions:**
+	// - Autonomous Databases with private access require at least 1 Network Security Group (NSG). The nsgIds array cannot be empty.
 	NsgIds []string `mandatory:"false" json:"nsgIds"`
 
 	// Additional information about the current lifecycle state of the Autonomous Exadata Infrastructure.

database/autonomous_exadata_infrastructure.go

@@ -58,7 +58,9 @@ type AutonomousExadataInfrastructureSummary struct {
 
 	MaintenanceWindow *MaintenanceWindow `mandatory:"true" json:"maintenanceWindow"`
 
-	// A list of the OCIDs (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of the network security groups (NSGs) that this DB system belongs to. Setting this to an empty array after the list is created removes the resource from all NSGs. For more information about NSGs, see Security Rules (https://docs.cloud.oracle.com/Content/Network/Concepts/securityrules.htm).
+	// A list of the OCIDs (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of the network security groups (NSGs) that this resource belongs to. Setting this to an empty array after the list is created removes the resource from all NSGs. For more information about NSGs, see Security Rules (https://docs.cloud.oracle.com/Content/Network/Concepts/securityrules.htm).
+	// **NsgIds restrictions:**
+	// - Autonomous Databases with private access require at least 1 Network Security Group (NSG). The nsgIds array cannot be empty.
 	NsgIds []string `mandatory:"false" json:"nsgIds"`
 
 	// Additional information about the current lifecycle state of the Autonomous Exadata Infrastructure.