Merge pull request #93 from davcarde/main

Adding 3 new code examples

Author: malcherm

terraform/adb_from_subnet_private_endpoint/.terraform.lock.hcl

@@ -24,7 +24,7 @@ nsg_display_name = ""
 adb_display_name           = ""
 adb_db_name                = ""
 adb_admin_password         = ""
-adb_workload_type          = "DW"   # OLTP=ATP | DW=ADW | AJD=JSON | APEX
+adb_workload_type          = "LH"   # OLTP=ATP | LH=LAKEHOUSE | DW=ADW | AJD=JSON | APEX
 adb_db_version             = "26ai"
 adb_cpu_core_count         = 2
 adb_storage_tbs            = 1

terraform/adb_from_subnet_private_endpoint/terraform.tfvars

@@ -0,0 +1,109 @@
+# Terraform — Long-Term Backup Scheduling and Retention Policy
+
+Configures automatic backup retention and a long-term backup schedule on an existing Autonomous Database. Designed for compliance scenarios where data must be retained beyond the 60-day automatic backup limit.
+
+## Files
+
+| File | Description |
+|---|---|
+| `versions.tf` | Terraform and provider version requirements |
+| `provider.tf` | OCI provider configuration |
+| `main.tf` | Automatic backup retention and long-term backup schedule |
+| `variables.tf` | All configurable parameters |
+| `outputs.tf` | Values exported after apply |
+| `terraform.tfvars` | Fill in your values |
+
+## Quick Start
+
+```bash
+# 1. Initialize Terraform
+terraform init
+
+# 2. Import the existing ADB into the Terraform state
+terraform import oci_database_autonomous_database.adb <ADB_OCID>
+
+# 3. Review the plan — the ADB should show only backup-related changes
+terraform plan
+
+# 4. Apply
+terraform apply
+```
+
+## Backup Architecture
+
+```
+Existing Autonomous Database
+├── Automatic backups (daily, managed by OCI)
+│   └── Retained for backup_retention_days (1–60 days)
+│
+└── Long-term backup schedule (managed by OCI natively)
+    ├── Cadence: ONE_TIME | WEEKLY | MONTHLY | YEARLY
+    ├── Anchor: backup_schedule_time (RFC3339)
+    └── Retained for long_term_backup_retention_days (90–3650 days)
+```
+
+## Schedule Reference
+
+| Cadence | Behavior |
+|---|---|
+| `ONE_TIME` | Single backup taken at `backup_schedule_time` |
+| `WEEKLY` | Repeats every 7 days at the same time and day of week |
+| `MONTHLY` | Repeats on the same day each month (last day if >= 29) |
+| `YEARLY` | Repeats on the same date each year |
+
+## Retention Reference
+
+| Period | Days |
+|---|---|
+| 3 months (minimum) | 90 |
+| 1 year | 365 |
+| 2 years | 730 |
+| 5 years | 1825 |
+| 7 years | 2555 |
+| 10 years (maximum) | 3650 |
+
+## Variables
+
+| Variable | Description | Default |
+|---|---|---|
+| `tenancy_ocid` | OCID of the OCI tenancy | — |
+| `user_ocid` | OCID of the OCI user | — |
+| `fingerprint` | Fingerprint of the API key | — |
+| `private_key_path` | Path to the private key file (.pem) | — |
+| `region` | OCI region where the ADB resides | `us-ashburn-1` |
+| `compartment_ocid` | OCID of the compartment where the ADB resides | — |
+| `adb_ocid` | OCID of the existing Autonomous Database | — |
+| `adb_db_name` | Technical database name (must match exactly) | — |
+| `adb_admin_password` | ADMIN password (required by provider, not modified) | — |
+| `backup_retention_days` | Automatic daily backup retention in days (1–60) | `30` |
+| `backup_schedule_cadence` | Backup frequency: `ONE_TIME`, `WEEKLY`, `MONTHLY`, `YEARLY` | `MONTHLY` |
+| `backup_schedule_time` | RFC3339 anchor timestamp for the schedule | — |
+| `long_term_backup_retention_days` | Long-term backup retention in days (90–3650) | `365` |
+
+## Outputs
+
+| Output | Description |
+|---|---|
+| `adb_id` | OCID of the Autonomous Database |
+| `backup_retention_days` | Automatic backup retention period in days |
+| `backup_schedule_cadence` | Frequency of the long-term backup schedule |
+| `backup_schedule_time` | Anchor timestamp for the long-term backup schedule |
+| `long_term_backup_retention_days` | Long-term backup retention period in days |
+
+## Notes
+
+- **Existing ADB required:** This Terraform is designed for existing databases only. Import the ADB before running `terraform apply` — see Quick Start above.
+
+- **Automatic backup prerequisite:** OCI requires at least one automatic backup to exist before the long-term backup schedule activates. After provisioning a new ADB, wait up to 4 hours for the first automatic backup to complete.
+
+- **`backup_schedule_time` format:** Must be a valid RFC3339 timestamp in UTC. Example: `2025-06-01T02:00:00Z`. This timestamp serves as both the first backup date and the anchor point for the recurring schedule.
+
+- **MONTHLY cadence edge case:** If `backup_schedule_time` falls on day 29, 30, or 31, OCI takes the backup on the last day of months with fewer days.
+
+- **`admin_password` in tfvars:** Required by the OCI provider schema but listed in `ignore_changes`. Terraform will never use it to modify the database password.
+
+- **Automatic backup limit:** OCI automatic backups support a maximum of 60 days. For retention beyond 60 days, the long-term backup schedule is required.
+
+- **Storage costs:** Long-term backups incur additional Object Storage costs beyond the standard ADB storage bill.
+
+- **Restore from long-term backup:** Long-term backups can only be used to clone a new database, not to restore in-place. Go to your ADB in the OCI console → Backups → select the long-term backup → click Clone.

terraform/adb_long-term_backup_scheduling/README.md

@@ -0,0 +1,47 @@
+# ============================================================
+# main.tf — Existing ADB — backup retention and schedule
+# Updates automatic backup retention and configures a long-term
+# backup schedule on an existing Autonomous Database.
+# ============================================================
+
+resource "oci_database_autonomous_database" "adb" {
+  # Required by the provider schema — values must match the existing ADB.
+  compartment_id = var.compartment_ocid
+  db_name        = var.adb_db_name
+  admin_password = var.adb_admin_password
+
+  # ── Automatic backup retention ────────────────────────────
+  # Retention period for daily automatic backups (1–60 days).
+  # For retention beyond 60 days use long_term_backup_schedule below.
+  backup_retention_period_in_days = var.backup_retention_days
+
+  # ── Long-term backup schedule ─────────────────────────────
+  # OCI manages the schedule natively — no crontab or external tooling required.
+  # repeat_cadence options: ONE_TIME | WEEKLY | MONTHLY | YEARLY
+  # time_of_backup: RFC3339 timestamp — anchor point for the recurring schedule.
+  long_term_backup_schedule {
+    repeat_cadence           = var.backup_schedule_cadence
+    retention_period_in_days = var.long_term_backup_retention_days
+    time_of_backup           = var.backup_schedule_time
+    is_disabled              = false
+  }
+
+  # ── Lifecycle ─────────────────────────────────────────────
+  # Ignore fields not relevant to backup configuration so that
+  # Terraform does not attempt to modify the existing ADB.
+  lifecycle {
+    ignore_changes = [
+      admin_password,
+      display_name,
+      db_workload,
+      db_version,
+      compute_model,
+      compute_count,
+      data_storage_size_in_tbs,
+      license_model,
+      is_mtls_connection_required,
+      whitelisted_ips,
+      freeform_tags,
+    ]
+  }
+}

terraform/adb_long-term_backup_scheduling/main.tf

@@ -0,0 +1,30 @@
+# ============================================================
+# outputs.tf — Values exported after apply
+# ============================================================
+
+# ── ADB ───────────────────────────────────────────────────────
+output "adb_id" {
+  description = "OCID of the Autonomous Database"
+  value       = oci_database_autonomous_database.adb.id
+}
+
+output "backup_retention_days" {
+  description = "Automatic backup retention period in days"
+  value       = oci_database_autonomous_database.adb.backup_retention_period_in_days
+}
+
+# ── Long-term backup schedule ─────────────────────────────────
+output "backup_schedule_cadence" {
+  description = "Frequency of the long-term backup schedule"
+  value       = var.backup_schedule_cadence
+}
+
+output "backup_schedule_time" {
+  description = "Anchor timestamp for the long-term backup schedule"
+  value       = var.backup_schedule_time
+}
+
+output "long_term_backup_retention_days" {
+  description = "Long-term backup retention period in days"
+  value       = var.long_term_backup_retention_days
+}

terraform/adb_long-term_backup_scheduling/outputs.tf

@@ -0,0 +1,7 @@
+provider "oci" {
+  tenancy_ocid     = var.tenancy_ocid
+  user_ocid        = var.user_ocid
+  fingerprint      = var.fingerprint
+  private_key_path = var.private_key_path
+  region           = var.region
+}

terraform/adb_long-term_backup_scheduling/provider.tf

@@ -0,0 +1,21 @@
+# ── OCI Credentials ──────────────────────────────────────────
+tenancy_ocid     = ""
+user_ocid        = ""
+fingerprint      = ""
+private_key_path = ""
+region           = "us-ashburn-1"
+
+compartment_ocid = ""
+
+# ── Existing ADB ──────────────────────────────────────────────
+adb_ocid           = ""
+adb_db_name        = ""
+adb_admin_password = ""
+
+# ── Backup — automatic ────────────────────────────────────────
+backup_retention_days = 60   # 1–60 days
+
+# ── Backup — long-term schedule ───────────────────────────────
+backup_schedule_cadence         = "MONTHLY"              # ONE_TIME | WEEKLY | MONTHLY | YEARLY
+backup_schedule_time            = "2026-06-01T02:00:00Z" # RFC3339 — first backup and recurring anchor
+long_term_backup_retention_days = 365                    # 365=1yr | 730=2yr | 1825=5yr | 3650=10yr

terraform/adb_long-term_backup_scheduling/terraform.tfvars

@@ -0,0 +1,92 @@
+# ============================================================
+# variables.tf — Configurable parameters
+# ============================================================
+
+# ── OCI Credentials ──────────────────────────────────────────
+variable "tenancy_ocid" {
+  description = "OCID of the Oracle Cloud tenancy"
+  type        = string
+}
+
+variable "user_ocid" {
+  description = "OCID of the OCI user"
+  type        = string
+}
+
+variable "fingerprint" {
+  description = "Fingerprint of the user's API key"
+  type        = string
+}
+
+variable "private_key_path" {
+  description = "Path to the private key file (.pem)"
+  type        = string
+}
+
+variable "region" {
+  description = "OCI region where the ADB resides"
+  type        = string
+  default     = "us-ashburn-1"
+}
+
+variable "compartment_ocid" {
+  description = "OCID of the compartment where the ADB resides"
+  type        = string
+}
+
+# ── Existing ADB ──────────────────────────────────────────────
+variable "adb_ocid" {
+  description = "OCID of the existing Autonomous Database"
+  type        = string
+}
+
+variable "adb_db_name" {
+  description = "Technical database name of the existing ADB (must match exactly)"
+  type        = string
+}
+
+variable "adb_admin_password" {
+  description = "ADMIN password of the existing ADB (required by provider schema, not modified)"
+  type        = string
+  sensitive   = true
+}
+
+# ── Backup — automatic ────────────────────────────────────────
+variable "backup_retention_days" {
+  description = "Retention period for automatic daily backups (1–60 days)"
+  type        = number
+  default     = 30
+
+  validation {
+    condition     = var.backup_retention_days >= 1 && var.backup_retention_days <= 60
+    error_message = "Must be between 1 and 60 days."
+  }
+}
+
+# ── Backup — long-term schedule ───────────────────────────────
+variable "backup_schedule_cadence" {
+  description = "Frequency of the long-term backup schedule: ONE_TIME | WEEKLY | MONTHLY | YEARLY"
+  type        = string
+  default     = "MONTHLY"
+
+  validation {
+    condition     = contains(["ONE_TIME", "WEEKLY", "MONTHLY", "YEARLY"], var.backup_schedule_cadence)
+    error_message = "Must be one of: ONE_TIME, WEEKLY, MONTHLY, YEARLY."
+  }
+}
+
+variable "backup_schedule_time" {
+  description = "RFC3339 timestamp — anchor point for the recurring schedule. Example: 2025-06-01T02:00:00Z"
+  type        = string
+}
+
+variable "long_term_backup_retention_days" {
+  description = "Retention period for long-term backups in days (90–3650)"
+  type        = number
+  default     = 365
+
+  validation {
+    condition     = var.long_term_backup_retention_days >= 90 && var.long_term_backup_retention_days <= 3650
+    error_message = "Must be between 90 and 3650 days. Reference: 365=1yr, 730=2yr, 1825=5yr, 3650=10yr."
+  }
+}

terraform/adb_long-term_backup_scheduling/variables.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.5.0"
+
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = ">= 6.0.0"
+    }
+  }
+}

terraform/adb_long-term_backup_scheduling/versions.tf

@@ -1,17 +1,17 @@
 # ── OCI Credentials ──────────────────────────────────────────
-tenancy_ocid     = "ocid1.tenancy.oc1..aaaaaaaakc2xkehakt7bmhmipdbhz3tbkej53jzwmrlmuqoloydlotthkrbq"
-user_ocid        = "ocid1.user.oc1..aaaaaaaas3nxkab5ct2mhfno7j2ltpcsiyhi5xzrs7xwcprpmpbfoxvsylva"
-fingerprint      = "ae:0d:91:96:d9:10:07:81:ba:f4:b2:af:db:48:06:25"
-private_key_path = "/Users/davcarde/.oci/oci_api_key_t5.pem"
+tenancy_ocid     = ""
+user_ocid        = ""
+fingerprint      = ""
+private_key_path = ""
 region           = "us-ashburn-1"
 
-compartment_ocid = "ocid1.tenancy.oc1..aaaaaaaakc2xkehakt7bmhmipdbhz3tbkej53jzwmrlmuqoloydlotthkrbq"
+compartment_ocid = ""
 
 # ── ADB Configuration ─────────────────────────────────────────
-adb_display_name   = "xiaTest2"
-adb_db_name        = "xiaTest2"
-adb_admin_password = "HolaMundo1330"
-adb_workload_type  = "AJD"    # OLTP=ATP | DW=ADW | AJD=JSON | APEX
+adb_display_name   = ""
+adb_db_name        = ""
+adb_admin_password = ""
+adb_workload_type  = "LH"    # OLTP=ATP | LH=LAKEHOUSE | DW=ADW | AJD=JSON | APEX
 adb_cpu_core_count = 2       # ECPU: minimum 2, multiples of 2
 adb_storage_tbs    = 1
 adb_auto_scaling   = false