[oci_core_ipsec_connection_tunnel_management] - Not all attributes exposed by the corresponding REST API are exposed(documented) by the provider

[cosmindev]

trafficstars

Hi OCI TF Provider Team,

• Looking at the CreateIPSecConnectionTunnelDetails OCI REST API details I see attributes like phaseOneConfig, phaseTwoConfig, oracleInitiation, and others that I need in my configuration.
• Those attributes do NOT appear in the corresponding OCI TF Resources documentation - oci_core_ipsec_connection_tunnel_management.
• Conversely, I see those attributes being covered in the provider, in the Go corresponding REST API wrapper: core_ipsec_connection_tunnel_management_resource.go. They are marked as Computed and not as Required and/or Optional: Example:

...			"oracle_can_initiate": {
				Type:     schema.TypeString,
				Computed: true,
			},
			"phase_one_details": {
				Type:     schema.TypeList,
				Computed: true,
				Elem: &schema.Resource{
					Schema: map[string]*schema.Schema{
						// Required

						// Optional

						// Computed
						"custom_authentication_algorithm": {
							Type:     schema.TypeString,
							Computed: true,
...

Questions:

1. Can I declare those attributes(phaseOneConfig, phaseTwoConfig, oracleInitiation) in my variables.tf file and then use them inside my oci_core_ipsec_connection_tunnel_management terraform OCI resource?
2. If the response to the question above is yes then should we assume that those attributes were just not documented but are supported in the OCI resource?
3. If the response to the question above is no then what does status like: Computed mean? If the attribute is not optional and not required but is computed it mean that those attributes values are automatically calculated? For the case above with phaseOneConfig, phaseTwoConfig, oracleInitiation how are those values calculated?
4. Are there also other similar situations to the one described here in the rest of the OCI TF provider resources?

Under the attention of: @cosmindev @jpalmeiro @kawaro79 @andrecorreaneto @ravinitp

[fbreckle]

I ran into the issue myself. While I am not affiliated with this provider, I know enough about terraform providers to answer your questions.

1. no, that would require them to also be Optional
3. Computed means that the provider will READ these values from the API and set the attributes in the resource, so that you can reference them in other resources or outputs, for example.

The actual question for me is: WHY can I not set these values via terraform? This is extremely annoying, because it forces me to break out of the terraform workflow to make manual changes.

I find this particularly remarkable because they adopted terraform as their official infrastructure tool in Resource Manager (which I find VERY commendable, don't get me wrong here).

Edit: There is also this related PR https://github.com/oracle/terraform-provider-oci/pull/1800

[andrecorreaneto]

Is this acknowledged by the dev team? It is impacting our ability to properly manage IP Sec tunnels in Terraform.

[iejones]

A bug fix with the following changes will be released on November 15th, 2023

• Allow to set phase_one_details and phase_two_details
• Allow to set nat_translation_enabled
• Allow to set oracle_can_initiate
• Add BGP IPv6 address