Merge remote-tracking branch 'scm/github' into release_2026-04-14

Author: oci-dex-release-bot

CHANGELOG.md

@@ -4,6 +4,21 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 
+## 65.112.0 - 2026-04-14
+### Added 
+- Support for filesystem snapshot locking for ransomware protection in the File Storage service 
+- Support for creating refresh-able metadata clones in Autonomous Database in the Database service 
+- Support for cross-region Data Guard for Azure, GCP, and AWS KMS-based databases in the Database MultiCloud service 
+- Support for multicloud policies API and OMHub Resource View and Policy Hub UI features in the Multicloud service 
+- Support for Development and Production domain group types in place of Lightweight and Standard in the OCI Internet of Things (OCI IoT) service 
+- Support for Fusion Data Intelligence (FDI) self-service integration in the Fusion Application as a Service 
+- Support for implementing Customer self-service feature to add egress ports in the Fusion Application as a Service 
+- Support for a new flag to the create and update capacity reservation APIs in the Compute service 
+- Support for alarms and notifications in the OCI Control Center service   
+
+### Breaking Changes 
+- The field `CompartmentIdInSubtree` removed from the model `ListNetworkAnchorsRequest` in the MultiCloud service
+
 ## 65.111.0 - 2026-04-07
 ### Added 
 - Support for managing OLVM environment and endpoint fields for asset sources in the Cloud Bridge service 

common/auth/federation_client_oke_workload_identity.go

@@ -31,6 +31,7 @@ type x509FederationClientForOkeWorkloadIdentity struct {
 	sessionKeySupplier           sessionKeySupplier
 	securityToken                securityToken
 	authClient                   *common.BaseClient
+	httpClient                   *http.Client
 	mux                          sync.Mutex
 	proxymuxEndpoint             string
 	saTokenProvider              ServiceAccountTokenProvider
@@ -46,10 +47,29 @@ func newX509FederationClientForOkeWorkloadIdentity(endpoint string, saTokenProvi
 	}
 
 	client.sessionKeySupplier = newSessionKeySupplier()
+	client.httpClient = newOkeWorkloadIdentityHTTPClient(kubernetesServiceAccountCert)
 
 	return client, nil
 }
 
+func newOkeWorkloadIdentityHTTPClient(kubernetesServiceAccountCert *x509.CertPool) *http.Client {
+	return &http.Client{
+		Timeout: 30 * time.Second,
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				RootCAs: kubernetesServiceAccountCert,
+			},
+		},
+	}
+}
+
+func (c *x509FederationClientForOkeWorkloadIdentity) proxymuxHTTPClient() *http.Client {
+	if c.httpClient == nil {
+		c.httpClient = newOkeWorkloadIdentityHTTPClient(c.kubernetesServiceAccountCert)
+	}
+	return c.httpClient
+}
+
 func (c *x509FederationClientForOkeWorkloadIdentity) renewSecurityToken() (err error) {
 	if err = c.sessionKeySupplier.Refresh(); err != nil {
 		return fmt.Errorf("failed to refresh session key: %s", err.Error())
@@ -73,15 +93,6 @@ type token struct {
 
 // getSecurityToken get security token from Proxymux
 func (c *x509FederationClientForOkeWorkloadIdentity) getSecurityToken() (securityToken, error) {
-	client := http.Client{
-		Timeout: 30 * time.Second,
-		Transport: &http.Transport{
-			TLSClientConfig: &tls.Config{
-				RootCAs: c.kubernetesServiceAccountCert,
-			},
-		},
-	}
-
 	publicKey := string(c.sessionKeySupplier.PublicKeyPemRaw())
 	common.Logf("Public Key for OKE Workload Identity is:", publicKey)
 	rawPayload := workloadIdentityRequestPayload{Podkey: publicKey}
@@ -110,7 +121,7 @@ func (c *x509FederationClientForOkeWorkloadIdentity) getSecurityToken() (securit
 	opcRequestID := utils.GenerateOpcRequestID()
 	request.Header.Set("opc-request-id", opcRequestID)
 
-	response, err := client.Do(request)
+	response, err := c.proxymuxHTTPClient().Do(request)
 	if err != nil {
 		return nil, fmt.Errorf("error %s", err)
 	}
@@ -123,6 +134,11 @@ func (c *x509FederationClientForOkeWorkloadIdentity) getSecurityToken() (securit
 		}
 	}(response.Body)
 
+	// Ensure body is read before returning, to allow connection reuse.
+	if _, err = body.ReadFrom(response.Body); err != nil {
+		return nil, fmt.Errorf("error reading Workload Identity token generation response: %s. Please contact OKE team", err)
+	}
+
 	statusCode := response.StatusCode
 	if statusCode != http.StatusOK {
 		if statusCode == http.StatusForbidden {
@@ -135,10 +151,6 @@ func (c *x509FederationClientForOkeWorkloadIdentity) getSecurityToken() (securit
 
 	}
 
-	if _, err = body.ReadFrom(response.Body); err != nil {
-		return nil, fmt.Errorf("error reading Workload Identity token generation response: %s. Please contact OKE team", err)
-	}
-
 	rawBody := body.String()
 	rawBody = rawBody[1 : len(rawBody)-1]
 	decodedBodyStr, err := base64.StdEncoding.DecodeString(rawBody)

common/auth/federation_client_test.go

@@ -7,6 +7,8 @@ import (
 	"bytes"
 	"crypto/rsa"
 	"crypto/x509"
+	"encoding/base64"
+	"encoding/json"
 	"encoding/pem"
 	"fmt"
 	"net/http"
@@ -453,6 +455,41 @@ func TestX509FederationClient_ClientHost(t *testing.T) {
 	}
 }
 
+func TestX509FederationClientForOkeWorkloadIdentity_ReusesHTTPClient(t *testing.T) {
+	proxymuxServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		encodedToken, err := json.Marshal(token{Token: "ST$" + expectedSecurityToken})
+		assert.NoError(t, err)
+		fmt.Fprintf(w, "%q", base64.StdEncoding.EncodeToString(encodedToken))
+	}))
+	defer proxymuxServer.Close()
+
+	federationClient, err := newX509FederationClientForOkeWorkloadIdentity(proxymuxServer.URL, &fakeSaTokenProvider{}, nil)
+	assert.NoError(t, err)
+
+	okeFederationClient, ok := federationClient.(*x509FederationClientForOkeWorkloadIdentity)
+	if !assert.True(t, ok) {
+		return
+	}
+
+	okeFederationClient.httpClient = proxymuxServer.Client()
+
+	mockSessionKeySupplier := new(mockSessionKeySupplier)
+	mockSessionKeySupplier.On("PublicKeyPemRaw").Return([]byte(sessionPublicKeyPem)).Twice()
+	okeFederationClient.sessionKeySupplier = mockSessionKeySupplier
+
+	sharedClient := okeFederationClient.httpClient
+
+	_, err = okeFederationClient.getSecurityToken()
+	assert.NoError(t, err)
+	assert.Same(t, sharedClient, okeFederationClient.httpClient)
+
+	_, err = okeFederationClient.getSecurityToken()
+	assert.NoError(t, err)
+	assert.Same(t, sharedClient, okeFederationClient.httpClient)
+
+	mockSessionKeySupplier.AssertExpectations(t)
+}
+
 func TestFederationAuthClientCircuitBreaker(t *testing.T) {
 	t.Setenv("OCI_SDK_AUTH_CLIENT_CIRCUIT_BREAKER_ENABLED", "True")
 	federationClient := &x509FederationClient{}

common/retry.go

@@ -185,10 +185,20 @@ var GlobalRetry *RetryPolicy = nil
 // RetryPolicyOption is the type of the options for NewRetryPolicy.
 type RetryPolicyOption func(rp *RetryPolicy)
 
-// String Converts retry policy to human-readable string representation
-func (rp RetryPolicy) String() string {
+// String converts retry policy to human-readable string representation
+// Safe to call on a nil *RetryPolicy
+func (rp *RetryPolicy) String() string {
+	if rp == nil {
+		return "<nil>"
+	}
+
+	nonECPolicy := "<nil>"
+	if rp.NonEventuallyConsistentPolicy != nil {
+		nonECPolicy = rp.NonEventuallyConsistentPolicy.String()
+	}
+
 	return fmt.Sprintf("{MaximumNumberAttempts=%v, MinSleepBetween=%v, MaxSleepBetween=%v, ExponentialBackoffBase=%v, NonEventuallyConsistentPolicy=%v}",
-		rp.MaximumNumberAttempts, rp.MinSleepBetween, rp.MaxSleepBetween, rp.ExponentialBackoffBase, rp.NonEventuallyConsistentPolicy)
+		rp.MaximumNumberAttempts, rp.MinSleepBetween, rp.MaxSleepBetween, rp.ExponentialBackoffBase, nonECPolicy)
 }
 
 // Validate returns true if the RetryPolicy is valid; if not, it also returns an error.

common/retry_test.go

@@ -286,6 +286,29 @@ func TestDefaultRetryPolicy(t *testing.T) {
 	}
 }
 
+func TestRetryPolicyString_NilPointerDoesNotPanic(t *testing.T) {
+	var policy *RetryPolicy = nil
+
+	assert.Equal(t, "<nil>", policy.String())
+}
+
+func TestRetryPolicyString_NilNonECPolicyDoesNotPanic(t *testing.T) {
+	policy := DefaultRetryPolicyWithoutEventualConsistency()
+	policyString := policy.String()
+
+	assert.Contains(t, policyString, "MaximumNumberAttempts=8")
+	assert.Contains(t, policyString, "MinSleepBetween=0")
+	assert.Contains(t, policyString, "MaxSleepBetween=30")
+	assert.Contains(t, policyString, "ExponentialBackoffBase=2")
+	assert.Contains(t, policyString, "NonEventuallyConsistentPolicy=<nil>")
+}
+
+func TestRetryPolicyString_WithNonECPolicy(t *testing.T) {
+	policy := DefaultRetryPolicy()
+
+	assert.Contains(t, policy.String(), "NonEventuallyConsistentPolicy={MaximumNumberAttempts=")
+}
+
 func TestRetryEOF(t *testing.T) {
 	policy := DefaultRetryPolicy()
 	// unroll an exponential retry policy with a specified maximum

common/version.go

@@ -36,6 +36,9 @@ type InstanceReservationShapeConfigDetails struct {
 
 	// The total amount of memory available to the instance, in gigabytes.
 	MemoryInGBs *float32 `mandatory:"false" json:"memoryInGBs"`
+
+	// This field is reserved for internal use.
+	ResourceManagement InstanceReservationShapeConfigDetailsResourceManagementEnum `mandatory:"false" json:"resourceManagement,omitempty"`
 }
 
 func (m InstanceReservationShapeConfigDetails) String() string {
@@ -48,8 +51,53 @@ func (m InstanceReservationShapeConfigDetails) String() string {
 func (m InstanceReservationShapeConfigDetails) ValidateEnumValue() (bool, error) {
 	errMessage := []string{}
 
+	if _, ok := GetMappingInstanceReservationShapeConfigDetailsResourceManagementEnum(string(m.ResourceManagement)); !ok && m.ResourceManagement != "" {
+		errMessage = append(errMessage, fmt.Sprintf("unsupported enum value for ResourceManagement: %s. Supported values are: %s.", m.ResourceManagement, strings.Join(GetInstanceReservationShapeConfigDetailsResourceManagementEnumStringValues(), ",")))
+	}
 	if len(errMessage) > 0 {
 		return true, fmt.Errorf("%s", strings.Join(errMessage, "\n"))
 	}
 	return false, nil
 }
+
+// InstanceReservationShapeConfigDetailsResourceManagementEnum Enum with underlying type: string
+type InstanceReservationShapeConfigDetailsResourceManagementEnum string
+
+// Set of constants representing the allowable values for InstanceReservationShapeConfigDetailsResourceManagementEnum
+const (
+	InstanceReservationShapeConfigDetailsResourceManagementDynamic InstanceReservationShapeConfigDetailsResourceManagementEnum = "DYNAMIC"
+	InstanceReservationShapeConfigDetailsResourceManagementStatic  InstanceReservationShapeConfigDetailsResourceManagementEnum = "STATIC"
+)
+
+var mappingInstanceReservationShapeConfigDetailsResourceManagementEnum = map[string]InstanceReservationShapeConfigDetailsResourceManagementEnum{
+	"DYNAMIC": InstanceReservationShapeConfigDetailsResourceManagementDynamic,
+	"STATIC":  InstanceReservationShapeConfigDetailsResourceManagementStatic,
+}
+
+var mappingInstanceReservationShapeConfigDetailsResourceManagementEnumLowerCase = map[string]InstanceReservationShapeConfigDetailsResourceManagementEnum{
+	"dynamic": InstanceReservationShapeConfigDetailsResourceManagementDynamic,
+	"static":  InstanceReservationShapeConfigDetailsResourceManagementStatic,
+}
+
+// GetInstanceReservationShapeConfigDetailsResourceManagementEnumValues Enumerates the set of values for InstanceReservationShapeConfigDetailsResourceManagementEnum
+func GetInstanceReservationShapeConfigDetailsResourceManagementEnumValues() []InstanceReservationShapeConfigDetailsResourceManagementEnum {
+	values := make([]InstanceReservationShapeConfigDetailsResourceManagementEnum, 0)
+	for _, v := range mappingInstanceReservationShapeConfigDetailsResourceManagementEnum {
+		values = append(values, v)
+	}
+	return values
+}
+
+// GetInstanceReservationShapeConfigDetailsResourceManagementEnumStringValues Enumerates the set of values in String for InstanceReservationShapeConfigDetailsResourceManagementEnum
+func GetInstanceReservationShapeConfigDetailsResourceManagementEnumStringValues() []string {
+	return []string{
+		"DYNAMIC",
+		"STATIC",
+	}
+}
+
+// GetMappingInstanceReservationShapeConfigDetailsResourceManagementEnum performs case Insensitive comparison on enum value and return the desired enum
+func GetMappingInstanceReservationShapeConfigDetailsResourceManagementEnum(val string) (InstanceReservationShapeConfigDetailsResourceManagementEnum, bool) {
+	enum, ok := mappingInstanceReservationShapeConfigDetailsResourceManagementEnumLowerCase[strings.ToLower(val)]
+	return enum, ok
+}

core/instance_reservation_shape_config_details.go

@@ -42,6 +42,9 @@ type AutonomousDatabaseConnectionUrls struct {
 
 	// The URL of the Database Transforms for the Autonomous AI Database.
 	DatabaseTransformsUrl *string `mandatory:"false" json:"databaseTransformsUrl"`
+
+	// The URL of the Spatial Studio for the Autonomous AI Database.
+	SpatialStudioUrl *string `mandatory:"false" json:"spatialStudioUrl"`
 }
 
 func (m AutonomousDatabaseConnectionUrls) String() string {

database/autonomous_database_connection_urls.go

@@ -62,6 +62,7 @@ const (
 	DatabaseToolNameDataTransforms  DatabaseToolNameEnum = "DATA_TRANSFORMS"
 	DatabaseToolNameOrds            DatabaseToolNameEnum = "ORDS"
 	DatabaseToolNameMongodbApi      DatabaseToolNameEnum = "MONGODB_API"
+	DatabaseToolNameSpatialStudio   DatabaseToolNameEnum = "SPATIAL_STUDIO"
 )
 
 var mappingDatabaseToolNameEnum = map[string]DatabaseToolNameEnum{
@@ -72,6 +73,7 @@ var mappingDatabaseToolNameEnum = map[string]DatabaseToolNameEnum{
 	"DATA_TRANSFORMS":  DatabaseToolNameDataTransforms,
 	"ORDS":             DatabaseToolNameOrds,
 	"MONGODB_API":      DatabaseToolNameMongodbApi,
+	"SPATIAL_STUDIO":   DatabaseToolNameSpatialStudio,
 }
 
 var mappingDatabaseToolNameEnumLowerCase = map[string]DatabaseToolNameEnum{
@@ -82,6 +84,7 @@ var mappingDatabaseToolNameEnumLowerCase = map[string]DatabaseToolNameEnum{
 	"data_transforms":  DatabaseToolNameDataTransforms,
 	"ords":             DatabaseToolNameOrds,
 	"mongodb_api":      DatabaseToolNameMongodbApi,
+	"spatial_studio":   DatabaseToolNameSpatialStudio,
 }
 
 // GetDatabaseToolNameEnumValues Enumerates the set of values for DatabaseToolNameEnum
@@ -103,6 +106,7 @@ func GetDatabaseToolNameEnumStringValues() []string {
 		"DATA_TRANSFORMS",
 		"ORDS",
 		"MONGODB_API",
+		"SPATIAL_STUDIO",
 	}
 }
 

database/database_tool.go

@@ -26,7 +26,7 @@
 // <br>
 // <b>AWS</b>:<br>
 // <b>Oracle AWS Connector Resource:</b>&nbsp;&nbsp;The Oracle AWS Connector Resource is used to install the AWS Identity Connector on an Exadata VM cluster in Oracle Exadata Database Service on Dedicated Infrastructure (ExaDB-D).
-// <b>Google AWS Key Resource:</b>&nbsp;&nbsp;The Oracle AWS Key Resource is used to register and manage a AWS Key within Oracle Cloud Infrastructure (OCI).
+// <b>Oracle AWS Key Resource:</b>&nbsp;&nbsp;The Oracle AWS Key Resource is used to register and manage a AWS Key within Oracle Cloud Infrastructure (OCI).
 //
 
 package dbmulticloud