Merge branch 'main' into oci-security-health-check-standard-2503

Author: lvbirgelen

app-dev/devops-and-containers/devops/ansible-jenkins/README.md

@@ -18,5 +18,5 @@ can eventually be modified or forked.
 
 Although these limitations might not fit every use case, the code can be used as a reference and there are ways to lift them.
 
-[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/raw/main/app-dev/devops/ansible-jenkins/ansible-jenkins-rm.zip)
+[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/raw/main/app-dev/devops-and-containers/devops/ansible-jenkins/ansible-jenkins-rm.zip)
 

app-dev/devops-and-containers/functions/java-helloworld-with-local-dev-and-oci-functions/README.md

@@ -118,7 +118,6 @@ docker build -t fra.ocir.io/<YOUR OCI TENANCY NAMESPACE>/helloworld-java:1
 </pre>
 
 In the docker build command above replace the <code>region</code> if necessary and the <code>&lt;YOUR OCI TENANCY NAMESPACE&gt;</code> with yours.
-
 <p>
 
 After building let's do <code>docker login</code> and <code>docker push</code> to push the container to the OCIR repo:
@@ -130,6 +129,16 @@ docker login ams.ocir.io -u '&lt;YOUR OCI TENANCY NAMESPACE&gt;/oracleidentitycl
 docker push fra.ocir.io/&lt;YOUR OCI TENANCY NAMESPACE&gt;/helloworld-java:1
 </pre>
 
+<p>
+The same as above but using OCI cli to get the &lt;YOUR OCI TENANCY NAMESPACE&gt; which is especially handy in scripting:
+
+<pre>
+export namespace=$(oci os ns get | jq .data | tr -d '"')
+docker build -t fra.ocir.io/$namespace/helloworld-java:1 .
+docker push fra.ocir.io/$namespace/helloworld-java:1
+</pre>
+
+<p>
 The last step is to create the Function Application and the function deployment for it. This can be easily done using the Cloud UI. 
 
 <p>

app-dev/devops-and-containers/oke/README.md

@@ -51,6 +51,7 @@ Reviewed: 20.12.2023
 - [Selecting a cloud native microservice framework](https://louwersj.medium.com/selecting-a-cloud-native-microservice-framework-9974e9534da1)
 - [Deploying a spring boot microservice in K8s](https://techdozo.dev/deploying-a-restful-spring-boot-microservice-on-kubernetes/)
 - [Collection of Labs](https://oracle.github.io/cloudtestdrive/AppDev/cloud-native/livelabs/)
+- [OKE policies](./oke-policies/policies.md)
 
 # Reusable Assets Overview
 

app-dev/devops-and-containers/oke/oke-policies/policies.md

@@ -0,0 +1,146 @@
+## OKE Policies
+
+  
+
+### VCN NATIVE CNI
+
+When network compartment is not the same as OKE compartment AND OKE is using VCN\_NATIVE CNI
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpodnetworking\_topic-OCI\_CNI\_plugin.htm](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpodnetworking_topic-OCI_CNI_plugin.htm)  
+
+```
+Allow any-user to manage instances in compartment <compartment-ocid-of-nodepool> where all { request.principal.id = '<cluster-ocid>' }
+Allow any-user to use private-ips in compartment <compartment-ocid-of-network-resources> where all { request.principal.id = '<cluster-ocid>' }
+Allow any-user to use network-security-groups in compartment <compartment-ocid-of-network-resources> where all { request.principal.id = '<cluster-ocid>' }
+```
+
+  
+
+### USE IPv6 WITH VCN NATIVE CNI
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpodnetworking\_topic-OCI\_CNI\_plugin.htm](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpodnetworking_topic-OCI_CNI_plugin.htm)  
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/conteng\_ipv4-and-ipv6.htm](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/conteng_ipv4-and-ipv6.htm)  
+
+UNCLEAR: Maybe this policy is necessary for every IPv6 cluster
+
+```
+Allow any-user to use ipv6s in compartment <compartment-ocid-of-network-resources> where all { request.principal.id = '<cluster-ocid>' }
+```
+
+  
+
+### ENCRYPT BOOT VOLUME WITH KEY
+
+To encrypt OKE worker nodes boot volume with a key that is in a different compartment than the worker nodes
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpolicyconfig.htm#contengpolicyconfig\_topic\_Create\_Policies\_for\_User\_Managed\_Encryption](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpolicyconfig.htm#contengpolicyconfig_topic_Create_Policies_for_User_Managed_Encryption)  
+
+```
+Allow any-user to use key-delegates in <compartment-key> where ALL {request.principal.type='nodepool', target.key.id = '<key_OCID>'}
+Allow service blockstorage to use keys in compartment <compartment-key> where target.key.id = '<key_OCID>'
+Allow any-user to use key-delegates in compartment <compartment-key> where ALL {request.principal.type='nodepool', target.key.id = '<key_OCID>'}
+```
+
+  
+
+### ENCRYPT BLOCK VOLUME WITH KEY
+
+To enable encryption on block volumes with a key in a different compartment than the worker nodes
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpolicyconfig.htm#contengpolicyconfig\_topic\_Create\_Policies\_for\_User\_Managed\_Encryption](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpolicyconfig.htm#contengpolicyconfig_topic_Create_Policies_for_User_Managed_Encryption)  
+
+```
+Allow service blockstorage to use keys in compartment <compartment-key> where target.key.id = '<key-ocid>'
+Allow any-user to use key-delegates in compartment <compartment-key> where ALL {request.principal.type = 'cluster', target.key.id = '<key-ocid>'}
+```
+
+  
+
+### ENCRYPT FILE SYSTEM
+
+To enable in-transit/in-place encryption of FSS
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpolicyconfig.htm#contengpolicyconfig\_topic\_Create\_Policies\_for\_User\_Managed\_Encryption](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpolicyconfig.htm#contengpolicyconfig_topic_Create_Policies_for_User_Managed_Encryption)  
+
+```
+Dynamic Group
+ALL { resource.type='filesystem', resource.compartment.id = '<file_system_compartment_OCID>' }
+
+Allow dynamic-group <domain>/<dynamic-group-name> to use keys in compartment <key-compartment-name>
+Allow any-user to use key-delegates in compartment <compartment-key> where ALL {request.principal.type = 'cluster', target.key.id = '<key_OCID>'}
+```
+
+  
+
+### ENABLE CCM TO MANAGE NSGs FOR LBs and NLBs
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengconfiguringloadbalancersnetworkloadbalancers-subtopic.htm#contengcreatingloadbalancer\_topic-Specifying\_Load\_Balancer\_Security\_Rule\_Management\_Annotation](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengconfiguringloadbalancersnetworkloadbalancers-subtopic.htm#contengcreatingloadbalancer_topic-Specifying_Load_Balancer_Security_Rule_Management_Annotation)
+
+```
+ALLOW any-user to manage network-security-groups in compartment <compartment-name> where request.principal.type = 'cluster'
+ALLOW any-user to manage vcns in compartment <compartment-name> where request.principal.type = 'cluster'
+ALLOW any-user to manage virtual-network-family in compartment <compartment-name> where request.principal.type = 'cluster'
+```
+
+  
+
+### TAGGING RESOURCES DIFFERENT COMPARTMENT
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengtaggingclusterresources\_iam-tag-namespace-policy.htm#contengtaggingclusterresources\_iam-tag-namespace-policy](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengtaggingclusterresources_iam-tag-namespace-policy.htm#contengtaggingclusterresources_iam-tag-namespace-policy)
+
+```
+Allow any-user to use tag-namespace in compartment <compartment-ocid-tag-namespace> where all { request.principal.id = '<cluster-ocid>' }
+```
+
+  
+
+### USE MANAGED NODE POOL WITH CAPACITY RESERVATION
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengmakingcapacityreservations.htm#contengmakingcapacityreservations\_topic\_Using\_capacity\_reservations](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengmakingcapacityreservations.htm#contengmakingcapacityreservations_topic_Using_capacity_reservations)  
+
+```
+Allow service oke to use compute-capacity-reservations in compartment id <compartment_capacity>
+Allow any-user to use compute-capacity-reservations in tenancy where request.principal.type = 'nodepool'
+```
+
+  
+
+### USE RESERVED PUBLIC IP IN DIFFERENT COMPARTMENTS THAN OKE
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengconfiguringloadbalancersnetworkloadbalancers-subtopic.htm#contengcreatingloadbalancer\_topic\_Specifying\_Load\_Balancer\_Reserved\_IP](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengconfiguringloadbalancersnetworkloadbalancers-subtopic.htm#contengcreatingloadbalancer_topic_Specifying_Load_Balancer_Reserved_IP)  
+
+If it is a LB:
+
+```
+ALLOW any-user to read public-ips in tenancy where request.principal.type = 'cluster'
+ALLOW any-user to manage floating-ips in tenancy where request.principal.type = 'cluster'
+```
+
+  
+
+If it is a NLB:
+
+```
+ALLOW any-user to use private-ips in TENANCY where ALL {request.principal.type = 'cluster', request.principal.compartment.id = 'target.compartment.id'}
+ALLOW any-user to manage public-ips in TENANCY where ALL {request.principal.type = 'cluster', request.principal.compartment.id = 'target.compartment.id'}
+```
+
+  
+
+### ATTACH NSGs WHEN THEY ARE IN DIFFERENT COMPARTMENTS THAN OKE
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengconfiguringloadbalancersnetworkloadbalancers-subtopic.htm#contengcreatingloadbalancer\_topic\_Specifying\_Load\_Balancer\_Network\_Security\_Group](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengconfiguringloadbalancersnetworkloadbalancers-subtopic.htm#contengcreatingloadbalancer_topic_Specifying_Load_Balancer_Network_Security_Group)  
+
+```
+Allow any-user to use network-security-groups in compartment <network-compartment-ocid> where all { request.principal.id = '<cluster-ocid>' }
+```
+
+### USE A STATICALLY PROVISIONED SNAPSHOT WHEN IT IS IN A DIFFERENT COMPARTMENT
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengcreatingpersistentvolumeclaim_topic-Provisioning_PVCs_on_BV.htm#contengcreatingpersistentvolumeclaim_topic-Provisioning_PVCs_on_BV-PV_From_Snapshot_CSI__section_volume-snapshot-prerequisites](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengcreatingpersistentvolumeclaim_topic-Provisioning_PVCs_on_BV.htm#contengcreatingpersistentvolumeclaim_topic-Provisioning_PVCs_on_BV-PV_From_Snapshot_CSI__section_volume-snapshot-prerequisites)
+
+```
+ALLOW any-user to manage volume-backups in compartment <compartment-name> where request.principal.type = 'cluster'
+ALLOW any-user to use volumes in compartment <compartment-name> where request.principal.type = 'cluster'
+```

data-platform/data-development/sql/README.md

@@ -4,9 +4,11 @@ Welcome to the SQL repository of the Data Development team at Oracle. This repos
 
 Structured Query Language (SQL) is the standard programming language used for managing and manipulating relational databases. SQL allows you to perform a variety of operations such as querying data, updating records, creating and modifying schema, and controlling access to the database. It is a crucial skill for data developers and analysts, enabling efficient data retrieval and manipulation to support data-driven decision-making.
 
+PL/SQL, the Oracle procedural extension of SQL, is a portable, high-performance transaction-processing language. PL/SQL offers several advantages over other programming languages: from being tightly integrated with SQL to leveraging High Performance and High Productivity. PL/SQL is a portable and scalable Procedural Language which also increase Manageability and support for Object Oriented Programming. 
+
 Below you'll find an index to all the sections available in this repository, along with a brief introduction to what you can expect in each section.
 
-Reviewed: 20.11.2024
+Reviewed: 06.03.2024
 
 # Table of contents
 
@@ -59,6 +61,7 @@ To support your development journey, here are some valuable resources related to
 - [SQL Blog by Chris Saxon](https://blogs.oracle.com/sql)
 - [The Magic of SQL by Chris Saxon - YouTube Channel](https://www.youtube.com/c/TheMagicofSQL)
 - [SQL and Database explained! By Connor McDonald - YouTube Channel](https://www.youtube.com/@DatabaseDude)
+- [Learning is not a Spectator Sport - Connor McDonald Blog](https://connor-mcdonald.com)
 
 We hope you find these resources helpful in your SQL journey. If you have any questions or suggestions, please feel free to contribute or reach out to the team. Happy querying!
 
@@ -68,4 +71,5 @@ Copyright (c) 2024 Oracle and/or its affiliates.
 
 Licensed under the Universal Permissive License (UPL), Version 1.0.
 
-See [LICENSE](https://github.com/oracle-devrel/technology-engineering/blob/main/LICENSE) for more details.
+See [LICENSE](https://github.com/oracle-devrel/technology-engineering/blob/main/LICENSE) for more details.
+

data-platform/data-integration/oci-data-integration/README.md

@@ -2,7 +2,7 @@
 
 Data Integration is a fully managed, multi-tenant service that helps data engineers and developers with data movement and data loading tasks. Powered by Spark ETL or ELT processes, a large volume of data can be ingested from a variety of data assets; cleansed; transformed and reshaped; and efficiently loaded to Oracle Cloud Infrastructure target data assets.
 
-Reviewed: 24.04.2024
+Reviewed: 28.02.2025
 
 # Useful Link
 
@@ -26,11 +26,37 @@ Reviewed: 24.04.2024
 
 - [Automate Object Store file ingestion to DBCS with OCI DI](https://medium.com/@aporcescu/automating-oracle-object-store-file-loading-with-oci-data-integration-64f8d608601e)
     - A step-by-step blog article that explains how to trigger the OCI Data Integration job every time a new file is uploaded to the Object Store
-    
+ 
+- [How to create Parameters in OCI Data Integration (Part 1)](https://medium.com/@aporcescu/how-to-create-parameters-in-oci-data-integration-part-1-dc3782109f1c)
+  - This blog post explains how to create parameters in Oracle Cloud Infrastructure (OCI) Data Integration to enhance pipeline flexibility
+
+- [Pass values to Parameters automatically in OCI Data Integration (Part2)](https://medium.com/@aporcescu/pass-values-to-parameters-automatically-in-oci-di-cee5d98e2fbc)
+  - This step-by-step guide demonstrates how to automatically pass values to parameters in OCI Data Integration pipelines, using a procedure with an output variable to dynamically assign a filename to a subsequent integration task, streamlining workflow and eliminating manual entry
+
+- [Incremental File load with OCI Data Integration (Part 3)](https://medium.com/@aporcescu/incremental-file-load-with-oci-data-integration-part-3-b9814179a7d0)
+  - Automate incremental file loading from OCI Object Storage using Data Integration pipelines
+
+- [Trigger Scripts with OCI Data Integration](https://medium.com/@aporcescu/trigger-scripts-with-oci-data-integration-b4fd483d9431)
+  - Trigger scripts from OCI Data Integration pipelines using OCI Functions and Paramiko 
+
+- [Export/Import use cases for OCI Data Integration](https://www.ateam-oracle.com/post/oci-data-integration-exportimport-use-cases)
+  - OCI Data Integration's new export/import feature streamlines development, deployment, and governance by enabling seamless transfer of projects and objects across workspaces. Use cases include backups, version control, environment migration, sandbox creation, tenancy migration, disaster recovery, and enhanced collaboration
+
+- [OCI Data Integration Service Templates](https://blogs.oracle.com/dataintegration/post/oci-data-integration-service-templates)
+  - Leverage prebuilt templates in OCI Data Integration to simplify data operations, automate tasks, and customize data flows across OCI and multi-cloud environments
+
+- [Using OCI DI and Functions for Fusion SaaS data load](https://www.ateam-oracle.com/post/using-oci-di-and-functions-for-fusion-saas-data-load)
+  - Load data from Fusion SaaS using OCI Data Integration and Functions
+
+- [Extract data from Fusion Application using BI Publisher in OCI DI](https://blogs.oracle.com/cloud-infrastructure/post/extract-data-from-fusion-application-using-bi-publisher-in-oci-di)
+  - Extract data from Oracle Fusion Applications using BI Publisher and OCI Data Integration
+
+- [Data Integration and sFTP](https://blogs.oracle.com/dataintegration/post/data-integration-and-sftp)
+  - Use OCI Data Integration and REST tasks with OCI Functions to SFTP data to/from Object Storage
 
 # License
 
-Copyright (c) 2024 Oracle and/or its affiliates.
+Copyright (c) 2025 Oracle and/or its affiliates.
 
 Licensed under the Universal Permissive License (UPL), Version 1.0.
 

data-platform/exadata-cloud-at-customer/exacc-infra/README.md

@@ -12,6 +12,8 @@ Reviewed: 24.06.2024
 
 - [Oracle Exadata Configuration Assistant (OECA)](https://www.oracle.com/database/technologies/oeca-download.html)
 
+- [Oracle EMCC extracts sizing script and documentaion](assets/Oracle_EMCC_sizing_extracts.zip)
+
 ## Useful Documentation
 - [Managing VM Clusters](https://docs.oracle.com/en/engineered-systems/exadata-cloud-at-customer/ecccm/ecc-manage-vm-clusters.html)
 

data-platform/exadata-cloud-at-customer/exacc-infra/assets/Oracle_EMCC_sizing_extracts.zip

@@ -1,6 +1,29 @@
 # Exadata Cloud@Customer Value
 
-Reviewed: 24.06.2024
+Reviewed: 28.02.2025
+
+# Videos
+A short video series covering different aspects of the Oracle Exadata Cloud@Customer - the best platform for running your Oracle Databases in the cloud behind your firewall.
+
+**Episode 1 - Introductions to Exadata Cloud@Customer:**
+[![Episode 1 - Introduction](images/Ep1_TN.jpg "Episode 1 - Introduction")](https://lnkd.in/gb9pHt8Z)
+
+**Episode 2 - Exadata Cloud@Customer Networking:**
+[![Episode 2 - Networking](images/Ep2_TN.jpg "Episode 2 - Networking")](https://lnkd.in/e2YcMUn5)
+
+**Episode 3 - VM Clusters on Exadata Cloud@Customer:**
+[![Episode 3 - VM Clusters](images/Ep3_TN.jpg "Episode 3 - VM Clusters")](https://lnkd.in/gdTmDbFw)
+
+**Episode 4 - Exadata Cloud@Customer X11M Introduction:**
+[![Episode 4 - X11M](images/Ep4_TN.jpg "Episode 4 - X11M")](https://lnkd.in/e7C96jBx)
+
+**Episode 5 - Autonomous Database on Exadata Cloud@Customer:**
+[![Episode 5 - X11M](images/Ep5_TN.jpg "Episode 5 - Autonomous Database")](https://lnkd.in/eQkZzKvk)
+
+The below videos are showcasing best practices and how-to's with a technical and hands-on approach.
+
+**Learn how to optimize Exadata Database Service performance using IORM (I/O Resource Manager):** 
+[![IORM](images/Ep5_TN.jpg "Exadata Database Service Resource Management – IORM")](https://youtu.be/vXkWR6Uc0vM)
 
 # Useful Links
 

data-platform/exadata-cloud-at-customer/exacc-value/README.md

@@ -50,7 +50,8 @@ Reviewed: 15.11.2024
     - Detailed, step-by-step instructions for Modernising OS and Shape of Oracle Base Database Systems with Data Guard using Refreshable PDBs , available on Amalraj Puthenchira's public platform
 - [Migrating to latest generation of Exadata Database Service on Dedicated Infrastructure without worrying about RTO/RPO](https://amalrajputhenchira.wordpress.com/2025/02/17/migrating-to-latest-generation-of-exadata-database-service-on-dedicated-infrastructure-without-worrying-about-rto-rpo/)
     - Detailed, step-by-step instructions for Migrating Database from existing ExaDB-D to latest generation of ExaDB-D , available on Amalraj Puthenchira's public platform
-
+- [Migrate and Upgrade your Oracle Base Database to Exadata Database Service on Exascale Infrastructure using AutoUpgrade](https://amalrajputhenchira.wordpress.com/2025/03/03/migrate-your-oracle-base-database-to-exadata-database-service-on-exascale-infrastructure-using-autoupgrade/)
+    - Detailed, step-by-step instructions for Migrate and Upgrade Oracle Base Database 19c to ExaDB-XS using AutoUpgrade , available on Amalraj Puthenchira's public platform
 # Useful Links
 
 - [OCI Migration Hub - Migrate Oracle Databases to OCI](https://www.oracle.com/database/cloud-migration/)