From f1f26b60313a229978bd5d7c64c282bacbcc26e8 Mon Sep 17 00:00:00 2001
From: HeinzOracle <heinz.mielimonka@oracle.com>
Date: Thu, 3 Aug 2023 10:25:30 +0200
Subject: [PATCH] block storage update

add migrating Oracle Cloud Infrastructure Volume Data Across Tenancies to Useful Links
---
 .../storage/block-storage/README.md           |  2 +
 .../block-storage/asset/secure.storage.sh     | 71 ++++++++++---------
 2 files changed, 39 insertions(+), 34 deletions(-)

diff --git a/cloud-infrastructure/storage/block-storage/README.md b/cloud-infrastructure/storage/block-storage/README.md
index d4b338791..b74209f36 100644
--- a/cloud-infrastructure/storage/block-storage/README.md
+++ b/cloud-infrastructure/storage/block-storage/README.md
@@ -32,6 +32,8 @@ We've designed our storage platform as an ideal complement to Oracle compute and
   - See all Block Storage Blogs from Oracle's Product Management.
 - [Block Storage Release Notes](https://docs.oracle.com/en-us/iaas/releasenotes/services/blockvolume/)
 - [Block Volumes FAQ](https://www.oracle.com/cloud/storage/block-volumes/faq)
+- [Migrate Oracle Cloud Infrastructure volume data across tenancies](https://docs.oracle.com/en/solutions/migrate-data-across-tenancies)
+  - Migrating data across tenancies can be a challenging task, but with proper planning and by using well-tested processes, you can migrate data from one tenancy to another safely, securely, and with little downtime.
 - [Oracle Cloud Infrastructure Vault: Block Volume Encryption](https://www.youtube.com/watch?v=3GBPIx4hlRU)
   - This video helps you to encrypt a block volume with the KMS Vault customer-managed encryption key.
 
diff --git a/cloud-infrastructure/storage/block-storage/asset/secure.storage.sh b/cloud-infrastructure/storage/block-storage/asset/secure.storage.sh
index f865e2eea..74a3d0336 100644
--- a/cloud-infrastructure/storage/block-storage/asset/secure.storage.sh
+++ b/cloud-infrastructure/storage/block-storage/asset/secure.storage.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Version: @(#).secure.storage.sh 1.0.0 
+# Version: @(#).secure.storage.sh 1.0.1 
 # License
 # Copyright (c) 2023 Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License (UPL), Version 1.0.
@@ -11,9 +11,11 @@
 #
 # Update history:
 #
+# V 1.0.1 12.07.2023 add Changing the encryption key for a volume backup
 # V 1.0.0 28.06.2023 initial version
 #
 
+
 # ---------------------------------------------------------------------------------------------------------------------------------------------
 # prepare environement (load functions)
 # ---------------------------------------------------------------------------------------------------------------------------------------------
@@ -36,14 +38,14 @@ echo "=====================================================================" >>
 echo "${PF1} $(date "+%d.%m.%Y %H:%M:%S") " >> "${LOG_FILE}"
 echo "${PF1} --------------------------------------------------------------" >> "${LOG_FILE}"
 
-color_print "${MYcolor}" "${PF1} create BLOCK volume"
-if [ 1 -eq 1 ] ; then # create BLOCK volume
 
+if [ 1 -eq 1 ] ; then # create BLOCK volume
+color_print "${MYcolor}" "${PF1} create BLOCK volume"
 if [ ${CREATE_BLOCK_VOLUME} -eq 1 ] ; then # create block volume 
   oci --profile "${REGION_PROFILE}" bv volume create --availability-domain "${FRANKFURT_AVAILABILITY_DOMAIN}" \
   --compartment-id "${COMPARTMENT_OCID}" \
-  --display-name "${FRANKFURT_BLOCK_VOLUME_NAME}" \
-  --size-in-gbs 50 \
+  --display-name   "${FRANKFURT_BLOCK_VOLUME_NAME}" \
+  --size-in-gbs    50 \
   --wait-for-state "AVAILABLE" 
 fi
  
@@ -61,8 +63,8 @@ fi
   done 
 fi
 
-color_print "${MYcolor}" "${PF1} get VAULT details"
 if [ 1 -eq 1 ] ; then # get VAULT details
+  color_print "${MYcolor}" "${PF1} get VAULT details"
   tempfile myTEMPFILE
   oci --profile "${REGION_PROFILE}" kms management vault get --vault-id "${VAULT_OCID}" > "${myTEMPFILE}"
   myNAME=$( cat "${myTEMPFILE}" | grep "display-name" | awk '{print $2}' |  sed 's/\"//g' | sed 's/,//g' )
@@ -76,9 +78,8 @@ if [ 1 -eq 1 ] ; then # get VAULT details
   echo "${PF1} Master Encryption Key name: ${myNAME}" >> "${LOG_FILE}"
 fi
 
-color_print "${MYcolor}" "${PF1} create BLOCK volume backup"
 if [ 1 -eq 1 ] ; then # create BLOCK volume backup
-
+color_print "${MYcolor}" "${PF1} create BLOCK volume backup"
 if [ ${CREATE_BLOCK_VOLUME_BACKUP} -eq 1 ] ; then # create block volume backup
   oci --profile "${REGION_PROFILE}" bv backup create --volume-id "${BLOCK_VOLUME_OCID}" --display-name "${FRANKFURT_BLOCK_VOLUME_NAME}Backup" --wait-for-state "AVAILABLE"
 fi
@@ -101,8 +102,7 @@ echo "${PF1} --------------------------------------------------------------" >>
 echo " " >> "${LOG_FILE}"
 fi
 
-
-MYOUTPUT="Secure Storage with Customer-managed Key" && MYCOUNT=$(($MYCOUNT + 1))
+MYOUTPUT="Secure Storage with Customer managed Key" && MYCOUNT=$(($MYCOUNT + 1))
 if [ 1 -eq 1 ] ; then
 color_print "${IGreen}" "($MYCOUNT) $(date "+%d.%m.%Y %H:%M:%S") : $MYOUTPUT"
 
@@ -116,60 +116,63 @@ echo "=====================================================================" >>
 echo "${PF1} $(date "+%d.%m.%Y %H:%M:%S")" >> "${LOG_FILE}"
 echo "${PF1} --------------------------------------------------------------" >> "${LOG_FILE}"
 
-color_print "${MYcolor}" "${PF1} BLOCK volume change from Oracle-managed Key to Customer-managed Key"
-if [ 1 -eq 1 ] ; then # BLOCK volume change from Oracle-managed Key to Customer-managed Key
+if [ 1 -eq 1 ] ; then # BLOCK volume change from Oracle managed Key to Customer managed Key
+  color_print "${MYcolor}" "${PF1} BLOCK volume change from Oracle managed Key to Customer managed Key"
   oci --profile "${REGION_PROFILE}" bv volume-kms-key update --volume-id "${BLOCK_VOLUME_OCID}" --kms-key-id "${MasterEncryptionKey_OCID}"
-  echo "${PF1} BLOCK volume change from Oracle-managed Key to Customer-managed Key" >> "${LOG_FILE}"
+  echo "${PF1} BLOCK volume change from Oracle managed Key to Customer managed Key ${MasterEncryptionKey_OCID}" >> "${LOG_FILE}"
 fi
 
-color_print "${MYcolor}" "${PF1} BLOCK volume backup change from Oracle-managed Key to Customer-managed Key (coming soon)"
-if [ 1 -eq 0 ] ; then # BLOCK volume backup change from Oracle-managed Key to Customer-managed Key (coming soon)
+if [ 1 -eq 1 ] ; then # BLOCK volume backup change from Oracle managed Key to Customer managed Key
 : ' ---------------------------------------------------------------------------------------------------------------------------------------
-Backup Data in Storage Services     https://docs.oracle.com/en/solutions/oci-best-practices/back-your-data1.html
+Backup Data in Storage Services                 https://docs.oracle.com/en/solutions/oci-best-practices/back-your-data1.html
+Changing the encryption key for a volume backup https://docs.oracle.com/en-us/iaas/releasenotes/changes/1d439da6-eeec-4fa2-acef-89be177ce266/
+Release Date: July 12, 2023; bv backup-kms-key update is availaible since oci cli version 3.29.3
 -------------------------------------------------------------------------------------------------------------------------------------------'
-  oci --profile "${REGION_PROFILE}" bv backup-kms-key update --volume-id "${BLOCK_VOLUME_BACKUP_OCID}" --kms-key-id "${MasterEncryptionKey_OCID}"
-  
+  color_print "${MYcolor}" "${PF1} BLOCK volume backup change from Oracle managed Key to Customer managed Key"
   oci --profile "${REGION_PROFILE}" bv backup update --volume-backup-id "${BLOCK_VOLUME_BACKUP_OCID}" --kms-key-id "${MasterEncryptionKey_OCID}"
-  echo "${PF1} BLOCK volume backup change from Oracle-managed Key to Customer-managed Key" >> "${LOG_FILE}"
+  echo "${PF1} BLOCK volume backup change from Oracle managed Key to Customer managed Key ${MasterEncryptionKey_OCID}" >> "${LOG_FILE}"
 fi
 
-color_print "${MYcolor}" "${PF1} Rotation of Customer-managed Key"
-if [ 1 -eq 1 ] ; then # Rotation of Customer-managed Key
-
+if [ 1 -eq 1 ] ; then # Rotation of Customer managed Key
 : ' ---------------------------------------------------------------------------------------------------------------------------------------
 Periodically rotating keys limits the amount of data 
 encrypted or signed by one key version. If a key is 
 ever compromised, key rotation thus reduces the risk.   https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm#concepts
 kms management key-version create                       https://docs.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/kms/management/key-version/create.html
 -------------------------------------------------------------------------------------------------------------------------------------------'
-
+  color_print "${MYcolor}" "${PF1} Rotation of Customer managed Key"
   oci --profile "${REGION_PROFILE}" kms management key-version create --key-id "${MasterEncryptionKey_OCID}" --endpoint "${ManagementEndpoint}" --wait-for-state "ENABLED"
-  echo "${PF1} Rotation of Customer-managed Key" >> "${LOG_FILE}"
+  echo "${PF1} Rotation of Customer managed Key" >> "${LOG_FILE}"
 fi
 
 echo "${PF1} --------------------------------------------------------------" >> "${LOG_FILE}"
 echo " " >> "${LOG_FILE}"
 fi
 
-MYOUTPUT="Secure Storage with Oracle-managed Key" && MYCOUNT=$(($MYCOUNT + 1))
+MYOUTPUT="Secure Storage with Oracle managed Key" && MYCOUNT=$(($MYCOUNT + 1))
 if [ 1 -eq 1 ] ; then
 color_print "${IGreen}" "($MYCOUNT) $(date "+%d.%m.%Y %H:%M:%S") : $MYOUTPUT"
 
-echo "Secure Storage with Oracle-managed Key" >> "${LOG_FILE}"
+echo "Secure Storage with Oracle managed Key" >> "${LOG_FILE}"
 echo "=====================================================================" >> "${LOG_FILE}"
 echo "${PF1} $(date "+%d.%m.%Y %H:%M:%S")" >> "${LOG_FILE}"
 echo "${PF1} --------------------------------------------------------------" >> "${LOG_FILE}"
 
-color_print "${MYcolor}" "${PF1} BLOCK volume change from Customer-managed Key to Oracle-managed Key"
 if [ 1 -eq 1 ] ; then # BLOCK volume change from Customer managed Key to Oracle managed Key
-  oci --profile "${REGION_PROFILE}" bv volume-kms-key update --volume-id "${BLOCK_VOLUME_OCID}" --kms-key-id "${MasterEncryptionKey_OCID}"
-  echo "${PF1} BLOCK volume change from Customer-managed Key to Oracle-managed Key" >> "${LOG_FILE}"
+  color_print "${MYcolor}" "${PF1} BLOCK volume change from Customer managed Key to Oracle managed Key"
+  oci --profile "${REGION_PROFILE}" bv volume-kms-key update --volume-id "${BLOCK_VOLUME_OCID}" --kms-key-id ""
+  echo "${PF1} BLOCK volume change from Customer managed Key to Oracle managed Key" >> "${LOG_FILE}"
 fi
 
-color_print "${MYcolor}" "${PF1} BLOCK volume backup change from Customer-managed Key to Oracle-managed Key (coming soon)"
-if [ 1 -eq 0 ] ; then # BLOCK volume backup change from Customer-managed Key to Oracle-managed Key (coming soon)
-  #oci --profile "${REGION_PROFILE}" bv backup-kms-key update --volume-id "${BLOCK_VOLUME_BACKUP_OCID}" --kms-key-id "${MasterEncryptionKey_OCID}" 
-  echo "${PF1} BLOCK volume backup change from Customer-managed Key to Oracle-managed Key" >> "${LOG_FILE}"
+if [ 1 -eq 1 ] ; then # BLOCK volume backup change from Customer managed Key to Oracle managed Key 
+: ' ---------------------------------------------------------------------------------------------------------------------------------------
+Backup Data in Storage Services                 https://docs.oracle.com/en/solutions/oci-best-practices/back-your-data1.html
+Changing the encryption key for a volume backup https://docs.oracle.com/en-us/iaas/releasenotes/changes/1d439da6-eeec-4fa2-acef-89be177ce266/
+Release Date: July 12, 2023; bv backup-kms-key update is availaible since oci cli version 3.29.3
+-------------------------------------------------------------------------------------------------------------------------------------------'
+  color_print "${MYcolor}" "${PF1} BLOCK volume backup change from Customer managed Key to Oracle managed Key"
+  oci --profile "${REGION_PROFILE}" bv backup update --volume-backup-id "${BLOCK_VOLUME_BACKUP_OCID}" --kms-key-id ""
+  echo "${PF1} BLOCK volume backup change from Customer managed Key to Oracle managed Key" >> "${LOG_FILE}"
 fi
 
 echo "${PF1} --------------------------------------------------------------" >> "${LOG_FILE}"
@@ -181,4 +184,4 @@ MYOUTPUT="End of Programm" && MYCOUNT=$(($MYCOUNT + 1))
 color_print "${IGreen}" "($MYCOUNT) $(date "+%d.%m.%Y %H:%M:%S") : $MYOUTPUT"
 # ---------------------------------------------------------------------------------------------------------------------------------------------
 # end of file
-# ---------------------------------------------------------------------------------------------------------------------------------------------
+# ---------------------------------------------------------------------------------------------------------------------------------------------
\ No newline at end of file