oracle-quickstart · SiddharthSahu09 · Jan 8, 2026 · Jan 16, 2026 · Jan 20, 2026 · Jan 22, 2026
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -1,8 +1,6 @@
 # Copyright (c) 2023, 2026, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
-### Removing network validation script from provisioning flow temporarily.
-/*
 module "network-validation" {
   source                         = "./modules/network-validator"
   count                          = local.use_existing_subnets && !var.skip_network_validation ? 1 : 0
@@ -24,11 +22,12 @@ module "network-validation" {
   existing_mount_target_nsg_id   = var.add_existing_nsg && var.add_fss ? var.existing_mount_target_nsg_id : ""
   existing_bastion_nsg_id        = var.add_existing_nsg && var.is_bastion_instance_required ? var.existing_bastion_nsg_id : ""
   lb_source_cidr                 = var.add_load_balancer ? (var.is_lb_private ? "" : "0.0.0.0/0") : ""
+  secure_mode                    = var.configure_secure_mode
+  idcs_cloudgate_port            = var.idcs_cloudgate_port
 }
-*/
 
 module "system-tags" {
-  #depends_on     = [module.network-validation]
+  depends_on     = [module.network-validation]
   source         = "./modules/resource-tags"
   compartment_id = var.compartment_ocid
   service_name   = var.service_name
@@ -212,7 +211,7 @@ module "network-bastion-subnet" {
 }
 
 module "policies" {
-  #depends_on             = [module.network-validation]
+  depends_on             = [module.network-validation]
   source                 = "./modules/policies"
   count                  = var.create_policies ? 1 : 0
   compartment_id         = var.compartment_ocid
@@ -256,7 +255,7 @@ module "policies" {
 }
 
 module "bastion" {
-  #depends_on          = [module.network-validation]
+  depends_on          = [module.network-validation]
   source              = "./modules/compute/bastion"
   count               = (!local.assign_weblogic_public_ip && local.is_bastion_instance_required && var.existing_bastion_instance_id == "") ? 1 : 0
   availability_domain = local.bastion_availability_domain
@@ -344,7 +343,7 @@ module "network-mount-target-private-subnet" {
 }
 
 module "vcn-peering" {
-  #depends_on                     = [module.network-validation]
+  depends_on                     = [module.network-validation]
   count                          = local.is_vcn_peering ? 1 : 0
   source                         = "./modules/network/vcn-peering"
   resource_name_prefix           = local.service_name_prefix
@@ -362,7 +361,6 @@ module "vcn-peering" {
 }
 
 module "validators" {
-  #depends_on = [module.network-validation]
   source                     = "./modules/validators"
   compartment_id             = var.compartment_ocid
   service_name               = var.service_name
@@ -492,7 +490,7 @@ module "validators" {
 }
 
 module "fss" {
-  #depends_on = [module.network-validation]
+  depends_on = [module.network-validation]
   source = "./modules/fss"
   count  = var.add_fss ? 1 : 0
 
@@ -515,7 +513,7 @@ module "fss" {
 }
 
 module "load-balancer" {
-  #depends_on = [module.network-validation]
+  depends_on = [module.network-validation]
   source = "./modules/lb/loadbalancer"
   count  = (local.add_load_balancer && var.existing_load_balancer_id == "") ? 1 : 0
 
@@ -536,6 +534,7 @@ module "load-balancer" {
 }
 
 module "rms-private-endpoint" {
+  depends_on = [module.network-validation]
   source = "./modules/rms-private-endpoint"
   count  = local.is_rms_private_endpoint_required && local.add_new_rms_private_endpoint ? 1 : 0
 
@@ -552,7 +551,7 @@ module "rms-private-endpoint" {
 }
 
 module "observability-common" {
-  #depends_on = [module.network-validation]
+  depends_on = [module.network-validation]
   source = "./modules/observability/common"
   count  = var.use_oci_logging ? 1 : 0
 
@@ -562,7 +561,7 @@ module "observability-common" {
 }
 
 module "observability-autoscaling" {
-  #depends_on = [module.network-validation]
+  depends_on = [module.network-validation]
   source = "./modules/observability/autoscaling"
   count  = var.use_autoscaling ? 1 : 0
 
@@ -595,6 +594,7 @@ module "observability-autoscaling" {
 }
 
 module "observability-osmh"{
+  depends_on          = [module.network-validation]
   source              = "./modules/observability/osmh"
   count               = local.create_profile ? 1 : 0
   tenancy_id          = var.tenancy_ocid
@@ -603,6 +603,7 @@ module "observability-osmh"{
 }
 
 module "compute" {
+  depends_on             = [module.network-validation]
   source                 = "./modules/compute/wls_compute"
   add_loadbalancer       = local.add_load_balancer
   is_lb_private          = var.is_lb_private
@@ -619,7 +620,8 @@ module "compute" {
   wls_subnet_id          = var.wls_subnet_id
   region                 = var.region
   ssh_public_key         = var.ssh_public_key
-  compute_nsg_ids        = local.compute_nsg_ids  
+  compute_nsg_ids        = local.compute_nsg_ids
+  num_ads                = local.num_ads
   tenancy_id                = var.tenancy_ocid
   tf_script_version         = var.tf_script_version
   use_regional_subnet       = local.use_regional_subnet
@@ -750,7 +752,7 @@ module "compute" {
 }
 
 module "load-balancer-backends" {
-  #depends_on = [module.network-validation]
+  depends_on = [module.network-validation]
   source = "./modules/lb/backends"
   count  = local.add_load_balancer ? 1 : 0
 
@@ -768,7 +770,7 @@ module "load-balancer-backends" {
 }
 
 module "observability-logging" {
-  #depends_on = [module.network-validation]
+  depends_on = [module.network-validation]
   source = "./modules/observability/logging"
   count  = var.use_oci_logging ? 1 : 0
 
@@ -786,7 +788,7 @@ module "observability-logging" {
 }
 
 module "provisioners" {
-  #depends_on = [module.network-validation]
+  depends_on = [module.network-validation]
   source = "./modules/provisioners"
 
   existing_bastion_instance_id     = var.existing_bastion_instance_id

diff --git a/terraform/modules/compute/wls_compute/data_sources.tf b/terraform/modules/compute/wls_compute/data_sources.tf
@@ -1,4 +1,4 @@
-# Copyright (c) 2023, Oracle and/or its affiliates.
+# Copyright (c) 2023, 2026, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 data "oci_identity_fault_domains" "wls_fault_domains" {
@@ -7,7 +7,7 @@ data "oci_identity_fault_domains" "wls_fault_domains" {
 }
 
 data "template_file" "ad_names" {
-  count    = length(data.oci_identity_availability_domains.ADs.availability_domains)
+  count    = var.num_ads
   template = (length(regexall("^.*Flex", var.instance_shape.instanceShape)) > 0 || length(regexall("^BM.*", var.instance_shape.instanceShape)) > 0 || (tonumber(lookup(data.oci_limits_limit_values.compute_shape_service_limits[count.index].limit_values[0], "value")) > 0)) ? lookup(data.oci_identity_availability_domains.ADs.availability_domains[count.index], "name") : ""
 }
 
@@ -16,7 +16,7 @@ data "oci_identity_availability_domains" "ADs" {
 }
 
 data "oci_limits_limit_values" "compute_shape_service_limits" {
-  count          = length(data.oci_identity_availability_domains.ADs.availability_domains)
+  count          = var.num_ads
   compartment_id = var.tenancy_id
   service_name   = "compute"
 
@@ -35,24 +35,13 @@ data "template_file" "key_script" {
   }
 }
 
-data "oci_core_shapes" "oci_shapes" {
-  count               = length(data.oci_identity_availability_domains.ADs.availability_domains)
-  compartment_id      = var.compartment_id
-  image_id            = var.instance_image_id
-  availability_domain = lookup(data.oci_identity_availability_domains.ADs.availability_domains[count.index], "name")
-  filter {
-    name   = "name"
-    values = [var.instance_shape.instanceShape]
-  }
-}
-
 data "oci_database_autonomous_database" "atp_db" {
   count                  = local.is_atp_db ? 1 : 0
   autonomous_database_id = var.jrf_parameters.atp_db_parameters.atp_db_id
 }
 
 data "template_file" "atp_nsg_id" {
-  count    = local.is_atp_db && !local.is_db_deleted ? 1 : 0
+  count    = local.is_atp_db ? 1 : 0
   template = length(data.oci_database_autonomous_database.atp_db[0].nsg_ids) > 0 ? data.oci_database_autonomous_database.atp_db[0].nsg_ids[0] : ""
 }
 
@@ -76,6 +65,6 @@ data "oci_database_database" "ocidb_database" {
 }
 
 data "oci_database_db_home" "ocidb_db_home" {
-  count      = local.is_ocidb_system_id_available && !local.is_db_deleted ? 1 : 0
+  count      = local.is_ocidb_system_id_available  ? 1 : 0
   db_home_id = data.oci_database_database.ocidb_database[0].db_home_id
 }
diff --git a/terraform/modules/compute/wls_compute/variables.tf b/terraform/modules/compute/wls_compute/variables.tf
@@ -1,4 +1,4 @@
-# Copyright (c) 2023, 2024, Oracle and/or its affiliates.
+# Copyright (c) 2023, 2026, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 variable "tenancy_id" {
@@ -353,3 +353,8 @@ variable "certificate_id" {
   default     = ""
 }
 
+variable "num_ads" {
+  type = number
+  description = "Number of availability domains per region in the tenancy"
+}
+
diff --git a/terraform/modules/network-validator/locals.tf b/terraform/modules/network-validator/locals.tf
@@ -1,4 +1,4 @@
-# Copyright (c) 2023, Oracle and/or its affiliates.
+# Copyright (c) 2023, 2026, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 locals {
@@ -20,4 +20,6 @@ locals {
   validation_script_existing_lb_nsg_id_param             = var.existing_lb_nsg_id != "" ? format("--lbnsg %s", var.existing_lb_nsg_id) : ""
   validation_script_existing_mount_target_nsg_id_param   = var.existing_mount_target_nsg_id != "" ? format("--fssnsg %s", var.existing_mount_target_nsg_id) : ""
   validation_script_existing_bastion_nsg_id_param        = var.existing_bastion_nsg_id != "" ? format("--bastionnsg %s", var.existing_bastion_nsg_id) : ""
+  validation_script_secure_mode_param                    = var.secure_mode != "" ? format("--securemode %s", var.secure_mode) : ""
+  validation_script_idcs_cloudgate_port_param            = var.idcs_cloudgate_port != "" ? format("--idcs_port %s", var.idcs_cloudgate_port) : ""
 }
diff --git a/terraform/modules/network-validator/scripts/network_validation.sh b/terraform/modules/network-validator/scripts/network_validation.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #
-# Copyright (c) 2023, 2025, Oracle and/or its affiliates.
+# Copyright (c) 2023, 2026, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 # ############################################################################
@@ -1346,7 +1346,7 @@ then
   fi
 
   if [[ $res -ne 0 ]]; then
-    echo "ERROR: Egress rule - DB port ${DB_PORT} is not open for access by DB Subnet CIDR [${db_subnet_cidr_block}] in WLS Subnet [${WLS_SUBNET_OCID}] or in WLS NSG [${MANAGED_SRV_NSG_OCID}]."
+    echo "ERROR: Egress rule - DB port ${ATP_DB_PORT} is not open for access by DB Subnet CIDR [${db_subnet_cidr_block}] in WLS Subnet [${WLS_SUBNET_OCID}] or in WLS NSG [${MANAGED_SRV_NSG_OCID}]."
     validation_return_code=2
   fi
 fi
@@ -1451,7 +1451,7 @@ then
           done
         elif [[ $res -ne 0 ]]
         then
-          echo "ERROR: Port ${ADMIN_HTTPS_PORT} is not open for access by [$bastion_cidr_block] in WLS Subnet [$WLS_SUBNET_OCID]. ${NETWORK_VALIDATION_MSG}"
+          echo "ERROR: Port ${ADMIN_HTTPS_PORT} is not open for access by bastion subnet cidr [$bastion_cidr_block] in WLS Subnet [$WLS_SUBNET_OCID]. ${NETWORK_VALIDATION_MSG}"
           validation_return_code=2
         fi
       fi
@@ -1466,7 +1466,7 @@ then
           done
         elif [[ $res -ne 0 ]]
         then
-          echo "ERROR: Port ${ADMIN_HTTPS_PORT} is not open for access by [$bastion_cidr_block] in Admin Server NSG [$ADMIN_SRV_NSG_OCID]. ${NETWORK_VALIDATION_MSG}"
+          echo "ERROR: Port ${ADMIN_HTTPS_PORT} is not open for access by bastion subnet cidr [$bastion_cidr_block] in Admin Server NSG [$ADMIN_SRV_NSG_OCID]. ${NETWORK_VALIDATION_MSG}"
           validation_return_code=2
         fi
       fi

diff --git a/terraform/modules/network-validator/validator.tf b/terraform/modules/network-validator/validator.tf
@@ -1,9 +1,9 @@
-# Copyright (c) 2023, Oracle and/or its affiliates.
+# Copyright (c) 2023, 2026, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 resource "null_resource" "validate_network" {
   provisioner "local-exec" {
-    command     = "chmod +x ./scripts/network_validation.sh && ./scripts/network_validation.sh ${local.validation_script_wls_subnet_param} ${local.validation_script_bastion_subnet_param} ${local.validation_script_bastion_ip_param} ${local.validation_script_lb_subnet_1_param} ${local.validation_script_lb_subnet_2_param} ${local.validation_script_wls_lb_port} ${local.validation_script_lb_source_cidr_param} ${local.validation_script_mount_target_subnet_param} ${local.validation_script_atp_db_id_param} ${local.validation_script_oci_db_dbsystem_id_param} ${local.validation_script_oci_db_port_param} ${local.validation_script_http_port_param} ${local.validation_script_https_port_param} ${local.validation_script_existing_admin_server_nsg_id_param} ${local.validation_script_existing_managed_server_nsg_id_param} ${local.validation_script_existing_lb_nsg_id_param} ${local.validation_script_existing_mount_target_nsg_id_param} ${local.validation_script_existing_bastion_nsg_id_param}"
+    command     = "chmod +x ./scripts/network_validation.sh && ./scripts/network_validation.sh ${local.validation_script_wls_subnet_param} ${local.validation_script_bastion_subnet_param} ${local.validation_script_bastion_ip_param} ${local.validation_script_lb_subnet_1_param} ${local.validation_script_lb_subnet_2_param} ${local.validation_script_wls_lb_port} ${local.validation_script_lb_source_cidr_param} ${local.validation_script_mount_target_subnet_param} ${local.validation_script_atp_db_id_param} ${local.validation_script_oci_db_dbsystem_id_param} ${local.validation_script_oci_db_port_param} ${local.validation_script_http_port_param} ${local.validation_script_https_port_param} ${local.validation_script_existing_admin_server_nsg_id_param} ${local.validation_script_existing_managed_server_nsg_id_param} ${local.validation_script_existing_lb_nsg_id_param} ${local.validation_script_existing_mount_target_nsg_id_param} ${local.validation_script_existing_bastion_nsg_id_param} ${local.validation_script_secure_mode_param} ${local.validation_script_idcs_cloudgate_port_param}"
     interpreter = ["/bin/bash", "-c"]
     working_dir = path.module
   }

diff --git a/terraform/modules/network-validator/variables.tf b/terraform/modules/network-validator/variables.tf
@@ -1,4 +1,4 @@
-# Copyright (c) 2023, Oracle and/or its affiliates.
+# Copyright (c) 2023, 2026, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 variable "wls_subnet_id" {
@@ -90,3 +90,13 @@ variable "lb_source_cidr" {
   type        = string
   description = "Set to empty value if loadbalancer is set to private"
 }
+
+variable "secure_mode" {
+  type = bool
+  description = "Indicates whether the secure mode is enabled or not"
+}
+
+variable "idcs_cloudgate_port" {
+  type        = number
+  description = "The listen port for the Identity Cloud Service App Gateway, which authenticates requests and redirects them to WebLogic Server"
+}
diff --git a/terraform/modules/observability/osmh/create_profile.tf b/terraform/modules/observability/osmh/create_profile.tf
@@ -1,8 +1,8 @@
 resource "oci_os_management_hub_software_source_change_availability_management" "software_source_change_availability_management" {
-   for_each = toset(local.filtered_sources)  
+   for_each = toset(local.software_source_names)
 
   software_source_availabilities {
-    software_source_id  = each.value  
+    software_source_id  = local.software_source_id_by_name[each.key]
     availability_at_oci = var.software_availabilty
   }
 }

diff --git a/terraform/modules/observability/osmh/locals.tf b/terraform/modules/observability/osmh/locals.tf
@@ -1,3 +1,6 @@
+# Copyright (c) 2023, 2026, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
+
 locals {
   all_tenancy_osmh_software_sources = data.oci_os_management_hub_software_sources.all_tenancy_osmh_software_sources.software_source_collection[0].items
   software_source_names = [
@@ -11,8 +14,15 @@ locals {
     "ol8_mysql80_community-x86_64"
   ]
 
+  software_source_id_by_name = {
+    for src in local.all_tenancy_osmh_software_sources :
+    src.display_name => src.id
+  }
+
   filtered_sources = [
-    for src in local.all_tenancy_osmh_software_sources : src.id
-    if contains(local.software_source_names, src.display_name)
+    for name in local.software_source_names :
+    local.software_source_id_by_name[name]
+    if contains(keys(local.software_source_id_by_name), name)
   ]
 }
+
diff --git a/terraform/network_variables.tf b/terraform/network_variables.tf
@@ -1,4 +1,4 @@
-# Copyright (c) 2023, Oracle and/or its affiliates.
+# Copyright (c) 2023, 2026, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 # Variable used in UI only
@@ -265,10 +265,8 @@ variable "wait_time_wls_vnc_dns_resolver" {
   default = 60
 }
 
-/*
 variable "skip_network_validation" {
   type        = bool
-  description = "Used in case there is something really wrong with the validation and we need to skip it"
+  description = "Allows skipping the network validation when the validation cannot be completed successfully."
   default     = false
 }
-*/
diff --git a/terraform/schema.yaml b/terraform/schema.yaml
@@ -34,6 +34,7 @@ groupings:
       - ${subnet_type}
       - ${subnet_span}
       - ${add_existing_nsg}
+      - ${skip_network_validation}
 
   - title: "WebLogic Domain Configuration"
     variables:
@@ -997,6 +998,22 @@ variables:
     dependsOn:
       compartmentId: ${wls_admin_secret_compartment_id}
 
+    #Network Validation script execution
+  skip_network_validation:
+    visible:
+      and:
+        - not:
+            - ${orm_create_mode}
+        - not:
+            - ${create_new_vcn}
+        - not:
+            - ${create_new_subnets}
+    type: boolean
+    default: false
+    title: "Skip Validation of Existing Network"
+    description: "Skip running the network validation script for the selected existing VCN. See <a target=\"_blank\" href=\"https://docs.oracle.com/pls/topic/lookup?ctx=en/cloud/paas/weblogic-cloud/user&id=oci_network_validate\">Validate Existing Network Setup</a>"
+
+
   # WLS Network Configuration
   wls_vcn_name:
     visible: