Automation Toolkit Release v10.1

Author: bhlohumi

cd3_automation_toolkit/ManagementServices/Logging/enable_terraform_logging.py

@@ -26,12 +26,15 @@ def parse_args():
     parser = argparse.ArgumentParser(description="Create Groups terraform file")
     parser.add_argument('outdir', help='Output directory for creation of TF files')
     parser.add_argument('prefix', help='TF files prefix')
-    parser.add_argument("service_dir",help="subdirectory under region directory in case of separate out directory structure")
+    parser.add_argument("service_dir",
+                        help="subdirectory under region directory in case of separate out directory structure for kms/oss")
+    parser.add_argument("service_dir_iam",
+                        help="subdirectory under region directory in case of separate out directory structure for identity")
     parser.add_argument("comp_name", help="compartment name")
     parser.add_argument("region_name", help="region name")
     parser.add_argument("--configFileName", help="Config file name", required=False)
 
-def enable_cis_oss_logging(outdir, prefix, region_name, comp_name, config=DEFAULT_LOCATION):
+def enable_cis_oss_logging(outdir, service_dir, service_dir_iam,prefix, region_name, comp_name, config=DEFAULT_LOCATION):
 
     # Declare variables
     configFileName = config
@@ -83,7 +86,7 @@ def enable_cis_oss_logging(outdir, prefix, region_name, comp_name, config=DEFAUL
     loggrouptfStr = template.render(tempStr, count = 0, logs = 'true', loggroup = 'false').replace(srcStr, template.render(tempStr, logs = 'true')+"\n"+srcStr)
 
     # Write TF string to the file in respective region directory
-    reg_out_dir = outdir + "/" + region_name
+    reg_out_dir = outdir + "/" + region_name +"/" + service_dir
     if not os.path.exists(reg_out_dir):
         os.makedirs(reg_out_dir)
 
@@ -337,4 +340,4 @@ def enable_load_balancer_logging(filename, outdir, service_dir, prefix, config=D
 if __name__ == '__main__':
     # Execution of the code begins here
     args = parse_args()
-    enable_cis_oss_logging(args.outdir, args.prefix, args.config, args.service_dir, args.region_name, args.comp_name)
+    enable_cis_oss_logging(args.outdir, args.service_dir, args.service_dir_iam,args.prefix, args.config, args.service_dir, args.region_name, args.comp_name)

cd3_automation_toolkit/Network/LoadBalancers/create_terraform_lbr_hostname_certs.py

@@ -245,12 +245,6 @@ def certificate_templates(dfcert):
                 columnvalue = commonTools.check_tf_variable(columnvalue)
                 tempdict = {'compartment_tf_name': columnvalue}
 
-            if columnname == "Reserved IP (Y|N|OCID)":
-                columnname = "reserved_ips_id"
-                if columnvalue != "":
-                    if "," in columnvalue:
-                        columnvalue = columnvalue.split(",")
-
             if columnname == "LBR Name":
                 if columnvalue != '':
                     lbr_tf_name = commonTools.check_tf_variable(columnvalue)

cd3_automation_toolkit/Security/KeyVault/create_terraform_keyvault.py

@@ -25,13 +25,17 @@ def parse_args():
     # Read the arguments
     parser = argparse.ArgumentParser(description="Create Key/Vault terraform file")
     parser.add_argument('outdir', help='Output directory for creation of TF files')
+    parser.add_argument("service_dir",
+                        help="subdirectory under region directory in case of separate out directory structure")
+    parser.add_argument("service_dir_iam",
+                        help="subdirectory under region directory in case of separate out directory structure for identity")
     parser.add_argument('prefix', help='TF files prefix')
     parser.add_argument("region_name", help="region name")
     parser.add_argument("comp_name", help="compartment name")
     parser.add_argument("--configFileName", help="Config file name", required=False)
     return parser.parse_args()
 
-def create_cis_keyvault(outdir, prefix, region_name, comp_name, config=DEFAULT_LOCATION):
+def create_cis_keyvault(outdir, service_dir, service_dir_iam, prefix, region_name, comp_name, config=DEFAULT_LOCATION):
 
     # Declare variables
     configFileName = config
@@ -69,6 +73,7 @@ def create_cis_keyvault(outdir, prefix, region_name, comp_name, config=DEFAULT_L
     tempStr['vault_name'] = vault_name
     tempStr['vault_tf_name'] = vault_name
     tempStr['management_endpoint'] = vault_name
+    tempStr['algorithm'] = "AES"
 
     vaultStr = vaultStr + vault_template.render(tempStr)
     keyStr= keyStr + key_template.render(tempStr)
@@ -88,11 +93,11 @@ def create_cis_keyvault(outdir, prefix, region_name, comp_name, config=DEFAULT_L
 
     if finalstring != "":
         resource = "keyvault"
-        srcdir = outdir + "/" + region_name + "/"
+        srcdir = outdir + "/" + region_name + "/" + service_dir +"/"
         commonTools.backup_file(srcdir, resource, auto_tfvars_filename)
 
         # Write to TF file
-        outfile = outdir + "/" + region_name + "/" + auto_tfvars_filename
+        outfile = outdir + "/" + region_name + "/" + service_dir + "/" + auto_tfvars_filename
         oname = open(outfile, "w+")
         print(outfile + " containing TF for Key/Vault has been created for region "+region_name)
         oname.write(finalstring)
@@ -101,4 +106,4 @@ def create_cis_keyvault(outdir, prefix, region_name, comp_name, config=DEFAULT_L
 if __name__ == '__main__':
     # Execution of the code begins here
     args = parse_args()
-    create_cis_keyvault(args.outdir, args.prefix, args.config, args.region_name, args.comp_name)
+    create_cis_keyvault(args.outdir, args.service_dir, args.service_dir_iam, args.prefix, args.config, args.region_name, args.comp_name)

cd3_automation_toolkit/Storage/ObjectStorage/create_terraform_oss.py

@@ -25,12 +25,14 @@ def parse_args():
     # Read the arguments
     parser = argparse.ArgumentParser(description="Create Groups terraform file")
     parser.add_argument('outdir', help='Output directory for creation of TF files')
+    parser.add_argument("service_dir",help="subdirectory under region directory in case of separate out directory structure for kms/oss")
+    parser.add_argument("service_dir_iam",help="subdirectory under region directory in case of separate out directory structure for identity")
     parser.add_argument('prefix', help='TF files prefix')
     parser.add_argument("region_name", help="region name")
     parser.add_argument("comp_name", help="compartment name")
     parser.add_argument("--configFileName", deafult=DEFAULT_LOCATION, help="Config file name", required=False)
 
-def create_cis_oss(outdir, prefix, region_name, comp_name, config):
+def create_cis_oss(outdir, service_dir, service_dir_iam, prefix, region_name, comp_name, config):
     # Declare variables
     configFileName = config
     comp_name = comp_name.strip()
@@ -78,7 +80,7 @@ def create_cis_oss(outdir, prefix, region_name, comp_name, config):
     tempPolStr['description']='Policy allowing OCI OSS service to access Key in the Vault service.'
     tempPolStr['policy_statements'] = ''
     for reg in ct.all_regions:
-        actual_policy_statement = "Allow service objectstorage-"+ct.region_dict[reg]+" to use keys in compartment "+comp_name
+        actual_policy_statement = "allow service objectstorage-"+ct.region_dict[reg]+" to use keys in compartment "+comp_name
         tempPolStr['policy_statements'] = "\""+actual_policy_statement + "\","+tempPolStr['policy_statements']
     tfPolStr=tfPolStr + policyTemplate.render(tempPolStr)
     tfPolStr = tfPolStr + """ ]
@@ -87,15 +89,15 @@ def create_cis_oss(outdir, prefix, region_name, comp_name, config):
     tfPolStr = tfPolStr.replace('-#Addstmt]', '')
 
     # Write TF string to the file in respective region directory
-    reg_out_dir = outdir + "/" + region_name
+    reg_out_dir = outdir + "/" + region_name + "/" + service_dir
     if not os.path.exists(reg_out_dir):
         os.makedirs(reg_out_dir)
 
-    home_reg_out_dir = outdir + "/" + home_region
+    home_reg_out_dir = outdir + "/" + home_region + "/" + service_dir_iam
     outfile = reg_out_dir + "/" + oss_auto_tfvars_filename
     outPolfile= home_reg_out_dir +"/"+ oss_policy_auto_tfvars_filename
 
-    srcdir = reg_out_dir + "/"
+    srcdir = reg_out_dir
     resource = 'oss'
     commonTools.backup_file(srcdir, resource, oss_auto_tfvars_filename)
     commonTools.backup_file(srcdir, resource, oss_policy_auto_tfvars_filename)
@@ -129,4 +131,4 @@ def create_cis_oss(outdir, prefix, region_name, comp_name, config):
 
 if __name__ == '__main__':
     args = parse_args()
-    create_cis_oss(args.outdir, args.prefix, args.region_name, args.comp_name, args.config)
+    create_cis_oss(args.outdir, args.service_dir, args.service_dir_iam,args.prefix, args.region_name, args.comp_name, args.config)

cd3_automation_toolkit/setUpOCI.py

@@ -812,13 +812,20 @@ def create_cis_features():
     execute_options(options, outdir, prefix, config)
 
 def create_cis_keyvault_oss_log(*args,**kwargs):
+    if len(outdir_struct) != 0:
+        service_dir = outdir_struct['kms']
+        service_dir_iam = outdir_struct['identity']
+    else:
+        service_dir = ""
+        service_dir_iam= ""
+
     region_name = input("Enter region name eg ashburn where you want to create OSS Bucket and Key/Vault: ")
     comp_name = input("Enter name of compartment as it appears in OCI Console: ")
 
     options = [Option(None, Security.create_cis_keyvault, 'Creating KeyVault'),
                Option(None, Storage.create_cis_oss, 'Creating Object Storage Bucket'),
                Option(None, ManagementServices.enable_cis_oss_logging, 'Enabling Logging for write events to bucket')]
-    execute_options(options, outdir, prefix,region_name, comp_name, config=config)
+    execute_options(options, outdir, service_dir, service_dir_iam,prefix,region_name, comp_name, config=config)
 
 def create_cis_budget(*args,**kwargs):
     if len(outdir_struct) != 0:

cd3_automation_toolkit/user-scripts/terraform/identity.tf

@@ -208,4 +208,26 @@ module "iam-policies" {
 output "policies_id_map" {
   value = [ for k,v in merge(module.iam-policies.*...) : v.policies_id_map]
 }
-*/
+*/
+
+module "oss-policies" {
+  source   = "./modules/identity/iam-policy"
+  for_each = var.oss_policies != null ? var.oss_policies : {}
+
+  tenancy_ocid          = var.tenancy_ocid
+  policy_name           = each.value.name
+  policy_compartment_id = each.value.compartment_id != "root" ? (length(regexall("ocid1.compartment.oc1*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : var.tenancy_ocid
+  policy_description    = each.value.policy_description
+  policy_statements     = each.value.policy_statements
+
+  #Optional
+  defined_tags        = each.value.defined_tags != {} ? each.value.defined_tags : {}
+  freeform_tags       = each.value.freeform_tags != {} ? each.value.freeform_tags : {}
+  policy_version_date = each.value.policy_version_date != null ? each.value.policy_version_date : null
+}
+
+/*
+output "oss_policies_id_map" {
+  value = [ for k,v in merge(module.oss-policies.*...) : v.policies_id_map]
+}
+*/

cd3_automation_toolkit/user-scripts/terraform/instance.tf

@@ -23,6 +23,7 @@ data "oci_core_vcns" "oci_vcns" {
 module "instances" {
   source                 = "./modules/compute/instance"
   for_each               = var.instances != null ? var.instances : {}
+  # depends_on           = [module.dedicated-hosts]   # Uncomment to create DVH and Instances together
   availability_domain    = each.value.availability_domain != "" && each.value.availability_domain != null ? data.oci_identity_availability_domains.availability_domains.availability_domains[each.value.availability_domain].name : ""
   compartment_id         = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null
   network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null

cd3_automation_toolkit/user-scripts/terraform/loadbalancer.tf

@@ -58,7 +58,7 @@ module "load-balancers" {
   network_security_group_ids = each.value.nsg_ids
   key_name                   = each.key
   load_balancers             = var.load_balancers
-  reserved_ips_id            = lower(each.value.reserved_ips_id) != "n" && each.value.reserved_ips_id != null ? (length(regexall("ocid1.publicip.oc1*", each.value.reserved_ips_id)) > 0 ? [each.value.reserved_ips_id] : [merge(module.lbr-reserved-ips.*...)[join("-", [each.key, "reserved", "ip"])].reserved_ip_tf_id]) : []
+  reserved_ips_id            = each.value.reserved_ips_id != null ? (lower(each.value.reserved_ips_id) != "n" ? (length(regexall("ocid1.publicip.oc1*", each.value.reserved_ips_id)) > 0 ? [each.value.reserved_ips_id] : [merge(module.lbr-reserved-ips.*...)[join("-", [each.key, "reserved", "ip"])].reserved_ip_tf_id]) : []) : []
 }
 
 /*

cd3_automation_toolkit/user-scripts/terraform/object-storage.tf

@@ -10,28 +10,6 @@ data "oci_objectstorage_namespace" "bucket_namespace" {
   compartment_id = var.tenancy_ocid
 }
 
-module "oss-policies" {
-  source   = "./modules/identity/iam-policy"
-  for_each = var.oss_policies != null ? var.oss_policies : {}
-
-  tenancy_ocid          = var.tenancy_ocid
-  policy_name           = each.value.name
-  policy_compartment_id = each.value.compartment_id != "root" ? (length(regexall("ocid1.compartment.oc1*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : var.tenancy_ocid
-  policy_description    = each.value.policy_description
-  policy_statements     = each.value.policy_statements
-
-  #Optional
-  defined_tags        = each.value.defined_tags != {} ? each.value.defined_tags : {}
-  freeform_tags       = each.value.freeform_tags != {} ? each.value.freeform_tags : {}
-  policy_version_date = each.value.policy_version_date != null ? each.value.policy_version_date : null
-}
-
-/*
-output "oss_policies_id_map" {
-  value = [ for k,v in merge(module.oss-policies.*...) : v.policies_id_map]
-}
-*/
-
 #############################
 # Module Block - Object Storage
 # Create Object Storage