diff --git a/Dockerfile b/Dockerfile index de7645d8a..27d174602 100755 --- a/Dockerfile +++ b/Dockerfile @@ -15,6 +15,7 @@ RUN microdnf install -y sudo && \ chown -R $USERNAME:$USERNAME /cd3user/tenancies/ && \ microdnf install -y vim && \ microdnf install -y dnf && \ + microdnf install -y graphviz && \ echo 'alias vi="vim"' >> /etc/bashrc USER $USERNAME diff --git a/OCIWorkVMStack/main.tf b/OCIWorkVMStack/main.tf index 347e468ea..adf74ba58 100644 --- a/OCIWorkVMStack/main.tf +++ b/OCIWorkVMStack/main.tf @@ -38,6 +38,7 @@ module "instance" { instance_shape = var.instance_shape instance_ram = var.instance_ram instance_ocpus = var.instance_ocpus + boot_volume_size = var.boot_volume_size instance_ad = var.instance_ad instance_fd = var.instance_fd ssh_public_key = var.ssh_public_key diff --git a/OCIWorkVMStack/modules/compute/instance.tf b/OCIWorkVMStack/modules/compute/instance.tf index 8fac1be72..2393d788d 100644 --- a/OCIWorkVMStack/modules/compute/instance.tf +++ b/OCIWorkVMStack/modules/compute/instance.tf @@ -6,7 +6,6 @@ resource "oci_core_instance" "instances" { shape = var.instance_shape shape_config { - memory_in_gbs = var.instance_ram ocpus = var.instance_ocpus #baseline_ocpu_utilization = var.baseline_ocpu_utilization @@ -14,7 +13,7 @@ resource "oci_core_instance" "instances" { source_details { source_id = var.instance_image_ocid source_type = "image" - #boot_volume_size_in_gbs = var.boot_volume_size + boot_volume_size_in_gbs = var.boot_volume_size } create_vnic_details { #assign_public_ip = local.PulicIP == true ? "false" : "true" @@ -30,6 +29,20 @@ resource "oci_core_instance" "instances" { config_region = var.config_region user_data = fileexists("${path.root}/scripts/${var.cloud_init_script}") ? "${base64encode(file("${path.root}/scripts/${var.cloud_init_script}"))}" : null } + instance_options { + are_legacy_imds_endpoints_disabled = "true" + } + + is_pv_encryption_in_transit_enabled = "true" + agent_config { + are_all_plugins_disabled = "false" + is_management_disabled = "false" + is_monitoring_disabled = "false" + plugins_config { + desired_state = "ENABLED" + name = "Bastion" + } + } lifecycle { ignore_changes = [] diff --git a/OCIWorkVMStack/modules/compute/variables.tf b/OCIWorkVMStack/modules/compute/variables.tf index 772d0364b..4a7594c23 100644 --- a/OCIWorkVMStack/modules/compute/variables.tf +++ b/OCIWorkVMStack/modules/compute/variables.tf @@ -57,6 +57,12 @@ variable "instance_ocpus" { default = 1 } +variable "boot_volume_size" { + description = "Boot volume size" + type = number + default = 50 +} + variable "instance_ad" { description = "The Availability domain in which instance will be provisioned." type = string diff --git a/OCIWorkVMStack/schema.yaml b/OCIWorkVMStack/schema.yaml index 834eb9cb9..890701e8c 100644 --- a/OCIWorkVMStack/schema.yaml +++ b/OCIWorkVMStack/schema.yaml @@ -29,10 +29,12 @@ variableGroups: - instance_shape - instance_ocpus - instance_ram + - boot_volume_size - instance_ad - instance_fd - ssh_public_key + - title : "Networking Details for CD3 Automation Toolkit WorkVM" variables: - vcn_strategy @@ -165,7 +167,16 @@ variables: maximum: 1024 multipleOf: 1 required: true - + boot_volume_size: + visible: + type: integer + title: Boot volume size in GBs + description: Boot volume size in GBs. Default is 50 GB and value should be multiple of 1. + default: 50 + minimum: 50 + maximum: 32768 + multipleOf: 1 + required: true instance_ad: type: oci:identity:availabilitydomain:name title: Select Availability domain diff --git a/OCIWorkVMStack/variables.tf b/OCIWorkVMStack/variables.tf index b0a84c25c..bbda8ee16 100644 --- a/OCIWorkVMStack/variables.tf +++ b/OCIWorkVMStack/variables.tf @@ -99,6 +99,12 @@ variable "instance_ocpus" { default = 1 } +variable "boot_volume_size" { + description = "Boot volume size" + type = number + default = 50 +} + variable "instance_ad" { description = "The Availability domain in which instance will be provisioned." type = string diff --git a/README.md b/README.md index a3cb74ab9..b03344e74 100755 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Additionally, the toolkit also supports seamless resource management using OCI D 🚀 Click the below button to quickly launch CD3 toolkit container in Oracle Cloud and start managing your Infra as Code.
-[![Deploy_To_OCI](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/cd3-automation-toolkit/archive/refs/heads/main.zip) +[![Deploy_To_OCI](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/cd3-automation-toolkit/archive/refs/heads/develop.zip)
diff --git a/cd3_automation_toolkit/Compute/export_instances_nonGreenField.py b/cd3_automation_toolkit/Compute/export_instances_nonGreenField.py index d7a5e5b33..70b4b2905 100644 --- a/cd3_automation_toolkit/Compute/export_instances_nonGreenField.py +++ b/cd3_automation_toolkit/Compute/export_instances_nonGreenField.py @@ -371,8 +371,8 @@ def export_instances(inputfile, outdir, service_dir,config1, signer1, ct, export tempStrKeys = "\n" + tempStrKeys tempStrKeys = "#START_instance_ssh_keys#" + tempStrKeys + "\t#instance_ssh_keys_END#" - if ("\\n" in tempStrKeys): - tempStrKeys = tempStrKeys.replace("\\n", "\\\\n") + if ("\\" in tempStrKeys): + tempStrKeys = tempStrKeys.replace("\\", "\\\\") var_data[reg] = re.sub('#START_instance_ssh_keys#.*?#instance_ssh_keys_END#', tempStrKeys, var_data[reg],flags=re.DOTALL) diff --git a/cd3_automation_toolkit/Compute/templates/dedicatedvmhosts-template b/cd3_automation_toolkit/Compute/templates/dedicatedvmhosts-template index ad49be637..b87e6768e 100644 --- a/cd3_automation_toolkit/Compute/templates/dedicatedvmhosts-template +++ b/cd3_automation_toolkit/Compute/templates/dedicatedvmhosts-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Dedicated VM Hosts # Dedicated VM Hosts - tfvars diff --git a/cd3_automation_toolkit/Compute/templates/instances-template b/cd3_automation_toolkit/Compute/templates/instances-template index a2bf6d905..1cabcf51b 100644 --- a/cd3_automation_toolkit/Compute/templates/instances-template +++ b/cd3_automation_toolkit/Compute/templates/instances-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Instances # Instance - tfvars @@ -90,10 +91,10 @@ instances = { {% if plugin_match %} plugins_details = { {% if plugin_bastion %} - Bastion = "{{ plugin_bastion.upper() }}", + Bastion = "{{ plugin_bastion.upper() }}" {% endif %} {% if plugin_management_agent %} - "Management Agent" = "{{ plugin_management_agent.upper() }}", + "Management Agent" = "{{ plugin_management_agent.upper() }}" {% endif %} {% if plugin_vulnerability_scanning %} "Vulnerability Scanning" = "{{ plugin_vulnerability_scanning.upper() }}" @@ -125,6 +126,13 @@ instances = { {% if plugin_compute_hpc_rdma_auto_configuration %} "Compute HPC RDMA Auto-Configuration" = "{{ plugin_compute_hpc_rdma_auto_configuration.upper() }}" {% endif %} + {% if plugin_os_management_hub_agent %} + "OS Management Hub Agent" = "{{ plugin_os_management_hub_agent.upper() }}" + {% endif %} + {% if plugin_cloud_guard_workload_protection %} + "Cloud Guard Workload Protection" = "{{ plugin_cloud_guard_workload_protection.upper() }}" + {% endif %} + } {% endif %} diff --git a/cd3_automation_toolkit/CostManagement/Budget/templates/budget-alert-rule-template b/cd3_automation_toolkit/CostManagement/Budget/templates/budget-alert-rule-template index ddbc175ec..bb115eb77 100644 --- a/cd3_automation_toolkit/CostManagement/Budget/templates/budget-alert-rule-template +++ b/cd3_automation_toolkit/CostManagement/Budget/templates/budget-alert-rule-template @@ -1,7 +1,4 @@ {% if count == 0 %} - -// Copyright (c) 2024, Oracle and/or its affiliates. - ############################ # Governance # Create Budget Alert Rules diff --git a/cd3_automation_toolkit/CostManagement/Budget/templates/budget-template b/cd3_automation_toolkit/CostManagement/Budget/templates/budget-template index 2f16a66a7..9a43e2939 100644 --- a/cd3_automation_toolkit/CostManagement/Budget/templates/budget-template +++ b/cd3_automation_toolkit/CostManagement/Budget/templates/budget-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2024, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Governance # Create Budgets diff --git a/cd3_automation_toolkit/Database/templates/adb-template b/cd3_automation_toolkit/Database/templates/adb-template index 8efa3a7e0..82e87f6ec 100644 --- a/cd3_automation_toolkit/Database/templates/adb-template +++ b/cd3_automation_toolkit/Database/templates/adb-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # ADB # ADB - tfvars diff --git a/cd3_automation_toolkit/Database/templates/dbsystems-vm-bm-template b/cd3_automation_toolkit/Database/templates/dbsystems-vm-bm-template index 3d51cea2f..a48c6d79e 100644 --- a/cd3_automation_toolkit/Database/templates/dbsystems-vm-bm-template +++ b/cd3_automation_toolkit/Database/templates/dbsystems-vm-bm-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Database # DBSystem-VM-BM - tfvars diff --git a/cd3_automation_toolkit/Database/templates/exa-infra-template b/cd3_automation_toolkit/Database/templates/exa-infra-template index f33d306b2..9b3d901ef 100644 --- a/cd3_automation_toolkit/Database/templates/exa-infra-template +++ b/cd3_automation_toolkit/Database/templates/exa-infra-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Database # ExaInfra - tfvars diff --git a/cd3_automation_toolkit/Database/templates/exa-vmclusters-template b/cd3_automation_toolkit/Database/templates/exa-vmclusters-template index 9291baea2..79fa9f1bb 100644 --- a/cd3_automation_toolkit/Database/templates/exa-vmclusters-template +++ b/cd3_automation_toolkit/Database/templates/exa-vmclusters-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Database # ExaVMClusters - tfvars diff --git a/cd3_automation_toolkit/DeveloperServices/OKE/templates/cluster-template b/cd3_automation_toolkit/DeveloperServices/OKE/templates/cluster-template index 42dad0ca5..34f9079de 100644 --- a/cd3_automation_toolkit/DeveloperServices/OKE/templates/cluster-template +++ b/cd3_automation_toolkit/DeveloperServices/OKE/templates/cluster-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Developer Services # OKE Cluster - tfvars diff --git a/cd3_automation_toolkit/DeveloperServices/OKE/templates/nodepool-template b/cd3_automation_toolkit/DeveloperServices/OKE/templates/nodepool-template index fef94fb84..2360774cf 100644 --- a/cd3_automation_toolkit/DeveloperServices/OKE/templates/nodepool-template +++ b/cd3_automation_toolkit/DeveloperServices/OKE/templates/nodepool-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Developer Services # OKE Nodepool - tfvars diff --git a/cd3_automation_toolkit/DeveloperServices/OKE/templates/virtual-nodepool-template b/cd3_automation_toolkit/DeveloperServices/OKE/templates/virtual-nodepool-template index ca3b61b19..7e830d283 100644 --- a/cd3_automation_toolkit/DeveloperServices/OKE/templates/virtual-nodepool-template +++ b/cd3_automation_toolkit/DeveloperServices/OKE/templates/virtual-nodepool-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Developer Services # OKE Nodepool - tfvars diff --git a/cd3_automation_toolkit/Excel_Columns b/cd3_automation_toolkit/Excel_Columns index 045eff600..104fd22f1 100644 --- a/cd3_automation_toolkit/Excel_Columns +++ b/cd3_automation_toolkit/Excel_Columns @@ -8,6 +8,11 @@ "Description" : "description", "Name" : "name" }, + "Users" : + { + "Family Name" : "family_name", + "User Name" : "name" + }, "Policies" : { "Description" : "description", diff --git a/cd3_automation_toolkit/Governance/Billing/__init__.py b/cd3_automation_toolkit/Governance/Billing/__init__.py deleted file mode 100644 index 51964075b..000000000 --- a/cd3_automation_toolkit/Governance/Billing/__init__.py +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/env python3 - -from .create_terraform_budget import create_cis_budget - diff --git a/cd3_automation_toolkit/Governance/Billing/create_terraform_budget.py b/cd3_automation_toolkit/Governance/Billing/create_terraform_budget.py deleted file mode 100644 index 32904a3d7..000000000 --- a/cd3_automation_toolkit/Governance/Billing/create_terraform_budget.py +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/python3 -# Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved. -# -# This script will produce a Terraform file that will be used to set up OCI Budget -# Key/Vault -# -# Author: Suruchi Singla -# Oracle Consulting -# Modified (TF Upgrade): Shruthi Subramanian -# - -import os -from jinja2 import Environment, FileSystemLoader -from pathlib import Path -from oci.config import DEFAULT_LOCATION -from commonTools import * - -###### -# Required Inputs- Config file, prefix AND outdir -###### -# Execution of the code begins here -def create_cis_budget(outdir, service_dir, prefix, ct, amount, threshold): - - - # Load the template file - file_loader = FileSystemLoader(f'{Path(__file__).parent}/templates') - env = Environment(loader=file_loader, keep_trailing_newline=True, trim_blocks=True, lstrip_blocks=True) - template = env.get_template('budget-template') - template_alert_rule = env.get_template('budget-alert-rule-template') - budget_auto_tfvars_filename = "cis-budget.auto.tfvars" - - tempStr = {} - - budgettfStr = '' - budgetalerttfStr = '' - - budget_name = prefix+"-main-budget" - tempStr['budget_name'] = budget_name - tempStr['budget_tf_name'] = budget_name - tempStr['amount'] = amount - tempStr['description'] = "Tracks spending from the root compartment and down" - tempStr['period_start'] = "1" - tempStr['target_type'] = 'COMPARTMENT' - tempStr['target_ocid'] = 'root' - budgettfStr = budgettfStr + template.render(tempStr)+"\n" - - tempStr = {} - tempStr['budget_name'] = budget_name - tempStr['budget_tf_name'] = budget_name - tempStr['threshold_type'] = "PERCENTAGE" - tempStr['type']="FORECAST" - tempStr['threshold']=threshold - tempStr["description"]="Budget Alert Rule" - budgetalerttfStr = budgetalerttfStr + template_alert_rule.render(tempStr) - - # Write TF string to the file in respective region directory - reg_out_dir = outdir + "/" + ct.home_region + "/" + service_dir - if not os.path.exists(reg_out_dir): - os.makedirs(reg_out_dir) - - outfile = reg_out_dir + "/" + budget_auto_tfvars_filename - - srcdir = reg_out_dir + "/" - resource = 'budget' - commonTools.backup_file(srcdir, resource, budget_auto_tfvars_filename) - - budgettfStr = template.render(count=0,region=ct.home_region).replace("##Add New Budgets for "+ct.home_region+" here##",budgettfStr) - budgetalerttfStr = template_alert_rule.render(count=0, region=ct.home_region).replace("##Add New Budget Alert Rules for " + ct.home_region + " here##", budgetalerttfStr) - budgettfStr = budgettfStr + "\n" + budgetalerttfStr - - if(budgettfStr!=''): - budgettfStr = "".join([s for s in budgettfStr.strip().splitlines(True) if s.strip("\r\n").strip()]) - oname=open(outfile,'w+') - oname.write(budgettfStr) - oname.close() - print(outfile + " containing TF for Budget has been created for home region "+ct.home_region) diff --git a/cd3_automation_toolkit/Governance/Billing/templates/budget-alert-rule-template b/cd3_automation_toolkit/Governance/Billing/templates/budget-alert-rule-template deleted file mode 100644 index 637fb203d..000000000 --- a/cd3_automation_toolkit/Governance/Billing/templates/budget-alert-rule-template +++ /dev/null @@ -1,82 +0,0 @@ -{% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -############################ -# Governance -# Create Budget Alert Rules -# Allowed Values: -# compartment_id can be the ocid or the name of the compartment hierarchy delimited by double hiphens "--" -# Example : compartment_id = "ocid1.compartment.oc1..aaaaaaaahwwiefb56epvdlzfic6ah6jy3xf3c" or compartment_id = "Network-root-cpt--Network" where "Network-root-cpt" is the parent of "Network" compartment -############################ - -budget_alert_rules = { - ##Add New Budget Alert Rules for {{ region|lower }} here## -}{% else %} - - {{ budget_tf_name }}_alert_rule = { - - {% if budget_tf_name and budget_tf_name != "" %} - budget_id = "{{ budget_tf_name }}" - {% endif %} - - {% if type and type != "" %} - type = "{{ type }}" - {% endif %} - - {% if threshold and threshold != "" %} - threshold = "{{ threshold }}" - {% endif %} - - {% if threshold_type and threshold_type != "" %} - threshold_type = "{{ threshold_type }}" - {% endif %} - - {% if description and description != "" %} - description = "{{ description }}" - {% endif %} - - {% if budget_name and budget_name != "" %} - display_name = "{{budget_name}}_alert_rule" - {% endif %} - - {% if message and message != "" %} - message = "{{ message }}" - {% endif %} - - {% if recipients and recipients != "" %} - recipients = "{{ recipients }}" - {% endif %} - - {# ##Do not modify below this line## #} - {# #} - {# ###Section for adding Defined and Freeform Tags### #} - {% if defined_tags and defined_tags != 'nan' and defined_tags != '' and defined_tags != [['nan']] %} - {% if defined_tags[0] %} - defined_tags = { - {% for tags in defined_tags %} - {% if not loop.last %} - "{{ tags[0] }}"= "{{ tags[1] }}" , - {% else %} - "{{ tags[0] }}"= "{{ tags[1] }}" - {% endif %} - {% endfor %} - } - {% endif %} - {% endif %} - {% if freeform_tags and freeform_tags != 'nan' and freeform_tags != '' and freeform_tags != [['nan']] %} - {% if freeform_tags[0] %} - freeform_tags = { - {% for tags in freeform_tags %} - {% if not loop.last %} - "{{ tags[0] }}"="{{ tags[1] }}", - {% else %} - "{{ tags[0] }}"="{{ tags[1] }}" - {% endif %} - {% endfor %} - } - {% endif %} - {% endif %} - {# ###Section for adding Defined and Freeform Tags ends here### #} - }, - -{% endif %} \ No newline at end of file diff --git a/cd3_automation_toolkit/Governance/Billing/templates/budget-template b/cd3_automation_toolkit/Governance/Billing/templates/budget-template deleted file mode 100644 index 6fdf7acd1..000000000 --- a/cd3_automation_toolkit/Governance/Billing/templates/budget-template +++ /dev/null @@ -1,97 +0,0 @@ -{% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -############################ -# Governance -# Create Budgets -# Allowed Values: -# compartment_id can be the ocid or the name of the compartment hierarchy delimited by double hiphens "--" -# Example : compartment_id = "ocid1.compartment.oc1..aaaaaaaahwwiefb56epvdlzfic6ah6jy3xf3c" or compartment_id = "Network-root-cpt--Network" where "Network-root-cpt" is the parent of "Network" compartment -# processing_period_type : Valid values are INVOICE and MONTH. -# target_type : Valid values are COMPARTMENT and TAG -# targets : list of compartment OCIDs or list of cost tracking tag identifiers in the form of "{tagNamespace}.{tagKey}.{tagValue}" -############################ - -budgets = { - ##Add New Budgets for {{ region|lower }} here## -}{% else %} - - {{ budget_tf_name }} = { - - {% if compartment_tf_name and compartment_tf_name != "" %} - compartment_id = "{{ compartment_tf_name }}" - {% else %} - compartment_id = "root" - {% endif %} - - {% if amount and amount != "" %} - amount = {{ amount }} - {% endif %} - - {% if reset_period and reset_period != "" %} - reset_period = "{{ reset_period }}" - {% else %} - reset_period = "MONTHLY" - {% endif %} - - {% if description and description != "" %} - description = "{{ description }}" - {% endif %} - - {% if period_start and period_start != "" %} - budget_processing_period_start_offset = "{{ period_start }}" - {% endif %} - - {% if budget_name and budget_name != "" %} - display_name = "{{ budget_name }}" - {% endif %} - - {% if processing_period_type and processing_period_type != "" %} - processing_period_type = "{{ processing_period_type }}" - {% endif %} - - {% if target_compartment_id and target_compartment_id != "" %} - target_compartment_id = "{{ target_compartment_id }}" - {% endif %} - - {% if target_type and target_type != "" %} - target_type = "{{ target_type }}" - {% endif %} - - {% if target_ocid and target_ocid != [] %} - targets = ["{{ target_ocid }}"] - {% endif %} - - {# ##Do not modify below this line## #} - {# #} - {# ###Section for adding Defined and Freeform Tags### #} - {% if defined_tags and defined_tags != 'nan' and defined_tags != '' and defined_tags != [['nan']] %} - {% if defined_tags[0] %} - defined_tags = { - {% for tags in defined_tags %} - {% if not loop.last %} - "{{ tags[0] }}"= "{{ tags[1] }}" , - {% else %} - "{{ tags[0] }}"= "{{ tags[1] }}" - {% endif %} - {% endfor %} - } - {% endif %} - {% endif %} - {% if freeform_tags and freeform_tags != 'nan' and freeform_tags != '' and freeform_tags != [['nan']] %} - {% if freeform_tags[0] %} - freeform_tags = { - {% for tags in freeform_tags %} - {% if not loop.last %} - "{{ tags[0] }}"="{{ tags[1] }}", - {% else %} - "{{ tags[0] }}"="{{ tags[1] }}" - {% endif %} - {% endfor %} - } - {% endif %} - {% endif %} - {# ###Section for adding Defined and Freeform Tags ends here### #} - }, - -{% endif %} \ No newline at end of file diff --git a/cd3_automation_toolkit/Governance/Quota/templates/quota-template b/cd3_automation_toolkit/Governance/Quota/templates/quota-template index e93f10fde..89ec0f117 100644 --- a/cd3_automation_toolkit/Governance/Quota/templates/quota-template +++ b/cd3_automation_toolkit/Governance/Quota/templates/quota-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2024, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Quota-Policy - tfvars # Allowed Values: diff --git a/cd3_automation_toolkit/Governance/Tagging/templates/tags-defaults-template b/cd3_automation_toolkit/Governance/Tagging/templates/tags-defaults-template index 524068db5..45d88490c 100644 --- a/cd3_automation_toolkit/Governance/Tagging/templates/tags-defaults-template +++ b/cd3_automation_toolkit/Governance/Tagging/templates/tags-defaults-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Governance # Create Default Tags diff --git a/cd3_automation_toolkit/Governance/Tagging/templates/tags-keys-template b/cd3_automation_toolkit/Governance/Tagging/templates/tags-keys-template index 37919e7c5..aebba9c13 100644 --- a/cd3_automation_toolkit/Governance/Tagging/templates/tags-keys-template +++ b/cd3_automation_toolkit/Governance/Tagging/templates/tags-keys-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Governance # Create Tag Keys diff --git a/cd3_automation_toolkit/Governance/Tagging/templates/tags-namespaces-template b/cd3_automation_toolkit/Governance/Tagging/templates/tags-namespaces-template index fc1b498c9..64a3b4d15 100644 --- a/cd3_automation_toolkit/Governance/Tagging/templates/tags-namespaces-template +++ b/cd3_automation_toolkit/Governance/Tagging/templates/tags-namespaces-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Governance # Create Tag Namespaces diff --git a/cd3_automation_toolkit/Identity/Compartments/templates/compartments-template b/cd3_automation_toolkit/Identity/Compartments/templates/compartments-template index 0f21fcdc8..31a562a1c 100644 --- a/cd3_automation_toolkit/Identity/Compartments/templates/compartments-template +++ b/cd3_automation_toolkit/Identity/Compartments/templates/compartments-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Identity # Compartments - tfvars diff --git a/cd3_automation_toolkit/Identity/Groups/create_terraform_groups.py b/cd3_automation_toolkit/Identity/Groups/create_terraform_groups.py index d7d80b053..783411275 100644 --- a/cd3_automation_toolkit/Identity/Groups/create_terraform_groups.py +++ b/cd3_automation_toolkit/Identity/Groups/create_terraform_groups.py @@ -122,7 +122,6 @@ def create_terraform_groups(inputfile, outdir, service_dir, prefix, ct): tempdict = commonTools.split_tag_values(columnname, columnvalue, tempdict) if columnname == 'Name': - #columnvalue = columnvalue.strip() group_tf_name = f"{domain}_{commonTools.check_tf_variable(columnvalue)}" if group_tf_name.startswith('_'): group_tf_name = group_tf_name[1:] diff --git a/cd3_automation_toolkit/Identity/Groups/templates/groups-template b/cd3_automation_toolkit/Identity/Groups/templates/groups-template index 0c098551c..358797964 100644 --- a/cd3_automation_toolkit/Identity/Groups/templates/groups-template +++ b/cd3_automation_toolkit/Identity/Groups/templates/groups-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Identity # Groups - tfvars diff --git a/cd3_automation_toolkit/Identity/Groups/templates/identity-domain-groups-template b/cd3_automation_toolkit/Identity/Groups/templates/identity-domain-groups-template index 489b3fb68..103bdc513 100644 --- a/cd3_automation_toolkit/Identity/Groups/templates/identity-domain-groups-template +++ b/cd3_automation_toolkit/Identity/Groups/templates/identity-domain-groups-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Identity # Groups - tfvars @@ -13,9 +14,11 @@ identity_domain_groups = { {% endif %} {{ group_tf_name }} = { group_name = "{{ name }}" + {% if description %} group_description = "{{ description }}" + {% endif %} idcs_endpoint = "{{ domain }}" - compartment_id = "{{compartment_id}}" + domain_compartment_id = "{{ compartment_id }}" {% if matching_rule != "" %} {% if '\n' not in matching_rule %} matching_rule = "{{ matching_rule }}" @@ -33,6 +36,10 @@ identity_domain_groups = { ] {% endif %} + {% if user_can_request_access %} + user_can_request_access = "{{ user_can_request_access }}" + {% endif %} + {# ##Do not modify below this line## #} {# #} {# ###Section for adding Defined and Freeform Tags### #} diff --git a/cd3_automation_toolkit/Identity/NetworkSources/templates/network-sources-template b/cd3_automation_toolkit/Identity/NetworkSources/templates/network-sources-template index 8beeee81a..3adb1eba6 100644 --- a/cd3_automation_toolkit/Identity/NetworkSources/templates/network-sources-template +++ b/cd3_automation_toolkit/Identity/NetworkSources/templates/network-sources-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Identity # Network Sources - tfvars diff --git a/cd3_automation_toolkit/Identity/Policies/templates/policies-template b/cd3_automation_toolkit/Identity/Policies/templates/policies-template index 02a327b64..6f0d31db4 100644 --- a/cd3_automation_toolkit/Identity/Policies/templates/policies-template +++ b/cd3_automation_toolkit/Identity/Policies/templates/policies-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Identity # Policies - tfvars diff --git a/cd3_automation_toolkit/Identity/Users/create_terraform_users.py b/cd3_automation_toolkit/Identity/Users/create_terraform_users.py index 51ecf2305..5ae39550f 100644 --- a/cd3_automation_toolkit/Identity/Users/create_terraform_users.py +++ b/cd3_automation_toolkit/Identity/Users/create_terraform_users.py @@ -7,7 +7,7 @@ # Author: Gaurav Goyal # Oracle Consulting # Modified by: Ranjini Rajendran -# + import os from pathlib import Path from oci.config import DEFAULT_LOCATION @@ -127,13 +127,11 @@ def create_terraform_users(inputfile, outdir, service_dir, prefix, ct): user_tf_name = user_tf_name[1:] tempdict = {'user_tf_name': user_tf_name, 'domain': domain, 'compartment_id':compartment_id} - if columnname == 'Family Name': - columnvalue = columnvalue.strip() - tempdict = {'last_name': columnvalue} - if columnname == 'User Email': - email = commonTools.check_columnvalue(columnvalue) - tempdict['email'] = email + user_email = columnvalue.strip() + if not user_email or user_email.lower() == 'nan': + user_email = df.loc[i, 'User Name'].strip() + tempdict['user_email'] = user_email if columnname == 'Enable Capabilities': if columnvalue != '' and columnvalue.strip().lower() != 'nan': diff --git a/cd3_automation_toolkit/Identity/Users/export_users_nonGreenField.py b/cd3_automation_toolkit/Identity/Users/export_users_nonGreenField.py index 16645fc7c..6388a1c47 100644 --- a/cd3_automation_toolkit/Identity/Users/export_users_nonGreenField.py +++ b/cd3_automation_toolkit/Identity/Users/export_users_nonGreenField.py @@ -6,68 +6,67 @@ # Author: Gaurav # Oracle Consulting -#Modified By: Ranjini Rajendran +# Modified By: Ranjini Rajendran import sys import oci from oci.identity import IdentityClient import os import subprocess as sp - sys.path.append(os.getcwd() + "/..") from commonTools import * - -def append_user_info(values_for_column_users, ct, user_info, username, family_name, description, email, domain_key, user_defined_tags): - capabilities = [] - if hasattr(user_info, 'urn_ietf_params_scim_schemas_oracle_idcs_extension_capabilities_user'): - cap_ext = user_info.urn_ietf_params_scim_schemas_oracle_idcs_extension_capabilities_user - elif hasattr(user_info, 'capabilities'): - cap_ext = user_info.capabilities - else: - cap_ext = None - - if cap_ext: - if cap_ext.can_use_api_keys: - capabilities.append("api_keys") - if cap_ext.can_use_auth_tokens: - capabilities.append("auth_tokens") - if cap_ext.can_use_console_password: - capabilities.append("console_password") - if cap_ext.can_use_customer_secret_keys: - capabilities.append("customer_secret_keys") - if cap_ext.can_use_db_credentials: - capabilities.append("db_credentials") - if cap_ext.can_use_o_auth2_client_credentials: - capabilities.append("oauth2client_credentials") - if cap_ext.can_use_smtp_credentials: - capabilities.append("smtp_credentials") +def append_user_info(values_for_column_users,sheet_dict_users, ct, user_info, username, family_name, given_name, recovery_email, display_name, description, email, domain_key, user_defined_tags): + def add_capabilities(user_info): + capabilities = [] + cap_ext = getattr(user_info, 'urn_ietf_params_scim_schemas_oracle_idcs_extension_capabilities_user', + getattr(user_info, 'capabilities', None)) + if cap_ext: + capability_map = { + "can_use_api_keys": "api_keys", + "can_use_auth_tokens": "auth_tokens", + "can_use_console_password": "console_password", + "can_use_customer_secret_keys": "customer_secret_keys", + "can_use_db_credentials": "db_credentials", + "can_use_o_auth2_client_credentials": "oauth2client_credentials", + "can_use_smtp_credentials": "smtp_credentials" + } + for attr, cap in capability_map.items(): + if getattr(cap_ext, attr, False): + capabilities.append(cap) + return ",".join(capabilities) + def map_columns(col_header): + column_map = { + "Region": ct.home_region.capitalize(), + "User Name": username, + "Family Name": family_name if hasattr(user_info, 'name') else "", + "First Name": given_name if hasattr(user_info, 'name') else "", + "Description": description, + "Display Name": display_name if hasattr(user_info, 'display_name') else "", + "User Email": email, + "Recovery Email": recovery_email, + "Domain Name": domain_key, + "Defined Tags": str(user_defined_tags) if user_defined_tags else "", + "Enable Capabilities": add_capabilities(user_info), + "Middle Name": getattr(user_info.name, 'middle_name', "") if hasattr(user_info, 'name') else "", + "Prefix": getattr(user_info.name, 'honorific_prefix', "") if hasattr(user_info, 'name') else "", + "Home Phone Number": next((phone.value for phone in user_info.phone_numbers if phone.type == "home"), None) + if hasattr(user_info, 'phone_numbers') and user_info.phone_numbers else None, + "Mobile Phone Number": next((phone.value for phone in user_info.phone_numbers if phone.type == "mobile"), + None) + if hasattr(user_info, 'phone_numbers') and user_info.phone_numbers else None + } + return column_map.get(col_header, None) for col_header in values_for_column_users.keys(): - if col_header == "Region": - values_for_column_users[col_header].append(ct.home_region.capitalize()) - elif col_header == "User Name": - values_for_column_users[col_header].append(username) - elif col_header == "Family Name": - values_for_column_users[col_header].append(family_name) - elif col_header == "Description": - values_for_column_users[col_header].append(description) - elif col_header == "User Email": - values_for_column_users[col_header].append(email) - elif col_header == "Domain Name": - values_for_column_users[col_header].append(domain_key) - elif col_header == "Defined Tags" and user_defined_tags: - values_for_column_users[col_header].append(str(user_defined_tags)) - elif col_header == "Enable Capabilities": - values_for_column_users[col_header].append(",".join(capabilities)) - + value = map_columns(col_header) + if value is not None: + values_for_column_users[col_header].append(value) + else: + oci_objs = [user_info] + values_for_column_users = commonTools.export_extra_columns(oci_objs, col_header, sheet_dict_users, values_for_column_users) # Execution start here def export_users(inputfile, outdir, service_dir, config, signer, ct,export_domains={}): - global values_for_column_comps - global values_for_column_groups - global values_for_column_policies - global sheet_dict_comps - global sheet_dict_groups - global sheet_dict_policies + global sheet_dict_users global cd3file,tf_or_tofu tf_or_tofu = ct.tf_or_tofu tf_state_list = [tf_or_tofu, "state", "list"] @@ -84,6 +83,7 @@ def export_users(inputfile, outdir, service_dir, config, signer, ct,export_domai # Read CD3 Identity Sheets df, values_for_column_users = commonTools.read_cd3(cd3file, sheetName_users) + sheet_dict_users = ct.sheet_dict[sheetName_users] print("\nCD3 excel file should not be opened during export process!!!") print("Tab - Users would be overwritten during export process!!!\n") @@ -110,12 +110,10 @@ def export_users(inputfile, outdir, service_dir, config, signer, ct,export_domai if ct.identity_domain_enabled: for domain_key, idcs_endpoint in export_domains.items(): domain_name = domain_key.split("@")[1] - - # retrieve group information. This is required to get group name for user-group membership - domain_client = oci.identity_domains.IdentityDomainsClient(config, idcs_endpoint) + domain_client = oci.identity_domains.IdentityDomainsClient(config=config, signer=signer, + service_endpoint=idcs_endpoint) users = domain_client.list_users() index = 0 - for user in users.data.resources: defined_tags_info = user.urn_ietf_params_scim_schemas_oracle_idcs_extension_oci_tags user_defined_tags = [] @@ -129,19 +127,24 @@ def export_users(inputfile, outdir, service_dir, config, signer, ct,export_domai if namespace is not None and key is not None and value is not None: user_defined_tags.append(f"{namespace}.{key}={value}") - user_defined_tags = ";".join(user_defined_tags) + user_defined_tags = ";".join(user_defined_tags) if user_defined_tags else "" user_info = user if user_info.urn_ietf_params_scim_schemas_oracle_idcs_extension_user_user.is_federated_user != "True" and user_info.active !="False": username = user_info.user_name family_name = user_info.name.family_name + given_name = user_info.name.given_name description = user_info.description + display_name = user_info.display_name email = None + recovery_email = None for email_info in user_info.emails: if email_info.primary: email = email_info.value - break + elif email_info.type == "recovery": + recovery_email = email_info.value + tf_name = commonTools.check_tf_variable(username) if domain_name == "Default" or domain_name == "default": @@ -152,7 +155,7 @@ def export_users(inputfile, outdir, service_dir, config, signer, ct,export_domai if tf_resource not in state["resources"]: importCommands += f'\n{tf_or_tofu} import "{tf_resource}" "{import_user_id}"' count_u += 1 - append_user_info(values_for_column_users, ct, user_info, username, family_name, description, email, domain_key,user_defined_tags) + append_user_info(values_for_column_users,sheet_dict_users, ct, user_info, username, family_name, given_name,recovery_email, display_name,description, email, domain_key,user_defined_tags) else: users = oci.pagination.list_call_get_all_results(idc.list_users, compartment_id=config['tenancy']).data @@ -165,15 +168,17 @@ def export_users(inputfile, outdir, service_dir, config, signer, ct,export_domai username = user_info.name description = user_info.description email = user_info.email + user_defined_tags = [] tf_name = commonTools.check_tf_variable(username) import_user_id = user_info.id tf_resource = f'module.iam-users[\\"{str(tf_name)}\\"].oci_identity_user.user' if tf_resource not in state["resources"]: importCommands += f'\n{tf_or_tofu} import "{tf_resource}" "{import_user_id}"' - # Pass empty strings for domain_name and domain_key count_u += 1 - append_user_info(values_for_column_users, ct, user_info, username, "", description, email, "", []) + #append_user_info(values_for_column_users,sheetName_users, ct, user_info, username, "", description, email, "", []) + append_user_info(values_for_column_users, sheet_dict_users, ct, user_info, username, "", "", "", "", + description, email, "", user_defined_tags) if user.capabilities: tf_resource = f'module.iam-users[\\"{str(tf_name)}\\"].oci_identity_user_capabilities_management.user_capabilities_management[0]' diff --git a/cd3_automation_toolkit/Identity/Users/templates/identity-domain-users-template b/cd3_automation_toolkit/Identity/Users/templates/identity-domain-users-template index 28904dd15..7f3705dd0 100644 --- a/cd3_automation_toolkit/Identity/Users/templates/identity-domain-users-template +++ b/cd3_automation_toolkit/Identity/Users/templates/identity-domain-users-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Identity # Users - tfvars @@ -11,12 +12,37 @@ identity_domain_users = { {% endif %} {{ user_tf_name }} = { - family_name = "{{last_name}}" - idcs_endpoint = "{{ domain }}" - description = "{{ description }}" - user_name = "{{user_name}}" - compartment_id = "{{compartment_id}}" - email = "{{email}}" + name = { + family_name = "{{family_name}}" + {% if first_name %} + given_name = "{{first_name}}" + {% endif %} + {% if middle_name %} + middle_name = "{{middle_name}}" + {% endif %} + {% if prefix %} + honorific_prefix = "{{prefix}}" + {% endif %} + } + idcs_endpoint = "{{ domain }}" + domain_compartment_id = "{{compartment_id}}" + user_name = "{{user_name}}" + email = "{{user_email}}" + {% if description %} + description = "{{ description }}" + {% endif %} + {% if display_name %} + display_name = "{{ display_name }}" + {% endif %} + {% if recovery_email %} + recovery_email = "{{recovery_email}}" + {% endif %} + {% if home_phone_number %} + home_phone_number = "{{home_phone_number}}" + {% endif %} + {% if mobile_phone_number %} + mobile_phone_number = "{{mobile_phone_number}}" + {% endif %} {% if groups_names %} groups = [{{ groups_names }}] {% endif %} diff --git a/cd3_automation_toolkit/Identity/Users/templates/users-template b/cd3_automation_toolkit/Identity/Users/templates/users-template index 3e994b52a..117ebcfb1 100644 --- a/cd3_automation_toolkit/Identity/Users/templates/users-template +++ b/cd3_automation_toolkit/Identity/Users/templates/users-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Identity # Users - tfvars diff --git a/cd3_automation_toolkit/Identity/export_identity_nonGreenField.py b/cd3_automation_toolkit/Identity/export_identity_nonGreenField.py index 1864e85f0..e0db64b21 100644 --- a/cd3_automation_toolkit/Identity/export_identity_nonGreenField.py +++ b/cd3_automation_toolkit/Identity/export_identity_nonGreenField.py @@ -8,7 +8,6 @@ # Updated by Ranjini Rajendran # Users export code updated by Gaurav Goyal # Oracle Consulting -# import sys import oci @@ -278,6 +277,7 @@ def export_identity(inputfile, outdir, service_dir,resource, config, signer, ct, total_g = 0 def process_group(grp_info, members_list,membership_id_list, domain_name, is_dynamic=False, importCommands="", values_for_column_groups={}, non_domain=False): group_description = "" + user_can_request_access = "" if non_domain: group_name = grp_info.name group_description = grp_info.description @@ -304,6 +304,10 @@ def process_group(grp_info, members_list,membership_id_list, domain_name, is_dyn resource_id = f"idcsEndpoint/{idcs_endpoint}/dynamicResourceGroups/{grp_info.id}" tf_resource = f'module.groups[\\"{str(tf_name)}\\"].oci_identity_domains_dynamic_resource_group.dynamic_group[0]' else: + requestable_group = grp_info + requestable = getattr(requestable_group, + 'urn_ietf_params_scim_schemas_oracle_idcs_extension_requestable_group', None) + user_can_request_access = "" if requestable is None else requestable.requestable if hasattr(grp_info, 'urn_ietf_params_scim_schemas_oracle_idcs_extension_group_group'): group_description = getattr(grp_info.urn_ietf_params_scim_schemas_oracle_idcs_extension_group_group, 'description', "") @@ -327,6 +331,8 @@ def process_group(grp_info, members_list,membership_id_list, domain_name, is_dyn values_for_column_groups[col_header].append(domain_key) elif col_header == "Matching Rule": values_for_column_groups[col_header].append(grp_info.matching_rule if is_dynamic else "") + elif col_header == "User Can Request Access": + values_for_column_groups[col_header].append(str(user_can_request_access)) elif col_header == "Defined Tags" and not non_domain: defined_tags_info = grp_info.urn_ietf_params_scim_schemas_oracle_idcs_extension_oci_tags grp_defined_tags = [] @@ -351,7 +357,8 @@ def process_group(grp_info, members_list,membership_id_list, domain_name, is_dyn if ct.identity_domain_enabled: for domain_key, idcs_endpoint in export_domains.items(): domain_name = domain_key.split("@")[1] - domain_client = oci.identity_domains.IdentityDomainsClient(config, idcs_endpoint) + domain_client = oci.identity_domains.IdentityDomainsClient(config=config, signer=signer, + service_endpoint=idcs_endpoint) groups = domain_client.list_groups(attributes=['members'], attribute_sets=['all']) dyngroups = domain_client.list_dynamic_resource_groups(attributes=['matching_rule'], attribute_sets=['all']) diff --git a/cd3_automation_toolkit/ManagementServices/EventsAndNotifications/templates/events-template b/cd3_automation_toolkit/ManagementServices/EventsAndNotifications/templates/events-template index 314506d5b..578e35a74 100644 --- a/cd3_automation_toolkit/ManagementServices/EventsAndNotifications/templates/events-template +++ b/cd3_automation_toolkit/ManagementServices/EventsAndNotifications/templates/events-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # ManagementServices # Events - tfvars diff --git a/cd3_automation_toolkit/ManagementServices/EventsAndNotifications/templates/notifications-subscriptions-template b/cd3_automation_toolkit/ManagementServices/EventsAndNotifications/templates/notifications-subscriptions-template index 1d09aa1c1..326111ac2 100644 --- a/cd3_automation_toolkit/ManagementServices/EventsAndNotifications/templates/notifications-subscriptions-template +++ b/cd3_automation_toolkit/ManagementServices/EventsAndNotifications/templates/notifications-subscriptions-template @@ -1,6 +1,7 @@ {% if skeleton %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # ManagementServices # Notifications_Subscriptions - tfvars diff --git a/cd3_automation_toolkit/ManagementServices/EventsAndNotifications/templates/notifications-topics-template b/cd3_automation_toolkit/ManagementServices/EventsAndNotifications/templates/notifications-topics-template index ff1966570..a813356fd 100644 --- a/cd3_automation_toolkit/ManagementServices/EventsAndNotifications/templates/notifications-topics-template +++ b/cd3_automation_toolkit/ManagementServices/EventsAndNotifications/templates/notifications-topics-template @@ -1,6 +1,7 @@ {% if skeleton %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # ManagementServices # Notifications_Topics - tfvars diff --git a/cd3_automation_toolkit/ManagementServices/Logging/templates/logging-template b/cd3_automation_toolkit/ManagementServices/Logging/templates/logging-template index 343cfb7f9..54404474f 100644 --- a/cd3_automation_toolkit/ManagementServices/Logging/templates/logging-template +++ b/cd3_automation_toolkit/ManagementServices/Logging/templates/logging-template @@ -1,7 +1,8 @@ {% if loggroup == 'true' %} {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # ManagementServices # {{ oci_service|upper }} Log Groups - tfvars diff --git a/cd3_automation_toolkit/ManagementServices/Monitoring/templates/alarms-template b/cd3_automation_toolkit/ManagementServices/Monitoring/templates/alarms-template index 3e0823d91..ea282f780 100644 --- a/cd3_automation_toolkit/ManagementServices/Monitoring/templates/alarms-template +++ b/cd3_automation_toolkit/ManagementServices/Monitoring/templates/alarms-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # ManagementServices # Alarms - tfvars diff --git a/cd3_automation_toolkit/ManagementServices/ServiceConnectorHub/templates/service-connectors-template b/cd3_automation_toolkit/ManagementServices/ServiceConnectorHub/templates/service-connectors-template index 66e81a5a6..15523afff 100644 --- a/cd3_automation_toolkit/ManagementServices/ServiceConnectorHub/templates/service-connectors-template +++ b/cd3_automation_toolkit/ManagementServices/ServiceConnectorHub/templates/service-connectors-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # ManagementServices # Service Connector Hub - tfvars diff --git a/cd3_automation_toolkit/Network/BaseNetwork/export_network_nonGreenField.py b/cd3_automation_toolkit/Network/BaseNetwork/export_network_nonGreenField.py index fae4465c6..cdb9d9c5b 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/export_network_nonGreenField.py +++ b/cd3_automation_toolkit/Network/BaseNetwork/export_network_nonGreenField.py @@ -357,11 +357,12 @@ def get_comp_details(comp_data): # Fetch Source Data for new_rpc in SOURCE_RPC_LIST.data: + is_cross_tenancy_peering = new_rpc.is_cross_tenancy_peering source_rpc_id = new_rpc.id source_rpc_peer_id = new_rpc.peer_id # Check peering is alive - if source_rpc_peer_id is not None and new_rpc.peering_status == "PEERED": + if source_rpc_peer_id is not None and new_rpc.peering_status == "PEERED" and not is_cross_tenancy_peering: source_rpc_display_name = new_rpc.display_name source_rpc_drg_id = new_rpc.drg_id dest_rpc_id = new_rpc.peer_id @@ -781,6 +782,7 @@ def export_major_objects(inputfile, outdir, service_dir, config, signer, ct, exp drg_attachment_info = None vcn_info = None drg_info = vnc.get_drg(drg_id).data + drg_display_name = drg_info.display_name if drg_info.default_drg_route_tables is not None: DRG_RTs = oci.pagination.list_call_get_all_results(vnc.list_drg_route_tables, @@ -1050,6 +1052,10 @@ def export_subnets_vlans(inputfile, outdir, service_dir, config, signer, ct, exp if (os.path.exists(outdir + "/" + reg + "/" + service_dir_vlan + "/"+vlan_file_name)): commonTools.backup_file(outdir + "/" + reg + "/" + service_dir_vlan, "import_network",vlan_file_name) importCommands_vlan[reg] = open(outdir + "/" + reg + "/" + service_dir_vlan + "/" + vlan_file_name, "w") + importCommands_vlan[reg].write("\n#!/bin/bash") + importCommands_vlan[reg].write("\n") + importCommands_vlan[reg].write(f'{tf_or_tofu} init') + importCommands_vlan[reg].write("\n\n######### Writing import for VLANs #########\n\n") print("Tab- 'SubnetsVLANs' would be overwritten during export process!!!") for reg in export_regions: @@ -1123,10 +1129,6 @@ def export_subnets_vlans(inputfile, outdir, service_dir, config, signer, ct, exp # VLAN Data if skip_vlans['reg'] == 1: continue - importCommands_vlan[reg].write("#!/bin/bash") - importCommands_vlan[reg].write("\n") - importCommands_vlan[reg].write(f'{tf_or_tofu} init') - importCommands_vlan[reg].write("\n\n######### Writing import for VLANs #########\n\n") # check resources in vlan state state_vlan = {'path': f'{outdir}/{reg}/{service_dir_vlan}', 'resources': []} try: diff --git a/cd3_automation_toolkit/Network/BaseNetwork/modify_secrules_tf.py b/cd3_automation_toolkit/Network/BaseNetwork/modify_secrules_tf.py index 3df47d311..6f81aa60b 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/modify_secrules_tf.py +++ b/cd3_automation_toolkit/Network/BaseNetwork/modify_secrules_tf.py @@ -160,7 +160,8 @@ def generate_security_rules(region_seclist_name,processed_seclist,tfStr,region,t columnvalue = commonTools.check_columnvalue(columnvalue) # Check for multivalued columns - tempdict = commonTools.check_multivalues_columnvalue(columnvalue, columnname, tempdict) + if columnname.lower() not in ["source", "destination"]: # this is to support IPv6 CIDRs as it contains "::" + tempdict = commonTools.check_multivalues_columnvalue(columnvalue, columnname, tempdict) # Process Defined and Freeform Tags if columnname.lower() in commonTools.tagColumns: diff --git a/cd3_automation_toolkit/Network/BaseNetwork/templates/custom-dhcp-template b/cd3_automation_toolkit/Network/BaseNetwork/templates/custom-dhcp-template index 695bca2e0..0a7caf458 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/templates/custom-dhcp-template +++ b/cd3_automation_toolkit/Network/BaseNetwork/templates/custom-dhcp-template @@ -1,6 +1,7 @@ {% if custom == true %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Network # Custom DHCP - tfvars diff --git a/cd3_automation_toolkit/Network/BaseNetwork/templates/default-route-table-template b/cd3_automation_toolkit/Network/BaseNetwork/templates/default-route-table-template index b0f1e1c58..4fa0acfe7 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/templates/default-route-table-template +++ b/cd3_automation_toolkit/Network/BaseNetwork/templates/default-route-table-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Network # Major Objects - Default Route Table - tfvars diff --git a/cd3_automation_toolkit/Network/BaseNetwork/templates/default-seclist-template b/cd3_automation_toolkit/Network/BaseNetwork/templates/default-seclist-template index 40fef63fc..d571bd46b 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/templates/default-seclist-template +++ b/cd3_automation_toolkit/Network/BaseNetwork/templates/default-seclist-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Network # Major Objects - Default Security List - tfvars diff --git a/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-data-source-template b/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-data-source-template index a9012f7b7..214deff0c 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-data-source-template +++ b/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-data-source-template @@ -1,6 +1,7 @@ {% if skeleton %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ################################ # Network # Major Objects - DRG Route Rules and DRG Route Distributions diff --git a/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-route-distribution-statement-template b/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-route-distribution-statement-template index 55656415c..92bc19b7f 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-route-distribution-statement-template +++ b/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-route-distribution-statement-template @@ -1,5 +1,4 @@ {% if skeleton %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. ########################################## # Module Block - Network diff --git a/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-route-distribution-template b/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-route-distribution-template index 65239e944..7e5469912 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-route-distribution-template +++ b/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-route-distribution-template @@ -1,6 +1,7 @@ {% if skeleton %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ################################# # Network # DRG Route Distributions - tfvars diff --git a/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-route-rule-template b/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-route-rule-template index 5886e19c3..2c9f4709f 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-route-rule-template +++ b/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-route-rule-template @@ -1,6 +1,7 @@ {% if skeleton %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ################################# # Network # DRG Route Rules - tfvars diff --git a/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-route-table-template b/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-route-table-template index d25c9fc5c..8f7e48f2c 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-route-table-template +++ b/cd3_automation_toolkit/Network/BaseNetwork/templates/drg-route-table-template @@ -1,6 +1,7 @@ {% if skeleton %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ################################# # Network # DRG Route Tables - tfvars diff --git a/cd3_automation_toolkit/Network/BaseNetwork/templates/major-objects-default-dhcp-template b/cd3_automation_toolkit/Network/BaseNetwork/templates/major-objects-default-dhcp-template index 1b2e002e0..fcf8b3c15 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/templates/major-objects-default-dhcp-template +++ b/cd3_automation_toolkit/Network/BaseNetwork/templates/major-objects-default-dhcp-template @@ -1,5 +1,7 @@ {% if count == 0 %} - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Network # Major Objects - Default DHCP - tfvars diff --git a/cd3_automation_toolkit/Network/BaseNetwork/templates/major-objects-vcns-template b/cd3_automation_toolkit/Network/BaseNetwork/templates/major-objects-vcns-template index cb1468348..78382e9d9 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/templates/major-objects-vcns-template +++ b/cd3_automation_toolkit/Network/BaseNetwork/templates/major-objects-vcns-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Network # Major Objects - VCNs, IGW, NGW, SGW, LPG, DRG - tfvars diff --git a/cd3_automation_toolkit/Network/BaseNetwork/templates/nsg-rule-template b/cd3_automation_toolkit/Network/BaseNetwork/templates/nsg-rule-template index 9c7b876ae..2c7a14722 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/templates/nsg-rule-template +++ b/cd3_automation_toolkit/Network/BaseNetwork/templates/nsg-rule-template @@ -1,6 +1,7 @@ {% if skeleton %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Network # Network Security Group Rules diff --git a/cd3_automation_toolkit/Network/BaseNetwork/templates/nsg-template b/cd3_automation_toolkit/Network/BaseNetwork/templates/nsg-template index e9c67aa68..d6814ea3a 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/templates/nsg-template +++ b/cd3_automation_toolkit/Network/BaseNetwork/templates/nsg-template @@ -1,6 +1,7 @@ {% if skeleton %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Network # Network Security Group - tfvars diff --git a/cd3_automation_toolkit/Network/BaseNetwork/templates/route-table-template b/cd3_automation_toolkit/Network/BaseNetwork/templates/route-table-template index c800586ba..64e76ff33 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/templates/route-table-template +++ b/cd3_automation_toolkit/Network/BaseNetwork/templates/route-table-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Network # Major Objects - Route Table - tfvars diff --git a/cd3_automation_toolkit/Network/BaseNetwork/templates/seclist-template b/cd3_automation_toolkit/Network/BaseNetwork/templates/seclist-template index a6cdc9ed1..04e5cf1be 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/templates/seclist-template +++ b/cd3_automation_toolkit/Network/BaseNetwork/templates/seclist-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Network # Major Objects - Security List - tfvars diff --git a/cd3_automation_toolkit/Network/BaseNetwork/templates/subnet-template b/cd3_automation_toolkit/Network/BaseNetwork/templates/subnet-template index 5784f872d..6bafaf1cb 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/templates/subnet-template +++ b/cd3_automation_toolkit/Network/BaseNetwork/templates/subnet-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Network # Major Objects - Subnets - tfvars diff --git a/cd3_automation_toolkit/Network/BaseNetwork/templates/vlan-template b/cd3_automation_toolkit/Network/BaseNetwork/templates/vlan-template index 09027d207..68b38afee 100644 --- a/cd3_automation_toolkit/Network/BaseNetwork/templates/vlan-template +++ b/cd3_automation_toolkit/Network/BaseNetwork/templates/vlan-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Network # Major Objects - VLANs - tfvars diff --git a/cd3_automation_toolkit/Network/Global/templates/rpc-module-template b/cd3_automation_toolkit/Network/Global/templates/rpc-module-template index 5fdbbbebc..d552d716a 100755 --- a/cd3_automation_toolkit/Network/Global/templates/rpc-module-template +++ b/cd3_automation_toolkit/Network/Global/templates/rpc-module-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Global Services # Remote Peering Connection - tfvars diff --git a/cd3_automation_toolkit/Network/Global/templates/rpc-module/rpc-provider-terraform-template b/cd3_automation_toolkit/Network/Global/templates/rpc-module/rpc-provider-terraform-template index fe68c6326..f3050e7be 100755 --- a/cd3_automation_toolkit/Network/Global/templates/rpc-module/rpc-provider-terraform-template +++ b/cd3_automation_toolkit/Network/Global/templates/rpc-module/rpc-provider-terraform-template @@ -1,5 +1,6 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ################################## # Providers Block - RPC # Create Remote Peering Connection diff --git a/cd3_automation_toolkit/Network/Global/templates/rpc-module/rpc-source-destination-terraform-template b/cd3_automation_toolkit/Network/Global/templates/rpc-module/rpc-source-destination-terraform-template index 651a58816..8d4e9934b 100755 --- a/cd3_automation_toolkit/Network/Global/templates/rpc-module/rpc-source-destination-terraform-template +++ b/cd3_automation_toolkit/Network/Global/templates/rpc-module/rpc-source-destination-terraform-template @@ -1,5 +1,6 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ####################### # Resource Block - RPC # Create RPC diff --git a/cd3_automation_toolkit/Network/Global/templates/rpc-module/rpc-variables-terraform-template b/cd3_automation_toolkit/Network/Global/templates/rpc-module/rpc-variables-terraform-template index 4478769e8..9d3b32805 100755 --- a/cd3_automation_toolkit/Network/Global/templates/rpc-module/rpc-variables-terraform-template +++ b/cd3_automation_toolkit/Network/Global/templates/rpc-module/rpc-variables-terraform-template @@ -1,5 +1,6 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ################################## # Variable Block - RPC # Create Remote Peering Connection diff --git a/cd3_automation_toolkit/Network/Global/templates/rpc-root-terraform-template b/cd3_automation_toolkit/Network/Global/templates/rpc-root-terraform-template index 0f45d6ff8..85d160cfd 100755 --- a/cd3_automation_toolkit/Network/Global/templates/rpc-root-terraform-template +++ b/cd3_automation_toolkit/Network/Global/templates/rpc-root-terraform-template @@ -1,5 +1,6 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# #################################################### # Root Module Block - Network #################################################### diff --git a/cd3_automation_toolkit/Network/LoadBalancers/export_lbr_nonGreenField.py b/cd3_automation_toolkit/Network/LoadBalancers/export_lbr_nonGreenField.py index 4466568a7..e42776fb8 100644 --- a/cd3_automation_toolkit/Network/LoadBalancers/export_lbr_nonGreenField.py +++ b/cd3_automation_toolkit/Network/LoadBalancers/export_lbr_nonGreenField.py @@ -477,6 +477,9 @@ def print_backendset_backendserver(region, ct, values_for_column_bss, lbr, LBRs, values_for_column_bss['Cookie Path'].append("") values_for_column_bss['Disable Fallback(TRUE|FALSE)'].append("") + # Get Health Checker + hc = lbr.get_health_checker(eachlbr.__getattribute__('id'), backendsets).data + for col_headers in values_for_column_bss: headers_lower = commonTools.check_column_headers(col_headers) @@ -503,8 +506,6 @@ def print_backendset_backendserver(region, ct, values_for_column_bss, lbr, LBRs, # Process the Backend Set and Backend Server Columns elif col_headers in sheet_dict_bss.keys(): - hc = lbr.get_health_checker(eachlbr.__getattribute__('id'), backendsets).data - if col_headers == "Backend Policy(LEAST_CONNECTIONS|ROUND_ROBIN|IP_HASH)": policy = backendset_details.__getattribute__(sheet_dict_bss[col_headers]) values_for_column_bss['Backend Policy(LEAST_CONNECTIONS|ROUND_ROBIN|IP_HASH)'].append( @@ -871,41 +872,48 @@ def print_routing_policies(region, ct, values_for_column_rp, LBRs, lbr_compartme comp_done_ids = [] for comp_name, comp_id in ct.ntk_compartment_ids.items(): if lbr_comp_id == comp_id and lbr_comp_id not in comp_done_ids: - # Retrieve the values for the routing policies - for rp, values in eachlbr.__getattribute__('routing_policies').items(): - for col_headers in values_for_column_rp.keys(): - headers_lower = commonTools.check_column_headers(col_headers) - - if col_headers in sheet_dict_common.keys(): - values_for_column_rp = common_headers(region, col_headers, values_for_column_rp, eachlbr, - sheet_dict_common, lbr_compartment_name) - elif col_headers == 'LBR Name': - values_for_column_rp[col_headers].append(eachlbr.display_name) - - elif col_headers == 'Routing Policy Name': - values_for_column_rp[col_headers].append(values.__getattribute__('name')) - - elif col_headers == "Rules": - rules = [] - for rule in values.rules: - if hasattr(rule, 'actions') and rule.actions and hasattr(rule.actions[0], 'backend_set_name'): - backend_set_name = rule.actions[0].backend_set_name - else: - backend_set_name = None - rule_str = f"{rule.name}::{rule.condition}::{backend_set_name}" - rules.append(rule_str) - rules_string = "\n".join(rules) - values_for_column_rp[col_headers].append(rules_string) + lbr_compartment_name = comp_name + comp_done_ids.append(lbr_comp_id) - elif col_headers in sheet_dict_rp.keys(): - values_for_column_rp[col_headers].append( - values.__getattribute__(sheet_dict_rp[col_headers])) + # Retrieve the values for the routing policies + for rp, values in eachlbr.__getattribute__('routing_policies').items(): + for col_headers in values_for_column_rp.keys(): + headers_lower = commonTools.check_column_headers(col_headers) + if col_headers in sheet_dict_common.keys(): + values_for_column_rp = common_headers(region, col_headers, values_for_column_rp, eachlbr, + sheet_dict_common, lbr_compartment_name) + elif col_headers == 'LBR Name': + values_for_column_rp[col_headers].append(eachlbr.display_name) + + elif col_headers == 'Routing Policy Name': + values_for_column_rp[col_headers].append(values.__getattribute__('name')) + + elif col_headers == "Rules": + rules = [] + for rule in values.rules: + if hasattr(rule, 'actions') and rule.actions and hasattr(rule.actions[0], 'backend_set_name'): + backend_set_name = rule.actions[0].backend_set_name else: - # Process the remaining Columns - oci_objs = [eachlbr, values] - values_for_column_rp = commonTools.export_extra_columns(oci_objs, col_headers, - sheet_dict_rp, + backend_set_name = None + + name = rule.name.strip("\n") + condition = rule.condition.strip("\n") + backend_set_name = backend_set_name.strip("\n") + rule_str = f"{name}::{condition}::{backend_set_name}" + rules.append(rule_str) + rules_string = "\n".join(rules) + values_for_column_rp[col_headers].append(rules_string) + + elif col_headers in sheet_dict_rp.keys(): + values_for_column_rp[col_headers].append( + values.__getattribute__(sheet_dict_rp[col_headers])) + + else: + # Process the remaining Columns + oci_objs = [eachlbr, values] + values_for_column_rp = commonTools.export_extra_columns(oci_objs, col_headers, + sheet_dict_rp, values_for_column_rp) return values_for_column_rp @@ -968,7 +976,7 @@ def export_lbr(inputfile, outdir, service_dir, config1, signer1, ct, export_comp print("\nFetching details of Load Balancer...") # Create backups - file_name = 'import_commands_lbr_nonGF.sh' + file_name = 'import_commands_lbr.sh' resource = 'import_lbr' total_resources=0 diff --git a/cd3_automation_toolkit/Network/LoadBalancers/templates/backend-set-template b/cd3_automation_toolkit/Network/LoadBalancers/templates/backend-set-template index 77ceda4e0..6d14ad852 100644 --- a/cd3_automation_toolkit/Network/LoadBalancers/templates/backend-set-template +++ b/cd3_automation_toolkit/Network/LoadBalancers/templates/backend-set-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Network # Backend Sets - tfvars diff --git a/cd3_automation_toolkit/Network/LoadBalancers/templates/backends-template b/cd3_automation_toolkit/Network/LoadBalancers/templates/backends-template index 847e161d7..dcc200cea 100644 --- a/cd3_automation_toolkit/Network/LoadBalancers/templates/backends-template +++ b/cd3_automation_toolkit/Network/LoadBalancers/templates/backends-template @@ -1,5 +1,4 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. ############################# # Network diff --git a/cd3_automation_toolkit/Network/LoadBalancers/templates/certificate-template b/cd3_automation_toolkit/Network/LoadBalancers/templates/certificate-template index 06cb88d9d..cb633cc23 100644 --- a/cd3_automation_toolkit/Network/LoadBalancers/templates/certificate-template +++ b/cd3_automation_toolkit/Network/LoadBalancers/templates/certificate-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Network # Certificates - tfvars diff --git a/cd3_automation_toolkit/Network/LoadBalancers/templates/cipher-suite-template b/cd3_automation_toolkit/Network/LoadBalancers/templates/cipher-suite-template index 197a8e8d3..66aecbd81 100644 --- a/cd3_automation_toolkit/Network/LoadBalancers/templates/cipher-suite-template +++ b/cd3_automation_toolkit/Network/LoadBalancers/templates/cipher-suite-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Network # Cipher Suites - tfvars diff --git a/cd3_automation_toolkit/Network/LoadBalancers/templates/hostname-template b/cd3_automation_toolkit/Network/LoadBalancers/templates/hostname-template index e1a806639..b76fcb0c5 100644 --- a/cd3_automation_toolkit/Network/LoadBalancers/templates/hostname-template +++ b/cd3_automation_toolkit/Network/LoadBalancers/templates/hostname-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Network # Hostname - tfvars diff --git a/cd3_automation_toolkit/Network/LoadBalancers/templates/lb-routing-policy-template b/cd3_automation_toolkit/Network/LoadBalancers/templates/lb-routing-policy-template index 1785895ee..6b81c3aad 100755 --- a/cd3_automation_toolkit/Network/LoadBalancers/templates/lb-routing-policy-template +++ b/cd3_automation_toolkit/Network/LoadBalancers/templates/lb-routing-policy-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2024, 2025, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Network # Routing Policy - tfvars diff --git a/cd3_automation_toolkit/Network/LoadBalancers/templates/lbr-reserved-ips-template b/cd3_automation_toolkit/Network/LoadBalancers/templates/lbr-reserved-ips-template index e30ae5193..d753f347f 100644 --- a/cd3_automation_toolkit/Network/LoadBalancers/templates/lbr-reserved-ips-template +++ b/cd3_automation_toolkit/Network/LoadBalancers/templates/lbr-reserved-ips-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Network # Create Reserved IPs for Load Balancers diff --git a/cd3_automation_toolkit/Network/LoadBalancers/templates/lbr-template b/cd3_automation_toolkit/Network/LoadBalancers/templates/lbr-template index 202193b0a..3eba67719 100644 --- a/cd3_automation_toolkit/Network/LoadBalancers/templates/lbr-template +++ b/cd3_automation_toolkit/Network/LoadBalancers/templates/lbr-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Network # Load Balancers - tfvars diff --git a/cd3_automation_toolkit/Network/LoadBalancers/templates/listener-template b/cd3_automation_toolkit/Network/LoadBalancers/templates/listener-template index 8e2910b83..447afa432 100644 --- a/cd3_automation_toolkit/Network/LoadBalancers/templates/listener-template +++ b/cd3_automation_toolkit/Network/LoadBalancers/templates/listener-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Network # Listeners - tfvars diff --git a/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-backend-set-template b/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-backend-set-template index 83ab1e010..e93ede3e5 100644 --- a/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-backend-set-template +++ b/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-backend-set-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Network # Network Load Balancers Backend Sets - tfvars diff --git a/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-backends-template b/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-backends-template index 10dccff9a..cad0f87a2 100644 --- a/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-backends-template +++ b/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-backends-template @@ -1,5 +1,4 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. ############################# # Network diff --git a/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-listener-template b/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-listener-template index a485bf5eb..06706869f 100644 --- a/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-listener-template +++ b/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-listener-template @@ -1,7 +1,8 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Network # Listeners - tfvars diff --git a/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-reserved-ips-template b/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-reserved-ips-template index ffe2df262..c7aa796b3 100644 --- a/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-reserved-ips-template +++ b/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-reserved-ips-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Network # Create Reserved IPs for Network Load Balancers diff --git a/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-template b/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-template index a413e82e7..3f5901f0e 100644 --- a/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-template +++ b/cd3_automation_toolkit/Network/LoadBalancers/templates/nlb-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Network # Network Load Balancers - tfvars diff --git a/cd3_automation_toolkit/Network/LoadBalancers/templates/path-route-set-template b/cd3_automation_toolkit/Network/LoadBalancers/templates/path-route-set-template index ef3370100..7802f42e3 100644 --- a/cd3_automation_toolkit/Network/LoadBalancers/templates/path-route-set-template +++ b/cd3_automation_toolkit/Network/LoadBalancers/templates/path-route-set-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Network # Path Route Set - tfvars diff --git a/cd3_automation_toolkit/Network/LoadBalancers/templates/rule-set-template b/cd3_automation_toolkit/Network/LoadBalancers/templates/rule-set-template index 7af8b09e6..33e6fd878 100644 --- a/cd3_automation_toolkit/Network/LoadBalancers/templates/rule-set-template +++ b/cd3_automation_toolkit/Network/LoadBalancers/templates/rule-set-template @@ -1,6 +1,7 @@ {% if (skeleton and count == 0) %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################# # Network # Rule Set - tfvars diff --git a/cd3_automation_toolkit/OCI_Regions b/cd3_automation_toolkit/OCI_Regions index da2a8419e..7cecb1f0c 100644 --- a/cd3_automation_toolkit/OCI_Regions +++ b/cd3_automation_toolkit/OCI_Regions @@ -8,6 +8,7 @@ bogota:sa-bogota-1 mumbai:ap-mumbai-1 paris:eu-paris-1 cardiff:uk-cardiff-1 +dallas:us-dallas-1 dubai:me-dubai-1 frankfurt:eu-frankfurt-1 saopaulo:sa-saopaulo-1 diff --git a/cd3_automation_toolkit/Release-Notes b/cd3_automation_toolkit/Release-Notes index 03f492dde..181f5096b 100644 --- a/cd3_automation_toolkit/Release-Notes +++ b/cd3_automation_toolkit/Release-Notes @@ -1,3 +1,20 @@ +------------------------------------- +CD3 Automation Toolkit Tag v2024.4.1 +Sep 30th, 2024 +------------------------------------- +1. Call CD3 Validator for services while invoking create workflow for that service. +2. Multi Prefix Support using Jenkins. Toolkit can be setup for multiple prefixes by specifying different values in tenancyconfig.properties. +3. CD3 VM RM Stack enhancements - + a. disable legacy IMDS endpoints + b. enable in transit encryption + c. enable bastion plugin + d. specify custom boot volume size. +4. Bug fixes/Enhancements - + a. Skip cross tenancy RPCs while exporting network components. + b. Support for cross region replication feature for default vault as well. + c. Identity domain users/groups terraform modules enhancement to support optional attributes. + d. Fetch compatible image OCIDs during createTenancyConfig.py + ------------------------------------- CD3 Automation Toolkit Tag v2024.4.0 Aug 16th, 2024 diff --git a/cd3_automation_toolkit/SDDC/templates/sddc-cluster-template b/cd3_automation_toolkit/SDDC/templates/sddc-cluster-template index e3f84ff14..4e4478e8b 100644 --- a/cd3_automation_toolkit/SDDC/templates/sddc-cluster-template +++ b/cd3_automation_toolkit/SDDC/templates/sddc-cluster-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # SDDC cluster # SDDC cluster - tfvars diff --git a/cd3_automation_toolkit/SDDC/templates/sddc-template b/cd3_automation_toolkit/SDDC/templates/sddc-template index 595c4136e..ba9de85e2 100755 --- a/cd3_automation_toolkit/SDDC/templates/sddc-template +++ b/cd3_automation_toolkit/SDDC/templates/sddc-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # SDDCs # SDDC - tfvars diff --git a/cd3_automation_toolkit/Security/CloudGuard/templates/cloud-guard-config-template b/cd3_automation_toolkit/Security/CloudGuard/templates/cloud-guard-config-template index 543f234dc..ad8ad9cf3 100644 --- a/cd3_automation_toolkit/Security/CloudGuard/templates/cloud-guard-config-template +++ b/cd3_automation_toolkit/Security/CloudGuard/templates/cloud-guard-config-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Security # Create Cloud Guard and Alerts diff --git a/cd3_automation_toolkit/Security/CloudGuard/templates/cloud-guard-target-template b/cd3_automation_toolkit/Security/CloudGuard/templates/cloud-guard-target-template index 20931cad7..755d3de2c 100644 --- a/cd3_automation_toolkit/Security/CloudGuard/templates/cloud-guard-target-template +++ b/cd3_automation_toolkit/Security/CloudGuard/templates/cloud-guard-target-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Security # Create Cloud Guard and Alerts diff --git a/cd3_automation_toolkit/Security/Firewall/templates/firewall-policies-template b/cd3_automation_toolkit/Security/Firewall/templates/firewall-policies-template index 7cf0760b3..7dea95b28 100644 --- a/cd3_automation_toolkit/Security/Firewall/templates/firewall-policies-template +++ b/cd3_automation_toolkit/Security/Firewall/templates/firewall-policies-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. -############################ +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +############################# # Firewall Policy # Firewall Policy - tfvars # Allowed Values: diff --git a/cd3_automation_toolkit/Security/Firewall/templates/firewalls-template b/cd3_automation_toolkit/Security/Firewall/templates/firewalls-template index 57a92198c..edd380251 100644 --- a/cd3_automation_toolkit/Security/Firewall/templates/firewalls-template +++ b/cd3_automation_toolkit/Security/Firewall/templates/firewalls-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. -############################ +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +############################# # Firewalls # Firewall -tfvars # Allowed Values: diff --git a/cd3_automation_toolkit/Security/Firewall/templates/policy-addresslists-template b/cd3_automation_toolkit/Security/Firewall/templates/policy-addresslists-template index a8a74d53a..9f85b870d 100644 --- a/cd3_automation_toolkit/Security/Firewall/templates/policy-addresslists-template +++ b/cd3_automation_toolkit/Security/Firewall/templates/policy-addresslists-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. -############################ +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +############################# # Firewall Policy Address Lists # Firewall Policy Address List - tfvarsß # Allowed Values: diff --git a/cd3_automation_toolkit/Security/Firewall/templates/policy-applicationlists-template b/cd3_automation_toolkit/Security/Firewall/templates/policy-applicationlists-template index c837f399d..c9611690d 100644 --- a/cd3_automation_toolkit/Security/Firewall/templates/policy-applicationlists-template +++ b/cd3_automation_toolkit/Security/Firewall/templates/policy-applicationlists-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. -############################ +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +############################# # Firewall Policy Application Lists # Firewall Policy Application List - tfvars # Allowed Values: diff --git a/cd3_automation_toolkit/Security/Firewall/templates/policy-apps-template b/cd3_automation_toolkit/Security/Firewall/templates/policy-apps-template index a38151707..e4689c6dd 100644 --- a/cd3_automation_toolkit/Security/Firewall/templates/policy-apps-template +++ b/cd3_automation_toolkit/Security/Firewall/templates/policy-apps-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. -############################ +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +############################# # Firewall Policy Applications # Firewall Policy Application - tfvars # Allowed Values: diff --git a/cd3_automation_toolkit/Security/Firewall/templates/policy-decryptionprofiles-template b/cd3_automation_toolkit/Security/Firewall/templates/policy-decryptionprofiles-template index a4c5890a2..73fcd043a 100644 --- a/cd3_automation_toolkit/Security/Firewall/templates/policy-decryptionprofiles-template +++ b/cd3_automation_toolkit/Security/Firewall/templates/policy-decryptionprofiles-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. -############################ +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +############################# # Firewall Policy Decryption Profiles # Firewall Policy Decryption Profile - tfvars # Allowed Values: diff --git a/cd3_automation_toolkit/Security/Firewall/templates/policy-decryptrules-template b/cd3_automation_toolkit/Security/Firewall/templates/policy-decryptrules-template index 791ea6a2a..2745102d0 100644 --- a/cd3_automation_toolkit/Security/Firewall/templates/policy-decryptrules-template +++ b/cd3_automation_toolkit/Security/Firewall/templates/policy-decryptrules-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. -############################ +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +############################# # Firewall Policy Decryption Rules # Firewall Policy Decryption Rule - tfvars # Allowed Values: diff --git a/cd3_automation_toolkit/Security/Firewall/templates/policy-secrets-template b/cd3_automation_toolkit/Security/Firewall/templates/policy-secrets-template index cf8579d24..4ccc6dcea 100644 --- a/cd3_automation_toolkit/Security/Firewall/templates/policy-secrets-template +++ b/cd3_automation_toolkit/Security/Firewall/templates/policy-secrets-template @@ -1,4 +1,6 @@ {% if count == 0 %} +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. ############################ # Firewall Policy Secrets # Firewall Policy Secret - tfvars diff --git a/cd3_automation_toolkit/Security/Firewall/templates/policy-secrules-template b/cd3_automation_toolkit/Security/Firewall/templates/policy-secrules-template index 4860b14eb..ad99cfed8 100644 --- a/cd3_automation_toolkit/Security/Firewall/templates/policy-secrules-template +++ b/cd3_automation_toolkit/Security/Firewall/templates/policy-secrules-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. -############################ +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +############################# # Firewall Policy Security Rules # Firewall Policy Security Rule - tfvars # Allowed Values: diff --git a/cd3_automation_toolkit/Security/Firewall/templates/policy-servicelists-template b/cd3_automation_toolkit/Security/Firewall/templates/policy-servicelists-template index d12915d88..ddd7dfa37 100644 --- a/cd3_automation_toolkit/Security/Firewall/templates/policy-servicelists-template +++ b/cd3_automation_toolkit/Security/Firewall/templates/policy-servicelists-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. -############################ +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +############################# # Firewall Policy Service Lists # Firewall Policy Service List - tfvars # Allowed Values: diff --git a/cd3_automation_toolkit/Security/Firewall/templates/policy-services-template b/cd3_automation_toolkit/Security/Firewall/templates/policy-services-template index 62a4c3289..527047b95 100644 --- a/cd3_automation_toolkit/Security/Firewall/templates/policy-services-template +++ b/cd3_automation_toolkit/Security/Firewall/templates/policy-services-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. -############################ +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +############################# # Firewall Policy Services # Firewall Policy Service - tfvars # Allowed Values: diff --git a/cd3_automation_toolkit/Security/Firewall/templates/policy-urllists-template b/cd3_automation_toolkit/Security/Firewall/templates/policy-urllists-template index 48ec6cac1..532bf8b1b 100644 --- a/cd3_automation_toolkit/Security/Firewall/templates/policy-urllists-template +++ b/cd3_automation_toolkit/Security/Firewall/templates/policy-urllists-template @@ -1,4 +1,6 @@ {% if count == 0 %} +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. ############################ # Firewall Policy URL Lists # Firewall Policy URL List - tfvars diff --git a/cd3_automation_toolkit/Security/KeyVault/create_terraform_keyvaults.py b/cd3_automation_toolkit/Security/KeyVault/create_terraform_keyvaults.py index 64d08fec3..143066369 100644 --- a/cd3_automation_toolkit/Security/KeyVault/create_terraform_keyvaults.py +++ b/cd3_automation_toolkit/Security/KeyVault/create_terraform_keyvaults.py @@ -140,18 +140,13 @@ def create_terraform_keyvaults(inputfile, outdir, service_dir, prefix, ct): if columnvalue != '' and columnvalue.lower() != 'nan': columnvalue = columnvalue.strip().lower() if columnvalue != region: - if flag == 1: - if columnvalue in commonTools.endNames: - break - if columnvalue not in ct.all_regions: - print( - "ROW "+str(i+3)+": Invalid Replica Region!! Tenancy is not subscribed to this region. Please try again") - exit(1) - tempdict_vault = {'replica_region': ct.region_dict[columnvalue]} - else: + if columnvalue in commonTools.endNames: + break + if columnvalue not in ct.all_regions: print( - "ROW "+str(i+3)+": Error!! Replication can only be done for Virtual Private vaults. Remove the entry and try again. Exiting...") + "ROW "+str(i+3)+": Invalid Replica Region!! Tenancy is not subscribed to this region. Please try again") exit(1) + tempdict_vault = {'replica_region': ct.region_dict[columnvalue]} else: print( "ROW "+str(i+3)+": Error!! Replica region can't be same as the primary vault's region. Try with a different region. Exiting...") diff --git a/cd3_automation_toolkit/Security/KeyVault/export_keyvaults_nonGreenField.py b/cd3_automation_toolkit/Security/KeyVault/export_keyvaults_nonGreenField.py index e9dda66eb..ae49ee252 100644 --- a/cd3_automation_toolkit/Security/KeyVault/export_keyvaults_nonGreenField.py +++ b/cd3_automation_toolkit/Security/KeyVault/export_keyvaults_nonGreenField.py @@ -7,7 +7,6 @@ # Author: Lasya Vadavalli # Oracle Consulting # - import sys import oci from oci.key_management import KmsVaultClient @@ -15,6 +14,7 @@ import subprocess as sp sys.path.append(os.getcwd() + "/..") from commonTools import * +from oci.exceptions import TransientServiceError # Execution of the code begins here def export_keyvaults(inputfile, outdir, service_dir, config, signer, ct, export_regions=[], export_compartments=[]): @@ -66,6 +66,7 @@ def export_keyvaults(inputfile, outdir, service_dir, config, signer, ct, export_ pass kms_vault_client = KmsVaultClient(config=config, retry_strategy=oci.retry.DEFAULT_RETRY_STRATEGY, signer=signer) for ntk_compartment_name in export_compartments: + vaults = oci.pagination.list_call_get_all_results(kms_vault_client.list_vaults, compartment_id=ct.ntk_compartment_ids[ ntk_compartment_name]) @@ -73,151 +74,151 @@ def export_keyvaults(inputfile, outdir, service_dir, config, signer, ct, export_ for vault in vaults.data: get_vault_data = kms_vault_client.get_vault(vault_id=vault.id).data key_count = 0 - if vault.lifecycle_state == "ACTIVE": - total_vaults += 1 - vault_tf_name = commonTools.check_tf_variable(vault.display_name) - tf_resource = f'module.vaults[\\"{vault_tf_name}\\"].oci_kms_vault.vault' - if tf_resource not in state["resources"]: - importCommands += f'\n{tf_or_tofu} import "{tf_resource}" {vault.id}' - kms_key_client = oci.key_management.KmsManagementClient(config, - service_endpoint=vault.management_endpoint) - keys = oci.pagination.list_call_get_all_results(kms_key_client.list_keys, - compartment_id=ct.ntk_compartment_ids[ntk_compartment_name]) - - if keys.data != []: - for key in keys.data: - first_key = False - if key.lifecycle_state != "PENDING_DELETION": - key_count += 1 - total_keys += 1 - key_tf_name = commonTools.check_tf_variable(key.display_name) - tf_resource = f'module.keys[\\"{key_tf_name}\\"].oci_kms_key.key' - if tf_resource not in state["resources"]: - importCommands += f'\n{tf_or_tofu} import "{tf_resource}" managementEndpoint/{vault.management_endpoint}/keys/{key.id}' - get_key_data = kms_key_client.get_key(key_id=key.id).data - if get_key_data.vault_id == vault.id and get_key_data.lifecycle_state != "PENDING_DELETION": - if key_count == 1: - first_key = True - - if first_key == True: - for col_header in values_for_column_kms.keys(): - if col_header == 'Region': - values_for_column_kms[col_header].append(reg) - elif col_header == 'Vault Compartment Name': - values_for_column_kms[col_header].append(ntk_compartment_name) - elif col_header == 'Vault Display Name': - values_for_column_kms[col_header].append(vault.display_name) - elif col_header == 'Vault type': - values_for_column_kms[col_header].append(vault.vault_type) - elif col_header == 'Replica Region': - if vault.vault_type.lower() == "default": - values_for_column_kms[col_header].append('') - elif vault.vault_type.lower() == "virtual_private": - if kms_vault_client.list_vault_replicas(vault_id=vault.id).data == []: + if vault.lifecycle_state not in ["DELETED", "PENDING_DELETION", "SCHEDULING_DELETION"]: + try: + replicas = kms_vault_client.list_vault_replicas(vault_id=vault.id).data + for replica in replicas: + region_name = None + for region, region_identifier in ct.region_dict.items(): + if region_identifier == replica.region: + region_name = region + break + kms_key_client = oci.key_management.KmsManagementClient(config,service_endpoint=vault.management_endpoint,retry_strategy=oci.retry.DEFAULT_RETRY_STRATEGY,signer=signer) + keys = oci.pagination.list_call_get_all_results(kms_key_client.list_keys, compartment_id=ct.ntk_compartment_ids[ + ntk_compartment_name]) + total_vaults += 1 + vault_tf_name = commonTools.check_tf_variable(vault.display_name) + tf_resource = f'module.vaults[\\"{vault_tf_name}\\"].oci_kms_vault.vault' + if tf_resource not in state["resources"]: + importCommands += f'\n{tf_or_tofu} import "{tf_resource}" {vault.id}' + + + if keys.data != []: + for key in keys.data: + first_key = False + if key.lifecycle_state not in ["DELETED", "PENDING_DELETION", "SCHEDULING_DELETION"]: + key_count += 1 + total_keys += 1 + key_tf_name = commonTools.check_tf_variable(key.display_name) + tf_resource = f'module.keys[\\"{key_tf_name}\\"].oci_kms_key.key' + if tf_resource not in state["resources"]: + importCommands += f'\n{tf_or_tofu} import "{tf_resource}" managementEndpoint/{vault.management_endpoint}/keys/{key.id}' + get_key_data = kms_key_client.get_key(key_id=key.id).data + if get_key_data.vault_id == vault.id and get_key_data.lifecycle_state != "PENDING_DELETION": + if key_count == 1: + first_key = True + + if first_key == True: + for col_header in values_for_column_kms.keys(): + if col_header == 'Region': + values_for_column_kms[col_header].append(reg) + elif col_header == 'Vault Compartment Name': + values_for_column_kms[col_header].append(ntk_compartment_name) + elif col_header == 'Vault Display Name': + values_for_column_kms[col_header].append(vault.display_name) + elif col_header == 'Vault type': + values_for_column_kms[col_header].append(vault.vault_type) + + elif col_header == 'Replica Region': + if not replicas: values_for_column_kms[col_header].append('') else: - for replica in kms_vault_client.list_vault_replicas(vault_id=vault.id).data: - for region, region_identifier in ct.region_dict.items(): - if region_identifier == replica.region: - region_name = region - values_for_column_kms[col_header].append(region_name) - else: - pass - elif str(col_header).lower() in ["vault defined tags", "vault freeform tags"]: - values_for_column_kms = commonTools.export_tags(vault, col_header, - values_for_column_kms) - - elif col_header == 'Key Compartment Name': - comp_name = comp_name_list[comp_id_list.index(get_key_data.compartment_id)] - values_for_column_kms[col_header].append(comp_name) - elif col_header == 'Key Display Name': - values_for_column_kms[col_header].append(get_key_data.display_name) - elif col_header == 'Protection mode': - values_for_column_kms[col_header].append(get_key_data.protection_mode) - elif col_header == 'Algorithm': - values_for_column_kms[col_header].append(get_key_data.key_shape.algorithm) - elif col_header == 'Length in bits': - values_for_column_kms[col_header].append((get_key_data.key_shape.length)*8) - elif col_header == 'Curve Id': - values_for_column_kms[col_header].append(get_key_data.key_shape.curve_id if get_key_data.key_shape.algorithm == 'ECDSA' else '') - elif col_header == 'Auto rotation': - values_for_column_kms[col_header].append("TRUE" if get_key_data.is_auto_rotation_enabled==True else "FALSE") - elif col_header == 'Rotation interval in days': - values_for_column_kms[col_header].append(get_key_data.auto_key_rotation_details.rotation_interval_in_days if hasattr(get_key_data.auto_key_rotation_details, 'rotation_interval_in_days') else '') - elif str(col_header).lower() in ["key defined tags" , "key freeform tags"]: - if len(key.defined_tags) != 0: - values_for_column_kms = commonTools.export_tags(key, col_header, values_for_column_kms) - else: - values_for_column_kms[col_header].append('') - else: - oci_objs = [vault, key, get_key_data, get_vault_data, get_vault_data.replica_details] - values_for_column_kms = commonTools.export_extra_columns(oci_objs, col_header, - sheet_dict_kms, - values_for_column_kms) - else: - for col_header in values_for_column_kms.keys(): - if col_header == 'Key Compartment Name': - comp_name = comp_name_list[comp_id_list.index(get_key_data.compartment_id)] - values_for_column_kms[col_header].append(comp_name) - elif col_header == 'Key Display Name': - values_for_column_kms[col_header].append(get_key_data.display_name) - elif col_header == 'Protection mode': - values_for_column_kms[col_header].append(get_key_data.protection_mode) - elif col_header == 'Algorithm': - values_for_column_kms[col_header].append(get_key_data.key_shape.algorithm) - elif col_header == 'Length in bits': - values_for_column_kms[col_header].append((get_key_data.key_shape.length) * 8) - elif col_header == 'Curve Id': - values_for_column_kms[col_header].append( - get_key_data.key_shape.curve_id if get_key_data.key_shape.algorithm == 'ECDSA' else '') - elif col_header == 'Auto rotation': - values_for_column_kms[col_header].append("TRUE" if get_key_data.is_auto_rotation_enabled==True else "FALSE") - elif col_header == 'Rotation interval in days': - values_for_column_kms[col_header].append(get_key_data.auto_key_rotation_details.rotation_interval_in_days if hasattr(get_key_data.auto_key_rotation_details,'rotation_interval_in_days') else '') - elif str(col_header).lower() in ["key defined tags", "key freeform tags"]: - if len(key.defined_tags) != 0: - values_for_column_kms = commonTools.export_tags(key, col_header, + if region_name: + values_for_column_kms[col_header].append(region_name) + else: + values_for_column_kms[col_header].append('') + elif str(col_header).lower() in ["vault defined tags", "vault freeform tags"]: + values_for_column_kms = commonTools.export_tags(vault, col_header, values_for_column_kms) + + elif col_header == 'Key Compartment Name': + comp_name = comp_name_list[comp_id_list.index(get_key_data.compartment_id)] + values_for_column_kms[col_header].append(comp_name) + elif col_header == 'Key Display Name': + values_for_column_kms[col_header].append(get_key_data.display_name) + elif col_header == 'Protection mode': + values_for_column_kms[col_header].append(get_key_data.protection_mode) + elif col_header == 'Algorithm': + values_for_column_kms[col_header].append(get_key_data.key_shape.algorithm) + elif col_header == 'Length in bits': + values_for_column_kms[col_header].append((get_key_data.key_shape.length)*8) + elif col_header == 'Curve Id': + values_for_column_kms[col_header].append(get_key_data.key_shape.curve_id if get_key_data.key_shape.algorithm == 'ECDSA' else '') + elif col_header == 'Auto rotation': + values_for_column_kms[col_header].append("TRUE" if get_key_data.is_auto_rotation_enabled==True else "FALSE") + elif col_header == 'Rotation interval in days': + values_for_column_kms[col_header].append(get_key_data.auto_key_rotation_details.rotation_interval_in_days if hasattr(get_key_data.auto_key_rotation_details, 'rotation_interval_in_days') else '') + elif str(col_header).lower() in ["key defined tags" , "key freeform tags"]: + if len(key.defined_tags) != 0: + values_for_column_kms = commonTools.export_tags(key, col_header, values_for_column_kms) + else: + values_for_column_kms[col_header].append('') else: - values_for_column_kms[col_header].append('') - else: - oci_objs = [key, get_key_data] - values_for_column_kms = commonTools.export_extra_columns(oci_objs, col_header, - sheet_dict_kms, - values_for_column_kms) - pass - else: - for col_header in values_for_column_kms.keys(): - if col_header == 'Region': - values_for_column_kms[col_header].append(reg) - elif col_header == 'Vault Compartment Name': - values_for_column_kms[col_header].append(ntk_compartment_name) - elif col_header == 'Vault Display Name': - values_for_column_kms[col_header].append(vault.display_name) - elif col_header == 'Vault type': - values_for_column_kms[col_header].append(vault.vault_type) - elif col_header == 'Replica Region': - if vault.vault_type.lower() == "default": - values_for_column_kms[col_header].append('') - elif vault.vault_type.lower() == "virtual_private": - if kms_vault_client.list_vault_replicas(vault_id=vault.id).data == []: - values_for_column_kms[col_header].append('') - else: - for replica in kms_vault_client.list_vault_replicas(vault_id=vault.id).data: - for region, region_identifier in ct.region_dict.items(): - if region_identifier == replica.region: - region_name = region - values_for_column_kms[col_header].append(region_name) + oci_objs = [vault, key, get_key_data, get_vault_data, get_vault_data.replica_details] + values_for_column_kms = commonTools.export_extra_columns(oci_objs, col_header, + sheet_dict_kms, + values_for_column_kms) + else: + for col_header in values_for_column_kms.keys(): + if col_header == 'Key Compartment Name': + comp_name = comp_name_list[comp_id_list.index(get_key_data.compartment_id)] + values_for_column_kms[col_header].append(comp_name) + elif col_header == 'Key Display Name': + values_for_column_kms[col_header].append(get_key_data.display_name) + elif col_header == 'Protection mode': + values_for_column_kms[col_header].append(get_key_data.protection_mode) + elif col_header == 'Algorithm': + values_for_column_kms[col_header].append(get_key_data.key_shape.algorithm) + elif col_header == 'Length in bits': + values_for_column_kms[col_header].append((get_key_data.key_shape.length) * 8) + elif col_header == 'Curve Id': + values_for_column_kms[col_header].append( + get_key_data.key_shape.curve_id if get_key_data.key_shape.algorithm == 'ECDSA' else '') + elif col_header == 'Auto rotation': + values_for_column_kms[col_header].append("TRUE" if get_key_data.is_auto_rotation_enabled==True else "FALSE") + elif col_header == 'Rotation interval in days': + values_for_column_kms[col_header].append(get_key_data.auto_key_rotation_details.rotation_interval_in_days if hasattr(get_key_data.auto_key_rotation_details,'rotation_interval_in_days') else '') + elif str(col_header).lower() in ["key defined tags", "key freeform tags"]: + if len(key.defined_tags) != 0: + values_for_column_kms = commonTools.export_tags(key, col_header, + values_for_column_kms) + else: + values_for_column_kms[col_header].append('') else: + oci_objs = [key, get_key_data] + values_for_column_kms = commonTools.export_extra_columns(oci_objs, col_header, + sheet_dict_kms, + values_for_column_kms) pass - elif str(col_header).lower() in ["vault defined tags", "vault freeform tags"]: - values_for_column_kms = commonTools.export_tags(vault, col_header, - values_for_column_kms) - else: - oci_objs = [vault, get_vault_data, get_vault_data.replica_details] - values_for_column_kms = commonTools.export_extra_columns(oci_objs, col_header, - sheet_dict_kms, - values_for_column_kms) + else: + for col_header in values_for_column_kms.keys(): + if col_header == 'Region': + values_for_column_kms[col_header].append(reg) + elif col_header == 'Vault Compartment Name': + values_for_column_kms[col_header].append(ntk_compartment_name) + elif col_header == 'Vault Display Name': + values_for_column_kms[col_header].append(vault.display_name) + elif col_header == 'Vault type': + values_for_column_kms[col_header].append(vault.vault_type) + elif col_header == 'Replica Region': + if not replicas: + values_for_column_kms[col_header].append('') + else: + if region_name: + values_for_column_kms[col_header].append(region_name) + else: + values_for_column_kms[col_header].append('') + elif str(col_header).lower() in ["vault defined tags", "vault freeform tags"]: + values_for_column_kms = commonTools.export_tags(vault, col_header, + values_for_column_kms) + else: + oci_objs = [vault, get_vault_data, get_vault_data.replica_details] + values_for_column_kms = commonTools.export_extra_columns(oci_objs, col_header, + sheet_dict_kms, + values_for_column_kms) + + except TransientServiceError as e: + continue #Write Import Commands to script file init_commands = f'\n######### Writing import for OCI Vaults #########\n\n#!/bin/bash\n{tf_or_tofu} init' diff --git a/cd3_automation_toolkit/Security/KeyVault/templates/keys-template b/cd3_automation_toolkit/Security/KeyVault/templates/keys-template index 000a8075a..3d6acecbf 100644 --- a/cd3_automation_toolkit/Security/KeyVault/templates/keys-template +++ b/cd3_automation_toolkit/Security/KeyVault/templates/keys-template @@ -1,5 +1,4 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. ############################ # Security diff --git a/cd3_automation_toolkit/Security/KeyVault/templates/vaults-template b/cd3_automation_toolkit/Security/KeyVault/templates/vaults-template index 7dc8e3f19..3e9925869 100644 --- a/cd3_automation_toolkit/Security/KeyVault/templates/vaults-template +++ b/cd3_automation_toolkit/Security/KeyVault/templates/vaults-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Security # Create KMS Vault and Key diff --git a/cd3_automation_toolkit/Storage/BlockVolume/templates/blockvolumes-template b/cd3_automation_toolkit/Storage/BlockVolume/templates/blockvolumes-template index efb62b37a..2c569bc96 100644 --- a/cd3_automation_toolkit/Storage/BlockVolume/templates/blockvolumes-template +++ b/cd3_automation_toolkit/Storage/BlockVolume/templates/blockvolumes-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Block Volumes # Block Volumes - tfvars diff --git a/cd3_automation_toolkit/Storage/FileSystem/templates/export-resource-template b/cd3_automation_toolkit/Storage/FileSystem/templates/export-resource-template index 930adbf37..c1c871bac 100644 --- a/cd3_automation_toolkit/Storage/FileSystem/templates/export-resource-template +++ b/cd3_automation_toolkit/Storage/FileSystem/templates/export-resource-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Storage diff --git a/cd3_automation_toolkit/Storage/FileSystem/templates/fss-replication-template b/cd3_automation_toolkit/Storage/FileSystem/templates/fss-replication-template index 37be59161..4b18ed4a6 100644 --- a/cd3_automation_toolkit/Storage/FileSystem/templates/fss-replication-template +++ b/cd3_automation_toolkit/Storage/FileSystem/templates/fss-replication-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Storage diff --git a/cd3_automation_toolkit/Storage/FileSystem/templates/fss-template b/cd3_automation_toolkit/Storage/FileSystem/templates/fss-template index 59f50d32e..5d25fa8e2 100644 --- a/cd3_automation_toolkit/Storage/FileSystem/templates/fss-template +++ b/cd3_automation_toolkit/Storage/FileSystem/templates/fss-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Storage diff --git a/cd3_automation_toolkit/Storage/FileSystem/templates/mount-target-template b/cd3_automation_toolkit/Storage/FileSystem/templates/mount-target-template index 7c0069460..826e24212 100644 --- a/cd3_automation_toolkit/Storage/FileSystem/templates/mount-target-template +++ b/cd3_automation_toolkit/Storage/FileSystem/templates/mount-target-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Storage diff --git a/cd3_automation_toolkit/Storage/ObjectStorage/templates/oss-template b/cd3_automation_toolkit/Storage/ObjectStorage/templates/oss-template index 7ed8e9a5f..39eed82d1 100644 --- a/cd3_automation_toolkit/Storage/ObjectStorage/templates/oss-template +++ b/cd3_automation_toolkit/Storage/ObjectStorage/templates/oss-template @@ -1,6 +1,7 @@ {% if count == 0 %} -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Object Storage Service # Object Storage - tfvars diff --git a/cd3_automation_toolkit/cd3Validator.py b/cd3_automation_toolkit/cd3Validator.py index 21bb0d814..92bd715a9 100644 --- a/cd3_automation_toolkit/cd3Validator.py +++ b/cd3_automation_toolkit/cd3Validator.py @@ -11,7 +11,9 @@ import logging import ipaddress +import os from functools import partial +import inspect from oci.core.virtual_network_client import VirtualNetworkClient from commonTools import * @@ -455,7 +457,7 @@ def validate_vcns(filename, comp_ids, vcnobj):# config): # ,vcn_cidrs,vcn_compa if j == 'DNS Label' or commonTools.check_column_headers(j) in commonTools.tagColumns: continue else: - log(f'ROW {count+2} : Empty value at column {j}') + log(f'ROW {count+2} : Empty value at column "{j}".') vcn_empty_check = True if any([vcn_vcnname_check, vcn_reg_check, vcn_comp_check, vcn_empty_check, vcn_dnswrong_check, vcn_dns_length]): # or vcn_dnsdup_check == True): @@ -887,12 +889,12 @@ def validate_instances(filename,comp_ids,subnetobj,vcn_subnet_list,vcn_nsg_list) if columnname == 'Display Name': if columnvalue.lower()=='nan': - log(f'ROW {i+3} : Empty value at column Display Name') + log(f'ROW {i+3} : Empty value at column "Display Name"') inst_empty_check = True if columnname == 'Network Details': if columnvalue.lower()=='nan': - log(f'ROW {i+3} : Empty value at column Network Details.') + log(f'ROW {i+3} : Empty value at column "Network Details"') inst_empty_check = True else: # Cross check the VCN names in Instances and VCNs sheet @@ -1017,21 +1019,21 @@ def validate_blockvols(filename,comp_ids): log(f'ROW {i+3} : Kms Key ID is not in correct format.') bvs_invalid_check = True if commonTools.check_column_headers(columnname) == 'kms_key_id' and columnvalue.lower() != 'nan' and str(dfvol.loc[i, 'Block Volume Replica (Region::AD::Name)']).strip().lower() != 'nan': - log(f'ROW {i + 3} : Volume replication is not supported with volume encryption with Customer Managed Keys.') + log(f'ROW {i + 3} : Volume replication is not supported along with volume encryption with Customer Managed Keys.') bvs_invalid_check = True if columnname == 'Block Volume Replica (Region::AD::Name)': if columnvalue.lower() != 'nan' and columnvalue.lower() != '' and "::" not in columnvalue.strip(): - log(f'ROW {i + 3} : Block Volume Replicas Availability Domain(Region::AD::Name) not in correct format.' +columnname) + log(f'ROW {i + 3} : Block Volume Replicas Availability Domain not in correct format. Check column "' +columnname+"\"") bvs_invalid_check = True elif columnvalue.lower() != 'nan' and columnvalue.lower() != '' and "::" in columnvalue.strip(): block_volume_replicas_ads = columnvalue.strip().split("::") block_volume_replicas_region = (block_volume_replicas_ads[0]).lower() block_volume_replicas_ad = (block_volume_replicas_ads[1]).upper() if block_volume_replicas_region not in ct.all_regions or block_volume_replicas_ad not in ADS: - log(f'ROW {i + 3} : Volume replication Region is not subscribed or AD is not present in region. ' +columnname) + log(f'ROW {i + 3} : Volume replication Region is not subscribed to tenancy or AD is not present in destination region. Check column "' +columnname+"\"") bvs_invalid_check = True elif block_volume_replicas_region == str(dfvol.loc[i, 'Region']).strip().lower() and block_volume_replicas_ad == str(dfvol.loc[i, 'Availability Domain(AD1|AD2|AD3)']).strip().upper(): - log(f'ROW {i + 3} : Replication Region and AD can not be same as Volume Region and AD. ' + columnname) + log(f'ROW {i + 3} : Replication Region and AD can not be same as Volume Region and AD. Check column "' +columnname+"\"") bvs_invalid_check = True if columnname == 'Source Details': if columnvalue.lower() != 'nan' and columnvalue.lower() != '': @@ -1040,19 +1042,19 @@ def validate_blockvols(filename,comp_ids): "ocid1.blockvolumereplica.oc") or columnvalue.strip().startswith( "volumeBackup::") or columnvalue.strip().startswith( "volume::") or columnvalue.strip().startswith("blockVolumeReplica::")): - log(f'ROW {i + 3} : Source Details not in correct format. ' + columnname) + log(f'ROW {i + 3} : Source Details not in correct format. Check column "' +columnname+"\"") bvs_invalid_check = True if columnname == 'Autotune Type': if columnvalue.lower() != 'nan' and columnvalue.lower() != '' and columnvalue.strip().upper() not in ["BOTH","PERFORMANCE_BASED","DETACHED_VOLUME"]: - log(f'ROW {i + 3} : Value must be either PERFORMANCE_BASED or DETACHED_VOLUME or BOTH . ' +columnname) + log(f'ROW {i + 3} : Value must be either PERFORMANCE_BASED or DETACHED_VOLUME or BOTH. Check column "' +columnname+"\"") bvs_invalid_check = True elif columnvalue.strip().upper() == "BOTH" or columnvalue.strip().upper() == "PERFORMANCE_BASED": if "Max VPUS Per GB" in dfcolumns: if str(dfvol.loc[i, 'Max VPUS Per GB']).strip().lower() == 'nan': - log(f'ROW {i + 3} : For Autotune Type PERFORMANCE_BASED or BOTH column "Max VPUS Per GB" can not be left blank. ') + log(f'ROW {i + 3} : For Autotune Type PERFORMANCE_BASED or BOTH column "Max VPUS Per GB" can not be left blank.') bvs_invalid_check = True else: - log(f'ROW {i + 3} : For Autotune Type PERFORMANCE_BASED or BOTH column Max VPUS Per GB must be present in sheet and can not be left blank. ') + log(f'ROW {i + 3} : For Autotune Type PERFORMANCE_BASED or BOTH column "Max VPUS Per GB" must be present in sheet and can not be left blank.') bvs_invalid_check = True if str(dfvol.loc[i, 'Attached To Instance']).strip().lower() != 'nan' and str( @@ -1272,7 +1274,7 @@ def validate_policies(filename,comp_ids): dfp.loc[i, 'Name']).strip().lower() == 'nan' and str( dfp.loc[i, 'Compartment Name']).strip().lower() != 'nan' and str( dfp.loc[i, 'Policy Statements']).strip().lower() != 'nan': - log(f'ROW {i+3} : Empty value at column Name') + log(f'ROW {i+3} : Empty value at column "Name".') policies_empty_check = True if str(dfp.loc[i, 'Policy Statements']).strip().lower() == 'nan': @@ -1292,12 +1294,14 @@ def validate_policies(filename,comp_ids): policies_empty_check = True statement = str(dfp.loc[i, 'Policy Statements']).strip().lower() + ''' words = statement.split() if ('to' in words): verb = words[words.index('to') + 1] if verb not in ['inspect', 'read', 'use', 'manage']: log(f'ROW {i + 3} : Invalid verb used in Policy Statement') policies_invalid_check = True + ''' if policies_empty_check == True or policies_comp_check == True or policies_invalid_check == True: @@ -1611,37 +1615,41 @@ def validate_buckets(filename, comp_ids): if len(rule_components) == 4 and process_time_rule_locked: time_rule_locked = rule_components[3] - if time_rule_locked.endswith(".000Z"): - time_rule_locked = time_rule_locked[:-5] + "Z" - elif not re.match(r"\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z|\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z",time_rule_locked): - # Convert from "dd-mm-yyyy" to "YYYY-MM-DDThh:mm:ssZ" format - if re.match(r"\d{2}-\d{2}-\d{4}", time_rule_locked): - try: - datetime_obj = datetime.datetime.strptime(time_rule_locked, "%d-%m-%Y") - time_rule_locked = datetime_obj.strftime("%Y-%m-%dT%H:%M:%SZ") - except ValueError: + if time_rule_locked: + if time_rule_locked.endswith(".000Z"): + time_rule_locked = time_rule_locked[:-5] + "Z" + elif not re.match(r"\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z|\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z",time_rule_locked): + # Convert from "dd-mm-yyyy" to "YYYY-MM-DDThh:mm:ssZ" format + if re.match(r"\d{2}-\d{2}-\d{4}", time_rule_locked): + try: + datetime_obj = datetime.datetime.strptime(time_rule_locked, "%d-%m-%Y") + time_rule_locked = datetime_obj.strftime("%Y-%m-%dT%H:%M:%SZ") + except ValueError: + log(f'ROW {i + 3} : "time_rule_locked" of retention rule is not in valid format. It should be in the format "dd-mm-yyyy".') + buckets_invalid_check = True + continue + else: log(f'ROW {i + 3} : "time_rule_locked" of retention rule is not in valid format. It should be in the format "dd-mm-yyyy".') buckets_invalid_check = True continue - else: - log(f'ROW {i + 3} : "time_rule_locked" of retention rule is not in valid format. It should be in the format "dd-mm-yyyy".') + # Parse the time_rule_locked into a datetime object + try: + time_rule_locked_datetime = datetime.datetime.strptime(time_rule_locked, "%Y-%m-%dT%H:%M:%SZ") + except ValueError: + log(f'ROW {i + 3} : "time_rule_locked" of retention rule is not in valid format. It should be in the format "YYYY-MM-DDThh:mm:ssZ".') buckets_invalid_check = True continue - # Parse the time_rule_locked into a datetime object - try: - time_rule_locked_datetime = datetime.datetime.strptime(time_rule_locked, "%Y-%m-%dT%H:%M:%SZ") - except ValueError: - log(f'ROW {i + 3} : "time_rule_locked" of retention rule is not in valid format. It should be in the format "YYYY-MM-DDThh:mm:ssZ".') - buckets_invalid_check = True - continue - # Calculate the difference between current time and time_rule_locked - time_difference = time_rule_locked_datetime - current_time + # Calculate the difference between current time and time_rule_locked + time_difference = time_rule_locked_datetime - current_time - # Check if the difference is less than 14 days - if time_difference.days < 14: - log(f'ROW {i + 3} : "time_rule_locked" of retention rule must be more than 14 days from the current time.') - buckets_invalid_check = True + # Check if the difference is less than 14 days + if time_difference.days < 14: + log(f'ROW {i + 3} : "time_rule_locked" of retention rule must be more than 14 days from the current time.') + buckets_invalid_check = True + else: + # No action is required since time_rule_locked is optional + log(f'ROW {i + 3} : "time_rule_locked" is optional and skipped.') # Check for the Lifecycle Policy Details if lifecycle_input == True: @@ -1713,12 +1721,12 @@ def validate_kms(filename,comp_ids): if region == 'nan': pass elif region != 'nan' and region not in ct.all_regions: - log("\nROW " + str(i + 3) + ": ERROR!!! Invalid Region; It should be a valid region.") + log(f'ROW {i + 3} : "Region" {region} is not subscribed for tenancy.') kms_invalid_check = True vault_compartment_name = str(dfkms.loc[i, 'Vault Compartment Name']).strip() vault_display_name = str(dfkms.loc[i, 'Vault Display Name']).strip() - replica_region = str(dfkms.loc[i, 'Replica Region']).strip() + replica_region = str(dfkms.loc[i, 'Replica Region']).strip().lower() key_compartment_name = str(dfkms.loc[i, 'Key Compartment Name']).strip() key_display_name = str(dfkms.loc[i, 'Key Display Name']).strip() protection_mode = str(dfkms.loc[i, 'Protection mode']).strip() @@ -1743,7 +1751,7 @@ def validate_kms(filename,comp_ids): # Check Vault Compartment name if vault_compartment_name == 'nan' or vault_compartment_name == '': - log(f'ROW {i + 3} : Empty value at column "Vault Compartment Name"') + log(f'ROW {i + 3} : Empty value at column "Vault Compartment Name".') pass else: try: @@ -1754,7 +1762,7 @@ def validate_kms(filename,comp_ids): # Check Vault display name if vault_display_name == 'nan' or vault_display_name == '': - log(f'ROW {i + 3} : Empty value at column "Vault Display Name"') + log(f'ROW {i + 3} : Empty value at column "Vault Display Name".') kms_invalid_check = True else: if re.match("^[A-Za-z0-9_-]{1,100}$", vault_display_name.lower()): @@ -1772,7 +1780,7 @@ def validate_kms(filename,comp_ids): elif replica_region == 'nan': pass elif replica_region != 'nan' and replica_region not in ct.all_regions: - log(f'ROW {i + 3}: ERROR!!! Invalid Replica Region; It should be a valid region.') + log(f'ROW {i + 3} : "Replica Region" {region} is not subscribed for tenancy.') kms_invalid_check = True @@ -1794,7 +1802,7 @@ def validate_kms(filename,comp_ids): # Check key display name if key_display_name == 'nan' or key_display_name == '': - log(f'ROW {i + 3} : Empty value at column "Key Display Name"') + log(f'ROW {i + 3} : Empty value at column "Key Display Name".') kms_invalid_check = True else: if re.match("^[A-Za-z0-9_-]{1,100}$", key_display_name.lower()): @@ -1815,13 +1823,13 @@ def validate_kms(filename,comp_ids): # Check Length in bits if algorithm.lower() == "aes" and length_in_bits not in [128, 192, 256]: - log(f'ROW {i + 3} : Invalid length for {algorithm}') + log(f'ROW {i + 3} : Invalid length for "{algorithm}".') kms_invalid_check = True elif algorithm.lower() == "rsa" and length_in_bits not in [2048, 3072, 4096]: - log(f'ROW {i + 3} : Invalid length for {algorithm}') + log(f'ROW {i + 3} : Invalid length for "{algorithm}".') kms_invalid_check = True elif algorithm.lower() == "ecdsa" and length_in_bits not in [256, 384, 521]: - log(f'ROW {i + 3} : Invalid length for {algorithm}') + log(f'ROW {i + 3} : Invalid length for "{algorithm}".') kms_invalid_check = True # Check Curve Id @@ -1829,12 +1837,12 @@ def validate_kms(filename,comp_ids): log(f'ROW {i + 3} : Curve id is only valid for ECDSA keys') kms_invalid_check = True elif (algorithm.lower() == "ecdsa" and curve_id not in ['NIST_P256', 'NIST_P384', 'NIST_P521']): - log(f'ROW {i + 3} : Invalid curve id. It should be either "NIST_P256", "NIST_P384" or "NIST_P521"') + log(f'ROW {i + 3} : Invalid curve id. It should be either "NIST_P256", "NIST_P384" or "NIST_P521."') kms_invalid_check = True elif (algorithm.lower() == "ecdsa" and curve_id in ['NIST_P256', 'NIST_P384', 'NIST_P521']): if int(re.search(r'\d+', curve_id).group()) != int(length_in_bits): - log(f'ROW {i + 3} : Invalid curve id for the length specified') + log(f'ROW {i + 3} : Invalid curve id for the length specified.') kms_invalid_check = True # Check Auto rotation and rotation interval @@ -1846,7 +1854,7 @@ def validate_kms(filename,comp_ids): log(f'ROW {i + 3} : Rotation interval in days value cannot be empty if auto_rotation is enabled') kms_invalid_check = True if ((auto_rotation is False) or str(auto_rotation) == 'nan') and str(rotation_interval_in_days) != 'nan': - log(f'ROW {i + 3} : Rotation interval cannot be specified if auto rotation is not enabled') + log(f'ROW {i + 3} : Rotation interval cannot be specified if auto rotation is not enabled.') kms_invalid_check = True if str(rotation_interval_in_days) != 'nan' and not (60 <= int(rotation_interval_in_days) <= 365): log(f'ROW {i + 3} : Invalid Rotation interval. Value should be between 60-365.') @@ -1865,7 +1873,7 @@ def validate_cd3(choices, filename, var_file, prefix, outdir, ct1): #config1, si resource = "cd3validator" customer_tenancy_dir = outdir commonTools.backup_file(customer_tenancy_dir,resource,file) - logging.basicConfig(filename=customer_tenancy_dir+"/"+file, filemode="w", format="%(asctime)s - %(message)s", level=60) + logging.basicConfig(filename=customer_tenancy_dir+"/"+file, filemode="w", format="%(asctime)s - %(message)s", level=60, force = True) logger = logging.getLogger("cd3Validator") global log log = partial(logger.log, CD3_LOG_LEVEL) @@ -1903,12 +1911,14 @@ def validate_cd3(choices, filename, var_file, prefix, outdir, ct1): #config1, si budgets_check = False kms_check = False + errors = False + if not os.path.exists(filename): print("\nCD3 excel sheet not found at "+filename +"\nExiting!!") exit(1) #ct.get_network_compartment_ids(config['tenancy'], "root", configFileName) - print("Getting Compartments OCIDs...") + #print("Getting Compartments OCIDs...") ct.get_compartment_map(var_file,'Validator') vcnobj = parseVCNs(filename) @@ -1924,31 +1934,37 @@ def validate_cd3(choices, filename, var_file, prefix, outdir, ct1): #config1, si for options in choices: if ('Validate Compartments' in options[0]): log("============================= Verifying Compartments Tab ==========================================\n") - print("\nProcessing Compartments Tab..") + print("\nValidating Compartments Tab..") comp_check = validate_compartments(filename) + errors = comp_check if ('Validate Groups' in options[0]): log("\n============================= Verifying Groups Tab ==========================================\n") - print("\nProcessing Groups Tab..") + print("\nValidating Groups Tab..") groups_check = validate_groups(filename) + errors = groups_check if ('Validate Policies' in options[0]): log("\n============================= Verifying Policies Tab ==========================================\n") - print("\nProcessing Policies Tab..") + print("\nValidating Policies Tab..") policies_check = validate_policies(filename,ct.ntk_compartment_ids) + errors = policies_check if ('Validate Tags' in options[0]): log("\n============================= Verifying Tags Tab ==========================================\n") - print("\nProcessing Tags Tab..") + print("\nValidating Tags Tab..") tags_check = validate_tags(filename,ct.ntk_compartment_ids) + errors = tags_check if ('Validate Budgets' in options[0]): log("\n============================= Verifying Budgets Tab ==========================================\n") - print("\nProcessing Budgets Tab..") + print("\nValidating Budgets Tab..") budgets_check = validate_budgets(filename,ct.ntk_compartment_ids) + errors = budgets_check final_check.append(budgets_check) if ('Validate KMS' in options[0]): log("\n============================= Verifying KMS Tab ==========================================\n") - print("\nProcessing KMS Tab..") + print("\nValidating KMS Tab..") kms_check = validate_kms(filename,ct.ntk_compartment_ids) + errors = kms_check # CD3 Validation begins here for Network @@ -1957,67 +1973,77 @@ def validate_cd3(choices, filename, var_file, prefix, outdir, ct1): #config1, si log("\n============================= Verifying VCNs Tab ==========================================\n") log("\n====================== Note: LPGs will not be verified ====================================\n") - print("\nProcessing VCNs Tab..") + print("\nValidating VCNs Tab..") print("NOTE: LPGs will not be verified") vcn_check, vcn_cidr_check, vcn_peer_check = validate_vcns(filename, ct.ntk_compartment_ids, vcnobj) #, config) log("============================= Verifying SubnetsVLANs Tab ==========================================\n") - print("\nProcessing SubnetsVLANs Tab..") + print("\nValidating SubnetsVLANs Tab..") subnet_check, subnet_cidr_check = validate_subnets(filename, ct.ntk_compartment_ids, vcnobj) log("============================= Verifying DHCP Tab ==========================================\n") - print("\nProcessing DHCP Tab..") + print("\nValidating DHCP Tab..") dhcp_check = validate_dhcp(filename, ct.ntk_compartment_ids, vcnobj) log("============================= Verifying DRGs Tab ==========================================\n") - print("\nProcessing DRGs Tab..") + print("\nValidating DRGs Tab..") drgv2_check = validate_drgv2(filename, ct.ntk_compartment_ids, vcnobj) + if any([vcn_check, vcn_cidr_check, vcn_peer_check, subnet_check, subnet_cidr_check, dhcp_check, drgv2_check]): + errors = True + if ('Validate DNS' in options[0]): - log("\n============================= Verifying DNS Tab ==========================================\n") - print("\nProcessing DNS Tab..") + log("\n============================= Verifying DNS Tabs ==========================================\n") + print("\nValidating DNS Tab..") dns_check = validate_dns(filename,ct.ntk_compartment_ids) + errors = dns_check if ('Validate Instances' in options[0]): log("\n============================= Verifying Instances Tab ==========================================\n") - print("\nProcessing Instances Tab..") + print("\nValidating Instances Tab..") instances_check = validate_instances(filename,ct.ntk_compartment_ids,subnetobj,vcn_subnet_list,vcn_nsg_list) + errors = instances_check if ('Validate Block Volumes' in options[0]): log("\n============================= Verifying BlockVolumes Tab ==========================================\n") - print("\nProcessing BlockVolumes Tab..") + print("\nValidating BlockVolumes Tab..") bvs_check = validate_blockvols(filename,ct.ntk_compartment_ids) + errors = bvs_check if ('Validate FSS' in options[0]): log("\n============================= Verifying FSS Tab ==========================================\n") - print("\nProcessing FSS Tab..") + print("\nValidating FSS Tab..") fss_check = validate_fss(filename,ct.ntk_compartment_ids,subnetobj,vcn_subnet_list,vcn_nsg_list) + errors = fss_check if ('Validate Buckets' in options[0]): log("\n============================= Verifying Buckets Tab ==========================================\n") - print("\nProcessing Buckets Tab..") + print("\nValidating Buckets Tab..") buckets_check = validate_buckets(filename,ct.ntk_compartment_ids) + errors = budgets_check - - # Prints the final result; once the validation is complete + # Prints the final result; once the validation is complete if any([comp_check, groups_check, policies_check, tags_check, instances_check, dns_check, bvs_check,fss_check, vcn_check, vcn_cidr_check, vcn_peer_check, subnet_check, subnet_cidr_check, dhcp_check, drgv2_check,buckets_check, kms_check]) or False in final_check: log("=======") log("Summary:") log("=======") log("ERROR: Make appropriate changes to CD3 Values as per above Errors and try again !!!") - print("\n\nSummary:") - print("=======") + if inspect.stack()[1].function == 'validate_cd3': + print("\n\nSummary:") + print("=======") print("Errors Found!!!") + elif ('q' not in choices and 'm' not in choices): log("=======") log("Summary:") log("=======") - log("There are no errors in CD3. Please proceed with TF Generation\n") + log("There are no syntax errors in CD3. Proceed with TF Generation.\n") if(val_net == True): log("Verify LPG's Peering Check Status once in the log file. Otherwise You are good to proceed with TF !!!") - print("\n\nSummary:") - print("=======") - print("There are no errors in CD3. Please proceed with TF Generation\n") + if inspect.stack()[1].function == 'validate_cd3': + print("\n\nSummary:") + print("=======") + print("There are no syntax errors in CD3. Proceed with TF Generation.\n") if(val_net == True): print("Verify LPG's Peering Check Status once in the log file. Otherwise You are good to proceed !!!") # exit(0) @@ -2026,5 +2052,11 @@ def validate_cd3(choices, filename, var_file, prefix, outdir, ct1): #config1, si else: print("Invalid Choice....Exiting!!") exit(1) - print("Please check the log file at "+customer_tenancy_dir+"/"+file+"\n") + + if inspect.stack()[1].function == 'validate_cd3' or errors: + print("Please check the log file at " + customer_tenancy_dir + "/" + file + "\n") + + del(log) + del(logger) + return errors diff --git a/cd3_automation_toolkit/commonTools.py b/cd3_automation_toolkit/commonTools.py index 2a25df78c..1d87deca3 100644 --- a/cd3_automation_toolkit/commonTools.py +++ b/cd3_automation_toolkit/commonTools.py @@ -67,12 +67,15 @@ def __init__(self): self.identity_domain_enabled = False self.reg_filter = None self.comp_filter = None + self.vizoci_comp_filter = None self.default_dns = None + self.generate_graphs = None self.ins_pattern_filter = None self.ins_ad_filter = None self.bv_pattern_filter = None self.bv_ad_filter = None self.orm_reg_filter = None + self.vizoci_reg_filter = None self.orm_comp_filter = None self.vault_region = None self.vault_comp = None @@ -146,6 +149,10 @@ def get_export_filters(self,export_filters): self.comp_filter = (i.split("=")[1])[2:][:-2] self.comp_filter = self.comp_filter if self.comp_filter else "null" + if 'vizoci_comp_filter' in i: + self.vizoci_comp_filter = (i.split("=")[1])[2:][:-2] + self.vizoci_comp_filter = self.vizoci_comp_filter if self.vizoci_comp_filter else "null" + if 'domain_filter' in i: self.domain_filter = (i.split("=")[1])[2:][:-2] self.domain_filter = self.domain_filter if self.domain_filter else "null" @@ -153,6 +160,9 @@ def get_export_filters(self,export_filters): if 'default_dns' in i: self.default_dns = (i.split("=")[1])[2:][:-2] + if 'generate_graphs' in i: + self.generate_graphs = (i.split("=")[1])[2:][:-2] + if 'ins_pattern_filter' in i: self.ins_pattern_filter = (i.split("=")[1])[2:][:-2] @@ -168,6 +178,9 @@ def get_export_filters(self,export_filters): if 'orm_region' in i: self.orm_reg_filter = (i.split("=")[1])[2:][:-2] + if 'vizoci_reg_filter' in i: + self.vizoci_reg_filter = (i.split("=")[1])[2:][:-2] + if 'orm_compartments' in i: self.orm_comp_filter = (i.split("=")[1])[2:][:-2] self.orm_comp_filter = self.orm_comp_filter if self.orm_comp_filter else "null" @@ -374,12 +387,21 @@ def get_compartment_map(self, var_file, resource_name): if self.fwl_del_comp == "null": compartments = None else: - compartments = self.fwl_del_comp if self.fwl_del_comp else input( - compartment_list_str.format(resource_name)) + compartments = self.fwl_del_comp if self.fwl_del_comp else input(compartment_list_str.format(resource_name)) input_compartment_names = list( map(lambda x: x.strip(), compartments.split(','))) if compartments else None + + elif resource_name == "VizOCI": + compartment_list_str = "Enter name of the Compartment (as it appears in OCI) for which you want to run {};\nPress 'Enter' to run for all the Compartments: " + if self.vizoci_comp_filter == "null": + compartments = None + else: + compartments = self.vizoci_comp_filter if self.vizoci_comp_filter else input(compartment_list_str.format(resource_name)) + input_compartment_names = list( + map(lambda x: x.strip(), compartments.split(','))) if compartments else None + else: - compartment_list_str = "Enter name of Compartment as it appears in OCI (comma separated without spaces if multiple)for which you want to export {};\nPress 'Enter' to export from all the Compartments: " + compartment_list_str = "Enter name of Compartment as it appears in OCI (comma separated without spaces if multiple) for which you want to export {};\nPress 'Enter' to export from all the Compartments: " if self.comp_filter == "null": compartments = None else: diff --git a/cd3_automation_toolkit/example/CD3-Blank-template.xlsx b/cd3_automation_toolkit/example/CD3-Blank-template.xlsx index ca40f8d17..0000db17e 100644 Binary files a/cd3_automation_toolkit/example/CD3-Blank-template.xlsx and b/cd3_automation_toolkit/example/CD3-Blank-template.xlsx differ diff --git a/cd3_automation_toolkit/example/CD3-CIS-ManagementServices-template.xlsx b/cd3_automation_toolkit/example/CD3-CIS-ManagementServices-template.xlsx index 2aa41cf8d..c45cac0fc 100644 Binary files a/cd3_automation_toolkit/example/CD3-CIS-ManagementServices-template.xlsx and b/cd3_automation_toolkit/example/CD3-CIS-ManagementServices-template.xlsx differ diff --git a/cd3_automation_toolkit/example/CD3-CIS-template.xlsx b/cd3_automation_toolkit/example/CD3-CIS-template.xlsx index 23f864d5a..3c1f5e862 100644 Binary files a/cd3_automation_toolkit/example/CD3-CIS-template.xlsx and b/cd3_automation_toolkit/example/CD3-CIS-template.xlsx differ diff --git a/cd3_automation_toolkit/example/CD3-Firewall-template.xlsx b/cd3_automation_toolkit/example/CD3-Firewall-template.xlsx index 8e4a1bb9a..079f5b078 100644 Binary files a/cd3_automation_toolkit/example/CD3-Firewall-template.xlsx and b/cd3_automation_toolkit/example/CD3-Firewall-template.xlsx differ diff --git a/cd3_automation_toolkit/example/CD3-HubSpoke-template.xlsx b/cd3_automation_toolkit/example/CD3-HubSpoke-template.xlsx index 9ff453e09..16d6eabd4 100644 Binary files a/cd3_automation_toolkit/example/CD3-HubSpoke-template.xlsx and b/cd3_automation_toolkit/example/CD3-HubSpoke-template.xlsx differ diff --git a/cd3_automation_toolkit/example/CD3-SingleVCN-template.xlsx b/cd3_automation_toolkit/example/CD3-SingleVCN-template.xlsx index ae61bccf1..06e185bbc 100644 Binary files a/cd3_automation_toolkit/example/CD3-SingleVCN-template.xlsx and b/cd3_automation_toolkit/example/CD3-SingleVCN-template.xlsx differ diff --git a/cd3_automation_toolkit/setUpOCI.py b/cd3_automation_toolkit/setUpOCI.py index eb74104f9..9b6b353d7 100644 --- a/cd3_automation_toolkit/setUpOCI.py +++ b/cd3_automation_toolkit/setUpOCI.py @@ -1,7 +1,6 @@ import argparse import configparser -import re - +import json import Database import Identity import Compute @@ -20,7 +19,7 @@ import requests import subprocess import datetime,glob,os - + def show_firewall_options(options, quit=False, menu=False, extra=None, index=0): # Just add whitespace between number and option. It just makes it look better number_offset = len(str(len(options))) + 1 @@ -154,21 +153,29 @@ def execute_options(options, *args, **kwargs): with section(option.text): option.callback(*args, **kwargs) -def get_region_list(rm): - if rm == False: +def get_region_list(rm,vizoci): + if rm == False and vizoci==False: if devops: input_region_names = ct.reg_filter else: resource_name = 'OCI resources' region_list_str = "\nEnter region (comma separated without spaces if multiple) for which you want to export {}; Identity and Tags will be exported from Home Region.\nPress 'Enter' to export from all the subscribed regions- eg ashburn,phoenix: " input_region_names = input(region_list_str.format(resource_name)) - else: + elif rm == True and vizoci == False: if devops: input_region_names = ct.orm_reg_filter else: resource_name = 'Terraform Stack' region_list_str = "\nEnter region (comma separated without spaces if multiple) for which you want to upload {} - eg ashburn,phoenix,global: " input_region_names = input(region_list_str.format(resource_name)) + elif vizoci == True and rm == False: + if devops: + input_region_names = ct.vizoci_reg_filter + else: + resource_name = 'VizOCI' + region_list_str = "\nEnter region (comma separated without spaces if multiple) for which you want to run {} - eg ashburn,phoenix: " + input_region_names = input(region_list_str.format(resource_name)) + input_region_names = list(map(lambda x: x.strip(), input_region_names.split(','))) if input_region_names else None remove_regions = [] @@ -329,7 +336,7 @@ def validate_firewall_cd3(execute_all=False): cd3FirewallValidator.validate_firewall_cd3(inputfile, var_file, prefix, outdir, config, signer, ct) print("Exiting CD3 Firewall Validation...") -################## Export Identity ########################## +################## Export Functions ########################## def export_identityOptions(prim_options=[]): options = [Option("Export Compartments", export_compartments, 'Exporting Compartments'), Option("Export Groups",export_groups, 'Exporting Groups'), @@ -349,21 +356,24 @@ def export_identityOptions(prim_options=[]): def export_compartments(inputfile, outdir,config, signer, ct): resource = 'Compartments' Identity.export_identity(inputfile, outdir, service_dir_identity,resource, config, signer, ct) - create_identity(prim_options=['Add/Modify/Delete Compartments']) + options = [Option(None, create_compartments, 'Processing Compartments Tab'), ] + execute_options(options) print("\n\nExecute import_commands_compartments.sh script created under home region directory to synch TF with OCI Identity Compartments\n") def export_policies(inputfile, outdir,config, signer, ct): resource = 'IAM Policies' compartments = ct.get_compartment_map(var_file, resource) Identity.export_identity(inputfile, outdir, service_dir_identity,resource, config, signer, ct, export_compartments=compartments) - create_identity(prim_options=['Add/Modify/Delete Policies']) + options = [Option(None, create_policies, 'Processing Policies Tab'), ] + execute_options(options) print("\n\nExecute import_commands_policies.sh script created under home region directory to synch TF with OCI " +resource +"\n") def export_groups(inputfile, outdir,config, signer, ct): resource = 'IAM Groups' selected_domains_data = ct.get_identity_domain_data(config, signer, resource,var_file) Identity.export_identity(inputfile, outdir, service_dir_identity,resource, config, signer, ct, export_domains=selected_domains_data) - create_identity(prim_options=['Add/Modify/Delete Groups']) + options = [Option(None, create_groups, 'Processing Groups Tab'), ] + execute_options(options) print("\n\nExecute import_commands_groups.sh script created under home region directory to synch TF with OCI " +resource +"\n") @@ -372,29 +382,49 @@ def export_users(inputfile, outdir,config,signer, ct): # check if tenancy is identity_domain enabled selected_domains_data = ct.get_identity_domain_data(config, signer, resource,var_file) Identity.Users.export_users(inputfile, outdir, service_dir_identity, config, signer, ct,export_domains=selected_domains_data) - create_identity(prim_options=['Add/Modify/Delete Users']) + options = [Option(None, Identity.Users.create_terraform_users, 'Processing Users Tab'), ] + execute_options(options,inputfile, outdir,service_dir_identity, prefix, ct) print("\n\nExecute import_commands_users.sh script created under home region directory to synch TF with OCI " +resource +"\n") def export_networkSources(inputfile, outdir, config, signer, ct): resource = 'Network Sources' Identity.NetworkSources.export_networkSources(inputfile, outdir, service_dir_identity, config, signer, ct) - create_identity(prim_options=['Add/Modify/Delete Network Sources']) + options = [Option(None, Identity.NetworkSources.create_terraform_networkSources, 'Processing NetworkSources Tab'), ] + execute_options(options, inputfile, outdir, service_dir_identity, prefix, ct) print("\n\nExecute import_commands_networkSources.sh script created under home region directory to synch TF with OCI " +resource +"\n") def export_governance(prim_options=[]): options = [ - Option('Export Tags', export_tags, 'Tagging'), - Option('Export Quotas', export_quotas, 'Quotas')] + Option('Export Tags', export_tags, 'Exporting Tags'), + Option('Export Quotas', export_quotas, 'Exporting Quotas')] if prim_options: options = match_options(options, prim_options) else: options = show_options(options, quit=True, menu=True, index=1) execute_options(options) +def export_tags(prim_options=[]): + compartments = ct.get_compartment_map(var_file, 'Tagging Objects') + Governance.export_tags_nongreenfield(inputfile, outdir, service_dir_tagging, config, signer, ct, export_compartments=compartments) + options = [Option(None, create_tags, 'Processing Tags Tab'), ] + execute_options(options) + print("\n\nExecute import_commands_tags.sh script created under home region directory to synch TF with OCI Tags\n") + # Update modified path list + update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_tagging]) + +def export_quotas(prim_options=[]): + Governance.export_quotas_nongreenfield(inputfile, outdir, service_dir_quota, config, signer, ct) + options = [Option(None, create_quotas, 'Processing Quotas Tab'), ] + execute_options(options) + print("\n\nExecute import_commands_quotas.sh script created under home region directory to synch TF with OCI Quota\n") + # Update modified path list + update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_quota]) + + def export_cost_management(prim_options=[]): options = [ - Option('Export Budgets', export_budget, 'Budgets')] + Option('Export Budgets', export_budget, 'Exporting Budgets')] if prim_options: options = match_options(options, prim_options) else: @@ -404,27 +434,12 @@ def export_cost_management(prim_options=[]): def export_budget(prim_options=[]): compartments = ct.get_compartment_map(var_file, 'Budgets') CostManagement.export_budgets_nongreenfield(inputfile, outdir, service_dir_budget, config, signer, ct,export_regions) - create_budgets() + options = [Option(None, create_budgets, 'Processing Budgets Tab')] + execute_options(options) print("\n\nExecute import_commands_budgets.sh script created under each region directory to synch TF with OCI Tags\n") # Update modified path list update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_budget]) -def export_tags(prim_options=[]): - compartments = ct.get_compartment_map(var_file, 'Tagging Objects') - Governance.export_tags_nongreenfield(inputfile, outdir, service_dir_tagging, config, signer, ct, export_compartments=compartments) - create_tags() - print("\n\nExecute import_commands_tags.sh script created under home region directory to synch TF with OCI Tags\n") - # Update modified path list - update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_tagging]) - -def export_quotas(prim_options=[]): - Governance.export_quotas_nongreenfield(inputfile, outdir, service_dir_quota, config, signer, ct) - create_quotas() - print("\n\nExecute import_commands_quotas.sh script created under home region directory to synch TF with OCI Quota\n") - # Update modified path list - update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_quota]) - - def export_network(prim_options=[]): options = [Option("Export all Network Components", export_networking, 'Exporting all Network Components'), @@ -618,7 +633,10 @@ def export_compute(prim_options=[]): def export_dedicatedvmhosts(inputfile, outdir, config, signer, ct, export_regions): compartments = ct.get_compartment_map(var_file,'Dedicated VM Hosts') Compute.export_dedicatedvmhosts(inputfile, outdir, service_dir_dedicated_vm_host, config, signer, ct, export_compartments=compartments, export_regions=export_regions) - create_dedicatedvmhosts(inputfile, outdir, service_dir_dedicated_vm_host, prefix, ct) + #create_compute(prim_options=['Add/Modify/Delete Dedicated VM Hosts']) + options = [Option(None, create_dedicatedvmhosts, 'Processing Dedicated VM Hosts Tab'),] + execute_options(options) + print("\n\nExecute import_commands_dedicatedvmhosts.sh script created under each region directory to synch TF with OCI Dedicated VM Hosts\n") # Update modified path list update_path_list(regions_path=export_regions, service_dirs=[service_dir_dedicated_vm_host]) @@ -640,7 +658,8 @@ def export_instances(inputfile, outdir,config,signer, ct, export_regions): ad_names = list(map(lambda x: x.strip(), ad_name_str.split(','))) if ad_name_str else None Compute.export_instances(inputfile, outdir, service_dir_instance,config,signer,ct, export_compartments=compartments, export_regions=export_regions, display_names = display_names, ad_names = ad_names) - create_instances(inputfile, outdir, service_dir_instance, prefix, ct) + options = [Option(None, create_instances, 'Processing Instances Tab'), ] + execute_options(options) print("\n\nExecute import_commands_instances.sh script created under each region directory to synch TF with OCI Instances\n") # Update modified path list update_path_list(regions_path=export_regions, service_dirs=[service_dir_instance]) @@ -649,7 +668,7 @@ def export_instances(inputfile, outdir,config,signer, ct, export_regions): def export_storage(prim_options=[]): options = [Option("Export Block Volumes/Block Backup Policy",export_block_volumes,'Exporting Block Volumes'), Option("Export File Systems", export_fss, 'Exporting FSS'), - Option("Export Object Storage Buckets", export_buckets, 'Exporting Object Storage')] + Option("Export Object Storage Buckets", export_buckets, 'Exporting Object Storage Buckets')] if prim_options: options = match_options(options, prim_options) else: @@ -672,9 +691,9 @@ def export_block_volumes(inputfile, outdir,config,signer,ct, export_regions): ad_names = list(map(lambda x: x.strip(), ad_name_str.split(','))) if ad_name_str else None Storage.export_blockvolumes(inputfile, outdir, service_dir_block_volume, config,signer,ct, export_compartments=compartments, export_regions=export_regions, display_names = display_names, ad_names = ad_names) - Storage.create_terraform_block_volumes(inputfile, outdir, service_dir_block_volume, prefix, ct) - print( - "\n\nExecute import_commands_blockvolumes.sh script created under each region directory to synch TF with OCI Block Volume Objects\n") + options = [Option(None, create_block_volumes, 'Processing BlockVolumes Tab'), ] + execute_options(options) + print("\n\nExecute import_commands_blockvolumes.sh script created under each region directory to synch TF with OCI Block Volume Objects\n") # Update modified path list update_path_list(regions_path=export_regions, service_dirs=[service_dir_block_volume]) @@ -682,9 +701,9 @@ def export_block_volumes(inputfile, outdir,config,signer,ct, export_regions): def export_fss(inputfile, outdir,config, signer, ct, export_regions): compartments = ct.get_compartment_map(var_file,'FSS objects') Storage.export_fss(inputfile, outdir, service_dir_fss, config,signer,ct, export_compartments=compartments, export_regions=export_regions) - Storage.create_terraform_fss(inputfile, outdir, service_dir_fss, prefix, ct) - print( - "\n\nExecute import_commands_fss.sh script created under each region directory to synch TF with OCI FSS objects\n") + options = [Option(None, create_fss, 'Processing FSS Tab'), ] + execute_options(options) + print("\n\nExecute import_commands_fss.sh script created under each region directory to synch TF with OCI FSS objects\n") # Update modified path list update_path_list(regions_path=export_regions, service_dirs=[service_dir_fss]) @@ -692,14 +711,15 @@ def export_fss(inputfile, outdir,config, signer, ct, export_regions): def export_buckets(inputfile, outdir, config, signer, ct, export_regions): compartments = ct.get_compartment_map(var_file, 'Buckets') Storage.export_buckets(inputfile, outdir, service_dir_object_storage, config,signer,ct, export_compartments=compartments, export_regions=export_regions) - Storage.create_terraform_oss(inputfile, outdir, service_dir_object_storage, prefix, ct) + options = [Option(None, create_buckets, 'Processing Buckets Tab'), ] + execute_options(options) print("\n\nExecute import_commands_buckets.sh script created under each region directory to synch TF with OCI Object Storage Buckets\n") # Update modified path list update_path_list(regions_path=export_regions, service_dirs=[service_dir_object_storage]) def export_loadbalancer(prim_options=[]): - options = [Option("Export Load Balancers", export_lbr,'Exporting LBR Objects'), + options = [Option("Export Load Balancers", export_lbr,'Exporting LBaaS Objects'), Option("Export Network Load Balancers", export_nlb,'Exporting NLB Objects')] if prim_options: options = match_options(options, prim_options) @@ -707,6 +727,24 @@ def export_loadbalancer(prim_options=[]): options = show_options(options, quit=True, menu=True, index=1) execute_options(options, inputfile, outdir, config, signer, ct, export_regions) +def export_lbr(inputfile, outdir,config, signer, ct, export_regions): + compartments = ct.get_compartment_map(var_file,'LBR objects') + Network.export_lbr(inputfile, outdir, service_dir_loadbalancer, config,signer,ct, export_compartments=compartments, export_regions=export_regions) + options = [Option(None, create_lb, 'Processing LBaaS Tabs'), ] + execute_options(options) + print("\n\nExecute import_commands_lbr.sh script created under each region directory to synch TF with OCI LBR objects\n") + # Update modified path list + update_path_list(regions_path=export_regions, service_dirs=[service_dir_loadbalancer]) + + +def export_nlb(inputfile, outdir,config,signer, ct, export_regions): + compartments = ct.get_compartment_map(var_file,'NLB objects') + Network.export_nlb(inputfile, outdir, service_dir_networkloadbalancer, config,signer,ct, export_compartments=compartments, export_regions=export_regions) + options = [Option(None, create_nlb, 'Processing NLB Tabs'), ] + execute_options(options) + print("\n\nExecute import_commands_nlb.sh script created under each region directory to synch TF with OCI NLB objects\n") + # Update modified path list + update_path_list(regions_path=export_regions, service_dirs=[service_dir_networkloadbalancer]) def export_security(prim_options=[]): options = [Option("Export KMS (Keys/Vaults)", export_kms,'Exporting KMS Objects (Keys/Vaults)')] @@ -719,28 +757,12 @@ def export_security(prim_options=[]): def export_kms(inputfile, outdir, config, signer, ct, export_regions): compartments = ct.get_compartment_map(var_file, 'KMS') Security.export_keyvaults(inputfile, outdir, service_dir_kms, config,signer,ct, export_compartments=compartments, export_regions=export_regions) - Security.create_terraform_keyvaults(inputfile, outdir, service_dir_kms, prefix, ct) + options = [Option(None, create_kms, 'Processing KMS Tab')] + execute_options(options) print("\n\nExecute import_commands_kms.sh script created under each region directory to synch TF with OCI Key Vaults\n") # Update modified path list update_path_list(regions_path=export_regions, service_dirs=[service_dir_kms]) -def export_lbr(inputfile, outdir,config, signer, ct, export_regions): - compartments = ct.get_compartment_map(var_file,'LBR objects') - Network.export_lbr(inputfile, outdir, service_dir_loadbalancer, config,signer,ct, export_compartments=compartments, export_regions=export_regions) - create_lb(inputfile, outdir, prefix, ct) - print("\n\nExecute import_commands_lbr.sh script created under each region directory to synch TF with OCI LBR objects\n") - # Update modified path list - update_path_list(regions_path=export_regions, service_dirs=[service_dir_loadbalancer]) - - -def export_nlb(inputfile, outdir,config,signer, ct, export_regions): - compartments = ct.get_compartment_map(var_file,'NLB objects') - Network.export_nlb(inputfile, outdir, service_dir_networkloadbalancer, config,signer,ct, export_compartments=compartments, export_regions=export_regions) - create_nlb(inputfile, outdir, prefix, ct) - print("\n\nExecute import_commands_nlb.sh script created under each region directory to synch TF with OCI NLB objects\n") - # Update modified path list - update_path_list(regions_path=export_regions, service_dirs=[service_dir_networkloadbalancer]) - def export_databases(prim_options=[]): options = [Option("Export Virtual Machine or Bare Metal DB Systems",export_dbsystems_vm_bm,'Exporting VM and BM DB Systems'), @@ -755,7 +777,8 @@ def export_databases(prim_options=[]): def export_dbsystems_vm_bm(inputfile, outdir,config,signer, ct,export_regions): compartments = ct.get_compartment_map(var_file,'VM and BM DB Systems') Database.export_dbsystems_vm_bm(inputfile, outdir, service_dir_dbsystem_vm_bm, config,signer,ct, export_compartments=compartments, export_regions= export_regions) - Database.create_terraform_dbsystems_vm_bm(inputfile, outdir, service_dir_dbsystem_vm_bm, prefix, ct) + options = [Option(None, create_dbsystems_vm_bm, 'Processing DBSystems-VM-BM Tab')] + execute_options(options) print("\n\nExecute import_commands_dbsystems-vm-bm.sh script created under each region directory to synch TF with DBSystems\n") # Update modified path list update_path_list(regions_path=export_regions, service_dirs=[service_dir_dbsystem_vm_bm]) @@ -765,7 +788,8 @@ def export_exa_infra_vmclusters(inputfile, outdir,config, signer, ct, export_reg compartments = ct.get_compartment_map(var_file,'EXA Infra and EXA VMClusters') Database.export_exa_infra(inputfile, outdir, service_dir_database_exacs, config,signer,ct, export_compartments=compartments, export_regions= export_regions) Database.export_exa_vmclusters(inputfile, outdir, service_dir_database_exacs, config,signer,ct, export_compartments=compartments, export_regions= export_regions) - create_exa_infra_vmclusters(inputfile, outdir, prefix,ct) + options = [Option(None, create_exa_infra_vmclusters, '')] + execute_options(options) print("\n\nExecute import_commands_exa-infra.sh and import_commands_exa-vmclusters.sh scripts created under each region directory to synch TF with Exa-Infra and Exa-VMClusters\n") # Update modified path list update_path_list(regions_path=export_regions, service_dirs=[service_dir_database_exacs]) @@ -774,7 +798,8 @@ def export_exa_infra_vmclusters(inputfile, outdir,config, signer, ct, export_reg def export_adbs(inputfile, outdir,config, signer, ct, export_regions): compartments = ct.get_compartment_map(var_file,'ADBs') Database.export_adbs(inputfile, outdir, service_dir_adb, config,signer,ct, export_compartments=compartments, export_regions= export_regions) - Database.create_terraform_adb(inputfile, outdir, service_dir_adb, prefix, ct) + options = [Option(None, create_adb, 'Processing ADB Tab')] + execute_options(options) print("\n\nExecute import_commands_adb.sh script created under each region directory to synch TF with OCI ADBs\n") # Update modified path list update_path_list(regions_path=export_regions, service_dirs=[service_dir_adb]) @@ -796,25 +821,25 @@ def export_management_services(prim_options=[]): def export_notifications(inputfile, outdir, service_dir, config, signer, ct, export_regions): compartments = ct.get_compartment_map(var_file,'Notifications') ManagementServices.export_notifications(inputfile, outdir, service_dir, config,signer,ct, export_compartments=compartments, export_regions=export_regions) - ManagementServices.create_terraform_notifications(inputfile, outdir, service_dir, prefix, ct) + create_management_services(prim_options=['Add/Modify/Delete Notifications']) print("\n\nExecute import_commands_notifications.sh script created under each region directory to synch TF with OCI Notifications\n") def export_events(inputfile, outdir, service_dir, config, signer, ct, export_regions): compartments = ct.get_compartment_map(var_file,'Events') ManagementServices.export_events(inputfile, outdir, service_dir, config,signer,ct, export_compartments=compartments, export_regions=export_regions) - ManagementServices.create_terraform_events(inputfile, outdir, service_dir, prefix, ct) + create_management_services(prim_options=['Add/Modify/Delete Events']) print("\n\nExecute import_commands_events.sh script created under each region directory to synch TF with OCI Events\n") def export_alarms(inputfile, outdir, service_dir, config, signer, ct, export_regions): compartments = ct.get_compartment_map(var_file,'Alarms') ManagementServices.export_alarms(inputfile, outdir, service_dir, config,signer,ct, export_compartments=compartments, export_regions=export_regions) - ManagementServices.create_terraform_alarms(inputfile, outdir,service_dir, prefix, ct) + create_management_services(prim_options=['Add/Modify/Delete Alarms']) print("\n\nExecute import_commands_alarms.sh script created under each region directory to synch TF with OCI Alarms\n") def export_service_connectors(inputfile, outdir, service_dir, config, signer, ct, export_regions): compartments = ct.get_compartment_map(var_file,'Service Connectors') ManagementServices.export_service_connectors(inputfile, outdir, service_dir, config,signer,ct, export_compartments=compartments, export_regions=export_regions) - ManagementServices.create_service_connectors(inputfile, outdir, service_dir, prefix, ct) + create_management_services(prim_options=['Add/Modify/Delete ServiceConnectors']) print("\n\nExecute import_commands_serviceconnectors.sh script created under each region directory to synch TF with OCI Service Connectors\n") def export_developer_services(prim_options=[]): @@ -829,7 +854,8 @@ def export_developer_services(prim_options=[]): def export_oke(inputfile, outdir, config,signer, ct, export_regions): compartments = ct.get_compartment_map(var_file,'OKE') DeveloperServices.export_oke(inputfile, outdir, service_dir_oke,config,signer,ct, export_compartments=compartments, export_regions=export_regions) - DeveloperServices.create_terraform_oke(inputfile, outdir, service_dir_oke,prefix, ct) + options = [Option(None, create_oke, 'Processing OKE Tab')] + execute_options(options,inputfile, outdir, prefix, '', '', ct) print("\n\nExecute import_commands_oke.sh script created under each region directory to synch TF with OKE\n") # Update modified path list update_path_list(regions_path=export_regions, service_dirs=[service_dir_oke]) @@ -843,7 +869,7 @@ def export_sddc(prim_options=[]): # Update modified path list update_path_list(regions_path=export_regions, service_dirs=[service_dir_sddc]) -def export_dns(prim_options=[]): +def export_dns_management(prim_options=[]): options = [Option("Export DNS Views/Zones/Records", export_dns_views_zones_rrsets, 'Exporting DNS Views/Zones/Records'), Option("Export DNS Resolvers", export_dns_resolvers, 'Exporting DNS Resolvers') @@ -871,13 +897,13 @@ def export_dns_views_zones_rrsets(inputfile, outdir, service_dir, config, signer dns_filter = "y" dns_filter = dns_filter if dns_filter else None Network.export_dns_views_zones_rrsets(inputfile, outdir, service_dir, config, signer, ct, dns_filter=dns_filter, export_compartments=compartments, export_regions=export_regions) - create_terraform_dns(inputfile, outdir, service_dir, prefix, ct) - + options = [Option(None, create_dns, 'Processing DNS-Views-Zones-Records Tab')] + execute_options(options) def export_dns_resolvers(inputfile, outdir, service_dir, config, signer, ct, export_regions): compartments = ct.get_compartment_map(var_file, 'DNS Resolvers') Network.export_dns_resolvers(inputfile, outdir, service_dir, config, signer, ct, export_compartments=compartments, export_regions=export_regions) - Network.create_terraform_dns_resolvers(inputfile, outdir, service_dir, prefix, ct) - + options = [Option(None, create_dns_resolvers, 'Processing DNS-Resolvers Tab')] + execute_options(options) def cd3_services(prim_options=[]): options = [ @@ -894,38 +920,111 @@ def fetch_protocols(outdir, outdir_struct, ct): cd3service.fetch_protocols() ################## Create Functions ########################## + +def create_compartments(): + errors = False + if (workflow_type == 'create_resources'): + choices = [Option("Validate Compartments", None, None)] + errors = cd3Validator.validate_cd3(choices, inputfile, var_file, prefix, outdir, ct) + if errors == False: + Identity.create_terraform_compartments(inputfile, outdir, service_dir_identity, prefix, ct) + # Update modified path list + update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_identity]) + else: + print("Please correct the errors in CD3 Sheet and try again. Exiting!!!") + exit(1) + +def create_groups(): + errors = False + if (workflow_type == 'create_resources'): + choices = [Option("Validate Groups", None, None)] + errors = cd3Validator.validate_cd3(choices, inputfile, var_file, prefix, outdir, ct) + if errors == False: + Identity.create_terraform_groups(inputfile, outdir, service_dir_identity, prefix, ct) + # Update modified path list + update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_identity]) + else: + print("Please correct the errors in CD3 Sheet and try again. Exiting!!!") + exit(1) + +def create_policies(): + errors = False + if (workflow_type == 'create_resources'): + choices = [Option("Validate Policies", None, None)] + errors = cd3Validator.validate_cd3(choices, inputfile, var_file, prefix, outdir, ct) + + if errors == False: + Identity.create_terraform_policies(inputfile, outdir, service_dir_identity, prefix, ct) + # Update modified path list + update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_identity]) + else: + print("Please correct the errors in CD3 Sheet and try again. Exiting!!!") + exit(1) + +def create_users(): + Identity.create_terraform_users(inputfile, outdir, service_dir_identity, prefix, ct) + # Update modified path list + update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_identity]) + + +def create_networksources(): + Identity.NetworkSources.create_terraform_networkSources(inputfile, outdir, service_dir_identity, prefix, ct) + # Update modified path list + update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_identity]) + + def create_identity(prim_options=[]): ct.identity_domain_check(config,signer) options = [ - Option('Add/Modify/Delete Compartments', Identity.create_terraform_compartments, 'Processing Compartments Tab'), - Option('Add/Modify/Delete Groups', Identity.create_terraform_groups, 'Processing Groups Tab'), - Option('Add/Modify/Delete Policies', Identity.create_terraform_policies, 'Processing Policies Tab'), - Option('Add/Modify/Delete Users', Identity.Users.create_terraform_users, 'Processing Users Tab'), - Option('Add/Modify/Delete Network Sources', Identity.NetworkSources.create_terraform_networkSources, 'Processing NetworkSources Tab') + Option('Add/Modify/Delete Compartments', create_compartments, 'Processing Compartments Tab'), + Option('Add/Modify/Delete Groups', create_groups, 'Processing Groups Tab'), + Option('Add/Modify/Delete Policies', create_policies, 'Processing Policies Tab'), + Option('Add/Modify/Delete Users', create_users, 'Processing Users Tab'), + Option('Add/Modify/Delete Network Sources', create_networksources, 'Processing NetworkSources Tab') ] if prim_options: options = match_options(options, prim_options) else: options = show_options(options, quit=True, menu=True, index=1) - execute_options(options, inputfile, outdir,service_dir_identity, prefix, ct) + execute_options(options) # Update modified path list - update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_identity]) + #update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_identity]) def create_governance(prim_options=[]): options = [ - Option('Tags', create_tags, 'Tagging'), - Option('Quotas', create_quotas, 'Quotas')] + Option('Tags', create_tags, 'Processing Tags Tab'), + Option('Quotas', create_quotas, 'Processing Quotas Tab')] if prim_options: options = match_options(options, prim_options) else: options = show_options(options, quit=True, menu=True, index=1) execute_options(options) + +def create_tags(): + errors = False + if (workflow_type == 'create_resources'): + choices = [Option("Validate Tags", None, None)] + errors = cd3Validator.validate_cd3(choices, inputfile, var_file, prefix, outdir, ct) + + if errors == False: + Governance.create_terraform_tags(inputfile, outdir, service_dir_tagging, prefix, ct) + # Update modified path list + update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_tagging]) + else: + print("Please correct the errors in CD3 Sheet and try again. Exiting!!!") + exit(1) + +def create_quotas(): + Governance.create_terraform_quotas(inputfile, outdir, service_dir_quota, prefix, ct) + # Update modified path list + update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_quota]) + def create_cost_management(prim_options=[]): options = [ - Option('Budgets', create_budgets, 'Budgets')] + Option('Budgets', create_budgets, 'Processing Budgets Tab')] if prim_options: options = match_options(options, prim_options) else: @@ -933,36 +1032,31 @@ def create_cost_management(prim_options=[]): execute_options(options) -def create_tags(prim_options=[]): - options = [Option(None, Governance.create_terraform_tags, 'Processing Tags Tab')] - execute_options(options, inputfile, outdir, service_dir_tagging, prefix, ct) - # Update modified path list - update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_tagging]) - -def create_quotas(prim_options=[]): - options = [Option(None, Governance.create_terraform_quotas, 'Processing Quota Tab')] - execute_options(options, inputfile, outdir, service_dir_quota, prefix, ct) - # Update modified path list - update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_quota]) - -def create_budgets(prim_options=[]): - options = [Option(None, CostManagement.create_terraform_budgets, 'Processing Budget Tab')] - execute_options(options, inputfile, outdir, service_dir_budget, prefix, ct) - # Update modified path list - update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_budget]) +def create_budgets(): + errors = True + if (workflow_type == 'create_resources'): + choices = [Option("Validate Budgets", None, None)] + errors = cd3Validator.validate_cd3(choices, inputfile, var_file, prefix, outdir, ct) + if errors == True: + CostManagement.create_terraform_budgets(inputfile, outdir, service_dir_budget, prefix, ct) + # Update modified path list + update_path_list(regions_path=[ct.home_region], service_dirs=[service_dir_budget]) + else: + print("Please correct the errors in CD3 Sheet and try again. Exiting!!!") + exit(1) def create_network(execute_all=False,prim_options=[]): service_dir = outdir_struct options = [ - Option('Create Network', Network.create_all_tf_objects, 'Create All Objects'), - Option('Modify Network', modify_terraform_network, 'Modifying Network'), - Option('Security Rules', export_modify_security_rules, 'Security Rules'), - Option('Route Rules', export_modify_route_rules, 'Route Rules'), - Option('DRG Route Rules', export_modify_drg_route_rules, 'DRG Route Rules'), - Option('Network Security Groups', export_modify_nsgs, 'Network Security Groups'), - Option('Add/Modify/Delete VLANs', create_vlans, 'VLANs'), - Option('Customer Connectivity', create_drg_connectivity, 'Connectivity') + Option('Create Network', create_terraform_network, 'Create All Objects'), + Option('Modify Network', modify_terraform_network, 'Modifying Network'), + Option('Security Rules', export_modify_security_rules, 'Security Rules'), + Option('Route Rules', export_modify_route_rules, 'Route Rules'), + Option('DRG Route Rules', export_modify_drg_route_rules, 'DRG Route Rules'), + Option('Network Security Groups', export_modify_nsgs, 'Network Security Groups'), + Option('Add/Modify/Delete VLANs', create_vlans, 'VLANs'), + Option('Customer Connectivity', create_drg_connectivity, 'Connectivity') ] if prim_options: options = match_options(options, prim_options) @@ -975,9 +1069,30 @@ def create_network(execute_all=False,prim_options=[]): regions_path.append("global") service_dirs = [service_dir_network,service_dir_nsg, service_dir_vlan, 'rpc'] update_path_list(regions_path=regions_path, service_dirs=service_dirs) +def create_terraform_network(inputfile, outdir, service_dir, prefix, ct, non_gf_tenancy): + errors = False + if (workflow_type == 'create_resources'): + choices = [Option("Validate Network(VCNs, SubnetsVLANs, DHCP, DRGs)", None, None)] + errors = cd3Validator.validate_cd3(choices, inputfile, var_file, prefix, outdir, ct) + + if errors == False: + Network.create_all_tf_objects(inputfile, outdir, service_dir, prefix, ct, non_gf_tenancy=non_gf_tenancy) + else: + print("Please correct the errors in CD3 Sheet and try again. Exiting!!!") + exit(1) + def modify_terraform_network(inputfile, outdir, service_dir, prefix, ct, non_gf_tenancy): - Network.create_all_tf_objects(inputfile, outdir, service_dir, prefix, ct, non_gf_tenancy=non_gf_tenancy, modify_network=True, ) + errors = False + if (workflow_type == 'create_resources'): + choices = [Option("Validate Network(VCNs, SubnetsVLANs, DHCP, DRGs)", None, None)] + errors = cd3Validator.validate_cd3(choices, inputfile, var_file, prefix, outdir, ct) + + if errors == False: + Network.create_all_tf_objects(inputfile, outdir, service_dir, prefix, ct, non_gf_tenancy=non_gf_tenancy, modify_network=True, ) + else: + print("Please correct the errors in CD3 Sheet and try again. Exiting!!!") + exit(1) def export_modify_security_rules(inputfile, outdir, service_dir, prefix, ct, non_gf_tenancy,sub_options=[]): execute_all = False @@ -1094,39 +1209,42 @@ def create_rpc(inputfile, outdir, service_dir, service_dir_network, prefix, auth Network.create_terraform_drg_route(inputfile, outdir, service_dir_network, prefix, non_gf_tenancy=non_gf_tenancy, ct=ct, network_connectivity_in_setupoci='connectivity', modify_network=True) def create_compute(prim_options=[]): - service_dir = outdir_struct options = [ - Option('Add/Modify/Delete Dedicated VM Hosts', create_dedicatedvmhosts, ''), - Option('Add/Modify/Delete Instances/Boot Backup Policy', create_instances,''), + Option('Add/Modify/Delete Dedicated VM Hosts', create_dedicatedvmhosts, 'Processing Dedicated VM Hosts Tab'), + Option('Add/Modify/Delete Instances/Boot Backup Policy', create_instances,'Processing Instances Tab'), ] if prim_options: options = match_options(options, prim_options) else: options = show_options(options, quit=True, menu=True, index=1) - execute_options(options, inputfile, outdir, service_dir,prefix, ct) + execute_options(options) -def create_instances(inputfile, outdir, service_dir, prefix, ct): - options = [ - Option(None, Compute.create_terraform_instances, 'Processing Instances Tab') - ] - execute_options(options, inputfile, outdir, service_dir_instance, prefix, ct) - # Update modified path list - update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_instance]) +def create_instances(): + errors = False + if (workflow_type == 'create_resources'): + choices = [Option("Validate Instances", None, None)] + errors = cd3Validator.validate_cd3(choices, inputfile, var_file, prefix, outdir, ct) + if errors == False: + Compute.create_terraform_instances(inputfile, outdir, service_dir_instance, prefix, ct) + # Update modified path list + update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_instance]) + else: + print("Please correct the errors in CD3 Sheet and try again. Exiting!!!") + exit(1) -def create_dedicatedvmhosts(inputfile, outdir, service_dir, prefix, ct): - options = [Option(None, Compute.create_terraform_dedicatedhosts, 'Processing Dedicated VM Hosts Tab')] - execute_options(options, inputfile, outdir, service_dir_dedicated_vm_host,prefix, ct) +def create_dedicatedvmhosts(): + Compute.create_terraform_dedicatedhosts(inputfile, outdir, service_dir_dedicated_vm_host, prefix, ct) # Update modified path list update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_dedicated_vm_host]) def create_storage(execute_all=False,prim_options=[]): options = [ - Option('Add/Modify/Delete Block Volumes/Block Backup Policy', create_block_volumes, ''), - Option('Add/Modify/Delete File Systems', create_fss, ''), - Option('Add/Modify/Delete Object Storage Buckets', create_buckets, '') + Option('Add/Modify/Delete Block Volumes/Block Backup Policy', create_block_volumes, 'Processing BlockVolumes Tab'), + Option('Add/Modify/Delete File Systems', create_fss, 'Processing FSS Tab'), + Option('Add/Modify/Delete Object Storage Buckets', create_buckets, 'Processing Buckets Tab') #Option('Enable Object Storage Buckets Write Logs', create_cis_oss_logs, '') ] if prim_options: @@ -1134,33 +1252,55 @@ def create_storage(execute_all=False,prim_options=[]): else: options = show_options(options, quit=True, menu=True, index=1) if not execute_all: - execute_options(options, inputfile, outdir,prefix, ct) - -def create_block_volumes(inputfile, outdir, prefix,ct): - options = [ Option(None, Storage.create_terraform_block_volumes, 'Processing BlockVolumes Tab') ] - execute_options(options, inputfile, outdir, service_dir_block_volume, prefix, ct) - # Update modified path list - update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_block_volume]) + execute_options(options) + +def create_block_volumes(): + errors = False + if (workflow_type == 'create_resources'): + choices = [Option("Validate Block Volumes", None, None)] + errors = cd3Validator.validate_cd3(choices, inputfile, var_file, prefix, outdir, ct) + + if errors == False: + Storage.create_terraform_block_volumes(inputfile, outdir, service_dir_block_volume, prefix, ct) + # Update modified path list + update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_block_volume]) + else: + print("Please correct the errors in CD3 Sheet and try again. Exiting!!!") + exit(1) +def create_fss(): + errors = False + if (workflow_type == 'create_resources'): + choices = [Option("Validate FSS", None, None)] + errors = cd3Validator.validate_cd3(choices, inputfile, var_file, prefix, outdir, ct) -def create_fss(inputfile, outdir, prefix,ct): - options = [Option(None, Storage.create_terraform_fss, 'Processing FSS Tab')] - execute_options(options, inputfile, outdir, service_dir_fss, prefix, ct) - # Update modified path list - update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_fss]) + if errors == False: + Storage.create_terraform_fss(inputfile, outdir, service_dir_fss, prefix, ct) + # Update modified path list + update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_fss]) + else: + print("Please correct the errors in CD3 Sheet and try again. Exiting!!!") + exit(1) -def create_buckets(inputfile, outdir, prefix,ct): - options = [Option(None, Storage.create_terraform_oss, 'Processing Buckets Tab')] - execute_options(options, inputfile, outdir, service_dir_object_storage, prefix, ct) - # Update modified path list - update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_object_storage]) +def create_buckets(): + errors = False + if (workflow_type == 'create_resources'): + choices = [Option("Validate Buckets", None, None)] + errors = cd3Validator.validate_cd3(choices, inputfile, var_file, prefix, outdir, ct) + if errors == False: + Storage.create_terraform_oss(inputfile, outdir, service_dir_object_storage, prefix, ct) + # Update modified path list + update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_object_storage]) + else: + print("Please correct the errors in CD3 Sheet and try again. Exiting!!!") + exit(1) def create_loadbalancer(execute_all=False,prim_options=[]): options = [ - Option('Add/Modify/Delete Load Balancers', create_lb, 'LBaaS'), - Option('Add/Modify/Delete Network Load Balancers', create_nlb, 'NLB') + Option('Add/Modify/Delete Load Balancers', create_lb, 'Processing LBaaS Tabs'), + Option('Add/Modify/Delete Network Load Balancers', create_nlb, 'Processing NLB Tabs') #Option('Enable LBaaS Logs', enable_lb_logs, 'LBaaS Logs') ] if prim_options: @@ -1168,9 +1308,9 @@ def create_loadbalancer(execute_all=False,prim_options=[]): else: options = show_options(options, quit=True, menu=True, index=1) if not execute_all: - execute_options(options, inputfile, outdir, prefix, ct) + execute_options(options) -def create_lb(inputfile, outdir, prefix, ct): +def create_lb(): options = [ Option(None, Network.create_terraform_lbr_hostname_certs, 'Creating LBR'), Option(None, Network.create_backendset_backendservers, 'Creating Backend Sets and Backend Servers'), @@ -1184,7 +1324,7 @@ def create_lb(inputfile, outdir, prefix, ct): update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_loadbalancer]) -def create_nlb(inputfile, outdir, prefix, ct): +def create_nlb(): options = [ Option(None, Network.create_terraform_nlb_listener, 'Creating NLB and Listeners'), Option(None, Network.create_nlb_backendset_backendservers, 'Creating NLB Backend Sets and Backend Servers'), @@ -1196,24 +1336,24 @@ def create_nlb(inputfile, outdir, prefix, ct): def create_databases(execute_all=False,prim_options=[]): options = [ - Option('Add/Modify/Delete Virtual Machine or Bare Metal DB Systems', create_terraform_dbsystems_vm_bm, 'Processing DBSystems-VM-BM Tab'), + Option('Add/Modify/Delete Virtual Machine or Bare Metal DB Systems', create_dbsystems_vm_bm, 'Processing DBSystems-VM-BM Tab'), Option('Add/Modify/Delete EXA Infra and EXA VM Clusters', create_exa_infra_vmclusters, ''), - Option('Add/Modify/Delete ADBs', create_terraform_adb, 'Processing ADB Tab'), + Option('Add/Modify/Delete ADBs', create_adb, 'Processing ADB Tab'), ] if prim_options: options = match_options(options, prim_options) else: if not execute_all: options = show_options(options, quit=True, menu=True, index=1) - execute_options(options, inputfile, outdir, prefix, ct) + execute_options(options) -def create_terraform_dbsystems_vm_bm(inputfile, outdir, prefix,ct): +def create_dbsystems_vm_bm(): Database.create_terraform_dbsystems_vm_bm(inputfile, outdir, service_dir_dbsystem_vm_bm, prefix, ct) # Update modified path list update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_dbsystem_vm_bm]) -def create_exa_infra_vmclusters(inputfile, outdir, prefix,ct): +def create_exa_infra_vmclusters(): options = [Option(None, Database.create_terraform_exa_infra, 'Processing Exa-Infra Tab'), Option(None, Database.create_terraform_exa_vmclusters, 'Processing Exa-VM-Clusters Tab')] execute_options(options, inputfile, outdir, service_dir_database_exacs, prefix, ct) @@ -1221,7 +1361,7 @@ def create_exa_infra_vmclusters(inputfile, outdir, prefix,ct): update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_database_exacs]) -def create_terraform_adb(inputfile, outdir, prefix,ct): +def create_adb(): Database.create_terraform_adb(inputfile, outdir, service_dir_adb, prefix, ct) # Update modified path list update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_adb]) @@ -1264,10 +1404,10 @@ def create_developer_services(execute_all=False,prim_options=[]): execute_options(options, inputfile, outdir, prefix, auth_mechanism, config_file_path,ct) def create_rm_stack(inputfile, outdir, prefix, auth_mechanism, config_file, ct): - regions = get_region_list(rm = True) + regions = get_region_list(rm = True, vizoci = False) DeveloperServices.create_resource_manager(outdir,var_file, outdir_struct, prefix, auth_mechanism, config_file, ct, regions) -def create_oke(inputfile, outdir, prefix, auth_mechanism, config_file, ct): +def create_oke(inputfile, outdir, prefix, dummy1, dummy2, ct): DeveloperServices.create_terraform_oke(inputfile, outdir, service_dir_oke, prefix, ct) # Update modified path list update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_oke]) @@ -1279,26 +1419,38 @@ def create_sddc(prim_options=[]): update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_sddc]) -def create_dns(prim_options=[]): - options = [ - Option('Add/Modify/Delete DNS Views/Zones/Records', create_terraform_dns, - 'Processing DNS-Views-Zones-Records Tab'), - Option('Add/Modify/Delete DNS Resolvers', Network.create_terraform_dns_resolvers, - 'Processing DNS-Resolvers Tab') - ] - if prim_options: - options = match_options(options, prim_options) +def create_dns_management(prim_options=[]): + errors = False + if (workflow_type == 'create_resources'): + choices = [Option("Validate DNS", None, None)] + errors = cd3Validator.validate_cd3(choices, inputfile, var_file, prefix, outdir, ct) + + if errors == False: + options = [ + Option('Add/Modify/Delete DNS Views/Zones/Records', create_dns, + 'Processing DNS-Views-Zones-Records Tab'), + Option('Add/Modify/Delete DNS Resolvers', create_dns_resolvers, + 'Processing DNS-Resolvers Tab') + ] + if prim_options: + options = match_options(options, prim_options) + else: + options = show_options(options, quit=True, menu=True, index=1) + execute_options(options) + # Update modified path list + update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_dns]) else: - options = show_options(options, quit=True, menu=True, index=1) - execute_options(options, inputfile, outdir, service_dir_dns, prefix, ct) - # Update modified path list - update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_dns]) + print("Please correct the errors in CD3 Sheet and try again. Exiting!!!") + exit(1) + +def create_dns(): + Network.create_terraform_dns_views(inputfile, outdir, service_dir_dns, prefix, ct) + Network.create_terraform_dns_zones(inputfile, outdir, service_dir_dns, prefix, ct) + Network.create_terraform_dns_rrsets(inputfile, outdir, service_dir_dns, prefix, ct) -def create_terraform_dns(inputfile, outdir, service_dir, prefix, ct): - Network.create_terraform_dns_views(inputfile, outdir, service_dir, prefix, ct) - Network.create_terraform_dns_zones(inputfile, outdir, service_dir, prefix, ct) - Network.create_terraform_dns_rrsets(inputfile, outdir, service_dir, prefix, ct) +def create_dns_resolvers(): + Network.create_terraform_dns_resolvers(inputfile, outdir, service_dir_dns, prefix, ct) def create_logging(prim_options=[]): options = [ @@ -1332,15 +1484,27 @@ def create_logging(prim_options=[]): execute_options(options1, inputfile, outdir, prefix, ct, service_dir) update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir]) +def create_kms(): + errors = False + if (workflow_type == 'create_resources'): + choices = [Option("Validate KMS", None, None)] + errors = cd3Validator.validate_cd3(choices, inputfile, var_file, prefix, outdir, ct) + if errors == False: + Security.create_terraform_keyvaults(inputfile, outdir, service_dir_kms, prefix, ct) + # Update modified path list + update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_kms]) + else: + print("Please correct the errors in CD3 Sheet and try again. Exiting!!!") + exit(1) def create_security_services(prim_options=[]): - options = [Option("Add/Modify/Delete KMS (Keys/Vaults)", Security.create_terraform_keyvaults, 'Creating Keys/Vaults'), - Option("Enable Cloud Guard", enable_cis_cloudguard, 'Enable Cloud Guard')] + options = [Option("Add/Modify/Delete KMS (Keys/Vaults)", create_kms, 'Processing KMS Tab'), + Option("Enable Cloud Guard", enable_cis_cloudguard, 'Enabling Cloud Guard')] if prim_options: options = match_options(options, prim_options) else: options = show_options(options, quit=True, menu=True, index=1) - execute_options(options, inputfile, outdir, service_dir_kms, prefix, ct) + execute_options(options) for option in options: if option.name == 'Add/Modify/Delete KMS (Keys/Vaults)': update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_kms]) @@ -1367,14 +1531,13 @@ def run_utility(prim_options=[]): update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_kms])""" -def enable_cis_cloudguard(*args,**kwargs): +def enable_cis_cloudguard(): if not devops: region = input("Enter Reporting Region for Cloud Guard eg london: ") else: region = ct.cg_region region = region.lower() - options = [Option(None, Security.enable_cis_cloudguard, 'Enabling Cloud Guard')] - execute_options(options, outdir, service_dir_cloud_guard, prefix, ct, region) + Security.enable_cis_cloudguard(outdir, service_dir_cloud_guard, prefix, ct, region) # Update modified path list update_path_list(regions_path=subscribed_regions, service_dirs=[service_dir_cloud_guard]) @@ -1500,6 +1663,86 @@ def run_showoci(outdir, prefix, config_file,sub_options=[]): options = show_options(options, quit=True, menu=True, index=1) execute_options(options, outdir, prefix, config_file) +def run_vizoci(outdir, prefix, config_file,sub_options=[]): + cmdpath = os.path.dirname(os.path.abspath(__file__)) + "/../othertools/" + tag = "vizoci" + cwd= os.getcwd() + os.chdir(cmdpath + tag) + cmd = "python " + "vizoci-gather.py" + + export_regions = get_region_list(rm=False,vizoci=True) + reg_list = [] + for reg in export_regions: + reg_list.append(ct.region_dict[reg]) + + compartments = ct.get_compartment_map(var_file, 'VizOCI') + comp_list=[] + for comp in compartments: + if '::' in comp: + comp=comp.replace("::",".") + comp_list.append("root."+comp) + + filter_str1 = "Do you also want to generate graphs (y/n), Default is n: " + + if not devops: + graph_gen = "n" if input(filter_str1).lower() != 'y' else "y" + else: + graph_gen = None + if ct.generate_graphs: + if ct.generate_graphs.lower() == "false": + graph_gen = "n" + if ct.generate_graphs.lower() == "true": + graph_gen = "y" + graph_gen = graph_gen if graph_gen else None + + + dirname = prefix + "_vizoci_report" + resource = "vizoci_report" + if outdir[len(outdir) - 1] == "/": + outdir = outdir.rsplit("/", 2)[0] + "/othertools_files" + else: + outdir = outdir.rsplit("/", 1)[0] + "/othertools_files" + out_rep = outdir + '/' + dirname + # config = "--config "+ config + + commonTools.backup_file(outdir, resource, dirname) + if not os.path.exists(out_rep): + os.makedirs(out_rep) + + config = oci.config.from_file(file_location=config_file_path) + with open('config/vizociconfig.json', 'r') as json_file: + json_data = json.load(json_file) + + json_data['vizocidir'] = out_rep + json_data['home-region'] = ct.region_dict[ct.home_region] + json_data['tenantocid'] = config['tenancy'] + json_data['regions'] = reg_list + json_data['compartments'] = comp_list + + if auth_mechanism == 'api_key': + json_data['ociconfig']['authtype'] = 'APIKEY' + json_data['ociconfig']['apikeyinfo']['filelocation'] = config_file + if auth_mechanism == 'instance_principal': + json_data['ociconfig']['authtype'] = 'INSTANCE' + + with open('config/vizociconfig.json', 'w') as f: + json.dump(json_data, f, indent=2) + + split = str.split(cmd) + print("Executing: " + cmd) + execute(split, config_file_path) + + print("\n\nVizOCI Data Gather Completed.") + + if graph_gen is not None and graph_gen.lower()=='y': + print("Proceeding with Graph Generation...\n\n") + cmd = "python " + "vizoci-graph-gen.py" + split = str.split(cmd) + print("Executing: " + cmd) + execute(split, config_file_path) + + os.chdir(cwd) + def export_update_dr_plan(outdir, prefix, config_file_path,option=''): print("Use Excel Template oci-fsdr-plan-template.xlsx at /cd3user/oci_tools/othertools/oci-fsdr for the export") tag = "oci-fsdr" @@ -1906,15 +2149,15 @@ def create_firewall(inputfile, outdir, service_dir, prefix, ct,sub_options=[]): # verify_outdir_is_empty() print("\nworkflow_type set to export_resources. Export existing OCI objects and Synch with TF state") print("We recommend to not have any existing tfvars/tfstate files for export out directory") - export_regions = get_region_list(rm=False) + export_regions = get_region_list(rm=False,vizoci=False) inputs = [ Option('Export Identity', export_identityOptions, 'Identity'), Option('Export Governance', export_governance, 'Governance'), Option('Export Cost Management', export_cost_management, 'Cost Management'), Option('Export Network', export_network, 'Network'), Option('Export OCI Firewall', export_firewall_policies, 'OCI Firewall Policy'), - Option('Export DNS Management', export_dns, 'DNS Management'), - Option('Export Compute', export_compute, 'Dedicated VM Hosts and Instances'), + Option('Export DNS Management', export_dns_management, 'DNS Management'), + Option('Export Compute', export_compute, 'Compute'), Option('Export Storage', export_storage, 'Storage'), Option('Export Databases', export_databases, 'Databases'), Option('Export Load Balancers', export_loadbalancer, 'Load Balancers'), @@ -1934,14 +2177,14 @@ def create_firewall(inputfile, outdir, service_dir, prefix, ct,sub_options=[]): Option('Cost Management', create_cost_management, 'Cost Management'), Option('Network', create_network, 'Network'), Option('OCI Firewall', create_validate_firewall_service, 'Firewall'), - Option('DNS Management', create_dns, 'DNS Management'), + Option('DNS Management', create_dns_management, 'DNS Management'), Option('Compute', create_compute, 'Compute'), Option('Storage', create_storage, 'Storage'), Option('Database', create_databases, 'Databases'), Option('Load Balancers', create_loadbalancer, 'Load Balancers'), Option('Management Services', create_management_services, 'Management Services'), Option('Developer Services', create_developer_services, 'Developer Services'), - Option('Security', create_security_services, 'OCI security services'), + Option('Security', create_security_services, 'Security Services'), Option('Logging Services', create_logging, 'Logging Services'), Option('Software-Defined Data Centers - OCVS', create_sddc, 'Processing SDDC Tabs'), Option('CD3 Services', cd3_services, 'CD3 Services'), diff --git a/cd3_automation_toolkit/user-scripts/createTenancyConfig.py b/cd3_automation_toolkit/user-scripts/createTenancyConfig.py index 3ecb2973c..a6499629e 100644 --- a/cd3_automation_toolkit/user-scripts/createTenancyConfig.py +++ b/cd3_automation_toolkit/user-scripts/createTenancyConfig.py @@ -146,26 +146,52 @@ def create_devops_resources(config,signer): return repo_url,files_in_repo -def update_devops_config(prefix,git_config_file, repo_ssh_url,files_in_repo,dir_values,devops_user,devops_user_key,devops_dir,ct): - # create git config file - file = open(git_config_file, "w") - file.write("Host devops.scmservice.*.oci"+cloud_domain+"\n " - "StrictHostKeyChecking no\n " - "User " + str(devops_user) + "\n " - "IdentityFile " + str(devops_user_key) + "\n") +def update_devops_config(prefix, repo_ssh_url,files_in_repo,dir_values,devops_user,devops_user_key,devops_dir,ct): - file.close() + repo_ssh_url = repo_ssh_url.replace("ssh://","") + repo_ssh_url_parts = repo_ssh_url.split("/",1) + + # create git config file + new_data = "Host "+prefix+"\n " \ + "Hostname "+repo_ssh_url_parts[0]+"\n " \ + "StrictHostKeyChecking no\n " \ + "User " + str(devops_user) + "\n " \ + "IdentityFile " + str(devops_user_key) + "\n" - # copy to cd3user home dir user_ssh_dir = os.path.expanduser("~") + "/.ssh" if not os.path.exists(user_ssh_dir): os.makedirs(user_ssh_dir) - shutil.copyfile(git_config_file, user_ssh_dir + '/config') + ssh_config_file = user_ssh_dir + '/config' + + #if /cd3user/.ssh/config file exists + if os.path.exists(ssh_config_file): + f = open(ssh_config_file,"r") + config_file_data = f.read() + f.close() + + # new prefix config + if prefix not in config_file_data: + f = open(ssh_config_file,"a") + config_file_data = "\n\n" + new_data + f.write(config_file_data) + f.close() + # existing prefix - no changes to be done + else: + pass + + # file doesnot exist + else: + f = open(ssh_config_file, "w") + config_file_data = new_data + f.write(config_file_data) + f.close() + + #shutil.copyfile(git_config_file, user_ssh_dir + '/config') # change permissions of private key file and config file for GIT os.chmod(devops_user_key, 0o600) os.chmod(user_ssh_dir + '/config', 0o600) - os.chmod(git_config_file, 0o600) + #os.chmod(git_config_file, 0o600) ''' # create symlink for Git Config file for SSH operations. @@ -194,21 +220,16 @@ def update_devops_config(prefix,git_config_file, repo_ssh_url,files_in_repo,dir_ jenkins_config = configparser.RawConfigParser() jenkins_config.read(jenkins_properties_file_path) - # Added this to restrict to single prefix for current release. - num_of_sections = jenkins_config.sections() - if len(num_of_sections)<1: - if (prefix in jenkins_config.sections()): - jenkins_config.set(prefix,'regions',str(ct.all_regions)) - jenkins_config.set(prefix, 'services', str(dir_values)) - else: - jenkins_config.add_section(prefix) - jenkins_config.set(prefix, 'git_url', "\""+repo_ssh_url+"\"") - jenkins_config.set(prefix, 'regions', str(ct.all_regions)) - jenkins_config.set(prefix, 'services', str(dir_values)) - jenkins_config.set(prefix, 'outdir_structure', "[\""+dir_structure+"\"]") - jenkins_config.set(prefix, 'tf_or_tofu', "\"" + tf_or_tofu + "\"") - - # Dont do anything for multiple prefixes in this release + if (prefix in jenkins_config.sections()): + jenkins_config.set(prefix, 'regions', str(ct.all_regions)) + jenkins_config.set(prefix, 'services', str(dir_values)) + else: + jenkins_config.add_section(prefix) + jenkins_config.set(prefix, 'git_url', "\"" + prefix+":/"+repo_ssh_url_parts[1] + "\"") + jenkins_config.set(prefix, 'regions', str(ct.all_regions)) + jenkins_config.set(prefix, 'services', str(dir_values)) + jenkins_config.set(prefix, 'outdir_structure', "\"" + dir_structure + "\"") + jenkins_config.set(prefix, 'tf_or_tofu', "\"" + tf_or_tofu + "\"") file = open(jenkins_properties_file_path, "w") jenkins_config.write(file) @@ -218,15 +239,15 @@ def update_devops_config(prefix,git_config_file, repo_ssh_url,files_in_repo,dir_ file.close() - # Update Environment variable for jenkins + """# Update Environment variable for jenkins yaml_file_path = jenkins_install + "/jcasc.yaml" if (os.path.exists(yaml_file_path)): with open(yaml_file_path) as yaml_file: cfg = yaml.load(yaml_file, Loader=yaml.FullLoader) cfg["jenkins"]["globalNodeProperties"] = [{'envVars': {'env': [{'key': 'customer_prefix', 'value': prefix}]}}] with open(yaml_file_path, "w") as yaml_file: - cfg = yaml.dump(cfg, stream=yaml_file, default_flow_style=False, sort_keys=False) - # Clean repo config if exists and initiate git repo + cfg = yaml.dump(cfg, stream=yaml_file, default_flow_style=False, sort_keys=False)""" + # Clean repo config if exists and initiate git repo subprocess.run(['git', 'init'], cwd=devops_dir,stdout=DEVNULL) subprocess.run(['git', 'config', '--global', 'init.defaultBranch', "main"], cwd=devops_dir) subprocess.run(['git', 'config', '--global', 'safe.directory', devops_dir], cwd=devops_dir) @@ -239,7 +260,7 @@ def update_devops_config(prefix,git_config_file, repo_ssh_url,files_in_repo,dir_ existing_remote = str(existing_remote).split('\'')[1][:-2] if existing_remote == "origin": subprocess.run(['git', 'remote','remove','origin'], cwd=devops_dir,stdout=DEVNULL) - subprocess.run(['git', 'remote', 'add', 'origin',repo_ssh_url], cwd=devops_dir,stdout=DEVNULL) + subprocess.run(['git', 'remote', 'add', 'origin',"ssh://"+prefix+":/"+repo_ssh_url_parts[1]], cwd=devops_dir,stdout=DEVNULL) try: subprocess.run(['git', 'fetch','-q'], cwd=devops_dir,stdout=DEVNULL) except Exception as e: @@ -255,7 +276,6 @@ def update_devops_config(prefix,git_config_file, repo_ssh_url,files_in_repo,dir_ # Create local branch "main" from remote "main" subprocess.run(['git', 'checkout', '-B', 'main','-q'], cwd=devops_dir,stdout=DEVNULL) subprocess.run(['git', 'pull', 'origin', 'main','-q'], cwd=devops_dir,stdout=DEVNULL,stderr=DEVNULL) - subprocess.run(['git', 'add', '-A'], cwd=devops_dir,stdout=DEVNULL) current_status = subprocess.run(['git', 'status','--porcelain'], cwd=devops_dir,capture_output=True).stdout @@ -354,13 +374,13 @@ def create_bucket(config, signer): if prefixes !=[]: if prefix in prefixes: print("WARNING!!! Container has already been successfuly connected to the tenancy with same prefix. Please proceed only if you re-running the script for new region subscription") - else: - print("WARNING!!! Container has already been successfully connected to the tenancy with these values of prefixes: "+str(list(set(prefixes)))) - print("WARNING!!! Toolkit usage with Jenkins has not been tested with running this script multiple times with different values of prefix in the properties file") - print("Jenkins is configured for the prefix used for the first successful execution of the script.") - inp = input("\nDo you want to proceed (y/n):") - if inp.lower()=="n": - exit(1) + #else: + #print("WARNING!!! Container has already been successfully connected to the tenancy with these values of prefixes: "+str(list(set(prefixes)))) + #print("WARNING!!! Toolkit usage with Jenkins has not been tested with running this script multiple times with different values of prefix in the properties file") + #print("Jenkins is configured for the prefix used for the first successful execution of the script.") + inp = input("\nDo you want to proceed (y/n):") + if inp.lower()=="n": + exit(1) # Initialize Tenancy Variables customer_tenancy_dir = user_dir + "/tenancies/" + prefix @@ -827,14 +847,17 @@ def create_bucket(config, signer): try: for image in paginate(cc.list_images, compartment_id=tenancy_id, operating_system='Oracle Linux', sort_by='TIMECREATED'): - if ("Gen2-GPU" not in image.display_name): + + if ("Gen2-GPU" not in image.display_name and "aarch" not in image.display_name and "Minimal" not in image.display_name): linux_image_id = image.id break + for image in paginate(cc.list_images, compartment_id=tenancy_id, operating_system='Windows', sort_by='TIMECREATED'): - if ("Gen2-GPU" not in image.display_name): + if ("Gen2" not in image.display_name and "Datacenter" not in image.display_name): windows_image_id= image.id break + except Exception as e: print(e) print("!!! Could not fetch the list of images for Windows and Oracle Linux to write to variables_"+region+".tf file!!!\n" @@ -1004,7 +1027,7 @@ def create_bucket(config, signer): if environ.get('JENKINS_HOME') is not None: jenkins_home = os.environ['JENKINS_HOME'] - git_config_file = config_files + "/" + prefix + "_git_config" + #git_config_file = config_files + "/" + prefix + "_git_config" #Get Username from $user_ocid if $oci_devops_git_user is left empty if "ocid1.user.oc" in devops_user: @@ -1015,7 +1038,7 @@ def create_bucket(config, signer): tenancy_data=identity_client.get_tenancy(tenancy_id=tenancy).data devops_user=user_data.name+"@"+tenancy_data.name - commit_id = update_devops_config(prefix,git_config_file, repo_ssh_url,files_in_repo, dir_values, devops_user, devops_user_key, devops_dir, ct) + commit_id = update_devops_config(prefix, repo_ssh_url,files_in_repo, dir_values, devops_user, devops_user_key, devops_dir, ct) del ct, config, signer # Logging information diff --git a/cd3_automation_toolkit/user-scripts/tenancyconfig.properties b/cd3_automation_toolkit/user-scripts/tenancyconfig.properties index 875ed1033..824392e21 100644 --- a/cd3_automation_toolkit/user-scripts/tenancyconfig.properties +++ b/cd3_automation_toolkit/user-scripts/tenancyconfig.properties @@ -35,6 +35,7 @@ fingerprint= # To have all the files generated in a single directory in the corresponding region, leave this variable blank. # To group resources into different directories within each region - specify the absolute path to the file. # The default file is specified below. You can make changes to the grouping in the below file to suit your deployment + #outdir_structure_file= #or outdir_structure_file=/cd3user/oci_tools/cd3_automation_toolkit/user-scripts/outdir_structure_file.properties @@ -47,7 +48,7 @@ tf_or_tofu=terraform # SSH Key for launched instances; Use '\n' as the delimiter to add multiple ssh keys. -# Example: "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" +# Example: ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf # Optional ssh_public_key= diff --git a/cd3_automation_toolkit/user-scripts/terraform/fss.tf b/cd3_automation_toolkit/user-scripts/terraform/fss.tf index 39b64ee40..62b89a289 100644 --- a/cd3_automation_toolkit/user-scripts/terraform/fss.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/fss.tf @@ -82,9 +82,9 @@ module "fss-replication" { for_each = (var.fss_replication != null || var.fss_replication != {}) ? var.fss_replication : {} #Required - compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null - source_id = length(regexall("ocid1.filesystem.oc1*", each.value.source_id)) > 0 ? each.value.source_id : merge(module.fss.*...)[each.value.source_id]["fss_tf_id"] - target_id = length(regexall("ocid1.filesystem.oc1*", each.value.target_id)) > 0 ? each.value.target_id : merge(module.fss.*...)[each.value.target_id]["fss_tf_id"] + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + source_id = length(regexall("ocid1.filesystem.oc*", each.value.source_id)) > 0 ? each.value.source_id : merge(module.fss.*...)[each.value.source_id]["fss_tf_id"] + target_id = length(regexall("ocid1.filesystem.oc*", each.value.target_id)) > 0 ? each.value.target_id : merge(module.fss.*...)[each.value.target_id]["fss_tf_id"] #Optional defined_tags = each.value.defined_tags display_name = each.value.display_name diff --git a/cd3_automation_toolkit/user-scripts/terraform/identity.tf b/cd3_automation_toolkit/user-scripts/terraform/identity.tf index e9d97d380..8657ae690 100644 --- a/cd3_automation_toolkit/user-scripts/terraform/identity.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/identity.tf @@ -113,42 +113,42 @@ output "root_compartments_map" { description = "Compartment ocid" // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. #value = element(concat(oci_identity_compartment.this.*.id, tolist([""])), 0) - value = [ for k,v in merge(module.iam-compartments.*...) : v.compartment_id] + value = [ for k,v in merge(module.iam-compartments.*...) : v.compartment_tf_id] } output "sub_compartments_level1_map" { description = "Compartment ocid" // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. #value = element(concat(oci_identity_compartment.this.*.id, tolist([""])), 0) - value = [ for k,v in merge(module.sub-compartments-level1.*...) : v.compartment_id] + value = [ for k,v in merge(module.sub-compartments-level1.*...) : v.compartment_tf_id] } output "sub_compartments_level2_map" { description = "Compartment ocid" // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. #value = element(concat(oci_identity_compartment.this.*.id, tolist([""])), 0) - value = [ for k,v in merge(module.sub-compartments-level2.*...) : v.compartment_id] + value = [ for k,v in merge(module.sub-compartments-level2.*...) : v.compartment_tf_id] } output "sub_compartments_level3_map" { description = "Compartment ocid" // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. #value = element(concat(oci_identity_compartment.this.*.id, tolist([""])), 0) - value = [ for k,v in merge(module.sub-compartments-level3.*...) : v.compartment_id] + value = [ for k,v in merge(module.sub-compartments-level3.*...) : v.compartment_tf_id] } output "sub_compartments_level4_map" { description = "Compartment ocid" // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. #value = element(concat(oci_identity_compartment.this.*.id, tolist([""])), 0) - value = [ for k,v in merge(module.sub-compartments-level4.*...) : v.compartment_id] + value = [ for k,v in merge(module.sub-compartments-level4.*...) : v.compartment_tf_id] } output "sub_compartments_level5_map" { description = "Compartment ocid" // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. #value = element(concat(oci_identity_compartment.this.*.id, tolist([""])), 0) - value = [ for k,v in merge(module.sub-compartments-level5.*...) : v.compartment_id] + value = [ for k,v in merge(module.sub-compartments-level5.*...) : v.compartment_tf_id] } */ @@ -285,7 +285,7 @@ module "iam-network-sources" { data "oci_identity_domains" "iam_domains" { for_each = merge(var.identity_domain_groups,var.identity_domain_users) # Required - compartment_id = var.compartment_ocids[each.value.compartment_id] + compartment_id = var.compartment_ocids[each.value.domain_compartment_id] # Optional display_name = each.value.idcs_endpoint } @@ -300,12 +300,13 @@ module "groups" { group_name = each.value.group_name group_description = each.value.group_description matching_rule = each.value.matching_rule - compartment_id = each.value.compartment_id != "root" ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : var.tenancy_ocid + compartment_id = each.value.domain_compartment_id != "root" ? (length(regexall("ocid1.compartment.oc*", each.value.domain_compartment_id)) > 0 ? each.value.domain_compartment_id : var.compartment_ocids[each.value.domain_compartment_id]) : var.tenancy_ocid identity_domain = data.oci_identity_domains.iam_domains[each.key].domains[0] tenancy_ocid = var.tenancy_ocid members = each.value.members != null ? each.value.members : [] #Optional + user_can_request_access = each.value.user_can_request_access defined_tags = each.value.defined_tags freeform_tags_key = each.value.freeform_tags != null ? each.value.freeform_tags.key : null freeform_tags_value = each.value.freeform_tags != null ? each.value.freeform_tags.value : null @@ -322,19 +323,24 @@ module "users" { #depends_on = [module.iam-groups] for_each = var.identity_domain_users user_name = each.value.user_name - family_name = each.value.family_name + family_name = each.value.name.family_name + given_name = each.value.name.given_name + middle_name = each.value.name.middle_name + honorific_prefix = each.value.name.honorific_prefix + display_name = each.value.display_name identity_domain = data.oci_identity_domains.iam_domains[each.key].domains[0] - compartment_id = each.value.compartment_id != "root" ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : var.tenancy_ocid + compartment_id = each.value.domain_compartment_id != "root" ? (length(regexall("ocid1.compartment.oc*", each.value.domain_compartment_id)) > 0 ? each.value.domain_compartment_id : var.compartment_ocids[each.value.domain_compartment_id]) : var.tenancy_ocid description = each.value.description email = each.value.email + recovery_email = each.value.recovery_email tenancy_ocid = var.tenancy_ocid groups = each.value.groups != null ? each.value.groups : null - + home_phone_number = each.value.home_phone_number + mobile_phone_number = each.value.mobile_phone_number enabled_capabilities = each.value.enabled_capabilities #Optional defined_tags = each.value.defined_tags freeform_tags_key = each.value.freeform_tags != null ? each.value.freeform_tags.key : null freeform_tags_value = each.value.freeform_tags != null ? each.value.freeform_tags.value : null - } \ No newline at end of file diff --git a/cd3_automation_toolkit/user-scripts/terraform/loadbalancer.tf b/cd3_automation_toolkit/user-scripts/terraform/loadbalancer.tf index ea0eb5e11..19a9a78d2 100644 --- a/cd3_automation_toolkit/user-scripts/terraform/loadbalancer.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/loadbalancer.tf @@ -324,8 +324,9 @@ output "logs_id" { } */ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################################ # Module Block - Reserved IPs for LBaaS # Create Reserved IPs for LBaaS diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/compute/instance/main.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/compute/instance/main.tf index 176be951a..ddb6f3e7e 100755 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/compute/instance/main.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/modules/compute/instance/main.tf @@ -200,8 +200,9 @@ resource "null_resource" "shell-remote-exec" { } -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# #################################### ## Resource Boot Volume - Backup Policy ## Create Boot Volume Backup Policy diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/database/dbsystem-vm-bm/main.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/database/dbsystem-vm-bm/main.tf index 10a259dde..920624ecd 100644 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/database/dbsystem-vm-bm/main.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/modules/database/dbsystem-vm-bm/main.tf @@ -91,7 +91,7 @@ resource "oci_database_db_system" "database_db_system" { freeform_tags = var.freeform_tags lifecycle { - ignore_changes = [db_home[0].database[0].defined_tags["Oracle-Tags.CreatedOn"]] + ignore_changes = [db_home[0].database[0].defined_tags["Oracle-Tags.CreatedOn"],db_home[0].database[0].defined_tags["Oracle-Tags.CreatedBy"],db_home[0].database[0].db_backup_config[0].auto_full_backup_day] } } diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget-alert-rule/main.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget-alert-rule/main.tf deleted file mode 100644 index 4095c0946..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget-alert-rule/main.tf +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -################################ -## Resource Block - Governance -## Create Budget Alert Rule -################################ - -resource "oci_budget_alert_rule" "alert_rule" { - #Required - budget_id = var.budget_id - threshold = var.threshold - threshold_type = var.threshold_type - type = var.type - - #Optional - defined_tags = var.defined_tags - description = var.description - display_name = var.display_name - freeform_tags = var.freeform_tags - message = var.message - recipients = var.recipients - -} diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget-alert-rule/oracle_provider_req.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget-alert-rule/oracle_provider_req.tf deleted file mode 100644 index e52742e05..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget-alert-rule/oracle_provider_req.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - oci = { - source = "oracle/oci" - } - } -} \ No newline at end of file diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget-alert-rule/outputs.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget-alert-rule/outputs.tf deleted file mode 100644 index 75bd3c3f1..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget-alert-rule/outputs.tf +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -################################ -## Outputs Block - Governance -## Create Budget Alert Rule -################################ - -output "budget_alert_rule_tf_id" { - value = oci_budget_alert_rule.alert_rule.id -} \ No newline at end of file diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget-alert-rule/variables.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget-alert-rule/variables.tf deleted file mode 100644 index 1985af72b..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget-alert-rule/variables.tf +++ /dev/null @@ -1,60 +0,0 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -################################# -## Variables Block - Governance -## Create Budget Alert Rule -################################# - -variable "budget_id" { - description = "The unique budget OCID." - type = string -} - -variable "threshold" { - description = "The threshold for triggering the alert, expressed as a whole number or decimal value. If the thresholdType is ABSOLUTE, the threshold can have at most 12 digits before the decimal point, and up to two digits after the decimal point. If the thresholdType is PERCENTAGE, the maximum value is 10000 and can have up to two digits after the decimal point." - type = string -} - -variable "threshold_type" { - description = "The type of threshold." - type = string -} - -variable "type" { - description = " The type of the alert. Valid values are ACTUAL (the alert triggers based on actual usage), or FORECAST (the alert triggers based on predicted usage)." - type = string - default = null -} - -variable "defined_tags" { - description = "Defined tags for the volume" - type = map(string) - default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", - "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" - } -} - -variable "description" { - description = "The description of the budget." - type = string -} - -variable "display_name" { - description = "The displayName of the budget. Avoid entering confidential information." - type = string -} - -variable "freeform_tags" { - description = "Free-form tags for the volume" - type = map(string) -} - -variable "message" { - description = "The message to be sent to the recipients when the alert rule is triggered." - type = string -} - -variable "recipients" { - description = "The audience that receives the alert when it triggers. An empty string is interpreted as null." - type = string -} diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget/main.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget/main.tf deleted file mode 100644 index 3552a42ee..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget/main.tf +++ /dev/null @@ -1,25 +0,0 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -################################ -## Resource Block - Governance -## Create Budget -################################ - -resource "oci_budget_budget" "budget" { - #Required - amount = var.amount - compartment_id = var.compartment_id - reset_period = var.reset_period - - #Optional - budget_processing_period_start_offset = var.budget_processing_period_start_offset - defined_tags = var.defined_tags - description = var.description - display_name = var.display_name - freeform_tags = var.freeform_tags - processing_period_type = var.processing_period_type - #target_compartment_id = var.target_compartment_id - target_type = var.target_type - targets = var.targets - -} diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget/oracle_provider_req.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget/oracle_provider_req.tf deleted file mode 100644 index e52742e05..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget/oracle_provider_req.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - oci = { - source = "oracle/oci" - } - } -} \ No newline at end of file diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget/outputs.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget/outputs.tf deleted file mode 100644 index 400764934..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget/outputs.tf +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -################################ -## Outputs Block - Governance -## Create Budget -################################ - -output "budget_tf_id" { - value = oci_budget_budget.budget.id -} \ No newline at end of file diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget/variables.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget/variables.tf deleted file mode 100644 index 41bbf96b5..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/governance/billing/budget/variables.tf +++ /dev/null @@ -1,72 +0,0 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -################################# -## Variables Block - Governance -## Create Budget -################################# - -variable "compartment_id" { - description = "Compartment OCID to provision the Budget" - type = string -} - -variable "amount" { - description = "The amount of the budget expressed as a whole number in the currency of the customer's rate card." - type = number -} - -variable "reset_period" { - description = "The reset period for the budget. Valid value is MONTHLY." - type = string -} - -variable "budget_processing_period_start_offset" { - description = "The number of days offset from the first day of the month, at which the budget processing period starts." - type = string - default = null -} - -variable "processing_period_type" { - description = "The type of the budget processing period. Valid values are INVOICE and MONTH." - type = string - default = null -} - -variable "defined_tags" { - description = "Defined tags for the volume" - type = map(string) - default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", - "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" - } -} - -variable "freeform_tags" { - description = "Free-form tags for the volume" - type = map(string) -} - -variable "description" { - description = "The description of the budget." - type = string -} - -variable "display_name" { - description = "The displayName of the budget. Avoid entering confidential information." - type = string -} - -/* -variable "target_compartment_id" { - description = "This is DEPRECATED. Set the target compartment ID in targets instead." - type = string -}*/ - -variable "target_type" { - description = "The type of target on which the budget is applied." - type = string -} - -variable "targets" { - description = "The list of targets on which the budget is applied. If targetType is 'COMPARTMENT', the targets contain the list of compartment OCIDs. If targetType is 'TAG', the targets contain the list of cost tracking tag identifiers in the form of '{tagNamespace}.{tagKey}.{tagValue}'. Curerntly, the array should contain exactly one item." - type = list(any) -} diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/identity/iam-group/main.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/identity/iam-group/main.tf index 04b5b1b0a..01ec84508 100644 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/identity/iam-group/main.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/modules/identity/iam-group/main.tf @@ -1,4 +1,6 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# ############################ # Resource Block - Identity # Create Groups diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/identity/identity-domain-group/main.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/identity/identity-domain-group/main.tf index 3df671155..4b175c5e7 100644 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/identity/identity-domain-group/main.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/modules/identity/identity-domain-group/main.tf @@ -8,7 +8,7 @@ locals { user_ids = { for user in data.oci_identity_domains_users.users.users : - user.user_name => user.id + user.user_name => user.id... } } @@ -33,10 +33,15 @@ resource "oci_identity_domains_group" "group" { for_each = {for k in var.members: k=>k} content { type = "User" - value = local.user_ids[members.value] + value = local.user_ids[members.value][0] } } + urnietfparamsscimschemasoracleidcsextensionrequestable_group { + #Optional + requestable = var.user_can_request_access + + } urnietfparamsscimschemasoracleidcsextension_oci_tags { # Optional diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/identity/identity-domain-group/variables.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/identity/identity-domain-group/variables.tf index 6330456d5..a702f1ed8 100644 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/identity/identity-domain-group/variables.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/modules/identity/identity-domain-group/variables.tf @@ -18,14 +18,6 @@ variable "user_id" { default = null } -/*variable "members" { - type = list(object({ - type = string - value = string - })) - default = [] -}*/ - variable "members" { description = "List of email ids of the users" type = list(string) @@ -81,3 +73,8 @@ variable "freeform_tags_value" { default = "" } +variable "user_can_request_access" { + type = bool + description = "Specifies whether user can request access to the group" + +} diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/identity/identity-domain-user/main.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/identity/identity-domain-user/main.tf index 9ec42d61d..0f12fef69 100644 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/identity/identity-domain-user/main.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/modules/identity/identity-domain-user/main.tf @@ -17,17 +17,39 @@ resource "oci_identity_domains_user" "user" { description = var.description name { family_name = var.family_name + given_name = var.given_name + middle_name = var.middle_name + honorific_prefix = var.honorific_prefix } idcs_endpoint = var.identity_domain.url - user_name = var.user_name + user_name = var.user_name + display_name = var.display_name emails { - primary = "true" - secondary = "false" + primary = true + secondary = false type = "work" - value = var.email - verified = "false" + value = var.email + verified = false + } + emails { + type = "recovery" + value = var.recovery_email + } + dynamic "phone_numbers" { + for_each = can(var.home_phone_number) && var.home_phone_number != null ? [var.home_phone_number] : [] + content { + type = "home" + value = phone_numbers.value + } } + dynamic "phone_numbers" { + for_each = can(var.mobile_phone_number) && var.mobile_phone_number != null ? [var.mobile_phone_number] : [] + content { + type = "mobile" + value = phone_numbers.value + } + } urnietfparamsscimschemasoracleidcsextensioncapabilities_user { can_use_api_keys = contains(var.enabled_capabilities, "api_keys") ? true :false @@ -67,8 +89,4 @@ resource "oci_identity_domains_user" "user" { emails ] } -} - - - - +} \ No newline at end of file diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/identity/identity-domain-user/variables.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/identity/identity-domain-user/variables.tf index d7437b3a6..0fdbb6346 100644 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/identity/identity-domain-user/variables.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/modules/identity/identity-domain-user/variables.tf @@ -53,7 +53,19 @@ variable "groups" { variable "family_name" { - description = "Family Name of the user" + description = "Last Name of the user" + type = string + default = "Default" +} + +variable "given_name" { + description = "First Name of the user" + type = string + default = "Default" +} + +variable "display_name" { + description = "Display Name of the user" type = string default = "Default" } @@ -68,6 +80,24 @@ variable "email" { default = null } +variable "home_phone_number" { + type = string + description = "Home phone number of the user" + default = null +} + +variable "mobile_phone_number" { + type = string + description = "Mobile phone number of the user" + default = null +} + +variable "recovery_email" { + type = string + description = "The recovery email you assign to the User. It's changeable. " + default = null +} + variable "enabled_capabilities" { type = list(string) description = "The name of the capabilities enabled for user" @@ -92,4 +122,16 @@ variable "freeform_tags_key" { variable "freeform_tags_value" { type = string default = "" -} \ No newline at end of file +} + +variable "honorific_prefix" { + type = string + default = "" +} + +variable "middle_name" { + type = string + default = "" +} + + diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/managementservices/event/main.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/managementservices/event/main.tf index 1c896c30e..f4a040c2a 100644 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/managementservices/event/main.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/modules/managementservices/event/main.tf @@ -17,7 +17,7 @@ resource "oci_events_rule" "event" { condition = var.condition actions { dynamic "actions" { - for_each = var.actions[var.key_name]["actions"] != [] ? var.actions[var.key_name]["actions"] : null + for_each = var.actions[var.key_name]["actions"] != [] ? var.actions[var.key_name]["actions"] : [] content { #Required action_type = actions.value.action_type diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-route-table/main.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-route-table/main.tf deleted file mode 100644 index e5de53947..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-route-table/main.tf +++ /dev/null @@ -1,125 +0,0 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -############################ -# Resource Block - Network -# Create Default Route Table -############################ - -# Data Source for Service Gateway -data "oci_core_services" "oci_services" { -} - -resource "oci_core_default_route_table" "default_route_table" { - - #Required - manage_default_resource_id = var.manage_default_resource_id - - #Optional - defined_tags = var.defined_tags - display_name = var.display_name - freeform_tags = var.freeform_tags - - # Create Private IP Routes - dynamic "route_rules" { - for_each = var.rt_details[var.key_name].route_rules_ip != [] ? var.rt_details[var.key_name].route_rules_ip : [] - - content { - #Required - network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.privateip.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : "" - - #Optional - description = route_rules.value["description"] - destination = route_rules.value["destination"] - destination_type = route_rules.value["destination_type"] - } - } - - # Create LPG Routes - dynamic "route_rules" { - for_each = var.rt_details[var.key_name].route_rules_lpg != [] ? var.rt_details[var.key_name].route_rules_lpg : [] - - content { - #Required - network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.localpeeringgateway.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : try(var.hub_lpg_id[route_rules.value["network_entity_id"]]["lpg_tf_id"], var.spoke_lpg_id[route_rules.value["network_entity_id"]]["lpg_tf_id"], var.exported_lpg_id[route_rules.value["network_entity_id"]]["lpg_tf_id"], var.drg_id[route_rules.value["network_entity_id"]]["drg_tf_id"]) - - #Optional - description = route_rules.value["description"] - destination = route_rules.value["destination"] - destination_type = route_rules.value["destination_type"] - } - } - - # Create IGW Routes - dynamic "route_rules" { - for_each = var.rt_details[var.key_name].route_rules_igw != [] ? var.rt_details[var.key_name].route_rules_igw : [] - - content { - #Required - network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.internetgateway.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : var.igw_id[route_rules.value["network_entity_id"]]["igw_tf_id"] - - #Optional - description = route_rules.value["description"] - destination = route_rules.value["destination"] - destination_type = route_rules.value["destination_type"] - } - } - - # Create DRG Routes - dynamic "route_rules" { - for_each = var.rt_details[var.key_name].route_rules_drg != [] ? var.rt_details[var.key_name].route_rules_drg : [] - - content { - #Required - network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.drg.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : var.drg_id[route_rules.value["network_entity_id"]]["drg_tf_id"] - - - #length(regexall("ocid1.drg.oc*", route_rules.value["network_entity_id"])) > 0 ? route_rules.value["network_entity_id"] : null - - #Optional - description = route_rules.value["description"] - destination = route_rules.value["destination"] - destination_type = route_rules.value["destination_type"] - } - } - - # Create NAT Routes - dynamic "route_rules" { - for_each = var.rt_details[var.key_name].route_rules_ngw != [] ? var.rt_details[var.key_name].route_rules_ngw : [] - - content { - #Required - network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.natgateway.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : var.ngw_id[route_rules.value["network_entity_id"]]["ngw_tf_id"] - - - #length(regexall("ocid1.drg.oc*", route_rules.value["network_entity_id"])) > 0 ? route_rules.value["network_entity_id"] : null - - #Optional - description = route_rules.value["description"] - destination = route_rules.value["destination"] - destination_type = route_rules.value["destination_type"] - } - } - - # Create SGW Routes - dynamic "route_rules" { - for_each = var.rt_details[var.key_name].route_rules_sgw != [] ? var.rt_details[var.key_name].route_rules_sgw : [] - - content { - #Required - network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.servicegateway.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : var.sgw_id[route_rules.value["network_entity_id"]]["sgw_tf_id"] - - - #length(regexall("ocid1.drg.oc*", route_rules.value["network_entity_id"])) > 0 ? route_rules.value["network_entity_id"] : null - - #Optional - description = route_rules.value["description"] - destination = contains(split("-", route_rules.value["destination"]), "all") == true ? (contains(split("-", data.oci_core_services.oci_services.services.0.cidr_block), "all") == true ? data.oci_core_services.oci_services.services.0.cidr_block : data.oci_core_services.oci_services.services.1.cidr_block) : (contains(split("-", data.oci_core_services.oci_services.services.0.cidr_block), "objectstorage") == true ? data.oci_core_services.oci_services.services.0.cidr_block : data.oci_core_services.oci_services.services.1.cidr_block) - destination_type = route_rules.value["destination_type"] - } - } - - lifecycle { - create_before_destroy = true - } - -} \ No newline at end of file diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-route-table/oracle_provider_req.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-route-table/oracle_provider_req.tf deleted file mode 100644 index e52742e05..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-route-table/oracle_provider_req.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - oci = { - source = "oracle/oci" - } - } -} \ No newline at end of file diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-route-table/outputs.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-route-table/outputs.tf deleted file mode 100644 index 5c167539f..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-route-table/outputs.tf +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -############################ -# Output Block - Network -# Create Default Route Table -############################ - -output "default_route_table_tf_id" { - value = oci_core_default_route_table.default_route_table.id -} \ No newline at end of file diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-route-table/variables.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-route-table/variables.tf deleted file mode 100644 index bb5b77f6b..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-route-table/variables.tf +++ /dev/null @@ -1,70 +0,0 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -############################ -# Variable Block - Network -# Create Default Route Table -############################ - -variable "manage_default_resource_id" { - type = string - default = null -} - -variable "key_name" { - type = string - default = null -} - -variable "igw_id" {} -variable "ngw_id" {} -variable "sgw_id" {} -variable "drg_id" {} -variable "hub_lpg_id" {} -variable "spoke_lpg_id" {} -variable "exported_lpg_id" {} - -variable "rt_details" { - type = map(any) -} - -variable "cidr_block" { - type = string - default = null -} - -variable "defined_tags" { - type = map(any) - default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", - "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" - } -} - -variable "display_name" { - type = string - default = null -} - -variable "freeform_tags" { - type = map(any) - default = {} -} - -variable "network_entity_id" { - type = string - default = null -} - -variable "description" { - type = string - default = null -} - -variable "destination" { - type = string - default = null -} - -variable "destination_type" { - type = string - default = null -} \ No newline at end of file diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-sec-list/main.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-sec-list/main.tf deleted file mode 100644 index 66070c86f..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-sec-list/main.tf +++ /dev/null @@ -1,157 +0,0 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -############################ -# Resource Block - Network -# Create Default Security List -############################ - -resource "oci_core_default_security_list" "default_security_list" { - - #Required - manage_default_resource_id = var.manage_default_resource_id - - #Optional - defined_tags = var.defined_tags - display_name = var.display_name - freeform_tags = var.freeform_tags - - dynamic "ingress_security_rules" { - for_each = try((var.seclist_details[var.key_name].ingress_sec_rules != [] && var.seclist_details[var.key_name].ingress_sec_rules.0.protocol != null ? var.seclist_details[var.key_name].ingress_sec_rules : []), []) - - content { - #Required - protocol = ingress_security_rules.value.protocol - source = ingress_security_rules.value.source - - #Optional - description = ingress_security_rules.value.description - - # If type and code - dynamic "icmp_options" { - for_each = try((ingress_security_rules.value.options.icmp.0.code != null && ingress_security_rules.value.options.icmp.0.type != null ? ingress_security_rules.value.options.icmp : []), []) - content { - #Required - type = ingress_security_rules.value.options.icmp.0.type - - #Optional - code = ingress_security_rules.value.options.icmp.0.code - } - } - - # If type and no code - dynamic "icmp_options" { - for_each = try((ingress_security_rules.value.options.icmp.0.code == null ? ingress_security_rules.value.options.icmp : []), try(ingress_security_rules.value.options.icmp.0.type != null ? ingress_security_rules.value.options.icmp : []), []) - content { - #Required - type = ingress_security_rules.value.options.icmp.0.type - } - } - - source_type = try(ingress_security_rules.value.source_type, null) - stateless = try(ingress_security_rules.value.stateless, null) - - dynamic "tcp_options" { - for_each = try((ingress_security_rules.value.options.tcp != [] ? ingress_security_rules.value.options.tcp : []), []) - content { - min = tcp_options.value.destination_port_range_min != null ? tcp_options.value.destination_port_range_min : null - max = tcp_options.value.destination_port_range_max != null ? tcp_options.value.destination_port_range_max : null - dynamic "source_port_range" { - for_each = try((tcp_options.value.source_port_range_min != null || tcp_options.value.source_port_range_max != null ? ingress_security_rules.value.options.tcp : []), []) - content { - #Required - max = source_port_range.value.source_port_range_max != null ? source_port_range.value.source_port_range_max : null - min = source_port_range.value.source_port_range_min != null ? source_port_range.value.source_port_range_min : null - } - } - } - } - - dynamic "udp_options" { - for_each = try((ingress_security_rules.value.options.udp != [] && var.seclist_details[var.key_name].ingress_sec_rules.0.protocol != null ? ingress_security_rules.value.options.udp : []), []) - content { - #Optional - max = udp_options.value.destination_port_range_max != null ? udp_options.value.destination_port_range_max : null - min = udp_options.value.destination_port_range_min != null ? udp_options.value.destination_port_range_min : null - dynamic "source_port_range" { - for_each = try((udp_options.value.source_port_range_min != null || udp_options.value.source_port_range_max != null != [] ? ingress_security_rules.value.options.udp : []), []) - content { - #Required - max = source_port_range.value.source_port_range_max != null ? source_port_range.value.source_port_range_max : null - min = source_port_range.value.source_port_range_min != null ? source_port_range.value.source_port_range_min : null - } - } - } - } - } - } - - dynamic "egress_security_rules" { - for_each = try((var.seclist_details[var.key_name].egress_sec_rules != [] && var.seclist_details[var.key_name].egress_sec_rules.0.protocol != null ? var.seclist_details[var.key_name].egress_sec_rules : []), []) - - content { - #Required - protocol = egress_security_rules.value.protocol - destination = egress_security_rules.value.destination - - #Optional - description = egress_security_rules.value.description - - # If type and code - dynamic "icmp_options" { - for_each = try((egress_security_rules.value.options.icmp.0.code != null && egress_security_rules.value.options.icmp.0.type != null ? egress_security_rules.value.options.icmp : []), []) - content { - #Required - type = egress_security_rules.value.options.icmp.0.type - #Optional - code = egress_security_rules.value.options.icmp.0.code - } - } - - # If type and no code - dynamic "icmp_options" { - for_each = try((egress_security_rules.value.options.icmp.0.code == null ? egress_security_rules.value.options.icmp : []), try(egress_security_rules.value.options.icmp.0.type != null ? egress_security_rules.value.options.icmp : []), []) - content { - #Required - type = egress_security_rules.value.options.icmp.0.type - } - } - - - destination_type = try(egress_security_rules.value.destination_type, null) - stateless = try(egress_security_rules.value.stateless, null) - - dynamic "tcp_options" { - for_each = try((egress_security_rules.value.options.tcp != [] ? egress_security_rules.value.options.tcp : []), []) - content { - min = tcp_options.value.destination_port_range_min != null ? tcp_options.value.destination_port_range_min : null - max = tcp_options.value.destination_port_range_max != null ? tcp_options.value.destination_port_range_max : null - dynamic "source_port_range" { - for_each = try((tcp_options.value.source_port_range_min != null || tcp_options.value.source_port_range_max != null ? egress_security_rules.value.options.tcp : []), []) - content { - #Required - max = source_port_range.value.source_port_range_max != null ? source_port_range.value.source_port_range_max : null - min = source_port_range.value.source_port_range_min != null ? source_port_range.value.source_port_range_min : null - } - } - } - } - - dynamic "udp_options" { - for_each = try((egress_security_rules.value.options.udp != [] ? egress_security_rules.value.options.udp : []), []) - content { - #Optional - max = udp_options.value.destination_port_range_max != null ? udp_options.value.destination_port_range_max : null - min = udp_options.value.destination_port_range_min != null ? udp_options.value.destination_port_range_min : null - dynamic "source_port_range" { - for_each = try((udp_options.value.source_port_range_min != null || udp_options.value.source_port_range_max != null != [] ? egress_security_rules.value.options.udp : []), []) - content { - #Required - max = source_port_range.value.source_port_range_max != null ? source_port_range.value.source_port_range_max : null - min = source_port_range.value.source_port_range_min != null ? source_port_range.value.source_port_range_min : null - } - } - } - } - } - } -} \ No newline at end of file diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-sec-list/oracle_provider_req.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-sec-list/oracle_provider_req.tf deleted file mode 100644 index e52742e05..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-sec-list/oracle_provider_req.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - oci = { - source = "oracle/oci" - } - } -} \ No newline at end of file diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-sec-list/outputs.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-sec-list/outputs.tf deleted file mode 100644 index f8fd1fa44..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-sec-list/outputs.tf +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -############################ -# Output Block - Network -# Create Default Security List -############################ - -output "default_seclist_tf_id" { - value = oci_core_default_security_list.default_security_list.id -} \ No newline at end of file diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-sec-list/variables.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-sec-list/variables.tf deleted file mode 100644 index 36df16ceb..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/network/default-sec-list/variables.tf +++ /dev/null @@ -1,183 +0,0 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -############################ -# Variable Block - Network -# Create Default Security List -############################ - -variable "manage_default_resource_id" { - type = string - default = null -} - -variable "key_name" { - type = string - default = null -} - -variable "defined_tags" { - type = map(any) - default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", - "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" - } -} - -variable "seclist_details" { - type = map(any) -} - -variable "display_name" { - type = string - default = null -} - -variable "freeform_tags" { - type = map(any) - default = {} -} - -variable "egress_security_rules_destination" { - type = string - default = null -} - -variable "egress_security_rules_protocol" { - type = string - default = null -} - -variable "egress_security_rules_description" { - type = string - default = null -} - -variable "egress_security_rules_destination_type" { - type = string - default = null -} - -variable "egress_security_rules_icmp_options_type" { - type = string - default = null -} - -variable "egress_security_rules_icmp_options_code" { - type = number - default = null -} - -variable "egress_security_rules_stateless" { - type = bool - default = false -} - -variable "egress_security_rules_tcp_options_destination_port_range_max" { - type = number - default = null -} - -variable "egress_security_rules_tcp_options_destination_port_range_min" { - type = number - default = null -} - -variable "egress_security_rules_tcp_options_source_port_range_max" { - type = number - default = null -} - -variable "egress_security_rules_tcp_options_source_port_range_min" { - type = number - default = null -} -variable "egress_security_rules_udp_options_destination_port_range_max" { - type = number - default = null -} - -variable "egress_security_rules_udp_options_destination_port_range_min" { - type = number - default = null -} -variable "egress_security_rules_udp_options_source_port_range_max" { - type = number - default = null -} - -variable "egress_security_rules_udp_options_source_port_range_min" { - type = number - default = null -} - -variable "ingress_security_rules_source" { - type = string - default = null -} - -variable "ingress_security_rules_protocol" { - type = string - default = null -} - -variable "ingress_security_rules_description" { - type = string - default = null -} - -variable "ingress_security_rules_source_type" { - type = string - default = null -} - -variable "ingress_security_rules_icmp_options_type" { - type = string - default = null -} - -variable "ingress_security_rules_icmp_options_code" { - type = number - default = null -} - -variable "ingress_security_rules_stateless" { - type = bool - default = false -} - -variable "ingress_security_rules_tcp_options_destination_port_range_max" { - type = number - default = null -} - -variable "ingress_security_rules_tcp_options_destination_port_range_min" { - type = number - default = null -} - -variable "ingress_security_rules_tcp_options_source_port_range_max" { - type = number - default = null -} - -variable "ingress_security_rules_tcp_options_source_port_range_min" { - type = number - default = null -} -variable "ingress_security_rules_udp_options_destination_port_range_max" { - type = number - default = null -} - -variable "ingress_security_rules_udp_options_destination_port_range_min" { - type = number - default = null -} -variable "ingress_security_rules_udp_options_source_port_range_max" { - type = number - default = null -} - -variable "ingress_security_rules_udp_options_source_port_range_min" { - type = number - default = null -} \ No newline at end of file diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/networkloadbalancer/nlb-backend/data.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/networkloadbalancer/nlb-backend/data.tf index edeaa5d61..4f6c8dfa1 100644 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/networkloadbalancer/nlb-backend/data.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/modules/networkloadbalancer/nlb-backend/data.tf @@ -26,6 +26,13 @@ data "oci_core_vnic_attachments" "nlb_instance_vnic_attachments" { count = length(regexall("IP:*", var.ip_address)) == 0 ? 1 : 0 compartment_id = var.instance_compartment instance_id = merge(local.nlb_instance_ocid.ocid.*...)[split("NAME:", var.ip_address)[1]][0] + #dynamic "filter" { + # for_each = var.vnic_vlan !=null ? [1] : [] + # content { + # name = "vlan_tag" + # values = [var.vnic_vlan] + # } + #} } # Filter on VNIC OCID diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/networkloadbalancer/nlb-backend/main.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/networkloadbalancer/nlb-backend/main.tf index 43079a11c..0913e8a86 100644 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/networkloadbalancer/nlb-backend/main.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/modules/networkloadbalancer/nlb-backend/main.tf @@ -13,7 +13,8 @@ resource "oci_network_load_balancer_backend" "backend" { port = var.port #Optional - ip_address = var.ip_address != "" ? (length(regexall("IP:", var.ip_address)) > 0 ? split("IP:", var.ip_address)[1] : data.oci_core_instance.nlb_instance_ip[0].private_ip) : null + #ip_address = var.ip_address != "" ? (length(regexall("IP:", var.ip_address)) > 0 ? split("IP:", var.ip_address)[1] : data.oci_core_instance.nlb_instance_ip[0].private_ip) : null + ip_address = var.ip_address != "" ? (length(regexall("IP:", var.ip_address)) > 0 ? split("IP:", var.ip_address)[1] : data.oci_core_private_ips.private_ips_by_ip_address[0].private_ips[0].ip_address) : null is_drain = var.is_drain is_backup = var.is_backup is_offline = var.is_offline diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/networkloadbalancer/nlb-backend/variables.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/networkloadbalancer/nlb-backend/variables.tf index 806796e25..68e72ed59 100644 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/networkloadbalancer/nlb-backend/variables.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/modules/networkloadbalancer/nlb-backend/variables.tf @@ -31,6 +31,12 @@ variable "port" { default = null } +variable "vnic_vlan" { + type = string + description = " The VNIC the backend server." + default = null +} + variable "ip_address" { type = string description = " The IP address of the backend server." diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/sddc/main.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/sddc/main.tf deleted file mode 100644 index 007378f8b..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/sddc/main.tf +++ /dev/null @@ -1,66 +0,0 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -############################ -# Resource Block - SDDC -# Create SDDC -############################ -resource "oci_ocvp_sddc" "sddc" { - compartment_id = var.compartment_id - vmware_software_version = var.vmware_software_version - ssh_authorized_keys = var.ssh_authorized_keys - - - initial_configuration { - initial_cluster_configurations { - initial_commitment = var.initial_sku - compute_availability_domain = var.compute_availability_domain - esxi_hosts_count = var.esxi_hosts_count - vsphere_type = "MANAGEMENT" - initial_host_ocpu_count = var.initial_host_ocpu_count - initial_host_shape_name = var.initial_host_shape_name - instance_display_name_prefix = var.instance_display_name_prefix - is_shielded_instance_enabled = var.is_shielded_instance_enabled - capacity_reservation_id = var.capacity_reservation_id - workload_network_cidr = var.workload_network_cidr - - network_configuration { - nsx_edge_uplink1vlan_id = var.nsx_edge_uplink1vlan_id - nsx_edge_uplink2vlan_id = var.nsx_edge_uplink2vlan_id - nsx_edge_vtep_vlan_id = var.nsx_edge_vtep_vlan_id - nsx_vtep_vlan_id = var.nsx_vtep_vlan_id - provisioning_subnet_id = var.provisioning_subnet_id - vmotion_vlan_id = var.vmotion_vlan_id - vsan_vlan_id = var.vsan_vlan_id - vsphere_vlan_id = var.vsphere_vlan_id - provisioning_vlan_id = var.provisioning_vlan_id - replication_vlan_id = var.replication_vlan_id - hcx_vlan_id = var.hcx_vlan_id - } - - - dynamic "datastores" { - for_each = length(var.management_datastore) != 0 ? [1] : [] - content { - datastore_type = "MANAGEMENT" - block_volume_ids = var.management_datastore - } - } - dynamic "datastores" { - for_each = length(var.workload_datastore) != 0 ? [1] : [] - content { - datastore_type = "WORKLOAD" - block_volume_ids = var.workload_datastore - } - } - } - } - - #Optional - defined_tags = var.defined_tags - display_name = var.display_name - freeform_tags = var.freeform_tags - hcx_action = var.hcx_action - is_hcx_enabled = var.is_hcx_enabled - is_single_host_sddc = var.is_single_host_sddc -} - diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/sddc/oracle_provider_req.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/sddc/oracle_provider_req.tf deleted file mode 100644 index e52742e05..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/sddc/oracle_provider_req.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - oci = { - source = "oracle/oci" - } - } -} \ No newline at end of file diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/sddc/outputs.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/sddc/outputs.tf deleted file mode 100644 index 3abd8bd2f..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/sddc/outputs.tf +++ /dev/null @@ -1,11 +0,0 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -############################ -# Outputs Block - Custom Backup Policy -# Create Custom Backup Policy -############################ - - -output "sddc_tf_id" { - value = oci_ocvp_sddc.sddc.id -} diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/sddc/variables.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/sddc/variables.tf deleted file mode 100644 index b172a5846..000000000 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/sddc/variables.tf +++ /dev/null @@ -1,258 +0,0 @@ -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - -############################ -# Variable Block - SDDC -# Create SDDC -############################ - -variable "compartment_id" { - description = "(Required) (Updatable) The OCID of the compartment to contain the SDDC." - type = string - default = null -} - -variable "compute_availability_domain" { - description = "(Required) The Availability Domain to create the SDDC cluster. Default is set to AD1 in main.tf" - type = string - default = null -} - -variable "sddc_display_name" { - description = "(Required) (Updatable) The OCID of the compartment to contain the SDDC." - type = string - default = null -} - -variable "instance_display_name_prefix" { - description = "A string that will be prepended to all ESXI " - type = string -} - -################## -# SDDC Parameters# -################## - - -variable "sddc_enabled" { - description = "Whether to deploy SDDC Cluster. If set to true, creates a SDDC Cluster." - type = bool - default = true -} - -variable "display_name" { - description = "(Optional) (Updatable) A descriptive name for the SDDC. SDDC name requirements are 1-16 character length limit, Must start with a letter, Must be English letters, numbers, - only, No repeating hyphens, Must be unique within the region. Avoid entering confidential information." - type = string - default = null -} - -variable "esxi_hosts_count" { - description = "(Required) The number of ESXi hosts to create in the SDDC. Changing this value post-deployment will delete the entire cluster. You can add more hosts in the OCI GUI following the initial deployment" - type = number -} - -variable "vmware_software_version" { - description = "(Required) The VMware software bundle to install on the ESXi hosts in the SDDC. To get a list of the available versions. Documentation states updateable but that's incorrect. DO NOT UPDATE POST-DEPLOYMENT" - type = string -} - -variable "initial_sku" { - description = "commitment Hourly/Monthly" - type = string - default = null -} - -variable "workload_network_cidr" { - description = "(Optional) The CIDR block for the IP addresses that VMware VMs in the SDDC use to run application workloads." - type = string - default = null -} - -variable "ssh_authorized_keys" { - description = "(Required) (Updatable) One or more public SSH keys to be included in the ~/.ssh/authorized_keys file for the default user on each ESXi host. Use a newline character to separate multiple keys. The SSH keys must be in the format required for the authorized_keys file" - type = string -} - -variable "is_hcx_enabled" { - description = "Whether to deploy HCX during provisioning. If set to true, HCX is included in the workflow." - type = bool - default = null -} - - - -########################## -# Subnets/VLANs for SDDC # -########################## -variable "provisioning_subnet_id" { - description = " The OCID of the management subnet to use for provisioning the SDDC" - type = string - default = null - -} - -variable "nsx_edge_uplink1vlan_id" { - description = "The OCID of the VLAN to use for the NSX Edge Uplink 1 component of the VMware environment" - type = string - default = null - -} - -variable "nsx_edge_uplink2vlan_id" { - description = " The OCID of the VLAN to use for the NSX Edge Uplink 2 component of the VMware environment" - type = string - default = null -} - -variable "nsx_vtep_vlan_id" { - description = " The OCID of the VLAN to use for the NSX VTEP component of the VMware environment" - type = string - default = null -} - - -variable "nsx_edge_vtep_vlan_id" { - description = " The OCID of the VLAN to use for the NSX Edge VTEP component of the VMware environment" - type = string - default = null -} - -variable "vsan_vlan_id" { - description = "The OCID of the VLAN to use for the vSAN component of the VMware environment" - type = string - default = null -} - -variable "vmotion_vlan_id" { - description = "(Required)(Updatable) The OCID of the VLAN to use for the vMotion component of the VMware environment" - type = string - default = null -} - -variable "vsphere_vlan_id" { - description = " The OCID of the VLAN to use for the vMotion component of the VMware environment" - type = string - default = null -} - -variable "hcx_vlan_id" { - description = " The OCID of the VLAN to use for the HCX component of the VMware environment. This value is required only when isHcxEnabled is true" - type = string - default = null -} - -variable "hcx_action" { - description = "The action to be performed upon HCX license" - type = string - default = null -} - -variable "provisioning_vlan_id" { - description = "The OCID of the VLAN used by the SDDC for the Provisioning component of the VMware environment." - type = string - default = null -} - -variable "replication_vlan_id" { - description = "The OCID of the VLAN used by the SDDC for the vSphere Replication component of the VMware environment." - type = string - default = null -} -variable "esxi_hardware_type" { - description = "The hardware type for esxi." - type = string - default = null -} - -variable "capacity_reservation_id" { - description = "Reservation id of ocvs allocated capacity." - type = string - default = null -} - -variable "initial_host_ocpu_count" { - description = "initial_host_ocpu_count." - type = string - default = null -} - -variable "initial_host_shape_name" { - description = "initial_host_shape_name." - type = string - default = null -} - -variable "is_shielded_instance_enabled" { - description = "is_shielded_instance_enabled" - type = string - default = null -} - -variable "is_single_host_sddc" { - description = "is_single_host_sddc" - type = string - default = null -} - -variable "defined_tags" { - description = "Reservation id of ocvs allocated capacity." - type = map(any) - default = { - "Oracle-Tags.CreatedOn" = "$$(oci.datetime)", - "Oracle-Tags-CreatedBy" = "$${iam.principal.name}" - } -} - -variable "freeform_tags" { - description = "Free-form tags for SDDC cluster" - type = map(string) -} - - - -variable "reserving_hcx_on_premise_license_keys" { - description = "Network compartmenet OCID to fetch NSG/Subnet details" - type = string - default = null -} - -variable "refresh_hcx_license_status" { - description = "Network compartmenet OCID to fetch NSG/Subnet details" - type = string - default = null -} - -variable "network_compartment_id" { - description = "Network compartmenet OCID to fetch NSG/Subnet details" - type = string - default = null -} - -variable "management_datastore" { - type = list(string) - default = [] -} - -variable "workload_datastore" { - type = list(string) - default = [] -} - - - - - - - - - - - - - - - - - - - - diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/storage/block-volume/main.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/storage/block-volume/main.tf index 4a9e26ec7..8818236cd 100644 --- a/cd3_automation_toolkit/user-scripts/terraform/modules/storage/block-volume/main.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/modules/storage/block-volume/main.tf @@ -68,8 +68,9 @@ resource "oci_core_volume_attachment" "block_vol_instance_attachment" { } } -// Copyright (c) 2021, 2022, Oracle and/or its affiliates. - +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# #################################### ## Resource Block - Backup Policy ## Create Block Volume Backup Policy diff --git a/cd3_automation_toolkit/user-scripts/terraform/networkloadbalancer.tf b/cd3_automation_toolkit/user-scripts/terraform/networkloadbalancer.tf index e027d13d0..c394ef3c5 100644 --- a/cd3_automation_toolkit/user-scripts/terraform/networkloadbalancer.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/networkloadbalancer.tf @@ -86,6 +86,7 @@ module "nlb-backends" { backend_set_name = merge(module.nlb-backend-sets.*...)[each.value.backend_set_name]["nlb_backend_set_tf_name"] network_load_balancer_id = length(regexall("ocid1.loadbalancer.oc*", each.value.network_load_balancer_id)) > 0 ? each.value.network_load_balancer_id : merge(module.network-load-balancers.*...)[each.value.network_load_balancer_id]["network_load_balancer_tf_id"] port = each.value.port + #vnic_vlan = each.value.vnic_vlan != null ? each.value.vnic_vlan : null ip_address = each.value.ip_address instance_compartment = each.value.instance_compartment != "" ? (length(regexall("ocid1.compartment.oc*", each.value.instance_compartment)) > 0 ? each.value.instance_compartment : var.compartment_ocids[each.value.instance_compartment]) : var.tenancy_ocid #ip_address = each.value.ip_address != "" ? (length(regexall("IP:", each.value.ip_address)) > 0 ? split("IP:", each.value.ip_address)[1] : data.oci_core_instance.nlb_instance_ip[each.key].private_ip) : (length(regexall("NAME:", each.value.ip_address)) > 0 ? split("NAME:", each.value.ip_address)[1] : data.oci_core_instance.nlb_instance[each.key].private_ip) : null diff --git a/cd3_automation_toolkit/user-scripts/terraform/sddc.tf b/cd3_automation_toolkit/user-scripts/terraform/sddc.tf index 11fbc5e1b..29c11353e 100755 --- a/cd3_automation_toolkit/user-scripts/terraform/sddc.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/sddc.tf @@ -11,7 +11,7 @@ locals { vlan_config = flatten([for index in local.vlan_ids : [ for key, val in var.sddcs : { #(index) = lookup(val, index, 0) - compartment_id = val.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", val.network_compartment_id)) > 0 ? val.network_compartment_id : var.compartment_ocids[val.network_compartment_id]) : null + compartment_id = val.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", val.network_compartment_id)) > 0 ? val.network_compartment_id : var.compartment_ocids[val.network_compartment_id]) : null display_name = lookup(val, index, 0) vcn_id = data.oci_core_vcns.oci_vcns_sddc[key].virtual_networks.*.id[0] } @@ -46,7 +46,7 @@ locals { data "oci_core_volumes" "ds_volumes" { for_each = { for value in local.ds_vols : value.volume_display_name => value.volume_compartment_id if value.volume_display_name != null } - compartment_id = each.value != null ? (length(regexall("ocid1.compartment.oc1*", each.value)) > 0 ? each.value : var.compartment_ocids[each.value]) : var.compartment_ocids[each.value] + compartment_id = each.value != null ? (length(regexall("ocid1.compartment.oc*", each.value)) > 0 ? each.value : var.compartment_ocids[each.value]) : var.compartment_ocids[each.value] display_name = each.key state = "AVAILABLE" @@ -55,14 +55,14 @@ data "oci_core_volumes" "ds_volumes" { data "oci_core_vcns" "oci_vcns_sddc" { # depends_on = [module.vcns] # Uncomment to create Network and Instances together for_each = var.sddcs != null ? var.sddcs : {} - compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] display_name = each.value.vcn_name } data "oci_core_subnets" "oci_subnets_sddc" { # depends_on = [module.subnets] # Uncomment to create Network and Instances together for_each = var.sddcs != null ? var.sddcs : {} - compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] display_name = each.value.provisioning_subnet_id vcn_id = data.oci_core_vcns.oci_vcns_sddc[each.key].virtual_networks.*.id[0] } @@ -79,20 +79,20 @@ module "sddcs" { #depends_on = [module.vlans] source = "./modules/sddc/sddc" for_each = var.sddcs != null ? var.sddcs : {} - compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null - network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null compute_availability_domain = each.value.availability_domain == "multi-AD" ? each.value.availability_domain : (each.value.availability_domain != "" && each.value.availability_domain != null) ? data.oci_identity_availability_domains.availability_domains.availability_domains[each.value.availability_domain].name : "" esxi_hosts_count = each.value.esxi_hosts_count != "" ? each.value.esxi_hosts_count : null - nsx_edge_uplink1vlan_id = each.value.nsx_edge_uplink1vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.nsx_edge_uplink1vlan_id)) > 0 ? each.value.nsx_edge_uplink1vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.nsx_edge_uplink1vlan_id].vlans[0].id) : null - nsx_edge_uplink2vlan_id = each.value.nsx_edge_uplink2vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.nsx_edge_uplink2vlan_id)) > 0 ? each.value.nsx_edge_uplink2vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.nsx_edge_uplink2vlan_id].vlans[0].id) : null - nsx_edge_vtep_vlan_id = each.value.nsx_edge_vtep_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.nsx_edge_vtep_vlan_id)) > 0 ? each.value.nsx_edge_vtep_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.nsx_edge_vtep_vlan_id].vlans[0].id) : null - nsx_vtep_vlan_id = each.value.nsx_vtep_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.nsx_vtep_vlan_id)) > 0 ? each.value.nsx_vtep_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.nsx_vtep_vlan_id].vlans[0].id) : null - provisioning_subnet_id = each.value.provisioning_subnet_id != "" ? (length(regexall("ocid1.subnet.oc1*", each.value.provisioning_subnet_id)) > 0 ? each.value.provisioning_subnet_id : data.oci_core_subnets.oci_subnets_sddc[each.key].subnets.*.id[0]) : null + nsx_edge_uplink1vlan_id = each.value.nsx_edge_uplink1vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.nsx_edge_uplink1vlan_id)) > 0 ? each.value.nsx_edge_uplink1vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.nsx_edge_uplink1vlan_id].vlans[0].id) : null + nsx_edge_uplink2vlan_id = each.value.nsx_edge_uplink2vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.nsx_edge_uplink2vlan_id)) > 0 ? each.value.nsx_edge_uplink2vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.nsx_edge_uplink2vlan_id].vlans[0].id) : null + nsx_edge_vtep_vlan_id = each.value.nsx_edge_vtep_vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.nsx_edge_vtep_vlan_id)) > 0 ? each.value.nsx_edge_vtep_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.nsx_edge_vtep_vlan_id].vlans[0].id) : null + nsx_vtep_vlan_id = each.value.nsx_vtep_vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.nsx_vtep_vlan_id)) > 0 ? each.value.nsx_vtep_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.nsx_vtep_vlan_id].vlans[0].id) : null + provisioning_subnet_id = each.value.provisioning_subnet_id != "" ? (length(regexall("ocid1.subnet.oc*", each.value.provisioning_subnet_id)) > 0 ? each.value.provisioning_subnet_id : data.oci_core_subnets.oci_subnets_sddc[each.key].subnets.*.id[0]) : null ssh_authorized_keys = each.value.ssh_authorized_keys != null ? (length(regexall("ssh-rsa*", each.value.ssh_authorized_keys)) > 0 ? each.value.ssh_authorized_keys : lookup(var.sddc_ssh_keys, each.value.ssh_authorized_keys, null)) : null - vmotion_vlan_id = each.value.vmotion_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.vmotion_vlan_id)) > 0 ? each.value.vmotion_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.vmotion_vlan_id].vlans[0].id) : null + vmotion_vlan_id = each.value.vmotion_vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.vmotion_vlan_id)) > 0 ? each.value.vmotion_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.vmotion_vlan_id].vlans[0].id) : null vmware_software_version = each.value.vmware_software_version != "" ? each.value.vmware_software_version : null - vsan_vlan_id = each.value.vsan_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.vsan_vlan_id)) > 0 ? each.value.vsan_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.vsan_vlan_id].vlans[0].id) : null - vsphere_vlan_id = each.value.vsphere_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.vsphere_vlan_id)) > 0 ? each.value.vsphere_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.vsphere_vlan_id].vlans[0].id) : null + vsan_vlan_id = each.value.vsan_vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.vsan_vlan_id)) > 0 ? each.value.vsan_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.vsan_vlan_id].vlans[0].id) : null + vsphere_vlan_id = each.value.vsphere_vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.vsphere_vlan_id)) > 0 ? each.value.vsphere_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.vsphere_vlan_id].vlans[0].id) : null #Optional initial_host_ocpu_count = each.value.initial_host_ocpu_count != "" ? each.value.initial_host_ocpu_count : null initial_host_shape_name = each.value.initial_host_shape_name != "" ? each.value.initial_host_shape_name : null @@ -102,15 +102,15 @@ module "sddcs" { defined_tags = each.value.defined_tags != {} ? each.value.defined_tags : {} freeform_tags = each.value.freeform_tags != {} ? each.value.freeform_tags : {} hcx_action = each.value.hcx_action != "" ? each.value.hcx_action : null - hcx_vlan_id = each.value.hcx_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.hcx_vlan_id)) > 0 ? each.value.hcx_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.hcx_vlan_id].vlans[0].id) : null + hcx_vlan_id = each.value.hcx_vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.hcx_vlan_id)) > 0 ? each.value.hcx_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.hcx_vlan_id].vlans[0].id) : null initial_commitment = each.value.initial_commitment != "" ? each.value.initial_commitment : null instance_display_name_prefix = each.value.instance_display_name_prefix != "" ? each.value.instance_display_name_prefix : null is_hcx_enabled = each.value.is_hcx_enabled != "" ? each.value.is_hcx_enabled : null is_shielded_instance_enabled = each.value.is_shielded_instance_enabled != "" ? each.value.is_shielded_instance_enabled : null is_single_host_sddc = each.value.is_single_host_sddc != "" ? each.value.is_single_host_sddc : null - provisioning_vlan_id = each.value.provisioning_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.provisioning_vlan_id)) > 0 ? each.value.provisioning_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.provisioning_vlan_id].vlans[0].id) : null + provisioning_vlan_id = each.value.provisioning_vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.provisioning_vlan_id)) > 0 ? each.value.provisioning_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.provisioning_vlan_id].vlans[0].id) : null refresh_hcx_license_status = each.value.refresh_hcx_license_status != "" ? each.value.refresh_hcx_license_status : null - replication_vlan_id = each.value.replication_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.replication_vlan_id)) > 0 ? each.value.replication_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.replication_vlan_id].vlans[0].id) : null + replication_vlan_id = each.value.replication_vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.replication_vlan_id)) > 0 ? each.value.replication_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.replication_vlan_id].vlans[0].id) : null reserving_hcx_on_premise_license_keys = each.value.reserving_hcx_on_premise_license_keys != "" ? each.value.reserving_hcx_on_premise_license_keys : null workload_network_cidr = each.value.workload_network_cidr != "" ? each.value.workload_network_cidr : null management_datastore = local.management_datastores[each.key] != null ? local.management_datastores[each.key] : [] @@ -128,7 +128,7 @@ locals { vlan_config_sddc_cluster = flatten([for index in local.vlan_ids_sddc_cluster : [ for key, val in var.sddc-clusters : { #(index) = lookup(val, index, 0) - compartment_id = val.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", val.network_compartment_id)) > 0 ? val.network_compartment_id : var.compartment_ocids[val.network_compartment_id]) : null + compartment_id = val.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", val.network_compartment_id)) > 0 ? val.network_compartment_id : var.compartment_ocids[val.network_compartment_id]) : null display_name = lookup(val, index, 0) vcn_id = data.oci_core_vcns.oci_vcns_sddc_cluster[key].virtual_networks.*.id[0] } @@ -168,7 +168,7 @@ locals { data "oci_core_volumes" "ds_volumes_sddc_cluster" { for_each = { for value in local.ds_vols_sddc_cluster : value.volume_display_name => value.volume_compartment_id if value.volume_display_name != null } - compartment_id = each.value != null ? (length(regexall("ocid1.compartment.oc1*", each.value)) > 0 ? each.value : var.compartment_ocids[each.value]) : var.compartment_ocids[each.value] + compartment_id = each.value != null ? (length(regexall("ocid1.compartment.oc*", each.value)) > 0 ? each.value : var.compartment_ocids[each.value]) : var.compartment_ocids[each.value] display_name = each.key state = "AVAILABLE" @@ -177,14 +177,14 @@ data "oci_core_volumes" "ds_volumes_sddc_cluster" { data "oci_core_vcns" "oci_vcns_sddc_cluster" { #depends_on = [module.vcns] # Uncomment to create Network and Instances together for_each = var.sddc-clusters != null ? var.sddc-clusters : {} - compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] display_name = each.value.vcn_name } data "oci_core_subnets" "oci_subnets_sddc_cluster" { #depends_on = [module.subnets] # Uncomment to create Network and Instances together for_each = var.sddc-clusters != null ? var.sddc-clusters : {} - compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] display_name = each.value.provisioning_subnet_id vcn_id = data.oci_core_vcns.oci_vcns_sddc_cluster[each.key].virtual_networks.*.id[0] } @@ -201,7 +201,7 @@ data "oci_core_vlans" "sddc_cluster_vlan_id" { data "oci_ocvp_sddcs" "oci_sddcs" { depends_on = [module.sddcs] for_each = var.sddc-clusters != null ? var.sddc-clusters : {} - compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null display_name = each.value.sddc_id state = "ACTIVE" } @@ -211,8 +211,8 @@ module "sddc-clusters" { depends_on = [module.sddcs] source = "./modules/sddc/sddc-cluster" for_each = var.sddc-clusters != null ? var.sddc-clusters : {} - compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null - network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null compute_availability_domain = each.value.availability_domain == "multi-AD" ? each.value.availability_domain : (each.value.availability_domain != "" && each.value.availability_domain != null) ? data.oci_identity_availability_domains.availability_domains.availability_domains[each.value.availability_domain].name : "" display_name = each.value.display_name != "" ? each.value.display_name : null vmware_software_version = each.value.vmware_software_version != "" ? each.value.vmware_software_version : null @@ -222,19 +222,19 @@ module "sddc-clusters" { esxi_hosts_count = each.value.esxi_hosts_count != "" ? each.value.esxi_hosts_count : null instance_display_name_prefix = each.value.instance_display_name_prefix != "" ? each.value.instance_display_name_prefix : null is_shielded_instance_enabled = each.value.is_shielded_instance_enabled != "" ? each.value.is_shielded_instance_enabled : null - nsx_edge_uplink1vlan_id = each.value.nsx_edge_uplink1vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.nsx_edge_uplink1vlan_id)) > 0 ? each.value.nsx_edge_uplink1vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.nsx_edge_uplink1vlan_id].vlans[0].id) : null - nsx_edge_uplink2vlan_id = each.value.nsx_edge_uplink2vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.nsx_edge_uplink2vlan_id)) > 0 ? each.value.nsx_edge_uplink2vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.nsx_edge_uplink2vlan_id].vlans[0].id) : null - nsx_edge_vtep_vlan_id = each.value.nsx_edge_vtep_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.nsx_edge_vtep_vlan_id)) > 0 ? each.value.nsx_edge_vtep_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.nsx_edge_vtep_vlan_id].vlans[0].id) : null - nsx_vtep_vlan_id = each.value.nsx_vtep_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.nsx_vtep_vlan_id)) > 0 ? each.value.nsx_vtep_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.nsx_vtep_vlan_id].vlans[0].id) : null - provisioning_subnet_id = each.value.provisioning_subnet_id != "" ? (length(regexall("ocid1.subnet.oc1*", each.value.provisioning_subnet_id)) > 0 ? each.value.provisioning_subnet_id : data.oci_core_subnets.oci_subnets_sddc_cluster[each.key].subnets.*.id[0]) : null - vmotion_vlan_id = each.value.vmotion_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.vmotion_vlan_id)) > 0 ? each.value.vmotion_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.vmotion_vlan_id].vlans[0].id) : null - vsan_vlan_id = each.value.vsan_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.vsan_vlan_id)) > 0 ? each.value.vsan_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.vsan_vlan_id].vlans[0].id) : null - vsphere_vlan_id = each.value.vsphere_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.vsphere_vlan_id)) > 0 ? each.value.vsphere_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.vsphere_vlan_id].vlans[0].id) : null - replication_vlan_id = each.value.replication_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.replication_vlan_id)) > 0 ? each.value.replication_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.replication_vlan_id].vlans[0].id) : null - hcx_vlan_id = each.value.hcx_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.hcx_vlan_id)) > 0 ? each.value.hcx_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.hcx_vlan_id].vlans[0].id) : null - provisioning_vlan_id = each.value.provisioning_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.provisioning_vlan_id)) > 0 ? each.value.provisioning_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.provisioning_vlan_id].vlans[0].id) : null + nsx_edge_uplink1vlan_id = each.value.nsx_edge_uplink1vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.nsx_edge_uplink1vlan_id)) > 0 ? each.value.nsx_edge_uplink1vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.nsx_edge_uplink1vlan_id].vlans[0].id) : null + nsx_edge_uplink2vlan_id = each.value.nsx_edge_uplink2vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.nsx_edge_uplink2vlan_id)) > 0 ? each.value.nsx_edge_uplink2vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.nsx_edge_uplink2vlan_id].vlans[0].id) : null + nsx_edge_vtep_vlan_id = each.value.nsx_edge_vtep_vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.nsx_edge_vtep_vlan_id)) > 0 ? each.value.nsx_edge_vtep_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.nsx_edge_vtep_vlan_id].vlans[0].id) : null + nsx_vtep_vlan_id = each.value.nsx_vtep_vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.nsx_vtep_vlan_id)) > 0 ? each.value.nsx_vtep_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.nsx_vtep_vlan_id].vlans[0].id) : null + provisioning_subnet_id = each.value.provisioning_subnet_id != "" ? (length(regexall("ocid1.subnet.oc*", each.value.provisioning_subnet_id)) > 0 ? each.value.provisioning_subnet_id : data.oci_core_subnets.oci_subnets_sddc_cluster[each.key].subnets.*.id[0]) : null + vmotion_vlan_id = each.value.vmotion_vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.vmotion_vlan_id)) > 0 ? each.value.vmotion_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.vmotion_vlan_id].vlans[0].id) : null + vsan_vlan_id = each.value.vsan_vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.vsan_vlan_id)) > 0 ? each.value.vsan_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.vsan_vlan_id].vlans[0].id) : null + vsphere_vlan_id = each.value.vsphere_vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.vsphere_vlan_id)) > 0 ? each.value.vsphere_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.vsphere_vlan_id].vlans[0].id) : null + replication_vlan_id = each.value.replication_vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.replication_vlan_id)) > 0 ? each.value.replication_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.replication_vlan_id].vlans[0].id) : null + hcx_vlan_id = each.value.hcx_vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.hcx_vlan_id)) > 0 ? each.value.hcx_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.hcx_vlan_id].vlans[0].id) : null + provisioning_vlan_id = each.value.provisioning_vlan_id != null ? (length(regexall("ocid1.vlan.oc*", each.value.provisioning_vlan_id)) > 0 ? each.value.provisioning_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.provisioning_vlan_id].vlans[0].id) : null workload_network_cidr = each.value.workload_network_cidr != "" ? each.value.workload_network_cidr : null - sddc_id = each.value.sddc_id != null ? (length(regexall("ocid1.vmwaresddc.oc1*", each.value.sddc_id)) > 0 ? each.value.sddc_id : data.oci_ocvp_sddcs.oci_sddcs[each.key].sddc_collection[0].id) : null + sddc_id = each.value.sddc_id != null ? (length(regexall("ocid1.vmwaresddc.oc*", each.value.sddc_id)) > 0 ? each.value.sddc_id : data.oci_ocvp_sddcs.oci_sddcs[each.key].sddc_collection[0].id) : null workload_datastore = local.workload_datastores_sddc_cluster[each.key] != null ? local.workload_datastores_sddc_cluster[each.key] : [] defined_tags = each.value.defined_tags != {} ? each.value.defined_tags : {} freeform_tags = each.value.freeform_tags != {} ? each.value.freeform_tags : {} diff --git a/cd3_automation_toolkit/user-scripts/terraform/variables_example.tf b/cd3_automation_toolkit/user-scripts/terraform/variables_example.tf index 051b05172..62dff5b76 100644 --- a/cd3_automation_toolkit/user-scripts/terraform/variables_example.tf +++ b/cd3_automation_toolkit/user-scripts/terraform/variables_example.tf @@ -94,10 +94,10 @@ variable "dbsystem_ssh_keys" { } } -################################# -# Platform Image OCIDs and -# Market Place Images -################################# +################################### +# Platform Image OCIDs, Source OCIDS +# and Market Place Images +################################### variable "instance_source_ocids" { type = map(any) @@ -264,11 +264,12 @@ variable "identity_domain_groups" { group_name = string group_description = string idcs_endpoint = string - compartment_id = string + domain_compartment_id = string matching_rule = optional(string) defined_tags = optional(list(map(any))) freeform_tags = optional(list(map(any))) members = optional(list(string)) + user_can_request_access = optional(bool) })) default = {} } @@ -289,13 +290,22 @@ variable "users" { variable "identity_domain_users" { type = map(object({ - family_name = string + name = object({ + family_name = string + given_name = optional(string) + middle_name = optional(string) + honorific_prefix = optional(string) + }) + display_name = optional(string) idcs_endpoint = string user_name = string + domain_compartment_id = string description = optional(string) - compartment_id = string groups = optional(list(string)) email = string + recovery_email = optional(string) + home_phone_number = optional(string) + mobile_phone_number = optional(string) enabled_capabilities = list(string) defined_tags = optional(list(map(any))) freeform_tags = optional(list(map(any))) @@ -304,6 +314,7 @@ variable "identity_domain_users" { } + variable "networkSources" { type = map(object({ name = string @@ -1521,6 +1532,7 @@ variable "nlb_backends" { backend_set_name = string network_load_balancer_id = string port = number + #vnic_vlan = optional(string) ip_address = string instance_compartment = string is_drain = optional(bool) @@ -1656,10 +1668,10 @@ variable "oss_policies" { default = {} } + ######################### ## Management Services ## ######################### - variable "alarms" { type = map(object({ compartment_id = string @@ -1927,7 +1939,7 @@ variable "sddc-clusters" { ############################ -## Key Management Service ## +## KMS (Keys/Vauts) ## ############################ variable "vaults" { diff --git a/jenkins_install/apply.groovy b/jenkins_install/apply.groovy index ee82496db..103bcbbc3 100644 --- a/jenkins_install/apply.groovy +++ b/jenkins_install/apply.groovy @@ -11,36 +11,44 @@ pipeline { steps { script { def jobName = env.JOB_NAME - def fileContent = readFile "${JENKINS_HOME}/jenkins.properties" - // Split file content into lines - def lines = fileContent.readLines() - // Process each line to extract variable name and value - def variables = [:] - lines.each { line -> - def parts = line.split('=') - if (parts.size() == 2) { - variables[parts[0].trim()] = parts[1].trim() - } - } - println "Variables: ${variables}" + def parts = "${env.JOB_NAME}".split('/') + env.Prefix = parts[0] - if (variables.containsKey('tf_or_tofu')) { - // Strip quotes from tf_or_tofu value - def tfortofuValue = variables['tf_or_tofu'].replaceAll(/^"|"$/, '') - env.tf_or_tofu = tfortofuValue - } else { - println "tfortofu param not found in the properties file" - } + def propertiesFileContent = readFile "$JENKINS_HOME/jenkins.properties" + def result = [:] + def currentSection = null + propertiesFileContent.readLines().each { line -> + line = line.trim() + if (line.startsWith("#") || line.isEmpty()) { + // Ignore comments and empty lines + return + } - def variableOds = variables['outdir_structure'].toString().replaceAll("\\[|\\]", '').replaceAll('"', '') - env.out_str = "${variableOds}" - def parts = jobName.split('/') + def sectionMatch = line =~ /^\[(.+)\]$/ + if (sectionMatch) { + currentSection = sectionMatch[0][1] + result[currentSection] = [:] + } + else if (currentSection) { + def kvMatch = line =~ /^([^=]+)=\s*(.+)$/ + if (kvMatch) { + def key = kvMatch[0][1].trim() + def value = kvMatch[0][2].trim() + result[currentSection][key] = value + } + } + } + def tfortofuValue = result["${env.Prefix}"]["tf_or_tofu"] + env.tf_or_tofu = Eval.me(tfortofuValue) + def out_str = result["${env.Prefix}"]["outdir_structure"] + env.out_str = Eval.me(out_str) if (env.out_str == 'Multiple_Outdir') { // Assuming the job name format is /job//job/job_name env.Region = parts[2] env.Service = parts[3] - } else { + } + else { // Assuming the job name format is /job/job_name env.Region = parts[2] env.Service = '' @@ -63,9 +71,9 @@ pipeline { catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') { script { def toolCmd = env.tf_or_tofu == 'terraform' ? 'terraform' : 'tofu' - sh "cd \"${WORKSPACE}/${env.Region}/${env.Service}\" && ${toolCmd} init -upgrade" + labelledShell( label: 'Running init', script: "cd \"${WORKSPACE}/${env.Region}/${env.Service}\" && ${toolCmd} init -upgrade") // Run Terraform/Tofu plan and capture the output - planOutput = sh(script: "cd \"${WORKSPACE}/${env.Region}/${env.Service}\" && ${toolCmd} plan -out=tfplan.out", returnStdout: true).trim() + planOutput = labelledShell( label: 'Running plan', script: "cd \"${WORKSPACE}/${env.Region}/${env.Service}\" && ${toolCmd} plan -out=tfplan.out", returnStdout: true).trim() // Check if the plan contains any changes if (planOutput.contains('No changes.')) { echo 'No changes in Plan. Skipping further stages.' @@ -95,9 +103,8 @@ pipeline { script { def toolCmd = env.tf_or_tofu == 'terraform' ? 'terraform' : 'tofu' // Run Terraform/Tofu show and capture the output - sh "set +x && cd \"${WORKSPACE}/${env.Region}/${env.Service}\" && ${toolCmd} show -json tfplan.out > tfplan.json" // Run OPA eval - opaOutput = sh(script: "opa eval -f pretty -b /cd3user/oci_tools/cd3_automation_toolkit/user-scripts/OPA/ -i \"${WORKSPACE}/${env.Region}/${env.Service}/tfplan.json\" data.terraform.deny", returnStdout: true).trim() + opaOutput = labelledShell( label: 'Evaluating plan against OPA', script: "cd \"${WORKSPACE}/${env.Region}/${env.Service}\" && ${toolCmd} show -json tfplan.out > tfplan.json && opa eval -f pretty -b /cd3user/oci_tools/cd3_automation_toolkit/user-scripts/OPA/ -i \"${WORKSPACE}/${env.Region}/${env.Service}/tfplan.json\" data.terraform.deny", returnStdout: true).trim() if (opaOutput == '[]') { echo "No OPA rules are violated. Proceeding with the next stage." } else { @@ -147,14 +154,14 @@ pipeline { catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') { script { def toolCmd = env.tf_or_tofu == 'terraform' ? 'terraform' : 'tofu' - sh "cd \"${WORKSPACE}/${env.Region}/${env.Service}\" && ${toolCmd} apply --auto-approve tfplan.out" + labelledShell( label: 'Running apply', script: "cd \"${WORKSPACE}/${env.Region}/${env.Service}\" && ${toolCmd} apply --auto-approve tfplan.out") } } } } // Git Commit to main - stage('Git Commit to main') { + stage('GIT Commit to main') { when { allOf { expression { return currentBuild.result != "ABORTED" } @@ -167,7 +174,7 @@ pipeline { script { if (env.out_str == 'Multiple_Outdir') { try { - sh ''' + labelledShell( label: 'Performing git operations', script: ''' set +x mkdir -p ${WORKSPACE}/../${BUILD_NUMBER} cd ${WORKSPACE}/../${BUILD_NUMBER} @@ -180,16 +187,16 @@ pipeline { copy_path=${reg}/${service} cp -r ${WORKSPACE}/${copy_path}/* ${copy_path}/ git add ${copy_path}* - ''' + ''') } catch (Exception e1) { println(e1) - sh ''' + labelledShell( label: 'Cleanup', script: ''' set +x rm -rf ${WORKSPACE}/../${BUILD_NUMBER} exit 1 - ''' + ''') } - sh ''' + labelledShell( label: 'Preparing commit', script: ''' set +x repo_name=${GIT_URL##*/} reg=`echo ${JOB_NAME}| cut -d "/" -f3` @@ -201,8 +208,8 @@ pipeline { else echo "Nothing to commit" fi - ''' - status = sh(script: ''' + ''') + status = labelledShell( label: 'git operations', script: ''' set +x repo_name=${GIT_URL##*/} cd ${WORKSPACE}/../${BUILD_NUMBER}/${repo_name} @@ -212,7 +219,7 @@ pipeline { while (status != 0) { println("Trying again ...") - status = sh(script: ''' + status = labelledShell( label: 'git operations - trying again', script: ''' set +x repo_name=${GIT_URL##*/} cd ${WORKSPACE}/../${BUILD_NUMBER}/${repo_name} @@ -222,14 +229,14 @@ pipeline { git push --porcelain origin main ''', returnStatus: true) } - sh ''' + labelledShell( label: 'Cleanup', script: ''' set +x rm -rf ${WORKSPACE}/../${BUILD_NUMBER} - ''' + ''') } else { try { - sh ''' + labelledShell( label: 'Performing git operations', script: ''' set +x mkdir -p ${WORKSPACE}/../${BUILD_NUMBER} cd ${WORKSPACE}/../${BUILD_NUMBER} @@ -253,14 +260,14 @@ pipeline { cd ${WORKSPACE}/.. rm -rf ${WORKSPACE}/../${BUILD_NUMBER} - ''' + ''') } catch (Exception e1) { println(e1) - sh ''' + labelledShell( label: 'Cleanup', script: ''' cd ${WORKSPACE}/.. rm -rf ${WORKSPACE}/../${BUILD_NUMBER} exit 1 - ''' + ''') } } } diff --git a/jenkins_install/destroy.groovy b/jenkins_install/destroy.groovy index ad63c2ad9..79bab35f3 100644 --- a/jenkins_install/destroy.groovy +++ b/jenkins_install/destroy.groovy @@ -10,32 +10,38 @@ pipeline { stage('Set Environment Variables') { steps { script { - def fileContent = readFile "${JENKINS_HOME}/jenkins.properties" - // Split file content into lines - def lines = fileContent.readLines() + def jobName = env.JOB_NAME + def parts = "${env.JOB_NAME}".split('/') + env.Prefix = parts[0] + + def propertiesFileContent = readFile "$JENKINS_HOME/jenkins.properties" + def result = [:] + def currentSection = null - // Process each line to extract variable name and value - def variables = [:] - lines.each { line -> - def parts = line.split('=') - if (parts.size() == 2) { - variables[parts[0].trim()] = parts[1].trim() + propertiesFileContent.readLines().each { line -> + line = line.trim() + if (line.startsWith("#") || line.isEmpty()) { + // Ignore comments and empty lines + return } - } - println "Variables: ${variables}" - def variableOds = variables['outdir_structure'].toString().replaceAll("\\[|\\]", '').replaceAll('"', '') - env.out_str = "${variableOds}" - if (variables.containsKey('tf_or_tofu')) { - // Strip quotes from tf_or_tofu value - def tfortofuValue = variables['tf_or_tofu'].replaceAll(/^"|"$/, '').trim() - env.tf_or_tofu = tfortofuValue - } else { - println "tfortofu param not found in the properties file" + def sectionMatch = line =~ /^\[(.+)\]$/ + if (sectionMatch) { + currentSection = sectionMatch[0][1] + result[currentSection] = [:] + } else if (currentSection) { + def kvMatch = line =~ /^([^=]+)=\s*(.+)$/ + if (kvMatch) { + def key = kvMatch[0][1].trim() + def value = kvMatch[0][2].trim() + result[currentSection][key] = value + } + } } - - def jobName = env.JOB_NAME - def parts = jobName.split('/') + def tfortofuValue = result["${env.Prefix}"]["tf_or_tofu"] + env.tf_or_tofu = Eval.me(tfortofuValue) + def out_str = result["${env.Prefix}"]["outdir_structure"] + env.out_str = Eval.me(out_str) if (env.out_str == 'Multiple_Outdir') { // Assuming the job name format is /job//job/job_name env.Region = parts[2] diff --git a/jenkins_install/example/config b/jenkins_install/example/config index d20d1cfb3..ae7abbe58 100644 --- a/jenkins_install/example/config +++ b/jenkins_install/example/config @@ -1,4 +1,5 @@ -Host devops.scmservice.*.oci.oraclecloud.com +Host PREFIX1 +Hostname devops.scmservice..oci.oraclecloud.com StrictHostKeyChecking no User /@ IdentityFile diff --git a/jenkins_install/example/jenkins.properties b/jenkins_install/example/jenkins.properties index e902b1f18..4a3f12cb6 100644 --- a/jenkins_install/example/jenkins.properties +++ b/jenkins_install/example/jenkins.properties @@ -1,7 +1,20 @@ -[PREFIX] -git_url="ssh://devops.scmservice..oci.oraclecloud.com/namespaces//projects//repositories/" -regions=["ashburn", "phoenix"] -services=["identity", "tagging", "network", "vlan", "nsg", "compute", "database", "fss", "oke", "ocvs", "security", "managementservices", "budget", "cis", "oss", "dns"] -outdir_structure=["Multiple_Outdir"] -#outdir_structure=["Single_Outdir"] +[PREFIX1] +git_url="PREFIX1:/namespaces//projects//repositories/" +regions=['frankfurt', 'ashburn', 'seoul', 'london', 'tokyo', 'chicago', 'phoenix', 'sanjose', 'sydney', 'montreal', 'toronto', 'zurich'] +services=['identity', 'tagging', 'network', 'loadbalancer', 'vlan', 'nsg', 'compute', 'database', 'fss', 'oke', 'ocvs', 'security', 'managementservices', 'budget', 'cis', 'oss', 'dns', 'firewall'] +outdir_structure="Multiple_Outdir" +#outdir_structure="Single_Outdir" +tf_or_tofu="terraform" +[PREFIX2] +git_url="PREFIX2:/namespaces//projects//repositories/" +regions=['frankfurt', 'ashburn', 'seoul', 'london', 'tokyo', 'chicago', 'phoenix', 'sanjose', 'sydney', 'montreal', 'toronto', 'zurich'] +#outdir_structure="Multiple_Outdir" +outdir_structure="Single_Outdir" +tf_or_tofu="terraform" +[PREFIX3] +git_url="PREFIX3:/namespaces//projects//repositories/" +regions=['frankfurt', 'ashburn', 'seoul', 'london', 'tokyo', 'chicago', 'phoenix', 'sanjose', 'sydney', 'montreal', 'toronto', 'zurich'] +services=['identity', 'tagging', 'network', 'loadbalancer', 'vlan', 'nsg', 'compute', 'database', 'fss', 'oke', 'ocvs', 'security', 'managementservices', 'budget', 'cis', 'oss', 'dns', 'firewall'] +outdir_structure="Multiple_Outdir" +#outdir_structure="Single_Outdir" tf_or_tofu="terraform" diff --git a/jenkins_install/init/01_jenkins-config.groovy b/jenkins_install/init/01_jenkins-config.groovy index bf9cae235..4d91709f2 100644 --- a/jenkins_install/init/01_jenkins-config.groovy +++ b/jenkins_install/init/01_jenkins-config.groovy @@ -1,37 +1,46 @@ -import jenkins.model.* +import jenkins.model.Jenkins +import hudson.model.Cause import com.cloudbees.hudson.plugins.folder.* -import java.io.ByteArrayInputStream -import java.nio.file.Files -import java.nio.file.StandardCopyOption -// Read the Jenkins instance -Jenkins jenkins = Jenkins.getInstance() +def parseProperties(fileContent) { + def result = [:] + def currentSection = null -// Read the properties file -def JENKINS_HOME = System.getenv("JENKINS_HOME") -File file = new File("$JENKINS_HOME/jenkins.properties") - -// Parse the properties file into profiles first. -def profiles = [:] -def currentProfile = "" -file.readLines('UTF-8').each { line -> - if (line.startsWith('[')) { - currentProfile = line.replace('[', '').replace(']', '').trim() - profiles[currentProfile] = [:] - } else if (line.contains('=')) { - def parts = line.split('=') - profiles[currentProfile][parts[0].trim()] = Eval.me(parts[1].trim()) + fileContent.eachLine { line -> + line = line.trim() + + if (line.startsWith("#") || line.isEmpty()) { + // Ignore comments and empty lines + return + } + + def sectionMatch = line =~ /^\[(.+)\]$/ + if (sectionMatch) { + currentSection = sectionMatch[0][1] + result[currentSection] = [:] + } else if (currentSection) { + def kvMatch = line =~ /^([^=]+)=\s*(.+)$/ + if (kvMatch) { + def key = kvMatch[0][1].trim() + def value = kvMatch[0][2].trim() + result[currentSection][key] = value + } + } } + + return result } +def tfApplyJobName = "apply" +def tfDestroyJobName = "destroy" + // Function to create job XML -def createJobXml(scriptPath, gitUrl, tf_or_tofu) { +def createJobXml(scriptPath, gitUrl) { return """ false - ${scriptPath} false @@ -55,60 +64,91 @@ def createJobXml(scriptPath, gitUrl, tf_or_tofu) { """ } -// Function to create Jenkins job if it does not exist -def createJobIfNotExists(parent, jobName, xml) { - def job = parent.getItem(jobName) - if (job == null) { - def jobXmlStream = new ByteArrayInputStream(xml.getBytes()) - parent.createProjectFromXML(jobName, jobXmlStream) - } else { - println "Job already exists: ${jobName}" - } +// Function to create Jenkins job +def createJob(parent, jobName, xml) { + def jobXmlStream = new ByteArrayInputStream(xml.getBytes()) + parent.createProjectFromXML(jobName, jobXmlStream) } -// Create jobs for each profile -profiles.each { profileName, profile -> - // Create profile folder - Folder profileFolder = jenkins.getItem(profileName) ?: jenkins.createProject(Folder.class, profileName) - Folder tfFolder = profileFolder.getItem("terraform_files") ?: profileFolder.createProject(Folder.class, "terraform_files") +Jenkins jenkins = Jenkins.instance +def JENKINS_HOME = System.getenv("JENKINS_HOME") - // Create global and rpc folders - Folder globalFolder = tfFolder.getItem("global") ?: tfFolder.createProject(Folder.class, "global") - Folder rpcFolder = globalFolder.getItem("rpc") ?: globalFolder.createProject(Folder.class, "rpc") +def propertiesFileContent = new File("$JENKINS_HOME/jenkins.properties") - // Create jobs in rpc folder - createJobIfNotExists(rpcFolder, "apply", createJobXml('apply.groovy', profile.git_url, profile.tf_or_tofu)) - createJobIfNotExists(rpcFolder, "destroy", createJobXml('destroy.groovy', profile.git_url, profile.tf_or_tofu)) +def result = [:] +def currentSection = null - profile.regions.each { region -> - Folder regionFolder = tfFolder.getItem(region) ?: tfFolder.createProject(Folder.class, region) +propertiesFileContent.eachLine { line -> + line = line.trim() - if (profile.outdir_structure.contains("Multiple_Outdir") && profile.services) { - profile.services.each { service -> - Folder serviceFolder = regionFolder.getItem(service) ?: regionFolder.createProject(Folder.class, service) + if (line.startsWith("#") || line.isEmpty()) { + // Ignore comments and empty lines + return + } - createJobIfNotExists(serviceFolder, "apply", createJobXml('apply.groovy', profile.git_url, profile.tf_or_tofu)) - createJobIfNotExists(serviceFolder, "destroy", createJobXml('destroy.groovy', profile.git_url, profile.tf_or_tofu)) + def sectionMatch = line =~ /^\[(.+)\]$/ + if (sectionMatch) { + currentSection = sectionMatch[0][1] + result[currentSection] = [:] + } else if (currentSection) { + def kvMatch = line =~ /^([^=]+)=\s*(.+)$/ + if (kvMatch) { + def key = kvMatch[0][1].trim() + def value = kvMatch[0][2].trim() + result[currentSection][key] = value } - } else { - createJobIfNotExists(regionFolder, "apply", createJobXml('apply.groovy', profile.git_url, profile.tf_or_tofu)) - createJobIfNotExists(regionFolder, "destroy", createJobXml('destroy.groovy', profile.git_url, profile.tf_or_tofu)) } +} + + +// Iterate over each section and print its properties +result.each { sectionName, sectionData -> + git_url = Eval.me(sectionData['git_url']) + regions = Eval.me(sectionData['regions']) + outdir_structure = Eval.me(sectionData['outdir_structure']) + services = sectionData['services'] ? Eval.me(sectionData['services']) : false + +// Create jobs for each configuration +jenkins.with { + Folder ost = getItem(sectionName) ?: createProject(Folder.class, sectionName) + + def jobName = "${sectionName}" + "/" + "setUpOCI" + + def job = jenkins.getItemByFullName(jobName) + + if (job == null) { + createJob(ost, "setUpOCI", createJobXml('setUpOCI.groovy', git_url)) + ost.getItem("setUpOCI").scheduleBuild2(0) } - // Move setupoci directory to the correct location. Default is not picked up in UI. - def setupociSrcPath = "$JENKINS_HOME/jobs/${profileName}/setupoci" - def setupociDestPath = "$JENKINS_HOME/jobs/${profileName}/jobs/setupoci" + + Folder tf = ost.getItem("terraform_files") ?: ost.createProject(Folder.class, "terraform_files") + - def setupociSrcDir = new File(setupociSrcPath) - def setupociDestDir = new File(setupociDestPath) + Folder global = tf.getItem("global") ?: tf.createProject(Folder.class, "global") + Folder rpc = global.getItem("rpc") ?: global.createProject(Folder.class, "rpc") - if (setupociSrcDir.exists()) { - Files.move(setupociSrcDir.toPath(), setupociDestDir.toPath(), StandardCopyOption.REPLACE_EXISTING) - // println "Moved directory from ${setupociSrcDir} to ${setupociDestDir}" + rpc.getItem("apply")?:createJob(rpc, tfApplyJobName, createJobXml('apply.groovy', git_url)) + rpc.getItem("destroy")?:createJob(rpc, tfDestroyJobName, createJobXml('destroy.groovy', git_url)) + + for (reg in regions) { + Folder folder = tf.getItem(reg) ?: tf.createProject(Folder.class, reg) + + if (outdir_structure == "Single_Outdir") { + folder.getItem("apply")?:createJob(folder, tfApplyJobName, createJobXml('apply.groovy', git_url)) + folder.getItem("destroy")?:createJob(folder, tfDestroyJobName, createJobXml('destroy.groovy', git_url)) + } + + if (outdir_structure == "Multiple_Outdir" && services) { + for (svc in services) { + Folder svcFolder = folder.getItem(svc) ?: folder.createProject(Folder.class, svc) + svcFolder.getItem("apply")?:createJob(svcFolder, tfApplyJobName, createJobXml('apply.groovy', git_url)) + svcFolder.getItem("destroy")?:createJob(svcFolder, tfDestroyJobName, createJobXml('destroy.groovy', git_url)) + } + } } } +} // Reload Jenkins configuration Jenkins.instance.reload() println "Jenkins configuration reloaded." - diff --git a/jenkins_install/init/02_jenkins-view.groovy b/jenkins_install/init/02_jenkins-view.groovy index 78b10e758..648807480 100644 --- a/jenkins_install/init/02_jenkins-view.groovy +++ b/jenkins_install/init/02_jenkins-view.groovy @@ -37,14 +37,12 @@ def createRegionViews() { def view = profileFolder.getView(viewName) if (view == null) { - println("Creating view: $viewName in profile: $profileName") + // println("Creating view: $viewName in profile: $profileName") def newView = new ListView(viewName) profileFolder.addView(newView) newView.save() - println("View '$viewName' created successfully in profile '$profileName'.") + // println("View '$viewName' created successfully in profile '$profileName'.") view = newView - } else { - println("View '$viewName' already exists in profile '$profileName'.") } // Clear the view to remove any existing jobs diff --git a/jenkins_install/init/04_jenkins_build_cleanup.groovy b/jenkins_install/init/04_jenkins_build_cleanup.groovy new file mode 100644 index 000000000..749feff8c --- /dev/null +++ b/jenkins_install/init/04_jenkins_build_cleanup.groovy @@ -0,0 +1,51 @@ +import jenkins.model.Jenkins +import hudson.model.Cause +import com.cloudbees.hudson.plugins.folder.* + +Jenkins jenkins = Jenkins.instance +def JENKINS_HOME = System.getenv("JENKINS_HOME") + +def propertiesFileContent = new File("$JENKINS_HOME/jenkins.properties") + +def result = [:] +def currentSection = null + +propertiesFileContent.eachLine { line -> + line = line.trim() + + if (line.startsWith("#") || line.isEmpty()) { + // Ignore comments and empty lines + return + } + + def sectionMatch = line =~ /^\[(.+)\]$/ + if (sectionMatch) { + currentSection = sectionMatch[0][1] + result[currentSection] = [:] + } else if (currentSection) { + def kvMatch = line =~ /^([^=]+)=\s*(.+)$/ + if (kvMatch) { + def key = kvMatch[0][1].trim() + def value = kvMatch[0][2].trim() + result[currentSection][key] = value + } + } +} + +// Iterate over each section and print its properties +result.each { sectionName, sectionData -> + git_url = Eval.me(sectionData['git_url']) + regions = Eval.me(sectionData['regions']) + outdir_structure = Eval.me(sectionData['outdir_structure']) + services = sectionData['services'] ? Eval.me(sectionData['services']) : false + + def jobName = "${sectionName}" + "/" + "setUpOCI" + def job = jenkins.getItemByFullName(jobName) + def build = job.getBuildByNumber(1) + if (build != null) { + while (build.isBuilding()) { + sleep(5000) // Sleep for 5 seconds before checking again + } + build.delete() + } +} diff --git a/jenkins_install/jcasc.yaml b/jenkins_install/jcasc.yaml index 813e4f224..50ea3dd33 100644 --- a/jenkins_install/jcasc.yaml +++ b/jenkins_install/jcasc.yaml @@ -3,11 +3,11 @@ jenkins: disableRememberMe: false disabledAdministrativeMonitors: - "jenkins.diagnostics.RootUrlNotSetMonitor" - globalNodeProperties: - - envVars: - env: - - key: "customer_prefix" - value: "" + #globalNodeProperties: + # - envVars: + # env: + # - key: "customer_prefix" + # value: "" labelAtoms: - name: "master" markupFormatter: "plainText" @@ -48,6 +48,7 @@ security: - "new java.io.File java.lang.String" - "staticMethod org.codehaus.groovy.runtime.ResourceGroovyMethods readLines java.io.File" - "method java.io.File listFiles" + - "staticMethod groovy.util.Eval me java.lang.String" unclassified: buildDiscarders: configuredBuildDiscarders: diff --git a/jenkins_install/jenkins.sh b/jenkins_install/jenkins.sh index ef51505d4..cbe88b3d0 100644 --- a/jenkins_install/jenkins.sh +++ b/jenkins_install/jenkins.sh @@ -21,46 +21,12 @@ fi cp ${JENKINS_INSTALL}/jcasc.yaml "$JENKINS_HOME/" -# Read profiles from jenkins.properties only -declare -A profiles -current_profile="" -while IFS= read -r line; do - if [[ "$line" =~ ^\[.*\]$ ]]; then - current_profile=$(echo "$line" | tr -d '[]' | xargs -0) - profiles["$current_profile"]="" - echo "Processing profile: $current_profile" # Debug line - elif [[ "$line" == *=* ]]; then - key=$(echo "$line" | cut -d'=' -f1 | xargs -0) - value=$(echo "$line" | cut -d'=' -f2- | xargs -0) - profiles["$current_profile"]+="$key='$value' " - fi -done < "$JENKINS_HOME/jenkins.properties" - -# Create setupoci job inside each profile folder -for profile_name in "${!profiles[@]}"; do - # Remove any brackets or whitespace from profile_name - profile_folder_path="$JENKINS_HOME/jobs/${profile_name}" - setupoci_job_dest="$profile_folder_path/setupoci" - - # Create profile and setupoci directories if they don't exist - mkdir -p "$setupoci_job_dest" - echo "Creating directory: $setupoci_job_dest" # Debug line - - # Copy setupoci config - cp "${JENKINS_INSTALL}/setUpOCI_config.xml" "$setupoci_job_dest/config.xml" - echo "Copied setUpOCI_config.xml to $setupoci_job_dest/config.xml" # Debug line -done - # Copy scriptler directory cp -r "${JENKINS_INSTALL}/scriptler" "$JENKINS_HOME" echo "Copied scriptler directory to $JENKINS_HOME" # Debug line -echo "SetupOCI jobs created for profiles." - - - #Generate Self Signed Cert and Copy to JENKINS_HOME - keytool -genkey -keystore "$JENKINS_INSTALL/oci_toolkit.jks" -alias "automationtoolkit" -keyalg RSA -validity 60 -keysize 2048 -dname "CN=oci-automation, OU=toolkit, C=IN" -ext SAN=dns:automationtoolkit,ip:127.0.0.1 -storepass automationtoolkit && keytool -importkeystore -srckeystore "$JENKINS_INSTALL/oci_toolkit.jks" -srcstoretype JKS -deststoretype PKCS12 -destkeystore "$JENKINS_HOME/oci_toolkit.p12" -srcstorepass automationtoolkit -deststorepass automationtoolkit -noprompt +keytool -genkey -keystore "$JENKINS_INSTALL/oci_toolkit.jks" -alias "automationtoolkit" -keyalg RSA -validity 60 -keysize 2048 -dname "CN=oci-automation, OU=toolkit, C=IN" -ext SAN=dns:automationtoolkit,ip:127.0.0.1 -storepass automationtoolkit && keytool -importkeystore -srckeystore "$JENKINS_INSTALL/oci_toolkit.jks" -srcstoretype JKS -deststoretype PKCS12 -destkeystore "$JENKINS_HOME/oci_toolkit.p12" -srcstorepass automationtoolkit -deststorepass automationtoolkit -noprompt touch "${COPY_REFERENCE_FILE_LOG}" || { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; } echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG" diff --git a/jenkins_install/plugins.txt b/jenkins_install/plugins.txt index fe65c5190..174d70f5a 100644 --- a/jenkins_install/plugins.txt +++ b/jenkins_install/plugins.txt @@ -20,3 +20,8 @@ file-parameters:latest scriptler:latest ansicolor:latest pipeline-graph-view:latest +javax-mail-api:latest +jdk-tool:latest +trilead-api:latest +command-launcher:latest +labelled-steps:latest diff --git a/jenkins_install/scriptler/scripts/AdditionalFilters.groovy b/jenkins_install/scriptler/scripts/AdditionalFilters.groovy index 1642d8255..36c4ea6e9 100644 --- a/jenkins_install/scriptler/scripts/AdditionalFilters.groovy +++ b/jenkins_install/scriptler/scripts/AdditionalFilters.groovy @@ -1,255 +1,283 @@ -def reg_list = new File("/cd3user/tenancies/${customer_prefix}/.config_files/regions_file") as String[] -def string_list = reg_list.join(", ") -reg_options = "" -for(item in string_list.split(",")){ - reg_options = reg_options+"" -} -def comp_list = new File("/cd3user/tenancies/${customer_prefix}/.config_files/compartments_file") as String[] -def string_list2 = comp_list.join(", ") -comp_options = "" -for(item in string_list2.split(",")){ - comp_options = comp_options+"" -} - -html_to_be_rendered = "" -if(Workflow.toLowerCase().contains("export")){ - -html_to_be_rendered = """ - ${html_to_be_rendered} - - - - - - - - - - - - - -""" -} -domain_filter_val = "Unset" -for (item in SubOptions.split(",")) { - if ((item in ["Export Groups","Export Users"]) && (domain_filter_val.equals("Unset"))) { - html_to_be_rendered = """ - ${html_to_be_rendered} - - - - - - """ - domain_filter_val = "Set" - } - if (item.equals("Export Instances (excludes instances launched by OKE)")) { - html_to_be_rendered = """ - ${html_to_be_rendered} - - - - - - - - - - - - """ - } - if (item.equals("Export Firewall Policy")) { - html_to_be_rendered = """ - ${html_to_be_rendered} - - - - - - - """ - } - if (item.equals("Clone Firewall Policy")) { - html_to_be_rendered = """ - ${html_to_be_rendered} - - - - - - - - - - - - - - - - - - - - - - - - - - - """ - } - if (item.equals("Delete Firewall Policy")) { - html_to_be_rendered = """ - ${html_to_be_rendered} - - - - - - - - - - - - - - - - """ - } - if (item.equals("Export Block Volumes/Block Backup Policy")) { - html_to_be_rendered = """ - ${html_to_be_rendered} - - - - - - - - - - - """ - } - - if (item.equals('Export DNS Views/Zones/Records')){ - html_to_be_rendered = """ - ${html_to_be_rendered} - - - - - - - - """ - } - if (item.equals('Upload current terraform files/state to Resource Manager')){ - html_to_be_rendered = """ - ${html_to_be_rendered} - - - - - - - - - - - - - - """ - } - - if (item.equals('Enable Cloud Guard')){ - html_to_be_rendered = """ - ${html_to_be_rendered} - - - - - - - """ - } - -} - -for (item in SubChildOptions.split(",")) { - if (item in ["Export Security Rules (From OCI into SecRulesinOCI sheet)","Export Route Rules (From OCI into RouteRulesinOCI sheet)","Export DRG Route Rules (From OCI into DRGRouteRulesinOCI sheet)","Export NSGs (From OCI into NSGs sheet)"]) { - - html_to_be_rendered = """ - ${html_to_be_rendered} - - - - - - - - - """ - } - if (item.equals("Export DR Plan")) { - html_to_be_rendered = """ - ${html_to_be_rendered} - - - - - - - - - - - - - - - - - - - - """ - } - - if (item.equals("Update DR Plan")) { - html_to_be_rendered = """ - ${html_to_be_rendered} - - - - - - - - - - - - - - - - - """ - } - -} - -html_to_be_rendered = "${html_to_be_rendered}
(Enter 'all' to export from all domains OR leave it Blank to export from default domain )

(eg AD1,AD2,AD3)


(Leave empty if you need tool to generate the policy names)

-
-
(eg AD1,AD2,AD3)
- -

(Default is 'prefix_oci-fsdr-plan.xlsx at /cd3user/tenancies//othertools_files')
(Default is 'FSDR-Plan')
(Mandatory)
(Default is 'prefix_oci-fsdr-plan.xlsx at /cd3user/tenancies//othertools_files)
(Default is 'FSDR-Plan' if left empty)
(Mandatory)
" -return html_to_be_rendered +def reg_list = new File("/cd3user/tenancies/${Prefix}/.config_files/regions_file") as String[] +def string_list = reg_list.join(", ") +reg_options = "" +for(item in string_list.split(",")){ + reg_options = reg_options+"" +} +def comp_list = new File("/cd3user/tenancies/${Prefix}/.config_files/compartments_file") as String[] +def string_list2 = comp_list.join(", ") +comp_options = "" +for(item in string_list2.split(",")){ + comp_options = comp_options+"" +} + +html_to_be_rendered = "" +if(Workflow.toLowerCase().contains("export")){ + +html_to_be_rendered = """ + ${html_to_be_rendered} + + + + + + + + + + + + + +""" +} +domain_filter_val = "Unset" +for (item in SubOptions.split(",")) { + if ((item in ["Export Groups","Export Users"]) && (domain_filter_val.equals("Unset"))) { + html_to_be_rendered = """ + ${html_to_be_rendered} + + + + + + """ + domain_filter_val = "Set" + } + if (item.equals("Export Instances (excludes instances launched by OKE)")) { + html_to_be_rendered = """ + ${html_to_be_rendered} + + + + + + + + + + + + """ + } + if (item.equals("Export Firewall Policy")) { + html_to_be_rendered = """ + ${html_to_be_rendered} + + + + + + + """ + } + if (item.equals("Clone Firewall Policy")) { + html_to_be_rendered = """ + ${html_to_be_rendered} + + + + + + + + + + + + + + + + + + + + + + + + + + + """ + } + if (item.equals("Delete Firewall Policy")) { + html_to_be_rendered = """ + ${html_to_be_rendered} + + + + + + + + + + + + + + + + """ + } + if (item.equals("Export Block Volumes/Block Backup Policy")) { + html_to_be_rendered = """ + ${html_to_be_rendered} + + + + + + + + + + + """ + } + + if (item.equals('Export DNS Views/Zones/Records')){ + html_to_be_rendered = """ + ${html_to_be_rendered} + + + + + + + + """ + } + if (item.equals('Upload current terraform files/state to Resource Manager')){ + html_to_be_rendered = """ + ${html_to_be_rendered} + + + + + + + + + + + + + + """ + } + + if (item.equals('Enable Cloud Guard')){ + html_to_be_rendered = """ + ${html_to_be_rendered} + + + + + + + """ + } + + if (item.equals('Execute VizOCI')){ + html_to_be_rendered = """ + ${html_to_be_rendered} + + + + + + + + + + + + + + + + + + + + """ + } + +} + +export_network_rules = "unset" +for (item in SubChildOptions.split(",")) { + if ((item in ["Export Security Rules (From OCI into SecRulesinOCI sheet)","Export Route Rules (From OCI into RouteRulesinOCI sheet)","Export DRG Route Rules (From OCI into DRGRouteRulesinOCI sheet)","Export NSGs (From OCI into NSGs sheet)"]) && (export_network_rules.equals("unset"))) { + html_to_be_rendered = """ + ${html_to_be_rendered} + + + + + + + """ + export_network_rules = "set" + } + + + if (item.equals("Export DR Plan")) { + html_to_be_rendered = """ + ${html_to_be_rendered} + + + + + + + + + + + + + + + + + + + + """ + } + + if (item.equals("Update DR Plan")) { + html_to_be_rendered = """ + ${html_to_be_rendered} + + + + + + + + + + + + + + + + + """ + } + +} + +html_to_be_rendered = "${html_to_be_rendered}
(Enter 'all' to export from all domains OR leave it Blank to export from default domain )

(eg AD1,AD2,AD3)


(Leave empty if you need tool to generate the policy names)

+
+
(eg AD1,AD2,AD3)
+ +

+ +
(Default is 'prefix_oci-fsdr-plan.xlsx at /cd3user/tenancies//othertools_files')
(Default is 'FSDR-Plan')
(Mandatory)
(Default is 'prefix_oci-fsdr-plan.xlsx at /cd3user/tenancies//othertools_files)
(Default is 'FSDR-Plan' if left empty)
(Mandatory)
" +return html_to_be_rendered diff --git a/jenkins_install/scriptler/scripts/MainOptions.groovy b/jenkins_install/scriptler/scripts/MainOptions.groovy index 51dfadbe3..88e60f30f 100644 --- a/jenkins_install/scriptler/scripts/MainOptions.groovy +++ b/jenkins_install/scriptler/scripts/MainOptions.groovy @@ -1,44 +1,44 @@ -if (Workflow.toLowerCase().contains("create")){ -return[ -"Validate CD3", -"Identity", -"Governance", -"Cost Management", -"Network", -"OCI Firewall", -"DNS Management", -"Compute", -"Storage", -"Database", -"Load Balancers", -"Management Services", -"Developer Services", -"Security", -"Logging Services", -"Software-Defined Data Centers - OCVS", -"CD3 Services", -"Other OCI Tools" -] -} -else if(Workflow.toLowerCase().contains("export")) { -return[ -"Export Identity", -"Export Governance", -"Export Cost Management", -"Export Network", -"Export OCI Firewall", -"Export DNS Management", -"Export Compute", -"Export Storage", -"Export Databases", -"Export Load Balancers", -"Export Management Services", -"Export Developer Services", -"Export Security", -"Export Software-Defined Data Centers - OCVS", -"CD3 Services" -] -} -else { -return["Please select a Workflow:disabled"] +if (Workflow.toLowerCase().contains("create")){ +return[ +"Validate CD3", +"Identity", +"Governance", +"Cost Management", +"Network", +"OCI Firewall", +"DNS Management", +"Compute", +"Storage", +"Database", +"Load Balancers", +"Management Services", +"Developer Services", +"Security", +"Logging Services", +"Software-Defined Data Centers - OCVS", +"CD3 Services", +"Other OCI Tools" +] +} +else if(Workflow.toLowerCase().contains("export")) { +return[ +"Export Identity", +"Export Governance", +"Export Cost Management", +"Export Network", +"Export OCI Firewall", +"Export DNS Management", +"Export Compute", +"Export Storage", +"Export Databases", +"Export Load Balancers", +"Export Management Services", +"Export Developer Services", +"Export Security", +"Export Software-Defined Data Centers - OCVS", +"CD3 Services" +] +} +else { +return["Please select a Workflow:disabled"] } \ No newline at end of file diff --git a/jenkins_install/scriptler/scripts/SubChildOptions.groovy b/jenkins_install/scriptler/scripts/SubChildOptions.groovy index 6c7671ea2..283ff7a35 100644 --- a/jenkins_install/scriptler/scripts/SubChildOptions.groovy +++ b/jenkins_install/scriptler/scripts/SubChildOptions.groovy @@ -1,41 +1,41 @@ -List sec_rules = ["SECURITY RULES:disabled","Export Security Rules (From OCI into SecRulesinOCI sheet)", "Add/Modify/Delete Security Rules (Reads SecRulesinOCI sheet)"] -List route_rules = ["ROUTE RULES:disabled","Export Route Rules (From OCI into RouteRulesinOCI sheet)", "Add/Modify/Delete Route Rules (Reads RouteRulesinOCI sheet)"] -List firewall_policy = ["FIREWALL POLICY:disabled","Add/Modify/Delete Policy", "Add/Modify/Delete Service","Add/Modify/Delete Service-list","Add/Modify/Delete Application","Add/Modify/Delete Application-list","Add/Modify/Delete Address-list","Add/Modify/Delete Url-list","Add/Modify/Delete Security rules","Add/Modify/Delete Mapped Secrets","Add/Modify/Delete Decryption Rules","Add/Modify/Delete Decryption Profile"] -List drg_route_rules = ["DRG ROUTE RULES:disabled","Export DRG Route Rules (From OCI into DRGRouteRulesinOCI sheet)", "Add/Modify/Delete DRG Route Rules (Reads DRGRouteRulesinOCI sheet)"] -List nsg = ["NSGs:disabled","Export NSGs (From OCI into NSGs sheet)", "Add/Modify/Delete NSGs (Reads NSGs sheet)"] -List cis = ["CIS:disabled","Download latest compliance checking script", "Execute compliance checking script"] -List showoci = ["SHOW OCI:disabled","Download Latest ShowOCI Script", "Execute ShowOCI Script"] -List ocifsdr = ["OCI FSDR:disabled","Export DR Plan", "Update DR Plan"] -List customer_connectivity = ["Connectivity:disabled","Create Remote Peering Connections"] -List final_list = [] - -for (item in SubOptions.split(",")) { - if (item.equals("Security Rules")){ - final_list += sec_rules - } - if (item.equals("Route Rules")){ - final_list += route_rules - } - if (item.equals("DRG Route Rules")){ - final_list += drg_route_rules - } - if (item.equals("Network Security Groups")){ - final_list += nsg - } - if (item.equals("CIS Compliance Check Script")){ - final_list += cis - } - if (item.equals("ShowOCI Report")){ - final_list += showoci - } - if (item.equals("OCI FSDR")){ - final_list += ocifsdr - } - if (item.equals("Add/Modify/Delete Firewall Policy")){ - final_list += firewall_policy - } - if (item.equals("Customer Connectivity")){ - final_list += customer_connectivity - } -} +List sec_rules = ["SECURITY RULES:disabled","Export Security Rules (From OCI into SecRulesinOCI sheet)", "Add/Modify/Delete Security Rules (Reads SecRulesinOCI sheet)"] +List route_rules = ["ROUTE RULES:disabled","Export Route Rules (From OCI into RouteRulesinOCI sheet)", "Add/Modify/Delete Route Rules (Reads RouteRulesinOCI sheet)"] +List firewall_policy = ["FIREWALL POLICY:disabled","Add/Modify/Delete Policy", "Add/Modify/Delete Service","Add/Modify/Delete Service-list","Add/Modify/Delete Application","Add/Modify/Delete Application-list","Add/Modify/Delete Address-list","Add/Modify/Delete Url-list","Add/Modify/Delete Security rules","Add/Modify/Delete Mapped Secrets","Add/Modify/Delete Decryption Rules","Add/Modify/Delete Decryption Profile"] +List drg_route_rules = ["DRG ROUTE RULES:disabled","Export DRG Route Rules (From OCI into DRGRouteRulesinOCI sheet)", "Add/Modify/Delete DRG Route Rules (Reads DRGRouteRulesinOCI sheet)"] +List nsg = ["NSGs:disabled","Export NSGs (From OCI into NSGs sheet)", "Add/Modify/Delete NSGs (Reads NSGs sheet)"] +List cis = ["CIS:disabled","Download latest compliance checking script", "Execute compliance checking script"] +List showoci = ["SHOW OCI:disabled","Download Latest ShowOCI Script", "Execute ShowOCI Script"] +List ocifsdr = ["OCI FSDR:disabled","Export DR Plan", "Update DR Plan"] +List customer_connectivity = ["Connectivity:disabled","Create Remote Peering Connections"] +List final_list = [] + +for (item in SubOptions.split(",")) { + if (item.equals("Security Rules")){ + final_list += sec_rules + } + if (item.equals("Route Rules")){ + final_list += route_rules + } + if (item.equals("DRG Route Rules")){ + final_list += drg_route_rules + } + if (item.equals("Network Security Groups")){ + final_list += nsg + } + if (item.equals("CIS Compliance Check Script")){ + final_list += cis + } + if (item.equals("ShowOCI Report")){ + final_list += showoci + } + if (item.equals("OCI FSDR")){ + final_list += ocifsdr + } + if (item.equals("Add/Modify/Delete Firewall Policy")){ + final_list += firewall_policy + } + if (item.equals("Customer Connectivity")){ + final_list += customer_connectivity + } +} return final_list \ No newline at end of file diff --git a/jenkins_install/scriptler/scripts/SubOptions.groovy b/jenkins_install/scriptler/scripts/SubOptions.groovy index a5a67f9c8..1dabea598 100644 --- a/jenkins_install/scriptler/scripts/SubOptions.groovy +++ b/jenkins_install/scriptler/scripts/SubOptions.groovy @@ -1,126 +1,127 @@ -List validate_cd3 = ["CD3 Validator:disabled","Validate Compartments","Validate Groups","Validate Policies","Validate Tags","Validate Budgets","Validate Network(VCNs, SubnetsVLANs, DHCP, DRGs)","Validate DNS","Validate Instances","Validate Block Volumes","Validate FSS","Validate Buckets","Validate KMS"] -List identity = ["IDENTITY:disabled","Add/Modify/Delete Compartments", "Add/Modify/Delete Groups","Add/Modify/Delete Policies", "Add/Modify/Delete Users", "Add/Modify/Delete Network Sources"] -List governance = ["GOVERNANCE:disabled","Tags", "Quotas"] -List cost_management = ["COST MANAGEMENT:disabled","Budgets"] -List network = ["NETWORK:disabled","Create Network", "Modify Network","Security Rules", "Route Rules", "DRG Route Rules", "Network Security Groups", "Add/Modify/Delete VLANs", "Customer Connectivity"] -List oci_firewall = ["OCI FIREWALL:disabled","Validate Firewall CD3 Excel", "Add/Modify/Delete Firewall Policy","Add/Modify/Delete Firewall", "Clone Firewall Policy"] -List dns_management = ["DNS:disabled","Add/Modify/Delete DNS Views/Zones/Records", "Add/Modify/Delete DNS Resolvers"] -List compute = ["COMPUTE:disabled","Add/Modify/Delete Dedicated VM Hosts", "Add/Modify/Delete Instances/Boot Backup Policy"] -List storage = ["STORAGE:disabled","Add/Modify/Delete Block Volumes/Block Backup Policy", "Add/Modify/Delete File Systems", "Add/Modify/Delete Object Storage Buckets"] -List database = ["DATABASE:disabled","Add/Modify/Delete Virtual Machine or Bare Metal DB Systems", "Add/Modify/Delete EXA Infra and EXA VM Clusters", "Add/Modify/Delete ADBs"] -List load_balancers = ["LOAD BALANCERS:disabled","Add/Modify/Delete Load Balancers", "Add/Modify/Delete Network Load Balancers"] -List management_services = ["MANAGEMENT SERVICES:disabled","Add/Modify/Delete Notifications", "Add/Modify/Delete Events", "Add/Modify/Delete Alarms", "Add/Modify/Delete ServiceConnectors"] -List developer_services = ["DEVELOPER SERVICES:disabled","Add/Modify/Delete OKE Cluster and Nodepools"] -List security = ["SECURITY:disabled","Add/Modify/Delete KMS (Keys/Vaults)", "Enable Cloud Guard"] -List logging_services = ["LOGGING SERVICES:disabled","Enable VCN Flow Logs", "Enable LBaaS Logs", "Enable Object Storage Buckets Logs", "Enable File Storage Logs", "Enable Network Firewall Logs"] -List cd3_services = ["CD3 SERVICES:disabled","Fetch Compartments OCIDs to variables file", "Fetch Protocols to OCI_Protocols"] -List utility_services = ["Other OCI Tools:disabled","CIS Compliance Check Script", "ShowOCI Report", "OCI FSDR"] -List ex_identity = ["IDENTITY:disabled","Export Compartments", "Export Groups", "Export Policies", "Export Users", "Export Network Sources"] -List ex_governance = ["GOVERNANCE:disabled","Export Tags", "Export Quotas"] -List ex_cost_management = ["COST MANAGEMENT:disabled","Export Budgets"] -List ex_network = ["NETWORK:disabled","Export all Network Components", "Export Network components for VCNs/DRGs/DRGRouteRulesinOCI Tabs", "Export Network components for DHCP Tab", "Export Network components for SecRulesinOCI Tab", "Export Network components for RouteRulesinOCI Tab", "Export Network components for SubnetsVLANs Tab", "Export Network components for NSGs Tab"] -List ex_firewall = ["OCI FIREWALL:disabled","Export Firewall Policy", "Export Firewall"] -List ex_dns = ["DNS:disabled","Export DNS Views/Zones/Records", "Export DNS Resolvers"] -List ex_compute = ["COMPUTE:disabled","Export Dedicated VM Hosts", "Export Instances (excludes instances launched by OKE)"] -List ex_storage = ["STORAGE:disabled","Export Block Volumes/Block Backup Policy", "Export File Systems", "Export Object Storage Buckets"] -List ex_databases = ["DATABASE:disabled","Export Virtual Machine or Bare Metal DB Systems", "Export EXA Infra and EXA VMClusters", "Export ADBs"] -List ex_lb = ["LOAD BALANCERS:disabled","Export Load Balancers", "Export Network Load Balancers"] -List ex_management = ["MANAGEMENT SERVICES:disabled","Export Notifications", "Export Events", "Export Alarms", "Export Service Connectors"] -List ex_developer = ["DEVELOPER SERVICES:disabled","Export OKE cluster and Nodepools"] -List ex_security = ["SECURITY:disabled","Export KMS (Keys/Vaults)"] - -List final_list = [] -for (item in MainOptions.split(",")) { -if (item.equals("Validate CD3")){ -final_list += validate_cd3 -} -if (item.equals("Identity")){ -final_list += identity -} -if (item.equals("Governance")){ -final_list += governance -} -if (item.equals("Cost Management")){ -final_list += cost_management -} -if (item.equals("Compute")){ -final_list += compute -} -if (item.equals("Network")){ -final_list += network -} -if (item.equals("OCI Firewall")){ -final_list += oci_firewall -} -if (item.equals("DNS Management")){ -final_list += dns_management -} -if (item.equals("Storage")){ -final_list += storage -} -if (item.equals("Database")){ -final_list += database -} -if (item.equals("Load Balancers")){ -final_list += load_balancers -} -if (item.equals("Management Services")){ -final_list += management_services -} -if (item.equals("Developer Services")){ -final_list += developer_services -} -if (item.equals("Security")){ -final_list += security -} -if (item.equals("Logging Services")){ -final_list += logging_services -} -if (item.equals("CD3 Services")){ -final_list += cd3_services -} -if (item.equals("Other OCI Tools")){ -final_list += utility_services -} -if (item.equals("Export Identity")){ -final_list += ex_identity -} -if (item.equals("Export Governance")){ -final_list += ex_governance -} -if (item.equals("Export Cost Management")){ -final_list += ex_cost_management -} -if (item.equals("Export Network")){ -final_list += ex_network -} -if (item.equals("Export OCI Firewall")){ -final_list += ex_firewall -} -if (item.equals("Export DNS Management")){ -final_list += ex_dns -} -if (item.equals("Export Compute")){ -final_list += ex_compute -} -if (item.equals("Export Storage")){ -final_list += ex_storage -} -if (item.equals("Export Databases")){ -final_list += ex_databases -} -if (item.equals("Export Load Balancers")){ -final_list += ex_lb -} -if (item.equals("Export Management Services")){ -final_list += ex_management -} -if (item.equals("Export Developer Services")){ -final_list += ex_developer -} -if (item.equals("Export Security")){ -final_list += ex_security -} -} - +List validate_cd3 = ["CD3 Validator:disabled","Validate Compartments","Validate Groups","Validate Policies","Validate Tags","Validate Budgets","Validate Network(VCNs, SubnetsVLANs, DHCP, DRGs)","Validate DNS","Validate Instances","Validate Block Volumes","Validate FSS","Validate Buckets","Validate KMS"] +List identity = ["IDENTITY:disabled","Add/Modify/Delete Compartments", "Add/Modify/Delete Groups","Add/Modify/Delete Policies", "Add/Modify/Delete Users", "Add/Modify/Delete Network Sources"] +List governance = ["GOVERNANCE:disabled","Tags", "Quotas"] +List cost_management = ["COST MANAGEMENT:disabled","Budgets"] +List network = ["NETWORK:disabled","Create Network", "Modify Network","Security Rules", "Route Rules", "DRG Route Rules", "Network Security Groups", "Add/Modify/Delete VLANs", "Customer Connectivity"] +List oci_firewall = ["OCI FIREWALL:disabled","Validate Firewall CD3 Excel", "Add/Modify/Delete Firewall Policy","Add/Modify/Delete Firewall", "Clone Firewall Policy"] +List dns_management = ["DNS:disabled","Add/Modify/Delete DNS Views/Zones/Records", "Add/Modify/Delete DNS Resolvers"] +List compute = ["COMPUTE:disabled","Add/Modify/Delete Dedicated VM Hosts", "Add/Modify/Delete Instances/Boot Backup Policy"] +List storage = ["STORAGE:disabled","Add/Modify/Delete Block Volumes/Block Backup Policy", "Add/Modify/Delete File Systems", "Add/Modify/Delete Object Storage Buckets"] +List database = ["DATABASE:disabled","Add/Modify/Delete Virtual Machine or Bare Metal DB Systems", "Add/Modify/Delete EXA Infra and EXA VM Clusters", "Add/Modify/Delete ADBs"] +List load_balancers = ["LOAD BALANCERS:disabled","Add/Modify/Delete Load Balancers", "Add/Modify/Delete Network Load Balancers"] +List management_services = ["MANAGEMENT SERVICES:disabled","Add/Modify/Delete Notifications", "Add/Modify/Delete Events", "Add/Modify/Delete Alarms", "Add/Modify/Delete ServiceConnectors"] +List developer_services = ["DEVELOPER SERVICES:disabled","Add/Modify/Delete OKE Cluster and Nodepools"] +List security = ["SECURITY:disabled","Add/Modify/Delete KMS (Keys/Vaults)", "Enable Cloud Guard"] +List logging_services = ["LOGGING SERVICES:disabled","Enable VCN Flow Logs", "Enable LBaaS Logs", "Enable Object Storage Buckets Logs", "Enable File Storage Logs", "Enable Network Firewall Logs"] +List cd3_services = ["CD3 SERVICES:disabled","Fetch Compartments OCIDs to variables file", "Fetch Protocols to OCI_Protocols"] +//List utility_services = ["Other OCI Tools:disabled","CIS Compliance Check Script", "ShowOCI Report", "Execute VizOCI", "OCI FSDR"] +List utility_services = ["Other OCI Tools:disabled","CIS Compliance Check Script", "ShowOCI Report", "OCI FSDR"] +List ex_identity = ["IDENTITY:disabled","Export Compartments", "Export Groups", "Export Policies", "Export Users", "Export Network Sources"] +List ex_governance = ["GOVERNANCE:disabled","Export Tags", "Export Quotas"] +List ex_cost_management = ["COST MANAGEMENT:disabled","Export Budgets"] +List ex_network = ["NETWORK:disabled","Export all Network Components", "Export Network components for VCNs/DRGs/DRGRouteRulesinOCI Tabs", "Export Network components for DHCP Tab", "Export Network components for SecRulesinOCI Tab", "Export Network components for RouteRulesinOCI Tab", "Export Network components for SubnetsVLANs Tab", "Export Network components for NSGs Tab"] +List ex_firewall = ["OCI FIREWALL:disabled","Export Firewall Policy", "Export Firewall"] +List ex_dns = ["DNS:disabled","Export DNS Views/Zones/Records", "Export DNS Resolvers"] +List ex_compute = ["COMPUTE:disabled","Export Dedicated VM Hosts", "Export Instances (excludes instances launched by OKE)"] +List ex_storage = ["STORAGE:disabled","Export Block Volumes/Block Backup Policy", "Export File Systems", "Export Object Storage Buckets"] +List ex_databases = ["DATABASE:disabled","Export Virtual Machine or Bare Metal DB Systems", "Export EXA Infra and EXA VMClusters", "Export ADBs"] +List ex_lb = ["LOAD BALANCERS:disabled","Export Load Balancers", "Export Network Load Balancers"] +List ex_management = ["MANAGEMENT SERVICES:disabled","Export Notifications", "Export Events", "Export Alarms", "Export Service Connectors"] +List ex_developer = ["DEVELOPER SERVICES:disabled","Export OKE cluster and Nodepools"] +List ex_security = ["SECURITY:disabled","Export KMS (Keys/Vaults)"] + +List final_list = [] +for (item in MainOptions.split(",")) { +if (item.equals("Validate CD3")){ +final_list += validate_cd3 +} +if (item.equals("Identity")){ +final_list += identity +} +if (item.equals("Governance")){ +final_list += governance +} +if (item.equals("Cost Management")){ +final_list += cost_management +} +if (item.equals("Compute")){ +final_list += compute +} +if (item.equals("Network")){ +final_list += network +} +if (item.equals("OCI Firewall")){ +final_list += oci_firewall +} +if (item.equals("DNS Management")){ +final_list += dns_management +} +if (item.equals("Storage")){ +final_list += storage +} +if (item.equals("Database")){ +final_list += database +} +if (item.equals("Load Balancers")){ +final_list += load_balancers +} +if (item.equals("Management Services")){ +final_list += management_services +} +if (item.equals("Developer Services")){ +final_list += developer_services +} +if (item.equals("Security")){ +final_list += security +} +if (item.equals("Logging Services")){ +final_list += logging_services +} +if (item.equals("CD3 Services")){ +final_list += cd3_services +} +if (item.equals("Other OCI Tools")){ +final_list += utility_services +} +if (item.equals("Export Identity")){ +final_list += ex_identity +} +if (item.equals("Export Governance")){ +final_list += ex_governance +} +if (item.equals("Export Cost Management")){ +final_list += ex_cost_management +} +if (item.equals("Export Network")){ +final_list += ex_network +} +if (item.equals("Export OCI Firewall")){ +final_list += ex_firewall +} +if (item.equals("Export DNS Management")){ +final_list += ex_dns +} +if (item.equals("Export Compute")){ +final_list += ex_compute +} +if (item.equals("Export Storage")){ +final_list += ex_storage +} +if (item.equals("Export Databases")){ +final_list += ex_databases +} +if (item.equals("Export Load Balancers")){ +final_list += ex_lb +} +if (item.equals("Export Management Services")){ +final_list += ex_management +} +if (item.equals("Export Developer Services")){ +final_list += ex_developer +} +if (item.equals("Export Security")){ +final_list += ex_security +} +} + return final_list \ No newline at end of file diff --git a/jenkins_install/scriptler/scripts/ValidateParams.groovy b/jenkins_install/scriptler/scripts/ValidateParams.groovy index 0f23d1c88..3aadab931 100644 --- a/jenkins_install/scriptler/scripts/ValidateParams.groovy +++ b/jenkins_install/scriptler/scripts/ValidateParams.groovy @@ -1,83 +1,87 @@ -def validate_params(Workflow,MainOptions,SubOptions,SubChildOptions,AdditionalFilters){ - valid_params = "Passed" - def gf_options_map = [ - "Validate CD3":["Validate Compartments","Validate Groups","Validate Policies","Validate Tags","Validate Budgets","Validate Network(VCNs, SubnetsVLANs, DHCP, DRGs)","Validate DNS","Validate Instances","Validate Block Volumes","Validate FSS","Validate Buckets","Validate KMS"], - "Identity":["Add/Modify/Delete Compartments", "Add/Modify/Delete Groups","Add/Modify/Delete Policies", "Add/Modify/Delete Users", "Add/Modify/Delete Network Sources"], - "Governance":["Tags", "Quotas"], - "Cost Management":["Budgets"], - "Network":["Create Network", "Modify Network","Security Rules", "Route Rules", "DRG Route Rules", "Network Security Groups", "Add/Modify/Delete VLANs", "Customer Connectivity"], - "OCI Firewall":["Validate Firewall CD3 Excel", "Add/Modify/Delete Firewall Policy","Add/Modify/Delete Firewall", "Clone Firewall Policy"], - "DNS Management":["Add/Modify/Delete DNS Views/Zones/Records", "Add/Modify/Delete DNS Resolvers"], - "Compute":["Add/Modify/Delete Dedicated VM Hosts", "Add/Modify/Delete Instances/Boot Backup Policy"], - "Storage":["Add/Modify/Delete Block Volumes/Block Backup Policy", "Add/Modify/Delete File Systems", "Add/Modify/Delete Object Storage Buckets"], - "Database":["Add/Modify/Delete Virtual Machine or Bare Metal DB Systems", "Add/Modify/Delete EXA Infra and EXA VM Clusters", "Add/Modify/Delete ADBs"], - "Load Balancers":["Add/Modify/Delete Load Balancers", "Add/Modify/Delete Network Load Balancers"], - "Management Services":["Add/Modify/Delete Notifications", "Add/Modify/Delete Events", "Add/Modify/Delete Alarms", "Add/Modify/Delete ServiceConnectors"], - "Developer Services":["Upload current terraform files/state to Resource Manager", "Add/Modify/Delete OKE Cluster and Nodepools"], - "Security":["Add/Modify/Delete KMS (Keys/Vaults)", "Enable Cloud Guard"], - "Logging Services":["Enable VCN Flow Logs", "Enable LBaaS Logs", "Enable Object Storage Buckets Logs", "Enable File Storage Logs", "Enable Network Firewall Logs"], - "CD3 Services":["Fetch Compartments OCIDs to variables file", "Fetch Protocols to OCI_Protocols"], - "Other OCI Tools":["CIS Compliance Check Script", "ShowOCI Report", "OCI FSDR"] - ] - def non_gf_options_map = [ - "Export Identity":["Export Compartments", "Export Groups", "Export Policies", "Export Users", "Export Network Sources"], - "Export Governance":["Export Tags", "Export Quotas"], - "Export Cost Management":["Export Budgets"], - "Export Network":["Export all Network Components", "Export Network components for VCNs/DRGs/DRGRouteRulesinOCI Tabs", "Export Network components for DHCP Tab", "Export Network components for SecRulesinOCI Tab", "Export Network components for RouteRulesinOCI Tab", "Export Network components for SubnetsVLANs Tab", "Export Network components for NSGs Tab"], - "Export OCI Firewall":["Export Firewall Policy", "Export Firewall"], - "Export DNS Management":["Export DNS Views/Zones/Records", "Export DNS Resolvers"], - "Export Compute":["Export Dedicated VM Hosts", "Export Instances (excludes instances launched by OKE)"], - "Export Storage":["Export Block Volumes/Block Backup Policy", "Export File Systems", "Export Object Storage Buckets"], - "Export Databases":["Export Virtual Machine or Bare Metal DB Systems", "Export EXA Infra and EXA VMClusters", "Export ADBs"], - "Export Load Balancers":["Export Load Balancers", "Export Network Load Balancers"], - "Export Management Services":["Export Notifications", "Export Events", "Export Alarms", "Export Service Connectors"], - "Export Developer Services":["Export OKE cluster and Nodepools"], - "Export Security":["Export KMS (Keys/Vaults)"], - "CD3 Services":["Fetch Compartments OCIDs to variables file", "Fetch Protocols to OCI_Protocols"] - ] - mainoptions_list = MainOptions.split(",") - suboptions_list = SubOptions.split(",") - validation_map = [:] - if (mainoptions_list.size() > 0) { - for (mitem in MainOptions.split(",")) { - validation_map[mitem] = "Failed" - if (mitem.contains("Tag") || mitem.contains("OCVS") ) { - validation_map[mitem] = "Passed" - continue - } - if (Workflow.toLowerCase().contains("create")){ - for (item in gf_options_map[mitem]) { - if (item in suboptions_list) { - validation_map[mitem] = "Passed" - break - } - } - } - else { - for (item in non_gf_options_map[mitem]) { - if (item in suboptions_list) { - validation_map[mitem] = "Passed" - break - } - } - } - } - if ('Upload current terraform files/state to Resource Manager' in suboptions_list) { - if (AdditionalFilters.split("orm_compartments=\\[,")[1].startsWithAny(",", " ")) { - println("Failed - RM Stack Compartment") - valid_params = "Failed" - } - } - } else { - valid_params = "Failed" - } - result_list = [] - validation_map.each { result_list.add(it.value) } - if ("Failed" in result_list || valid_params == "Failed") { - valid_params = "Failed" - }else { - valid_params = "Passed" - } - return valid_params - } +def validate_params(Workflow,MainOptions,SubOptions,SubChildOptions,AdditionalFilters){ + valid_params = "Passed" + def gf_options_map = [ + "Validate CD3":["Validate Compartments","Validate Groups","Validate Policies","Validate Tags","Validate Budgets","Validate Network(VCNs, SubnetsVLANs, DHCP, DRGs)","Validate DNS","Validate Instances","Validate Block Volumes","Validate FSS","Validate Buckets","Validate KMS"], + "Identity":["Add/Modify/Delete Compartments", "Add/Modify/Delete Groups","Add/Modify/Delete Policies", "Add/Modify/Delete Users", "Add/Modify/Delete Network Sources"], + "Governance":["Tags", "Quotas"], + "Cost Management":["Budgets"], + "Network":["Create Network", "Modify Network","Security Rules", "Route Rules", "DRG Route Rules", "Network Security Groups", "Add/Modify/Delete VLANs", "Customer Connectivity"], + "OCI Firewall":["Validate Firewall CD3 Excel", "Add/Modify/Delete Firewall Policy","Add/Modify/Delete Firewall", "Clone Firewall Policy"], + "DNS Management":["Add/Modify/Delete DNS Views/Zones/Records", "Add/Modify/Delete DNS Resolvers"], + "Compute":["Add/Modify/Delete Dedicated VM Hosts", "Add/Modify/Delete Instances/Boot Backup Policy"], + "Storage":["Add/Modify/Delete Block Volumes/Block Backup Policy", "Add/Modify/Delete File Systems", "Add/Modify/Delete Object Storage Buckets"], + "Database":["Add/Modify/Delete Virtual Machine or Bare Metal DB Systems", "Add/Modify/Delete EXA Infra and EXA VM Clusters", "Add/Modify/Delete ADBs"], + "Load Balancers":["Add/Modify/Delete Load Balancers", "Add/Modify/Delete Network Load Balancers"], + "Management Services":["Add/Modify/Delete Notifications", "Add/Modify/Delete Events", "Add/Modify/Delete Alarms", "Add/Modify/Delete ServiceConnectors"], + "Developer Services":["Upload current terraform files/state to Resource Manager", "Add/Modify/Delete OKE Cluster and Nodepools"], + "Security":["Add/Modify/Delete KMS (Keys/Vaults)", "Enable Cloud Guard"], + "Logging Services":["Enable VCN Flow Logs", "Enable LBaaS Logs", "Enable Object Storage Buckets Logs", "Enable File Storage Logs", "Enable Network Firewall Logs"], + "CD3 Services":["Fetch Compartments OCIDs to variables file", "Fetch Protocols to OCI_Protocols"], + "Other OCI Tools":["CIS Compliance Check Script", "ShowOCI Report", "Execute VizOCI", "OCI FSDR"] + ] + def non_gf_options_map = [ + "Export Identity":["Export Compartments", "Export Groups", "Export Policies", "Export Users", "Export Network Sources"], + "Export Governance":["Export Tags", "Export Quotas"], + "Export Cost Management":["Export Budgets"], + "Export Network":["Export all Network Components", "Export Network components for VCNs/DRGs/DRGRouteRulesinOCI Tabs", "Export Network components for DHCP Tab", "Export Network components for SecRulesinOCI Tab", "Export Network components for RouteRulesinOCI Tab", "Export Network components for SubnetsVLANs Tab", "Export Network components for NSGs Tab"], + "Export OCI Firewall":["Export Firewall Policy", "Export Firewall"], + "Export DNS Management":["Export DNS Views/Zones/Records", "Export DNS Resolvers"], + "Export Compute":["Export Dedicated VM Hosts", "Export Instances (excludes instances launched by OKE)"], + "Export Storage":["Export Block Volumes/Block Backup Policy", "Export File Systems", "Export Object Storage Buckets"], + "Export Databases":["Export Virtual Machine or Bare Metal DB Systems", "Export EXA Infra and EXA VMClusters", "Export ADBs"], + "Export Load Balancers":["Export Load Balancers", "Export Network Load Balancers"], + "Export Management Services":["Export Notifications", "Export Events", "Export Alarms", "Export Service Connectors"], + "Export Developer Services":["Export OKE cluster and Nodepools"], + "Export Security":["Export KMS (Keys/Vaults)"], + "CD3 Services":["Fetch Compartments OCIDs to variables file", "Fetch Protocols to OCI_Protocols"] + ] + mainoptions_list = MainOptions.split(",") + suboptions_list = SubOptions.split(",") + validation_map = [:] + if (mainoptions_list.size() > 0) { + for (mitem in MainOptions.split(",")) { + validation_map[mitem] = "Failed" + if (mitem.contains("Tag") || mitem.contains("OCVS") ) { + validation_map[mitem] = "Passed" + continue + } + if (Workflow.toLowerCase().contains("create")){ + for (item in gf_options_map[mitem]) { + for (i in item.split(",")){ + if (i in suboptions_list) { + validation_map[mitem] = "Passed" + break + } + } + + } + } + else { + for (item in non_gf_options_map[mitem]) { + if (item in suboptions_list) { + validation_map[mitem] = "Passed" + break + } + } + } + } + if ('Upload current terraform files/state to Resource Manager' in suboptions_list) { + if (AdditionalFilters.split("orm_compartments=\\[,")[1].startsWithAny(",", " ")) { + println("Failed - RM Stack Compartment") + valid_params = "Failed" + } + } + } else { + valid_params = "Failed" + } + result_list = [] + validation_map.each { result_list.add(it.value) } + if ("Failed" in result_list || valid_params == "Failed") { + valid_params = "Failed" + }else { + valid_params = "Passed" + } + def failed_map = validation_map.findAll {it.value == 'Failed'} + return [valid_params,failed_map.keySet() as List] + } return this \ No newline at end of file diff --git a/jenkins_install/setUpOCI.groovy b/jenkins_install/setUpOCI.groovy new file mode 100644 index 000000000..81f80bdba --- /dev/null +++ b/jenkins_install/setUpOCI.groovy @@ -0,0 +1,379 @@ +def buildstatus = "" +def git_status = 0 +def prefix = "${env.JOB_NAME}".split('/')[0] +def generateStage(job) { + return { + stage("Stage: ${job}") { + def values = job.split('/') + if (values.size() > 1) { + region = values[0] + service = values[1] + job_name = "./terraform_files/${region}/${service}/apply".replace("//","/") + }else { + region = values[0] + job_name = "./terraform_files/${region}/apply".replace("//","/") + } + build job: "${job_name}" + } + } +} +properties([ + parameters([ + [ + $class: 'ChoiceParameter', + choiceType: 'PT_RADIO', + description: 'Select Automation Toolkit Workflow', + name: 'Workflow', + script: [ + $class: 'ScriptlerScript', + scriptlerScriptId:'Workflow.groovy' + ] + ], + [ + $class: 'CascadeChoiceParameter', + choiceType: 'PT_CHECKBOX', + description: 'Select Main Options', + name: 'MainOptions', + referencedParameters: 'Workflow', + script: [ + $class: 'ScriptlerScript', + scriptlerScriptId:'MainOptions.groovy', + parameters: [ + [name:'Workflow', value: '${Workflow}'] + ] + ] + ], + [ + $class: 'CascadeChoiceParameter', + choiceType: 'PT_CHECKBOX', + description: 'Select Sub Options', + name: 'SubOptions', + referencedParameters: 'MainOptions', + script: [ + $class: 'ScriptlerScript', + scriptlerScriptId:'SubOptions.groovy', + parameters: [ + [name:'MainOptions', value: '${MainOptions}'] + ] + ] + ], + [ + $class: 'CascadeChoiceParameter', + choiceType: 'PT_CHECKBOX', + description: 'Select Options for the SubOptions selected above', + name: 'SubChildOptions', + referencedParameters: 'SubOptions', + script: [ + $class: 'ScriptlerScript', + scriptlerScriptId:'SubChildOptions.groovy', + parameters: [ + [name:'SubOptions', value: '${SubOptions}'] + ] + ] + ], + [ + $class: 'DynamicReferenceParameter', + choiceType: 'ET_FORMATTED_HTML', + description: 'Select additional filters', + name: 'AdditionalFilters', + referencedParameters: 'Workflow,SubOptions,SubChildOptions', + script: [ + $class: 'ScriptlerScript', + scriptlerScriptId: 'AdditionalFilters.groovy', + parameters: [ + [name:'SubOptions', value: '${SubOptions}'], + [name:'SubChildOptions', value: '${SubChildOptions}'], + [name:'Workflow', value: '${Workflow}'], + [name:'Prefix', value: "${prefix}"] + ] + ] + ] + ]) +]) +pipeline { + agent any + options { + ansiColor('xterm') + } + environment { + prefix_dir = "/cd3user/tenancies/${prefix}" + prefix = "${prefix}" + prop_file = "${prefix_dir}/${prefix}_setUpOCI.properties" + current_timestamp = sh (script: 'date +%s', returnStdout: true).trim() + } + parameters { + stashedFile ( + name: 'Excel_Template', + description: "Upload input Excel file.\nPreviously uploaded file will be used if left empty." + ) + } + stages { + stage ('Validate Input Parameters') { + steps { + catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') { + withFileParameter('Excel_Template') { + unstash 'Excel_Template' + script { + exlfile_check = labelledShell( label: 'Validating excel sheet', script: ''' + set +x + if [[ -n "$Excel_Template_FILENAME" ]];then + size=$(wc --bytes < "$Excel_Template") + if [[ ( $size -gt 1000000 ) || ( $Excel_Template_FILENAME != *.xlsx ) ]]; then + set -x + echo "Excel File validation failed because of size limit or extension not xlsx" + fi + fi + ''' , returnStdout: true).trim() + if ("${exlfile_check}".contains("Failed")) { + mitem = "excel template" + file_check = "Failed" + } else { + file_check = "Passed" + } + } + } + script { + def ParametersValidationScript = load "$JENKINS_HOME/scriptler/scripts/ValidateParams.groovy" + (ParametersValidation, ParametersList) = ParametersValidationScript.validate_params(Workflow,MainOptions,SubOptions,SubChildOptions,AdditionalFilters) + if (ParametersValidation == "Passed" && file_check == "Passed") { + echo 'Parameter Validation Successful.' + + }else { + if (file_check == "Failed"){ + fail_message = "Excel file validation failed" + } + else{ + fail_message = "Parameters validation failed for ${ParametersList.toString()} " + + } + unstable(message:"${fail_message}. Setting Build to Unstable") + ParametersValidation = "Failed" + } + } + } + } + } + stage('Update setUpOCI.properties') { + when{ + allOf { + expression {return ParametersValidation == "Passed" } + expression {return currentBuild.result != "ABORTED" } + expression {return currentBuild.result != "FAILURE" } + } + + } + steps { + catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') { + withFileParameter('Excel_Template') { + unstash 'Excel_Template' + labelledShell( label: 'Updating properties file', script: ''' + set +x + if [ "$Excel_Template_FILENAME" ]; then + time_stamp="$(date +%m-%d-%Y-%H-%M-%S)" + cd3_file="${prefix_dir}/$Excel_Template_FILENAME" + cd3_backup="${cd3_file}_${time_stamp}" + if [ -e "$cd3_file" ]; then + cp "$cd3_file" "$cd3_backup" + fi + cp "$Excel_Template" "$cd3_file" + sed -i "s|cd3file=.*|cd3file=${cd3_file}|g" $prop_file + fi + if grep -q "Create" <<< "${Workflow}"; then + workflow="create_resources" + elif grep -q "Export" <<< "${Workflow}"; then + workflow="export_resources" + fi + if [ `grep '^workflow_type' $prop_file` ] ; then + sed -i "s/^workflow_type=.*/workflow_type=${workflow}/g" $prop_file + else + echo "\nworkflow_type=${workflow}" >> $prop_file + fi + ''') + } + } + } + } + stage('Execute setUpOCI') { + when{ + allOf { + expression {return ParametersValidation == "Passed" } + expression {return currentBuild.result != "ABORTED" } + expression {return currentBuild.result != "FAILURE" } + } + } + + steps { + catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') { + labelledShell( label: 'Executing setUpOCI python script', script: ''' + set +x + cd /cd3user/oci_tools/cd3_automation_toolkit + python setUpOCI.py --devops True --main_options "${MainOptions}" --sub_options "${SubOptions}" --sub_child_options "${SubChildOptions}" --add_filter "${AdditionalFilters}" $prop_file + cd - + rm -rf *.* + # Check for cis_reports, show_oci and vizoci directories + if [ -d "${prefix_dir}/othertools_files/${prefix}_cis_report" ]; then + last_modified=`stat -c "%Y" ${prefix_dir}/othertools_files/${prefix}_cis_report` + if [ $(($last_modified-$current_timestamp)) -gt 0 ]; then + cp -r ${prefix_dir}/othertools_files/${prefix}_cis_report . + tar -cf ${prefix}_cis_report.zip ${prefix}_cis_report/ + rm -rf ${prefix}_cis_report + fi + fi + if [ -d "${prefix_dir}/othertools_files/${prefix}_showoci_report" ]; then + last_modified=`stat -c "%Y" ${prefix_dir}/othertools_files/${prefix}_showoci_report` + if [ $(($last_modified-$current_timestamp)) -gt 0 ]; then + cp -r ${prefix_dir}/othertools_files/${prefix}_showoci_report . + tar -cf ${prefix}_showoci_report.zip ${prefix}_showoci_report/ + rm -rf ${prefix}_showoci_report + fi + fi + + if [ -d "${prefix_dir}/othertools_files/${prefix}_vizoci_report" ]; then + last_modified=`stat -c "%Y" ${prefix_dir}/othertools_files/${prefix}_vizoci_report` + if [ $(($last_modified-$current_timestamp)) -gt 0 ]; then + cp -r ${prefix_dir}/othertools_files/${prefix}_vizoci_report . + tar -cf ${prefix}_vizoci_report.zip ${prefix}_vizoci_report/ + rm -rf ${prefix}_vizoci_report + fi + fi + + # For latest oci_fsdr plan XL file. + count=`ls -1 ${prefix_dir}/othertools_files/*.xl* 2>/dev/null | wc -l` + if [ $count != 0 ]; then + latest_fsdr_XL=`ls -t ${prefix_dir}/othertools_files/*.xl* | head -n 1` + last_modified=`stat -c \"%Y\" ${latest_fsdr_XL}` + if [ $(($last_modified-$current_timestamp)) -gt 0 ]; then + cp ${latest_fsdr_XL} . + fi + fi + ''') + + } + } + post { + failure { + + labelledShell( label: 'Preparing archival', script: ''' + set +x + # For CD3 Validator Log File + if [ -e "${prefix_dir}/terraform_files/${prefix}_cd3Validator.log" ]; then + last_modified=`stat -c "%Y" ${prefix_dir}/terraform_files/${prefix}_cd3Validator.log` + if [ $(($last_modified-$current_timestamp)) -gt 0 ]; then + rm -f ${prefix}_cd3Validator.log + cp ${prefix_dir}/terraform_files/${prefix}_cd3Validator.log . + fi + fi + ''') + + archiveArtifacts '*_cd3Validator.log' + } + always { + script{ + //For latest CD3 XL file. + file_path = labelledShell( label: 'Preparing archival', script: ''' + set +x + cd3_file=`grep '^cd3file' ${prop_file}| cut -d'=' -f2` + cp $cd3_file . + echo $cd3_file + ''', returnStdout: true).trim() + } + archiveArtifacts "${file_path.split("/")[(file_path.split("/")).length-1]}, *.zip,*.xl*" + + } + } + } + stage ('Run Import Commands') { + when { + allOf { + expression {return "${Workflow}".toLowerCase().contains("export")} + expression {return ParametersValidation == "Passed" } + expression {return currentBuild.result != "ABORTED" } + expression {return currentBuild.result != "FAILURE" } + + } + } + steps { + catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') { + script { + def data = readFile(file: "${prefix_dir}/terraform_files/.safe/import_scripts.safe") + def lines = data.readLines() + for (line in lines) { + script_full_path = (line.replace('//','/')).split("/") + script_name = script_full_path.last() + script_path = line.split("${script_name}")[0] + labelledShell( label: "Running ${script_name}", script: """ + set +x + cd ${script_path} + sh ./${script_name} + """) + } + } + } + } + } + stage ('GIT Commit to develop') { + when{ + allOf { + expression {return ParametersValidation == "Passed" } + expression {return currentBuild.result != "ABORTED" } + expression {return currentBuild.result != "FAILURE" } + } + } + steps { + catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') { + script { + git_status = labelledShell( label: 'Check git status', script: 'cd ${prefix_dir}/terraform_files; git status --porcelain | wc -l', returnStdout: true).trim() + // Check if anything to commit + if ("${git_status}" > 0) { + labelledShell( label: 'Performing git operations', script: ''' + set +x + cd ${prefix_dir}/terraform_files + echo "-----start timestamp-----" + time_stamp="$(date +%m-%d-%Y-%H-%M-%S)" + commit_msg="commit for setUpOCI build ${BUILD_NUMBER}" + git add -A . + git commit -m "${commit_msg}" + git push origin develop + ''') + }else { + echo 'Nothing to commit. Skipping further stages.' + } + } + } + } + } + stage ('Trigger Pipelines'){ + when { + allOf{ + expression {return "${git_status}" > 0} + expression {return ParametersValidation == "Passed" } + expression {return currentBuild.result != "ABORTED" } + expression {return currentBuild.result != "FAILURE" } + } + } + steps { + catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') { + script { + def jobs = [] + def data = readFile(file: "${prefix_dir}/terraform_files/.safe/updated_paths.safe") + def lines = data.readLines() + if (lines.size() == 0) { + println("No terraform configuration file generated") + } + for (line in lines) { + line = line.split('terraform_files/')[1] + jobs.add(line) + } + parallelStagesMap = jobs.collectEntries { + ["${it}" : generateStage(it)] + } + } + script{ + parallel parallelStagesMap + } + } + } + } + } + +} \ No newline at end of file diff --git a/jenkins_install/setUpOCI_config.xml b/jenkins_install/setUpOCI_config.xml deleted file mode 100644 index eb3a166a6..000000000 --- a/jenkins_install/setUpOCI_config.xml +++ /dev/null @@ -1,539 +0,0 @@ - - - - - - - - - Excel_Template - - - - - - hudson.model.ParametersDefinitionProperty - - - - Execute setUpOCI - false - - - false - false - - - - - Excel_Template - Upload input Excel file for the services chosen. -Previously uploaded file will be used if left empty. - - - Workflow - Select Automation Toolkit Workflow - choice-parameter-23492076346439 - 1 - - PT_RADIO - - - MainOptions - Select Main Options - choice-parameter-23492076464252 - 1 - - - Workflow - PT_CHECKBOX - - - SubOptions - Select Sub Options - choice-parameter-23492076517486 - 1 - - - MainOptions - PT_CHECKBOX - - - SubChildOptions - Select Options for the SubOptions selected above - choice-parameter-23492076566925 - 1 - - - SubOptions - PT_CHECKBOX - - - AdditionalFilters - Select additional filters - choice-parameter-23492076642248 - 1 - - - Workflow,SubOptions,SubChildOptions - ET_FORMATTED_HTML - false - - - - - - - true - - - false - \ No newline at end of file