Development (#322)

merge from development to main

---------

Co-authored-by: Abhijit Paranjpe <[email protected]>
Co-authored-by: telake <[email protected]>
Co-authored-by: Roberto Sanchez Herrera <[email protected]>
Co-authored-by: P M Darshan <[email protected]>
Co-authored-by: C R Aniruddh Srivatsa <[email protected]>
Co-authored-by: Mahuwa Barman <[email protected]>
Co-authored-by: Chintamani Bhat <[email protected]>
Co-authored-by: Sarada Kommalapati <[email protected]>
Co-authored-by: Adrian Padilla Duarte <[email protected]>
Co-authored-by: Mahuwa-Barman <[email protected]>
Co-authored-by: srjanaki <[email protected]>
Co-authored-by: ManviGupta-prog <[email protected]>
Co-authored-by: Ananya Tripathi <[email protected]>

Author: 13 people

terraform/locals.tf

@@ -196,8 +196,9 @@ locals {
   select_existing_profile         = var.select_existing_profile
   create_profile                  = (local.enable_osmh && !local.select_existing_profile) ? true : false
   profile_ocid                    = local.select_existing_profile ? var.profile_ocid : ""
-  profile_compartment_id          = var.profile_compartment_id
-  profile_name                    = var.profile_name
+  profile_compartment_id          = var.profile_compartment_id == "" ? var.compartment_ocid : var.profile_compartment_id
+  profile_name                    = var.profile_name == "" ? format("%s_profile", local.service_name_prefix) : var.profile_name
+
 
   # Secured Production Mode
   preserve_boot_properties          = var.configure_secure_mode ? var.preserve_boot_properties : true

terraform/main.tf

@@ -239,6 +239,8 @@ module "policies" {
   apm_domain_compartment_id        = local.apm_domain_compartment_id
   use_autoscaling                  = var.use_autoscaling
   enable_osmh                      = var.enable_osmh
+  profile_compartment_id           = var.profile_compartment_id
+
   ocir_auth_token_id               = var.ocir_auth_token_id
   add_fss                          = var.add_fss
   add_load_balancer                = local.add_load_balancer
@@ -484,6 +486,9 @@ module "validators" {
   wls_secondary_admin_password_id = local.wls_secondary_admin_password_id
   administration_port             = var.administration_port
   ms_administration_port          = var.ms_administration_port
+
+  profile_ocid            = local.profile_ocid
+  select_existing_profile = local.select_existing_profile
 }
 
 module "fss" {
@@ -593,7 +598,7 @@ module "observability-osmh"{
   source              = "./modules/observability/osmh"
   count               = local.create_profile ? 1 : 0
   tenancy_id          = var.tenancy_ocid
-  display_name        = var.profile_name
+  display_name        = local.profile_name
   compartment_id      = local.profile_compartment_id
 }
 

terraform/modules/observability/osmh/versions.tf

@@ -0,0 +1,10 @@
+# Copyright (c) 2023, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+terraform {
+  required_providers {
+    oci = {
+      source = "oracle/oci"
+    }
+  }
+}

terraform/modules/policies/locals.tf

@@ -53,9 +53,12 @@ locals {
   plugin_policy_statement = compact([local.plugin_policy_statement1, local.plugin_policy_statement2])
 
   # Policies required for enabling the OSMH plugin
-  osmh_policy_statement1 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage osmh-family in tenancy" : ""
-  osmh_policy_statement2 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to {OSMH_MANAGED_INSTANCE_ACCESS} in tenancy where request.principal.id = target.managed-instance.id" : ""
-  osmh_policy_statement  = compact([local.osmh_policy_statement1, local.osmh_policy_statement2])
+  osmh_policy_statement1 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage osmh-family in compartment id ${var.compartment_id}" : ""
+  osmh_policy_statement2 = var.enable_osmh? var.profile_compartment_id != var.compartment_id? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage osmh-family in compartment id  ${var.profile_compartment_id}" : "" : ""
+  osmh_policy_statement3 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to {OSMH_MANAGED_INSTANCE_ACCESS} in tenancy where request.principal.id = target.managed-instance.id" : ""
+  osmh_policy_statement4 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to {MGMT_AGENT_DEPLOY_PLUGIN_CREATE, MGMT_AGENT_INSPECT, MGMT_AGENT_READ} in compartment id ${var.compartment_id}" : ""
+  osmh_policy_statement  = compact([local.osmh_policy_statement1, local.osmh_policy_statement2, local.osmh_policy_statement3, local.osmh_policy_statement4])
+
 
   #Policies for WLS instance principal dynamic group
   autoscaling_statement1 = var.use_autoscaling ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use repos in tenancy" : ""

terraform/modules/policies/variables.tf

@@ -224,7 +224,12 @@ variable "wls_secondary_admin_password_id" {
   description = "The OCID of the vault secret with the password for secondary WebLogic administration user"
 }
 variable "enable_osmh" {
-  type = bool
+  type        = bool
   description = "Indicating that OSMH is enabled"
 }
+variable "profile_compartment_id"{
+  type        = string
+  description = "The compartment Id to create the profile"
+}
+
 

terraform/modules/validators/validators.tf

@@ -84,4 +84,7 @@ locals {
   invalid_jrf_12c_secure_mode      = var.configure_secure_mode && local.is12cVersion && (var.is_oci_db || var.is_atp_db || trimspace(var.oci_db_connection_string) != "")
   invalid_jrf_12c_secure_mode_msg  = "WLSC-ERROR: JRF domain is not supported for FMW 12c version in secured production mode."
   validate_jrf_12c_secure_mode     = local.invalid_jrf_12c_secure_mode ? local.validators_msg_map[local.invalid_jrf_12c_secure_mode_msg] : ""
+
+  missing_profile_id_msg = "WLSC-ERROR: The value for profile id is required if existing profile is used for OSMH"
+  validate_profile_id    = (var.select_existing_profile && var.profile_ocid == "" ? local.validators_msg_map[local.missing_profile_id_msg] : null)
 }

terraform/modules/validators/variables.tf

@@ -564,3 +564,11 @@ variable "ms_administration_port" {
   type        = number
   description = "The administration port for managed servers to configure a secure WebLogic domain"
 }
+variable "select_existing_profile"{
+  type        = bool
+  description = "Set to true to use an existing profile"
+}
+variable "profile_ocid"{
+  type        = string
+  description = "The ocid of the profile used for OSMH registration."
+}

terraform/schema.yaml

@@ -105,9 +105,9 @@ groupings:
 
   - title: "OS Management Hub Profile"
     variables:
+      - ${select_existing_profile}
       - ${profile_compartment_id}
       - ${profile_name}
-      - ${select_existing_profile}
       - ${profile_ocid}
 
   - title: "Resource Manager Private Endpoint"

terraform/schema_14110.yaml

@@ -78,9 +78,9 @@ groupings:
 
   - title: "OS Management Hub Profile"
     variables:
+      - ${select_existing_profile}
       - ${profile_compartment_id}
       - ${profile_name}
-      - ${select_existing_profile}
       - ${profile_ocid}
 
   - title: "Resource Manager Private Endpoint"

terraform/schema_14120.yaml

@@ -106,9 +106,9 @@ groupings:
 
   - title: "OS Management Hub Profile"
     variables:
+      - ${select_existing_profile}
       - ${profile_compartment_id}
       - ${profile_name}
-      - ${select_existing_profile}
       - ${profile_ocid}
 
   - title: "Resource Manager Private Endpoint"