use Autonomous Platform image for bastion. Make the notification & subscription resources dependent on the bastion instance

Signed-off-by: Ali Mukadam <[email protected]>

Author: hyder

docs/terraformoptions.adoc

@@ -149,8 +149,8 @@ Configuration Terraform Options:
 
 |bastion_image_id
 |Custom image id for the bastion host
-|image id or NONE. If the value is set to NONE, an Oracle Platform image will be used instead. Set use_autonomous to _false_ if you want to use your own image.
-|NONE
+|imageid/Autonomous
+|Autonomous
 
 |bastion_shape
 |The shape of bastion instance.
@@ -222,11 +222,6 @@ Configuration Terraform Options:
 |
 |
 
-|use_autonomous
-|Whether to use Autonomous Linux or an Oracle Linux Platform image or custom image. Set to false if you want to use your own image id or Oracle Linux Platform image.
-|true/false
-|false
-
 |===
 
 == Admin Host
@@ -245,7 +240,7 @@ Configuration Terraform Options:
 
 |admin_image_id
 |Custom image id for the admin host
-|image_id or NONE. If the value is set to NONE, an Oracle Platform image will be used instead. Set use_autonomous to _false_ if you want to use your own image. For now, *do not use Autonomous for the admin host.*
+|image_id/Oracle. If the value is set to Oracle, an Oracle Platform image will be used instead.
 |NONE
 
 |enable_instance_principal
@@ -288,9 +283,4 @@ Configuration Terraform Options:
 |
 |Australia/Sydney
 
-|admin_use_autonomous
-|Whether to use Autonomous Linux or an Oracle Linux Platform image or custom image. Set to false if you want to use your own image id or Oracle Linux Platform image. *Do not use autonomous for now*
-|true/false
-|false
-
 |===

locals.tf

@@ -36,7 +36,6 @@ locals {
     bastion_upgrade     = var.oci_base_bastion.bastion_upgrade
     ssh_public_key_path = var.oci_base_bastion.ssh_public_key_path
     timezone            = var.oci_base_bastion.timezone
-    use_autonomous      = var.oci_base_bastion.use_autonomous
   }
 
   oci_bastion_notification = {

modules/admin/compute.tf

@@ -29,7 +29,7 @@ resource "oci_core_instance" "admin" {
 
   source_details {
     source_type = "image"
-    source_id   = var.oci_admin.admin_image_id == "NONE" ? data.oci_core_images.admin_images.images.0.id : var.oci_admin.image_id
+    source_id   = var.oci_admin.admin_image_id == "Oracle" ? data.oci_core_images.admin_images.images.0.id : var.oci_admin.admin_image_id
   }
 
   timeouts {

modules/bastion/cloudinit/oracle.template.yaml

@@ -1,35 +1,14 @@
 # Copyright 2017, 2019, Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
-data "oci_core_app_catalog_listings" "autonomous_linux" {
-  display_name = "Oracle Autonomous Linux"
-  count        = var.oci_bastion.use_autonomous == true ? 1 : 0
-}
-
-data "oci_core_app_catalog_listing_resource_versions" "autonomous_linux" {
-  #Required
-  listing_id = lookup(data.oci_core_app_catalog_listings.autonomous_linux[0].app_catalog_listings[0], "listing_id")
-  count      = var.oci_bastion.use_autonomous == true ? 1 : 0
-}
-
-# Gets the Autonomous Linux image id
-data "oci_core_app_catalog_subscriptions" "autonomous_linux" {
-  #Required
-  compartment_id = var.oci_base_identity.compartment_id
-
-  #Optional
-  listing_id = lookup(data.oci_core_app_catalog_listing_resource_versions.autonomous_linux[0].app_catalog_listing_resource_versions[0], "listing_id")
-  count      = var.oci_bastion.use_autonomous == true ? 1 : 0
-}
-
 data "template_file" "autonomous_template" {
   template = file("${path.module}/scripts/notification.template.sh")
 
   vars = {
     notification_enabled = var.oci_bastion_notification.notification_enabled
     topic_id             = var.oci_bastion_notification.notification_enabled == true ? oci_ons_notification_topic.bastion_notification[0].topic_id : "null"
   }
-  count = var.oci_bastion.bastion_enabled == true && var.oci_bastion.use_autonomous == true ? 1 : 0
+  count = (var.oci_bastion.bastion_enabled == true && var.oci_bastion.bastion_image_id == "Autonomous") ? 1 : 0
 }
 
 data "template_file" "autonomous_cloud_init_file" {
@@ -39,32 +18,16 @@ data "template_file" "autonomous_cloud_init_file" {
     notification_sh_content = base64gzip(data.template_file.autonomous_template[0].rendered)
     timezone                = var.oci_bastion.timezone
   }
-  count = var.oci_bastion.bastion_enabled == true && var.oci_bastion.use_autonomous == true ? 1 : 0
+  count = (var.oci_bastion.bastion_enabled == true && var.oci_bastion.bastion_image_id == "Autonomous") ? 1 : 0
 }
 
-data "oci_core_images" "oracle_images" {
+data "oci_core_images" "autonomous_images" {
   compartment_id           = var.oci_base_identity.compartment_id
-  operating_system         = "Oracle Linux"
+  operating_system         = "Autonomous Linux"
   operating_system_version = "7.7"
   shape                    = var.oci_bastion.bastion_shape
   sort_by                  = "TIMECREATED"
-  count                    = var.oci_bastion.bastion_enabled == true && var.oci_bastion.use_autonomous == false ? 1 : 0
-}
-
-data "template_file" "oracle_template" {
-  template = file("${path.module}/scripts/oracle.template.sh")
-  count    = var.oci_bastion.bastion_enabled == true && var.oci_bastion.use_autonomous == false ? 1 : 0
-}
-
-data "template_file" "oracle_cloud_init_file" {
-  template = file("${path.module}/cloudinit/oracle.template.yaml")
-
-  vars = {
-    bastion_sh_content      = base64gzip(data.template_file.oracle_template[0].rendered)
-    bastion_package_upgrade = var.oci_bastion.bastion_upgrade
-    timezone                = var.oci_bastion.timezone
-  }
-  count = var.oci_bastion.bastion_enabled == true && var.oci_bastion.use_autonomous == false ? 1 : 0
+  count                    = (var.oci_bastion.bastion_enabled == true && var.oci_bastion.bastion_image_id == "Autonomous") ? 1 : 0
 }
 
 # cloud init for bastion
@@ -75,7 +38,7 @@ data "template_cloudinit_config" "bastion" {
   part {
     filename     = "bastion.yaml"
     content_type = "text/cloud-config"
-    content      = var.oci_bastion.use_autonomous == true ? data.template_file.autonomous_cloud_init_file[0].rendered : data.template_file.oracle_cloud_init_file[0].rendered
+    content      = data.template_file.autonomous_cloud_init_file[0].rendered
   }
   count = var.oci_bastion.bastion_enabled == true ? 1 : 0
 }

modules/bastion/datasources.tf

@@ -5,11 +5,9 @@
 # https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
 
 locals {
-  all_protocols       = "all"
-  anywhere            = "0.0.0.0/0"
-  ssh_port            = 22
-  tcp_protocol        = 6
-  autonomous_image_id = var.oci_bastion.use_autonomous == true ? lookup(data.oci_core_app_catalog_subscriptions.autonomous_linux[0].app_catalog_subscriptions[0], "listing_resource_id") : null
-  oracle_image_id     = var.oci_bastion.use_autonomous == false ? data.oci_core_images.oracle_images[0].images.0.id  : null
-  bastion_image_id    = var.oci_bastion.use_autonomous == true ? local.autonomous_image_id : (var.oci_bastion.bastion_image_id == "NONE" ? local.oracle_image_id : var.oci_bastion.bastion_image_id)
+  all_protocols    = "all"
+  anywhere         = "0.0.0.0/0"
+  ssh_port         = 22
+  tcp_protocol     = 6
+  bastion_image_id = var.oci_bastion.bastion_image_id == "Autonomous" ? data.oci_core_images.autonomous_images[0].images.0.id : var.oci_bastion.bastion_image_id
 }

modules/bastion/locals.tf

@@ -25,7 +25,7 @@ resource "oci_ons_notification_topic" "bastion_notification" {
   #Required
   compartment_id = var.oci_base_identity.compartment_id
   name           = "${var.oci_bastion_general.label_prefix}-${var.oci_bastion_notification.notification_topic}"
-  count          = var.oci_bastion_notification.notification_enabled == true ? 1 : 0
+  count          = (var.oci_bastion.bastion_enabled == true && var.oci_bastion_notification.notification_enabled == true) ? 1 : 0
 }
 
 resource "oci_ons_subscription" "bastion_notification" {
@@ -34,7 +34,7 @@ resource "oci_ons_subscription" "bastion_notification" {
   endpoint       = var.oci_bastion_notification.notification_endpoint
   protocol       = var.oci_bastion_notification.notification_protocol
   topic_id       = oci_ons_notification_topic.bastion_notification[0].topic_id
-  count          = var.oci_bastion_notification.notification_enabled == true ? 1 : 0
+  count          = (var.oci_bastion.bastion_enabled == true && var.oci_bastion_notification.notification_enabled == true) ? 1 : 0
 }
 
 resource "oci_identity_dynamic_group" "bastion_notification" {
@@ -44,7 +44,7 @@ resource "oci_identity_dynamic_group" "bastion_notification" {
   matching_rule  = "ALL {instance.id = '${join(",", data.oci_core_instance.bastion.*.id)}'}"
   name           = "${var.oci_bastion_general.label_prefix}-bastion-notification"
   depends_on     = [oci_core_instance.bastion]
-  count          = var.oci_bastion_notification.notification_enabled == true && var.oci_bastion.bastion_enabled == true ? 1 : 0
+  count          = (var.oci_bastion.bastion_enabled == true && var.oci_bastion_notification.notification_enabled == true) ? 1 : 0
 }
 
 resource "oci_identity_policy" "bastion_notification" {
@@ -54,5 +54,5 @@ resource "oci_identity_policy" "bastion_notification" {
   name           = "${var.oci_bastion_general.label_prefix}-bastion-notification"
   statements     = ["Allow dynamic-group ${oci_identity_dynamic_group.bastion_notification[0].name} to use ons-topic in compartment id ${data.oci_identity_compartments.compartments_id.compartments.0.id} where request.permission='ONS_TOPIC_PUBLISH'"]
   depends_on     = [oci_core_instance.bastion]
-  count          = var.oci_bastion.bastion_enabled == true && var.oci_bastion_notification.notification_enabled == true ? 1 : 0
+  count          = (var.oci_bastion.bastion_enabled == true && var.oci_bastion_notification.notification_enabled == true) ? 1 : 0
 }

modules/bastion/ons.tf

@@ -47,7 +47,6 @@ variable "oci_bastion" {
     bastion_upgrade     = bool
     ssh_public_key_path = string
     timezone            = string
-    use_autonomous      = bool
   })
   description = "bastion host parameters"
 }

modules/bastion/scripts/oracle.template.sh

@@ -29,7 +29,7 @@ oci_base_bastion = {
   availability_domains  = 1
   bastion_access        = "ANYWHERE"
   bastion_enabled       = true
-  bastion_image_id      = "NONE"
+  bastion_image_id      = "Autonomous"
   bastion_shape         = "VM.Standard.E2.2"
   bastion_upgrade       = true
   netnum                = 32
@@ -41,14 +41,13 @@ oci_base_bastion = {
   ssh_private_key_path  = ""
   ssh_public_key_path   = ""
   timezone              = "Australia/Sydney"
-  use_autonomous        = true
 }
 
 # admin
 oci_base_admin = {
   availability_domains      = 1
   admin_enabled             = true
-  admin_image_id            = "NONE"
+  admin_image_id            = "Oracle"
   admin_shape               = "VM.Standard.E2.2"
   admin_upgrade             = false
   enable_instance_principal = true
@@ -61,5 +60,4 @@ oci_base_admin = {
   ssh_private_key_path      = ""
   ssh_public_key_path       = ""
   timezone                  = "Australia/Sydney"
-  use_autonomous            = false
 }