added support for private bastion, changed default shape to E4.Flex (#25)

hyder · web-flow · commit 717692d1a3f5 · 2021-05-26T18:42:47.000+10:00
* added support for private bastion, changed default shape to E4.Flex

* updated changelog
diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc
@@ -13,6 +13,7 @@ The format is based on {uri-changelog}[Keep a Changelog].
 * New variable (`bastion_operating_system_version`) to specify Autonomous Linux version (#15)
 * Added sort_order on images (#16)
 * New variable (`bastion_state`) to specify state of bastion host (#17)
+* Added support for private bastion host (#23)
 
 === Deprecation notice
 
diff --git a/compute.tf b/compute.tf
@@ -7,7 +7,7 @@ resource "oci_core_instance" "bastion" {
   freeform_tags       = var.tags
 
   create_vnic_details {
-    assign_public_ip = true
+    assign_public_ip = var.bastion_type == "public" ? true : false
     display_name     = var.label_prefix == "none" ? "bastion-vnic" : "${var.label_prefix}-bastion-vnic"
     hostname_label   = "bastion"
     subnet_id        = oci_core_subnet.bastion[0].id
diff --git a/docs/terraformoptions.adoc b/docs/terraformoptions.adoc
@@ -146,13 +146,13 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |`bastion_shape`
 |The shape of bastion instance. This is now specified as a map and supports E3.Flex. If a non-Flex shape is specified, then the other parameters are ignored.
 |e.g. `bastion_shape = {
-  shape="VM.Standard.E3.Flex",
+  shape="VM.Standard.E4.Flex",
   ocpus=1,
   memory=4,
   boot_volume_size=50
 }`
 |`bastion_shape = {
-  shape="VM.Standard.E3.Flex",
+  shape="VM.Standard.E4.Flex",
   ocpus=1,
   memory=4,
   boot_volume_size=50
@@ -163,6 +163,11 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |RUNNING|STOPPED
 |RUNNING
 
+|`bastion_type`
+|Whether to make the bastion host public or private.
+|public|private
+|public
+
 |`bastion_upgrade`
 |Whether to upgrade the bastion host packages after provisioning. It's useful to set this to false during development/testing so the bastion is provisioned faster.
 |true/false
diff --git a/outputs.tf b/outputs.tf
@@ -2,5 +2,5 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
 output "bastion_public_ip" {
-  value = join(",", data.oci_core_vnic.bastion_vnic.*.public_ip_address)
+  value = join(",", var.bastion_type == "public" ? data.oci_core_vnic.bastion_vnic.*.public_ip_address : data.oci_core_vnic.bastion_vnic.*.private_ip_address )
 }
diff --git a/subnets.tf b/subnets.tf
@@ -7,7 +7,7 @@ resource "oci_core_subnet" "bastion" {
   display_name               = var.label_prefix == "none" ? "bastion" : "${var.label_prefix}-bastion"
   dns_label                  = "bastion"
   freeform_tags              = var.tags
-  prohibit_public_ip_on_vnic = false
+  prohibit_public_ip_on_vnic = var.bastion_type == "public" ? false : true
   route_table_id             = var.ig_route_id
   security_list_ids          = [oci_core_security_list.bastion[0].id]
   vcn_id                     = var.vcn_id
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
@@ -41,7 +41,7 @@ bastion_operating_system_version = "7.9"
 
 bastion_shape = {
   # shape = "VM.Standard.E2.2"
-  shape="VM.Standard.E3.Flex",
+  shape="VM.Standard.E4.Flex",
   ocpus=1,
   memory=4,
   boot_volume_size=50
diff --git a/variables.tf b/variables.tf
@@ -105,23 +105,29 @@ variable "bastion_operating_system_version" {
 variable "bastion_shape" {
   description = "The shape of bastion instance."
   default     = {
-   shape = "VM.Standard.E3.Flex", ocpus = 1, memory = 4, boot_volume_size = 50
+   shape = "VM.Standard.E4.Flex", ocpus = 1, memory = 4, boot_volume_size = 50
   }
   type        = map(any)
 }
 
-variable "bastion_upgrade" {
-  description = "Whether to upgrade the bastion host packages after provisioning. It's useful to set this to false during development/testing so the bastion is provisioned faster."
-  default     = false
-  type        = bool
-}
-
 variable "bastion_state" {
   description = "The target state for the instance. Could be set to RUNNING or STOPPED. (Updatable)"
   default     = "RUNNING"
   type        = string
 }
 
+variable "bastion_type" {
+  description = "Whether to make the bastion host public or private."
+  default     = "public"
+  type        = string
+}
+
+variable "bastion_upgrade" {
+  description = "Whether to upgrade the bastion host packages after provisioning. It's useful to set this to false during development/testing so the bastion is provisioned faster."
+  default     = false
+  type        = bool
+}
+
 variable "ssh_public_key" {
   description = "the content of the ssh public key used to access the bastion. set this or the ssh_public_key_path"
   default     = ""

Original file line number	Diff line number	Diff line change
`@@ -2,5 +2,5 @@`
`2`	`2`	`# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl`
`3`	`3`
`4`	`4`	`output "bastion_public_ip" {`
`5`		`- value = join(",", data.oci_core_vnic.bastion_vnic.*.public_ip_address)`
	`5`	`+ value = join(",", var.bastion_type == "public" ? data.oci_core_vnic.bastion_vnic..public_ip_address : data.oci_core_vnic.bastion_vnic..private_ip_address )`
`6`	`6`	`}`