replaced deprecated template_file data source with templatefile function (#28)

* added support for private bastion, changed default shape to E4.Flex

* replaced deprecated template_file data source with templatefile function, renamed variables

* Update CHANGELOG.adoc

* moved templating function into locals

* minor typo

* changed cloud init provider

* Update versions.tf

Author: hyder

CHANGELOG.adoc

@@ -10,6 +10,10 @@ The format is based on {uri-changelog}[Keep a Changelog].
 = Unreleased
 
 == New features
+* Renamed variable bastion_upgrade --> upgrade_bastion
+* Renamed variable timezone --> bastion_timezone
+* AD lookup mechanism reimplemented to remove dependency on deprecated template_file data source
+* Replaced deprecated template_file data source with templatefile function
 * New variable (`bastion_operating_system_version`) to specify Autonomous Linux version (#15)
 * Added sort_order on images (#16)
 * New variable (`bastion_state`) to specify state of bastion host (#17)

cloudinit/autonomous.template.yaml

@@ -2,7 +2,8 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
 #cloud-config
-timezone: ${timezone}
+package_upgrade: ${upgrade_bastion}
+timezone: ${bastion_timezone}
 
 write_files:
 # setup script

compute.tf

@@ -2,10 +2,22 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
 resource "oci_core_instance" "bastion" {
-  availability_domain = element(local.ad_names, (var.availability_domain - 1))
+  availability_domain = data.oci_identity_availability_domain.ad.name
   compartment_id      = var.compartment_id
   freeform_tags       = var.tags
 
+  agent_config {
+
+    are_all_plugins_disabled = false
+    is_management_disabled   = false
+    is_monitoring_disabled   = false
+
+    plugins_config {
+      desired_state = "DISABLED"
+      name          = "Bastion"
+    }
+  }
+
   create_vnic_details {
     assign_public_ip = var.bastion_type == "public" ? true : false
     display_name     = var.label_prefix == "none" ? "bastion-vnic" : "${var.label_prefix}-bastion-vnic"
@@ -27,7 +39,7 @@ resource "oci_core_instance" "bastion" {
 
   metadata = {
     ssh_authorized_keys = var.ssh_public_key != "" ? var.ssh_public_key : file(var.ssh_public_key_path)
-    user_data           = data.template_cloudinit_config.bastion[0].rendered
+    user_data           = data.cloudinit_config.bastion[0].rendered
   }
 
   shape = lookup(var.bastion_shape, "shape", "VM.Standard.E2.2")
@@ -47,10 +59,10 @@ resource "oci_core_instance" "bastion" {
   }
 
   state = var.bastion_state
-  
+
   timeouts {
     create = "60m"
   }
 
-  count = var.bastion_enabled == true ? 1 : 0
+  count = var.create_bastion == true ? 1 : 0
 }

datasources.tf

@@ -1,13 +1,10 @@
 # Copyright 2019, 2020 Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
-data "oci_identity_availability_domains" "ad_list" {
+data "oci_identity_availability_domain" "ad" {
   compartment_id = var.tenancy_id
-}
 
-data "template_file" "ad_names" {
-  count    = length(data.oci_identity_availability_domains.ad_list.availability_domains)
-  template = lookup(data.oci_identity_availability_domains.ad_list.availability_domains[count.index], "name")
+  ad_number = var.availability_domain
 }
 
 data "oci_identity_tenancy" "tenancy" {
@@ -26,28 +23,6 @@ data "oci_core_vcn" "vcn" {
   vcn_id = var.vcn_id
 }
 
-data "template_file" "autonomous_template" {
-  template = file("${path.module}/scripts/notification.template.sh")
-
-  vars = {
-    notification_enabled = var.notification_enabled
-    topic_id             = var.notification_enabled == true ? oci_ons_notification_topic.bastion_notification[0].topic_id : "null"
-  }
-
-  count = (var.bastion_enabled == true && var.bastion_image_id == "Autonomous") ? 1 : 0
-}
-
-data "template_file" "autonomous_cloud_init_file" {
-  template = file("${path.module}/cloudinit/autonomous.template.yaml")
-
-  vars = {
-    notification_sh_content = base64gzip(data.template_file.autonomous_template[0].rendered)
-    timezone                = var.timezone
-  }
-
-  count = (var.bastion_enabled == true && var.bastion_image_id == "Autonomous") ? 1 : 0
-}
-
 data "oci_core_images" "autonomous_images" {
   compartment_id           = var.compartment_id
   operating_system         = "Oracle Autonomous Linux"
@@ -58,45 +33,51 @@ data "oci_core_images" "autonomous_images" {
 }
 
 # cloud init for bastion
-data "template_cloudinit_config" "bastion" {
+data "cloudinit_config" "bastion" {
   gzip          = true
   base64_encode = true
 
   part {
     filename     = "bastion.yaml"
     content_type = "text/cloud-config"
-    content      = data.template_file.autonomous_cloud_init_file[0].rendered
+    content = templatefile(
+      local.autonomous_template, {
+        bastion_timezone        = var.bastion_timezone,
+        notification_sh_content = local.notification_template,
+        upgrade_bastion         = var.upgrade_bastion
+      }
+    )
   }
-  count = var.bastion_enabled == true ? 1 : 0
+  count = var.create_bastion == true ? 1 : 0
 }
 
 # Gets a list of VNIC attachments on the bastion instance
 data "oci_core_vnic_attachments" "bastion_vnics_attachments" {
-  availability_domain = element(local.ad_names, (var.availability_domain - 1))
+  availability_domain = data.oci_identity_availability_domain.ad.name
   compartment_id      = var.compartment_id
   depends_on          = [oci_core_instance.bastion]
   instance_id         = oci_core_instance.bastion[0].id
 
-  count = var.bastion_enabled == true ? 1 : 0
+  count = var.create_bastion == true ? 1 : 0
 }
 
 # Gets the OCID of the first (default) VNIC on the bastion instance
 data "oci_core_vnic" "bastion_vnic" {
   depends_on = [oci_core_instance.bastion]
   vnic_id    = lookup(data.oci_core_vnic_attachments.bastion_vnics_attachments[0].vnic_attachments[0], "vnic_id")
 
-  count = var.bastion_enabled == true ? 1 : 0
+  count = var.create_bastion == true ? 1 : 0
 }
 
 data "oci_core_instance" "bastion" {
   depends_on  = [oci_core_instance.bastion]
   instance_id = oci_core_instance.bastion[0].id
 
-  count = var.bastion_enabled == true ? 1 : 0
+  count = var.create_bastion == true ? 1 : 0
 }
 
 data "oci_ons_notification_topic" "bastion_notification" {
   topic_id = oci_ons_notification_topic.bastion_notification[0].topic_id
 
-  count = (var.bastion_enabled == true && var.notification_enabled == true) ? 1 : 0
+  count = (var.create_bastion == true && var.enable_notification == true) ? 1 : 0
 }

docs/quickstart.adoc

@@ -81,8 +81,8 @@ provider "oci" {
 . Optional parameters to override:
 
 * `bastion_shape`
-* `bastion_upgrade`
-* `notification_enabled`
+* `upgrade_bastion`
+* `enable_notification`
 * `notification_endpoint`
 
 . Run Terraform:

docs/terraformoptions.adoc

@@ -128,7 +128,7 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |Values
 |Default
 
-|`bastion_enabled`
+|`create_bastion`
 |whether to create the bastion
 | true/false
 |true
@@ -163,16 +163,16 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |RUNNING|STOPPED
 |RUNNING
 
+|`bastion_timezone`
+|The preferred timezone for the bastion host. {uri-timezones}[List of timezones]
+|e.g. Australia/Sydney
+|The preferred timezone for the bastion host. {uri-timezones}[List of timezones]
+
 |`bastion_type`
 |Whether to make the bastion host public or private.
 |public|private
 |public
 
-|`bastion_upgrade`
-|Whether to upgrade the bastion host packages after provisioning. It's useful to set this to false during development/testing so the bastion is provisioned faster.
-|true/false
-|true
-
 |`ssh_public_key`
 |the content of the ssh public key used to access the bastion. set this or the ssh_public_key_path
 |
@@ -183,10 +183,10 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |""
 |
 
-|`timezone`
-|The preferred timezone for the bastion host. {uri-timezones}[List of timezones]
-|e.g. Australia/Sydney
-|The preferred timezone for the bastion host. {uri-timezones}[List of timezones]
+|`upgrade_bastion`
+|Whether to upgrade the bastion host packages after provisioning. It's useful to set this to false during development/testing so the bastion is provisioned faster.
+|true/false
+|true
 
 |===
 
@@ -200,13 +200,13 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |Values
 |Default
 
-|`notification_enabled`
+|`enable_notification`
 |Whether to enable ONS notification for the bastion host.
 |true/false
 |false
 
 |`notification_endpoint`
-|The subscription notification endpoint. Email address to be notified. *Required if notification_enabled = true* ..
+|The subscription notification endpoint. Email address to be notified. *Required if enable_notification = true* ..
 |
 |Autonomous
 

locals.tf

@@ -5,11 +5,26 @@
 # https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
 
 locals {
-  all_protocols    = "all"
-  ad_names         = data.template_file.ad_names.*.rendered
-  anywhere         = "0.0.0.0/0"
-  ssh_port         = 22
-  tcp_protocol     = 6
-  bastion_image_id = var.bastion_image_id == "Autonomous" ? data.oci_core_images.autonomous_images.images.0.id : var.bastion_image_id
-  vcn_cidr         = data.oci_core_vcn.vcn.cidr_block
+  all_protocols       = "all"
+  
+  anywhere            = "0.0.0.0/0"
+  
+  autonomous_template = "${path.module}/cloudinit/autonomous.template.yaml"
+  
+  bastion_image_id    = var.bastion_image_id == "Autonomous" ? data.oci_core_images.autonomous_images.images.0.id : var.bastion_image_id
+  
+  notification_template = base64gzip(
+    templatefile("${path.module}/scripts/notification.template.sh",
+      {
+        enable_notification = var.enable_notification,
+        topic_id            = var.enable_notification == true ? oci_ons_notification_topic.bastion_notification[0].topic_id : "null"
+      }
+    )
+  )
+  
+  ssh_port     = 22
+  
+  tcp_protocol = 6
+  
+  vcn_cidr     = data.oci_core_vcn.vcn.cidr_block
 }

ons.tf

@@ -14,7 +14,7 @@ resource "oci_ons_notification_topic" "bastion_notification" {
   compartment_id = var.compartment_id
   name           = var.label_prefix == "none" ? var.notification_topic : "${var.label_prefix}-${var.notification_topic}"
 
-  count = (var.bastion_enabled == true && var.notification_enabled == true) ? 1 : 0
+  count = (var.create_bastion == true && var.enable_notification == true) ? 1 : 0
 }
 
 resource "oci_ons_subscription" "bastion_notification" {
@@ -23,7 +23,7 @@ resource "oci_ons_subscription" "bastion_notification" {
   protocol       = var.notification_protocol
   topic_id       = oci_ons_notification_topic.bastion_notification[0].topic_id
 
-  count = (var.bastion_enabled == true && var.notification_enabled == true) ? 1 : 0
+  count = (var.create_bastion == true && var.enable_notification == true) ? 1 : 0
 }
 
 resource "oci_identity_dynamic_group" "bastion_notification" {
@@ -35,7 +35,7 @@ resource "oci_identity_dynamic_group" "bastion_notification" {
   matching_rule  = "ALL {instance.id = '${join(",", data.oci_core_instance.bastion.*.id)}'}"
   name           = var.label_prefix == "none" ? "bastion-notification" : "${var.label_prefix}-bastion-notification"
 
-  count = (var.bastion_enabled == true && var.notification_enabled == true) ? 1 : 0
+  count = (var.create_bastion == true && var.enable_notification == true) ? 1 : 0
 }
 
 resource "oci_identity_policy" "bastion_notification" {
@@ -47,5 +47,5 @@ resource "oci_identity_policy" "bastion_notification" {
   name           = var.label_prefix == "none" ? "bastion-notification" : "${var.label_prefix}-bastion-notification"
   statements     = ["Allow dynamic-group ${oci_identity_dynamic_group.bastion_notification[0].name} to use ons-topic in compartment id ${var.compartment_id} where request.permission='ONS_TOPIC_PUBLISH'"]
 
-  count = (var.bastion_enabled == true && var.notification_enabled == true) ? 1 : 0
+  count = (var.create_bastion == true && var.enable_notification == true) ? 1 : 0
 }

scripts/notification.template.sh

@@ -3,7 +3,7 @@
 # Copyright 2019, 2020 Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
-if [ ${notification_enabled} ]; then
+if [ ${enable_notification} ]; then
   sudo al-config -T ${topic_id}
 else
   echo 'ONS notification not enabled'

security.tf

@@ -23,5 +23,5 @@ resource "oci_core_security_list" "bastion" {
   }
   vcn_id = var.vcn_id
 
-  count = var.bastion_enabled == true ? 1 : 0
+  count = var.create_bastion == true ? 1 : 0
 }