updated vcn cidr look up method and removed deprecated vcn_cidr (#37)

Signed-off-by: Ali Mukadam <[email protected]>

Author: hyder

CHANGELOG.adoc

@@ -19,20 +19,20 @@ The format is based on {uri-changelog}[Keep a Changelog].
 * Set minimum Terraform version to 1.0.0
 * OCI home region provider now expected as parameter to providers
 * Renamed notification variables (#18)
-** create_bastion -> create_bastion_host
 ** enable_notification -> enable_bastion_notification
 ** notification_endpoint -> bastion_notification_endpoint
 ** notification_protocol -> bastion_notification_protocol
 ** notification_topic -> bastion_notification_topic
 ** Renamed variable bastion_upgrade --> upgrade_bastion
 ** Renamed variable timezone --> bastion_timezone
-** Renamed variable tags --> bastion_tags
+** Renamed variable tags --> freeform_tags
 * Changed bastion access from a single CIDR to a list of CIDR blocks (#29)
 * AD lookup mechanism reimplemented to remove dependency on deprecated template_file data source (#27)
 * Replaced all deprecated template_file data source with templatefile function (#27)
 
 == Deletion
 * Removed provider identity parameters except for tenancy_id
+* Removed create_bastion_host parameter (#36)
 
 = v2.0.0 (December 8, 2020)
 * Added support for flex shapes (#11)

README.md

@@ -1,28 +1,28 @@
 # Terraform OCI Bastion for Oracle Cloud Infrastructure
 
-[changelog]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/master/CHANGELOG.adoc
-[contributing]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/master/CONTRIBUTING.adoc
-[contributors]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/master/CONTRIBUTORS.adoc
-[docs]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/tree/master/docs
+[changelog]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/main/CHANGELOG.adoc
+[contributing]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/main/CONTRIBUTING.adoc
+[contributors]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/main/CONTRIBUTORS.adoc
+[docs]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/tree/main/docs
 
-[license]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/master/LICENSE
+[license]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/main/LICENSE
 [canonical_license]: https://oss.oracle.com/licenses/upl/
 
 [oci]: https://cloud.oracle.com/cloud-infrastructure
 [oci_documentation]: https://docs.cloud.oracle.com/iaas/Content/home.htm
 
 [oracle]: https://www.oracle.com
-[prerequisites]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/master/docs/prerequisites.adoc
+[prerequisites]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/main/docs/prerequisites.adoc
 
-[quickstart]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/master/docs/quickstart.adoc
+[quickstart]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/main/docs/quickstart.adoc
 [repo]: https://github.com/oracle/terraform-oci-bastion
 [reuse]: https://github.com/oracle/terraform-oci-bastion/examples/db
 [subnets]: https://erikberg.com/notes/networks.html
 [terraform]: https://www.terraform.io
 [terraform_cidr_subnet]: http://blog.itsjustcode.net/blog/2017/11/18/terraform-cidrsubnet-deconstructed/
 [terraform_hashircorp_examples]: https://github.com/hashicorp/terraform-guides/tree/master/infrastructure-as-code/terraform-0.12-examples
 [terraform_oci]: https://www.terraform.io/docs/providers/oci/index.html
-[terraform_options]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/master/docs/terraformoptions.adoc
+[terraform_options]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/main/docs/terraformoptions.adoc
 [terraform_oci_examples]: https://github.com/terraform-providers/terraform-provider-oci/tree/master/examples
 [terraform_oci_oke]: https://github.com/oracle-terraform-modules/terraform-oci-oke
 

compute.tf

@@ -4,7 +4,7 @@
 resource "oci_core_instance" "bastion" {
   availability_domain = data.oci_identity_availability_domain.ad.name
   compartment_id      = var.compartment_id
-  freeform_tags       = var.bastion_tags
+  freeform_tags       = var.freeform_tags
 
   agent_config {
 
@@ -22,7 +22,7 @@ resource "oci_core_instance" "bastion" {
     assign_public_ip = var.bastion_type == "public" ? true : false
     display_name     = var.label_prefix == "none" ? "bastion-vnic" : "${var.label_prefix}-bastion-vnic"
     hostname_label   = "bastion"
-    subnet_id        = oci_core_subnet.bastion[0].id
+    subnet_id        = oci_core_subnet.bastion.id
   }
 
   display_name = var.label_prefix == "none" ? "bastion" : "${var.label_prefix}-bastion"
@@ -39,7 +39,7 @@ resource "oci_core_instance" "bastion" {
 
   metadata = {
     ssh_authorized_keys = var.ssh_public_key != "" ? var.ssh_public_key : file(var.ssh_public_key_path)
-    user_data           = data.cloudinit_config.bastion[0].rendered
+    user_data           = data.cloudinit_config.bastion.rendered
   }
 
   shape = lookup(var.bastion_shape, "shape", "VM.Standard.E2.2")
@@ -64,5 +64,4 @@ resource "oci_core_instance" "bastion" {
     create = "60m"
   }
 
-  count = var.create_bastion_host == true ? 1 : 0
 }

datasources.tf

@@ -3,7 +3,7 @@
 
 data "oci_identity_availability_domain" "ad" {
   compartment_id = var.tenancy_id
-  ad_number = var.availability_domain
+  ad_number      = var.availability_domain
 }
 
 data "oci_core_vcn" "vcn" {
@@ -35,36 +35,29 @@ data "cloudinit_config" "bastion" {
       }
     )
   }
-  count = var.create_bastion_host == true ? 1 : 0
 }
 
 # Gets a list of VNIC attachments on the bastion instance
 data "oci_core_vnic_attachments" "bastion_vnics_attachments" {
   availability_domain = data.oci_identity_availability_domain.ad.name
   compartment_id      = var.compartment_id
   depends_on          = [oci_core_instance.bastion]
-  instance_id         = oci_core_instance.bastion[0].id
-
-  count = var.create_bastion_host == true ? 1 : 0
+  instance_id         = oci_core_instance.bastion.id
 }
 
 # Gets the OCID of the first (default) VNIC on the bastion instance
 data "oci_core_vnic" "bastion_vnic" {
   depends_on = [oci_core_instance.bastion]
-  vnic_id    = lookup(data.oci_core_vnic_attachments.bastion_vnics_attachments[0].vnic_attachments[0], "vnic_id")
-
-  count = var.create_bastion_host == true ? 1 : 0
+  vnic_id    = lookup(data.oci_core_vnic_attachments.bastion_vnics_attachments.vnic_attachments[0], "vnic_id")
 }
 
 data "oci_core_instance" "bastion" {
   depends_on  = [oci_core_instance.bastion]
-  instance_id = oci_core_instance.bastion[0].id
-
-  count = var.create_bastion_host == true ? 1 : 0
+  instance_id = oci_core_instance.bastion.id
 }
 
 data "oci_ons_notification_topic" "bastion_notification" {
   topic_id = oci_ons_notification_topic.bastion_notification[0].topic_id
 
-  count = (var.create_bastion_host == true && var.enable_bastion_notification == true) ? 1 : 0
+  count = var.enable_bastion_notification == true ? 1 : 0
 }

docs/terraformoptions.adoc

@@ -108,11 +108,6 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |Values
 |Default
 
-|`create_bastion_host`
-|whether to create the bastion host
-| true/false
-|true
-
 |`bastion_image_id`
 |Provide a custom image id for the bastion host or leave as Autonomous.
 |imageid/Autonomous
@@ -210,13 +205,13 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |Values
 |Default
 
-|`bastion_tags`
+|`freeform_tags`
 |Freeform tags for bastion.
 |
 |
 [source]
 ----
-bastion_tags = {
+freeform_tags = {
     access      = "public"
     environment = "dev"
     role        = "bastion"

examples/README.md

@@ -89,13 +89,11 @@ module "bastion" {
 
   vcn_id = var.vcn_id
 
-  create_bastion_host = true
-
   ssh_public_key_path = "~/.ssh/id_rsa.pub"
 
   upgrade_bastion = false
 
-  bastion_tags = {
+  freeform_tags = {
     access      = "public"
     environment = "dev"
     role        = "bastion"

examples/main.tf

@@ -29,13 +29,11 @@ module "bastion" {
 
   vcn_id = var.vcn_id
 
-  create_bastion_host = true
-
   ssh_public_key_path = "~/.ssh/id_rsa.pub"
 
   upgrade_bastion = false
 
-  bastion_tags = {
+  freeform_tags = {
     access      = "public"
     environment = "dev"
     role        = "bastion"

locals.tf

@@ -26,5 +26,6 @@ locals {
 
   tcp_protocol = 6
 
-  vcn_cidr = data.oci_core_vcn.vcn.cidr_block
+  # we expect the bastion to be in the first cidr block in the list of cidr blocks
+  vcn_cidr = element(data.oci_core_vcn.vcn.cidr_blocks, 0)
 }

ons.tf

@@ -5,7 +5,7 @@ resource "oci_ons_notification_topic" "bastion_notification" {
   compartment_id = var.compartment_id
   name           = var.label_prefix == "none" ? var.bastion_notification_topic : "${var.label_prefix}-${var.bastion_notification_topic}"
 
-  count = (var.create_bastion_host == true && var.enable_bastion_notification == true) ? 1 : 0
+  count = var.enable_bastion_notification == true ? 1 : 0
 }
 
 resource "oci_ons_subscription" "bastion_notification" {
@@ -14,7 +14,7 @@ resource "oci_ons_subscription" "bastion_notification" {
   protocol       = var.bastion_notification_protocol
   topic_id       = oci_ons_notification_topic.bastion_notification[0].topic_id
 
-  count = (var.create_bastion_host == true && var.enable_bastion_notification == true) ? 1 : 0
+  count = var.enable_bastion_notification == true ? 1 : 0
 }
 
 resource "oci_identity_dynamic_group" "bastion_notification" {
@@ -26,7 +26,7 @@ resource "oci_identity_dynamic_group" "bastion_notification" {
   matching_rule  = "ALL {instance.id = '${join(",", data.oci_core_instance.bastion.*.id)}'}"
   name           = var.label_prefix == "none" ? "bastion-notification" : "${var.label_prefix}-bastion-notification"
 
-  count = (var.create_bastion_host == true && var.enable_bastion_notification == true) ? 1 : 0
+  count = var.enable_bastion_notification == true ? 1 : 0
 }
 
 resource "oci_identity_policy" "bastion_notification" {
@@ -38,5 +38,5 @@ resource "oci_identity_policy" "bastion_notification" {
   name           = var.label_prefix == "none" ? "bastion-notification" : "${var.label_prefix}-bastion-notification"
   statements     = ["Allow dynamic-group ${oci_identity_dynamic_group.bastion_notification[0].name} to use ons-topic in compartment id ${var.compartment_id} where request.permission='ONS_TOPIC_PUBLISH'"]
 
-  count = (var.create_bastion_host == true && var.enable_bastion_notification == true) ? 1 : 0
+  count = var.enable_bastion_notification == true ? 1 : 0
 }

security.tf

@@ -4,7 +4,7 @@
 resource "oci_core_security_list" "bastion" {
   compartment_id = var.compartment_id
   display_name   = var.label_prefix == "none" ? "bastion" : "${var.label_prefix}-bastion"
-  freeform_tags  = var.bastion_tags
+  freeform_tags  = var.freeform_tags
 
   egress_security_rules {
     protocol    = local.all_protocols
@@ -27,6 +27,4 @@ resource "oci_core_security_list" "bastion" {
     }
   }
   vcn_id = var.vcn_id
-
-  count = var.create_bastion_host == true ? 1 : 0
 }