removed identity provider parameters (#33)

* removed identity home provider initialization from bastion module, use parameter passing instead

Signed-off-by: Ali Mukadam <[email protected]>

* updated changelog

Signed-off-by: Ali Mukadam <[email protected]>

* updated copyright

Signed-off-by: Ali Mukadam <[email protected]>

* fixed doc formatting, renamed tags variable

Signed-off-by: Ali Mukadam <[email protected]>

* renamed notification variable

Signed-off-by: Ali Mukadam <[email protected]>

* tags should be changed to bastion_tags in example,  unused provider variables in terraform.tfvars.example ,change bastion_access = [anywhere]

* fixed more examples issues

Signed-off-by: Ali Mukadam <[email protected]>

* fixed incorrect path to bastion root in examples

Signed-off-by: Ali Mukadam <[email protected]>

Author: hyder

CHANGELOG.adoc

@@ -10,27 +10,29 @@ The format is based on {uri-changelog}[Keep a Changelog].
 = Unreleased
 
 == New features
-* Renamed notification variables
-** create_bastion -> create_bastion_host
-** enable_notification -> create_bastion_notification
-** notification_endpoint -> bastion_notification_endpoint
-** notification_protocol -> bastion_notification_protocol
-** notification_topic -> bastion_notification_topic
-** Changed bastion access from a single CIDR to a list of CIDR blocks (#29)
-* Renamed variable bastion_upgrade --> upgrade_bastion
-* Renamed variable timezone --> bastion_timezone
-* AD lookup mechanism reimplemented to remove dependency on deprecated template_file data source
-* Replaced deprecated template_file data source with templatefile function
-* New variable (`bastion_operating_system_version`) to specify Autonomous Linux version (#15)
+* New variable (`bastion_os_version`) to specify Autonomous Linux version (#15)
 * Added sort_order on images (#16)
 * New variable (`bastion_state`) to specify state of bastion host (#17)
 * Added support for private bastion host (#23)
 
-=== Deprecation notice
-
-The following variables will be renamed at the next major release of this module (related to #18):
-
-* var.bastion_enabled --> var.create_bastion
+== Changes
+* Set minimum Terraform version to 1.0.0
+* OCI home region provider now expected as parameter to providers
+* Renamed notification variables (#18)
+** create_bastion -> create_bastion_host
+** enable_notification -> enable_bastion_notification
+** notification_endpoint -> bastion_notification_endpoint
+** notification_protocol -> bastion_notification_protocol
+** notification_topic -> bastion_notification_topic
+** Renamed variable bastion_upgrade --> upgrade_bastion
+** Renamed variable timezone --> bastion_timezone
+** Renamed variable tags --> bastion_tags
+* Changed bastion access from a single CIDR to a list of CIDR blocks (#29)
+* AD lookup mechanism reimplemented to remove dependency on deprecated template_file data source (#27)
+* Replaced all deprecated template_file data source with templatefile function (#27)
+
+== Deletion
+* Removed provider identity parameters except for tenancy_id
 
 = v2.0.0 (December 8, 2020)
 * Added support for flex shapes (#11)

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2019, 2020 Oracle and/or its affiliates. 
+Copyright (c) 2019, 2021 Oracle and/or its affiliates. 
 
 The Universal Permissive License (UPL), Version 1.0
 

compute.tf

@@ -4,7 +4,7 @@
 resource "oci_core_instance" "bastion" {
   availability_domain = data.oci_identity_availability_domain.ad.name
   compartment_id      = var.compartment_id
-  freeform_tags       = var.tags
+  freeform_tags       = var.bastion_tags
 
   agent_config {
 

datasources.tf

@@ -3,30 +3,17 @@
 
 data "oci_identity_availability_domain" "ad" {
   compartment_id = var.tenancy_id
-
   ad_number = var.availability_domain
 }
 
-data "oci_identity_tenancy" "tenancy" {
-  tenancy_id = var.tenancy_id
-}
-
-# get the tenancy's home region
-data "oci_identity_regions" "home_region" {
-  filter {
-    name   = "key"
-    values = [data.oci_identity_tenancy.tenancy.home_region_key]
-  }
-}
-
 data "oci_core_vcn" "vcn" {
   vcn_id = var.vcn_id
 }
 
 data "oci_core_images" "autonomous_images" {
   compartment_id           = var.compartment_id
   operating_system         = "Oracle Autonomous Linux"
-  operating_system_version = var.bastion_operating_system_version
+  operating_system_version = var.bastion_os_version
   shape                    = lookup(var.bastion_shape, "shape", "VM.Standard.E2.2")
   sort_by                  = "TIMECREATED"
   sort_order               = "DESC"
@@ -79,5 +66,5 @@ data "oci_core_instance" "bastion" {
 data "oci_ons_notification_topic" "bastion_notification" {
   topic_id = oci_ons_notification_topic.bastion_notification[0].topic_id
 
-  count = (var.create_bastion_host == true && var.create_bastion_notification == true) ? 1 : 0
+  count = (var.create_bastion_host == true && var.enable_bastion_notification == true) ? 1 : 0
 }

docs/terraformoptions.adoc

@@ -29,31 +29,11 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |Values
 |Default
 
-|`api_fingerprint`
-|ssl fingerprint of api public key. *Required when configuring provider*.
-|
-|None
-
-|`api_private_key_path`
-|path to api private key. *Required when configuring provider*.
-|
-|None
-
-|`region`
-|Region where to provision the OKE cluster. {uri-oci-region}[List of regions]. *Required when configuring provider*.
-|
-|None
-
 |`tenancy_id`
 |Tenancy id of the user. *Required when configuring provider*.
 |
 |None
 
-|`user_id`
-|User's id. *Required when configuring provider*.
-|
-|None
-
 |===
 
 == General OCI
@@ -94,8 +74,8 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 
 |`bastion_access`
 |A list of CIDR blocks to which ssh access to the bastion must be restricted to. *anywhere* is equivalent to 0.0.0.0/0 and allows ssh access from anywhere. Updatable.
-|["anywhere"] or a list of cidr block such as [XXX.XXX.XXX.XXX/YY]
-|["anywhere"]
+|`["anywhere"]`` or a list of cidr block such as `[XXX.XXX.XXX.XXX/YY]`
+|`["anywhere"]`
 
 |`ig_route_id`
 |the route id to the internet gateway of the VCN 
@@ -138,7 +118,7 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |imageid/Autonomous
 |Autonomous
 
-|`bastion_operating_system_version`
+|`bastion_os_version`
 |In case Autonomous Linux is used, allow specification of Autonomous version
 |
 |7.9
@@ -160,7 +140,7 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 
 |`bastion_state`
 |The target state for the instance. Could be set to RUNNING or STOPPED. (Updatable)
-|RUNNING|STOPPED
+|RUNNING/STOPPED
 |RUNNING
 
 |`bastion_timezone`
@@ -170,7 +150,7 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 
 |`bastion_type`
 |Whether to make the bastion host public or private.
-|public|private
+|public/private
 |public
 
 |`ssh_public_key`
@@ -200,7 +180,7 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |Values
 |Default
 
-|`create_bastion_notification`
+|`enable_bastion_notification`
 |Whether to enable ONS notification for the bastion host.
 |true/false
 |false
@@ -230,13 +210,13 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |Values
 |Default
 
-|`tags`
+|`bastion_tags`
 |Freeform tags for bastion.
 |
 |
 [source]
 ----
-tags = {
+bastion_tags = {
     access      = "public"
     environment = "dev"
     role        = "bastion"

examples/README.md

@@ -41,14 +41,6 @@ mkdir modules
 cd modules
 ```
 
-5. Add the terraform-oci-bastion module
-
-```
-git clone https://github.com/oracle/terraform-oci-bastion.git bastion
-```
-
-Note: Cloning will be required until the module is published in HashiCorp's registry.
-
 ## Define project variables
 
 ### Variables to reuse the vcn module
@@ -63,18 +55,57 @@ See [`variables.tf`][rootvariables] in this directory.
 1. Define the bastion module in root `main.tf`
 
 ```
-module "vcn" {
-  source = "./modules/vcn"
-  
-  # general oci parameters
+provider "oci" {
+  fingerprint      = var.api_fingerprint
+  private_key_path = var.api_private_key_path
+  region           = var.region
+  tenancy_ocid     = var.tenancy_id
+  user_ocid        = var.user_id
+}
+
+provider "oci" {
+  fingerprint      = var.api_fingerprint
+  private_key_path = var.api_private_key_path
+  region           = var.region
+  tenancy_ocid     = var.tenancy_id
+  user_ocid        = var.user_id
+  alias            = "home"
+}
+
+module "bastion" {
+  source = "../"
+  tenancy_id     = var.tenancy_id
   compartment_id = var.compartment_id
+
   label_prefix   = var.label_prefix
 
-  # vcn parameters
-  ig_route_id         = var.ig_route_id
-  vcn_id              = var.vcn_id
-  ssh_public_key      = var.ssh_public_key
+  availability_domain = var.availability_domain
+
+  ig_route_id = var.ig_route_id
+
+  netnum = var.netnum
+
+  newbits = var.newbits
+
+  vcn_id = var.vcn_id
+
+  create_bastion_host = true
+
+  ssh_public_key_path = "~/.ssh/id_rsa.pub"
+
+  upgrade_bastion = false
+
+  bastion_tags = {
+    access      = "public"
+    environment = "dev"
+    role        = "bastion"
+  }
+
+  providers = {
+      oci.home = oci.home
+  }
 }
+
 ```
 
 2. Enter appropriate values for `terraform.tfvars`. Review [Terraform Options][terraformoptions] for reference

examples/main.tf

@@ -1,21 +1,47 @@
-# Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates.  All rights reserved.
+# Copyright (c) 2019, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
+provider "oci" {
+  fingerprint      = var.api_fingerprint
+  private_key_path = var.api_private_key_path
+  region           = var.region
+  tenancy_ocid     = var.tenancy_id
+  user_ocid        = var.user_id
+}
+
+provider "oci" {
+  fingerprint      = var.api_fingerprint
+  private_key_path = var.api_private_key_path
+  region           = var.region
+  tenancy_ocid     = var.tenancy_id
+  user_ocid        = var.user_id
+  alias            = "home"
+}
+
 module "bastion" {
-  source = "../"
+  source         = "../"
+  tenancy_id     = var.tenancy_id
+  compartment_id = var.compartment_id
+
+  label_prefix = var.label_prefix
 
-  region = "us-phoenix-1"
+  ig_route_id = var.ig_route_id
 
-  # general oci parameters
+  vcn_id = var.vcn_id
 
-  compartment_id = ""
+  create_bastion_host = true
 
-  label_prefix = "dev"
+  ssh_public_key_path = "~/.ssh/id_rsa.pub"
 
-  # network parameters
-  ig_route_id = ""
+  upgrade_bastion = false
 
-  vcn_id = ""
+  bastion_tags = {
+    access      = "public"
+    environment = "dev"
+    role        = "bastion"
+  }
 
-  ssh_public_key = ""
+  providers = {
+    oci.home = oci.home
+  }
 }

examples/terraform.tfvars.example

@@ -3,16 +3,8 @@
 
 # provider identity parameters
 
-api_fingerprint = ""
-
-api_private_key_path = ""
-
-region = "us-phoenix-1"
-
 tenancy_id = ""
 
-user_id = ""
-
 # general oci parameters
 
 compartment_id = ""

examples/variables.tf

@@ -1,4 +1,4 @@
-# Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates.  All rights reserved.
+# Copyright (c) 2019, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
 # provider identity parameters

locals.tf

@@ -16,8 +16,8 @@ locals {
   notification_template = base64gzip(
     templatefile("${path.module}/scripts/notification.template.sh",
       {
-        create_bastion_notification = var.create_bastion_notification,
-        topic_id                    = var.create_bastion_notification == true ? oci_ons_notification_topic.bastion_notification[0].topic_id : "null"
+        enable_bastion_notification = var.enable_bastion_notification,
+        topic_id                    = var.enable_bastion_notification == true ? oci_ons_notification_topic.bastion_notification[0].topic_id : "null"
       }
     )
   )