replaced deprecated template_file data source with templatefile function (#39)

hyder · web-flow · commit 5623354756bb · 2021-07-27T17:59:01.000+10:00
* replaced deprecated template_file data source with templatefile function

* renamed variables

* Update README.adoc

* moved templating into locals

* change cloud init provider
diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc
@@ -10,6 +10,11 @@ The format is based on {uri-changelog}[Keep a Changelog].
 = Unreleased
 
 == New features
+* Renamed variable operator_upgrade --> upgrade_operator
+* Renamed variable timezone --> operator_timezone
+* Added support for Bastion service
+* AD lookup mechanism reimplemented to remove dependency on deprecated template_file data source
+* Replaced deprecated template_file data source with templatefile function
 * Set minimum Terraform version to 1.0.0
 * Renamed var.operator_enabled --> var.create_operator
 * New variable (`operator_state`) to specify state of operator host
diff --git a/README.adoc b/README.adoc
@@ -4,6 +4,7 @@
 :idseparator: -
 
 :uri-repo: https://github.com/oracle-terraform-modules/terraform-oci-operator
+:uri-bastion-repo: https://github.com/oracle-terraform-modules/terraform-oci-bastion
 
 :uri-rel-file-base: link:{uri-repo}/blob/master
 :uri-rel-tree-base: link:{uri-repo}/tree/master
@@ -21,6 +22,7 @@
 :uri-networks-subnets-cidr: https://erikberg.com/notes/networks.html
 :uri-oci: https://cloud.oracle.com/cloud-infrastructure
 :uri-oci-documentation: https://docs.cloud.oracle.com/iaas/Content/home.htm
+:uri-oci-bastion: https://docs.oracle.com/en-us/iaas/Content/Bastion/home.htm
 :uri-oracle: https://www.oracle.com
 :uri-prereqs: {uri-docs}/prerequisites.adoc
 :uri-quickstart: {uri-docs}/quickstart.adoc
@@ -46,6 +48,8 @@ This module is primarily meant to be reusable and the operator instance is used
 1. performing post-provisioning tasks with Terraform or other automation tools
 2. provide administrators access without the need to upload api authentication keys (instance_principal)
 
+It can be accessed either through a Bastion host (e.g. {uri-bastion-repo}[terraform-oci-bastion]) or through the {uri-oci-bastion}[OCI Bastion service].
+
 You can further use it as part of higher level Terraform modules.
 
 == {uri-docs}[Documentation]
diff --git a/cloudinit/operator.template.yaml b/cloudinit/operator.template.yaml
@@ -2,8 +2,8 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
 #cloud-config
-package_upgrade: ${operator_upgrade}
-timezone: ${timezone}
+package_upgrade: ${upgrade_operator}
+timezone: ${operator_timezone}
 write_files:
 # setup script
   - path: "/root/operator/operator.sh"
diff --git a/compute.tf b/compute.tf
@@ -2,21 +2,29 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
 resource "oci_core_instance" "operator" {
-  availability_domain = element(local.ad_names, (var.availability_domain - 1))
+  availability_domain = data.oci_identity_availability_domain.ad.name
 
   agent_config {
-    is_management_disabled = true
-  }
 
+    are_all_plugins_disabled = false
+    is_management_disabled   = false
+    is_monitoring_disabled   = false
+
+    plugins_config {
+      desired_state = "ENABLED"
+      name          = "Bastion"
+    }
+  }
+  
   compartment_id = var.compartment_id
   freeform_tags  = var.tags
 
   create_vnic_details {
-    assign_public_ip          = false
-    display_name              = var.label_prefix == "none" ? "operator-vnic" : "${var.label_prefix}-operator-vnic"
-    hostname_label            = var.label_prefix == "none" ? "operator" : "${var.label_prefix}-operator"
-    nsg_ids                   = concat(var.nsg_ids,[oci_core_network_security_group.operator[0].id])
-    subnet_id                 = oci_core_subnet.operator[0].id
+    assign_public_ip = false
+    display_name     = var.label_prefix == "none" ? "operator-vnic" : "${var.label_prefix}-operator-vnic"
+    hostname_label   = var.label_prefix == "none" ? "operator" : "${var.label_prefix}-operator"
+    nsg_ids          = concat(var.nsg_ids, [oci_core_network_security_group.operator[0].id])
+    subnet_id        = oci_core_subnet.operator[0].id
   }
 
   display_name = var.label_prefix == "none" ? "operator" : "${var.label_prefix}-operator"
@@ -33,7 +41,7 @@ resource "oci_core_instance" "operator" {
 
   metadata = {
     ssh_authorized_keys = var.ssh_public_key != "" ? var.ssh_public_key : file(var.ssh_public_key_path)
-    user_data           = data.template_cloudinit_config.operator[0].rendered
+    user_data           = data.cloudinit_config.operator[0].rendered
   }
 
   shape = lookup(var.operator_shape, "shape", "VM.Standard.E4.Flex")
diff --git a/datasources.tf b/datasources.tf
@@ -9,13 +9,10 @@ data "oci_core_services" "all_oci_services" {
   }
 }
 
-data "oci_identity_availability_domains" "ad_list" {
+data "oci_identity_availability_domain" "ad" {
   compartment_id = var.tenancy_id
-}
 
-data "template_file" "ad_names" {
-  count    = length(data.oci_identity_availability_domains.ad_list.availability_domains)
-  template = lookup(data.oci_identity_availability_domains.ad_list.availability_domains[count.index], "name")
+  ad_number = var.availability_domain
 }
 
 data "oci_identity_tenancy" "tenancy" {
@@ -34,28 +31,6 @@ data "oci_core_vcn" "vcn" {
   vcn_id = var.vcn_id
 }
 
-data "template_file" "oracle_template" {
-  template = file("${path.module}/scripts/operator.template.sh")
-
-  vars = {
-    ol = var.operating_system_version
-  }
-
-  count = (var.create_operator == true) ? 1 : 0
-}
-
-data "template_file" "oracle_cloud_init_file" {
-  template = file("${path.module}/cloudinit/operator.template.yaml")
-
-  vars = {
-    operator_sh_content = base64gzip(data.template_file.oracle_template[0].rendered)
-    operator_upgrade    = var.operator_upgrade
-    timezone            = var.timezone
-  }
-
-  count = (var.create_operator == true) ? 1 : 0
-}
-
 data "oci_core_images" "oracle_images" {
   compartment_id           = var.compartment_id
   operating_system         = "Oracle Linux"
@@ -67,21 +42,27 @@ data "oci_core_images" "oracle_images" {
 }
 
 # cloud init for operator
-data "template_cloudinit_config" "operator" {
+data "cloudinit_config" "operator" {
   gzip          = true
   base64_encode = true
 
   part {
     filename     = "operator.yaml"
     content_type = "text/cloud-config"
-    content      = data.template_file.oracle_cloud_init_file[0].rendered
+    content = templatefile(
+      local.operator_template, {
+        operator_sh_content = local.operator_script_template,
+        operator_timezone   = var.operator_timezone,
+        upgrade_operator    = var.upgrade_operator,
+      }
+    )
   }
   count = var.create_operator == true ? 1 : 0
 }
 
 # Gets a list of VNIC attachments on the operator instance
 data "oci_core_vnic_attachments" "operator_vnics_attachments" {
-  availability_domain = element(local.ad_names, (var.availability_domain - 1))
+  availability_domain = data.oci_identity_availability_domain.ad.name
   compartment_id      = var.compartment_id
   depends_on          = [oci_core_instance.operator]
   instance_id         = oci_core_instance.operator[0].id
diff --git a/locals.tf b/locals.tf
@@ -5,12 +5,27 @@
 # https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
 
 locals {
-  all_protocols     = "all"
-  ad_names          = data.template_file.ad_names.*.rendered
-  anywhere          = "0.0.0.0/0"
-  ssh_port          = 22
-  tcp_protocol      = 6
+  all_protocols = "all"
+
+  anywhere = "0.0.0.0/0"
+
   operator_image_id = var.operator_image_id == "Oracle" ? data.oci_core_images.oracle_images[0].images.0.id : var.operator_image_id
-  osn               = lookup(data.oci_core_services.all_oci_services.services[0], "cidr_block")
-  vcn_cidr          = data.oci_core_vcn.vcn.cidr_block
+
+  operator_template = "${path.module}/cloudinit/operator.template.yaml"
+
+  operator_script_template = base64gzip(
+    templatefile("${path.module}/scripts/operator.template.sh",
+      {
+        ol = var.operating_system_version
+      }
+    )
+  )
+
+  osn = lookup(data.oci_core_services.all_oci_services.services[0], "cidr_block")
+
+  ssh_port = 22
+
+  tcp_protocol = 6
+
+  vcn_cidr = data.oci_core_vcn.vcn.cidr_block
 }
diff --git a/scripts/operator.template.sh b/scripts/operator.template.sh
@@ -4,7 +4,6 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
 if [ ${ol} = 8 ]; then
-  dnf makecache
   dnf config-manager --enable ol8_developer && dnf -y install python3-oci-cli
 else
   yum -y -t update --security
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
@@ -51,12 +51,14 @@ operator_shape = {
 
 operator_state= "RUNNING"
 
-operator_upgrade = false
+operator_timezone = "Australia/Sydney"
 
 ssh_public_key = ""
 
 ssh_public_key_path = ""
 
+upgrade_operator = false
+
 # notification
 
 notification_enabled = false
@@ -70,5 +72,5 @@ notification_topic = "operator"
 tags = {
     department  = "finance"
     environment = "dev"
-    role        = "bastion"
+    role        = "operator"
 }
diff --git a/variables.tf b/variables.tf
@@ -83,19 +83,18 @@ variable "vcn_id" {
 
 # operator host parameters
 
-variable "operating_system_version" {
-  description = "The version of the Oracle Linux to use."
-  default     = "8"
-  type        = string
-}
-
 variable "create_operator" {
-  #! Deprecation notice: will be renamed to create_operator at next major release
   description = "whether to create the operator"
   default     = false
   type        = bool
 }
 
+variable "operating_system_version" {
+  description = "The version of the Oracle Linux to use."
+  default     = "8"
+  type        = string
+}
+
 variable "operator_image_id" {
   description = "Provide a custom image id for the operator host or leave as Oracle."
   default     = "Oracle"
@@ -122,12 +121,6 @@ variable "operator_state" {
   type        = string
 }
 
-variable "operator_upgrade" {
-  description = "Whether to upgrade the operator host packages after provisioning. It's useful to set this to false during development/testing so the operator is provisioned faster."
-  default     = false
-  type        = bool
-}
-
 variable "ssh_public_key" {
   description = "the content of the ssh public key used to access the operator. set this or the ssh_public_key_path"
   default     = ""
@@ -140,12 +133,19 @@ variable "ssh_public_key_path" {
   type        = string
 }
 
-variable "timezone" {
+variable "operator_timezone" {
   description = "The preferred timezone for the operator host."
   default     = "Australia/Sydney"
   type        = string
 }
 
+variable "upgrade_operator" {
+  description = "Whether to upgrade the operator host packages after provisioning. It's useful to set this to false during development/testing so the operator is provisioned faster."
+  default     = false
+  type        = bool
+}
+
+
 # operator notification
 
 variable "notification_enabled" {
@@ -174,11 +174,11 @@ variable "notification_topic" {
 
 # tagging
 variable "tags" {
-  description = "Freeform tags for bastion"
+  description = "Freeform tags for operator"
   default = {
     department  = "finance"
     environment = "dev"
-    role        = "bastion"
+    role        = "operator"
   }
   type = map(any)
 }
diff --git a/versions.tf b/versions.tf
@@ -6,9 +6,6 @@ terraform {
     oci = {
       source = "hashicorp/oci"
     }
-    template = {
-      source = "hashicorp/template"
-    }
   }
   required_version = ">= 1.0.0"
 }

Original file line number	Diff line number	Diff line change
`@@ -6,9 +6,6 @@ terraform {`
`6`	`6`	`oci = {`
`7`	`7`	`source = "hashicorp/oci"`
`8`	`8`	`}`
`9`		`- template = {`
`10`		`- source = "hashicorp/template"`
`11`		`- }`
`12`	`9`	`}`
`13`	`10`	`required_version = ">= 1.0.0"`
`14`	`11`	`}`