removed identity parameters and locally initialized home region provider in favour of passed home region provider (#44)

Author: hyder

datasources.tf

@@ -19,14 +19,6 @@ data "oci_identity_tenancy" "tenancy" {
   tenancy_id = var.tenancy_id
 }
 
-# get the tenancy's home region
-data "oci_identity_regions" "home_region" {
-  filter {
-    name   = "key"
-    values = [data.oci_identity_tenancy.tenancy.home_region_key]
-  }
-}
-
 data "oci_core_vcn" "vcn" {
   vcn_id = var.vcn_id
 }

docs/quickstart.adoc

@@ -59,13 +59,22 @@ provider "oci" {
   private_key_path     = var.api_private_key_path
   region               = var.region
 }
+provider "oci" {
+  tenancy_ocid         = var.tenancy_id
+  user_ocid            = var.user_id
+  fingerprint          = var.api_fingerprint
+  private_key_path     = var.api_private_key_path
+  region               = var.home_region
+  alias                = "home"
+}
 ----
 
 . Set mandatory provider parameters:
 
 * `api_fingerprint`
 * `api_private_key_path`
 * `region`
+* `home_region`
 * `tenancy_id`
 * `user_id`
 

docs/terraformoptions.adoc

@@ -29,31 +29,11 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |Values
 |Default
 
-|`api_fingerprint`
-|ssl fingerprint of api public key. *Required when configuring provider*.
-|
-|None
-
-|`api_private_key_path`
-|path to api private key. *Required when configuring provider*.
-|
-|None
-
-|`region`
-|Region where to provision the OKE cluster. {uri-oci-region}[List of regions]. *Required when configuring provider*.
-|
-|None
-
 |`tenancy_id`
 |Tenancy id of the user. *Required when configuring provider*.
 |
 |None
 
-|`user_id`
-|User's id. *Required when configuring provider*.
-|
-|None
-
 |===
 
 == General OCI
@@ -163,8 +143,8 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |true/false
 |true
 
-|`operating_system_version`
-|The version of the Oracle Linux to use..
+|`operator_os_version`
+|The version of the Oracle Linux to use.
 |
 |8
 
@@ -225,13 +205,13 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |Values
 |Default
 
-|`tags`
+|`operator_tags`
 |Freeform tags for operator.
 |
 |
 [source]
 ----
-tags = {
+operator_tags = {
     access      = "restricted"
     environment = "dev"
     role        = "operator"

instance_principal.tf

@@ -1,21 +1,11 @@
 # Copyright 2017, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
-# create a home region provider for identity operations
-provider "oci" {
-  alias            = "home"
-  fingerprint      = var.api_fingerprint
-  private_key_path = var.api_private_key_path
-  region           = lookup(data.oci_identity_regions.home_region.regions[0], "name")
-  tenancy_ocid     = var.tenancy_id
-  user_ocid        = var.user_id
-}
-
 resource "oci_identity_dynamic_group" "operator_instance_principal" {
   provider = oci.home
 
   compartment_id = var.tenancy_id
-  description    = var.label_prefix == "none" ? "dynamic group to allow instances to call services for 1 operator" : "dynamic group with label ${var.label_prefix} to allow instances to call services for 1 operator"
+  description    = var.label_prefix == "none" ? "dynamic group to allow operator instance to invoke services" : "dynamic group with label ${var.label_prefix} to allow operator to invoke services"
 
   lifecycle {
     ignore_changes = [name, defined_tags]

terraform.tfvars.example

@@ -3,24 +3,14 @@
 
 # provider identity parameters
 
-api_fingerprint = ""
-
-api_private_key_path = ""
-
-region = ""
-
 tenancy_id = ""
 
-user_id = ""
-
 # general oci parameters
-
 compartment_id = ""
 
 label_prefix = "dev"
 
 # network parameters
-
 availability_domain = 1
 
 nat_route_id = ""
@@ -33,6 +23,7 @@ nsg_ids = []
 
 vcn_id = ""
 
+# operator host parameters
 operating_system_version = "8"
 
 create_operator = true
@@ -69,7 +60,7 @@ operator_notification_protocol = "EMAIL"
 
 operator_notification_topic = "operator"
 
-tags = {
+operator_tags = {
     access      = "restricted"
     environment = "dev"
     role        = "operator"

variables.tf

@@ -2,36 +2,13 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
 # provider parameters
-variable "api_fingerprint" {
-  description = "fingerprint of oci api private key"
-  type        = string
-  default     = ""
-}
-
-variable "api_private_key_path" {
-  description = "path to oci api private key used"
-  type        = string
-  default     = ""
-}
-
-variable "region" {
-  # List of regions: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#ServiceAvailabilityAcrossRegions
-  description = "the oci region where resources will be created"
-  type        = string
-}
 
 variable "tenancy_id" {
   description = "tenancy id where to create the sources"
   type        = string
   default     = ""
 }
 
-variable "user_id" {
-  description = "id of user that terraform will use to create the resources"
-  type        = string
-  default     = ""
-}
-
 # general oci parameters
 
 variable "compartment_id" {
@@ -146,9 +123,7 @@ variable "upgrade_operator" {
   type        = bool
 }
 
-
 # operator notification
-
 variable "enable_operator_notification" {
   description = "Whether to enable ONS notification for the operator host."
   default     = false

versions.tf

@@ -5,6 +5,8 @@ terraform {
   required_providers {
     oci = {
       source = "hashicorp/oci"
+      # pass oci home region provider explicitly for identity operations
+      configuration_aliases = [ oci.home ]      
     }
   }
   required_version = ">= 1.0.0"