refactor!: Upgrade minimum version to Terraform 1.0.0 (#33)

* refactor!: renamed operator_enabled to create_operator; minimum Terraform version is 1.0.0

BREAKING CHANGE: refactor to  rename variable operator enabled to create_operator and set minimum Terraform version to 1.0.0

* removed unused security list

Author: hyder

CHANGELOG.adoc

@@ -10,7 +10,10 @@ The format is based on {uri-changelog}[Keep a Changelog].
 = Unreleased
 
 == New features
+* Set minimum Terraform version to 1.0.0
+* Renamed var.operator_enabled --> var.create_operator
 * New variable (`operator_state`) to specify state of operator host
+* Removed security list and using NSG instead
 
 == Changes
 * Set default shape to E4.Flex

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2019, 2020 Oracle and/or its affiliates. 
+Copyright (c) 2019, 2021 Oracle and/or its affiliates. 
 
 The Universal Permissive License (UPL), Version 1.0
 

cloudinit/operator.template.yaml

@@ -1,4 +1,4 @@
-# Copyright 2017, 2019, Oracle Corporation and/or affiliates.  All rights reserved.
+# Copyright 2017, 2021, Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
 #cloud-config

compute.tf

@@ -1,4 +1,4 @@
-# Copyright 2017, 2019, Oracle Corporation and/or affiliates.  All rights reserved.
+# Copyright 2017, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
 resource "oci_core_instance" "operator" {
@@ -12,11 +12,11 @@ resource "oci_core_instance" "operator" {
   freeform_tags  = var.tags
 
   create_vnic_details {
-    assign_public_ip = false
-    display_name     = var.label_prefix == "none" ? "operator-vnic" : "${var.label_prefix}-operator-vnic"
-    hostname_label   = var.label_prefix == "none" ? "operator" : "${var.label_prefix}-operator"
-    nsg_ids          = var.nsg_ids
-    subnet_id        = oci_core_subnet.operator[0].id
+    assign_public_ip          = false
+    display_name              = var.label_prefix == "none" ? "operator-vnic" : "${var.label_prefix}-operator-vnic"
+    hostname_label            = var.label_prefix == "none" ? "operator" : "${var.label_prefix}-operator"
+    nsg_ids                   = concat(var.nsg_ids,[oci_core_network_security_group.operator[0].id])
+    subnet_id                 = oci_core_subnet.operator[0].id
   }
 
   display_name = var.label_prefix == "none" ? "operator" : "${var.label_prefix}-operator"
@@ -25,7 +25,7 @@ resource "oci_core_instance" "operator" {
     boot_volume_type = "PARAVIRTUALIZED"
     network_type     = "PARAVIRTUALIZED"
   }
-  
+
   # prevent the operator from destroying and recreating itself if the image ocid changes 
   lifecycle {
     ignore_changes = [source_details[0].source_id]
@@ -36,10 +36,10 @@ resource "oci_core_instance" "operator" {
     user_data           = data.template_cloudinit_config.operator[0].rendered
   }
 
-  shape = lookup(var.operator_shape, "shape", "VM.Standard.E2.2")
+  shape = lookup(var.operator_shape, "shape", "VM.Standard.E4.Flex")
 
   dynamic "shape_config" {
-    for_each = length(regexall("Flex", lookup(var.operator_shape, "shape", "VM.Standard.E3.Flex"))) > 0 ? [1] : []
+    for_each = length(regexall("Flex", lookup(var.operator_shape, "shape", "VM.Standard.E4.Flex"))) > 0 ? [1] : []
     content {
       ocpus         = max(1, lookup(var.operator_shape, "ocpus", 1))
       memory_in_gbs = (lookup(var.operator_shape, "memory", 4) / lookup(var.operator_shape, "ocpus", 1)) > 64 ? (lookup(var.operator_shape, "ocpus", 1) * 4) : lookup(var.operator_shape, "memory", 4)
@@ -57,5 +57,5 @@ resource "oci_core_instance" "operator" {
     create = "60m"
   }
 
-  count = var.operator_enabled == true ? 1 : 0
+  count = var.create_operator == true ? 1 : 0
 }

datasources.tf

@@ -1,6 +1,14 @@
-# Copyright 2017, 2019, Oracle Corporation and/or affiliates.  All rights reserved.
+# Copyright 2017, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
+data "oci_core_services" "all_oci_services" {
+  filter {
+    name   = "name"
+    values = ["All .* Services In Oracle Services Network"]
+    regex  = true
+  }
+}
+
 data "oci_identity_availability_domains" "ad_list" {
   compartment_id = var.tenancy_id
 }
@@ -33,7 +41,7 @@ data "template_file" "oracle_template" {
     ol = var.operating_system_version
   }
 
-  count = (var.operator_enabled == true) ? 1 : 0
+  count = (var.create_operator == true) ? 1 : 0
 }
 
 data "template_file" "oracle_cloud_init_file" {
@@ -45,15 +53,17 @@ data "template_file" "oracle_cloud_init_file" {
     timezone            = var.timezone
   }
 
-  count = (var.operator_enabled == true) ? 1 : 0
+  count = (var.create_operator == true) ? 1 : 0
 }
 
 data "oci_core_images" "oracle_images" {
   compartment_id           = var.compartment_id
   operating_system         = "Oracle Linux"
   operating_system_version = var.operating_system_version
-  shape                    = lookup(var.operator_shape, "shape", "VM.Standard.E2.2")
+  shape                    = lookup(var.operator_shape, "shape", "VM.Standard.E4.Flex")
   sort_by                  = "TIMECREATED"
+
+  count = (var.create_operator == true && var.operator_image_id == "Oracle") ? 1 : 0
 }
 
 # cloud init for operator
@@ -66,7 +76,7 @@ data "template_cloudinit_config" "operator" {
     content_type = "text/cloud-config"
     content      = data.template_file.oracle_cloud_init_file[0].rendered
   }
-  count = var.operator_enabled == true ? 1 : 0
+  count = var.create_operator == true ? 1 : 0
 }
 
 # Gets a list of VNIC attachments on the operator instance
@@ -76,20 +86,20 @@ data "oci_core_vnic_attachments" "operator_vnics_attachments" {
   depends_on          = [oci_core_instance.operator]
   instance_id         = oci_core_instance.operator[0].id
 
-  count = var.operator_enabled == true ? 1 : 0
+  count = var.create_operator == true ? 1 : 0
 }
 
 # Gets the OCID of the first (default) VNIC on the operator instance
 data "oci_core_vnic" "operator_vnic" {
   depends_on = [oci_core_instance.operator]
   vnic_id    = lookup(data.oci_core_vnic_attachments.operator_vnics_attachments[0].vnic_attachments[0], "vnic_id")
 
-  count = var.operator_enabled == true ? 1 : 0
+  count = var.create_operator == true ? 1 : 0
 }
 
 data "oci_core_instance" "operator" {
   depends_on  = [oci_core_instance.operator]
   instance_id = oci_core_instance.operator[0].id
 
-  count = var.operator_enabled == true ? 1 : 0
+  count = var.create_operator == true ? 1 : 0
 }

docs/quickstart.adoc

@@ -76,7 +76,7 @@ provider "oci" {
 * `nat_route_id`
 * `vcn_id`
 * 1 of `ssh_public_key` or `ssh_public_key_path`
-* `operator_enabled`
+* `create_operator`
 
 . Optional parameters to override:
 

docs/terraformoptions.adoc

@@ -128,7 +128,7 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |Values
 |Default
 
-|`operator_enabled`
+|`create_operator`
 |whether to create the operator
 | true/false
 |true

instance_principal.tf

@@ -1,4 +1,4 @@
-# Copyright 2017, 2019, Oracle Corporation and/or affiliates.  All rights reserved.
+# Copyright 2017, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
 # create a home region provider for identity operations
@@ -24,7 +24,7 @@ resource "oci_identity_dynamic_group" "operator_instance_principal" {
   matching_rule  = "ALL {instance.id = '${join(",", data.oci_core_instance.operator.*.id)}'}"
   name           = var.label_prefix == "none" ? "operator-instance-principal-${substr(uuid(),0,8)}" : "${var.label_prefix}-operator-instance-principal-${substr(uuid(),0,8)}"
 
-  count = var.operator_enabled == true && var.operator_instance_principal == true ? 1 : 0
+  count = var.create_operator == true && var.operator_instance_principal == true ? 1 : 0
 }
 
 resource "oci_identity_policy" "operator_instance_principal" {
@@ -35,5 +35,5 @@ resource "oci_identity_policy" "operator_instance_principal" {
   name           = var.label_prefix == "none" ? "operator-instance-principal" : "${var.label_prefix}-operator-instance-principal"
   statements     = ["Allow dynamic-group ${oci_identity_dynamic_group.operator_instance_principal[0].name} to manage all-resources in compartment id ${var.compartment_id}"]
 
-  count = var.operator_enabled == true && var.operator_instance_principal == true ? 1 : 0
+  count = var.create_operator == true && var.operator_instance_principal == true ? 1 : 0
 }

locals.tf

@@ -1,15 +1,16 @@
-# Copyright 2017, 2019, Oracle Corporation and/or affiliates.  All rights reserved.
+# Copyright 2017, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
 # Protocols are specified as protocol numbers.
 # https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
 
 locals {
-  all_protocols    = "all"
-  ad_names         = data.template_file.ad_names.*.rendered
-  anywhere         = "0.0.0.0/0"
-  ssh_port         = 22
-  tcp_protocol     = 6
-  operator_image_id = var.operator_image_id == "Oracle" ? data.oci_core_images.oracle_images.images.0.id : var.operator_image_id
-  vcn_cidr         = data.oci_core_vcn.vcn.cidr_block
+  all_protocols     = "all"
+  ad_names          = data.template_file.ad_names.*.rendered
+  anywhere          = "0.0.0.0/0"
+  ssh_port          = 22
+  tcp_protocol      = 6
+  operator_image_id = var.operator_image_id == "Oracle" ? data.oci_core_images.oracle_images[0].images.0.id : var.operator_image_id
+  osn               = lookup(data.oci_core_services.all_oci_services.services[0], "cidr_block")
+  vcn_cidr          = data.oci_core_vcn.vcn.cidr_block
 }

outputs.tf

@@ -1,10 +1,10 @@
-# Copyright 2017, 2019, Oracle Corporation and/or affiliates.  All rights reserved.
+# Copyright 2017, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
 output "operator_private_ip" {
   value = join(",", data.oci_core_vnic.operator_vnic.*.private_ip_address)
 }
 
 output "operator_instance_principal_group_name" {
-  value = var.operator_enabled == true && var.operator_instance_principal == true ? oci_identity_dynamic_group.operator_instance_principal[0].name : null
+  value = var.create_operator == true && var.operator_instance_principal == true ? oci_identity_dynamic_group.operator_instance_principal[0].name : null
 }