diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 0000000..23cf7ee --- /dev/null +++ b/examples/README.md @@ -0,0 +1,233 @@ + +## Terraform Modules +These modules are generated by CD3 Automation Toolkit. + +Purpose: To efficiently build and maintain the Infrastructure in Oracle Cloud. + +## Requirements + +| Name | Version | +|------|---------| +| [oci](#requirement\_oci) | >= 4.0.0 | + +## Providers + +| Name | Version | +|------|---------| +| [oci](#provider\_oci) | >= 4.0.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [alarms](#module\_alarms) | ./modules/managementservices/alarm | n/a | +| [backend-sets](#module\_backend-sets) | ./modules/loadbalancer/lb-backend-set | n/a | +| [backends](#module\_backends) | ./modules/loadbalancer/lb-backend | n/a | +| [block-volumes](#module\_block-volumes) | ./modules/storage/block-volume | n/a | +| [budget-alert-rules](#module\_budget-alert-rules) | ./modules/governance/billing/budget-alert-rule | n/a | +| [budgets](#module\_budgets) | ./modules/governance/billing/budget | n/a | +| [certificates](#module\_certificates) | ./modules/loadbalancer/lb-certificate | n/a | +| [cipher-suites](#module\_cipher-suites) | ./modules/loadbalancer/lb-cipher-suite | n/a | +| [cloud-guard-configurations](#module\_cloud-guard-configurations) | ./modules/security/cloud-guard-configuration | n/a | +| [cloud-guard-targets](#module\_cloud-guard-targets) | ./modules/security/cloud-guard-target | n/a | +| [custom-backup-policies](#module\_custom-backup-policies) | ./modules/storage/custom-backup-policy | n/a | +| [custom-dhcps](#module\_custom-dhcps) | ./modules/network/custom-dhcp | n/a | +| [dbsystems-vm-bm](#module\_dbsystems-vm-bm) | ./modules/database/dbsystem-vm-bm | n/a | +| [dedicated-hosts](#module\_dedicated-hosts) | ./modules/compute/dedicated-vm-host | n/a | +| [default-dhcps](#module\_default-dhcps) | ./modules/network/default-dhcp | n/a | +| [default-route-tables](#module\_default-route-tables) | ./modules/network/default-route-table | n/a | +| [default-security-lists](#module\_default-security-lists) | ./modules/network/default-sec-list | n/a | +| [drg-attachments](#module\_drg-attachments) | ./modules/network/drg-attachment | n/a | +| [drg-route-distribution-statements](#module\_drg-route-distribution-statements) | ./modules/network/drg-route-distribution-statement | n/a | +| [drg-route-distributions](#module\_drg-route-distributions) | ./modules/network/drg-route-distribution | n/a | +| [drg-route-rules](#module\_drg-route-rules) | ./modules/network/drg-route-rule | n/a | +| [drg-route-tables](#module\_drg-route-tables) | ./modules/network/drg-route-table | n/a | +| [drgs](#module\_drgs) | ./modules/network/drg | n/a | +| [endpoints](#module\_endpoints) | ./modules/dns/endpoint | n/a | +| [events](#module\_events) | ./modules/managementservices/event | n/a | +| [exa-infra](#module\_exa-infra) | ./modules/database/exa-infra | n/a | +| [exa-vmclusters](#module\_exa-vmclusters) | ./modules/database/exa-vmcluster | n/a | +| [exported-lpgs](#module\_exported-lpgs) | ./modules/network/lpg | n/a | +| [fss](#module\_fss) | ./modules/storage/file-storage/fss | n/a | +| [fss-export-options](#module\_fss-export-options) | ./modules/storage/file-storage/export-option | n/a | +| [hostnames](#module\_hostnames) | ./modules/loadbalancer/lb-hostname | n/a | +| [hub-lpgs](#module\_hub-lpgs) | ./modules/network/lpg | n/a | +| [iam-compartments](#module\_iam-compartments) | ./modules/identity/iam-compartment | n/a | +| [iam-groups](#module\_iam-groups) | ./modules/identity/iam-group | n/a | +| [iam-policies](#module\_iam-policies) | ./modules/identity/iam-policy | n/a | +| [igws](#module\_igws) | ./modules/network/igw | n/a | +| [instances](#module\_instances) | ./modules/compute/instance | n/a | +| [keys](#module\_keys) | ./modules/security/key | n/a | +| [lbr-reserved-ips](#module\_lbr-reserved-ips) | ./modules/ip/reserved-public-ip | n/a | +| [listeners](#module\_listeners) | ./modules/loadbalancer/lb-listener | n/a | +| [load-balancers](#module\_load-balancers) | ./modules/loadbalancer/lb-load-balancer | n/a | +| [loadbalancer-log-groups](#module\_loadbalancer-log-groups) | ./modules/managementservices/log-group | n/a | +| [loadbalancer-logs](#module\_loadbalancer-logs) | ./modules/managementservices/log | n/a | +| [mts](#module\_mts) | ./modules/storage/file-storage/mount-target | n/a | +| [network-load-balancers](#module\_network-load-balancers) | ./modules/networkloadbalancer/nlb | n/a | +| [ngws](#module\_ngws) | ./modules/network/ngw | n/a | +| [nlb-backend-sets](#module\_nlb-backend-sets) | ./modules/networkloadbalancer/nlb-backendset | n/a | +| [nlb-backends](#module\_nlb-backends) | ./modules/networkloadbalancer/nlb-backend | n/a | +| [nlb-listeners](#module\_nlb-listeners) | ./modules/networkloadbalancer/nlb-listener | n/a | +| [nlb-reserved-ips](#module\_nlb-reserved-ips) | ./modules/ip/reserved-public-ip | n/a | +| [none-lpgs](#module\_none-lpgs) | ./modules/network/lpg | n/a | +| [notifications-subscriptions](#module\_notifications-subscriptions) | ./modules/managementservices/notification-subscription | n/a | +| [notifications-topics](#module\_notifications-topics) | ./modules/managementservices/notification-topic | n/a | +| [nsg-rules](#module\_nsg-rules) | ./modules/network/nsg-rules | n/a | +| [nsgs](#module\_nsgs) | ./modules/network/nsg | n/a | +| [oss-buckets](#module\_oss-buckets) | ./modules/storage/object-storage | n/a | +| [oss-log-groups](#module\_oss-log-groups) | ./modules/managementservices/log-group | n/a | +| [oss-logs](#module\_oss-logs) | ./modules/managementservices/log | n/a | +| [oss-policies](#module\_oss-policies) | ./modules/identity/iam-policy | n/a | +| [path-route-sets](#module\_path-route-sets) | ./modules/loadbalancer/lb-path-route-set | n/a | +| [peer-lpgs](#module\_peer-lpgs) | ./modules/network/lpg | n/a | +| [private-ips](#module\_private-ips) | ./modules/ip/secondary-private-ip | n/a | +| [public-ip-pools](#module\_public-ip-pools) | ./modules/ip/public-ip-pool | n/a | +| [reserved-ips](#module\_reserved-ips) | ./modules/ip/reserved-public-ip | n/a | +| [route-tables](#module\_route-tables) | ./modules/network/route-table | n/a | +| [rule-sets](#module\_rule-sets) | ./modules/loadbalancer/lb-rule-set | n/a | +| [security-lists](#module\_security-lists) | ./modules/network/sec-list | n/a | +| [sgws](#module\_sgws) | ./modules/network/sgw | n/a | +| [spoke-lpgs](#module\_spoke-lpgs) | ./modules/network/lpg | n/a | +| [sub-compartments-level1](#module\_sub-compartments-level1) | ./modules/identity/iam-compartment | n/a | +| [sub-compartments-level2](#module\_sub-compartments-level2) | ./modules/identity/iam-compartment | n/a | +| [sub-compartments-level3](#module\_sub-compartments-level3) | ./modules/identity/iam-compartment | n/a | +| [sub-compartments-level4](#module\_sub-compartments-level4) | ./modules/identity/iam-compartment | n/a | +| [sub-compartments-level5](#module\_sub-compartments-level5) | ./modules/identity/iam-compartment | n/a | +| [subnets](#module\_subnets) | ./modules/network/subnet | n/a | +| [tag-defaults](#module\_tag-defaults) | ./modules/tagging/tag-default | n/a | +| [tag-keys](#module\_tag-keys) | ./modules/tagging/tag-key | n/a | +| [tag-namespaces](#module\_tag-namespaces) | ./modules/tagging/tag-namespace | n/a | +| [vaults](#module\_vaults) | ./modules/security/vault | n/a | +| [vcn-log-groups](#module\_vcn-log-groups) | ./modules/managementservices/log-group | n/a | +| [vcn-logs](#module\_vcn-logs) | ./modules/managementservices/log | n/a | +| [vcns](#module\_vcns) | ./modules/network/vcn | n/a | +| [vnic-attachments](#module\_vnic-attachments) | ./modules/network/vnic-attachment | n/a | + +## Resources + +| Name | Type | +|------|------| +| [oci_core_drg_route_distributions.drg_route_distributions](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_drg_route_distributions) | data source | +| [oci_core_drg_route_tables.drg_route_tables](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_drg_route_tables) | data source | +| [oci_core_instance.instance_ip](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_instance) | data source | +| [oci_core_instance.nlb_instance_ip](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_instance) | data source | +| [oci_core_instances.instances](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_instances) | data source | +| [oci_core_instances.instances_for_vnic](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_instances) | data source | +| [oci_core_instances.nlb_instances](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_instances) | data source | +| [oci_core_private_ips.ip_address](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_private_ips) | data source | +| [oci_core_private_ips.private_ips_by_ip_address](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_private_ips) | data source | +| [oci_core_subnets.oci_nlb_subnets](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_subnets) | data source | +| [oci_core_subnets.oci_subnets](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_subnets) | data source | +| [oci_core_subnets.oci_subnets_dns](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_subnets) | data source | +| [oci_core_subnets.oci_subnets_vnics](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_subnets) | data source | +| [oci_core_vcns.oci_vcns](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_vcns) | data source | +| [oci_core_vcns.oci_vcns_vnics](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_vcns) | data source | +| [oci_core_vnic_attachments.nlb_instance_vnic_attachments](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_vnic_attachments) | data source | +| [oci_core_vnic_attachments.vnic_attachments](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_vnic_attachments) | data source | +| [oci_dns_resolvers.resolvers](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/dns_resolvers) | data source | +| [oci_identity_availability_domains.availability_domains](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/identity_availability_domains) | data source | +| [oci_identity_compartments.compartments](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/identity_compartments) | data source | +| [oci_objectstorage_bucket.buckets](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/objectstorage_bucket) | data source | +| [oci_objectstorage_namespace.bucket_namespace](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/objectstorage_namespace) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [alarms](#input\_alarms) | n/a | `map(any)` | `{}` | no | +| [backend\_sets](#input\_backend\_sets) | To provision Load Balancer Backend Sets | `map(any)` | `{}` | no | +| [backends](#input\_backends) | To provision Load Balancer Backends | `map(any)` | `{}` | no | +| [block\_backup\_policies](#input\_block\_backup\_policies) | To create block volume back policy | `map(any)` | `{}` | no | +| [blockvolumes](#input\_blockvolumes) | To provision block volumes | `map(any)` | `{}` | no | +| [boot\_backup\_policies](#input\_boot\_backup\_policies) | Map of boot volume backup policies to be provisioned | `map(any)` | `{}` | no | +| [budget\_alert\_rules](#input\_budget\_alert\_rules) | n/a | `map(any)` | `{}` | no | +| [budgets](#input\_budgets) | n/a | `map(any)` | `{}` | no | +| [capacity\_reservation\_ocids](#input\_capacity\_reservation\_ocids) | n/a | `map(any)` | 
{
  "AD1": "",
  "AD2": "",
  "AD3": ""
}
| no | +| [certificates](#input\_certificates) | To provision Load Balancer Certificates | `map(any)` | `{}` | no | +| [cipher\_suites](#input\_cipher\_suites) | To provision Load Balancer Cipher Suites | `map(any)` | `{}` | no | +| [cloud\_guard\_configs](#input\_cloud\_guard\_configs) | n/a | `map(any)` | `{}` | no | +| [cloud\_guard\_targets](#input\_cloud\_guard\_targets) | n/a | `map(any)` | `{}` | no | +| [compartment\_ocids](#input\_compartment\_ocids) | n/a | `map(any)` | `{}` | no | +| [compartments](#input\_compartments) | n/a | 
object({
    root = optional(map(object({
      tenancy_ocid          = optional(string)
      parent_compartment_id = string
      name                  = string
      description           = optional(string)
      enable_delete         = optional(bool)
      defined_tags          = optional(map(any))
      freeform_tags         = optional(map(any))
    })))
    compartment_level1 = optional(map(object({
      tenancy_ocid          = optional(string)
      parent_compartment_id = string
      name                  = string
      description           = optional(string)
      enable_delete         = optional(bool)
      defined_tags          = optional(map(any))
      freeform_tags         = optional(map(any))
    })))
    compartment_level2 = optional(map(object({
      tenancy_ocid          = optional(string)
      parent_compartment_id = string
      name                  = string
      description           = optional(string)
      enable_delete         = optional(bool)
      defined_tags          = optional(map(any))
      freeform_tags         = optional(map(any))
    })))
    compartment_level3 = optional(map(object({
      tenancy_ocid          = optional(string)
      parent_compartment_id = string
      name                  = string
      description           = optional(string)
      enable_delete         = optional(bool)
      defined_tags          = optional(map(any))
      freeform_tags         = optional(map(any))
    })))
    compartment_level4 = optional(map(object({
      tenancy_ocid          = optional(string)
      parent_compartment_id = string
      name                  = string
      description           = optional(string)
      enable_delete         = optional(bool)
      defined_tags          = optional(map(any))
      freeform_tags         = optional(map(any))
    })))
    compartment_level5 = optional(map(object({
      tenancy_ocid          = optional(string)
      parent_compartment_id = string
      name                  = string
      description           = optional(string)
      enable_delete         = optional(bool)
      defined_tags          = optional(map(any))
      freeform_tags         = optional(map(any))
    })))
  })
| 
{
  "compartment_level1": {},
  "compartment_level2": {},
  "compartment_level3": {},
  "compartment_level4": {},
  "compartment_level5": {},
  "root": {}
}
| no | +| [custom\_backup\_policies](#input\_custom\_backup\_policies) | n/a | `map(any)` | `{}` | no | +| [custom\_dhcps](#input\_custom\_dhcps) | n/a | 
map(object({
    compartment_id     = string
    server_type        = string
    vcn_id             = string
    custom_dns_servers = list(any)
    domain_name_type   = optional(string)
    display_name       = optional(string)
    search_domain      = optional(map(any))
    defined_tags       = optional(map(any))
    freeform_tags      = optional(map(any))
  }))
| `{}` | no | +| [data\_drg\_route\_table\_distributions](#input\_data\_drg\_route\_table\_distributions) | n/a | `map(any)` | `{}` | no | +| [data\_drg\_route\_tables](#input\_data\_drg\_route\_tables) | n/a | `map(any)` | `{}` | no | +| [databases](#input\_databases) | Map of databases to be provisioned in an existing db\_home | `map(any)` | `{}` | no | +| [db\_home](#input\_db\_home) | Map of database db home to be provisioned | `map(any)` | `{}` | no | +| [dbsystem\_ssh\_keys](#input\_dbsystem\_ssh\_keys) | n/a | `map(any)` | 
{
  "ssh_public_key": [
    ""
  ]
}
| no | +| [dbsystems\_vm\_bm](#input\_dbsystems\_vm\_bm) | To provision DB System | `map(any)` | `{}` | no | +| [dedicated\_hosts](#input\_dedicated\_hosts) | To provision new dedicated VM hosts | `map(any)` | `{}` | no | +| [default\_dhcps](#input\_default\_dhcps) | n/a | 
map(object({
    server_type                = string
    manage_default_resource_id = optional(string)
    custom_dns_servers         = optional(list(any))
    search_domain              = optional(map(any))
    defined_tags               = optional(map(any))
    freeform_tags              = optional(map(any))
  }))
| `{}` | no | +| [default\_route\_tables](#input\_default\_route\_tables) | n/a | `map(any)` | `{}` | no | +| [default\_seclists](#input\_default\_seclists) | n/a | 
map(object({
    compartment_id = string
    vcn_id         = string
    display_name   = optional(string)
    defined_tags   = optional(map(any))
    freeform_tags  = optional(map(any))
    ingress_sec_rules = optional(list(object({
      protocol    = optional(string)
      stateless   = optional(string)
      description = optional(string)
      source      = optional(string)
      source_type = optional(string)
      options     = optional(map(any))
    })))
    egress_sec_rules = optional(list(object({
      protocol         = optional(string)
      stateless        = optional(string)
      description      = optional(string)
      destination      = optional(string)
      destination_type = optional(string)
      options          = optional(map(any))
    })))
  }))
| `{}` | no | +| [drg\_attachments](#input\_drg\_attachments) | n/a | `map(any)` | `{}` | no | +| [drg\_route\_distribution\_statements](#input\_drg\_route\_distribution\_statements) | n/a | 
map(object({
    drg_route_distribution_id = string
    action                    = string
    match_criteria            = optional(list(object({
      match_type              = string
      attachment_type         = optional(string)
      drg_attachment_id       = optional(string)
    })))
    priority                  = optional(string)
  }))
| `{}` | no | +| [drg\_route\_distributions](#input\_drg\_route\_distributions) | n/a | 
map(object({
      distribution_type = string
      drg_id            = string
      defined_tags      = optional(string)
      freeform_tags     = optional(string)
      display_name      = optional(string)
  }))
| `{}` | no | +| [drg\_route\_rules](#input\_drg\_route\_rules) | n/a | `map(any)` | `{}` | no | +| [drg\_route\_tables](#input\_drg\_route\_tables) | n/a | `map(any)` | `{}` | no | +| [drgs](#input\_drgs) | n/a | 
map(object({
    compartment_id = string
    display_name   = optional(string)
    defined_tags   = optional(map(any))
    freeform_tags  = optional(map(any))
  }))
| `{}` | no | +| [events](#input\_events) | n/a | `map(any)` | `{}` | no | +| [exa\_infra](#input\_exa\_infra) | To provision exadata infrastructure | `map(any)` | `{}` | no | +| [exa\_vmclusters](#input\_exa\_vmclusters) | To provision exadata cloud VM cluster | `map(any)` | `{}` | no | +| [exacs\_ssh\_keys](#input\_exacs\_ssh\_keys) | n/a | `map(any)` | 
{
  "ssh_public_key": [
    ""
  ]
}
| no | +| [fingerprint](#input\_fingerprint) | n/a | `string` | `""` | no | +| [fss](#input\_fss) | To provision File System Services | `map(any)` | `{}` | no | +| [groups](#input\_groups) | n/a | 
map(object({
    group_name        = string
    group_description = string
    matching_rule     = optional(string)
    defined_tags      = optional(map(any))
    freeform_tags     = optional(map(any))
  }))
| `{}` | no | +| [hostnames](#input\_hostnames) | To provision Load Balancer Hostnames | `map(any)` | `{}` | no | +| [igws](#input\_igws) | n/a | 
map(object({
    compartment_id = string
    vcn_id         = string
    enable_igw     = optional(bool)
    igw_name       = optional(string)
    defined_tags   = optional(map(any))
    freeform_tags  = optional(map(any))
  }))
| `{}` | no | +| [instance\_source\_ocids](#input\_instance\_source\_ocids) | n/a | `map(any)` | 
{
  "Linux": "",
  "PaloAlto": "Palo Alto Networks VM-Series Next Generation Firewall",
  "Windows": ""
}
| no | +| [instance\_ssh\_keys](#input\_instance\_ssh\_keys) | n/a | `map(any)` | 
{
  "ssh_public_key": ""
}
| no | +| [instances](#input\_instances) | Map of instances to be provisioned | `map(any)` | `{}` | no | +| [keys](#input\_keys) | n/a | `map(any)` | `{}` | no | +| [lbr\_reserved\_ips](#input\_lbr\_reserved\_ips) | To provision Load Balancer Reserved IPs | `map(any)` | `{}` | no | +| [listeners](#input\_listeners) | To provision Load Balancer Listeners | `map(any)` | `{}` | no | +| [load\_balancers](#input\_load\_balancers) | To provision Load Balancers | `map(any)` | `{}` | no | +| [loadbalancer\_log\_groups](#input\_loadbalancer\_log\_groups) | To provision Log Groups for Load Balancers | `map(any)` | `{}` | no | +| [loadbalancer\_logs](#input\_loadbalancer\_logs) | To provision Logs for Load Balancers | `map(any)` | `{}` | no | +| [lpgs](#input\_lpgs) | n/a | `map(any)` | 
{
  "exported-lpgs": {},
  "hub-lpgs": {},
  "none-lpgs": {},
  "peer-lpgs": {},
  "spoke-lpgs": {}
}
| no | +| [mount\_targets](#input\_mount\_targets) | To provision Mount Targets | `map(any)` | `{}` | no | +| [network\_load\_balancers](#input\_network\_load\_balancers) | n/a | `map(any)` | `{}` | no | +| [nfs\_export\_options](#input\_nfs\_export\_options) | To provision Export Sets | `map(any)` | `{}` | no | +| [ngws](#input\_ngws) | n/a | 
map(object({
    compartment_id = string
    vcn_id         = string
    block_traffic  = optional(bool)
    public_ip_id   = optional(string)
    ngw_name       = optional(string)
    defined_tags   = optional(map(any))
    freeform_tags  = optional(map(any))
  }))
| `{}` | no | +| [nlb\_backend\_sets](#input\_nlb\_backend\_sets) | n/a | `map(any)` | `{}` | no | +| [nlb\_backends](#input\_nlb\_backends) | n/a | `map(any)` | `{}` | no | +| [nlb\_listeners](#input\_nlb\_listeners) | n/a | `map(any)` | `{}` | no | +| [nlb\_reserved\_ips](#input\_nlb\_reserved\_ips) | To provision Network Load Balancer Reserved IPs | `map(any)` | `{}` | no | +| [notifications\_subscriptions](#input\_notifications\_subscriptions) | n/a | `map(any)` | `{}` | no | +| [notifications\_topics](#input\_notifications\_topics) | n/a | `map(any)` | `{}` | no | +| [nsg\_rules](#input\_nsg\_rules) | n/a | 
map(object({
    nsg_id           = string
    direction        = string
    protocol         = string
    description      = optional(string)
    stateless        = optional(string)
    source_type      = optional(string)
    destination_type = optional(string)
    destination      = optional(string)
    source           = optional(string)
    options          = optional(map(any))
  }))
| `{}` | no | +| [nsgs](#input\_nsgs) | n/a | 
map(object({
    compartment_id = string
    vcn_id         = string
    display_name   = optional(string)
    defined_tags   = optional(map(any))
    freeform_tags  = optional(map(any))
  }))
| `{}` | no | +| [oss](#input\_oss) | To provision Buckets - OSS | `map(any)` | `{}` | no | +| [oss\_log\_groups](#input\_oss\_log\_groups) | To provision Log Groups for OSS | `map(any)` | `{}` | no | +| [oss\_logs](#input\_oss\_logs) | To provision Logs for OSS | `map(any)` | `{}` | no | +| [oss\_policies](#input\_oss\_policies) | n/a | `map(any)` | `{}` | no | +| [path\_route\_sets](#input\_path\_route\_sets) | To provision Load Balancer Path Route Sets | `map(any)` | `{}` | no | +| [policies](#input\_policies) | n/a | 
map(object({
    name                = string
    compartment_id      = string
    policy_description  = string
    policy_statements   = list(string)
    policy_version_date = optional(string)
    defined_tags        = optional(map(any))
    freeform_tags       = optional(map(any))
  }))
| `{}` | no | +| [private\_ips](#input\_private\_ips) | n/a | `map(any)` | `{}` | no | +| [private\_key\_path](#input\_private\_key\_path) | n/a | `string` | `""` | no | +| [public\_ip\_pools](#input\_public\_ip\_pools) | n/a | `map(any)` | `{}` | no | +| [region](#input\_region) | n/a | `string` | `""` | no | +| [reserved\_ips](#input\_reserved\_ips) | n/a | `map(any)` | `{}` | no | +| [route\_tables](#input\_route\_tables) | n/a | `map(any)` | `{}` | no | +| [rule\_sets](#input\_rule\_sets) | To provision Load Balancer Rule Sets | `map(any)` | `{}` | no | +| [seclists](#input\_seclists) | n/a | 
map(object({
    compartment_id = string
    vcn_id         = string
    display_name   = optional(string)
    defined_tags   = optional(map(any))
    freeform_tags  = optional(map(any))
    ingress_sec_rules = optional(list(object({
      protocol    = optional(string)
      stateless   = optional(string)
      description = optional(string)
      source      = optional(string)
      source_type = optional(string)
      options     = optional(map(any))
    })))
    egress_sec_rules = optional(list(object({
      protocol         = optional(string)
      stateless        = optional(string)
      description      = optional(string)
      destination      = optional(string)
      destination_type = optional(string)
      options          = optional(map(any))
    })))
  }))
| `{}` | no | +| [sgws](#input\_sgws) | n/a | `map(any)` | `{}` | no | +| [subnets](#input\_subnets) | n/a | 
map(object({
    compartment_id             = string
    vcn_id                     = string
    cidr_block                 = string
    display_name               = optional(string)
    dns_label                  = optional(string)
    ipv6cidr_block             = optional(string)
    defined_tags               = optional(map(any))
    freeform_tags              = optional(map(any))
    prohibit_internet_ingress  = optional(string)
    prohibit_public_ip_on_vnic = optional(string)
    availability_domain        = optional(string)
    dhcp_options_id            = optional(string)
    route_table_id             = optional(string)
    security_list_ids          = optional(list(string))
  }))
| `{}` | no | +| [tag\_defaults](#input\_tag\_defaults) | To make the Tag keys as default to compartments | 
map(object({
    compartment_id    = string
    tag_definition_id = string
    value             = string
    is_required       = optional(string)
  }))
| `{}` | no | +| [tag\_keys](#input\_tag\_keys) | To provision Tag Keys | 
map(object({
    tag_namespace_id = string
    description      = string
    name             = string
    defined_tags     = optional(map(any))
    freeform_tags    = optional(map(any))
    is_cost_tracking = optional(string)
    is_retired       = optional(string)
    validator = optional(list(object({
      validator_type   = optional(string)
      validator_values = optional(list(any))
    })))
  }))
| `{}` | no | +| [tag\_namespaces](#input\_tag\_namespaces) | To provision Namespaces | 
map(object({
    compartment_id = string
    description    = string
    name           = string
    defined_tags   = optional(map(any))
    freeform_tags  = optional(map(any))
    is_retired     = optional(string)
  }))
| `{}` | no | +| [tenancy\_ocid](#input\_tenancy\_ocid) | n/a | `string` | `""` | no | +| [user\_ocid](#input\_user\_ocid) | n/a | `string` | `""` | no | +| [vaults](#input\_vaults) | n/a | `map(any)` | `{}` | no | +| [vcn\_log\_groups](#input\_vcn\_log\_groups) | n/a | `map(any)` | `{}` | no | +| [vcn\_logs](#input\_vcn\_logs) | n/a | `map(any)` | `{}` | no | +| [vcns](#input\_vcns) | n/a | 
map(object({
    compartment_id = string
    cidr_blocks    = optional(list(string))
    display_name   = optional(string)
    dns_label      = optional(string)
    is_ipv6enabled = optional(string)
    defined_tags   = optional(map(any))
    freeform_tags  = optional(map(any))
  }))
| `{}` | no | +| [vnic\_attachments](#input\_vnic\_attachments) | n/a | `map(any)` | `{}` | no | + +## Outputs + +No outputs. + + \ No newline at end of file diff --git a/examples/budget/backend.tf b/examples/budget/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/budget/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/budget/budget.tf b/examples/budget/budget.tf new file mode 100644 index 0000000..5224880 --- /dev/null +++ b/examples/budget/budget.tf @@ -0,0 +1,62 @@ +// Copyright (c) 2024, Oracle and/or its affiliates. + +############################ +# Module Block - Cost Management +# Create Budgets and Rule Alerts +############################ + +#locals { +# comp_ocids = {for key, val in var.budgets : key => [ +# var.compartment_ocids[flatten([for targets in val.targets : targets])[0]] +# ] if val.target_type == "COMPARTMENT" } +#} + + + +module "budget-alert-rules" { + source = "./modules/costmanagement/budget-alert-rule" + for_each = var.budget_alert_rules + + #Required + budget_id = length(regexall("ocid1.budget.oc*", each.value.budget_id)) > 0 ? each.value.budget_id : merge(module.budgets.*...)[each.value.budget_id]["budget_tf_id"] + threshold = each.value.threshold + threshold_type = each.value.threshold_type + type = each.value.type + + #Optional + description = each.value.description + display_name = each.value.display_name + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + message = each.value.message + recipients = each.value.recipients +} + +module "budgets" { + source = "./modules/costmanagement/budget" + for_each = var.budgets + + #Required + amount = each.value.amount + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]):var.tenancy_ocid + + reset_period = each.value.reset_period != null ? each.value.reset_period : "MONTHLY" + + #Optional + budget_processing_period_start_offset = each.value.budget_processing_period_start_offset + description = each.value.description + display_name = each.value.display_name + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + processing_period_type = each.value.processing_period_type + budget_start_date = each.value.processing_period_type == "SINGLE_USE" ? each.value.budget_start_date : null + budget_end_date = each.value.processing_period_type == "SINGLE_USE" ? each.value.budget_end_date : null + + #target_compartment_id = each.value.target_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.target_compartment_id)) > 0 ? each.value.target_compartment_id : var.compartment_ocids[each.value.target_compartment_id]) : null + + target_type = each.value.target_type + #targets = each.value.targets + + targets = each.value.target_type == "COMPARTMENT" ? (length(regexall("ocid1.compartment.oc*", each.value.targets[0])) > 0 ? each.value.targets : [var.compartment_ocids[each.value.targets[0]]]) : each.value.targets + +} \ No newline at end of file diff --git a/examples/budget/oci-data.tf b/examples/budget/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/budget/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/budget/provider.tf b/examples/budget/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/budget/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/budget/variables_example.tf b/examples/budget/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/budget/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/compute/backend.tf b/examples/compute/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/compute/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/compute/block-volume.tf b/examples/compute/block-volume.tf new file mode 100644 index 0000000..f593e6b --- /dev/null +++ b/examples/compute/block-volume.tf @@ -0,0 +1,49 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Module Block - BlockVolume +# Create BlockVolume and Block Volume Backup Policy +############################ +/* +data "oci_core_instances" "instance" { + depends_on = [module.instances] + for_each = var.blockvolumes != null ? var.blockvolumes : {} + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + display_name = one(each.value.attach_to_instance) + state = "RUNNING" +} +*/ + +module "block-volumes" { + source = "./modules/storage/block-volume" + for_each = var.blockvolumes != null ? var.blockvolumes : {} + attachment_type = each.value.attachment_type + attach_to_instance = each.value.attach_to_instance != null ? length(regexall("ocid1.instance.oc*", each.value.attach_to_instance)) > 0 ? each.value.attach_to_instance : merge(module.instances.*...)[each.value.attach_to_instance]["instance_tf_id"] : null + #attach_to_instance = length(each.value.attach_to_instance) > 0 ? [data.oci_core_instances.instance[each.value.display_name].instances[0].id] : [] + availability_domain = each.value.availability_domain != "" && each.value.availability_domain != null ? data.oci_identity_availability_domains.availability_domains.availability_domains[each.value.availability_domain].name : null + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + vpus_per_gb = each.value.vpus_per_gb != null ? each.value.vpus_per_gb : null + device = each.value.device + defined_tags = each.value.defined_tags + display_name = each.value.display_name + freeform_tags = each.value.freeform_tags + is_auto_tune_enabled = each.value.is_auto_tune_enabled + kms_key_id = each.value.kms_key_id + size_in_gbs = each.value.size_in_gbs != null ? each.value.size_in_gbs : null + block_tf_policy = each.value.backup_policy != null ? each.value.backup_policy : null + policy_tf_compartment_id = each.value.policy_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.policy_compartment_id)) > 0 ? each.value.policy_compartment_id : var.compartment_ocids[each.value.policy_compartment_id]) : null + autotune_policies = each.value.autotune_policies + source_details = each.value.source_details + block_volume_replicas = each.value.block_volume_replicas + block_volume_replicas_deletion = each.value.block_volume_replicas_deletion + + #Volume Attachment Optional Params + # attachment_display_name = each.value.attachment_display_name + # encryption_in_transit_type = each.value.encryption_in_transit_type # Applicable when attachment_type=iscsi + is_pv_encryption_in_transit_enabled = each.value.is_pv_encryption_in_transit_enabled # Applicable when attachment_type=paravirtualized + is_read_only = each.value.is_read_only + is_shareable = each.value.is_shareable + use_chap = each.value.use_chap + is_agent_auto_iscsi_login_enabled = each.value.is_agent_auto_iscsi_login_enabled # Applicable when attachment_type=iscsi + blockvolume_source_ocids = var.blockvolume_source_ocids +} diff --git a/examples/compute/dedicated-vm-host.tf b/examples/compute/dedicated-vm-host.tf new file mode 100755 index 0000000..74eb287 --- /dev/null +++ b/examples/compute/dedicated-vm-host.tf @@ -0,0 +1,20 @@ +#// Copyright (c) 2021, 2022, Oracle and/or its affiliates. +# +################################### +## Module Block - Dedicated VM Host +## Create Dedicated VM Hosts +################################### + +module "dedicated-hosts" { + source = "./modules/compute/dedicated-vm-host" + for_each = var.dedicated_hosts != null ? var.dedicated_hosts : {} + + availability_domain = each.value.availability_domain != null ? data.oci_identity_availability_domains.availability_domains.availability_domains[each.value.availability_domain].name : null + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + vm_host_shape = each.value.vm_host_shape + display_name = each.value.display_name + fault_domain = each.value.fault_domain + +} \ No newline at end of file diff --git a/examples/compute/instance.tf b/examples/compute/instance.tf new file mode 100755 index 0000000..10b191e --- /dev/null +++ b/examples/compute/instance.tf @@ -0,0 +1,81 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +## Module Block - Instances +## Create Instance +############################# + +data "oci_core_subnets" "oci_subnets" { + # depends_on = [module.subnets] # Uncomment to create Network and Instances together + for_each = var.instances != null ? var.instances : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.subnet_id + vcn_id = data.oci_core_vcns.oci_vcns[each.key].virtual_networks.*.id[0] +} + +data "oci_core_vcns" "oci_vcns" { + # depends_on = [module.vcns] # Uncomment to create Network and Instances together + for_each = var.instances != null ? var.instances : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.vcn_name +} + +module "instances" { + source = "./modules/compute/instance" + # depends_on = [module.nsgs] # Uncomment to create NSG and Instances together + for_each = var.instances != null ? var.instances : {} + availability_domain = each.value.availability_domain != "" && each.value.availability_domain != null ? data.oci_identity_availability_domains.availability_domains.availability_domains[each.value.availability_domain].name : "" + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null + vcn_names = [each.value.vcn_name] + dedicated_vm_host_name = each.value.dedicated_vm_host_id != null ? each.value.dedicated_vm_host_id : null + shape = each.value.shape + ocpu_count = each.value.ocpus + private_ip = each.value.private_ip != null ? each.value.private_ip : null + defined_tags = each.value.defined_tags + display_name = each.value.display_name + fault_domain = each.value.fault_domain + freeform_tags = each.value.freeform_tags + source_type = each.value.source_type + source_image_id = length(regexall("ocid1.image.oc*", each.value.source_id)) > 0 || length(regexall("ocid1.bootvolume.oc*", each.value.source_id)) > 0 ? each.value.source_id : lookup(var.instance_source_ocids, each.value.source_id, null) + subnet_id = each.value.subnet_id != "" ? (length(regexall("ocid1.subnet.oc*", each.value.subnet_id)) > 0 ? each.value.subnet_id : data.oci_core_subnets.oci_subnets[each.key].subnets.*.id[0]) : null + assign_public_ip = each.value.assign_public_ip + ssh_public_keys = each.value.ssh_authorized_keys != null ? (length(regexall("ssh-rsa*", each.value.ssh_authorized_keys)) > 0 ? each.value.ssh_authorized_keys : lookup(var.instance_ssh_keys, each.value.ssh_authorized_keys, null)) : null + hostname_label = each.value.hostname_label + nsg_ids = each.value.nsg_ids + #nsg_ids = each.value.nsg_ids != [] ? [for nsg in each.value.nsg_ids : length(regexall("ocid1.networksecuritygroup.oc*",nsg)) > 0 ? nsg : merge(module.nsgs.*...)[nsg]["nsg_tf_id"]] : [] + boot_volume_size_in_gbs = each.value.boot_volume_size_in_gbs != null ? each.value.boot_volume_size_in_gbs : null + memory_in_gbs = each.value.memory_in_gbs != null ? each.value.memory_in_gbs : null + capacity_reservation_id = each.value.capacity_reservation_id != null ? lookup(var.capacity_reservation_ocids, each.value.capacity_reservation_id, null) : null + create_is_pv_encryption_in_transit_enabled = each.value.create_is_pv_encryption_in_transit_enabled + + boot_tf_policy = each.value.backup_policy != null ? each.value.backup_policy : null + policy_tf_compartment_id = each.value.policy_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.policy_compartment_id)) > 0 ? each.value.policy_compartment_id : var.compartment_ocids[each.value.policy_compartment_id]) : null + remote_execute = each.value.remote_execute != null ? each.value.remote_execute : null + bastion_ip = each.value.bastion_ip != null ? each.value.bastion_ip : null + cloud_init_script = each.value.cloud_init_script != null ? each.value.cloud_init_script : null + launch_options = each.value.launch_options + plugins_details = each.value.plugins_details + platform_config = each.value.platform_config != null ? each.value.platform_config : null + is_live_migration_preferred = each.value.is_live_migration_preferred + + # extended_metadata = each.value.extended_metadata + skip_source_dest_check = each.value.skip_source_dest_check != null ? each.value.skip_source_dest_check : null + baseline_ocpu_utilization = each.value.baseline_ocpu_utilization + # preemptible_instance_config = each.value.preemptible_instance_config + all_plugins_disabled = each.value.all_plugins_disabled + is_management_disabled = each.value.is_management_disabled + is_monitoring_disabled = each.value.is_monitoring_disabled + recovery_action = each.value.recovery_action + are_legacy_imds_endpoints_disabled = each.value.are_legacy_imds_endpoints_disabled + ipxe_script = each.value.ipxe_script + preserve_boot_volume = each.value.preserve_boot_volume + assign_private_dns_record = each.value.assign_private_dns_record + vlan_id = each.value.vlan_id + kms_key_id = each.value.kms_key_id + + # VNIC Details + vnic_defined_tags = each.value.vnic_defined_tags + vnic_freeform_tags = each.value.vnic_freeform_tags + vnic_display_name = each.value.vnic_display_name +} diff --git a/examples/compute/oci-data.tf b/examples/compute/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/compute/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/compute/provider.tf b/examples/compute/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/compute/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/compute/variables_example.tf b/examples/compute/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/compute/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/database/adb.tf b/examples/database/adb.tf new file mode 100755 index 0000000..ead0d5a --- /dev/null +++ b/examples/database/adb.tf @@ -0,0 +1,95 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +## Module Block - Autonomous database +## Create autonomous database +############################# +data "oci_core_subnets" "oci_subnets_adb" { + # depends_on = [module.subnets] # Uncomment to create Network and FSS together + #for_each = var.adb != null ? var.adb : {} + for_each = { for k, v in var.adb : k => v if v.vcn_name != null } + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.subnet_id + vcn_id = data.oci_core_vcns.oci_vcns_adb[each.key].virtual_networks.*.id[0] +} + +data "oci_core_vcns" "oci_vcns_adb" { + # depends_on = [module.vcns] # Uncomment to create Network and FSS together + #for_each = var.adb != null ? var.adb : {} + for_each = { for k, v in var.adb : k => v if v.vcn_name != null } + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.vcn_name +} + +module "adb" { + source = "./modules/database/adb" + for_each = var.adb != null ? var.adb : {} + # depends_on = [module.nsgs] + admin_password = each.value.admin_password + character_set = each.value.character_set + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + cpu_core_count = each.value.cpu_core_count + database_edition = each.value.database_edition + data_storage_size_in_tbs = each.value.data_storage_size_in_tbs + db_name = each.value.db_name + db_version = each.value.db_version + db_workload = each.value.db_workload + defined_tags = each.value.defined_tags + display_name = each.value.display_name + license_model = each.value.license_model + ncharacter_set = each.value.ncharacter_set + customer_contacts = each.value.customer_contacts + network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null + network_security_group_ids = each.value.nsg_ids + freeform_tags = each.value.freeform_tags + subnet_id = each.value.subnet_id != null ? (length(regexall("ocid1.subnet.oc*", each.value.subnet_id)) > 0 ? each.value.subnet_id : data.oci_core_subnets.oci_subnets_adb[each.key].subnets.*.id[0]) : null + vcn_name = each.value.vcn_name != null ? each.value.vcn_name : null + whitelisted_ips = each.value.whitelisted_ips + + #Optional parameters for ADB + # are_primary_whitelisted_ips_used = var.autonomous_database_are_primary_whitelisted_ips_used + # autonomous_container_database_id = oci_database_autonomous_container_database.test_autonomous_container_database.id + # autonomous_database_backup_id = oci_database_autonomous_database_backup.test_autonomous_database_backup.id + # autonomous_database_id = oci_database_autonomous_database.test_autonomous_database.id + # autonomous_maintenance_schedule_type = var.autonomous_database_autonomous_maintenance_schedule_type + # clone_type = var.autonomous_database_clone_type + # customer_contacts { + + #Optional + # email = var.autonomous_database_customer_contacts_email + # } + # data_safe_status = var.autonomous_database_data_safe_status + # data_storage_size_in_gb = var.autonomous_database_data_storage_size_in_gb + # is_access_control_enabled = var.autonomous_database_is_access_control_enabled + # is_auto_scaling_enabled = var.autonomous_database_is_auto_scaling_enabled + # is_auto_scaling_for_storage_enabled = var.autonomous_database_is_auto_scaling_for_storage_enabled + # is_data_guard_enabled = var.autonomous_database_is_data_guard_enabled + # is_dedicated = var.autonomous_database_is_dedicated + # is_free_tier = var.autonomous_database_is_free_tier + # is_local_data_guard_enabled = var.autonomous_database_is_local_data_guard_enabled + # is_mtls_connection_required = var.autonomous_database_is_mtls_connection_required + # is_preview_version_with_service_terms_accepted = var.autonomous_database_is_preview_version_with_service_terms_accepted + # kms_key_id = oci_kms_key.test_key.id + # max_cpu_core_count = var.autonomous_database_max_cpu_core_count + # ocpu_count = var.autonomous_database_ocpu_count + # private_endpoint_label = var.autonomous_database_private_endpoint_label + # refreshable_mode = var.autonomous_database_refreshable_mode + # scheduled_operations { + # #Required + # day_of_week { + # #Required + # name = var.autonomous_database_scheduled_operations_day_of_week_name + # } + + # #Optional + # scheduled_start_time = var.autonomous_database_scheduled_operations_scheduled_start_time + # scheduled_stop_time = var.autonomous_database_scheduled_operations_scheduled_stop_time + # } + # source = var.autonomous_database_source + # source_id = oci_database_source.test_source.id + # standby_whitelisted_ips = var.autonomous_database_standby_whitelisted_ips + # timestamp = var.autonomous_database_timestamp + # vault_id = oci_kms_vault.test_vault.id + # whitelisted_ips = var.autonomous_database_whitelisted_ips + +} \ No newline at end of file diff --git a/examples/database/backend.tf b/examples/database/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/database/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/database/database-exacs.tf b/examples/database/database-exacs.tf new file mode 100644 index 0000000..7dfc158 --- /dev/null +++ b/examples/database/database-exacs.tf @@ -0,0 +1,96 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################################ +# Module Block - Database +# Create ExaInfra +############################################ + +data "oci_core_subnets" "oci_exacs_subnets" { + # depends_on = [module.subnets] # Uncomment to create Network and Instances together + for_each = var.exa_vmclusters != null ? var.exa_vmclusters : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.cluster_subnet_id + vcn_id = data.oci_core_vcns.oci_exacs_vcns[each.key].virtual_networks.*.id[0] +} + +data "oci_core_subnets" "oci_exacs_backup_subnets" { + # depends_on = [module.subnets] # Uncomment to create Network and Instances together + for_each = var.exa_vmclusters != null ? var.exa_vmclusters : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.backup_subnet_id + vcn_id = data.oci_core_vcns.oci_exacs_vcns[each.key].virtual_networks.*.id[0] +} + +data "oci_core_vcns" "oci_exacs_vcns" { + # depends_on = [module.vcns] # Uncomment to create Network and Instances together + for_each = var.exa_vmclusters != null ? var.exa_vmclusters : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.vcn_name +} + +module "exa-infra" { + source = "./modules/database/exa-infra" + for_each = var.exa_infra != null ? var.exa_infra : {} + availability_domain = each.value.availability_domain != "" && each.value.availability_domain != null ? data.oci_identity_availability_domains.availability_domains.availability_domains[each.value.availability_domain].name : "" + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + display_name = each.value.display_name + shape = each.value.shape + compute_count = each.value.compute_count + # customer_contacts_email = each.value.customer_contacts_email + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + storage_count = each.value.storage_count + + #Optional + # maintenance_window_preference = each.value.maintenance_window_preference + # maintenance_window_days_of_week_name = each.value.maintenance_window_days_of_week_name + # maintenance_window_hours_of_day = each.value.maintenance_window_hours_of_day + # maintenance_window_lead_time_in_weeks = each.value.maintenance_window_lead_time_in_weeks + # maintenance_window_months_name = each.value.maintenance_window_months_name + # maintenance_window_weeks_of_month = each.value.maintenance_window_weeks_of_month +} + + +############################################ +# Module Block - Database +# Create ExaVMClusters +############################################ + +module "exa-vmclusters" { + depends_on = [module.exa-infra] + source = "./modules/database/exa-vmcluster" + + for_each = var.exa_vmclusters != null ? var.exa_vmclusters : {} + backup_subnet_id = each.value.backup_subnet_id != "" ? (length(regexall("ocid1.subnet.oc*", each.value.backup_subnet_id)) > 0 ? each.value.backup_subnet_id : data.oci_core_subnets.oci_exacs_backup_subnets[each.key].subnets.*.id[0]) : null + exadata_infrastructure_id = length(regexall("ocid1.cloudexadatainfrastructure.oc*", each.value.exadata_infrastructure_id)) > 0 ? each.value.exadata_infrastructure_id : merge(module.exa-infra.*...)[each.value.exadata_infrastructure_id].exainfra_tf_id + cpu_core_count = each.value.cpu_core_count + display_name = each.value.display_name + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + gi_version = each.value.gi_version + hostname = each.value.hostname + #ssh_public_keys = length(regexall("ssh-rsa*",each.value.ssh_public_key)) > 0 ? each.value.ssh_public_key : var.ssh_public_key + ssh_public_keys = lookup(var.exacs_ssh_keys, each.value.ssh_public_keys, var.exacs_ssh_keys["ssh_public_key"]) + // cluster_subnet_id = length(regexall("ocid1.subnet.oc*", each.value.cluster_subnet_id)) > 0 ? each.value.cluster_subnet_id : merge(module.subnets.*...)[each.value.cluster_subnet_id]["subnet_tf_id"] + network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null + vcn_names = [each.value.vcn_name] + cluster_subnet_id = each.value.cluster_subnet_id != "" ? (length(regexall("ocid1.subnet.oc*", each.value.cluster_subnet_id)) > 0 ? each.value.cluster_subnet_id : data.oci_core_subnets.oci_exacs_subnets[each.key].subnets.*.id[0]) : null + backup_network_nsg_ids = each.value.backup_network_nsg_ids != null ? each.value.backup_network_nsg_ids : [] + cluster_name = each.value.cluster_name + data_storage_percentage = each.value.data_storage_percentage + db_node_storage_size_in_gbs = each.value.db_node_storage_size_in_gbs != null ? each.value.db_node_storage_size_in_gbs : null + memory_size_in_gbs = each.value.memory_size_in_gbs != null ? each.value.memory_size_in_gbs : null + data_storage_size_in_tbs = each.value.data_storage_size_in_tbs != null ? each.value.data_storage_size_in_tbs : null + db_servers = each.value.db_servers != [] ? each.value.db_servers : [] + defined_tags = each.value.defined_tags + domain = each.value.domain + freeform_tags = each.value.freeform_tags + is_local_backup_enabled = each.value.is_local_backup_enabled + is_sparse_diskgroup_enabled = each.value.is_sparse_diskgroup_enabled + license_model = each.value.license_model + // nsg_ids = each.value.nsg_ids != null ? [for nsg in each.value.nsg_ids : length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? nsg : merge(module.nsgs.*...)[nsg]["nsg_tf_id"]] : null + nsg_ids = each.value.nsg_ids != null ? each.value.nsg_ids : [] + ocpu_count = each.value.ocpu_count + scan_listener_port_tcp = each.value.scan_listener_port_tcp + scan_listener_port_tcp_ssl = each.value.scan_listener_port_tcp_ssl + time_zone = each.value.time_zone +} \ No newline at end of file diff --git a/examples/database/dbsystem-vm-bm.tf b/examples/database/dbsystem-vm-bm.tf new file mode 100755 index 0000000..8cffe73 --- /dev/null +++ b/examples/database/dbsystem-vm-bm.tf @@ -0,0 +1,60 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################################ +# Module Block - Database +# Create DB Systems VM BM +############################################ +data "oci_core_subnets" "oci_dbsystems_subnets" { + # depends_on = [module.subnets] # Uncomment to create Network and Instances together + for_each = var.dbsystems_vm_bm != null ? var.dbsystems_vm_bm : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.subnet_id + vcn_id = data.oci_core_vcns.oci_dbsystems_vcns[each.key].virtual_networks.*.id[0] +} + +data "oci_core_vcns" "oci_dbsystems_vcns" { + # depends_on = [module.vcns] # Uncomment to create Network and Instances together + for_each = var.dbsystems_vm_bm != null ? var.dbsystems_vm_bm : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.vcn_name +} + +module "dbsystems-vm-bm" { + source = "./modules/database/dbsystem-vm-bm" + # depends_on = [module.nsgs] # Uncomment to create NSG and DB Systems together + for_each = var.dbsystems_vm_bm != null ? var.dbsystems_vm_bm : {} + availability_domain = each.value.availability_domain != "" && each.value.availability_domain != null ? data.oci_identity_availability_domains.availability_domains.availability_domains[each.value.availability_domain].name : "" + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + hostname = each.value.hostname + display_name = each.value.display_name + db_version = each.value.db_version + cluster_name = each.value.cluster_name + shape = each.value.shape + #ssh_public_key = length(regexall("ssh-rsa*",each.value.ssh_public_key)) > 0 ? each.value.ssh_public_key : var.ssh_public_key + ssh_public_keys = lookup(var.dbsystem_ssh_keys, each.value.ssh_public_keys, var.dbsystem_ssh_keys["ssh_public_key"]) + network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null + vcn_names = [each.value.vcn_name] + subnet_id = each.value.subnet_id != "" ? (length(regexall("ocid1.subnet.oc*", each.value.subnet_id)) > 0 ? each.value.subnet_id : data.oci_core_subnets.oci_dbsystems_subnets[each.key].subnets.*.id[0]) : null + node_count = each.value.node_count + nsg_ids = each.value.nsg_ids != null ? each.value.nsg_ids : [] + + time_zone = each.value.time_zone + cpu_core_count = each.value.cpu_core_count + database_edition = each.value.database_edition + data_storage_size_in_gb = each.value.data_storage_size_in_gb + data_storage_percentage = each.value.data_storage_percentage + disk_redundancy = each.value.disk_redundancy + license_model = each.value.license_model + pdb_name = each.value.pdb_name + db_name = each.value.db_name + db_home_display_name = each.value.db_home_display_name + admin_password = each.value.admin_password + db_workload = each.value.db_workload + auto_backup_enabled = each.value.auto_backup_enabled + character_set = each.value.character_set + ncharacter_set = each.value.ncharacter_set + recovery_window_in_days = each.value.recovery_window_in_days + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + +} \ No newline at end of file diff --git a/examples/database/oci-data.tf b/examples/database/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/database/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/database/provider.tf b/examples/database/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/database/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/database/variables_example.tf b/examples/database/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/database/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/dns/backend.tf b/examples/dns/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/dns/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/dns/dns.tf b/examples/dns/dns.tf new file mode 100644 index 0000000..4175ac5 --- /dev/null +++ b/examples/dns/dns.tf @@ -0,0 +1,213 @@ +#################### +### DNS-Resolver ### +#################### + + +data "oci_core_vcn_dns_resolver_association" "resolver_vcn_dns_resolver_association" { + for_each = var.resolvers != null ? var.resolvers : {} + vcn_id = data.oci_core_vcns.resolver_oci_vcns[each.key].virtual_networks.*.id[0] +} + +data "oci_core_vcns" "resolver_oci_vcns" { + # depends_on = [module.vcns] # Uncomment to create resolver and vcn together + for_each = var.resolvers != null ? var.resolvers : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.vcn_name +} + +### Data for Subnet ### + +locals { + subnets = flatten([ + for resolver_key, res in var.resolvers : [ + for e_key, endpoint in res.endpoint_names : { + vcn_name = res.vcn_name + network_compartment_id = res.network_compartment_id + subnet_name = endpoint.subnet_name + #subnet_name = trimprefix("${endpoint.subnet_name}", "${res.vcn_name}_") + resolver_key = resolver_key + endpoint_name = endpoint.name + } + ] + ]) +} + +data "oci_core_subnets" "resolver_oci_subnets" { + # depends_on = [module.subnets] # Uncomment to create resolver and subnets together + for_each = { for sn in local.subnets : "${sn.endpoint_name}_${sn.subnet_name}" => sn } + compartment_id = length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.subnet_name + vcn_id = data.oci_core_vcns.resolver_oci_vcns[each.value.resolver_key].virtual_networks.*.id[0] +} +### Data for NSGs### + +locals { + nsgs = flatten([ + for resolver_key, res in var.resolvers : [ + for e_key, endpoint in res.endpoint_names : [ + for nsg in endpoint.nsg_ids : { + vcn_name = res.vcn_name + network_compartment_id = res.network_compartment_id + nsg_name = nsg + resolver_key = resolver_key + endpoint_name = endpoint.name + } + ] + ] + ]) +} +data "oci_core_network_security_groups" "resolver_network_security_groups" { + for_each = { for nsg in local.nsgs : "${nsg.endpoint_name}_${nsg.nsg_name}" => nsg } + compartment_id = length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.nsg_name + vcn_id = data.oci_core_vcns.resolver_oci_vcns[each.value.resolver_key].virtual_networks.*.id[0] +} +### Data for Views ### +locals { + resolver_views = flatten([ + for resolver_key, res in var.resolvers : [ + for view_key, view in res.views : { + resolver_key = resolver_key + view_key = view_key + view_name = view.view_id + view_compartment = view.view_compartment_id + } + ] + ]) +} + +data "oci_dns_views" "resolver_views_data" { + #Required + for_each = { for rv in local.resolver_views : "${rv.view_key}" => rv } + compartment_id = length(regexall("ocid1.compartment.oc*", each.value.view_compartment)) > 0 ? each.value.view_compartment : var.compartment_ocids[each.value.view_compartment] + scope = "PRIVATE" + #Optional + display_name = each.value.view_name + state = "ACTIVE" +} + +### Module ### +module "dns-resolvers" { + source = "./modules/network/dns/dns_resolver" + # depends_on = [module.nsgs] # Uncomment to create NSG and DNS Resolvers together + for_each = var.resolvers != null ? var.resolvers : {} + target_resolver_id = data.oci_core_vcn_dns_resolver_association.resolver_vcn_dns_resolver_association[each.key].*.dns_resolver_id[0] + resolver_scope = "PRIVATE" + resolver_display_name = each.value.display_name != null ? each.value.display_name : null + views = each.value.views != null ? { + for v_key, view in each.value.views : v_key => { + view_id = length(regexall("ocid1.dnsview.oc*", view.view_id)) > 0 ? view.view_id : try(data.oci_dns_views.resolver_views_data["${v_key}"].views.*.id[0], module.dns-views[view.view_id]["dns_view_id"]) + } + } : null + + resolver_rules = each.value.resolver_rules != null ? each.value.resolver_rules : null + resolver_defined_tags = try(each.value.defined_tags, null) + resolver_freeform_tags = try(each.value.freeform_tags, null) + endpoint_names = each.value.endpoint_names != null ? { + for key, endpoint in each.value.endpoint_names : key => { + forwarding = endpoint.is_forwarding + listening = endpoint.is_listening + name = endpoint.name + #resolver_id = oci_dns_resolver.test_resolver.id + subnet_id = length(regexall("ocid1.subnet.oc*", endpoint.subnet_name)) > 0 ? endpoint.subnet_name : data.oci_core_subnets.resolver_oci_subnets["${endpoint.name}_${endpoint.subnet_name}"].subnets.*.id[0] + scope = "PRIVATE" + + #Optional + endpoint_type = "VNIC" + forwarding_address = endpoint.forwarding_address + listening_address = endpoint.listening_address + nsg_ids = endpoint.nsg_ids != null ? flatten(tolist([for nsg in endpoint.nsg_ids : (length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? [nsg] : data.oci_core_network_security_groups.resolver_network_security_groups["${endpoint.name}_${nsg}"].network_security_groups[*].id)])) : null + + } + } : null + +} + +################## +### DNS-RRsets ### +################## +data "oci_dns_views" "rrset_views_data" { + #Required + for_each = var.rrsets + compartment_id = each.value.view_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.view_compartment_id)) > 0 ? each.value.view_compartment_id : var.compartment_ocids[each.value.view_compartment_id]) : null + scope = "PRIVATE" + + #Optional + display_name = each.value.view_id + state = "ACTIVE" +} + +data "oci_dns_zones" "rrset_zones_data" { + for_each = { for k, v in var.rrsets : k => v if try(data.oci_dns_views.rrset_views_data[k].views.*.id[0], 0) != 0 } + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + + #Optional + name = each.value.zone_id + scope = "PRIVATE" + state = "ACTIVE" + view_id = length(regexall("ocid1.dnsview.oc*", each.value.view_id)) > 0 ? each.value.view_id : try(data.oci_dns_views.rrset_views_data[each.key].views.*.id[0], module.dns-views[each.value.view_id]["dns_view_id"]) +} + +module "dns-rrsets" { + source = "./modules/network/dns/rrset" + for_each = var.rrsets != null ? var.rrsets : {} + depends_on = [module.dns-views, module.dns-zones] + rrset_zone = try(data.oci_dns_zones.rrset_zones_data[each.key].zones.*.id[0], module.dns-zones[join("_", [each.value.view_id, replace(each.value.zone_id, ".", "_")])]["dns_zone_id"]) + #rrset_view_id = each.value.view_id != "" ? (length(regexall("ocid1.dnsview.oc*", each.value.view_id)) > 0 ? each.value.view_id : data.oci_dns_views.rrset_views_data[each.key].views.*.id[0]) : null + rrset_view_id = length(regexall("ocid1.dnsview.oc*", each.value.view_id)) > 0 ? each.value.view_id : try(data.oci_dns_views.rrset_views_data[each.key].views.*.id[0], module.dns-views[each.value.view_id]["dns_view_id"]) + rrset_domain = each.value.domain + rrset_rtype = each.value.rtype + rrset_ttl = each.value.ttl + #rrset_compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + rrset_rdata = each.value.rdata + rrset_scope = "PRIVATE" + +} +#output "zone_id" { +#value = { for key, value in var.rrsets: key => module.dns-zones[join("_", [value.view_id,replace(value.zone_id, ".", "_")])]["dns_zone_id"]} +#} +# +#output "zone_data" { +#value = { for key, value in var.rrsets: key => data.oci_dns_zones.rrset_zones_data[key].zones.*.id[0]} +#} + +################# +### DNS-Zones ### +################# +data "oci_dns_views" "zone_views_data" { + #Required + for_each = { for k, v in var.zones : k => v if v.view_id != null } + compartment_id = length(regexall("ocid1.compartment.oc*", each.value.view_compartment_id)) > 0 ? each.value.view_compartment_id : var.compartment_ocids[each.value.view_compartment_id] + scope = "PRIVATE" + display_name = each.value.view_id + state = "ACTIVE" +} + +module "dns-zones" { + source = "./modules/network/dns/zone" + depends_on = [module.dns-views] + for_each = { for k, v in var.zones : k => v if var.zones != null } + zone_compartment_id = length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id] + zone_name = each.value.display_name + zone_type = "PRIMARY" + zone_defined_tags = try(each.value.defined_tags, null) + zone_freeform_tags = try(each.value.freeform_tags, null) + #external_masters = each.value.external_masters != null ? each.value.external_masters : {} + zone_scope = "PRIVATE" + view_id = length(regexall("ocid1.dnsview.oc*", each.value.view_id)) > 0 ? each.value.view_id : try(data.oci_dns_views.zone_views_data[each.key].views.*.id[0], module.dns-views[each.value.view_id]["dns_view_id"]) +} + +################# +### DNS-Views ### +################# + +module "dns-views" { + source = "./modules/network/dns/view" + for_each = var.views != null ? var.views : {} + view_compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + view_display_name = each.value.display_name + view_scope = try((each.value.scope != null ? (each.value.scope == "PRIVATE" ? each.value.scope : null) : null), null) + view_defined_tags = try(each.value.defined_tags, null) + view_freeform_tags = try(each.value.freeform_tags, null) + +} \ No newline at end of file diff --git a/examples/dns/oci-data.tf b/examples/dns/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/dns/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/dns/provider.tf b/examples/dns/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/dns/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/dns/variables_example.tf b/examples/dns/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/dns/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/firewall/backend.tf b/examples/firewall/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/firewall/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/firewall/firewall.tf b/examples/firewall/firewall.tf new file mode 100644 index 0000000..4818d84 --- /dev/null +++ b/examples/firewall/firewall.tf @@ -0,0 +1,223 @@ +data "oci_core_vcns" "firewall_vcns" { + for_each = var.firewalls != null ? var.firewalls : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.vcn_name +} +data "oci_core_subnets" "firewall_subnets" { + for_each = var.firewalls != null ? var.firewalls : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.subnet_id + vcn_id = data.oci_core_vcns.firewall_vcns[each.key].virtual_networks.*.id[0] +} + +module "firewalls" { + source = "./modules/security/firewall/firewall" + for_each = var.firewalls != null ? var.firewalls : {} + depends_on = [module.policies, module.address_lists, module.application_groups, module.applications, module.services, module.service_lists, module.url_lists, module.decryption_profiles, module.secrets, module.security_rules, module.decryption_rules] + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : var.compartment_ocids[each.value.compartment_id] + network_firewall_policy_id = length(regexall("ocid1.networkfirewallpolicy.oc1.*", each.value.network_firewall_policy_id)) > 0 ? each.value.network_firewall_policy_id : merge(module.policies.*...)[each.value.network_firewall_policy_id]["policy_tf_id"] + subnet_id = each.value.subnet_id != "" ? (length(regexall("ocid1.subnet.oc*", each.value.subnet_id)) > 0 ? each.value.subnet_id : data.oci_core_subnets.firewall_subnets[each.key].subnets.*.id[0]) : null + display_name = each.value.display_name + ipv4address = each.value.ipv4address + ipv6address = each.value.ipv6address + availability_domain = each.value.availability_domain != "" && each.value.availability_domain != null ? data.oci_identity_availability_domains.availability_domains.availability_domains[each.value.availability_domain].name : "" + nsg_id = each.value.nsg_id + vcn_name = each.value.vcn_name + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + +} + +module "policies" { + source = "./modules/security/firewall/firewall-policy" + for_each = var.fw-policies != null ? var.fw-policies : {} + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : var.compartment_ocids[each.value.compartment_id] + display_name = each.value.display_name + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags +} + +module "services" { + source = "./modules/security/firewall/service" + for_each = var.services != null ? var.services : {} + depends_on = [module.policies] + service_name = each.value.service_name + network_firewall_policy_id = length(regexall("ocid1.networkfirewallpolicy.oc1.*", each.value.network_firewall_policy_id)) > 0 ? each.value.network_firewall_policy_id : merge(module.policies.*...)[each.value.network_firewall_policy_id]["policy_tf_id"] + service_type = each.value.service_type + port_ranges = each.value.port_ranges +} + +module "service_lists" { + source = "./modules/security/firewall/service-list" + for_each = var.service_lists != null ? var.service_lists : {} + depends_on = [module.services, module.policies] + service_list_name = each.value.service_list_name + network_firewall_policy_id = length(regexall("ocid1.networkfirewallpolicy.oc1.*", each.value.network_firewall_policy_id)) > 0 ? each.value.network_firewall_policy_id : merge(module.policies.*...)[each.value.network_firewall_policy_id]["policy_tf_id"] + services = each.value.services != null ? flatten(tolist([for sid in each.value.services : (length(regexall("ocid1.networkfirewallpolicy.oc*", sid)) > 0 ? merge(module.services.*...)[sid]["service+_tf_id"] : [sid])])) : null +} + +module "address_lists" { + source = "./modules/security/firewall/address-list" + for_each = var.address_lists != null ? var.address_lists : {} + depends_on = [module.policies] + address_list_name = each.value.address_list_name + network_firewall_policy_id = length(regexall("ocid1.networkfirewallpolicy.oc1.*", each.value.network_firewall_policy_id)) > 0 ? each.value.network_firewall_policy_id : merge(module.policies.*...)[each.value.network_firewall_policy_id]["policy_tf_id"] + address_type = each.value.address_type + addresses = each.value.addresses +} + +module "applications" { + source = "./modules/security/firewall/application" + for_each = var.applications != null ? var.applications : {} + depends_on = [module.policies] + icmp_type = each.value.icmp_type + app_list_name = each.value.app_list_name + network_firewall_policy_id = length(regexall("ocid1.networkfirewallpolicy.oc1.*", each.value.network_firewall_policy_id)) > 0 ? each.value.network_firewall_policy_id : merge(module.policies.*...)[each.value.network_firewall_policy_id]["policy_tf_id"] + app_type = each.value.app_type + icmp_code = each.value.icmp_code +} + +module "application_groups" { + source = "./modules/security/firewall/application-group" + for_each = var.application_groups != null ? var.application_groups : {} + depends_on = [module.policies, module.applications] + app_group_name = each.value.app_group_name + network_firewall_policy_id = length(regexall("ocid1.networkfirewallpolicy.oc1.*", each.value.network_firewall_policy_id)) > 0 ? each.value.network_firewall_policy_id : merge(module.policies.*...)[each.value.network_firewall_policy_id]["policy_tf_id"] + apps = each.value.apps != null ? flatten(tolist([for app in each.value.apps : (length(regexall("ocid1.networkfirewallpolicy.oc*", app)) > 0 ? merge(module.applications.*...)[app]["application_tf_id"] : [app])])) : null +} + +module "url_lists" { + source = "./modules/security/firewall/url-list" + for_each = var.url_lists != null ? var.url_lists : {} + depends_on = [module.policies] + urllist_name = each.value.urllist_name + network_firewall_policy_id = length(regexall("ocid1.networkfirewallpolicy.oc1.*", each.value.network_firewall_policy_id)) > 0 ? each.value.network_firewall_policy_id : merge(module.policies.*...)[each.value.network_firewall_policy_id]["policy_tf_id"] + #key_name = each.key + urls_details = each.value.urls +} + +module "security_rules" { + source = "./modules/security/firewall/security-rules" + for_each = var.security_rules != null ? var.security_rules : {} + depends_on = [module.policies, module.address_lists, module.application_groups, module.applications, module.services, module.service_lists, module.url_lists] + action = each.value.action + rule_name = each.value.rule_name + network_firewall_policy_id = length(regexall("ocid1.networkfirewallpolicy.oc1.*", each.value.network_firewall_policy_id)) > 0 ? each.value.network_firewall_policy_id : merge(module.policies.*...)[each.value.network_firewall_policy_id]["policy_tf_id"] + application = each.value.condition[0].application != null ? each.value.condition[0].application : [] + url = each.value.condition[0].url != null ? each.value.condition[0].url : [] + service = each.value.condition[0].service != null ? each.value.condition[0].service : [] + source_address = each.value.condition[0].source_address != null ? each.value.condition[0].source_address : [] + destination_address = each.value.condition[0].destination_address != null ? each.value.condition[0].destination_address : [] + /*application = each.value.condition != null ? each.value.condition.application : [] + url = each.value.condition != null ? each.value.condition.url : [] + service = each.value.condition != null ? each.value.condition.service : [] + source_address = each.value.condition != null ? each.value.condition.source_address : [] + destination_address = each.value.condition != null ? each.value.condition.destination_address : []*/ + inspection = each.value.inspection + after_rule = each.value.after_rule + before_rule = each.value.before_rule +} + +module "secrets" { + source = "./modules/security/firewall/secret" + for_each = var.secrets != null || var.secrets != {} ? var.secrets : {} + depends_on = [module.policies] + secret_name = each.value.secret_name + network_firewall_policy_id = length(regexall("ocid1.networkfirewallpolicy.oc1.*", each.value.network_firewall_policy_id)) > 0 ? each.value.network_firewall_policy_id : merge(module.policies.*...)[each.value.network_firewall_policy_id]["policy_tf_id"] + secret_source = each.value.secret_source + secret_type = each.value.secret_type + vault_secret_id = each.value.vault_secret_id + vault_name = each.value.vault_name + compartment_id = each.value.vault_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.vault_compartment_id)) > 0 ? each.value.vault_compartment_id : var.compartment_ocids[each.value.vault_compartment_id]) : var.compartment_ocids[each.value.vault_compartment_id] + version_number = each.value.version_number +} + +module "decryption_profiles" { + source = "./modules/security/firewall/decryption-profile" + for_each = var.decryption_profiles != null || var.decryption_profiles != {} ? var.decryption_profiles : {} + depends_on = [module.policies, module.secrets] + profile_name = each.value.profile_name + network_firewall_policy_id = length(regexall("ocid1.networkfirewallpolicy.oc1.*", each.value.network_firewall_policy_id)) > 0 ? each.value.network_firewall_policy_id : merge(module.policies.*...)[each.value.network_firewall_policy_id]["policy_tf_id"] + profile_type = each.value.profile_type + are_certificate_extensions_restricted = each.value.are_certificate_extensions_restricted + is_auto_include_alt_name = each.value.is_auto_include_alt_name + is_expired_certificate_blocked = each.value.is_expired_certificate_blocked + is_out_of_capacity_blocked = each.value.is_out_of_capacity_blocked + is_revocation_status_timeout_blocked = each.value.is_revocation_status_timeout_blocked + is_unknown_revocation_status_blocked = each.value.is_unknown_revocation_status_blocked + is_unsupported_cipher_blocked = each.value.is_unsupported_cipher_blocked + is_unsupported_version_blocked = each.value.is_unsupported_version_blocked + is_untrusted_issuer_blocked = each.value.is_untrusted_issuer_blocked +} + +module "decryption_rules" { + source = "./modules/security/firewall/decryption-rules" + for_each = var.decryption_rules != null ? var.decryption_rules : {} + depends_on = [module.policies, module.decryption_profiles, module.secrets, module.address_lists] + action = each.value.action + rule_name = each.value.rule_name + network_firewall_policy_id = length(regexall("ocid1.networkfirewallpolicy.oc1.*", each.value.network_firewall_policy_id)) > 0 ? each.value.network_firewall_policy_id : merge(module.policies.*...)[each.value.network_firewall_policy_id]["policy_tf_id"] + source_address = each.value.condition[0].source_address != null ? each.value.condition[0].source_address : [] + destination_address = each.value.condition[0].destination_address != null ? each.value.condition[0].destination_address : [] + after_rule = each.value.after_rule + before_rule = each.value.before_rule + decryption_profile = each.value.decryption_profile + secret = each.value.secret +} + + +############################# +# Module Block - Network Firewall Logging +# Create VCN Log Groups and Logs +############################# + +module "fw-log-groups" { + source = "./modules/managementservices/log-group" + for_each = (var.fw_log_groups != null || var.fw_log_groups != {}) ? var.fw_log_groups : {} + + # Log Groups + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + + display_name = each.value.display_name + + #Optional + defined_tags = each.value.defined_tags + description = each.value.description + freeform_tags = each.value.freeform_tags +} + +/* +output "vcn_log_group_map" { + value = [ for k,v in merge(module.vcn-log-groups.*...) : v.log_group_tf_id ] +} +*/ + +module "fw-logs" { + source = "./modules/managementservices/log" + for_each = (var.fw_logs != null || var.fw_logs != {}) ? var.fw_logs : {} + + # Logs + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + display_name = each.value.display_name + log_group_id = length(regexall("ocid1.loggroup.oc*", each.value.log_group_id)) > 0 ? each.value.log_group_id : merge(module.fw-log-groups.*...)[each.value.log_group_id]["log_group_tf_id"] + + log_type = each.value.log_type + #Required + source_category = each.value.category + source_resource = length(regexall("ocid1.*", each.value.resource)) > 0 ? each.value.resource : merge(module.firewalls.*...)[each.value.resource]["firewall_tf_id"] + source_service = each.value.service + source_type = each.value.source_type + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + log_is_enabled = (each.value.is_enabled == "" || each.value.is_enabled == null) ? true : each.value.is_enabled + log_retention_duration = (each.value.retention_duration == "" || each.value.retention_duration == null) ? 30 : each.value.retention_duration + +} + +/* +output "vcn_logs_id" { + value = [ for k,v in merge(module.vcn-logs.*...) : v.log_tf_id] +} +*/ diff --git a/examples/firewall/oci-data.tf b/examples/firewall/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/firewall/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/firewall/provider.tf b/examples/firewall/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/firewall/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/firewall/variables_example.tf b/examples/firewall/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/firewall/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/fss/backend.tf b/examples/fss/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/fss/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/fss/fss.tf b/examples/fss/fss.tf new file mode 100644 index 0000000..dbe367f --- /dev/null +++ b/examples/fss/fss.tf @@ -0,0 +1,149 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Module Block - Storage +# Create FSS +############################ + +data "oci_core_subnets" "oci_subnets_fss" { + # depends_on = [module.subnets] # Uncomment to create Network and FSS together + for_each = var.mount_targets != null ? var.mount_targets : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.subnet_id + vcn_id = data.oci_core_vcns.oci_vcns_fss[each.key].virtual_networks.*.id[0] +} + +data "oci_core_vcns" "oci_vcns_fss" { + # depends_on = [module.vcns] # Uncomment to create Network and FSS together + for_each = var.mount_targets != null ? var.mount_targets : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.vcn_name +} + +module "mts" { + # depends_on = [module.nsgs] # Uncomment to execute NSG and Mount Target together + #Required + source = "./modules/storage/file-storage/mount-target" + for_each = (var.mount_targets != null || var.mount_targets != {}) ? var.mount_targets : {} + #Required + availability_domain = each.value.availability_domain != null && each.value.availability_domain != null ? data.oci_identity_availability_domains.availability_domains.availability_domains[each.value.availability_domain].name : null + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + subnet_id = length(regexall("ocid1.subnet.oc*", each.value.subnet_id)) > 0 ? each.value.subnet_id : data.oci_core_subnets.oci_subnets_fss[each.key].subnets.*.id[0] + vcn_names = [each.value.vcn_name] + + #Optional + defined_tags = each.value.defined_tags + display_name = each.value.display_name + freeform_tags = each.value.freeform_tags + hostname_label = each.value.hostname_label + ip_address = each.value.ip_address + #nsg_ids = [for nsg in each.value.nsg_ids : length(regexall("ocid1.networksecuritygroup.oc*",nsg)) > 0 ? nsg : merge(module.nsgs.*...)[nsg]["nsg_tf_id"]] + #nsg_ids = each.value.nsg_ids == [] ? null : ([for nsg in each.value.nsg_ids : (length(regexall("ocid1.networksecuritygroup.oc*",nsg)) > 0 ? nsg : data.oci_core_network_security_groups.network_security_groups[nsg].network_security_groups[*].id)]) + network_security_group_ids = each.value.nsg_ids +} + +module "fss" { + #Required + source = "./modules/storage/file-storage/fss" + for_each = (var.fss != null || var.fss != {}) ? var.fss : {} + + #Required + availability_domain = each.value.availability_domain != null && each.value.availability_domain != null ? data.oci_identity_availability_domains.availability_domains.availability_domains[each.value.availability_domain].name : null + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + + #Optional + defined_tags = each.value.defined_tags + display_name = each.value.display_name + freeform_tags = each.value.freeform_tags + kms_key_id = each.value.kms_key_id + source_snapshot_id = each.value.source_snapshot != null ? (length(regexall("ocid1.snapshot.oc*", each.value.source_snapshot)) > 0 ? each.value.source_snapshot : lookup(var.fss_source_ocids,each.value.source_snapshot,null)): null + filesystem_snapshot_policy_id = each.value.snapshot_policy + policy_compartment_id = each.value.policy_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.policy_compartment_id)) > 0 ? each.value.policy_compartment_id : var.compartment_ocids[each.value.policy_compartment_id]) : var.compartment_ocids[each.value.compartment_id] +} + +module "fss-export-options" { + #Required + source = "./modules/storage/file-storage/export-option" + for_each = (var.nfs_export_options != null || var.nfs_export_options != {}) ? var.nfs_export_options : {} + + #Required + export_set_id = length(regexall("ocid1.mounttarget.oc*", each.value.export_set_id)) > 0 ? each.value.export_set_id : merge(module.mts.*...)[each.value.export_set_id]["mt_exp_set_id"] + file_system_id = length(regexall("ocid1.filesystem.oc*", each.value.file_system_id)) > 0 ? each.value.file_system_id : merge(module.fss.*...)[each.value.file_system_id]["fss_tf_id"] + export_path = each.value.path + nfs_export_options = var.nfs_export_options + key_name = each.key +} + +module "fss-replication" { + #Required + source = "./modules/storage/file-storage/fss-replication" + for_each = (var.fss_replication != null || var.fss_replication != {}) ? var.fss_replication : {} + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + source_id = length(regexall("ocid1.filesystem.oc1*", each.value.source_id)) > 0 ? each.value.source_id : merge(module.fss.*...)[each.value.source_id]["fss_tf_id"] + target_id = length(regexall("ocid1.filesystem.oc1*", each.value.target_id)) > 0 ? each.value.target_id : merge(module.fss.*...)[each.value.target_id]["fss_tf_id"] + #Optional + defined_tags = each.value.defined_tags + display_name = each.value.display_name + freeform_tags = each.value.freeform_tags + replication_interval = each.value.replication_interval + +} + +############################# +# Module Block - FSS Logging +# Create Log Groups and Logs +############################# + +module "nfs-log-groups" { + source = "./modules/managementservices/log-group" + for_each = (var.nfs_log_groups != null || var.nfs_log_groups != {}) ? var.nfs_log_groups : {} + + # Log Groups + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + + display_name = each.value.display_name + + #Optional + defined_tags = each.value.defined_tags + description = each.value.description + freeform_tags = each.value.freeform_tags +} + +/* +output "log_group_map" { + value = [ for k,v in merge(module.loadbalancer-log-groups.*...) : v.log_group_tf_id ] +} +*/ + +module "nfs-logs" { + source = "./modules/managementservices/log" + for_each = (var.nfs_logs != null || var.nfs_logs != {}) ? var.nfs_logs : {} + + # Logs + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + display_name = each.value.display_name + log_group_id = length(regexall("ocid1.loggroup.oc*", each.value.log_group_id)) > 0 ? each.value.log_group_id : merge(module.nfs-log-groups.*...)[each.value.log_group_id]["log_group_tf_id"] + + log_type = each.value.log_type + #Required + source_category = each.value.category + source_resource = length(regexall("ocid1.*", each.value.resource)) > 0 ? each.value.resource : merge(module.mts.*...)[each.value.resource]["mt_tf_id"] + source_service = each.value.service + source_type = each.value.source_type + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + log_is_enabled = (each.value.is_enabled == "" || each.value.is_enabled == null) ? true : each.value.is_enabled + log_retention_duration = (each.value.retention_duration == "" || each.value.retention_duration == null) ? 30 : each.value.retention_duration + +} + +/* +output "logs_id" { + value = [ for k,v in merge(module.loadbalancer-logs.*...) : v.log_tf_id] +} +*/ diff --git a/examples/fss/oci-data.tf b/examples/fss/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/fss/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/fss/provider.tf b/examples/fss/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/fss/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/fss/variables_example.tf b/examples/fss/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/fss/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/identity/backend.tf b/examples/identity/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/identity/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/identity/identity.tf b/examples/identity/identity.tf new file mode 100644 index 0000000..a83c307 --- /dev/null +++ b/examples/identity/identity.tf @@ -0,0 +1,280 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Module Block - Identity +# Create Compartments +############################ + +module "iam-compartments" { + source = "./modules/identity/iam-compartment" + for_each = var.compartments.root != null ? var.compartments.root : {} + + # insert the 4 required variables here + tenancy_ocid = var.tenancy_ocid + compartment_id = each.value.parent_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.parent_compartment_id)) > 0 ? each.value.parent_compartment_id : try(var.compartment_ocids[each.value.parent_compartment_id], zipmap(data.oci_identity_compartments.compartments.compartments.*.name, data.oci_identity_compartments.compartments.compartments.*.id)[each.value.parent_compartment_id])) : var.tenancy_ocid + compartment_name = each.value.name + compartment_description = each.value.description + enable_delete = each.value.enable_delete + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags +} + +module "sub-compartments-level1" { + source = "./modules/identity/iam-compartment" + for_each = var.compartments.compartment_level1 != null ? var.compartments.compartment_level1 : {} + + depends_on = [module.iam-compartments] + # insert the 4 required variables here + tenancy_ocid = var.tenancy_ocid + compartment_id = length(regexall("ocid1.compartment.oc*", each.value.parent_compartment_id)) > 0 ? each.value.parent_compartment_id : try(merge(module.iam-compartments.*...)[each.value.parent_compartment_id]["compartment_tf_id"], var.compartment_ocids[each.value.parent_compartment_id], zipmap(data.oci_identity_compartments.compartments.compartments.*.name, data.oci_identity_compartments.compartments.compartments.*.id)[each.value.parent_compartment_id]) + compartment_name = each.value.name + compartment_description = each.value.description + enable_delete = each.value.enable_delete + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags +} + +module "sub-compartments-level2" { + source = "./modules/identity/iam-compartment" + for_each = var.compartments.compartment_level2 != null ? var.compartments.compartment_level2 : {} + + depends_on = [module.sub-compartments-level1] + # insert the 4 required variables here + tenancy_ocid = var.tenancy_ocid + compartment_id = length(regexall("ocid1.compartment.oc*", each.value.parent_compartment_id)) > 0 ? each.value.parent_compartment_id : try(merge(module.sub-compartments-level1.*...)[each.value.parent_compartment_id]["compartment_tf_id"], var.compartment_ocids[each.value.parent_compartment_id], zipmap(data.oci_identity_compartments.compartments.compartments.*.name, data.oci_identity_compartments.compartments.compartments.*.id)[each.value.parent_compartment_id]) + compartment_name = each.value.name + compartment_description = each.value.description + + enable_delete = each.value.enable_delete + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags +} + +module "sub-compartments-level3" { + source = "./modules/identity/iam-compartment" + for_each = var.compartments.compartment_level3 != null ? var.compartments.compartment_level3 : {} + + depends_on = [module.sub-compartments-level2] + # insert the 4 required variables here + tenancy_ocid = var.tenancy_ocid + compartment_id = length(regexall("ocid1.compartment.oc*", each.value.parent_compartment_id)) > 0 ? each.value.parent_compartment_id : try(merge(module.sub-compartments-level2.*...)[each.value.parent_compartment_id]["compartment_tf_id"], var.compartment_ocids[each.value.parent_compartment_id], zipmap(data.oci_identity_compartments.compartments.compartments.*.name, data.oci_identity_compartments.compartments.compartments.*.id)[each.value.parent_compartment_id]) + compartment_name = each.value.name + compartment_description = each.value.description + enable_delete = each.value.enable_delete + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags +} + +module "sub-compartments-level4" { + source = "./modules/identity/iam-compartment" + for_each = var.compartments.compartment_level4 != null ? var.compartments.compartment_level4 : {} + + depends_on = [module.sub-compartments-level3] + # insert the 4 required variables here + tenancy_ocid = var.tenancy_ocid + compartment_id = length(regexall("ocid1.compartment.oc*", each.value.parent_compartment_id)) > 0 ? each.value.parent_compartment_id : try(merge(module.sub-compartments-level3.*...)[each.value.parent_compartment_id]["compartment_tf_id"], var.compartment_ocids[each.value.parent_compartment_id], zipmap(data.oci_identity_compartments.compartments.compartments.*.name, data.oci_identity_compartments.compartments.compartments.*.id)[each.value.parent_compartment_id]) + compartment_name = each.value.name + compartment_description = each.value.description + enable_delete = each.value.enable_delete + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags +} + +module "sub-compartments-level5" { + source = "./modules/identity/iam-compartment" + for_each = var.compartments.compartment_level5 != null ? var.compartments.compartment_level5 : {} + + depends_on = [module.sub-compartments-level4] + # insert the 4 required variables here + tenancy_ocid = var.tenancy_ocid + compartment_id = length(regexall("ocid1.compartment.oc*", each.value.parent_compartment_id)) > 0 ? each.value.parent_compartment_id : try(merge(module.sub-compartments-level4.*...)[each.value.parent_compartment_id]["compartment_tf_id"], var.compartment_ocids[each.value.parent_compartment_id], zipmap(data.oci_identity_compartments.compartments.compartments.*.name, data.oci_identity_compartments.compartments.compartments.*.id)[each.value.parent_compartment_id]) + compartment_name = each.value.name + compartment_description = each.value.description + enable_delete = each.value.enable_delete + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags +} + +/* +output "root_compartments_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + #value = element(concat(oci_identity_compartment.this.*.id, tolist([""])), 0) + value = [ for k,v in merge(module.iam-compartments.*...) : v.compartment_id] +} + +output "sub_compartments_level1_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + #value = element(concat(oci_identity_compartment.this.*.id, tolist([""])), 0) + value = [ for k,v in merge(module.sub-compartments-level1.*...) : v.compartment_id] +} + +output "sub_compartments_level2_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + #value = element(concat(oci_identity_compartment.this.*.id, tolist([""])), 0) + value = [ for k,v in merge(module.sub-compartments-level2.*...) : v.compartment_id] +} + +output "sub_compartments_level3_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + #value = element(concat(oci_identity_compartment.this.*.id, tolist([""])), 0) + value = [ for k,v in merge(module.sub-compartments-level3.*...) : v.compartment_id] +} + +output "sub_compartments_level4_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + #value = element(concat(oci_identity_compartment.this.*.id, tolist([""])), 0) + value = [ for k,v in merge(module.sub-compartments-level4.*...) : v.compartment_id] +} + +output "sub_compartments_level5_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + #value = element(concat(oci_identity_compartment.this.*.id, tolist([""])), 0) + value = [ for k,v in merge(module.sub-compartments-level5.*...) : v.compartment_id] +} +*/ + + +############################ +# Module Block - Identity +# Create Groups +############################ + +module "iam-groups" { + source = "./modules/identity/iam-group" + for_each = var.groups + + tenancy_ocid = var.tenancy_ocid + group_name = each.value.group_name + group_description = each.value.group_description + matching_rule = each.value.matching_rule + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags +} + +/* +output "group_id_map" { + value = [ for k,v in merge(module.iam-groups.*...) : v.group_id_map] +} + + +output "dynamic_group_id_map" { + value = [ for k,v in merge(module.iam-groups.*...) : v.dynamic_group_id_map] +} +*/ + +############################ +# Module Block - Identity +# Create Policies +############################ + +module "iam-policies" { + source = "./modules/identity/iam-policy" + for_each = var.policies + + depends_on = [module.iam-groups] + tenancy_ocid = var.tenancy_ocid + policy_name = each.value.name + policy_compartment_id = each.value.compartment_id != "root" ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : var.tenancy_ocid + policy_description = each.value.policy_description + policy_statements = each.value.policy_statements + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + policy_version_date = each.value.policy_version_date +} + +/* +output "policies_id_map" { + value = [ for k,v in merge(module.iam-policies.*...) : v.policies_id_map] +} +*/ + +############################ +# Module Block - Identity +# Create Users +############################ + +module "iam-users" { + source = "./modules/identity/iam-user" + depends_on = [module.iam-groups] + for_each = var.users + user_name = each.value.name + user_description = each.value.description + user_email = each.value.email + group_membership = each.value.group_membership != null ? each.value.group_membership : null + #group_membership = each.value.group_membership != null ? length(regexall("ocid1.groupmembership.oc*", each.value.group_membership.0)) > 0 ? each.value.group_membership.0 : merge(module.iam-groups.*...)[each.value.group_membership.0]["group_tf_id"] : null + tenancy_ocid = var.tenancy_ocid + disable_capabilities = each.value.disable_capabilities != null ? each.value.disable_capabilities : null + + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags +} + + + +############################ +# Module - Network Source +# Create Network Source +############################ + +#locals { +# +#vcns = flatten ([ +#for key, val in var.networkSources : [ +# for k,virtual_source in val.virtual_source_list != null ? val.virtual_source_list : [] :{ +# vcn_name = virtual_source.vcn_name.0 +# network_compartment = virtual_source.network_compartment_id.0 +# } +# ] +#]) +#} + +#data "oci_core_vcns" "oci_vcns_networksource" { +# +# for_each = { for vcn in local.vcns : vcn.vcn_name => vcn... } +# display_name = each.key +# compartment_id = var.compartment_ocids[each.value[0].network_compartment] +#} + +module "iam-network-sources" { + source = "./modules/identity/iam-network-sources" + for_each = var.networkSources + name = each.value.name + description = each.value.description + tenancy_ocid = var.tenancy_ocid + + #Optional + public_source_list = each.value.public_source_list != null ? each.value.public_source_list : null + #virtual_source_list = each.value.virtual_source_list != null ? each.value.virtual_source_list : null + virtual_source_list = { for k, v in each.value.virtual_source_list != null ? each.value.virtual_source_list : [] : k => + { + #vcn_id = data.oci_core_vcns.oci_vcns_networksource[v.vcn_name.0].virtual_networks.*.id[0] + ip_ranges = v.ip_ranges + } } + #vcn_comp_map = each.value.vcn_comp_map != null ? each.value.vcn_comp_map : null + defined_tags = try(each.value.defined_tags, null) + freeform_tags = try(each.value.freeform_tags, null) +} \ No newline at end of file diff --git a/examples/identity/oci-data.tf b/examples/identity/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/identity/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/identity/provider.tf b/examples/identity/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/identity/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/identity/variables_example.tf b/examples/identity/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/identity/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/kms/backend.tf b/examples/kms/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/kms/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/kms/kms.tf b/examples/kms/kms.tf new file mode 100644 index 0000000..d6bd1f5 --- /dev/null +++ b/examples/kms/kms.tf @@ -0,0 +1,41 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################################ +# Module Block - Security +# Create KMS Vault and Key +############################################ + +module "vaults" { + source = "./modules/security/vault" + for_each = var.vaults != null ? var.vaults : {} + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + + #Optional + defined_tags = each.value.defined_tags + display_name = each.value.display_name + freeform_tags = each.value.freeform_tags + vault_type = each.value.vault_type + replica_region = each.value.replica_region +} + +module "keys" { + source = "./modules/security/key" + for_each = var.keys != null ? var.keys : {} + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + + #Optional + defined_tags = each.value.defined_tags + display_name = each.value.display_name + freeform_tags = each.value.freeform_tags + algorithm = each.value.algorithm != null ? each.value.algorithm : "AES" + length = each.value.length != null ? each.value.length : 32 + curve_id = each.value.curve_id != null?each.value.curve_id: null + management_endpoint = merge(module.vaults.*...)[each.value.vault_name]["management_endpoint_tf_id"] + protection_mode = each.value.protection_mode + is_auto_rotation_enabled = each.value.is_auto_rotation_enabled + rotation_interval_in_days = each.value.rotation_interval_in_days !=null ? each.value.rotation_interval_in_days : 60 +} \ No newline at end of file diff --git a/examples/kms/oci-data.tf b/examples/kms/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/kms/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/kms/provider.tf b/examples/kms/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/kms/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/kms/variables_example.tf b/examples/kms/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/kms/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/loadbalancer/backend.tf b/examples/loadbalancer/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/loadbalancer/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/loadbalancer/loadbalancer.tf b/examples/loadbalancer/loadbalancer.tf new file mode 100644 index 0000000..b3831f5 --- /dev/null +++ b/examples/loadbalancer/loadbalancer.tf @@ -0,0 +1,358 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Module Block - Network +# Create Load Balancers +############################ + +/* +data "oci_certificates_management_certificates" "certificates_backendsets" { + for_each = var.backend_sets != null ? var.backend_sets : {} + #Optional + compartment_id = each.value.instance_compartment != null ? (length(regexall("ocid1.compartment.oc*", each.value.instance_compartment)) > 0 ? each.value.instance_compartment : var.compartment_ocids[each.value.instance_compartment]) : var.tenancy_ocid + name = each.value.certificate_name + state = "AVAILABLE" +} +*/ + +data "oci_core_instances" "instances" { + # depends_on = [module.instances] # Uncomment to create Compute and Load Balancers together + for_each = var.backends != null ? var.backends : {} + state = "RUNNING" + #Required + compartment_id = each.value.instance_compartment != null && each.value.instance_compartment != "" ? (length(regexall("ocid1.compartment.oc*", each.value.instance_compartment)) > 0 ? each.value.instance_compartment : var.compartment_ocids[each.value.instance_compartment]) : var.tenancy_ocid +} + +data "oci_core_instance" "instance_ip" { + for_each = { for k, v in var.backends : k => v.ip_address if length(regexall("IP:*", v.ip_address)) == 0 } + instance_id = merge(local.instance.ocid.*...)[split("NAME:", each.value)[1]][0] +} + +locals { + instance = { + for instances in data.oci_core_instances.instances : + "ocid" => { for instance in instances.instances : instance.display_name => instance.id... }... + } +} + +module "load-balancers" { + # depends_on = [module.vcns, module.subnets,module.nsgs] # Uncomment to execute Networking and Load Balancer together + source = "./modules/loadbalancer/lb-load-balancer" + for_each = var.load_balancers != null ? var.load_balancers : {} + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + vcn_names = [each.value.vcn_name] + + display_name = each.value.display_name + shape = each.value.shape != null ? each.value.shape : "100Mbps" # Default value as per OCI + #subnet_ids = flatten(tolist([for subnet in each.value.subnet_names : (length(regexall("ocid1.subnet.oc*", subnet)) > 0 ? [subnet] : data.oci_core_subnets.oci_subnets_lbs[subnet].subnets[*].id)])) + subnet_ids = each.value.subnet_ids + network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + ip_mode = each.value.ip_mode + is_private = each.value.is_private + network_security_group_ids = each.value.nsg_ids + key_name = each.key + load_balancers = var.load_balancers + reserved_ips_id = each.value.reserved_ips_id != null ? (lower(each.value.reserved_ips_id) != "n" ? (length(regexall("ocid1.publicip.oc*", each.value.reserved_ips_id)) > 0 ? [each.value.reserved_ips_id] : [merge(module.lbr-reserved-ips.*...)[join("-", [each.key, "reserved", "ip"])].reserved_ip_tf_id]) : []) : [] +} + +/* +output "load_balancer_id_map" { + value = [ for k,v in merge(module.load-balancers.*...) : v.load_balancer_tf_id ] +} +*/ + +module "hostnames" { + source = "./modules/loadbalancer/lb-hostname" + for_each = var.hostnames != null ? var.hostnames : {} + + #Required + hostname = each.value.hostname + load_balancer_id = length(regexall("ocid1.loadbalancer.oc*", each.value.load_balancer_id)) > 0 ? each.value.load_balancer_id : merge(module.load-balancers.*...)[each.value.load_balancer_id]["load_balancer_tf_id"] + name = each.value.name +} + +/* +output "hostnames_id_map" { + value = [ for k,v in merge(module.hostnames.*...) : v.hostname_tf_id ] +} +*/ + +module "certificates" { + source = "./modules/loadbalancer/lb-certificate" + for_each = var.certificates != null ? var.certificates : {} + + #Required + certificate_name = each.value.certificate_name + load_balancer_id = length(regexall("ocid1.loadbalancer.oc*", each.value.load_balancer_id)) > 0 ? each.value.load_balancer_id : merge(module.load-balancers.*...)[each.value.load_balancer_id]["load_balancer_tf_id"] + + #Optional + ca_certificate = each.value.ca_certificate != null ? file(each.value.ca_certificate) : null + passphrase = each.value.passphrase + private_key = each.value.private_key != null ? file(each.value.private_key) : null + public_certificate = each.value.public_certificate != null ? file(each.value.public_certificate) : null +} + +/* +output "certificates_id_map" { + value = [ for k,v in merge(module.certificates.*...) : v.certificate_tf_id ] +} +*/ + +module "cipher-suites" { + source = "./modules/loadbalancer/lb-cipher-suite" + for_each = var.cipher_suites != null ? var.cipher_suites : {} + + #Required + ciphers = each.value.ciphers + name = each.value.name + load_balancer_id = length(regexall("ocid1.loadbalancer.oc*", each.value.load_balancer_id)) > 0 ? each.value.load_balancer_id : merge(module.load-balancers.*...)[each.value.load_balancer_id]["load_balancer_tf_id"] + +} + +/* +output "cipher_suites_id_map" { + value = [ for k,v in merge(module.cipher-suites.*...) : v.cipher_suite_tf_id ] +} +*/ + +module "backend-sets" { + source = "./modules/loadbalancer/lb-backend-set" + for_each = var.backend_sets != null ? var.backend_sets : {} + + #Required + protocol = each.value.protocol + + #Optional + interval_ms = each.value.interval_ms + is_force_plain_text = each.value.is_force_plain_text + port = each.value.port + response_body_regex = each.value.response_body_regex + retries = each.value.retries + return_code = each.value.return_code + timeout_in_millis = each.value.timeout_in_millis + url_path = each.value.url_path + + load_balancer_id = length(regexall("ocid1.loadbalancer.oc*", each.value.load_balancer_id)) > 0 ? each.value.load_balancer_id : merge(module.load-balancers.*...)[each.value.load_balancer_id]["load_balancer_tf_id"] + name = each.value.name + policy = each.value.policy + backend_sets = var.backend_sets + certificate_name = each.value.certificate_name != null ? merge(module.certificates.*...)[each.value.certificate_name]["certificate_tf_name"] : null + cipher_suite_name = each.value.cipher_suite_name != null ? (length(regexall("oci-default-ssl", each.value.cipher_suite_name)) < 0 ? merge(module.cipher-suites.*...)[each.value.cipher_suite_name]["cipher_suite_tf_name"] : "") : null + key_name = each.key + +} + +/* +output "backend_sets_id_map" { + value = [ for k,v in merge(module.backend-sets.*...) : v.backend_set_tf_id ] +} +*/ + +module "backends" { + depends_on = [module.backend-sets] + source = "./modules/loadbalancer/lb-backend" + for_each = var.backends != null ? var.backends : {} + + #Required + backendset_name = merge(module.backend-sets.*...)[each.value.backendset_name].backend_set_tf_name + ip_address = each.value.ip_address != "" ? (length(regexall("IP:", each.value.ip_address)) > 0 ? split("IP:", each.value.ip_address)[1] : data.oci_core_instance.instance_ip[each.key].private_ip) : null + load_balancer_id = length(regexall("ocid1.loadbalancer.oc*", each.value.load_balancer_id)) > 0 ? each.value.load_balancer_id : merge(module.load-balancers.*...)[each.value.load_balancer_id]["load_balancer_tf_id"] + port = each.value.port + + #Optional + backup = each.value.backup + drain = each.value.drain + offline = each.value.offline + weight = each.value.weight != null ? each.value.weight : "1" +} + +/* +output "backends_id_map" { + value = [ for k,v in merge(module.backends.*...) : v.backend_tf_id ] +} +*/ + +module "listeners" { + source = "./modules/loadbalancer/lb-listener" + for_each = var.listeners != null ? var.listeners : {} + + #Required + default_backend_set_name = merge(module.backend-sets.*...)[each.value.default_backend_set_name].backend_set_tf_name + load_balancer_id = length(regexall("ocid1.loadbalancer.oc*", each.value.load_balancer_id)) > 0 ? each.value.load_balancer_id : merge(module.load-balancers.*...)[each.value.load_balancer_id]["load_balancer_tf_id"] + name = each.value.name + port = each.value.port + protocol = each.value.protocol + + #Optional + listeners = var.listeners + certificate_name = each.value.certificate_name != null ? merge(module.certificates.*...)[each.value.certificate_name]["certificate_tf_name"] : null + cipher_suite_name = each.value.cipher_suite_name != null ? (length(regexall("oci-default-ssl", each.value.cipher_suite_name)) < 0 ? each.value.cipher_suite_name : null) : null + key_name = each.key + hostname_names = each.value.hostname_names != null ? flatten(tolist([for hostnames in each.value.hostname_names : merge(module.hostnames.*...)[hostnames].hostname_tf_name])) : null + path_route_set_name = each.value.path_route_set_name != null ? merge(module.path-route-sets.*...)[each.value.path_route_set_name].path_route_set_tf_name : null + routing_policy_name = each.value.routing_policy_name #TODO + rule_set_names = each.value.rule_set_names != null ? flatten(tolist([for rules in each.value.rule_set_names : merge(module.rule-sets.*...)[rules].rule_set_tf_name])) : null +} + +/* +output "listeners_id_map" { + value = [ for k,v in merge(module.listeners.*...) : v.listener_tf_id ] +} +*/ + +module "path-route-sets" { + depends_on = [module.backend-sets] + source = "./modules/loadbalancer/lb-path-route-set" + for_each = var.path_route_sets != null ? var.path_route_sets : {} + + #Required + load_balancer_id = length(regexall("ocid1.loadbalancer.oc*", each.value.load_balancer_id)) > 0 ? each.value.load_balancer_id : merge(module.load-balancers.*...)[each.value.load_balancer_id]["load_balancer_tf_id"] + name = each.value.name + + #Optional + path_route_sets = var.path_route_sets + key_name = each.key +} + +/* +output "path_route_sets_id_map" { + value = [ for k,v in merge(module.path-route-sets.*...) : v.path_route_set_tf_id ] +} +*/ + +module "rule-sets" { + source = "./modules/loadbalancer/lb-rule-set" + for_each = var.rule_sets != null ? var.rule_sets : {} + + #Required + load_balancer_id = length(regexall("ocid1.loadbalancer.oc*", each.value.load_balancer_id)) > 0 ? each.value.load_balancer_id : merge(module.load-balancers.*...)[each.value.load_balancer_id]["load_balancer_tf_id"] + name = each.value.name + + #Optional + rule_sets = var.rule_sets + key_name = each.key +} + +/* +output "rule_sets_id_map" { + value = [ for k,v in merge(module.rule-sets.*...) : v.rule_set_tf_id ] +} +*/ + +############################# +# Module Block - LBaaS Logging +# Create Log Groups and Logs +############################# + +module "loadbalancer-log-groups" { + source = "./modules/managementservices/log-group" + for_each = (var.loadbalancer_log_groups != null || var.loadbalancer_log_groups != {}) ? var.loadbalancer_log_groups : {} + + # Log Groups + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + + display_name = each.value.display_name + + #Optional + defined_tags = each.value.defined_tags + description = each.value.description + freeform_tags = each.value.freeform_tags +} + +/* +output "log_group_map" { + value = [ for k,v in merge(module.loadbalancer-log-groups.*...) : v.log_group_tf_id ] +} +*/ + +module "loadbalancer-logs" { + source = "./modules/managementservices/log" + for_each = (var.loadbalancer_logs != null || var.loadbalancer_logs != {}) ? var.loadbalancer_logs : {} + + # Logs + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + display_name = each.value.display_name + log_group_id = length(regexall("ocid1.loggroup.oc*", each.value.log_group_id)) > 0 ? each.value.log_group_id : merge(module.loadbalancer-log-groups.*...)[each.value.log_group_id]["log_group_tf_id"] + + log_type = each.value.log_type + #Required + source_category = each.value.category + source_resource = length(regexall("ocid1.*", each.value.resource)) > 0 ? each.value.resource : merge(module.load-balancers.*...)[each.value.resource]["load_balancer_tf_id"] + source_service = each.value.service + source_type = each.value.source_type + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + log_is_enabled = (each.value.is_enabled == "" || each.value.is_enabled == null) ? true : each.value.is_enabled + log_retention_duration = (each.value.retention_duration == "" || each.value.retention_duration == null) ? 30 : each.value.retention_duration + +} + +/* +output "logs_id" { + value = [ for k,v in merge(module.loadbalancer-logs.*...) : v.log_tf_id] +} +*/ + +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################################ +# Module Block - Reserved IPs for LBaaS +# Create Reserved IPs for LBaaS +# Allowed Values: +# Lifetime Values can be one of EPHEMERAL or RESERVED +############################################ + +module "lbr-reserved-ips" { + source = "./modules/ip/reserved-public-ip" + for_each = var.lbr_reserved_ips != null && var.lbr_reserved_ips != {} ? var.lbr_reserved_ips : {} + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + lifetime = each.value.lifetime + + #Optional + defined_tags = each.value.defined_tags + display_name = each.value.display_name + freeform_tags = each.value.freeform_tags + private_ip_id = each.value.private_ip_id + #private_ip_id = each.value.private_ip_id != null ? (length(regexall("ocid1.privateip.oc*", each.value.private_ip_id)) > 0 ? each.value.private_ip_id : (length(regexall("\\.", each.value.private_ip_id)) == 3 ? local.private_ip_id[0][each.value.private_ip_id] : merge(module.private-ips.*...)[each.value.private_ip_id].private_ip_tf_id)) : null + #public_ip_pool_id = each.value.public_ip_pool_id != null ? (length(regexall("ocid1.publicippool.oc*", each.value.public_ip_pool_id)) > 0 ? each.value.public_ip_pool_id : merge(module.public-ip-pools.*...)[each.value.public_ip_pool_id].public_ip_pool_tf_id) : null +} + +/* +resource "oci_load_balancer_load_balancer_routing_policy" "load_balancer_routing_policy" { + + #Required + condition_language_version = "V1" + load_balancer_id = "ocid1.loadbalancer.oc1.uk-london-1.aaaaaaaa26pp3ygxyycgrmi2f3wuwmgntltotctwvmi4kr6bcbvwo7t5j2va" + name = "RP01" + rules { + #Required + actions { + #Required + name = "FORWARD_TO_BACKENDSET" + + #Optional + backend_set_name = "bset01" + } + condition = "all(http.request.url.path eq (i 'test'), http.request.url.query[(i 'key01')] eq (i 'value01'), all(http.request.url.path eq (i 'testonly')))" + name = "rule01" + } + + rules { + actions { + backend_set_name = "bset01" + name = "FORWARD_TO_BACKENDSET" + } + condition = "any(http.request.url.path eq (i 'gh'))" + name = "rule02" + } +}*/ \ No newline at end of file diff --git a/examples/loadbalancer/networkloadbalancer.tf b/examples/loadbalancer/networkloadbalancer.tf new file mode 100644 index 0000000..dedd1ec --- /dev/null +++ b/examples/loadbalancer/networkloadbalancer.tf @@ -0,0 +1,125 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +####################################### +# Module Block - Network Load Balancer +# Create Network Load Balancer +####################################### + +data "oci_core_subnets" "oci_subnets_nlb" { + # depends_on = [module.subnets] # Uncomment to create Network and NLBs together + for_each = var.network_load_balancers != null ? var.network_load_balancers : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.subnet_id + vcn_id = data.oci_core_vcns.oci_vcns_nlb[each.key].virtual_networks.*.id[0] +} + +data "oci_core_vcns" "oci_vcns_nlb" { + # depends_on = [module.vcns] # Uncomment to create Network and NLBs together + for_each = var.network_load_balancers != null ? var.network_load_balancers : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.vcn_name +} + +module "network-load-balancers" { + # depends_on = [module.nsgs] # Uncomment to create NSG and NLBs together + source = "./modules/networkloadbalancer/nlb" + for_each = var.network_load_balancers != null ? var.network_load_balancers : {} + network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + display_name = each.value.display_name + subnet_id = each.value.subnet_id != "" ? (length(regexall("ocid1.subnet.oc*", each.value.subnet_id)) > 0 ? each.value.subnet_id : data.oci_core_subnets.oci_subnets_nlb[each.key].subnets.*.id[0]) : null + is_preserve_source_destination = each.value.is_preserve_source_destination + is_symmetric_hash_enabled = each.value.is_symmetric_hash_enabled + is_private = each.value.is_private + network_security_group_ids = each.value.nsg_ids + nlb_ip_version = each.value.nlb_ip_version + assigned_private_ipv4 = each.value.assigned_private_ipv4 + vcn_name = each.value.vcn_name + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + reserved_ips_id = each.value.reserved_ips_id != "" && lower(each.value.reserved_ips_id) != "n" ? (length(regexall("ocid1.publicip.oc*", each.value.reserved_ips_id)) > 0 ? [each.value.reserved_ips_id] : [merge(module.nlb-reserved-ips.*...)[join("-", [each.key, "reserved", "ip"])].reserved_ip_tf_id]) : [] +} + +module "nlb-listeners" { + source = "./modules/networkloadbalancer/nlb-listener" + for_each = var.nlb_listeners != null ? var.nlb_listeners : {} + name = each.value.name + default_backend_set_name = merge(module.nlb-backend-sets.*...)[each.value.default_backend_set_name].nlb_backend_set_tf_name + network_load_balancer_id = length(regexall("ocid1.networkloadbalancer.oc*", each.value.network_load_balancer_id)) > 0 ? each.value.network_load_balancer_id : merge(module.network-load-balancers.*...)[each.value.network_load_balancer_id]["network_load_balancer_tf_id"] + port = each.value.port + protocol = each.value.protocol + ip_version = each.value.ip_version +} + +module "nlb-backend-sets" { + source = "./modules/networkloadbalancer/nlb-backendset" + for_each = var.nlb_backend_sets != null ? var.nlb_backend_sets : {} + name = each.value.name + network_load_balancer_id = length(regexall("ocid1.networkloadbalancer.oc*", each.value.network_load_balancer_id)) > 0 ? each.value.network_load_balancer_id : merge(module.network-load-balancers.*...)[each.value.network_load_balancer_id]["network_load_balancer_tf_id"] + policy = each.value.policy + ip_version = each.value.ip_version + is_preserve_source = each.value.is_preserve_source + #healthcheck parameters + domain_name = each.value.domain_name + query_class = each.value.query_class + query_type = each.value.query_type + rcodes = each.value.rcodes + transport_protocol = each.value.transport_protocol + + protocol = each.value.protocol + interval_in_millis = each.value.interval_in_millis + port = each.value.port + request_data = each.value.request_data + response_body_regex = each.value.response_body_regex + response_data = each.value.response_data + retries = each.value.retries + return_code = each.value.return_code + timeout_in_millis = each.value.timeout_in_millis + url_path = each.value.url_path +} + +module "nlb-backends" { + source = "./modules/networkloadbalancer/nlb-backend" + # depends_on = [module.instances] # Uncomment to create Network and NLBs together + for_each = var.nlb_backends != null ? var.nlb_backends : {} + backend_set_name = merge(module.nlb-backend-sets.*...)[each.value.backend_set_name]["nlb_backend_set_tf_name"] + network_load_balancer_id = length(regexall("ocid1.loadbalancer.oc*", each.value.network_load_balancer_id)) > 0 ? each.value.network_load_balancer_id : merge(module.network-load-balancers.*...)[each.value.network_load_balancer_id]["network_load_balancer_tf_id"] + port = each.value.port + ip_address = each.value.ip_address + instance_compartment = each.value.instance_compartment != "" ? (length(regexall("ocid1.compartment.oc*", each.value.instance_compartment)) > 0 ? each.value.instance_compartment : var.compartment_ocids[each.value.instance_compartment]) : var.tenancy_ocid + #ip_address = each.value.ip_address != "" ? (length(regexall("IP:", each.value.ip_address)) > 0 ? split("IP:", each.value.ip_address)[1] : data.oci_core_instance.nlb_instance_ip[each.key].private_ip) : (length(regexall("NAME:", each.value.ip_address)) > 0 ? split("NAME:", each.value.ip_address)[1] : data.oci_core_instance.nlb_instance[each.key].private_ip) : null + + + is_drain = each.value.is_drain != "" ? each.value.is_drain : "false" + is_backup = each.value.is_backup != "" ? each.value.is_backup : "false" + is_offline = each.value.is_offline != "" ? each.value.is_offline : "false" + weight = each.value.weight != "" ? each.value.weight : "1" + + name = each.value.ip_address + target_id = each.value.ip_address + +} + +############################################ +# Module Block - Reserved IPs for NLBs +# Create Reserved IPs for NLBs +# Allowed Values: +# Lifetime Values can be one of EPHEMERAL or RESERVED +############################################ + +module "nlb-reserved-ips" { + source = "./modules/ip/reserved-public-ip" + for_each = var.nlb_reserved_ips != null && var.nlb_reserved_ips != {} ? var.nlb_reserved_ips : {} + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + lifetime = each.value.lifetime + + #Optional + defined_tags = each.value.defined_tags + display_name = each.value.display_name + freeform_tags = each.value.freeform_tags + #private_ip_id = each.value.private_ip_id != "" ? (length(regexall("ocid1.privateip.oc*", each.value.private_ip_id)) > 0 ? each.value.private_ip_id : (length(regexall("\\.", each.value.private_ip_id)) == 3 ? local.private_ip_id[0][each.value.private_ip_id] : merge(module.private-ips.*...)[each.value.private_ip_id].private_ip_tf_id)) : null + #public_ip_pool_id = each.value.public_ip_pool_id != "" ? (length(regexall("ocid1.publicippool.oc*", each.value.public_ip_pool_id)) > 0 ? each.value.public_ip_pool_id : merge(module.public-ip-pools.*...)[each.value.public_ip_pool_id].public_ip_pool_tf_id) : null +} + diff --git a/examples/loadbalancer/oci-data.tf b/examples/loadbalancer/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/loadbalancer/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/loadbalancer/provider.tf b/examples/loadbalancer/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/loadbalancer/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/loadbalancer/variables_example.tf b/examples/loadbalancer/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/loadbalancer/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/managementservices/backend.tf b/examples/managementservices/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/managementservices/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/managementservices/managementservices.tf b/examples/managementservices/managementservices.tf new file mode 100755 index 0000000..a7d0f1d --- /dev/null +++ b/examples/managementservices/managementservices.tf @@ -0,0 +1,140 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Module Block - ManagementServices +# Create Alarms +############################ + +module "alarms" { + source = "./modules/managementservices/alarm" + + depends_on = [module.notifications-topics] + for_each = var.alarms != null ? var.alarms : {} + + alarm_name = each.value.alarm_name + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + destinations = [for tn in each.value.destinations : (length(regexall("ocid1.onstopic.oc*", tn)) > 0 ? tn : merge(module.notifications-topics.*...)[tn]["topic_tf_id"])] + is_enabled = each.value.is_enabled + metric_compartment_id = each.value.metric_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.metric_compartment_id)) > 0 ? each.value.metric_compartment_id : var.compartment_ocids[each.value.metric_compartment_id]) : null + namespace = each.value.namespace + query = each.value.query + severity = each.value.severity + body = each.value.body + message_format = each.value.message_format + trigger_delay_minutes = each.value.trigger_delay_minutes + repeat_notification_duration = each.value.repeat_notification_duration + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags +} + +/* +output "alarms_id" { + value = [ for k,v in merge(module.alarms.*...) : v.alarm_tf_id] +} +*/ + +############################ +# Module Block - ManagementServices +# Create Events +############################ + +module "events" { + source = "./modules/managementservices/event" + depends_on = [module.notifications-topics] + for_each = var.events != null ? var.events : {} + + event_name = each.value.event_name + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + is_enabled = each.value.is_enabled + description = each.value.description + condition = each.value.condition + actions = var.events + key_name = each.key + topic_name = merge(module.notifications-topics.*...) + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags +} + +/* +output "events_id" { + value = [ for k,v in merge(module.events.*...) : v.event_tf_id] +} +*/ + +############################ +# Module Block - ManagementServices +# Create Notifications +############################ + +module "notifications-topics" { + source = "./modules/managementservices/notification-topic" + for_each = var.notifications_topics != null ? var.notifications_topics : {} + + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + description = each.value.description + topic_name = each.value.topic_name + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags +} + +module "notifications-subscriptions" { + source = "./modules/managementservices/notification-subscription" + for_each = var.notifications_subscriptions != null ? var.notifications_subscriptions : {} + + depends_on = [module.notifications-topics] + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + endpoint = each.value.endpoint + protocol = each.value.protocol + topic_id = length(regexall("ocid1.onstopic.oc*", each.value.topic_id)) > 0 ? each.value.topic_id : merge(module.notifications-topics.*...)[each.value.topic_id]["topic_tf_id"] + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags +} + +/* +output "notifications-topics" { + value = [ for k,v in merge(module.notifications-topics.*...) : v.topic_tf_id ] +} +*/ + +#################################### +## Module Block - Service Connector +## Create Service Connectors +#################################### + +module "service-connectors" { + source = "./modules/managementservices/service-connector" + + for_each = var.service_connectors + + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + logs_compartment_id = var.tenancy_ocid + source_monitoring_details = each.value.source_details.source_kind == "monitoring" ? { for k, v in each.value.source_details.source_monitoring_details : lookup(var.compartment_ocids, k, "not_found") => v } : {} + target_monitoring_details = each.value.target_details.target_kind == "monitoring" ? { for k, v in each.value.target_details.target_monitoring_details : lookup(var.compartment_ocids, k, "not_found") => v } : {} + log_group_names = each.value.source_details.source_kind == "logging" ? flatten([for key in each.value.source_details.source_log_group_names : join("&", tolist([lookup(var.compartment_ocids, split("&", key)[0], "null"), split("&", key)[1], split("&", key)[2]]))]) : [] + display_name = each.value.display_name + description = each.value.description + source_kind = each.value.source_details.source_kind + target_kind = each.value.target_details.target_kind + + stream_id = each.value.target_details.target_kind == "streaming" ? { for k, v in each.value.target_details.target_stream_name : lookup(var.compartment_ocids, k, "null") => v } : {} + source_stream_id = each.value.source_details.source_kind == "streaming" ? { for k, v in each.value.source_details.source_stream_name : lookup(var.compartment_ocids, k, "null") => v } : {} + bucket_name = each.value.target_details.target_kind == "objectStorage" ? each.value.target_details.target_bucket_name : "" + object_name_prefix = each.value.target_details.target_kind == "objectStorage" ? each.value.target_details.target_object_name_prefix : "" + + topic_id = each.value.target_details.target_kind == "notifications" ? { for k, v in each.value.target_details.target_topic_name : lookup(var.compartment_ocids, k, "null") => v } : {} + enable_formatted_messaging = each.value.target_details.target_kind == "notifications" ? each.value.target_details.enable_formatted_messaging : false + destination_log_group_id = each.value.target_details.target_kind == "loggingAnalytics" ? { for k, v in each.value.target_details.target_log_group_name : lookup(var.compartment_ocids, k, "null") => v } : {} + target_log_source_identifier = each.value.source_details.source_kind == "streaming" && each.value.target_details.target_kind == "loggingAnalytics" ? each.value.target_details.target_log_source_identifier : "" + + function_details = each.value.target_details.target_kind == "functions" ? flatten([for key in each.value.target_details.target_function_details : join("@", tolist([lookup(var.compartment_ocids, split("@", key)[0], "null"), split("@", key)[1], split("@", key)[2]]))]) : [] + #Optional + defined_tags = try(each.value["defined_tags"], {}) + freeform_tags = try(each.value["freeform_tags"], {}) +} \ No newline at end of file diff --git a/examples/managementservices/oci-data.tf b/examples/managementservices/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/managementservices/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/managementservices/provider.tf b/examples/managementservices/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/managementservices/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/managementservices/variables_example.tf b/examples/managementservices/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/managementservices/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/network/backend.tf b/examples/network/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/network/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/network/network.tf b/examples/network/network.tf new file mode 100644 index 0000000..c1ba6e2 --- /dev/null +++ b/examples/network/network.tf @@ -0,0 +1,682 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +# Data Block - Network +# DRG Route Rules and DRG Route Distributions +################################ + +locals { + all_route_tables = merge(var.route_tables,var.default_route_tables) + all_seclists = merge(var.seclists,var.default_seclists) +} + + +data "oci_core_drg_route_tables" "drg_route_tables" { + for_each = (var.data_drg_route_tables != null || var.data_drg_route_tables != {}) ? var.data_drg_route_tables : {} + + #Required + drg_id = length(regexall("ocid1.drg.oc*", each.value.drg_id)) > 0 ? each.value.drg_id : merge(module.drgs.*...)[each.value.drg_id]["drg_tf_id"] + filter { + name = "display_name" + values = [each.value.values] + } + +} + + +data "oci_core_drg_route_distributions" "drg_route_distributions" { + for_each = (var.data_drg_route_table_distributions != null || var.data_drg_route_table_distributions != {}) ? var.data_drg_route_table_distributions : {} + + #Required + drg_id = length(regexall("ocid1.drg.oc*", each.value.drg_id)) > 0 ? each.value.drg_id : merge(module.drgs.*...)[each.value.drg_id]["drg_tf_id"] + filter { + name = "display_name" + values = [each.value.values] + } + +} + +############################ +# Module Block - Network +# Create VCNs +############################ + +module "vcns" { + source = "./modules/network/vcn" + for_each = var.vcns != null ? var.vcns : {} + + #Required + #compartment_id = length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : try(zipmap(data.oci_identity_compartments.compartments.compartments.*.name, data.oci_identity_compartments.compartments.compartments.*.id)[each.value.compartment_id], var.compartment_ocids[each.value.compartment_id]) + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + + #Optional + cidr_blocks = each.value.cidr_blocks + display_name = each.value.display_name + byoipv6cidr_details = each.value.byoipv6cidr_details != null ? each.value.byoipv6cidr_details : [] + dns_label = (each.value.dns_label == "n") ? null : each.value.dns_label + is_ipv6enabled = each.value.is_ipv6enabled # Defaults to false by terraform hashicorp + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + ipv6private_cidr_blocks = each.value.ipv6private_cidr_blocks + is_oracle_gua_allocation_enabled = each.value.is_oracle_gua_allocation_enabled + +} + +/* +output "vcn_id_map" { + value = [ for k,v in merge(module.vcns.*...) : v.vcn_id ] +} +*/ + +############################ +# Module Block - Network +# Create Internet Gateways +############################ + +module "igws" { + source = "./modules/network/igw" + for_each = (var.igws != null || var.igws != {}) ? var.igws : {} + + depends_on = [module.vcns] #,module.route-tables] + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + vcn_id = length(regexall("ocid1.vcn.oc*", each.value.vcn_id)) > 0 ? each.value.vcn_id : merge(module.vcns.*...)[each.value.vcn_id]["vcn_tf_id"] + + #Optional + enabled = each.value.enable_igw # Defaults to true by terraform hashicorp + defined_tags = each.value.defined_tags + display_name = each.value.igw_name != null ? each.value.igw_name : null + freeform_tags = each.value.freeform_tags + route_table_id = (each.value.route_table_id != "" && each.value.route_table_id != null) ? (length(regexall("ocid1.routetable.oc*", each.value.route_table_id)) > 0 ? each.value.route_table_id : merge(module.gateway-route-tables.*...)[each.value.route_table_id]["route_table_ids"]) : null + +} + +/* +output "igw_id_map" { + value = [ for k,v in merge(module.igws.*...) : v.igw_id ] +} +*/ + +############################ +# Module Block - Network +# Create NAT Gateways +############################ + +module "ngws" { + source = "./modules/network/ngw" + for_each = (var.ngws != null || var.ngws != {}) ? var.ngws : {} + + depends_on = [module.vcns] + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + vcn_id = length(regexall("ocid1.vcn.oc*", each.value.vcn_id)) > 0 ? each.value.vcn_id : merge(module.vcns.*...)[each.value.vcn_id]["vcn_tf_id"] + + #Optional + block_traffic = each.value.block_traffic # Defaults to false by terraform hashicorp + public_ip_id = each.value.public_ip_id + route_table_id = (each.value.route_table_id != "" && each.value.route_table_id != null) ? (length(regexall("ocid1.routetable.oc*", each.value.route_table_id)) > 0 ? each.value.route_table_id : merge(module.gateway-route-tables.*...)[each.value.route_table_id]["route_table_ids"]) : null + + defined_tags = each.value.defined_tags + display_name = each.value.ngw_name + freeform_tags = each.value.freeform_tags +} + +/* +output "ngw_id_map" { + value = [ for k,v in merge(module.ngws.*...) : v.ngw_id ] +} +*/ + +############################ +# Module Block - Network +# Create Service Gateways +############################ + +module "sgws" { + source = "./modules/network/sgw" + for_each = (var.sgws != null || var.sgws != {}) ? var.sgws : {} + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + vcn_id = length(regexall("ocid1.vcn.oc*", each.value.vcn_id)) > 0 ? each.value.vcn_id : merge(module.vcns.*...)[each.value.vcn_id]["vcn_tf_id"] + + #Optional + defined_tags = each.value.defined_tags + display_name = each.value.sgw_name != null ? each.value.sgw_name : null + freeform_tags = each.value.freeform_tags + service = each.value.service != "" ? (contains(split("-", each.value.service), "all") == true ? "all" : "objectstorage") : "all" + route_table_id = (each.value.route_table_id != "" && each.value.route_table_id != null) ? (length(regexall("ocid1.routetable.oc*", each.value.route_table_id)) > 0 ? each.value.route_table_id : merge(module.gateway-route-tables.*...)[each.value.route_table_id]["route_table_ids"]) : null +} + +/* +output "sgw_id_map" { + value = [ for k,v in merge(module.sgws.*...) : v.sgw_id ] +} +*/ + + +############################ +# Module Block - Networking +# Create Local Peering Gateways +############################ + +module "hub-lpgs" { + source = "./modules/network/lpg" + for_each = (var.lpgs.hub-lpgs != null || var.lpgs.hub-lpgs != {}) ? var.lpgs.hub-lpgs : {} + + depends_on = [module.vcns, module.spoke-lpgs, module.none-lpgs, module.exported-lpgs, module.peer-lpgs] + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + vcn_id = length(regexall("ocid1.vcn.oc*", each.value.vcn_id)) > 0 ? each.value.vcn_id : merge(module.vcns.*...)[each.value.vcn_id]["vcn_tf_id"] + + #Optional + peer_id = each.value.peer_id != "" ? (length(regexall("##peer_id*", each.value.peer_id)) > 0 ? null : try(merge(module.spoke-lpgs.*...)[each.value.peer_id]["lpg_tf_id"], merge(module.exported-lpgs.*...)[each.value.peer_id]["lpg_tf_id"], merge(module.peer-lpgs.*...)[each.value.peer_id]["lpg_tf_id"], merge(module.none-lpgs.*...)[each.value.peer_id]["lpg_tf_id"])) : null + #route_table_id = (each.value.route_table_id != "" && each.value.route_table_id != null) ? (length(regexall("ocid1.routetable.oc*", each.value.route_table_id)) > 0 ? each.value.route_table_id : merge(module.route-tables.*...)[each.value.route_table_id]["route_table_ids"]) : null + defined_tags = each.value.defined_tags + display_name = each.value.lpg_name != null ? each.value.lpg_name : null + freeform_tags = each.value.freeform_tags +} + +module "spoke-lpgs" { + source = "./modules/network/lpg" + for_each = (var.lpgs.spoke-lpgs != null || var.lpgs.spoke-lpgs != {}) ? var.lpgs.spoke-lpgs : {} + + depends_on = [module.vcns] + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + vcn_id = length(regexall("ocid1.vcn.oc*", each.value.vcn_id)) > 0 ? each.value.vcn_id : merge(module.vcns.*...)[each.value.vcn_id]["vcn_tf_id"] + + #Optional + peer_id = (each.value.peer_id != "" && each.value.peer_id != null) ? (length(regexall("##peer_id*", each.value.peer_id)) > 0 ? null : each.value.peer_id) : null + #route_table_id = (each.value.route_table_id != "" && each.value.route_table_id != null) ? (length(regexall("ocid1.routetable.oc*", each.value.route_table_id)) > 0 ? each.value.route_table_id : merge(module.route-tables.*...)[each.value.route_table_id]["route_table_ids"]) : null + defined_tags = each.value.defined_tags + display_name = each.value.lpg_name != null ? each.value.lpg_name : null + freeform_tags = each.value.freeform_tags +} + +module "peer-lpgs" { + source = "./modules/network/lpg" + for_each = (var.lpgs.peer-lpgs != null || var.lpgs.peer-lpgs != {}) ? var.lpgs.peer-lpgs : {} + + depends_on = [module.vcns, module.none-lpgs] + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + vcn_id = length(regexall("ocid1.vcn.oc*", each.value.vcn_id)) > 0 ? each.value.vcn_id : merge(module.vcns.*...)[each.value.vcn_id]["vcn_tf_id"] + + #Optional + peer_id = each.value.peer_id != "" ? (length(regexall("##peer_id*", each.value.peer_id)) > 0 ? null : try(merge(module.spoke-lpgs.*...)[each.value.peer_id]["lpg_tf_id"], merge(module.exported-lpgs.*...)[each.value.peer_id]["lpg_tf_id"], merge(module.none-lpgs.*...)[each.value.peer_id]["lpg_tf_id"])) : null + #route_table_id = (each.value.route_table_id != "" && each.value.route_table_id != null) ? (length(regexall("ocid1.routetable.oc*", each.value.route_table_id)) > 0 ? each.value.route_table_id : merge(module.route-tables.*...)[each.value.route_table_id]["route_table_ids"]) : null + defined_tags = each.value.defined_tags + display_name = each.value.lpg_name != null ? each.value.lpg_name : null + freeform_tags = each.value.freeform_tags +} + +module "none-lpgs" { + source = "./modules/network/lpg" + for_each = (var.lpgs.none-lpgs != null || var.lpgs.none-lpgs != {}) ? var.lpgs.none-lpgs : {} + + depends_on = [module.vcns] + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + vcn_id = length(regexall("ocid1.vcn.oc*", each.value.vcn_id)) > 0 ? each.value.vcn_id : merge(module.vcns.*...)[each.value.vcn_id]["vcn_tf_id"] + + #Optional + peer_id = (each.value.peer_id != "" && each.value.peer_id != null) ? (length(regexall("##peer_id*", each.value.peer_id)) > 0 ? null : each.value.peer_id) : null + #route_table_id = (each.value.route_table_id != "" && each.value.route_table_id != null) ? (length(regexall("ocid1.routetable.oc*", each.value.route_table_id)) > 0 ? each.value.route_table_id : merge(module.route-tables.*...)[each.value.route_table_id]["route_table_ids"]) : null + defined_tags = each.value.defined_tags + display_name = each.value.lpg_name != null ? each.value.lpg_name : null + freeform_tags = each.value.freeform_tags +} + +module "exported-lpgs" { + source = "./modules/network/lpg" + for_each = (var.lpgs.exported-lpgs != null || var.lpgs.exported-lpgs != {}) ? var.lpgs.exported-lpgs : {} + + depends_on = [module.vcns] + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + vcn_id = length(regexall("ocid1.vcn.oc*", each.value.vcn_id)) > 0 ? each.value.vcn_id : merge(module.vcns.*...)[each.value.vcn_id]["vcn_tf_id"] + + #Optional + peer_id = (each.value.peer_id != "" && each.value.peer_id != null) ? (length(regexall("##peer_id*", each.value.peer_id)) > 0 ? null : each.value.peer_id) : null + #route_table_id = (each.value.route_table_id != "" && each.value.route_table_id != null) ? (length(regexall("ocid1.routetable.oc*", each.value.route_table_id)) > 0 ? each.value.route_table_id : merge(module.route-tables.*...)[each.value.route_table_id]["route_table_ids"]) : null + defined_tags = each.value.defined_tags + display_name = each.value.lpg_name != null ? each.value.lpg_name : null + freeform_tags = each.value.freeform_tags +} + +/* +output "hub_lpg_id_map" { + value = [ for k,v in merge(module.hub-lpgs.*...) : v.lpg_id ] +} + +output "spoke_lpg_id_map" { + value = [ for k,v in merge(module.spoke-lpgs.*...) : v.lpg_id ] +} + +output "peer_lpg_id_map" { + value = [ for k,v in merge(module.peer-lpgs.*...) : v.lpg_id ] +} + +output "none_lpg_id_map" { + value = [ for k,v in merge(module.none-lpgs.*...) : v.lpg_id ] +} + +output "exported_lpg_id_map" { + value = [ for k,v in merge(module.exported-lpgs.*...) : v.lpg_id ] +} +*/ + +############################ +# Module Block - Network +# Create Dynamic Routing Gateways +############################ + +module "drgs" { + #Required + source = "./modules/network/drg" + for_each = (var.drgs != null || var.drgs != {}) ? var.drgs : {} + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + + #Optional + defined_tags = each.value.defined_tags + display_name = each.value.display_name + freeform_tags = each.value.freeform_tags +} + + +module "drg-attachments" { + #Required + source = "./modules/network/drg-attachment" + for_each = (var.drg_attachments != null || var.drg_attachments != {}) ? var.drg_attachments : {} + + drg_display_name = each.value.display_name + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + drg_id = length(regexall("ocid1.drg.oc*", each.value.drg_id)) > 0 ? each.value.drg_id : ((each.value.drg_id != "" && each.value.drg_id != null) ? merge(module.drgs.*...)[each.value.drg_id]["drg_tf_id"] : each.value.drg_id) + drg_route_table_id = length(regexall("ocid1.drgroutetable.oc*", each.value.drg_route_table_id)) > 0 ? each.value.drg_route_table_id : ((each.value.drg_route_table_id != "" && each.value.drg_route_table_id != null) ? merge(module.drg-route-tables.*...)[each.value.drg_route_table_id]["drg_route_table_tf_id"] : null) + vcns_tf_id = merge(module.vcns.*...) + route_table_tf_id = merge(module.route-tables.*...) + #default_route_table_tf_id = merge(module.default-route-tables.*...) + drg_attachments = var.drg_attachments + key_name = each.key +} + + +/* +output "drg_id_map" { + value = [ for k,v in merge(module.drg.*...) : v.drg_id ] +} + +output "drg_attachments_map" { + value = [ for k,v in merge(module.drg-attachments.*...) : v.drg_attachments_map ] +} +*/ + +############################ +# Module Block - Network +# Create Default DHCP +############################ + +module "default-dhcps" { + #Required + source = "./modules/network/default-dhcp" + for_each = (var.default_dhcps != null || var.default_dhcps != {}) ? var.default_dhcps : {} + + #Required + manage_default_resource_id = length(regexall("ocid1.dhcpoptions.oc*", each.value.manage_default_resource_id)) > 0 ? each.value.manage_default_resource_id : merge(module.vcns.*...)[each.value.manage_default_resource_id]["vcn_default_dhcp_id"] + server_type = each.value.server_type + custom_dns_servers = each.value.custom_dns_servers + search_domain_names = each.value.search_domain != null ? each.value.search_domain.names : [] + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags +} + +/* +output "default_dhcp_id" { + value = [ for k,v in merge(module.default-dhcps.*...) : v.default_dhcp_id ] +} +*/ + +############################ +# Module Block - Network +# Create Custom DHCP Options +############################ + +module "custom-dhcps" { + #Required + source = "./modules/network/custom-dhcp" + for_each = (var.custom_dhcps != null || var.custom_dhcps != {}) ? var.custom_dhcps : {} + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + vcn_id = length(regexall("ocid1.vcn.oc*", each.value.vcn_id)) > 0 ? each.value.vcn_id : merge(module.vcns.*...)[each.value.vcn_id]["vcn_tf_id"] + + server_type = each.value.server_type + custom_dns_servers = each.value.custom_dns_servers != null ? each.value.custom_dns_servers : [] + search_domain_names = each.value.search_domain + + #Optional + defined_tags = each.value.defined_tags + display_name = each.value.display_name + domain_name_type = each.value.domain_name_type + freeform_tags = each.value.freeform_tags +} + +/* +output "dhcp_options_id" { + value = [ for k,v in merge(module.custom-dhcps.*...) : v.custom_dhcp_id ] +} +*/ + +############################ +# Module Block - Network +# Create Default Security Lists +############################ + +/* +output "default_seclist_id_map" { + value = [ for k,v in merge(module.default-security-lists.*...) : v.default_seclist_id ] +} +*/ + +############################ +# Module Block - Network +# Create Custom Security Lists +############################ + +module "security-lists" { + source = "./modules/network/sec-list" + for_each = (local.all_seclists != null || local.all_seclists != {}) ? local.all_seclists : {} + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + + vcn_id = length(regexall("ocid1.vcn.oc*", each.value.vcn_id)) > 0 ? each.value.vcn_id : merge(module.vcns.*...)[each.value.vcn_id]["vcn_tf_id"] + manage_default_resource_id = merge(module.vcns.*...)[each.value.vcn_id]["vcn_default_security_list_id"] + default_seclist = var.default_seclists != {} ? contains(keys(var.default_seclists), each.key) ? true : false : false + + key_name = each.key + defined_tags = each.value.defined_tags + display_name = each.value.display_name != null ? each.value.display_name : null + freeform_tags = each.value.freeform_tags + seclist_details = local.all_seclists +} + +/* +output "seclist_id_map" { + value = [ for k,v in merge(module.security-lists.*...) : v.seclist_id ] +} +*/ + +############################ +# Module Block - Network +# Create Custom Route Tables +############################ + +module "route-tables" { + source = "./modules/network/route-table" + for_each = {for k,v in local.all_route_tables : k => v if ! v.gateway_route_table} + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + vcn_id = length(regexall("ocid1.vcn.oc*", each.value.vcn_id)) > 0 ? each.value.vcn_id : merge(module.vcns.*...)[each.value.vcn_id]["vcn_tf_id"] + + default_route_table = var.default_route_tables != {} ? contains(keys(var.default_route_tables), each.key) ? true : false : false + manage_default_resource_id = merge(module.vcns.*...)[each.value.vcn_id]["vcn_default_route_table_id"] + + #Optional + defined_tags = each.value.defined_tags + display_name = each.value.display_name != null ? each.value.display_name : null + freeform_tags = each.value.freeform_tags + key_name = each.key + igw_id = merge(module.igws.*...) + ngw_id = merge(module.ngws.*...) + sgw_id = merge(module.sgws.*...) + drg_id = merge(module.drgs.*...) + hub_lpg_id = merge(module.hub-lpgs.*...) + spoke_lpg_id = merge(module.spoke-lpgs.*...) + peer_lpg_id = merge(module.peer-lpgs.*...) + none_lpg_id = merge(module.none-lpgs.*...) + exported_lpg_id = merge(module.exported-lpgs.*...) + rt_details = local.all_route_tables +} + + +module "gateway-route-tables" { + source = "./modules/network/route-table" + for_each = {for k,v in local.all_route_tables : k => v if v.gateway_route_table } + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + vcn_id = length(regexall("ocid1.vcn.oc*", each.value.vcn_id)) > 0 ? each.value.vcn_id : merge(module.vcns.*...)[each.value.vcn_id]["vcn_tf_id"] + + default_route_table = var.default_route_tables != {} ? contains(keys(var.default_route_tables), each.key) ? true : false : false + manage_default_resource_id = merge(module.vcns.*...)[each.value.vcn_id]["vcn_default_route_table_id"] + #Optional + defined_tags = each.value.defined_tags + display_name = each.value.display_name != null ? each.value.display_name : null + freeform_tags = each.value.freeform_tags + key_name = each.key + drg_id = merge(module.drgs.*...) + rt_details = local.all_route_tables + gateway_route_table = each.value.gateway_route_table +} + +/* +output "route_id_map" { + value = [ for k,v in merge(module.route-tables.*...) : v.route_id ] +} +*/ + + +############################ +# Module Block - Network +# Create DRG Route Tables +############################ + +module "drg-route-tables" { + source = "./modules/network/drg-route-table" + for_each = (var.drg_route_tables != null || var.drg_route_tables != {}) ? var.drg_route_tables : {} + + #Required + drg_id = each.value.drg_id != null && each.value.drg_id != "" ? (length(regexall("ocid1.drg.oc*", each.value.drg_id)) > 0 ? each.value.drg_id : merge(module.drgs.*...)[each.value.drg_id]["drg_tf_id"]) : null + + #Optional + defined_tags = each.value.defined_tags == {} ? null : each.value.defined_tags + freeform_tags = each.value.freeform_tags == {} ? null : each.value.freeform_tags + display_name = each.value.display_name != null ? each.value.display_name : null + import_drg_route_distribution_id = each.value.import_drg_route_distribution_id != null && each.value.import_drg_route_distribution_id != "" ? (length(regexall("ocid1.drgroutedistribution.oc*", each.value.import_drg_route_distribution_id)) > 0 ? each.value.import_drg_route_distribution_id : (length(regexall(".Autogenerated-Import-Route-Distribution-for*", each.value.import_drg_route_distribution_id)) > 0 ? data.oci_core_drg_route_distributions.drg_route_distributions[each.value.import_drg_route_distribution_id].drg_route_distributions[0].id : merge(module.drg-route-distributions.*...)[each.value.import_drg_route_distribution_id]["drg_route_distribution_tf_id"])) : null + is_ecmp_enabled = each.value.is_ecmp_enabled != null ? each.value.is_ecmp_enabled : null +} + +/* +output "drg_route_id_map" { + value = [ for k,v in merge(module.drg-route-tables.*...) : v.drg_route_tf_id ] +} +*/ + +################################ +# Module Block - Network +# Create DRG Route Rules +################################ + +module "drg-route-rules" { + source = "./modules/network/drg-route-rule" + depends_on = [module.drg-attachments, module.drg-route-tables] + + for_each = (var.drg_route_rules != null || var.drg_route_rules != {}) ? var.drg_route_rules : {} + + #Required + drg_route_table_id = length(regexall("ocid1.drgroutetable.oc*", each.value.drg_route_table_id)) > 0 ? each.value.drg_route_table_id : ((each.value.drg_route_table_id != "" && each.value.drg_route_table_id != null) ? (length(regexall(".Autogenerated-Drg-Route-Table-for*", each.value.drg_route_table_id)) > 0 ? data.oci_core_drg_route_tables.drg_route_tables[each.value.drg_route_table_id].drg_route_tables[0].id : merge(module.drg-route-tables.*...)[each.value.drg_route_table_id]["drg_route_table_tf_id"]) : null) + destination = each.value.destination + destination_type = each.value.destination_type + next_hop_drg_attachment_id = length(regexall("ocid1.drgattachment.oc*", each.value.next_hop_drg_attachment_id)) > 0 ? each.value.next_hop_drg_attachment_id : (each.value.next_hop_drg_attachment_id != "" && each.value.next_hop_drg_attachment_id != null ? merge(module.drg-attachments.*...)[each.value.next_hop_drg_attachment_id]["drg_attachment_tf_id"] : null) + + +} + +/* +output "drg_route_rules_id_map" { + value = [ for k,v in merge(module.drg-route-rules.*...) : v.drg_route_rule_tf_id ] +} +*/ + + +################################ +# Module Block - Network +# Create DRG Route Distributions +################################ + +module "drg-route-distributions" { + source = "./modules/network/drg-route-distribution" + for_each = (var.drg_route_distributions != null || var.drg_route_distributions != {}) ? var.drg_route_distributions : {} + + #Required + distribution_type = each.value.distribution_type + drg_id = each.value.drg_id != null && each.value.drg_id != "" ? (length(regexall("ocid1.drg.oc*", each.value.drg_id)) > 0 ? each.value.drg_id : merge(module.drgs.*...)[each.value.drg_id]["drg_tf_id"]) : null + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + display_name = each.value.display_name +} + +/* +output "drg_route_distributions_id_map" { + value = [ for k,v in merge(module.drg-route-distributions.*...) : v.drg_route_distribution_tf_id ] +} +*/ + +########################################### +# Module Block - Network +# Create DRG Route Distribution Statements +########################################### + +module "drg-route-distribution-statements" { + source = "./modules/network/drg-route-distribution-statement" + for_each = (var.drg_route_distribution_statements != null || var.drg_route_distribution_statements != {}) ? var.drg_route_distribution_statements : {} + + #Required + key_name = each.key + drg_route_distribution_id = each.value.drg_route_distribution_id != null && each.value.drg_route_distribution_id != "" ? (length(regexall("ocid1.drgroutedistribution.oc*", each.value.drg_route_distribution_id)) > 0 ? each.value.drg_route_distribution_id : (length(regexall(".Autogenerated-Import-Route-Distribution-for*", each.value.drg_route_distribution_id)) > 0 ? data.oci_core_drg_route_distributions.drg_route_distributions[each.value.drg_route_distribution_id].drg_route_distributions[0].id : merge(module.drg-route-distributions.*...)[each.value.drg_route_distribution_id]["drg_route_distribution_tf_id"])) : null + priority = each.value.priority + action = each.value.action + drg_attachment_ids = merge(module.drg-attachments.*...) + drg_route_distribution_statements = var.drg_route_distribution_statements +} + +/* +output "drg_route_distribution_statements_id_map" { + value = [ for k,v in merge(module.drg-route-distribution-statements.*...) : v.drg_route_distribution_statement_tf_id ] +} +*/ + +############################# +# Module Block - Network +# Create Subnets +############################# + +module "subnets" { + source = "./modules/network/subnet" + for_each = (var.subnets != null || var.subnets != {}) ? var.subnets : {} + + depends_on = [module.vcns, module.security-lists] + + #Required + tenancy_ocid = var.tenancy_ocid + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + vcn_id = length(regexall("ocid1.vcn.oc*", each.value.vcn_id)) > 0 ? each.value.vcn_id : merge(module.vcns.*...)[each.value.vcn_id]["vcn_tf_id"] + cidr_block = each.value.cidr_block + + #Optional + dns_label = each.value.dns_label + ipv6cidr_block = each.value.ipv6cidr_block + defined_tags = each.value.defined_tags + display_name = each.value.display_name + freeform_tags = each.value.freeform_tags + prohibit_internet_ingress = each.value.prohibit_internet_ingress + prohibit_public_ip_on_vnic = each.value.prohibit_public_ip_on_vnic + availability_domain = each.value.availability_domain != "" && each.value.availability_domain != null ? data.oci_identity_availability_domains.availability_domains.availability_domains[each.value.availability_domain].name : "" + dhcp_options_id = each.value.dhcp_options_id == null || each.value.dhcp_options_id == "" ? merge(module.vcns.*...)[each.value.vcn_id]["vcn_default_dhcp_id"] : (length(regexall("ocid1.dhcpoptions.oc*", each.value.dhcp_options_id)) > 0 ? each.value.dhcp_options_id : merge(module.custom-dhcps.*...)[each.value.dhcp_options_id]["custom_dhcp_tf_id"]) + #route_table_id = each.value.route_table_id == null || each.value.route_table_id == "" ? merge(module.vcns.*...)[each.value.vcn_id]["vcn_default_route_table_id"] : (length(regexall("ocid1.routetable.oc*", each.value.route_table_id)) > 0 ? each.value.route_table_id : contains(keys(merge(module.gateway-route-tables.*...)), each.value.route_table_id) ? merge(module.gateway-route-tables.*...)[each.value.route_table_id] ["route_table_ids"] : merge(module.route-tables.*...)[each.value.route_table_id]["route_table_ids"]) + route_table_id = each.value.route_table_id == null || each.value.route_table_id == "" ? merge(module.vcns.*...)[each.value.vcn_id]["vcn_default_route_table_id"] : (length(regexall("ocid1.routetable.oc*", each.value.route_table_id)) > 0 ? each.value.route_table_id : merge(merge(module.gateway-route-tables.*...),merge(module.route-tables.*...))[each.value.route_table_id]["route_table_ids"]) + + + security_list_ids = length(each.value.security_list_ids) == 0 ? [merge(module.vcns.*...)[each.value.vcn_id]["vcn_default_security_list_id"]] : each.value.security_list_ids + vcn_default_security_list_id = merge(module.vcns.*...)[each.value.vcn_id]["vcn_default_security_list_id"] + custom_security_list_id = merge(module.security-lists.*...) +} + +/* +output "subnet_id_map" { + value = [ for k,v in merge(module.subnets.*...) : v.subnet_id ] +} +*/ + +############################# +# Module Block - Network Logging +# Create VCN Log Groups and Logs +############################# + +module "vcn-log-groups" { + source = "./modules/managementservices/log-group" + for_each = (var.vcn_log_groups != null || var.vcn_log_groups != {}) ? var.vcn_log_groups : {} + + # Log Groups + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + + display_name = each.value.display_name + + #Optional + defined_tags = each.value.defined_tags + description = each.value.description + freeform_tags = each.value.freeform_tags +} + +/* +output "vcn_log_group_map" { + value = [ for k,v in merge(module.vcn-log-groups.*...) : v.log_group_tf_id ] +} +*/ + +module "vcn-logs" { + source = "./modules/managementservices/log" + for_each = (var.vcn_logs != null || var.vcn_logs != {}) ? var.vcn_logs : {} + + # Logs + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + display_name = each.value.display_name + log_group_id = length(regexall("ocid1.loggroup.oc*", each.value.log_group_id)) > 0 ? each.value.log_group_id : merge(module.vcn-log-groups.*...)[each.value.log_group_id]["log_group_tf_id"] + + log_type = each.value.log_type + #Required + source_category = each.value.category + source_resource = length(regexall("ocid1.*", each.value.resource)) > 0 ? each.value.resource : merge(module.subnets.*...)[each.value.resource]["subnet_tf_id"] + source_service = each.value.service + source_type = each.value.source_type + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + log_is_enabled = (each.value.is_enabled == "" || each.value.is_enabled == null) ? true : each.value.is_enabled + log_retention_duration = (each.value.retention_duration == "" || each.value.retention_duration == null) ? 30 : each.value.retention_duration + +} + +/* +output "vcn_logs_id" { + value = [ for k,v in merge(module.vcn-logs.*...) : v.log_tf_id] +} +*/ \ No newline at end of file diff --git a/examples/network/oci-data.tf b/examples/network/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/network/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/network/provider.tf b/examples/network/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/network/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/network/variables_example.tf b/examples/network/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/network/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/nsg/backend.tf b/examples/nsg/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/nsg/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/nsg/nsg.tf b/examples/nsg/nsg.tf new file mode 100644 index 0000000..41bf93c --- /dev/null +++ b/examples/nsg/nsg.tf @@ -0,0 +1,52 @@ +############################# +# Module Block - Network +# Create Network Security Groups +############################# + +data "oci_core_vcns" "oci_vcns_nsgs" { + # depends_on = [module.vcns] # Uncomment to create Network and NSGs together + for_each = var.nsgs != null ? var.nsgs : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null + display_name = each.value.vcn_name +} + + + +module "nsgs" { + source = "./modules/network/nsg" + for_each = (var.nsgs != null || var.nsgs != {}) ? var.nsgs : {} + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + vcn_id = flatten(data.oci_core_vcns.oci_vcns_nsgs[each.key].virtual_networks.*.id)[0] + defined_tags = each.value.defined_tags + display_name = each.value.display_name + freeform_tags = each.value.freeform_tags +} + +/* +output "nsg_id_map" { + value = [ for k,v in merge(module.nsgs.*...) : v.nsg_tf_id ] +} +*/ + +module "nsg-rules" { + source = "./modules/network/nsg-rule" + for_each = (var.nsg_rules != null || var.nsg_rules != {}) ? var.nsg_rules : {} + depends_on = [module.nsgs] + + #Required + nsg_id = length(regexall("ocid1.networksecuritygroup.oc*", each.value.nsg_id)) > 0 ? each.value.nsg_id : merge(module.nsgs.*...)[each.value.nsg_id]["nsg_tf_id"] + direction = (each.value.direction == "" && each.value.direction == null) ? "INGRESS" : each.value.direction + protocol = each.value.protocol + + #Optional + description = each.value.description + destination_addr = (each.value.destination_type == "NETWORK_SECURITY_GROUP") ? merge(module.nsgs.*...)[each.value.destination]["nsg_tf_id"] : each.value.destination + destination_type = each.value.destination_type + source_addr = each.value.source_type == "NETWORK_SECURITY_GROUP" ? merge(module.nsgs.*...)[each.value.source]["nsg_tf_id"] : each.value.source + source_type = each.value.source_type + stateless = (each.value.stateless != "" && each.value.stateless != null) ? each.value.stateless : false + key_name = each.key + nsg_rules_details = var.nsg_rules +} diff --git a/examples/nsg/oci-data.tf b/examples/nsg/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/nsg/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/nsg/provider.tf b/examples/nsg/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/nsg/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/nsg/variables_example.tf b/examples/nsg/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/nsg/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/ocvs/backend.tf b/examples/ocvs/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/ocvs/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/ocvs/oci-data.tf b/examples/ocvs/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/ocvs/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/ocvs/provider.tf b/examples/ocvs/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/ocvs/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/ocvs/sddc.tf b/examples/ocvs/sddc.tf new file mode 100755 index 0000000..c052d46 --- /dev/null +++ b/examples/ocvs/sddc.tf @@ -0,0 +1,240 @@ +############################################ +# Module Block SDDC +# Create SDDC +############################################ + +locals { + vlan_ids = ["nsx_edge_uplink1vlan_id", "nsx_edge_uplink2vlan_id", "nsx_edge_vtep_vlan_id", "nsx_vtep_vlan_id", "vmotion_vlan_id", "vsan_vlan_id", "vsphere_vlan_id", "replication_vlan_id", "provisioning_vlan_id", "hcx_vlan_id"] + vlan_config = flatten([for index in local.vlan_ids : [ + for key, val in var.sddcs : { + #(index) = lookup(val, index, 0) + compartment_id = val.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", val.network_compartment_id)) > 0 ? val.network_compartment_id : var.compartment_ocids[val.network_compartment_id]) : null + display_name = lookup(val, index, 0) + vcn_id = data.oci_core_vcns.oci_vcns_sddc[key].virtual_networks.*.id[0] + } + ]]) + + ds_vols = flatten([ for key, val in var.sddcs : [ + for item in concat(local.mgmt_vols[val.display_name],local.wkld_vols[val.display_name]): { + volume_display_name = item.volume_display_name + volume_compartment_id = item.volume_compartment_id + } + ]]) + + mgmt_vols = { for key, val in var.sddcs : + val.display_name => try([for item in val.management_datastore: { + volume_compartment_id = try(split("@", item)[0],null) + volume_display_name = try(split("@", item)[1],null) + }],[])} + + wkld_vols = { for key, val in var.sddcs : + val.display_name => try([ for item in val.workload_datastore: + { + volume_compartment_id = try(split("@", item)[0],null) + volume_display_name = try(split("@", item)[1],null) + }] ,[])} + + management_datastores = { for key,val in var.sddcs : key => (val.management_datastore != null ? [for value in val.management_datastore: data.oci_core_volumes.ds_volumes[split("@", value)[1]].volumes.*.id[0]] : []) + } + + workload_datastores = {for key,val in var.sddcs: key => (val.workload_datastore != null ? [for value in val.workload_datastore: data.oci_core_volumes.ds_volumes[split("@", value)[1]].volumes.*.id[0]] : []) + } + } + +data "oci_core_volumes" "ds_volumes" { + for_each = {for value in local.ds_vols : value.volume_display_name => value.volume_compartment_id if value.volume_display_name != null } + compartment_id = each.value != null ? (length(regexall("ocid1.compartment.oc1*", each.value)) > 0 ? each.value : var.compartment_ocids[each.value]) : var.compartment_ocids[each.value] + display_name = each.key + state = "AVAILABLE" + +} + +data "oci_core_vcns" "oci_vcns_sddc" { + # depends_on = [module.vcns] # Uncomment to create Network and Instances together + for_each = var.sddcs != null ? var.sddcs : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.vcn_name +} + +data "oci_core_subnets" "oci_subnets_sddc" { + # depends_on = [module.subnets] # Uncomment to create Network and Instances together + for_each = var.sddcs != null ? var.sddcs : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.provisioning_subnet_id + vcn_id = data.oci_core_vcns.oci_vcns_sddc[each.key].virtual_networks.*.id[0] +} + +data "oci_core_vlans" "sddc_vlan_id" { + #Required + for_each = { for vlan in local.vlan_config : vlan.display_name => vlan if vlan.display_name != null} + compartment_id = each.value.compartment_id + display_name = each.key + vcn_id = each.value.vcn_id +} + +module "sddcs" { + #depends_on = [module.vlans] + source = "./modules/sddc/sddc" + for_each = var.sddcs != null ? var.sddcs : {} + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null + compute_availability_domain = each.value.availability_domain == "multi-AD" ? each.value.availability_domain : (each.value.availability_domain != "" && each.value.availability_domain != null) ? data.oci_identity_availability_domains.availability_domains.availability_domains[each.value.availability_domain].name : "" + esxi_hosts_count = each.value.esxi_hosts_count != "" ? each.value.esxi_hosts_count : null + nsx_edge_uplink1vlan_id = each.value.nsx_edge_uplink1vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.nsx_edge_uplink1vlan_id)) > 0 ? each.value.nsx_edge_uplink1vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.nsx_edge_uplink1vlan_id].vlans[0].id) : null + nsx_edge_uplink2vlan_id = each.value.nsx_edge_uplink2vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.nsx_edge_uplink2vlan_id)) > 0 ? each.value.nsx_edge_uplink2vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.nsx_edge_uplink2vlan_id].vlans[0].id) : null + nsx_edge_vtep_vlan_id = each.value.nsx_edge_vtep_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.nsx_edge_vtep_vlan_id)) > 0 ? each.value.nsx_edge_vtep_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.nsx_edge_vtep_vlan_id].vlans[0].id) : null + nsx_vtep_vlan_id = each.value.nsx_vtep_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.nsx_vtep_vlan_id)) > 0 ? each.value.nsx_vtep_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.nsx_vtep_vlan_id].vlans[0].id) : null + provisioning_subnet_id = each.value.provisioning_subnet_id != "" ? (length(regexall("ocid1.subnet.oc1*", each.value.provisioning_subnet_id)) > 0 ? each.value.provisioning_subnet_id : data.oci_core_subnets.oci_subnets_sddc[each.key].subnets.*.id[0]) : null + ssh_authorized_keys = each.value.ssh_authorized_keys != null ? (length(regexall("ssh-rsa*", each.value.ssh_authorized_keys)) > 0 ? each.value.ssh_authorized_keys : lookup(var.sddc_ssh_keys, each.value.ssh_authorized_keys, null)) : null + vmotion_vlan_id = each.value.vmotion_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.vmotion_vlan_id)) > 0 ? each.value.vmotion_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.vmotion_vlan_id].vlans[0].id) : null + vmware_software_version = each.value.vmware_software_version != "" ? each.value.vmware_software_version : null + vsan_vlan_id = each.value.vsan_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.vsan_vlan_id)) > 0 ? each.value.vsan_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.vsan_vlan_id].vlans[0].id) : null + vsphere_vlan_id = each.value.vsphere_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.vsphere_vlan_id)) > 0 ? each.value.vsphere_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.vsphere_vlan_id].vlans[0].id) : null + #Optional + initial_host_ocpu_count = each.value.initial_host_ocpu_count != "" ? each.value.initial_host_ocpu_count : null + initial_host_shape_name = each.value.initial_host_shape_name != "" ? each.value.initial_host_shape_name : null + capacity_reservation_id = each.value.capacity_reservation_id != "" ? each.value.capacity_reservation_id : null + initial_cluster_display_name = each.value.initial_cluster_display_name != "" ? each.value.initial_cluster_display_name : null #new addition + display_name = each.value.display_name != "" ? each.value.display_name : null #edited + defined_tags = each.value.defined_tags != {} ? each.value.defined_tags : {} + freeform_tags = each.value.freeform_tags != {} ? each.value.freeform_tags : {} + hcx_action = each.value.hcx_action != "" ? each.value.hcx_action : null + hcx_vlan_id = each.value.hcx_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.hcx_vlan_id)) > 0 ? each.value.hcx_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.hcx_vlan_id].vlans[0].id) : null + initial_commitment = each.value.initial_commitment != "" ? each.value.initial_commitment : null + instance_display_name_prefix = each.value.instance_display_name_prefix != "" ? each.value.instance_display_name_prefix : null + is_hcx_enabled = each.value.is_hcx_enabled != "" ? each.value.is_hcx_enabled : null + is_shielded_instance_enabled = each.value.is_shielded_instance_enabled != "" ? each.value.is_shielded_instance_enabled : null + is_single_host_sddc = each.value.is_single_host_sddc != "" ? each.value.is_single_host_sddc : null + provisioning_vlan_id = each.value.provisioning_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.provisioning_vlan_id)) > 0 ? each.value.provisioning_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.provisioning_vlan_id].vlans[0].id) : null + refresh_hcx_license_status = each.value.refresh_hcx_license_status != "" ? each.value.refresh_hcx_license_status : null + replication_vlan_id = each.value.replication_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.replication_vlan_id)) > 0 ? each.value.replication_vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.replication_vlan_id].vlans[0].id) : null + reserving_hcx_on_premise_license_keys = each.value.reserving_hcx_on_premise_license_keys != "" ? each.value.reserving_hcx_on_premise_license_keys : null + workload_network_cidr = each.value.workload_network_cidr != "" ? each.value.workload_network_cidr : null + management_datastore = local.management_datastores[each.key] != null ? local.management_datastores[each.key] : [] + workload_datastore = local.workload_datastores[each.key] != null ? local.workload_datastores[each.key] : [] + +} + +############################################ +# Module Block SDDC-Cluster +# Create additional SDDC-Cluster +############################################ + +locals { + vlan_ids_sddc_cluster = ["nsx_edge_uplink1vlan_id", "nsx_edge_uplink2vlan_id","nsx_edge_vtep_vlan_id", "nsx_vtep_vlan_id", "vmotion_vlan_id", "vsan_vlan_id", "vsphere_vlan_id", "replication_vlan_id", "provisioning_vlan_id", "hcx_vlan_id"] + vlan_config_sddc_cluster = flatten([for index in local.vlan_ids_sddc_cluster : [ + for key, val in var.sddc-clusters : { + #(index) = lookup(val, index, 0) + compartment_id = val.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", val.network_compartment_id)) > 0 ? val.network_compartment_id : var.compartment_ocids[val.network_compartment_id]) : null + display_name = lookup(val, index, 0) + vcn_id = data.oci_core_vcns.oci_vcns_sddc_cluster[key].virtual_networks.*.id[0] + } + ]]) + + ##grouping by display name + group_display_name = { + for item in local.vlan_config_sddc_cluster : item.display_name => item... + } + #removing duplicate entry + deduplicated_vlan_config = { + for key, value in local.group_display_name : key => value[0] + } + #converting map to a list + deduplicated_vlan_list = values(local.deduplicated_vlan_config) + + + ds_vols_sddc_cluster = flatten([ for key, val in var.sddc-clusters : [ + #for item in concat(local.mgmt_vols_sddc_cluster[val.display_name],local.wkld_vols_sddc_cluster[val.display_name]): { + for item in local.wkld_vols_sddc_cluster[val.display_name]: { + volume_display_name = item.volume_display_name + volume_compartment_id = item.volume_compartment_id + } + ]]) + + wkld_vols_sddc_cluster = { for key, val in var.sddc-clusters : + val.display_name => try([ for item in val.workload_datastore: + { + volume_compartment_id = try(split("@", item)[0],null) + volume_display_name = try(split("@", item)[1],null) + }] ,[])} + + + workload_datastores_sddc_cluster = {for key,val in var.sddc-clusters: key => (val.workload_datastore != null ? [for value in val.workload_datastore: data.oci_core_volumes.ds_volumes_sddc_cluster[split("@", value)[1]].volumes.*.id[0]] : []) + } + } + +data "oci_core_volumes" "ds_volumes_sddc_cluster" { + for_each = {for value in local.ds_vols_sddc_cluster : value.volume_display_name => value.volume_compartment_id if value.volume_display_name != null } + compartment_id = each.value != null ? (length(regexall("ocid1.compartment.oc1*", each.value)) > 0 ? each.value : var.compartment_ocids[each.value]) : var.compartment_ocids[each.value] + display_name = each.key + state = "AVAILABLE" + +} + +data "oci_core_vcns" "oci_vcns_sddc_cluster" { + #depends_on = [module.vcns] # Uncomment to create Network and Instances together + for_each = var.sddc-clusters != null ? var.sddc-clusters : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.vcn_name +} + +data "oci_core_subnets" "oci_subnets_sddc_cluster" { + #depends_on = [module.subnets] # Uncomment to create Network and Instances together + for_each = var.sddc-clusters != null ? var.sddc-clusters : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.provisioning_subnet_id + vcn_id = data.oci_core_vcns.oci_vcns_sddc_cluster[each.key].virtual_networks.*.id[0] +} + +data "oci_core_vlans" "sddc_cluster_vlan_id" { + #depends_on = [module.vlans] + #Required + for_each = { for vlan in local.deduplicated_vlan_list: vlan.display_name => vlan if vlan.display_name != null} + compartment_id = each.value.compartment_id + display_name = each.key + vcn_id = each.value.vcn_id +} + +data "oci_ocvp_sddcs" "oci_sddcs" { + depends_on = [module.sddcs] + for_each = var.sddc-clusters != null ? var.sddc-clusters : {} + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + display_name = each.value.sddc_id + state = "ACTIVE" +} + +module "sddc-clusters" { + #depends_on = [module.nsgs, module.vcns, module.route-tables, module.vlans, module.sddcs] + depends_on = [module.sddcs] + source = "./modules/sddc/sddc-cluster" + for_each = var.sddc-clusters != null ? var.sddc-clusters : {} + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc1*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null + compute_availability_domain = each.value.availability_domain == "multi-AD" ? each.value.availability_domain : (each.value.availability_domain != "" && each.value.availability_domain != null) ? data.oci_identity_availability_domains.availability_domains.availability_domains[each.value.availability_domain].name : "" + display_name = each.value.display_name != "" ? each.value.display_name : null + vmware_software_version = each.value.vmware_software_version != "" ? each.value.vmware_software_version : null + initial_commitment = each.value.initial_commitment != "" ? each.value.initial_commitment : null + initial_host_ocpu_count = each.value.initial_host_ocpu_count != "" ? each.value.initial_host_ocpu_count : null + initial_host_shape_name = each.value.initial_host_shape_name != "" ? each.value.initial_host_shape_name : null + esxi_hosts_count = each.value.esxi_hosts_count != "" ? each.value.esxi_hosts_count : null + instance_display_name_prefix = each.value.instance_display_name_prefix != "" ? each.value.instance_display_name_prefix : null + is_shielded_instance_enabled = each.value.is_shielded_instance_enabled != "" ? each.value.is_shielded_instance_enabled : null + nsx_edge_uplink1vlan_id = each.value.nsx_edge_uplink1vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.nsx_edge_uplink1vlan_id)) > 0 ? each.value.nsx_edge_uplink1vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.nsx_edge_uplink1vlan_id].vlans[0].id) : null + nsx_edge_uplink2vlan_id = each.value.nsx_edge_uplink2vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.nsx_edge_uplink2vlan_id)) > 0 ? each.value.nsx_edge_uplink2vlan_id : data.oci_core_vlans.sddc_vlan_id[each.value.nsx_edge_uplink2vlan_id].vlans[0].id) : null + nsx_edge_vtep_vlan_id = each.value.nsx_edge_vtep_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.nsx_edge_vtep_vlan_id)) > 0 ? each.value.nsx_edge_vtep_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.nsx_edge_vtep_vlan_id].vlans[0].id) : null + nsx_vtep_vlan_id = each.value.nsx_vtep_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.nsx_vtep_vlan_id)) > 0 ? each.value.nsx_vtep_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.nsx_vtep_vlan_id].vlans[0].id) : null + provisioning_subnet_id = each.value.provisioning_subnet_id != "" ? (length(regexall("ocid1.subnet.oc1*", each.value.provisioning_subnet_id)) > 0 ? each.value.provisioning_subnet_id : data.oci_core_subnets.oci_subnets_sddc_cluster[each.key].subnets.*.id[0]) : null + vmotion_vlan_id = each.value.vmotion_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.vmotion_vlan_id)) > 0 ? each.value.vmotion_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.vmotion_vlan_id].vlans[0].id) : null + vsan_vlan_id = each.value.vsan_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.vsan_vlan_id)) > 0 ? each.value.vsan_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.vsan_vlan_id].vlans[0].id) : null + vsphere_vlan_id = each.value.vsphere_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.vsphere_vlan_id)) > 0 ? each.value.vsphere_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.vsphere_vlan_id].vlans[0].id) : null + replication_vlan_id = each.value.replication_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.replication_vlan_id)) > 0 ? each.value.replication_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.replication_vlan_id].vlans[0].id) : null + hcx_vlan_id = each.value.hcx_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.hcx_vlan_id)) > 0 ? each.value.hcx_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.hcx_vlan_id].vlans[0].id) : null + provisioning_vlan_id = each.value.provisioning_vlan_id != null ? (length(regexall("ocid1.vlan.oc1*", each.value.provisioning_vlan_id)) > 0 ? each.value.provisioning_vlan_id : data.oci_core_vlans.sddc_cluster_vlan_id[each.value.provisioning_vlan_id].vlans[0].id) : null + workload_network_cidr = each.value.workload_network_cidr != "" ? each.value.workload_network_cidr : null + sddc_id = each.value.sddc_id != null ? (length(regexall("ocid1.vmwaresddc.oc1*", each.value.sddc_id)) > 0 ? each.value.sddc_id : data.oci_ocvp_sddcs.oci_sddcs[each.key].sddc_collection[0].id) : null + workload_datastore = local.workload_datastores_sddc_cluster[each.key] != null ? local.workload_datastores_sddc_cluster[each.key] : [] + defined_tags = each.value.defined_tags != {} ? each.value.defined_tags : {} + freeform_tags = each.value.freeform_tags != {} ? each.value.freeform_tags : {} + esxi_software_version = each.value.esxi_software_version != "" ? each.value.esxi_software_version : null + ssh_authorized_keys = each.value.ssh_authorized_keys != null ? (length(regexall("ssh-rsa*", each.value.ssh_authorized_keys)) > 0 ? each.value.ssh_authorized_keys : lookup(var.sddc_ssh_keys, each.value.ssh_authorized_keys, null)) : null +} diff --git a/examples/ocvs/variables_example.tf b/examples/ocvs/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/ocvs/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/oke/backend.tf b/examples/oke/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/oke/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/oke/oci-data.tf b/examples/oke/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/oke/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/oke/oke.tf b/examples/oke/oke.tf new file mode 100644 index 0000000..8692980 --- /dev/null +++ b/examples/oke/oke.tf @@ -0,0 +1,160 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +####################################### +# Module Block - OKE +# Create OKE clusters and Nodepools +####################################### + + +data "oci_core_subnets" "oci_subnets_endpoint" { + # depends_on = [module.subnets] # Uncomment to create Network and OKE together + for_each = var.clusters != null ? var.clusters : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.endpoint_subnet_id + vcn_id = data.oci_core_vcns.oci_vcns_cluster[each.key].virtual_networks.*.id[0] +} + + +data "oci_core_subnets" "oci_subnets_worker" { + # depends_on = [module.subnets] # Uncomment to create Network and OKE together + for_each = var.nodepools != null ? var.nodepools : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.subnet_id + vcn_id = data.oci_core_vcns.oci_vcns_nodepool[each.key].virtual_networks.*.id[0] +} + +data "oci_core_subnets" "oci_subnets_pod" { + # depends_on = [module.subnets] # Uncomment to create Network and OKE together + for_each = var.nodepools != null ? var.nodepools : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.pod_subnet_ids + vcn_id = data.oci_core_vcns.oci_vcns_nodepool[each.key].virtual_networks.*.id[0] +} + +data "oci_core_subnets" "oci_subnets_virtual_worker" { + # depends_on = [module.subnets] # Uncomment to create Network and OKE together + for_each = var.virtual-nodepools != null ? var.virtual-nodepools : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.subnet_id + vcn_id = data.oci_core_vcns.oci_vcns_virtual_nodepool[each.key].virtual_networks.*.id[0] +} + +data "oci_core_subnets" "oci_subnets_virtual_pod" { + # depends_on = [module.subnets] # Uncomment to create Network and OKE together + for_each = var.virtual-nodepools != null ? var.virtual-nodepools : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.pod_subnet_id + vcn_id = data.oci_core_vcns.oci_vcns_virtual_nodepool[each.key].virtual_networks.*.id[0] +} + + +data "oci_core_vcns" "oci_vcns_cluster" { + # depends_on = [module.vcns] # Uncomment to create Network and OKE together + for_each = var.clusters != null ? var.clusters : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.vcn_name +} + +data "oci_core_vcns" "oci_vcns_nodepool" { + # depends_on = [module.vcns] # Uncomment to create Network and OKE together + for_each = var.nodepools != null ? var.nodepools : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.vcn_name +} + +data "oci_core_vcns" "oci_vcns_virtual_nodepool" { + # depends_on = [module.vcns] # Uncomment to create Network and OKE together + for_each = var.virtual-nodepools != null ? var.virtual-nodepools : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.vcn_name +} + +module "clusters" { + source = "./modules/oke/cluster" + for_each = var.clusters + display_name = each.value.display_name + compartment_id = length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id] + network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.compartment_id] + vcn_names = [each.value.vcn_name] + type = each.value.cluster_type + is_policy_enabled = each.value.is_policy_enabled + policy_kms_key_id = each.value.policy_kms_key_id + kubernetes_version = each.value.kubernetes_version + is_kubernetes_dashboard_enabled = each.value.is_kubernetes_dashboard_enabled + is_tiller_enabled = each.value.is_tiller_enabled + cni_type = each.value.cni_type + is_public_ip_enabled = each.value.is_public_ip_enabled + nsg_ids = each.value.nsg_ids + endpoint_subnet_id = length(regexall("ocid1.subnet.oc*", each.value.endpoint_subnet_id)) > 0 ? each.value.endpoint_subnet_id : data.oci_core_subnets.oci_subnets_endpoint[each.key].subnets.*.id[0] + is_pod_security_policy_enabled = each.value.is_pod_security_policy_enabled + pods_cidr = each.value.pods_cidr + services_cidr = each.value.services_cidr + service_lb_subnet_ids = each.value.service_lb_subnet_ids + kms_key_id = each.value.cluster_kms_key_id + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + volume_defined_tags = each.value.volume_defined_tags + volume_freeform_tags = each.value.volume_freeform_tags + lb_defined_tags = each.value.lb_defined_tags + lb_freeform_tags = each.value.lb_freeform_tags +} + +module "nodepools" { + source = "./modules/oke/nodepool" + for_each = var.nodepools + tenancy_ocid = var.tenancy_ocid + display_name = each.value.display_name + availability_domain = each.value.availability_domain + fault_domains = each.value.fault_domains + cluster_name = length(regexall("ocid1.cluster.oc*", each.value.cluster_name)) > 0 ? each.value.cluster_name : merge(module.clusters.*...)[each.value.cluster_name]["cluster_tf_id"] + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null + vcn_names = [each.value.vcn_name] + node_shape = each.value.node_shape + initial_node_labels = each.value.initial_node_labels + kubernetes_version = each.value.kubernetes_version + subnet_id = length(regexall("ocid1.subnet.oc*", each.value.subnet_id)) > 0 ? each.value.subnet_id : data.oci_core_subnets.oci_subnets_worker[each.key].subnets.*.id[0] + size = each.value.size + is_pv_encryption_in_transit_enabled = each.value.is_pv_encryption_in_transit_enabled + cni_type = each.value.cni_type + max_pods_per_node = each.value.max_pods_per_node + pod_nsg_ids = each.value.pod_nsg_ids + pod_subnet_ids = each.value.pod_subnet_ids != null ? (length(regexall("ocid1.subnet.oc*", each.value.pod_subnet_ids)) > 0 ? each.value.pod_subnet_ids : data.oci_core_subnets.oci_subnets_pod[each.key].subnets.*.id[0]) : null + worker_nsg_ids = each.value.worker_nsg_ids + memory_in_gbs = each.value.memory_in_gbs + ocpus = each.value.ocpus + image_id = length(regexall("ocid1.image.oc*", each.value.image_id)) > 0 ? each.value.image_id : var.oke_source_ocids[each.value.image_id] + source_type = each.value.source_type + boot_volume_size_in_gbs = each.value.boot_volume_size_in_gbs + ssh_public_key = each.value.ssh_public_key != null ? (length(regexall("ssh-rsa*", each.value.ssh_public_key)) > 0 ? each.value.ssh_public_key : lookup(var.oke_ssh_keys, each.value.ssh_public_key, null)) : null + kms_key_id = each.value.nodepool_kms_key_id + node_defined_tags = each.value.node_defined_tags + node_freeform_tags = each.value.node_freeform_tags + nodepool_defined_tags = each.value.nodepool_defined_tags + nodepool_freeform_tags = each.value.nodepool_freeform_tags +} + +module "virtual-nodepools" { + source = "./modules/oke/virtual-nodepool" + for_each = var.virtual-nodepools + tenancy_ocid = var.tenancy_ocid + display_name = each.value.display_name + availability_domain = each.value.availability_domain + fault_domains = each.value.fault_domains + cluster_name = length(regexall("ocid1.cluster.oc*", each.value.cluster_name)) > 0 ? each.value.cluster_name : merge(module.clusters.*...)[each.value.cluster_name]["cluster_tf_id"] + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null + vcn_names = [each.value.vcn_name] + node_shape = each.value.node_shape + initial_virtual_node_labels = each.value.initial_virtual_node_labels + taints = each.value.taints + subnet_id = length(regexall("ocid1.subnet.oc*", each.value.subnet_id)) > 0 ? each.value.subnet_id : data.oci_core_subnets.oci_subnets_virtual_worker[each.key].subnets.*.id[0] + size = each.value.size + pod_nsg_ids = each.value.pod_nsg_ids + pod_subnet_id = (length(regexall("ocid1.subnet.oc*", each.value.pod_subnet_id)) > 0 ? each.value.pod_subnet_id : data.oci_core_subnets.oci_subnets_virtual_pod[each.key].subnets.*.id[0]) + worker_nsg_ids = each.value.worker_nsg_ids + node_defined_tags = each.value.node_defined_tags + node_freeform_tags = each.value.node_freeform_tags + nodepool_defined_tags = each.value.nodepool_defined_tags + nodepool_freeform_tags = each.value.nodepool_freeform_tags +} diff --git a/examples/oke/provider.tf b/examples/oke/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/oke/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/oke/variables_example.tf b/examples/oke/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/oke/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/oss/backend.tf b/examples/oss/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/oss/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/oss/object-storage.tf b/examples/oss/object-storage.tf new file mode 100644 index 0000000..c315380 --- /dev/null +++ b/examples/oss/object-storage.tf @@ -0,0 +1,129 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Module Block - Object Storage +# Create Object Storage Policies +############################ + +data "oci_objectstorage_namespace" "bucket_namespace" { + #Optional + compartment_id = var.tenancy_ocid +} + +module "oss-policies" { + source = "./modules/identity/iam-policy" + for_each = var.oss_policies != null ? var.oss_policies : {} + + tenancy_ocid = var.tenancy_ocid + policy_name = each.value.name + policy_compartment_id = each.value.compartment_id != "root" ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : var.tenancy_ocid + policy_description = each.value.policy_description + policy_statements = each.value.policy_statements + + #Optional + defined_tags = each.value.defined_tags != {} ? each.value.defined_tags : {} + freeform_tags = each.value.freeform_tags != {} ? each.value.freeform_tags : {} + policy_version_date = each.value.policy_version_date != null ? each.value.policy_version_date : null +} + +/* +output "oss_policies_id_map" { + value = [ for k,v in merge(module.oss-policies.*...) : v.policies_id_map] +} +*/ + +############################# +# Module Block - Object Storage +# Create Object Storage +############################# + +module "oss-buckets" { + source = "./modules/storage/object-storage" + for_each = var.buckets != null ? var.buckets : {} + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + name = each.value.name + namespace = data.oci_objectstorage_namespace.bucket_namespace.namespace + + #Optional + access_type = each.value.access_type != "" ? each.value.access_type : null # Defaults to 'NoPublicAccess' as per hashicorp terraform + auto_tiering = each.value.auto_tiering != "" ? each.value.auto_tiering : null # Defaults to 'Disabled' as per hashicorp terraform + defined_tags = each.value.defined_tags != {} ? each.value.defined_tags : {} + freeform_tags = each.value.freeform_tags != {} ? each.value.freeform_tags : {} + kms_key_id = each.value.kms_key_id != "" ? each.value.kms_key_id : null + #metadata = each.value.metadata != {} ? each.value.metadata : {} + object_events_enabled = each.value.object_events_enabled != "" ? each.value.object_events_enabled : null # Defaults to 'false' as per hashicorp terraform + storage_tier = each.value.storage_tier != "" ? each.value.storage_tier : null # Defaults to 'Standard' as per hashicorp terraform + versioning = each.value.versioning != "" ? each.value.versioning : null + retention_rules = each.value.retention_rules + bucket = each.value.name + replication_policy = coalesce(each.value.replication_policy, null) + lifecycle_policy = each.value.lifecycle_policy + rules = each.value.lifecycle_policy.rules + +} + +############################# +# Module Block - OSS Logging +# Create Object Storage Log Groups and Logs +############################# + +data "oci_objectstorage_bucket" "buckets" { + depends_on = [module.oss-buckets] + for_each = var.oss_logs != null ? var.oss_logs : {} + #Required + name = each.value.resource + namespace = data.oci_objectstorage_namespace.bucket_namespace.namespace +} + +module "oss-log-groups" { + source = "./modules/managementservices/log-group" + for_each = var.oss_log_groups != null ? var.oss_log_groups : {} + + # Log Groups + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + + display_name = each.value.display_name + + #Optional + defined_tags = each.value.defined_tags + description = each.value.description + freeform_tags = each.value.freeform_tags +} + +/* +output "oss_log_group_map" { + value = [ for k,v in merge(module.oss-log-groups.*...) : v.log_group_tf_id ] +} +*/ + +module "oss-logs" { + source = "./modules/managementservices/log" + for_each = var.oss_logs != null ? var.oss_logs : {} + + # Logs + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + display_name = each.value.display_name + log_group_id = length(regexall("ocid1.loggroup.oc*", each.value.log_group_id)) > 0 ? each.value.log_group_id : merge(module.oss-log-groups.*...)[each.value.log_group_id]["log_group_tf_id"] + + log_type = each.value.log_type + #Required + source_category = each.value.category + source_resource = length(regexall("ocid1.*", each.value.resource)) > 0 ? each.value.resource : data.oci_objectstorage_bucket.buckets[each.key].name + source_service = each.value.service + source_type = each.value.source_type + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + log_is_enabled = (each.value.is_enabled == "" || each.value.is_enabled == null) ? true : each.value.is_enabled + log_retention_duration = (each.value.retention_duration == "" || each.value.retention_duration == null) ? 30 : each.value.retention_duration + +} + +/* +output "oss_logs_id" { + value = [ for k,v in merge(module.oss-logs.*...) : v.log_tf_id] +} +*/ \ No newline at end of file diff --git a/examples/oss/oci-data.tf b/examples/oss/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/oss/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/oss/provider.tf b/examples/oss/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/oss/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/oss/variables_example.tf b/examples/oss/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/oss/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/quota/backend.tf b/examples/quota/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/quota/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/quota/oci-data.tf b/examples/quota/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/quota/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/quota/provider.tf b/examples/quota/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/quota/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/quota/quota.tf b/examples/quota/quota.tf new file mode 100644 index 0000000..a9227e9 --- /dev/null +++ b/examples/quota/quota.tf @@ -0,0 +1,17 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +####################################### +# Module Block - QUOTA POLICIES +# Create Quota policies +####################################### + +module "quota_policies" { + source = "./modules/governance/quota-policy" + for_each = var.quota_policies + tenancy_ocid = var.tenancy_ocid + quota_description = each.value.quota_description + quota_name = each.value.quota_name + quota_statements = each.value.quota_statements + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags +} diff --git a/examples/quota/variables_example.tf b/examples/quota/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/quota/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/security/backend.tf b/examples/security/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/security/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/security/cloud-guard.tf b/examples/security/cloud-guard.tf new file mode 100644 index 0000000..352a087 --- /dev/null +++ b/examples/security/cloud-guard.tf @@ -0,0 +1,41 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Module Block - Security +# Create Cloud Guard Configuration and Cloud Guard Targets +############################ + +module "cloud-guard-configurations" { + source = "./modules/security/cloud-guard-configuration" + for_each = var.cloud_guard_configs != null ? var.cloud_guard_configs : {} + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : var.tenancy_ocid + reporting_region = each.value.reporting_region + status = each.value.status + + #Optional + self_manage_resources = each.value.self_manage_resources +} + +module "cloud-guard-targets" { + source = "./modules/security/cloud-guard-target" + for_each = var.cloud_guard_targets != null ? var.cloud_guard_targets : {} + + depends_on = [module.cloud-guard-configurations] + #Required + tenancy_ocid = var.tenancy_ocid + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : var.tenancy_ocid + display_name = each.value.display_name + target_resource_id = each.value.target_resource_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.target_resource_id)) > 0 ? each.value.target_resource_id : var.compartment_ocids[each.value.target_resource_id]) : each.value.target_resource_id + target_resource_type = each.value.target_resource_type != null ? each.value.target_resource_type : "COMPARTMENT" + prefix = each.value.prefix + + #Optional + defined_tags = each.value.defined_tags + description = each.value.description + freeform_tags = each.value.freeform_tags + state = each.value.state + target_detector_recipes = each.value.target_detector_recipes + target_responder_recipes = each.value.target_responder_recipes +} diff --git a/examples/security/oci-data.tf b/examples/security/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/security/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/security/provider.tf b/examples/security/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/security/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/security/variables_example.tf b/examples/security/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/security/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/tagging/backend.tf b/examples/tagging/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/tagging/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/tagging/oci-data.tf b/examples/tagging/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/tagging/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/tagging/provider.tf b/examples/tagging/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/tagging/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/tagging/tagging.tf b/examples/tagging/tagging.tf new file mode 100644 index 0000000..6e50080 --- /dev/null +++ b/examples/tagging/tagging.tf @@ -0,0 +1,53 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Module Block - Storage +# Create Tag Namespaces, Tag Keys and Default Tags +############################ + +module "tag-namespaces" { + source = "./modules/governance/tagging/tag-namespace" + for_each = (var.tag_namespaces != null || var.tag_namespaces != {}) ? var.tag_namespaces : {} + + #Required + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + description = each.value.description != "" ? each.value.description : each.value.name + name = each.value.name + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + is_retired = each.value.is_retired + +} + +module "tag-keys" { + source = "./modules/governance/tagging/tag-key" + for_each = (var.tag_keys != null || var.tag_keys != {}) ? var.tag_keys : {} + + #Required + tag_namespace_id = length(regexall("ocid1.tagnamespace.oc*", each.value.tag_namespace_id)) > 0 ? each.value.tag_namespace_id : merge(module.tag-namespaces.*...)[each.value.tag_namespace_id]["namespace_tf_id"] + description = each.value.description != "" ? each.value.description : each.value.name + name = each.value.name + + #Optional + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags + is_cost_tracking = each.value.is_cost_tracking + key_name = each.key + is_retired = each.value.is_retired + tag_keys = var.tag_keys +} + +module "tag-defaults" { + source = "./modules/governance/tagging/tag-default" + for_each = (var.tag_defaults != null || var.tag_defaults != {}) ? var.tag_defaults : {} + + #Required + compartment_id = length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : try(zipmap(data.oci_identity_compartments.compartments.compartments.*.name, data.oci_identity_compartments.compartments.compartments.*.id)[each.value.compartment_id], var.compartment_ocids[each.value.compartment_id]) + tag_definition_id = length(regexall("ocid1.tagdefinition.oc*", each.value.tag_definition_id)) > 0 ? each.value.tag_definition_id : merge(module.tag-keys.*...)[each.value.tag_definition_id]["tag_key_tf_id"] + value = each.value.value + + #Optional + is_required = each.value.is_required +} \ No newline at end of file diff --git a/examples/tagging/variables_example.tf b/examples/tagging/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/tagging/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/vlan/backend.tf b/examples/vlan/backend.tf new file mode 100644 index 0000000..16bc557 --- /dev/null +++ b/examples/vlan/backend.tf @@ -0,0 +1,21 @@ +/*This line will be removed when using remote state +# !!! WARNING !!! Terraform State Lock is not supported with OCI Object Storage. +# Pre-Requisite: Create a version enabled object storage bucket to store the state file. +# End Point Format: https://.compat.objectstorage..oraclecloud.com +# Please look at the below doc for information about shared_credentials_file and other parameters: +# Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformUsingObjectStore.htm + +terraform { + backend "s3" { + key = "" + bucket = "" + region = "" + endpoint = "" + shared_credentials_file = "~/.aws/credentials" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + force_path_style = true + } +} +This line will be removed when using remote state*/ \ No newline at end of file diff --git a/examples/vlan/oci-data.tf b/examples/vlan/oci-data.tf new file mode 100644 index 0000000..1495707 --- /dev/null +++ b/examples/vlan/oci-data.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Fetch Compartments +############################ + +#Fetch Compartment Details +data "oci_identity_compartments" "compartments" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + #name = var.compartment_name + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" +} + + +############################ +# Data Block - Network +# Fetch ADs +############################ + +data "oci_identity_availability_domains" "availability_domains" { + #Required + compartment_id = var.tenancy_ocid +} + + +/* +output "compartment_id_map" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = zipmap(data.oci_identity_compartments.compartments.compartments.*.name,data.oci_identity_compartments.compartments.compartments.*.id) +} + +output "ads" { + value = data.oci_identity_availability_domains.availability_domains.availability_domains.*.name +} +*/ \ No newline at end of file diff --git a/examples/vlan/provider.tf b/examples/vlan/provider.tf new file mode 100644 index 0000000..9a69c98 --- /dev/null +++ b/examples/vlan/provider.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Provider Block +# OCI +############################ + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "5.40.0" + } + } +} diff --git a/examples/vlan/variables_example.tf b/examples/vlan/variables_example.tf new file mode 100644 index 0000000..fae17ea --- /dev/null +++ b/examples/vlan/variables_example.tf @@ -0,0 +1,2082 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# +# Variables Block +# OCI +# +############################ + +variable "tenancy_ocid" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +################################# +# SSH Keys +################################# + +variable "instance_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_instance_ssh_keys# + # exported instance ssh keys + #instance_ssh_keys_END# + } +} + +variable "oke_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_oke_ssh_keys# + #oke_ssh_keys_END# + } +} +variable "sddc_ssh_keys" { + type = map(any) + default = { + ssh_public_key = "" + # Use '\n' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = "ssh-rsa AAXXX......yhdlo\nssh-rsa AAxxskj...edfwf" + #START_sddc_ssh_keys# + #sddc_ssh_keys_END# + } +} + +variable "exacs_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_exacs_ssh_keys# + # exported exacs ssh keys + #exacs_ssh_keys_END# + } +} + +variable "dbsystem_ssh_keys" { + type = map(any) + default = { + ssh_public_key = [""] + # Use ',' as the delimiter to add multiple ssh keys. + # Example: ssh_public_key = ["ssh-rsa AAXXX......yhdlo","ssh-rsa AAxxskj...edfwf"] + #START_dbsystem_ssh_keys# + # exported dbsystem ssh keys + #dbsystem_ssh_keys_END# + } +} + +################################# +# Platform Image OCIDs and +# Market Place Images +################################# + +variable "instance_source_ocids" { + type = map(any) + default = { + Linux = "" + Windows = "" + PaloAlto = "Palo Alto Networks VM-Series Next Generation Firewall" + #START_instance_source_ocids# + # exported instance image ocids + #instance_source_ocids_END# + } +} + +variable "blockvolume_source_ocids" { + type = map(any) + default = { + block1 = "" + #blockvolume_source_ocid = "" + #START_blockvolume_source_ocids# + # exported block volume source ocids + #blockvolume_source_ocids_END# + } +} + +variable "fss_source_ocids" { + type = map(any) + default = { + snapshot1 = "" + #fss_source_snapshot_ocid = "" + #START_fss_source_snapshot_ocids# + # exported fss source snapshot ocids + #fss_source_snapshot_ocids_END# + } +} + +variable "oke_source_ocids" { + type = map(any) + default = { + Linux = "" + #START_oke_source_ocids# + # exported oke image ocids + #oke_source_ocids_END# + } +} + +################################# +# +# Variables according to Services +# PLEASE DO NOT MODIFY +# +################################# + +########################## +## Fetch Compartments #### +########################## + +variable "compartment_ocids" { + type = map(any) + default = { + #START_compartment_ocids# + # compartment ocids + #compartment_ocids_END# + } +} + +######################### +##### Identity ########## +######################### + +variable "compartments" { + type = object({ + root = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level1 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level2 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level3 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level4 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + compartment_level5 = optional(map(object({ + tenancy_ocid = optional(string) + parent_compartment_id = string + name = string + description = optional(string) + enable_delete = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + }))) + }) + default = { + root = {}, + compartment_level1 = {}, + compartment_level2 = {}, + compartment_level3 = {}, + compartment_level4 = {}, + compartment_level5 = {}, + } +} + +variable "policies" { + type = map(object({ + name = string + compartment_id = string + policy_description = string + policy_statements = list(string) + policy_version_date = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "groups" { + type = map(object({ + group_name = string + group_description = string + matching_rule = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "users" { + type = map(object({ + name = string + description = string + email = string + disable_capabilities = optional(list(string)) + group_membership = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "networkSources" { + type = map(object({ + name = string + description = string + public_source_list = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + virtual_source_list = optional(list(map(list(string)))) + + })) + default = {} +} + +######################### +####### Governance ######### +######################### + +variable "tag_namespaces" { + description = "To provision Namespaces" + type = map(object({ + compartment_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_retired = optional(bool) + })) + default = {} +} + +variable "tag_keys" { + description = "To provision Tag Keys" + type = map(object({ + tag_namespace_id = string + description = string + name = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_cost_tracking = optional(bool) + is_retired = optional(bool) + validator = optional(list(object({ + validator_type = optional(string) + validator_values = optional(list(any)) + }))) + })) + default = {} +} + +variable "tag_defaults" { + description = "To make the Tag keys as default to compartments" + type = map(object({ + compartment_id = string + tag_definition_id = string + value = string + is_required = optional(bool) + })) + default = {} +} + +variable "quota_policies" { + type = map(object({ + quota_name = string + quota_description = string + quota_statements = list(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### Network ########## +######################### + +variable "default_dhcps" { + type = map(object({ + server_type = string + manage_default_resource_id = optional(string) + custom_dns_servers = optional(list(any)) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "custom_dhcps" { + type = map(object({ + compartment_id = string + server_type = string + vcn_id = string + custom_dns_servers = optional(list(any)) + domain_name_type = optional(string) + display_name = optional(string) + search_domain = optional(map(list(any))) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcns" { + type = map(object({ + compartment_id = string + cidr_blocks = optional(list(string)) + byoipv6cidr_details = optional(list(map(any))) + display_name = optional(string) + dns_label = optional(string) + is_ipv6enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ipv6private_cidr_blocks = optional(list(string)) + is_oracle_gua_allocation_enabled = optional(bool) + })) + default = {} +} + +variable "igws" { + type = map(object({ + compartment_id = string + vcn_id = string + enable_igw = optional(bool) + igw_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_table_id = optional(string) + })) + default = {} +} + +variable "sgws" { + type = map(object({ + compartment_id = string + vcn_id = string + service = optional(string) + sgw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "ngws" { + type = map(object({ + compartment_id = string + vcn_id = string + block_traffic = optional(bool) + public_ip_id = optional(string) + ngw_name = optional(string) + route_table_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "lpgs" { + type = map(any) + default = { + hub-lpgs = {}, + spoke-lpgs = {}, + peer-lpgs = {}, + none-lpgs = {}, + exported-lpgs = {}, + } +} + +variable "drgs" { + type = map(object({ + compartment_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "default_seclists" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + ingress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + source = optional(string) + source_type = optional(string) + options = optional(map(any)) + }))) + egress_sec_rules = optional(list(object({ + protocol = optional(string) + stateless = optional(string) + description = optional(string) + destination = optional(string) + destination_type = optional(string) + options = optional(map(any)) + }))) + })) + default = {} +} + +variable "route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) + +})) +default = {} +} + +variable "default_route_tables" { + type = map(object({ + compartment_id = string + vcn_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + route_rules_igw = list(map(any)) + route_rules_ngw = list(map(any)) + route_rules_sgw = list(map(any)) + route_rules_drg = list(map(any)) + route_rules_lpg = list(map(any)) + route_rules_ip = list(map(any)) + gateway_route_table = optional(bool,false) + default_route_table = optional(bool,false) +})) + default = {} +} + +variable "nsgs" { + type = map(object({ + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nsg_rules" { + type = map(object({ + nsg_id = string + direction = string + protocol = string + description = optional(string) + stateless = optional(string) + source_type = optional(string) + destination_type = optional(string) + destination = optional(string) + source = optional(string) + options = optional(map(any)) + })) + default = {} +} + +variable "subnets" { + type = map(object({ + compartment_id = string + vcn_id = string + cidr_block = string + display_name = optional(string) + dns_label = optional(string) + ipv6cidr_block = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + prohibit_internet_ingress = optional(string) + prohibit_public_ip_on_vnic = optional(string) + availability_domain = optional(string) + dhcp_options_id = optional(string) + route_table_id = optional(string) + security_list_ids = optional(list(string)) + })) + default = {} +} + +variable "vlans" { + type = map(object({ + cidr_block = string + compartment_id = string + network_compartment_id = string + vcn_name = string + display_name = optional(string) + nsg_ids = optional(list(string)) + route_table_name = optional(string) + vlan_tag = optional(string) + availability_domain = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +variable "drg_attachments" { + type = map(any) + default = {} +} + +variable "drg_other_attachments" { + type = map(any) + default = {} +} + +variable "drg_route_tables" { + type = map(object({ + drg_id = string + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_ecmp_enabled = optional(bool) + import_drg_route_distribution_id = optional(string) + })) + default = {} +} + +variable "drg_route_rules" { + type = map(any) + default = {} +} + +variable "drg_route_distributions" { + type = map(object({ + distribution_type = string + drg_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + })) + default = {} +} + +variable "drg_route_distribution_statements" { + type = map(object({ + drg_route_distribution_id = string + action = string + match_criteria = optional(list(object({ + match_type = string + attachment_type = optional(string) + drg_attachment_id = optional(string) + }))) + priority = optional(string) + })) + default = {} +} + +variable "data_drg_route_tables" { + type = map(any) + default = {} +} + +variable "data_drg_route_table_distributions" { + type = map(any) + default = {} +} + +#################### +####### DNS ####### +#################### + +variable "zones" { +type = map(object({ +compartment_id = string +display_name = string +view_compartment_id = optional(string) +view_id = optional(string) +zone_type = optional(string) +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + +variable "views" { +type = map(object({ +compartment_id = string +display_name = string +scope = optional(string) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) + default = {} +} + +variable "rrsets" { +type = map(object({ +compartment_id = optional(string) +view_compartment_id = optional(string) +view_id = optional(string) +zone_id = string +domain = string +rtype = string +ttl = number +rdata = optional(list(string)) +scope = optional(string) +})) +default = {} +} + +variable "resolvers" { +type = map(object({ +network_compartment_id= string +vcn_name = string +display_name = optional(string) +views = optional(map(object({ + view_id = optional(string) + view_compartment_id = optional(string) +}))) +resolver_rules = optional(map(object({ + client_address_conditions = optional(list(any)) + destination_addresses = optional(list(any)) + qname_cover_conditions = optional(list(any)) + source_endpoint_name = optional(string) +}))) +endpoint_names = optional(map(object({ + is_forwarding = optional(bool) + is_listening = optional(bool) + name = optional(string) + subnet_name = optional(string) + forwarding_address = optional(string) + listening_address = optional(string) + nsg_ids = optional(list(string)) +}))) +freeform_tags = optional(map(any)) +defined_tags = optional(map(any)) +})) +default = {} +} + + +######################### +## Dedicated VM Hosts ## +######################### + +variable "dedicated_hosts" { + type = map(object({ + availability_domain = string + compartment_id = string + vm_host_shape = string + defined_tags = optional(map(any)) + display_name = optional(string) + fault_domain = optional(string) + freeform_tags = optional(map(any)) + })) + description = "To provision new dedicated VM hosts" + default = {} +} + +######################### +## Instances/Block Volumes ## +######################### + +variable "blockvolumes" { + description = "To provision block volumes" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = string + size_in_gbs = optional(string) + is_auto_tune_enabled = optional(string) + vpus_per_gb = optional(string) + kms_key_id = optional(string) + attach_to_instance = optional(string) + attachment_type = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + device = optional(string) + encryption_in_transit_type = optional(string) + attachment_display_name = optional(string) + is_read_only = optional(bool) + is_pv_encryption_in_transit_enabled = optional(bool) + is_shareable = optional(bool) + use_chap = optional(bool) + is_agent_auto_iscsi_login_enabled = optional(bool) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + source_details = optional(list(map(any))) + block_volume_replicas = optional(list(map(any))) + block_volume_replicas_deletion = optional(bool) + autotune_policies = optional(list(map(any))) + })) + default = {} +} + +variable "block_backup_policies" { + type = map(any) + description = "To create block volume back policy" + default = {} +} + +variable "instances" { + description = "Map of instances to be provisioned" + type = map(object({ + availability_domain = string + compartment_id = string + shape = string + source_id = string + source_type = string + vcn_name = string + subnet_id = string + network_compartment_id = string + display_name = optional(string) + assign_public_ip = optional(bool) + boot_volume_size_in_gbs = optional(string) + fault_domain = optional(string) + dedicated_vm_host_id = optional(string) + private_ip = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(string)) + ocpus = optional(string) + memory_in_gbs = optional(number) + capacity_reservation_id = optional(string) + create_is_pv_encryption_in_transit_enabled = optional(bool) + remote_execute = optional(string) + bastion_ip = optional(string) + cloud_init_script = optional(string) + ssh_authorized_keys = optional(string) + backup_policy = optional(string) + policy_compartment_id = optional(string) + network_type = optional(string) + #extended_metadata = optional(string) + skip_source_dest_check = optional(bool) + baseline_ocpu_utilization = optional(string) + #preemptible_instance_config = optional(string) + all_plugins_disabled = optional(bool) + is_management_disabled = optional(bool) + is_monitoring_disabled = optional(bool) + assign_private_dns_record = optional(string) + plugins_details = optional(map(any)) + is_live_migration_preferred = optional(bool) + recovery_action = optional(string) + are_legacy_imds_endpoints_disabled = optional(bool) + boot_volume_type = optional(string) + firmware = optional(string) + is_consistent_volume_naming_enabled = optional(bool) + remote_data_volume_type = optional(string) + platform_config = optional(list(map(any))) + launch_options = optional(list(map(any))) + ipxe_script = optional(string) + preserve_boot_volume = optional(bool) + vlan_id = optional(string) + kms_key_id = optional(string) + vnic_display_name = optional(string) + vnic_defined_tags = optional(map(any)) + vnic_freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "boot_backup_policies" { + type = map(any) + description = "Map of boot volume backup policies to be provisioned" + default = {} +} + +######################### +####### Database ######## +######################### + +variable "exa_infra" { + description = "To provision exadata infrastructure" + type = map(any) + default = {} +} + +variable "exa_vmclusters" { + description = "To provision exadata cloud VM cluster" + type = map(any) + default = {} +} + +variable "dbsystems_vm_bm" { + description = "To provision DB System" + type = map(any) + default = {} +} + +variable "db_home" { + type = map(any) + description = "Map of database db home to be provisioned" + default = {} +} + +variable "databases" { + description = "Map of databases to be provisioned in an existing db_home" + type = map(any) + default = {} +} + +#################################### +####### Autonomous Database ######## +#################################### + +variable "adb" { + type = map(object({ + admin_password = optional(string) + character_set = optional(string) + compartment_id = string + cpu_core_count = optional(number) + database_edition = optional(string) + data_storage_size_in_tbs = optional(number) + customer_contacts = optional(list(string)) + db_name = string + db_version = optional(string) + db_workload = optional(string) + display_name = optional(string) + license_model = optional(string) + ncharacter_set = optional(string) + network_compartment_id = optional(string) + nsg_ids = optional(list(string)) + subnet_id = optional(string) + vcn_name = optional(string) + whitelisted_ips = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +######### FSS ########### +######################### + +variable "mount_targets" { + description = "To provision Mount Targets" + type = map(object({ + availability_domain = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + display_name = optional(string) + ip_address = optional(string) + hostname_label = optional(string) + nsg_ids = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fss" { + description = "To provision File System Services" + type = map(object({ + availability_domain = string + compartment_id = string + display_name = optional(string) + source_snapshot = optional(string) + snapshot_policy = optional(string) + policy_compartment_id = optional(string) + kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_export_options" { + description = "To provision Export Sets" + type = map(object({ + export_set_id = string + file_system_id = string + path = string + export_options = optional(list(any)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_idmap_groups_for_sys_auth = optional(bool) + })) + default = {} +} + +variable "fss_replication" { + description = "To provision File System Replication" + type = map(object({ + compartment_id = string + source_id = string + target_id = string + display_name = optional(string) + replication_interval = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +####### FSS Logs ######## +######################### + +variable "nfs_log_groups" { + description = "To provision Log Groups for Mount Target" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nfs_logs" { + description = "To provision Logs for Mount Target" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + + +######################### +#### Load Balancers ##### +######################### + +variable "load_balancers" { + description = "To provision Load Balancers" + type = map(object({ + compartment_id = string + vcn_name = string + shape = string + subnet_ids = list(any) + network_compartment_id = string + display_name = string + shape_details = optional(list(map(any))) + nsg_ids = optional(list(any)) + is_private = optional(bool) + ip_mode = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + reserved_ips_id = optional(string) + })) + default = {} +} + +variable "hostnames" { + description = "To provision Load Balancer Hostnames" + type = map(object({ + load_balancer_id = string + hostname = string + name = string + })) + default = {} +} + +variable "certificates" { + description = "To provision Load Balancer Certificates" + type = map(object({ + certificate_name = string + load_balancer_id = string + ca_certificate = optional(string) + passphrase = optional(string) + private_key = optional(string) + public_certificate = optional(string) + })) + default = {} +} + +variable "cipher_suites" { + description = "To provision Load Balancer Cipher Suites" + type = map(object({ + ciphers = list(string) + name = string + load_balancer_id = optional(string) + })) + default = {} +} + +variable "backend_sets" { + description = "To provision Load Balancer Backend Sets" + type = map(object({ + name = string + load_balancer_id = string + policy = string + protocol = optional(string) + interval_ms = optional(string) + is_force_plain_text = optional(string) + port = optional(string) + response_body_regex = optional(string) + retries = optional(string) + return_code = optional(string) + timeout_in_millis = optional(string) + url_path = optional(string) + lb_cookie_session = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + path = optional(string) + domain = optional(string) + is_http_only = optional(string) + is_secure = optional(string) + max_age_in_seconds = optional(string) + }))) + session_persistence_configuration = optional(list(object({ + cookie_name = optional(string) + disable_fallback = optional(string) + }))) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "backends" { + description = "To provision Load Balancer Backends" + type = map(object({ + backendset_name = string + ip_address = string + load_balancer_id = string + port = string + instance_compartment = optional(string) + backup = optional(string) + drain = optional(string) + offline = optional(string) + weight = optional(string) + })) + default = {} +} + +variable "listeners" { + description = "To provision Load Balancer Listeners" + type = map(object({ + name = string + load_balancer_id = string + port = string + protocol = string + default_backend_set_name = string + connection_configuration = optional(list(map(any))) + hostname_names = optional(list(any)) + path_route_set_name = optional(string) + rule_set_names = optional(list(any)) + routing_policy_name = optional(string) + certificate_name = optional(string) + cipher_suite_name = optional(string) + ssl_configuration = optional(list(object({ + certificate_ids = optional(list(any)) + server_order_preference = optional(string) + trusted_certificate_authority_ids = optional(list(any)) + verify_peer_certificate = optional(string) + verify_depth = optional(string) + protocols = optional(list(any)) + }))) + })) + default = {} +} + +variable "path_route_sets" { + description = "To provision Load Balancer Path Route Sets" + type = map(object({ + name = string + load_balancer_id = string + path_routes = optional(list(map(any))) + })) + default = {} +} + +variable "rule_sets" { + description = "To provision Load Balancer Rule Sets" + type = map(object({ + name = string + load_balancer_id = string + access_control_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + description = optional(string) + }))) + access_control_method_rules = optional(list(object({ + action = string + allowed_methods = optional(list(any)) + status_code = optional(string) + }))) + http_header_rules = optional(list(object({ + action = string + are_invalid_characters_allowed = optional(bool) + http_large_header_size_in_kb = optional(string) + }))) + uri_redirect_rules = optional(list(object({ + action = string + attribute_name = optional(string) + attribute_value = optional(string) + operator = optional(string) + host = optional(string) + path = optional(string) + port = optional(string) + protocol = optional(string) + query = optional(string) + response_code = optional(string) + }))) + request_response_header_rules = optional(list(object({ + action = string + header = optional(string) + prefix = optional(string) + suffix = optional(string) + value = optional(string) + }))) + })) + default = {} +} + +variable "lbr_reserved_ips" { + description = "To provision Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + display_name = string + lifetime = string + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +################################### +####### Load Balancer Logs ######## +################################### + +variable "loadbalancer_log_groups" { + description = "To provision Log Groups for Load Balancers" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "loadbalancer_logs" { + description = "To provision Logs for Load Balancers" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +## Network Load Balancers ## +######################### + +variable "network_load_balancers" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + subnet_id = string + is_private = optional(bool) + reserved_ips_id = string + is_preserve_source_destination = optional(bool) + is_symmetric_hash_enabled = optional(bool) + nlb_ip_version = optional(string) + assigned_private_ipv4 = optional(string) + nsg_ids = optional(list(string)) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "nlb_listeners" { + type = map(object({ + name = string + network_load_balancer_id = string + default_backend_set_name = string + port = number + protocol = string + ip_version = optional(string) + })) + default = {} +} + +variable "nlb_backend_sets" { + type = map(object({ + name = string + network_load_balancer_id = string + policy = string + protocol = string + domain_name = optional(string) + query_class = optional(string) + query_type = optional(string) + rcodes = optional(list(string)) + transport_protocol = optional(string) + return_code = optional(number) + interval_in_millis = optional(number) + port = optional(number) + request_data = optional(string) + response_body_regex = optional(string) + response_data = optional(string) + retries = optional(number) + timeout_in_millis = optional(number) + url_path = optional(string) + is_preserve_source = optional(bool) + ip_version = optional(string) + })) + default = {} +} +variable "nlb_backends" { + type = map(object({ + name = optional(string) + backend_set_name = string + network_load_balancer_id = string + port = number + ip_address = string + instance_compartment = string + is_drain = optional(bool) + is_backup = optional(bool) + is_offline = optional(bool) + weight = optional(number) + target_id = optional(string) + })) + default = {} +} +variable "nlb_reserved_ips" { + description = "To provision Network Load Balancer Reserved IPs" + type = map(object({ + compartment_id = string + lifetime = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + display_name = optional(string) + private_ip_id = optional(string) + public_ip_pool_id = optional(string) + })) + default = {} +} + + +######################### +##### IP Management ##### +######################### + +variable "public_ip_pools" { + type = map(any) + default = {} +} + +variable "private_ips" { + type = map(any) + default = {} +} + +variable "reserved_ips" { + type = map(any) + default = {} +} + +variable "vnic_attachments" { + type = map(any) + default = {} +} + +######################### +##### VCN Logs ########## +######################### + +variable "vcn_log_groups" { + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "vcn_logs" { + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +###### OSS Buckets ###### +######################### + +variable "buckets" { + type = map(any) + default = {} +} + +######################### +####### OSS Logs ######## +######################### + +variable "oss_log_groups" { + description = "To provision Log Groups for OSS" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "oss_logs" { + description = "To provision Logs for OSS" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +######################### +### OSS IAM Policies #### +######################### + +variable "oss_policies" { + type = map(any) + default = {} +} + +######################### +## Management Services ## +######################### + +variable "alarms" { + type = map(object({ + compartment_id = string + destinations = list(string) + alarm_name = string + is_enabled = bool + metric_compartment_id = string + namespace = string + query = string + severity = string + body = optional(string) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + is_notifications_per_metric_dimension_enabled = optional(bool) + metric_compartment_id_in_subtree = optional(string) + trigger_delay_minutes = optional(string) + repeat_notification_duration = optional(string) + resolution = optional(string) + resource_group = optional(string) + suppression = optional(map(any)) + })) + default = {} +} + +variable "events" { + type = map(object({ + event_name = string + compartment_id = string + description = string + is_enabled = bool + condition = string + actions = optional(list(object({ + action_type = string + is_enabled = string + description = optional(string) + function_id = optional(string) + stream_id = optional(string) + topic_id = optional(string) + }))) + message_format = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_topics" { + type = map(object({ + compartment_id = string + topic_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "notifications_subscriptions" { + type = map(object({ + compartment_id = string + endpoint = string + protocol = string + topic_id = string + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "service_connectors" { + type = any + default = {} + description = "To provision service connector hub resources" +} + +######################### +## Developer Services ## +######################### + +## OKE + +variable "clusters" { + type = map(object({ + display_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + kubernetes_version = string + cni_type = string + cluster_type = string + is_policy_enabled = optional(bool) + policy_kms_key_id = optional(string) + is_kubernetes_dashboard_enabled = optional(bool) + is_tiller_enabled = optional(bool) + is_public_ip_enabled = optional(bool) + nsg_ids = optional(list(string)) + endpoint_subnet_id = string + is_pod_security_policy_enabled = optional(bool) + pods_cidr = optional(string) + services_cidr = optional(string) + service_lb_subnet_ids = optional(list(string)) + cluster_kms_key_id = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + lb_defined_tags = optional(map(any)) + lb_freeform_tags = optional(map(any)) + volume_defined_tags = optional(map(any)) + volume_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_node_labels = optional(map(any)) + kubernetes_version = string + is_pv_encryption_in_transit_enabled = optional(bool) + availability_domain = number + fault_domains = optional(list(string)) + subnet_id = string + size = number + cni_type = string + max_pods_per_node = optional(number) + pod_nsg_ids = optional(list(string)) + pod_subnet_ids = optional(string) + worker_nsg_ids = optional(list(string)) + memory_in_gbs = optional(number) + ocpus = optional(number) + image_id = string + source_type = string + boot_volume_size_in_gbs = optional(number) + ssh_public_key = optional(string) + nodepool_kms_key_id = optional(string) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "virtual-nodepools" { + type = map(object({ + display_name = string + cluster_name = string + compartment_id = string + network_compartment_id = string + vcn_name = string + node_shape = string + initial_virtual_node_labels = optional(map(any)) + availability_domain = number + fault_domains = list(string) + subnet_id = string + size = number + pod_nsg_ids = optional(list(string)) + pod_subnet_id = string + worker_nsg_ids = optional(list(string)) + taints = optional(list(any)) + node_defined_tags = optional(map(any)) + node_freeform_tags = optional(map(any)) + nodepool_defined_tags = optional(map(any)) + nodepool_freeform_tags = optional(map(any)) + })) + default = {} +} + + +################################## +############## SDDCs ############# +################################## +variable "sddcs" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = string + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = string + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + initial_cluster_display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + management_datastore = optional(list(string)) + workload_datastore = optional(list(string)) + + })) + default = {} + +} + +variable "sddc-clusters" { + type = map(object({ + compartment_id = string + availability_domain = string + network_compartment_id = string + vcn_name = string + esxi_hosts_count = number + nsx_edge_uplink1vlan_id = string + nsx_edge_uplink2vlan_id = optional(string) + nsx_edge_vtep_vlan_id = string + nsx_vtep_vlan_id = string + provisioning_subnet_id = string + ssh_authorized_keys = optional(string) + vmotion_vlan_id = string + vmware_software_version = string + vsan_vlan_id = string + vsphere_vlan_id = string + capacity_reservation_id = optional(string) + defined_tags = optional(map(any)) + display_name = optional(string) + freeform_tags = optional(map(any)) + hcx_action = optional(string) + hcx_vlan_id = optional(string) + initial_host_ocpu_count = optional(number) + initial_host_shape_name = optional(string) + initial_commitment = optional(string) + instance_display_name_prefix = optional(string) + is_hcx_enabled = optional(bool) + is_shielded_instance_enabled = optional(bool) + is_single_host_sddc = optional(bool) + provisioning_vlan_id = optional(string) + refresh_hcx_license_status = optional(bool) + replication_vlan_id = optional(string) + reserving_hcx_on_premise_license_keys = optional(string) + workload_network_cidr = optional(string) + workload_datastore = optional(list(string)) + sddc_id = optional(string) + esxi_software_version = optional(string) + + })) + default = {} + +} + + +############################ +## Key Management Service ## +############################ + +variable "vaults" { + type = map(object({ + compartment_id = string + display_name = string + vault_type = string + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + replica_region = optional(string) + })) + default = {} +} + +variable "keys" { + type = map(object({ + compartment_id = string + display_name = string + vault_name = string + algorithm = optional(string) + length = optional(string) + curve_id = optional(string) + protection_mode = optional(string) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + is_auto_rotation_enabled = optional(bool) + rotation_interval_in_days = optional(string) + + })) + default = {} +} + +########################### +######### Budgets ######### +########################### + +variable "budgets" { + type = map(object({ + amount = string + compartment_id = string + reset_period = string + budget_processing_period_start_offset = optional(string) + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + processing_period_type = optional(string) + budget_end_date = optional(string) + budget_start_date = optional(string) + target_type = optional(string) + targets = optional(list(any)) + })) + default = {} +} + +variable "budget_alert_rules" { + type = map(object({ + budget_id = string + threshold = string + threshold_type = string + type = string + defined_tags = optional(map(any)) + description = optional(string) + display_name = optional(string) + freeform_tags = optional(map(any)) + message = optional(string) + recipients = optional(string) + })) + default = {} +} + +########################### +####### Cloud Guard ####### +########################### + +variable "cloud_guard_configs" { + type = map(object({ + compartment_id = string + reporting_region = string + status = string + self_manage_resources = optional(string) + + })) + default = {} +} + +variable "cloud_guard_targets" { + type = map(object({ + compartment_id = string + display_name = string + target_resource_id = string + target_resource_type = string + prefix = string + description = optional(string) + state = optional(string) + target_detector_recipes = optional(list(any)) + target_responder_recipes = optional(list(any)) + freeform_tags = optional(map(any)) + defined_tags = optional(map(any)) + })) + default = {} +} + +#################################### +####### Custom Backup Policy ####### +#################################### + +variable "custom_backup_policies" { + type = map(any) + default = {} +} + +variable "capacity_reservation_ocids" { + type = map(any) + default = { + "AD1" : "", + "AD2" : "", + "AD3" : "" + } +} + +##################################### +####### Firewall as a Service ####### +##################################### +variable "firewalls" { + type = map(object({ + compartment_id = string + network_compartment_id = string + network_firewall_policy_id = string + subnet_id = string + vcn_name = string + display_name = string + ipv4address = optional(string) + nsg_id = optional(list(string)) + ipv6address = optional(string) + availability_domain = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw-policies" { + type = map(object({ + compartment_id = optional(string) + display_name = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} +variable "services" { + type = map(object({ + service_name = string + service_type = string + network_firewall_policy_id = string + port_ranges = list(object({ + minimum_port = string + maximum_port = optional(string) + })) + })) + default = {} +} +variable "url_lists" { + type = map(object({ + urllist_name = string + network_firewall_policy_id = string + urls = list(object({ + pattern = string + type = string + })) + })) + default = {} +} +variable "service_lists" { + type = map(object({ + service_list_name = string + network_firewall_policy_id = string + services = list(string) + })) + default = {} +} + +variable "address_lists" { + type = map(object({ + address_list_name = string + network_firewall_policy_id = string + address_type = string + addresses = list(string) + })) + default = {} +} + +variable "applications" { + type = map(object({ + app_list_name = string + network_firewall_policy_id = string + app_type = string + icmp_type = number + icmp_code = optional(number) + })) + default = {} +} + +variable "application_groups" { + type = map(object({ + app_group_name = string + network_firewall_policy_id = string + apps = list(string) + + })) + default = {} +} + +variable "security_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + application = optional(list(string)) + destination_address = optional(list(string)) + service = optional(list(string)) + source_address = optional(list(string)) + url = optional(list(string)) + }))) + inspection = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +variable "secrets" { + type = map(object({ + secret_name = string + network_firewall_policy_id = string + secret_source = string + secret_type = string + vault_secret_id = string + version_number = number + vault_name = string + vault_compartment_id = string + })) + default = {} +} + +variable "decryption_profiles" { + type = map(object({ + profile_name = string + profile_type = string + network_firewall_policy_id = string + are_certificate_extensions_restricted = optional(bool) + is_auto_include_alt_name = optional(bool) + is_expired_certificate_blocked = optional(bool) + is_out_of_capacity_blocked = optional(bool) + is_revocation_status_timeout_blocked = optional(bool) + is_unknown_revocation_status_blocked = optional(bool) + is_unsupported_cipher_blocked = optional(bool) + is_unsupported_version_blocked = optional(bool) + is_untrusted_issuer_blocked = optional(bool) + })) + default = {} +} + +variable "decryption_rules" { + type = map(object({ + action = string + rule_name = string + network_firewall_policy_id = string + condition = optional(list(object({ + + destination_address = optional(list(string)) + + source_address = optional(list(string)) + + }))) + decryption_profile = optional(string) + secret = optional(string) + after_rule = optional(string) + before_rule = optional(string) + + })) + default = {} +} + +######################### +####### Firewall Logs ######## +######################### + +variable "fw_log_groups" { + description = "To provision Log Groups for Network Firewall" + type = map(object({ + compartment_id = string + display_name = string + description = optional(string) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +variable "fw_logs" { + description = "To provision Logs for Network Firewall" + type = map(object({ + display_name = string + log_group_id = string + log_type = string + compartment_id = optional(string) + category = optional(string) + resource = optional(string) + service = optional(string) + source_type = optional(string) + is_enabled = optional(bool) + retention_duration = optional(number) + defined_tags = optional(map(any)) + freeform_tags = optional(map(any)) + })) + default = {} +} + +########################## +# Add new variables here # +########################## +######################### END ######################### diff --git a/examples/vlan/vlan.tf b/examples/vlan/vlan.tf new file mode 100644 index 0000000..ec9f98c --- /dev/null +++ b/examples/vlan/vlan.tf @@ -0,0 +1,38 @@ +############################################ +# Module Network - VLAN +# Create VLAN +############################################ + +data "oci_core_route_tables" "oci_route_tables_vlans" { + # depends_on = [module.route-tables] #Uncomment this if using single outdir for Network and VLANs + for_each = var.vlans != null ? var.vlans : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : var.compartment_ocids[each.value.network_compartment_id] + display_name = each.value.route_table_name + vcn_id = data.oci_core_vcns.oci_vcns_vlans[each.key].virtual_networks.*.id[0] +} + +data "oci_core_vcns" "oci_vcns_vlans" { + for_each = var.vlans != null ? var.vlans : {} + compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null + display_name = each.value.vcn_name +} + +module "vlans" { + source = "./modules/network/vlan" + for_each = var.vlans != null ? var.vlans : {} + + compartment_id = each.value.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartment_ocids[each.value.compartment_id]) : null + network_compartment_id = each.value.network_compartment_id != null ? (length(regexall("ocid1.compartment.oc*", each.value.network_compartment_id)) > 0 ? each.value.network_compartment_id : var.compartment_ocids[each.value.network_compartment_id]) : null + cidr_block = each.value.cidr_block != "" ? each.value.cidr_block : null + vcn_id = flatten(data.oci_core_vcns.oci_vcns_vlans[each.key].virtual_networks.*.id)[0] + display_name = each.value.display_name != "" ? each.value.display_name : null + nsg_ids = each.value.nsg_ids + route_table_id = each.value.route_table_name != null ? (length(regexall("ocid1.routeteable.oc*", each.value.route_table_name)) > 0 ? each.value.route_table_name : data.oci_core_route_tables.oci_route_tables_vlans[each.key].route_tables.*.id[0]) : null + #route_table_id = each.value.route_table_name != null ? (length(regexall("ocid1.routeteable.oc*", each.value.route_table_name)) > 0 ? each.value.route_table_name : try(data.oci_core_route_tables.oci_route_tables_vlans[each.key].route_tables.*.id[0], module.route-tables["${each.value.vcn_name}_${each.value.route_table_name}"]["route_table_ids"])): null + vlan_tag = each.value.vlan_tag != "" ? each.value.vlan_tag : null + availability_domain = each.value.availability_domain != "" && each.value.availability_domain != null ? data.oci_identity_availability_domains.availability_domains.availability_domains[each.value.availability_domain].name : "" + defined_tags = each.value.defined_tags + freeform_tags = each.value.freeform_tags +} + + diff --git a/modules/compute/dedicated-vm-host/main.tf b/modules/compute/dedicated-vm-host/main.tf new file mode 100755 index 0000000..498a7a6 --- /dev/null +++ b/modules/compute/dedicated-vm-host/main.tf @@ -0,0 +1,18 @@ +#// Copyright (c) 2021, 2022, Oracle and/or its affiliates. +# +##################################### +## Resource Block - Dedicated VM Host +## Create Dedicated VM Hosts +##################################### + +resource "oci_core_dedicated_vm_host" "dedicated_vm_host" { + availability_domain = var.availability_domain + compartment_id = var.compartment_id + dedicated_vm_host_shape = var.vm_host_shape + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + display_name = var.display_name + fault_domain = var.fault_domain +} diff --git a/modules/compute/dedicated-vm-host/oracle_provider_req.tf b/modules/compute/dedicated-vm-host/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/compute/dedicated-vm-host/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/compute/dedicated-vm-host/outputs.tf b/modules/compute/dedicated-vm-host/outputs.tf new file mode 100755 index 0000000..7528dd2 --- /dev/null +++ b/modules/compute/dedicated-vm-host/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################### +# Outputs Block - Dedicated VM Host +# Create Dedicated VM Hosts +################################### + +output "dedicated_host_tf_id" { + value = oci_core_dedicated_vm_host.dedicated_vm_host.id +} \ No newline at end of file diff --git a/modules/compute/dedicated-vm-host/variables.tf b/modules/compute/dedicated-vm-host/variables.tf new file mode 100755 index 0000000..9826509 --- /dev/null +++ b/modules/compute/dedicated-vm-host/variables.tf @@ -0,0 +1,35 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +##################################### +# Variables Block - Dedicated VM Host +# Create Dedicated VM Hosts +##################################### + +variable "availability_domain" { + type = string + default = null +} +variable "compartment_id" { + type = string + default = null +} +variable "vm_host_shape" { + type = string + default = null +} +variable "defined_tags" { + type = map(string) + default = {} +} +variable "freeform_tags" { + type = map(string) + default = {} +} +variable "display_name" { + type = string + default = null +} +variable "fault_domain" { + type = string + default = null +} diff --git a/modules/compute/instance/data.tf b/modules/compute/instance/data.tf new file mode 100755 index 0000000..1c6f63a --- /dev/null +++ b/modules/compute/instance/data.tf @@ -0,0 +1,159 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +## Data Block - Instance +## Create Instance and Boot Volume Backup Policy +############################# + +locals { + nsg_ids = var.nsg_ids != null ? flatten(tolist([for nsg in var.nsg_ids : (length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? [nsg] : data.oci_core_network_security_groups.network_security_groups[nsg].network_security_groups[*].id)])) : null + + ADs = [ + for ad in data.oci_identity_availability_domains.ads.availability_domains : ad.name + ] + + shapes_config = { + for shape in data.oci_core_shapes.present_ad.shapes : shape.name => { + memory_in_gbs = shape.memory_in_gbs + ocpus = shape.ocpus + } + } + + platform_configs = { + for shape in data.oci_core_shapes.present_ad.shapes : shape.name => { + config_type = length(shape.platform_config_options) > 0 ? element(flatten(shape.platform_config_options[*].type),0) : "" + } if shape.name == var.shape + } + + plugins_config = var.plugins_details != null ? var.plugins_details : {} + remote_execute_script = var.remote_execute == null ? "SCRIPT-NOT-SET" : var.remote_execute + cloud_init_script = var.cloud_init_script == null ? "SCRIPT-NOT-SET" : var.cloud_init_script +} + +data "oci_identity_availability_domains" "ads" { + compartment_id = var.compartment_id +} + +data "oci_core_shapes" "present_ad" { + compartment_id = var.compartment_id + availability_domain = var.availability_domain == "" || var.availability_domain == null ? element(local.ADs, 0) : var.availability_domain +} + +data "oci_core_vcns" "oci_vcns_instances" { + for_each = { for vcn in var.vcn_names : vcn => vcn } + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value +} +// +//data "oci_core_subnets" "oci_subnets_instances" { +// compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id +// display_name = var.subnet_id +// vcn_id = data.oci_core_vcns.oci_vcns_instances[var.vcn_names[0]].virtual_networks.*.id[0] +//} + +data "oci_core_dedicated_vm_hosts" "existing_vm_host" { + count = var.dedicated_vm_host_name != null ? 1 : 0 + compartment_id = var.compartment_id + display_name = var.dedicated_vm_host_name + state = "ACTIVE" +} + +data "oci_core_network_security_groups" "network_security_groups" { + for_each = var.nsg_ids != null ? { for nsg in var.nsg_ids : nsg => nsg } : {} + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value + vcn_id = data.oci_core_vcns.oci_vcns_instances[var.vcn_names[0]].virtual_networks.*.id[0] +} + +#data "oci_core_boot_volumes" "all_boot_volumes" { +# depends_on = [oci_core_instance.instance] +# count = var.boot_tf_policy != null ? 1 : 0 +# #Required +# compartment_id = var.compartment_id +# availability_domain = var.availability_domain +# filter { +# name = "display_name" +# values = [join(" ", [var.display_name, "(Boot Volume)"])] +# } +# filter { +# name = "state" +# values = ["AVAILABLE"] +# } +#} + +data "oci_core_volume_backup_policies" "boot_vol_backup_policy" { + count = var.boot_tf_policy != null ? 1 : 0 + + filter { + name = "display_name" + values = [lower(var.boot_tf_policy)] + } +} + +data "oci_core_volume_backup_policies" "boot_vol_custom_policy" { + count = var.boot_tf_policy != null ? 1 : 0 + compartment_id = local.policy_tf_compartment_id + filter { + name = "display_name" + values = [var.boot_tf_policy] + } +} + +################################ +# Data Block - Instances +# Market Place Images +################################ + +data "oci_marketplace_listing_package_agreements" "listing_package_agreements" { + count = length(regexall("ocid1.image.oc*", var.source_image_id)) > 0 || length(regexall("ocid1.bootvolume.oc*", var.source_image_id)) > 0 || var.source_image_id == null ? 0 : 1 + #Required + listing_id = data.oci_marketplace_listing.listing.0.id + package_version = data.oci_marketplace_listing.listing.0.default_package_version + + #Optional + compartment_id = var.compartment_id +} + +data "oci_marketplace_listing_package" "listing_package" { + count = length(regexall("ocid1.image.oc*", var.source_image_id)) > 0 || length(regexall("ocid1.bootvolume.oc*", var.source_image_id)) > 0 || var.source_image_id == null ? 0 : 1 + #Required + listing_id = data.oci_marketplace_listing.listing.0.id + package_version = data.oci_marketplace_listing.listing.0.default_package_version + + #Optional + compartment_id = var.compartment_id +} + +data "oci_marketplace_listing_packages" "listing_packages" { + count = length(regexall("ocid1.image.oc*", var.source_image_id)) > 0 || length(regexall("ocid1.bootvolume.oc*", var.source_image_id)) > 0 || var.source_image_id == null ? 0 : 1 + #Required + listing_id = data.oci_marketplace_listing.listing.0.id + + #Optional + compartment_id = var.compartment_id +} + +data "oci_marketplace_listings" "listings" { + count = length(regexall("ocid1.image.oc*", var.source_image_id)) > 0 || length(regexall("ocid1.bootvolume.oc*", var.source_image_id)) > 0 || var.source_image_id == null ? 0 : 1 + name = [var.source_image_id] + #is_featured = true # Comment this line for GovCloud + compartment_id = var.compartment_id +} + +data "oci_marketplace_listing" "listing" { + count = length(regexall("ocid1.image.oc*", var.source_image_id)) > 0 || length(regexall("ocid1.bootvolume.oc*", var.source_image_id)) > 0 || var.source_image_id == null ? 0 : 1 + listing_id = data.oci_marketplace_listings.listings.0.listings[0].id + compartment_id = var.compartment_id +} + +data "oci_core_app_catalog_listing_resource_versions" "app_catalog_listing_resource_versions" { + count = length(regexall("ocid1.image.oc*", var.source_image_id)) > 0 || length(regexall("ocid1.bootvolume.oc*", var.source_image_id)) > 0 || var.source_image_id == null ? 0 : 1 + listing_id = data.oci_marketplace_listing_package.listing_package.0.app_catalog_listing_id +} + +data "oci_core_app_catalog_listing_resource_version" "catalog_listing" { + count = length(regexall("ocid1.image.oc*", var.source_image_id)) > 0 || length(regexall("ocid1.bootvolume.oc*", var.source_image_id)) > 0 || var.source_image_id == null ? 0 : 1 + listing_id = data.oci_marketplace_listing_package.listing_package.0.app_catalog_listing_id + resource_version = data.oci_marketplace_listing_package.listing_package.0.app_catalog_listing_resource_version +} + diff --git a/modules/compute/instance/main.tf b/modules/compute/instance/main.tf new file mode 100755 index 0000000..683be11 --- /dev/null +++ b/modules/compute/instance/main.tf @@ -0,0 +1,273 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +## Resource Block - Instance +## Create Instance and Boot Volume Backup Policy +############################# + +resource "oci_core_instance" "instance" { + #Required + availability_domain = var.availability_domain + compartment_id = var.compartment_id + capacity_reservation_id = var.capacity_reservation_id + shape = var.shape + dedicated_vm_host_id = var.dedicated_vm_host_name != null ? data.oci_core_dedicated_vm_hosts.existing_vm_host[0].dedicated_vm_hosts[0]["id"] : null + defined_tags = var.defined_tags + display_name = var.display_name + extended_metadata = var.extended_metadata + fault_domain = var.fault_domain + freeform_tags = var.freeform_tags + ipxe_script = var.ipxe_script + is_pv_encryption_in_transit_enabled = var.create_is_pv_encryption_in_transit_enabled + metadata = { + ssh_authorized_keys = var.ssh_public_keys + user_data = fileexists("${path.root}/scripts/${local.cloud_init_script}") ? "${base64encode(file("${path.root}/scripts/${local.cloud_init_script}"))}" : null + } + preserve_boot_volume = var.preserve_boot_volume + + dynamic "preemptible_instance_config" { + for_each = var.preemptible_instance_config + content { + #Required + preemption_action { + #Required + type = preemptible_instance_config.value["action_type"] + #Optional + preserve_boot_volume = preemptible_instance_config.value["preserve_boot_volume"] + } + } + } + + #Optional + agent_config { + #Optional + are_all_plugins_disabled = var.all_plugins_disabled + is_management_disabled = var.is_management_disabled + is_monitoring_disabled = var.is_monitoring_disabled + + dynamic "plugins_config" { + #Required + for_each = local.plugins_config + content { + desired_state = plugins_config.value + name = plugins_config.key + } + } + } + availability_config { + #Optional + is_live_migration_preferred = var.is_live_migration_preferred + recovery_action = var.recovery_action + } + + create_vnic_details { + #Optional + assign_private_dns_record = var.assign_private_dns_record + assign_public_ip = var.assign_public_ip + defined_tags = var.vnic_defined_tags != {} ? var.vnic_defined_tags : var.defined_tags + display_name = var.vnic_display_name != "" && var.vnic_display_name != null ? var.vnic_display_name : var.display_name + freeform_tags = var.vnic_freeform_tags != {} ? var.vnic_freeform_tags : var.freeform_tags + hostname_label = var.hostname_label + nsg_ids = var.nsg_ids != null ? (local.nsg_ids == [] ? ["INVALID NSG Name"] : local.nsg_ids) : null + private_ip = var.private_ip + subnet_id = var.subnet_id + vlan_id = var.vlan_id + skip_source_dest_check = var.skip_source_dest_check + } + + instance_options { + #Optional + are_legacy_imds_endpoints_disabled = var.are_legacy_imds_endpoints_disabled + } + + dynamic launch_options { + #Check network_type exist + for_each = var.launch_options != null ? (lookup(element(var.launch_options,0), "network_type", null) != null ? var.launch_options : []) : [] + + content { + #Optional + #boot_volume_type = launch_options.value.boot_volume_type + firmware = lookup(element(var.launch_options,0), "firmware", null) != null ? launch_options.value.firmware : null + is_consistent_volume_naming_enabled = lookup(element(var.launch_options,0), "is_consistent_volume_naming_enabled", null) != null ? launch_options.value.is_consistent_volume_naming_enabled : null + is_pv_encryption_in_transit_enabled = lookup(element(var.launch_options,0), "is_pv_encryption_in_transit_enabled", null) != null ? launch_options.value.is_pv_encryption_in_transit_enabled : null + network_type = launch_options.value.network_type + #remote_data_volume_type = launch_options.value.remote_data_volume_type + } + } + + dynamic "platform_config" { + for_each = var.platform_config != null ? var.platform_config : [] + content { + #Required + type = lookup(element(var.platform_config,0),"config_type",null ) != "" ? platform_config.value.config_type : local.platform_configs[var.shape]["config_type"] + #Optional + is_measured_boot_enabled = lookup(element(var.platform_config,0), "is_measured_boot_enabled", null) != null ? platform_config.value.is_measured_boot_enabled : null + is_secure_boot_enabled = lookup(element(var.platform_config,0), "is_secure_boot_enabled", null) != null ? platform_config.value.is_secure_boot_enabled : null + is_trusted_platform_module_enabled = lookup(element(var.platform_config,0), "is_trusted_platform_module_enabled", null) != null ? platform_config.value.is_trusted_platform_module_enabled : null + numa_nodes_per_socket = lookup(element(var.platform_config,0), "numa_nodes_per_socket", null) != null ? platform_config.value.numa_nodes_per_socket : null + } + } + + shape_config { + #Optional + baseline_ocpu_utilization = var.baseline_ocpu_utilization + memory_in_gbs = var.memory_in_gbs == null ? local.shapes_config[var.shape]["memory_in_gbs"] : var.memory_in_gbs + ocpus = var.ocpu_count == null ? local.shapes_config[var.shape]["ocpus"] : var.ocpu_count + } + + source_details { + source_id = length(regexall("ocid1.image.oc*", var.source_image_id)) > 0 || length(regexall("ocid1.bootvolume.oc*", var.source_image_id)) > 0 || var.source_image_id == null ? var.source_image_id : data.oci_core_app_catalog_listing_resource_version.catalog_listing.0.listing_resource_id + source_type = var.source_type + #Optional + #boot_volume_size_in_gbs = var.boot_volume_size_in_gbs + boot_volume_size_in_gbs = var.source_type == "image" ? var.boot_volume_size_in_gbs : null + kms_key_id = var.kms_key_id + } + + lifecycle { + ignore_changes = [create_vnic_details[0].defined_tags["Oracle-Tags.CreatedOn"], create_vnic_details[0].defined_tags["Oracle-Tags.CreatedBy"]] + } +} + + +resource "null_resource" "ansible-remote-exec" { + count = var.remote_execute == null ? 0 : ((length(regexall(".yaml", local.remote_execute_script)) > 0) || (length(regexall(".yml", local.remote_execute_script)) > 0) ? 1 : 0) + + connection { + type = "ssh" + timeout = "10m" + agent = false + host = oci_core_instance.instance.private_ip + user = "opc" + private_key = fileexists("${path.root}/scripts/server-ssh-key") ? file("${path.root}/scripts/server-ssh-key") : "" + + bastion_host = var.bastion_ip + bastion_user = "opc" + bastion_private_key = fileexists("${path.root}/scripts/bastion-ssh-key") ? file("${path.root}/scripts/bastion-ssh-key") : "" + } + + #This has been tested only OL8 version. For other OS it might need changes accordingly. + provisioner "file" { + source = fileexists("${path.root}/scripts/${local.remote_execute_script}") ? "${path.root}/scripts/${local.remote_execute_script}" : "${path.root}/scripts/default.yaml" + destination = "/home/opc/${local.remote_execute_script}" + } + + provisioner "remote-exec" { + inline = [ + "sudo dnf install -y epel-release", + "sudo dnf install ansible -y", + "sudo ansible-galaxy collection install community.general", + "sudo ansible-galaxy collection install ansible.posix", + "sudo ansible --version", + "sudo chmod 777 /home/opc/${local.remote_execute_script}", + "sudo touch /etc/cron.d/ansible", + "sudo chmod 600 /etc/cron.d/ansible", + "sudo /bin/bash -c '/bin/echo \"* * * * * root ansible-playbook /home/opc/${local.remote_execute_script}\" >> /etc/cron.d/ansible'" + #"sudo /bin/bash -c '/bin/echo \"1 * * * * root nice -n -20 ansible-playbook /home/opc/${local.remote_execute_script}\" >> /etc/cron.d/ansible'" + #"sudo /bin/bash -c '/bin/echo \"2 * * * * sudo ansible-playbook /home/opc/${local.remote_execute_script} >> /home/opc/ansible.log 2>&1\" >> /etc/crontab'" + ] + } +} + +resource "null_resource" "shell-remote-exec" { + count = var.remote_execute == null ? 0 : ((length(regexall(".sh", local.remote_execute_script)) > 0) ? 1 : 0) + connection { + type = "ssh" + agent = false + timeout = "10m" + host = oci_core_instance.instance.private_ip + user = "opc" + private_key = fileexists("${path.root}/scripts/server-ssh-key") ? file("${path.root}/scripts/server-ssh-key") : "" + + bastion_host = var.bastion_ip + bastion_user = "opc" + bastion_private_key = fileexists("${path.root}/scripts/bastion-ssh-key") ? file("${path.root}/scripts/bastion-ssh-key") : "" + } + #Enable to remotely execute a shell script. + provisioner "file" { + source = fileexists("${path.root}/scripts/${local.remote_execute_script}") ? "${path.root}/scripts/${local.remote_execute_script}" : "${path.root}/scripts/default.sh" + destination = "/home/opc/${local.remote_execute_script}" + } + provisioner "remote-exec" { + inline = [ + "chmod 777 /home/opc/${local.remote_execute_script}", + "sudo yum install -y dos2unix", + "dos2unix /home/opc/${local.remote_execute_script}", + "/home/opc/${local.remote_execute_script}" + ] + } +} + + +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +#################################### +## Resource Boot Volume - Backup Policy +## Create Boot Volume Backup Policy +#################################### + +locals { + policy_tf_compartment_id = var.policy_tf_compartment_id != null && var.policy_tf_compartment_id != "" ? var.policy_tf_compartment_id : null + current_policy_id = var.boot_tf_policy != null ? (lower(var.boot_tf_policy) == "gold" || lower(var.boot_tf_policy) == "silver" || lower(var.boot_tf_policy) == "bronze" ? data.oci_core_volume_backup_policies.boot_vol_backup_policy[0].volume_backup_policies.0.id : data.oci_core_volume_backup_policies.boot_vol_custom_policy[0].volume_backup_policies.0.id) : null +} + +resource "oci_core_volume_backup_policy_assignment" "volume_backup_policy_assignment" { + depends_on = [oci_core_instance.instance] + count = var.boot_tf_policy != null ? 1 : 0 + #asset_id = data.oci_core_boot_volumes.all_boot_volumes[0].boot_volumes.0.id + asset_id = oci_core_instance.instance.boot_volume_id + policy_id = local.current_policy_id + lifecycle { + create_before_destroy = true + ignore_changes = [timeouts] + } +} + +################################ +# Resource Block - Instances +# Market Place Images +################################ + +resource "oci_marketplace_accepted_agreement" "accepted_agreement" { + count = length(regexall("ocid1.image.oc*", var.source_image_id)) > 0 || length(regexall("ocid1.bootvolume.oc*", var.source_image_id)) > 0 || var.source_image_id == null ? 0 : 1 + #Required + agreement_id = oci_marketplace_listing_package_agreement.listing_package_agreement.0.agreement_id + compartment_id = var.compartment_id + listing_id = data.oci_marketplace_listing.listing.0.id + package_version = data.oci_marketplace_listing.listing.0.default_package_version + signature = oci_marketplace_listing_package_agreement.listing_package_agreement.0.signature +} + +resource "oci_marketplace_listing_package_agreement" "listing_package_agreement" { + count = length(regexall("ocid1.image.oc*", var.source_image_id)) > 0 || length(regexall("ocid1.bootvolume.oc*", var.source_image_id)) > 0 || var.source_image_id == null ? 0 : 1 + #Required + agreement_id = data.oci_marketplace_listing_package_agreements.listing_package_agreements.0.agreements[0].id + listing_id = data.oci_marketplace_listing.listing.0.id + package_version = data.oci_marketplace_listing.listing.0.default_package_version +} + +#------ Get Image Agreement +resource "oci_core_app_catalog_listing_resource_version_agreement" "mp_image_agreement" { + count = length(regexall("ocid1.image.oc*", var.source_image_id)) > 0 || length(regexall("ocid1.bootvolume.oc*", var.source_image_id)) > 0 || var.source_image_id == null ? 0 : 1 + listing_id = data.oci_marketplace_listing_package.listing_package.0.app_catalog_listing_id + #listing_resource_version = data.oci_marketplace_listing_package.listing_package.0.app_catalog_listing_resource_version + listing_resource_version = data.oci_core_app_catalog_listing_resource_versions.app_catalog_listing_resource_versions.0.app_catalog_listing_resource_versions[0].listing_resource_version +} + + + +# ------ Accept Terms and Subscribe to the image, placing the image in a particular compartment +resource "oci_core_app_catalog_subscription" "mp_image_subscription" { + count = length(regexall("ocid1.image.oc*", var.source_image_id)) > 0 || length(regexall("ocid1.bootvolume.oc*", var.source_image_id)) > 0 || var.source_image_id == null ? 0 : 1 + compartment_id = var.compartment_id + eula_link = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement[0].eula_link + listing_id = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement[0].listing_id + listing_resource_version = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement[0].listing_resource_version + oracle_terms_of_use_link = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement[0].oracle_terms_of_use_link + signature = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement[0].signature + time_retrieved = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement[0].time_retrieved + + timeouts { + create = "20m" + } +} \ No newline at end of file diff --git a/modules/compute/instance/oracle_provider_req.tf b/modules/compute/instance/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/compute/instance/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/compute/instance/outputs.tf b/modules/compute/instance/outputs.tf new file mode 100755 index 0000000..8dcb1e6 --- /dev/null +++ b/modules/compute/instance/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Outputs Block - Instance +# Create Instance and Boot Volume Backup Policy +############################ + +output "instance_tf_id" { + value = oci_core_instance.instance.id +} \ No newline at end of file diff --git a/modules/compute/instance/variables.tf b/modules/compute/instance/variables.tf new file mode 100755 index 0000000..d4a9e00 --- /dev/null +++ b/modules/compute/instance/variables.tf @@ -0,0 +1,339 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variables Block - Instance +# Create Instance and Boot Volume Backup Policy +############################ + +variable "availability_domain" { + type = string + default = null +} + +variable "compartment_id" { + type = string + default = null +} + +variable "shape" { + type = string + description = "The shape of an instance." + default = null +} + +variable "ocpu_count" { + type = number + default = null +} + +variable "dedicated_vm_host_name" { + type = string + default = null +} + +variable "defined_tags" { + type = map(string) + default = {} +} + +variable "display_name" { + type = string + default = null +} + +variable "fault_domain" { + type = string + default = null +} + +variable "freeform_tags" { + type = map(string) + default = {} +} + +variable "ssh_public_keys" { + type = string + default = null +} + +variable "assign_public_ip" { + type = bool + default = null +} + +variable "hostname_label" { + type = string + default = null +} + +variable "nsg_ids" { + type = list(string) + default = [] +} + +variable "private_ip" { + type = string + default = null +} + +variable "subnet_id" { + type = string + default = null +} + +variable "source_type" { + type = string + default = null +} + +variable "source_image_id" { + type = string + default = null +} + +variable "boot_volume_size_in_gbs" { + type = number + default = null +} + +variable "network_compartment_id" { + description = "Network compartmenet OCID to fetch NSG/Subnet details" + type = string + default = null +} + +#Optional +variable "capacity_reservation_id" { + type = string + description = "The OCID of the compute capacity reservation this instance is launched under" + default = null +} + +variable "kms_key_id" { + type = string + default = null +} + +variable "extended_metadata" { + type = map(any) + default = {} +} + +variable "ipxe_script" { + type = string + default = null +} + +variable "create_is_pv_encryption_in_transit_enabled" { + type = bool + default = null +} + +#variable "update_is_pv_encryption_in_transit_enabled" { +# type = bool +# default = null +#} + +variable "preserve_boot_volume" { + type = bool + default = null +} + +variable "assign_private_dns_record" { + type = string + default = null +} + +variable "vlan_id" { + type = string + default = null +} + +variable "skip_source_dest_check" { + type = bool + description = "Whether the source/destination check is disabled on the VNIC" + default = null +} + +variable "baseline_ocpu_utilization" { + type = string + description = "The baseline OCPU utilization for a subcore burstable VM instance" + default = "" +} + +variable "memory_in_gbs" { + type = number + description = "The total amount of memory available to the instance, in gigabytes" + default = null +} + +variable "preemptible_instance_config" { + type = map(any) + description = "The configuration for preemption action instance" + default = {} +} + +variable "all_plugins_disabled" { + type = bool + description = "To run all the available plugins" + default = null +} + +variable "is_management_disabled" { + type = bool + description = "To run all the available management plugins" + default = null +} + +variable "is_monitoring_disabled" { + type = bool + description = "To gather performance metrics and monitor the instance" + default = null +} + +variable "plugins_details" { + type = map(any) + default = null + description = "The configuration of plugins associated with this instance" +} + +variable "is_live_migration_preferred" { + type = bool + description = "Whether live migration is preferred for infrastructure maintenance" + default = null +} + +variable "recovery_action" { + type = string + description = "The lifecycle state for an instance when it is recovered after infrastructure maintenance" + default = null +} + +variable "are_legacy_imds_endpoints_disabled" { + type = bool + description = "Whether to disable the legacy (/v1) instance metadata service endpoints" + default = null +} + +variable "boot_volume_type" { + type = string + description = "Emulation type for the boot volume like ISCSI, SCSI etc" + default = null +} + +variable "firmware" { + type = string + description = "Firmware used to boot VM like BIOS, UEFI_64 etc" + default = null +} + +variable "is_consistent_volume_naming_enabled" { + type = string + description = "Whether to enable consistent volume naming feature" + default = null +} + +variable "network_type" { + type = string + description = "Emulation type for the physical network interface card (NIC)" + default = null +} + +variable "remote_data_volume_type" { + type = string + description = "Emulation type for volume" + default = null +} + +variable "platform_config" { + type = list(map(any)) + description = "Platform config list of map" + default = [] +} + +variable "launch_options" { + type = list(map(any)) + description = "Launch config list of map" + default = [] +} + +variable "config_type" { + type = string + description = "The type of platform being configured" + default = null +} + +variable "is_measured_boot_enabled" { + type = bool + description = "Whether the Measured Boot feature is enabled on the instance" + default = null +} + +variable "is_secure_boot_enabled" { + type = bool + description = "Whether Secure Boot is enabled on the instance" + default = null +} + +variable "is_trusted_platform_module_enabled" { + type = bool + description = "Whether the Trusted Platform Module (TPM) is enabled on the instance" + default = null +} + +variable "numa_nodes_per_socket" { + type = string + description = "The number of NUMA nodes per socket (NPS)" + default = null +} + +variable "vcn_names" { + type = list(any) + default = [] +} + +variable "boot_tf_policy" { + type = string + default = "" +} + +variable "policy_tf_compartment_id" { + default = "" +} + +variable "vnic_defined_tags" { + type = map(string) + default = {} +} + +variable "vnic_display_name" { + type = string + default = "" +} + +variable "vnic_freeform_tags" { + type = map(string) + default = {} +} + +variable "ssh_private_key_file_path" { + type = string + default = null +} + +variable "remote_execute" { + type = string + description = "To execute a script remotely post provisioning instance(shell/ansible)" + default = null +} + +variable "bastion_ip" { + type = string + description = "Bastion IP to connect the host privately" + default = null +} + +variable "cloud_init_script" { + type = string + default = null +} \ No newline at end of file diff --git a/modules/costmanagement/budget-alert-rule/main.tf b/modules/costmanagement/budget-alert-rule/main.tf new file mode 100644 index 0000000..7a0cd1f --- /dev/null +++ b/modules/costmanagement/budget-alert-rule/main.tf @@ -0,0 +1,23 @@ +// Copyright (c) 2024, Oracle and/or its affiliates. + +################################ +## Resource Block - Cost Management +## Create Budget Alert Rule +################################ + +resource "oci_budget_alert_rule" "alert_rule" { + #Required + budget_id = var.budget_id + threshold = var.threshold + threshold_type = var.threshold_type + type = var.type + + #Optional + defined_tags = var.defined_tags + description = var.description + display_name = var.display_name + freeform_tags = var.freeform_tags + message = var.message + recipients = var.recipients + +} diff --git a/modules/costmanagement/budget-alert-rule/oracle_provider_req.tf b/modules/costmanagement/budget-alert-rule/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/costmanagement/budget-alert-rule/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/costmanagement/budget-alert-rule/outputs.tf b/modules/costmanagement/budget-alert-rule/outputs.tf new file mode 100644 index 0000000..dca8028 --- /dev/null +++ b/modules/costmanagement/budget-alert-rule/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2024, Oracle and/or its affiliates. + +################################ +## Outputs Block - Cost Management +## Create Budget Alert Rule +################################ + +output "budget_alert_rule_tf_id" { + value = oci_budget_alert_rule.alert_rule.id +} \ No newline at end of file diff --git a/modules/costmanagement/budget-alert-rule/variables.tf b/modules/costmanagement/budget-alert-rule/variables.tf new file mode 100644 index 0000000..3f91592 --- /dev/null +++ b/modules/costmanagement/budget-alert-rule/variables.tf @@ -0,0 +1,60 @@ +// Copyright (c) 2024, Oracle and/or its affiliates. + +################################# +## Variables Block - Cost Management +## Create Budget Alert Rule +################################# + +variable "budget_id" { + description = "The unique budget OCID." + type = string +} + +variable "threshold" { + description = "The threshold for triggering the alert, expressed as a whole number or decimal value. If the thresholdType is ABSOLUTE, the threshold can have at most 12 digits before the decimal point, and up to two digits after the decimal point. If the thresholdType is PERCENTAGE, the maximum value is 10000 and can have up to two digits after the decimal point." + type = string +} + +variable "threshold_type" { + description = "The type of threshold." + type = string +} + +variable "type" { + description = " The type of the alert. Valid values are ACTUAL (the alert triggers based on actual usage), or FORECAST (the alert triggers based on predicted usage)." + type = string + default = null +} + +variable "defined_tags" { + description = "Defined tags for the volume" + type = map(string) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "description" { + description = "The description of the budget." + type = string +} + +variable "display_name" { + description = "The displayName of the budget. Avoid entering confidential information." + type = string +} + +variable "freeform_tags" { + description = "Free-form tags for the volume" + type = map(string) +} + +variable "message" { + description = "The message to be sent to the recipients when the alert rule is triggered." + type = string +} + +variable "recipients" { + description = "The audience that receives the alert when it triggers. An empty string is interpreted as null." + type = string +} diff --git a/modules/costmanagement/budget/main.tf b/modules/costmanagement/budget/main.tf new file mode 100644 index 0000000..ce7d548 --- /dev/null +++ b/modules/costmanagement/budget/main.tf @@ -0,0 +1,32 @@ +// Copyright (c) 2024, Oracle and/or its affiliates. + +################################ +## Resource Block - Cost Management +## Create Budget +################################ + +resource "oci_budget_budget" "budget" { + #Required + amount = var.amount + compartment_id = var.compartment_id + reset_period = var.reset_period + + #Optional + budget_processing_period_start_offset = var.budget_processing_period_start_offset + defined_tags = var.defined_tags + description = var.description + display_name = var.display_name + freeform_tags = var.freeform_tags + processing_period_type = var.processing_period_type + #start_date = var.budget_start_date != null ?join("T",[var.budget_start_date,"00:00:00.00Z"]):null + #end_date = var.budget_end_date != null ?join("T",[var.budget_end_date,"23:59:59.999Z"]):null + start_date = var.budget_start_date != null ?"${var.budget_start_date}T00:00:00.001-00:00":null + end_date = var.budget_end_date != null ?"${var.budget_end_date}T23:59:59.001-00:00":null + target_type = var.target_type + targets = var.targets + lifecycle { + ignore_changes = [start_date,end_date] + } + + +} diff --git a/modules/costmanagement/budget/oracle_provider_req.tf b/modules/costmanagement/budget/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/costmanagement/budget/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/costmanagement/budget/outputs.tf b/modules/costmanagement/budget/outputs.tf new file mode 100644 index 0000000..e764f43 --- /dev/null +++ b/modules/costmanagement/budget/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2024, Oracle and/or its affiliates. + +################################ +## Outputs Block - Cost Management +## Create Budget +################################ + +output "budget_tf_id" { + value = oci_budget_budget.budget.id +} \ No newline at end of file diff --git a/modules/costmanagement/budget/variables.tf b/modules/costmanagement/budget/variables.tf new file mode 100644 index 0000000..809464d --- /dev/null +++ b/modules/costmanagement/budget/variables.tf @@ -0,0 +1,77 @@ +// Copyright (c) 2024, Oracle and/or its affiliates. + +################################# +## Variables Block - Cost Management +## Create Budget +################################# + +variable "compartment_id" { + description = "Compartment OCID to provision the Budget" + type = string +} + +variable "amount" { + description = "The amount of the budget expressed as a whole number in the currency of the customer's rate card." + type = number +} + +variable "reset_period" { + description = "The reset period for the budget. Valid value is MONTHLY." + type = string +} + +variable "budget_processing_period_start_offset" { + description = "The number of days offset from the first day of the month, at which the budget processing period starts." + type = string + default = null +} + +variable "processing_period_type" { + description = "The type of the budget processing period. Valid values are INVOICE and MONTH." + type = string + default = null +} + +variable "defined_tags" { + description = "Defined tags for the volume" + type = map(string) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + description = "Free-form tags for the volume" + type = map(string) +} + +variable "description" { + description = "The description of the budget." + type = string +} + +variable "display_name" { + description = "The displayName of the budget. Avoid entering confidential information." + type = string +} + +variable "budget_start_date" { +type = string +description = "The date when the one-time budget begins. For example, 2023-03-23. The date-time format conforms to RFC 3339, and will be truncated to the starting point of the date provided after being converted to UTC time." +} + +variable "budget_end_date" { +type = string +description = "The date when the one-time budget concludes. For example, 2023-03-23. The date-time format conforms to RFC 3339, and will be truncated to the starting point of the date provided after being converted to UTC time." +} + + +variable "target_type" { + description = "The type of target on which the budget is applied." + type = string +} + +variable "targets" { + description = "The list of targets on which the budget is applied. If targetType is 'COMPARTMENT', the targets contain the list of compartment OCIDs. If targetType is 'TAG', the targets contain the list of cost tracking tag identifiers in the form of '{tagNamespace}.{tagKey}.{tagValue}'. Curerntly, the array should contain exactly one item." + type = list(any) +} diff --git a/modules/database/adb/data.tf b/modules/database/adb/data.tf new file mode 100755 index 0000000..4d1cf1f --- /dev/null +++ b/modules/database/adb/data.tf @@ -0,0 +1,23 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +## Data Block - Autonomous database +## Create autonomous database +############################# + +locals { + nsg_ids = flatten(tolist([for nsg in var.network_security_group_ids : (length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? [nsg] : data.oci_core_network_security_groups.network_security_groups_adb[nsg].network_security_groups[*].id)])) +} + +data "oci_core_vcns" "oci_vcns_adb" { + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = var.vcn_name +} + + +data "oci_core_network_security_groups" "network_security_groups_adb" { + for_each = { for nsg in var.network_security_group_ids : nsg => nsg } + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value + vcn_id = data.oci_core_vcns.oci_vcns_adb.virtual_networks[0].id +} diff --git a/modules/database/adb/main.tf b/modules/database/adb/main.tf new file mode 100644 index 0000000..01af2c2 --- /dev/null +++ b/modules/database/adb/main.tf @@ -0,0 +1,35 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Resource Block - Autonomous database +## Create autonomous database +################################ + +resource "oci_database_autonomous_database" "autonomous_database" { + #Required + compartment_id = var.compartment_id + db_name = var.db_name + + #Optional + admin_password = var.admin_password + character_set = var.character_set + cpu_core_count = var.cpu_core_count + database_edition = var.database_edition + data_storage_size_in_tbs = var.data_storage_size_in_tbs + db_version = var.db_version + db_workload = var.db_workload + defined_tags = var.defined_tags + display_name = var.display_name + license_model = var.license_model + ncharacter_set = var.ncharacter_set + dynamic "customer_contacts" { + for_each = var.customer_contacts!=null ? (var.customer_contacts[0] != "" ? var.customer_contacts : []) : [] + content { + email = customer_contacts.value + } + } + nsg_ids = length(var.network_security_group_ids) != 0 ? (local.nsg_ids == [] ? ["INVALID NSG Name"] : local.nsg_ids) : null + freeform_tags = var.freeform_tags + subnet_id = var.subnet_id + whitelisted_ips = var.whitelisted_ips +} \ No newline at end of file diff --git a/modules/database/adb/oracle_provider_req.tf b/modules/database/adb/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/database/adb/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/database/adb/outputs.tf b/modules/database/adb/outputs.tf new file mode 100644 index 0000000..912510e --- /dev/null +++ b/modules/database/adb/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Outputs Block - Autonomous database +## Create autonomous database +################################ + +output "adb_tf_id" { + value = oci_database_autonomous_database.autonomous_database.id +} \ No newline at end of file diff --git a/modules/database/adb/variables.tf b/modules/database/adb/variables.tf new file mode 100644 index 0000000..57f05d2 --- /dev/null +++ b/modules/database/adb/variables.tf @@ -0,0 +1,115 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################# +## Variables Block - Autonomous database +## Create autonomous database +################################# + +variable "admin_password" { + description = "Password for the admins" + type = string +} + +variable "character_set" { + type = string +} + +variable "customer_contacts" { + description = "The customer_contacts of ADB" + type = list(string) + +} + +variable "compartment_id" { + description = "Compartment OCID to provision the volume" + type = string +} + +variable "cpu_core_count" { + description = "The number of OCPU cores to be made available to the database" + type = number +} + +variable "database_edition" { + description = "The database edition of ADB" + type = string +} + +variable "data_storage_size_in_tbs" { + description = "Data storage size for the DB" + type = number +} + +variable "db_name" { + description = "Name of the database" + type = string +} + +variable "freeform_tags" { + description = "Free-form tags for the DB" + type = map(string) +} + +variable "defined_tags" { + description = "Defined tags for the DB" + type = map(string) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + description = "User-friendly name to the autonomous database" + type = string +} + +variable "db_version" { + description = "the version of DB" + type = string +} + + +variable "db_workload" { + description = "The type of autonomous database-ATP or ADW" + type = string +} + +variable "license_model" { + description = "The license model for ADB" + type = string + +} + +variable "ncharacter_set" { + description = "The ncharacter set of ADB" + type = string + +} + +variable "network_compartment_id" { + description = "The network compartment of the subnet" + type = string + default = "" +} + +variable "network_security_group_ids" { + description = "NSGs to be attahced to ADB" + type = any + default = "" +} + +variable "subnet_id" { + description = "The subnet name into which the ADB will be launched" + type = string + default = "" +} + +variable "vcn_name" { + type = string + default = "" +} + +variable "whitelisted_ips" { + type = list(string) + default = [] +} diff --git a/modules/database/dbsystem-vm-bm/data.tf b/modules/database/dbsystem-vm-bm/data.tf new file mode 100755 index 0000000..ad18dc0 --- /dev/null +++ b/modules/database/dbsystem-vm-bm/data.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +## Data Block - Database +# Create ExaVMClusters +############################# + +locals { + nsg_ids = var.nsg_ids != null ? flatten(tolist([for nsg in var.nsg_ids : (length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? [nsg] : data.oci_core_network_security_groups.network_security_groups_dbsystems[nsg].network_security_groups[*].id)])) : null +} + +data "oci_core_vcns" "oci_vcns_dbsystems" { + for_each = { for vcn in var.vcn_names : vcn => vcn } + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value +} + + +data "oci_core_network_security_groups" "network_security_groups_dbsystems" { + for_each = var.nsg_ids != null ? { for nsg in var.nsg_ids : nsg => nsg } : {} + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value + vcn_id = data.oci_core_vcns.oci_vcns_dbsystems[var.vcn_names[0]].virtual_networks.*.id[0] +} diff --git a/modules/database/dbsystem-vm-bm/main.tf b/modules/database/dbsystem-vm-bm/main.tf new file mode 100644 index 0000000..0d383dd --- /dev/null +++ b/modules/database/dbsystem-vm-bm/main.tf @@ -0,0 +1,99 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Database +# Create Database VM BM +############################ + +resource "oci_database_db_system" "database_db_system" { + availability_domain = var.availability_domain + compartment_id = var.compartment_id + hostname = var.hostname + shape = var.shape + ssh_public_keys = var.ssh_public_keys + subnet_id = var.subnet_id + disk_redundancy = var.disk_redundancy + + #Optional + node_count = var.node_count + nsg_ids = var.nsg_ids != null ? (local.nsg_ids == null ? ["INVALID NSG Name"] : local.nsg_ids) : null + #private_ip = var.private_ip + #sparse_diskgroup = var.sparse_diskgroup + time_zone = var.time_zone + + db_home { + database { + admin_password = var.admin_password + character_set = var.character_set #(Applicable when source=NONE) + db_backup_config { + #(Applicable when source=DB_SYSTEM | NONE) + #Optional + auto_backup_enabled = var.auto_backup_enabled + # backup_destination_details { + # #Optional + # id = var.backup_destination_id + # type = var.backup_destination_type + # } + recovery_window_in_days = var.recovery_window_in_days + } + db_name = var.db_name + db_workload = var.db_workload + ncharacter_set = var.ncharacter_set #(Applicable when source=NONE) + pdb_name = var.pdb_name #(Applicable when source=NONE) + #sid_prefix = var.sid_prefix + #tde_wallet_password = var.tde_wallet_password + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + } + #Optional + # database_software_image_id = var.db_software_image_id #(Applicable when source=DB_BACKUP | NONE) + db_version = var.db_version + display_name = var.db_home_display_name + + } + + cluster_name = var.cluster_name + cpu_core_count = var.cpu_core_count + data_storage_percentage = var.data_storage_percentage + data_storage_size_in_gb = var.data_storage_size_in_gb + database_edition = var.database_edition + # db_system_options { #Optional + # #Optional + # storage_management = var.db_storage_management + # } + license_model = var.license_model + display_name = var.display_name + + #fault_domains = [] + #kms_key_id = "" + #kms_key_version_id = "" + + # maintenance_window_details { #(Applicable when source=NONE) + #Optional + # custom_action_timeout_in_mins = "" + # days_of_week { + # #Optional + # name = "" + # } + # hours_of_day = [] + # is_custom_action_timeout_enabled = false + # lead_time_in_weeks = "" + # months { + # #Optional + # name = "" + # } + # patching_mode = "" # (Applicable when source=NONE) + # preference = "" # (Applicable when source=NONE) + # weeks_of_month = [] # (Applicable when source=NONE) + #} + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + + lifecycle { + ignore_changes = [db_home[0].database[0].defined_tags["Oracle-Tags.CreatedOn"]] + } + +} + + + diff --git a/modules/database/dbsystem-vm-bm/oracle_provider_req.tf b/modules/database/dbsystem-vm-bm/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/database/dbsystem-vm-bm/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/database/dbsystem-vm-bm/outputs.tf b/modules/database/dbsystem-vm-bm/outputs.tf new file mode 100644 index 0000000..8f17e57 --- /dev/null +++ b/modules/database/dbsystem-vm-bm/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Outputs Block - Database +# Create Database VM BM +############################ + +output "database_tf_id" { + value = oci_database_db_system.database_db_system.id +} \ No newline at end of file diff --git a/modules/database/dbsystem-vm-bm/variables.tf b/modules/database/dbsystem-vm-bm/variables.tf new file mode 100644 index 0000000..b44c164 --- /dev/null +++ b/modules/database/dbsystem-vm-bm/variables.tf @@ -0,0 +1,141 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variables Block - Database +# Create Database VM BM +############################ + + +variable "availability_domain" { + type = string + default = null +} +variable "compartment_id" { + type = string + default = "" +} +variable "hostname" { + type = string + default = "" +} +variable "vcn_names" { + type = list(any) + default = [] +} +variable "network_compartment_id" { + type = string + default = "" +} +variable "shape" { + type = string + default = "" +} +variable "ssh_public_keys" { + type = list(any) + default = [] +} +variable "subnet_id" { + type = string + default = "" +} +variable "node_count" { + type = number +} +variable "nsg_ids" { + type = list(string) + default = [] +} + +variable "time_zone" { + type = string + default = "" +} + +variable "cpu_core_count" { + type = number + default = null +} + +variable "database_edition" { + type = string + default = "" +} + +variable "data_storage_size_in_gb" { + type = number + default = null + +} +variable "data_storage_percentage" { + type = number + default = null +} + +variable "disk_redundancy" { + type = string + default = "" +} +variable "license_model" { + type = string + default = "" +} +variable "display_name" { + type = string + default = "" +} + +variable "db_version" { + type = string + default = "" +} +variable "pdb_name" { + type = string + default = "" +} +variable "db_name" { + type = string + default = null +} +variable "db_home_display_name" { + type = string + default = null +} +variable "admin_password" { + type = string + default = "" +} + +variable "db_workload" { + type = string + default = "" +} +variable "auto_backup_enabled" { + type = bool + default = null +} +variable "ncharacter_set" { + type = string + default = "" +} +variable "character_set" { + type = string + default = "" +} +variable "recovery_window_in_days" { + type = number + default = null +} + +variable "defined_tags" { + type = map(any) + default = {} +} +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "cluster_name" { + type = string + default = "" +} \ No newline at end of file diff --git a/modules/database/exa-infra/main.tf b/modules/database/exa-infra/main.tf new file mode 100644 index 0000000..046e006 --- /dev/null +++ b/modules/database/exa-infra/main.tf @@ -0,0 +1,43 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Database +# Create ExaInfra +############################ + +resource "oci_database_cloud_exadata_infrastructure" "exa_infra" { + availability_domain = var.availability_domain + compartment_id = var.compartment_id + display_name = var.display_name + shape = var.shape + + #Optional + compute_count = var.compute_count + storage_count = var.storage_count + + # customer_contacts { + # #Optional + # email = var.customer_contacts_email + # } + # maintenance_window { + # #Required + # preference = var.maintenance_window_preference + # #Optional + # days_of_week { + # #Required + # name = var.maintenance_window_days_of_week_name + # } + # hours_of_day = var.maintenance_window_hours_of_day + # lead_time_in_weeks = var.maintenance_window_lead_time_in_weeks + # months { + # #Required + # name = var.maintenance_window_months_name + # } + # weeks_of_month = var.maintenance_window_weeks_of_month + # } + + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + +} + diff --git a/modules/database/exa-infra/oracle_provider_req.tf b/modules/database/exa-infra/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/database/exa-infra/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/database/exa-infra/outputs.tf b/modules/database/exa-infra/outputs.tf new file mode 100644 index 0000000..2e8334b --- /dev/null +++ b/modules/database/exa-infra/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Outputs Block - Database +# Create ExaInfra +############################ + + +output "exainfra_tf_id" { + value = oci_database_cloud_exadata_infrastructure.exa_infra.id +} \ No newline at end of file diff --git a/modules/database/exa-infra/variables.tf b/modules/database/exa-infra/variables.tf new file mode 100644 index 0000000..a5e910d --- /dev/null +++ b/modules/database/exa-infra/variables.tf @@ -0,0 +1,65 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variables Block - Database +# Create ExaInfra +############################ + +variable "availability_domain" { + type = string + default = null +} +variable "compartment_id" { + type = string + default = "" +} +variable "display_name" { + type = string + default = "" +} +variable "shape" { + type = string + default = "" +} +variable "compute_count" { + type = number +} +variable "customer_contacts_email" { + type = string + default = "" +} +variable "defined_tags" { + type = map(any) + default = {} +} +variable "freeform_tags" { + type = map(any) + default = {} +} +variable "maintenance_window_preference" { + type = string + default = "" +} +variable "maintenance_window_days_of_week_name" { + type = string + default = "" +} +variable "maintenance_window_hours_of_day" { + type = list(number) + default = [] +} +variable "maintenance_window_lead_time_in_weeks" { + type = number + default = 0 +} +variable "maintenance_window_months_name" { + type = string + default = "" +} +variable "maintenance_window_weeks_of_month" { + type = list(number) + default = [] +} +variable "storage_count" { + type = number +} diff --git a/modules/database/exa-vmcluster/data.tf b/modules/database/exa-vmcluster/data.tf new file mode 100755 index 0000000..9a8582b --- /dev/null +++ b/modules/database/exa-vmcluster/data.tf @@ -0,0 +1,47 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +## Data Block - Database +# Create ExaVMClusters +############################# + +locals { + nsg_ids = var.nsg_ids != null ? flatten(tolist([for nsg in var.nsg_ids : (length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? [nsg] : data.oci_core_network_security_groups.network_security_groups_db_exacs[nsg].network_security_groups[*].id)])) : null + backup_nsg_ids = var.backup_network_nsg_ids != null ? flatten(tolist([for nsg in var.backup_network_nsg_ids : (length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? [nsg] : data.oci_core_network_security_groups.network_security_groups_backup_db_exacs[nsg].network_security_groups[*].id)])) : null + db_servers = flatten(toset([for server in data.oci_database_db_servers.all_db_servers : server.db_servers[*].id ])) +} + +data "oci_core_vcns" "oci_vcns_db_exacs" { + for_each = { for vcn in var.vcn_names : vcn => vcn } + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value +} + + +data "oci_core_network_security_groups" "network_security_groups_db_exacs" { + for_each = var.nsg_ids != null ? { for nsg in var.nsg_ids : nsg => nsg } : {} + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value + vcn_id = data.oci_core_vcns.oci_vcns_db_exacs[var.vcn_names[0]].virtual_networks.*.id[0] +} + +data "oci_core_network_security_groups" "network_security_groups_backup_db_exacs" { + for_each = var.backup_network_nsg_ids != null ? { for nsg in var.backup_network_nsg_ids : nsg => nsg } : {} + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value + vcn_id = data.oci_core_vcns.oci_vcns_db_exacs[var.vcn_names[0]].virtual_networks.*.id[0] +} + +data "oci_database_db_servers" "all_db_servers" { + #Required + for_each = toset(var.db_servers) + compartment_id = var.compartment_id + exadata_infrastructure_id = var.exadata_infrastructure_id + + #Optional + filter { + name = "display_name" + values = [each.key] + } + state = "AVAILABLE" +} \ No newline at end of file diff --git a/modules/database/exa-vmcluster/main.tf b/modules/database/exa-vmcluster/main.tf new file mode 100644 index 0000000..9eff6bb --- /dev/null +++ b/modules/database/exa-vmcluster/main.tf @@ -0,0 +1,41 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Database +# Create ExaVMClusters +############################ + +resource "oci_database_cloud_vm_cluster" "exa_vmcluster" { + #Required + subnet_id = var.cluster_subnet_id + backup_subnet_id = var.backup_subnet_id + cloud_exadata_infrastructure_id = var.exadata_infrastructure_id + compartment_id = var.compartment_id + cpu_core_count = var.cpu_core_count + display_name = var.display_name + gi_version = var.gi_version + hostname = var.hostname + ssh_public_keys = var.ssh_public_keys + + #Optional + backup_network_nsg_ids = var.backup_network_nsg_ids != null ? (local.backup_nsg_ids == null ? ["INVALID NSG Name"] : local.backup_nsg_ids) : null + cluster_name = var.cluster_name + data_storage_percentage = var.data_storage_percentage + db_node_storage_size_in_gbs = var.db_node_storage_size_in_gbs == " " ? null : var.db_node_storage_size_in_gbs + memory_size_in_gbs = var.memory_size_in_gbs == " " ? null : var.memory_size_in_gbs + data_storage_size_in_tbs = var.data_storage_size_in_tbs == " " ? null : var.data_storage_size_in_tbs + db_servers = var.db_servers == [] ? null : local.db_servers + domain = var.domain + is_local_backup_enabled = var.is_local_backup_enabled + is_sparse_diskgroup_enabled = var.is_sparse_diskgroup_enabled + license_model = var.license_model + nsg_ids = var.nsg_ids != null ? (local.nsg_ids == null ? ["INVALID NSG Name"] : local.nsg_ids) : null + ocpu_count = var.ocpu_count + scan_listener_port_tcp = var.scan_listener_port_tcp + scan_listener_port_tcp_ssl = var.scan_listener_port_tcp_ssl + time_zone = var.time_zone + + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + +} \ No newline at end of file diff --git a/modules/database/exa-vmcluster/oracle_provider_req.tf b/modules/database/exa-vmcluster/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/database/exa-vmcluster/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/database/exa-vmcluster/outputs.tf b/modules/database/exa-vmcluster/outputs.tf new file mode 100644 index 0000000..0e20768 --- /dev/null +++ b/modules/database/exa-vmcluster/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Outputs Block - Database +# Create ExaVMClusters +############################ + +output "exa_vmcluster_tf_id" { + value = oci_database_cloud_vm_cluster.exa_vmcluster.id +} \ No newline at end of file diff --git a/modules/database/exa-vmcluster/variables.tf b/modules/database/exa-vmcluster/variables.tf new file mode 100644 index 0000000..e699362 --- /dev/null +++ b/modules/database/exa-vmcluster/variables.tf @@ -0,0 +1,116 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variables Block - Database +# Create ExaVMClusters +############################ +variable "backup_subnet_id" { + type = string + default = "" +} +variable "cpu_core_count" { + type = number +} +variable "display_name" { + type = string + default = "" +} +variable "gi_version" { + type = string + default = "" +} +variable "hostname" { + type = string + default = "" +} +variable "vcn_names" { + type = list(any) + default = [] +} +variable "network_compartment_id" { + type = string + default = "" +} +variable "ssh_public_keys" { + type = list(any) + default = [] +} +variable "cluster_subnet_id" { + type = string + default = "" +} +variable "backup_network_nsg_ids" { + type = list(string) + default = [] +} +variable "cluster_name" { + type = string + default = "" +} +variable "data_storage_percentage" { + type = number +} + +variable "memory_size_in_gbs" { + type = number +} +variable "data_storage_size_in_tbs" { + type = number +} +variable "db_node_storage_size_in_gbs" { + type = number +} +variable "db_servers" { + type = list(string) + default = [] +} + +variable "defined_tags" { + type = map(string) + default = {} +} +variable "domain" { + type = string + default = "" +} +variable "freeform_tags" { + type = map(any) + default = {} +} +variable "is_local_backup_enabled" { + type = bool + default = false +} +variable "is_sparse_diskgroup_enabled" { + type = bool + default = false +} +variable "license_model" { + type = string + default = "" +} +variable "nsg_ids" { + type = list(string) + default = [] +} +variable "ocpu_count" { + type = number +} +variable "scan_listener_port_tcp" { + type = number + default = 1521 +} +variable "scan_listener_port_tcp_ssl" { + type = number + default = 2484 +} +variable "time_zone" { + type = string + default = "" +} +variable "compartment_id" { + default = "" +} +variable "exadata_infrastructure_id" { + default = "" +} \ No newline at end of file diff --git a/modules/governance/quota-policy/main.tf b/modules/governance/quota-policy/main.tf new file mode 100644 index 0000000..48e4c1c --- /dev/null +++ b/modules/governance/quota-policy/main.tf @@ -0,0 +1,26 @@ +// Copyright (c) 2024, Oracle and/or its affiliates. + +############################ +# Resource Block - Governance +# Create Quota Policies +############################ + +resource "oci_limits_quota" "quota" { + #Required + compartment_id = var.tenancy_ocid + description = var.quota_description + name = var.quota_name + statements = var.quota_statements + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + #locks { + # #Required + # type = var.quota_locks_type + + # #Optional + # message = var.quota_locks_message + # #related_resource_id = oci_limits_related_resource.test_related_resource.id + #} +} \ No newline at end of file diff --git a/modules/governance/quota-policy/oracle_provider_req.tf b/modules/governance/quota-policy/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/governance/quota-policy/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/governance/quota-policy/outputs.tf b/modules/governance/quota-policy/outputs.tf new file mode 100644 index 0000000..db715e1 --- /dev/null +++ b/modules/governance/quota-policy/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2024, Oracle and/or its affiliates. + +############################ +# Output Block - Governance +# Create Tag Defaults +############################ + +output "quota_tf_id" { + description = "Quota ocid" + value = oci_limits_quota.quota.id +} diff --git a/modules/governance/quota-policy/variables.tf b/modules/governance/quota-policy/variables.tf new file mode 100644 index 0000000..0adcecd --- /dev/null +++ b/modules/governance/quota-policy/variables.tf @@ -0,0 +1,53 @@ +// Copyright (c) 2024, Oracle and/or its affiliates. + +############################ +# Variable Block - Governance +# Create Tag Defaults +############################ + +variable "tenancy_ocid" { + type = string + description = "The OCID of the tenancy" + default = null +} +variable "quota_description" { + type = string + description = "Quota description" + default = null +} +variable "quota_name" { + type = string + description = "Quota name" + default = null +} +variable "quota_locks_type" { + type = string + description = "Quota locks type" + default = null +} + +variable "quota_locks_message" { + type = string + description = "Quota lock message" + default = null +} + +variable "quota_statements" { + type = list(string) + description = "Quota statements" + default = [] +} + +variable "freeform_tags" { + description = "Free-form tags for the quota" + type = map(string) +} + +variable "defined_tags" { + description = "Defined tags for the quota" + type = map(string) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + diff --git a/modules/governance/tagging/tag-default/main.tf b/modules/governance/tagging/tag-default/main.tf new file mode 100644 index 0000000..29a1cfa --- /dev/null +++ b/modules/governance/tagging/tag-default/main.tf @@ -0,0 +1,16 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Governance +# Create Tag Defaults +############################ + +resource "oci_identity_tag_default" "tag_default" { + #Required + compartment_id = var.compartment_id + tag_definition_id = var.tag_definition_id + value = var.value + + #Optional + is_required = var.is_required +} \ No newline at end of file diff --git a/modules/governance/tagging/tag-default/oracle_provider_req.tf b/modules/governance/tagging/tag-default/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/governance/tagging/tag-default/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/governance/tagging/tag-default/outputs.tf b/modules/governance/tagging/tag-default/outputs.tf new file mode 100644 index 0000000..ebada5f --- /dev/null +++ b/modules/governance/tagging/tag-default/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Governance +# Create Tag Defaults +############################ + +output "tag_default_tf_id" { + description = "Tag Default ocid" + value = oci_identity_tag_default.tag_default.id +} diff --git a/modules/governance/tagging/tag-default/variables.tf b/modules/governance/tagging/tag-default/variables.tf new file mode 100644 index 0000000..aa04d95 --- /dev/null +++ b/modules/governance/tagging/tag-default/variables.tf @@ -0,0 +1,30 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Governance +# Create Tag Defaults +############################ + +variable "compartment_id" { + type = string + description = "The OCID of the compartment" + default = null +} + +variable "tag_definition_id" { + type = string + description = "The OCID of the Tag Definition that must be made default" + default = null +} + +variable "value" { + type = string + description = "The default value for the tag" + default = null +} + +variable "is_required" { + type = bool + description = "If true, a value is set during resource creation (either by the user creating the resource or another tag defualt). If no value is set, resource creation is blocked." +} + diff --git a/modules/governance/tagging/tag-key/main.tf b/modules/governance/tagging/tag-key/main.tf new file mode 100644 index 0000000..a0d13f8 --- /dev/null +++ b/modules/governance/tagging/tag-key/main.tf @@ -0,0 +1,27 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Governance +# Create Tag Key +############################ + +resource "oci_identity_tag" "tag" { + #Required + description = var.description + name = var.name + tag_namespace_id = var.tag_namespace_id + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + is_cost_tracking = var.is_cost_tracking + dynamic "validator" { + for_each = try((var.tag_keys[var.key_name].validator[0].validator_type != "" ? var.tag_keys[var.key_name].validator : []), []) + content { + #Required + validator_type = validator.value.validator_type + values = validator.value.validator_values + } + } + is_retired = var.is_retired +} \ No newline at end of file diff --git a/modules/governance/tagging/tag-key/oracle_provider_req.tf b/modules/governance/tagging/tag-key/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/governance/tagging/tag-key/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/governance/tagging/tag-key/outputs.tf b/modules/governance/tagging/tag-key/outputs.tf new file mode 100644 index 0000000..2240ac8 --- /dev/null +++ b/modules/governance/tagging/tag-key/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Governance +# Create Tag Key +############################ + +output "tag_key_tf_id" { + description = "Tag Key ocid" + value = oci_identity_tag.tag.id +} diff --git a/modules/governance/tagging/tag-key/variables.tf b/modules/governance/tagging/tag-key/variables.tf new file mode 100644 index 0000000..ae55d44 --- /dev/null +++ b/modules/governance/tagging/tag-key/variables.tf @@ -0,0 +1,63 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Governance +# Create Tag Key +############################ + +variable "tenancy_ocid" { + type = string + description = "The OCID of the tenancy." + default = null +} + +variable "compartment_id" { + type = string + description = "The OCID of the parent compartment containing the compartment. Allow for sub-compartments creation" + default = null +} + +variable "tag_keys" {} + +variable "key_name" {} + +variable "is_cost_tracking" { + type = bool + description = "Indicates whether the tag is enabled for cost tracking." +} + +variable "tag_namespace_id" { + type = string + description = "The OCID of the Tag Namespace" + default = null +} + +variable "description" { + type = string + description = "The description you assign to the tag key. Does not have to be unique, and it's changeable. " + default = null +} + +variable "name" { + type = string + description = "Tag name" + default = null +} + +variable "is_retired" { + type = bool + description = "Enable to retire the tag key." +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + diff --git a/modules/governance/tagging/tag-namespace/main.tf b/modules/governance/tagging/tag-namespace/main.tf new file mode 100644 index 0000000..f7e5efa --- /dev/null +++ b/modules/governance/tagging/tag-namespace/main.tf @@ -0,0 +1,18 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Governance +# Create Namespaces +############################ + +resource "oci_identity_tag_namespace" "tag_namespace" { + #Required + compartment_id = var.compartment_id != null ? var.compartment_id : var.tenancy_ocid + description = var.description + name = var.name + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + is_retired = var.is_retired +} \ No newline at end of file diff --git a/modules/governance/tagging/tag-namespace/oracle_provider_req.tf b/modules/governance/tagging/tag-namespace/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/governance/tagging/tag-namespace/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/governance/tagging/tag-namespace/outputs.tf b/modules/governance/tagging/tag-namespace/outputs.tf new file mode 100644 index 0000000..8bd3d22 --- /dev/null +++ b/modules/governance/tagging/tag-namespace/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Governance +# Create Namespaces +############################ + +output "namespace_tf_id" { + description = "Namespace ocid" + value = oci_identity_tag_namespace.tag_namespace.id +} diff --git a/modules/governance/tagging/tag-namespace/variables.tf b/modules/governance/tagging/tag-namespace/variables.tf new file mode 100644 index 0000000..2520dee --- /dev/null +++ b/modules/governance/tagging/tag-namespace/variables.tf @@ -0,0 +1,48 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Governance +# Create Namespaces +############################ + +variable "tenancy_ocid" { + type = string + description = "The OCID of the tenancy." + default = null +} + +variable "compartment_id" { + type = string + description = "The OCID of the parent compartment containing the compartment. Allow for sub-compartments creation" + default = null +} + +variable "description" { + type = string + description = "The description you assign to the namespace. Does not have to be unique, and it's changeable. " + default = null +} + +variable "name" { + type = string + description = "Namespace name" + default = null +} + +variable "is_retired" { + type = bool + description = "Enable to retire the namespace." +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + diff --git a/modules/identity/iam-compartment/main.tf b/modules/identity/iam-compartment/main.tf new file mode 100644 index 0000000..234691b --- /dev/null +++ b/modules/identity/iam-compartment/main.tf @@ -0,0 +1,20 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Create Compartments +############################ + +resource "oci_identity_compartment" "compartment" { + + #Required + compartment_id = var.compartment_id != null ? var.compartment_id : var.tenancy_ocid + description = var.compartment_description + name = var.compartment_name + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + enable_delete = var.enable_delete + +} diff --git a/modules/identity/iam-compartment/oracle_provider_req.tf b/modules/identity/iam-compartment/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/identity/iam-compartment/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/identity/iam-compartment/outputs.tf b/modules/identity/iam-compartment/outputs.tf new file mode 100644 index 0000000..9d83d5f --- /dev/null +++ b/modules/identity/iam-compartment/outputs.tf @@ -0,0 +1,12 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Identity +# Create Compartments +############################ + +output "compartment_tf_id" { + description = "Compartment ocid" + // This allows the compartment ID to be retrieved from the resource if it exists, and if not to use the data source. + value = oci_identity_compartment.compartment.id +} diff --git a/modules/identity/iam-compartment/variables.tf b/modules/identity/iam-compartment/variables.tf new file mode 100644 index 0000000..0c3dc9e --- /dev/null +++ b/modules/identity/iam-compartment/variables.tf @@ -0,0 +1,49 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Identity +# Create Compartments +############################ + +variable "tenancy_ocid" { + type = string + description = "The OCID of the tenancy." + default = null +} + +variable "compartment_id" { + type = string + description = "The OCID of the parent compartment containing the compartment. Allow for sub-compartments creation" + default = null +} + +variable "compartment_name" { + type = string + description = "The name you assign to the compartment during creation. The name must be unique across all compartments in the tenancy. " + default = null +} + +variable "compartment_description" { + type = string + description = "The description you assign to the compartment. Does not have to be unique, and it's changeable. " + default = null +} + +variable "enable_delete" { + type = bool + description = "Enable compartment delete on destroy. If true, compartment will be deleted when `terraform destroy` is executed; If false, compartment will not be deleted on `terraform destroy` execution" + default = false +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + diff --git a/modules/identity/iam-group/data.tf b/modules/identity/iam-group/data.tf new file mode 100644 index 0000000..28ec24b --- /dev/null +++ b/modules/identity/iam-group/data.tf @@ -0,0 +1,9 @@ +data "oci_identity_users" "users" { + + compartment_id = var.tenancy_ocid +} + +output "users_details" { + value = data.oci_identity_users.users +} + diff --git a/modules/identity/iam-group/main.tf b/modules/identity/iam-group/main.tf new file mode 100644 index 0000000..351e5cf --- /dev/null +++ b/modules/identity/iam-group/main.tf @@ -0,0 +1,43 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Create Groups +############################ + +resource "oci_identity_group" "group" { + count = (var.matching_rule != "" && var.matching_rule != null) ? 0 : 1 + + #Required + compartment_id = var.tenancy_ocid + description = var.group_description + name = var.group_name + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + +} + +############################ +# Resource Block - Identity +# Create Dynamic Groups +############################ + +resource "oci_identity_dynamic_group" "dynamic_group" { + count = (var.matching_rule != "" && var.matching_rule != null) ? 1 : 0 + + #Required + compartment_id = var.tenancy_ocid + description = var.group_description + matching_rule = var.matching_rule + name = var.group_name + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + + lifecycle { + ignore_changes = [defined_tags["Oracle-Tags.CreatedOn"], defined_tags["Oracle-Tags.CreatedBy"]] + } +} \ No newline at end of file diff --git a/modules/identity/iam-group/oracle_provider_req.tf b/modules/identity/iam-group/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/identity/iam-group/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/identity/iam-group/outputs.tf b/modules/identity/iam-group/outputs.tf new file mode 100644 index 0000000..e67e22c --- /dev/null +++ b/modules/identity/iam-group/outputs.tf @@ -0,0 +1,16 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Identity +# Create Groups +############################ + +output "group_id_map" { + description = "Group ocid" + value = zipmap(oci_identity_group.group.*.name, oci_identity_group.group.*.id) +} + +output "dynamic_group_id_map" { + description = "Dynamic Group ocid" + value = zipmap(oci_identity_dynamic_group.dynamic_group.*.name, oci_identity_dynamic_group.dynamic_group.*.id) +} diff --git a/modules/identity/iam-group/variables.tf b/modules/identity/iam-group/variables.tf new file mode 100644 index 0000000..eaed9ad --- /dev/null +++ b/modules/identity/iam-group/variables.tf @@ -0,0 +1,41 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variables Block - Identity +# Create Groups +############################ + +variable "tenancy_ocid" { + type = string + description = "The OCID of the tenancy." + default = null +} + +variable "group_name" { + type = string + description = "The name you assign to the group during creation. The name must be unique across all compartments in the tenancy." + default = null +} + +variable "group_description" { + type = string + description = "The description you assign to the Group. Does not have to be unique, and it's changeable. " + default = null +} + +variable "matching_rule" { + type = string + default = "" +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} \ No newline at end of file diff --git a/modules/identity/iam-network-sources/main.tf b/modules/identity/iam-network-sources/main.tf new file mode 100644 index 0000000..bc1aa67 --- /dev/null +++ b/modules/identity/iam-network-sources/main.tf @@ -0,0 +1,39 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Create network source +############################ + +resource "oci_identity_network_source" "network_source" { + + #Required + compartment_id = var.tenancy_ocid + description = var.description + name = var.name + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + + #Optional + public_source_list = var.public_source_list != null ? var.public_source_list : null + + #Optional + dynamic "virtual_source_list" { + for_each = { for k,v in var.virtual_source_list : k=> v} + content { + ip_ranges = virtual_source_list.value.ip_ranges + vcn_id = "" #virtual_source_list.value.vcn_id + } + } + + + lifecycle { + ignore_changes = [virtual_source_list[0].vcn_id,virtual_source_list[1].vcn_id, virtual_source_list[2].vcn_id,virtual_source_list[3].vcn_id,virtual_source_list[4].vcn_id,virtual_source_list[5].vcn_id,virtual_source_list[6].vcn_id] + } + + + +} + diff --git a/modules/identity/iam-network-sources/oracle_provider_req.tf b/modules/identity/iam-network-sources/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/identity/iam-network-sources/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/identity/iam-network-sources/outputs.tf b/modules/identity/iam-network-sources/outputs.tf new file mode 100644 index 0000000..4d099bc --- /dev/null +++ b/modules/identity/iam-network-sources/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Identity +# Create Network Source +############################ + +output "networksource_id_map" { + description = "networksource ocid" + value = zipmap(oci_identity_network_source.network_source.*.name, oci_identity_network_source.network_source.*.id) +} diff --git a/modules/identity/iam-network-sources/variables.tf b/modules/identity/iam-network-sources/variables.tf new file mode 100644 index 0000000..80a858f --- /dev/null +++ b/modules/identity/iam-network-sources/variables.tf @@ -0,0 +1,82 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variables Block - Identity +# Create Users +############################ + +variable "tenancy_ocid" { + type = string + default = null +} + +variable "compartment_id" { + type = string + default = null +} + +variable "name" { + type = string + description = "The name you assign to the user during creation. The name must be unique across all compartments in the tenancy." + default = null +} + +variable "vcn_id" { + type = string + description = "The id of the VCN." + default = null +} + +variable "vcn_name" { + type = string + description = "The name of the VCN." + default = null +} + +variable "vcn_comp_map" { + type = map(any) + description = "The name of the VCN." + default = null +} + +variable "network_compartment_id" { + type = string + description = "The OCID of the compartment that has Network components" + default = null +} + +variable "public_source_list" { + type = list(string) + description = "The list of public source for network sources" + default = [] +} + +variable "virtual_source_list" { + type = map(any) + description = "The list of VCN for network sources" + default = {} +} + +variable "description" { + type = string + description = "The description you assign to the User. Does not have to be unique, and it's changeable. " + default = null +} + +variable "cidr_blocks" { + type = string + description = "VCN CIDR Block" + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} \ No newline at end of file diff --git a/modules/identity/iam-policy/main.tf b/modules/identity/iam-policy/main.tf new file mode 100644 index 0000000..c9e7fec --- /dev/null +++ b/modules/identity/iam-policy/main.tf @@ -0,0 +1,21 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +# Resource Block - Identity +# Create Policies +############################# + +resource "oci_identity_policy" "policy" { + + # Required + compartment_id = var.policy_compartment_id + description = var.policy_description + name = var.policy_name + statements = var.policy_statements + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + version_date = var.policy_version_date + +} diff --git a/modules/identity/iam-policy/oracle_provider_req.tf b/modules/identity/iam-policy/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/identity/iam-policy/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/identity/iam-policy/outputs.tf b/modules/identity/iam-policy/outputs.tf new file mode 100644 index 0000000..f43e40b --- /dev/null +++ b/modules/identity/iam-policy/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Identity +# Create Policies +############################ + +output "policies_tf_id" { + value = oci_identity_policy.policy.id +} diff --git a/modules/identity/iam-policy/variables.tf b/modules/identity/iam-policy/variables.tf new file mode 100644 index 0000000..aec81b9 --- /dev/null +++ b/modules/identity/iam-policy/variables.tf @@ -0,0 +1,54 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Identity +# Create Policies +############################ + +variable "tenancy_ocid" { + type = string + description = "The OCID of the tenancy." + default = null +} + +variable "policy_name" { + type = string + description = "The name you assign to the policy during creation. " + default = null +} + +variable "policy_description" { + type = string + description = "The description you assign to the policy. Does not have to be unique, and it's changeable. " + default = null +} + +variable "policy_statements" { + type = list(string) + description = "Define policy consists of one or more policy statements. " + default = null +} + +variable "policy_compartment_id" { + type = string + description = "The compartment id where policy is created." + default = null +} + +variable "policy_version_date" { + type = string + description = "The date of the policy version." + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} \ No newline at end of file diff --git a/modules/identity/iam-user/data.tf b/modules/identity/iam-user/data.tf new file mode 100644 index 0000000..431eb53 --- /dev/null +++ b/modules/identity/iam-user/data.tf @@ -0,0 +1,15 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +## Data Block - Identity +# Create Users +############################# + + +data "oci_identity_groups" "iam_groups" { + #Required + compartment_id = var.tenancy_ocid + + #Optional + name = var.group_name +} \ No newline at end of file diff --git a/modules/identity/iam-user/main.tf b/modules/identity/iam-user/main.tf new file mode 100644 index 0000000..2ab4abf --- /dev/null +++ b/modules/identity/iam-user/main.tf @@ -0,0 +1,40 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Identity +# Create Users +############################ + +resource "oci_identity_user" "user" { + + #Required + compartment_id = var.tenancy_ocid + description = var.user_description + name = var.user_name + email = var.user_email + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + +} + +resource "oci_identity_user_group_membership" "user_group_membership" { + count = var.group_membership != null ? length(var.group_membership) : 0 + depends_on = [oci_identity_user.user] + user_id = oci_identity_user.user.id + group_id = length(regexall("ocid1.group.oc*", var.group_membership[count.index])) > 0 ? var.group_membership[count.index] : data.oci_identity_groups.iam_groups.groups[index(data.oci_identity_groups.iam_groups.groups.*.name, var.group_membership[count.index])].id +} + +resource "oci_identity_user_capabilities_management" "user_capabilities_management" { + count = var.disable_capabilities != null ? 1 : 0 + depends_on = [oci_identity_user.user] + user_id = oci_identity_user.user.id + + can_use_api_keys = var.disable_capabilities != null && contains(var.disable_capabilities, "can_use_api_keys") ? false : true + can_use_auth_tokens = var.disable_capabilities != null && contains(var.disable_capabilities, "can_use_auth_tokens") ? false : true + can_use_console_password = var.disable_capabilities != null && contains(var.disable_capabilities, "can_use_console_password") ? false : true + can_use_customer_secret_keys = var.disable_capabilities != null && contains(var.disable_capabilities, "can_use_customer_secret_keys") ? false : true + can_use_smtp_credentials = var.disable_capabilities != null && contains(var.disable_capabilities, "can_use_smtp_credentials") ? false : true + +} diff --git a/modules/identity/iam-user/oracle_provider_req.tf b/modules/identity/iam-user/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/identity/iam-user/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/identity/iam-user/outputs.tf b/modules/identity/iam-user/outputs.tf new file mode 100644 index 0000000..8a22869 --- /dev/null +++ b/modules/identity/iam-user/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Identity +# Create Users +############################ + +output "user_id_map" { + description = "user ocid" + value = zipmap(oci_identity_user.user.*.name, oci_identity_user.user.*.id) +} \ No newline at end of file diff --git a/modules/identity/iam-user/variables.tf b/modules/identity/iam-user/variables.tf new file mode 100644 index 0000000..ce1086d --- /dev/null +++ b/modules/identity/iam-user/variables.tf @@ -0,0 +1,77 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variables Block - Identity +# Create Users +############################ + +variable "tenancy_ocid" { + type = string + default = null +} + +variable "compartment_id" { + type = string + default = null +} + + +variable "user_name" { + type = string + description = "The name you assign to the user during creation. The name must be unique across all compartments in the tenancy." + default = null +} + +variable "group_name" { + type = string + description = "The name of the group." + default = null +} + +variable "group_id" { + type = string + description = "The id of the group." + default = null +} + +variable "group_membership" { + type = list(string) + description = "The name of the group user is member of." + default = [] +} + +variable "user_description" { + type = string + description = "The description you assign to the User. Does not have to be unique, and it's changeable. " + default = null +} + +variable "user_email" { + type = string + description = "The email you assign to the User. Does not have to be unique, and it's changeable. " + default = null +} + +variable "disable_capabilities" { + type = list(string) + description = "The name of the capabilities disabled for user" + default = [] +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + + +variable "group_ids" { + type = list(string) + default = [] +} \ No newline at end of file diff --git a/modules/ip/public-ip-pool/main.tf b/modules/ip/public-ip-pool/main.tf new file mode 100755 index 0000000..8f399a3 --- /dev/null +++ b/modules/ip/public-ip-pool/main.tf @@ -0,0 +1,16 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Resource Block - Public IP Pool +## Create Public IP Pool +################################ + +resource "oci_core_public_ip_pool" "public_ip_pool" { + #Required + compartment_id = var.compartment_id + + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags +} \ No newline at end of file diff --git a/modules/ip/public-ip-pool/oracle_provider_req.tf b/modules/ip/public-ip-pool/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/ip/public-ip-pool/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/ip/public-ip-pool/outputs.tf b/modules/ip/public-ip-pool/outputs.tf new file mode 100755 index 0000000..3171b8e --- /dev/null +++ b/modules/ip/public-ip-pool/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Outputs Block - Public IP Pool +## Create Public IP Pool +################################ + +output "public_ip_pool_tf_id" { + value = oci_core_public_ip_pool.public_ip_pool.id +} \ No newline at end of file diff --git a/modules/ip/public-ip-pool/variables.tf b/modules/ip/public-ip-pool/variables.tf new file mode 100755 index 0000000..63b81c6 --- /dev/null +++ b/modules/ip/public-ip-pool/variables.tf @@ -0,0 +1,26 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################# +## Variables Block - Public IP Pool +## Create Public IP Pool +################################# + +variable "compartment_id" { + description = "Compartment OCID to provision the volume" + type = string +} + +variable "freeform_tags" { + description = "Free-form tags for the volume" + type = map(string) +} + +variable "defined_tags" { + description = "Defined tags for the volume" + type = map(string) +} + +variable "display_name" { + description = "User-friendly name to the volume" + type = string +} diff --git a/modules/ip/reserved-public-ip/main.tf b/modules/ip/reserved-public-ip/main.tf new file mode 100755 index 0000000..c415f59 --- /dev/null +++ b/modules/ip/reserved-public-ip/main.tf @@ -0,0 +1,20 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Resource Block - Reserved IP +## Create Reserved IP +################################ + +resource "oci_core_public_ip" "public_ip" { + #Required + compartment_id = var.compartment_id + lifetime = var.lifetime + + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + private_ip_id = var.private_ip_id + public_ip_pool_id = var.public_ip_pool_id + +} \ No newline at end of file diff --git a/modules/ip/reserved-public-ip/oracle_provider_req.tf b/modules/ip/reserved-public-ip/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/ip/reserved-public-ip/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/ip/reserved-public-ip/outputs.tf b/modules/ip/reserved-public-ip/outputs.tf new file mode 100755 index 0000000..f18a545 --- /dev/null +++ b/modules/ip/reserved-public-ip/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Outputs Block - Reserved IP +## Create Reserved IP +################################ + +output "reserved_ip_tf_id" { + value = oci_core_public_ip.public_ip.id +} \ No newline at end of file diff --git a/modules/ip/reserved-public-ip/variables.tf b/modules/ip/reserved-public-ip/variables.tf new file mode 100755 index 0000000..4c923f5 --- /dev/null +++ b/modules/ip/reserved-public-ip/variables.tf @@ -0,0 +1,44 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################# +## Variables Block - Reserved IP +## Create Reserved IP +################################# + +variable "compartment_id" { + description = "Compartment OCID to provision the volume" + type = string +} + +variable "lifetime" { + description = "Defines when the public IP is deleted and released back to the Oracle Cloud Infrastructure public IP pool" + type = string + default = null +} + +variable "private_ip_id" { + description = "The OCID of the private IP to assign the public IP to." + type = string + default = null +} + +variable "freeform_tags" { + description = "Free-form tags for the volume" + type = map(string) +} + +variable "defined_tags" { + description = "Defined tags for the volume" + type = map(string) +} + +variable "display_name" { + description = "User-friendly name to the volume" + type = string +} + +variable "public_ip_pool_id" { + description = "The OCID of the public IP pool." + type = string + default = null +} diff --git a/modules/ip/secondary-private-ip/main.tf b/modules/ip/secondary-private-ip/main.tf new file mode 100755 index 0000000..ff73225 --- /dev/null +++ b/modules/ip/secondary-private-ip/main.tf @@ -0,0 +1,19 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Resource Block - Secondary Private IP +## Create Secondary Private IP +################################ + +resource "oci_core_private_ip" "private_ip" { + + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + hostname_label = var.hostname_label + ip_address = var.ip_address + vlan_id = var.vlan_id + vnic_id = var.vnic_id + +} \ No newline at end of file diff --git a/modules/ip/secondary-private-ip/oracle_provider_req.tf b/modules/ip/secondary-private-ip/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/ip/secondary-private-ip/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/ip/secondary-private-ip/outputs.tf b/modules/ip/secondary-private-ip/outputs.tf new file mode 100755 index 0000000..da76664 --- /dev/null +++ b/modules/ip/secondary-private-ip/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Outputs Block - Secondary Private IP +## Create Secondary Private IP +################################ + +output "private_ip_tf_id" { + value = oci_core_private_ip.private_ip.id +} \ No newline at end of file diff --git a/modules/ip/secondary-private-ip/variables.tf b/modules/ip/secondary-private-ip/variables.tf new file mode 100755 index 0000000..b64127c --- /dev/null +++ b/modules/ip/secondary-private-ip/variables.tf @@ -0,0 +1,41 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################# +## Variables Block - Secondary Private IP +## Create Secondary Private IP +################################# + +variable "freeform_tags" { + description = "Free-form tags for the volume" + type = map(string) +} + +variable "defined_tags" { + description = "Defined tags for the volume" + type = map(string) +} + +variable "display_name" { + description = "User-friendly name to the volume" + type = string +} + +variable "vnic_id" { + type = string + default = null +} + +variable "hostname_label" { + type = string + default = null +} + +variable "ip_address" { + type = string + default = null +} + +variable "vlan_id" { + type = string + default = null +} diff --git a/modules/loadbalancer/lb-backend-set/main.tf b/modules/loadbalancer/lb-backend-set/main.tf new file mode 100644 index 0000000..8e1d91c --- /dev/null +++ b/modules/loadbalancer/lb-backend-set/main.tf @@ -0,0 +1,69 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Load Balancer +# Create Load Balancer Backend Set +############################ + +resource "oci_load_balancer_backend_set" "backend_set" { + #Required + health_checker { + #Required + protocol = var.protocol + + #Optional + interval_ms = var.interval_ms + is_force_plain_text = var.is_force_plain_text + port = var.port + response_body_regex = var.response_body_regex + retries = var.retries + return_code = var.return_code + timeout_in_millis = var.timeout_in_millis + url_path = var.url_path + } + load_balancer_id = var.load_balancer_id + name = var.name + policy = var.policy + + #Optional + dynamic "lb_cookie_session_persistence_configuration" { + for_each = var.backend_sets[var.key_name].lb_cookie_session != null ? var.backend_sets[var.key_name].lb_cookie_session : [] + + #Optional + content { + cookie_name = lb_cookie_session_persistence_configuration.value.cookie_name + disable_fallback = lb_cookie_session_persistence_configuration.value.disable_fallback + domain = lb_cookie_session_persistence_configuration.value.domain + is_http_only = lb_cookie_session_persistence_configuration.value.is_http_only + is_secure = lb_cookie_session_persistence_configuration.value.is_secure + max_age_in_seconds = lb_cookie_session_persistence_configuration.value.max_age_in_seconds + path = lb_cookie_session_persistence_configuration.value.path + } + } + dynamic "session_persistence_configuration" { + for_each = var.backend_sets[var.key_name].session_persistence_configuration != null ? var.backend_sets[var.key_name].session_persistence_configuration : [] + + content { + #Required + cookie_name = session_persistence_configuration.value.cookie_name + + #Optional + disable_fallback = session_persistence_configuration.value.disable_fallback == null ? "false" : session_persistence_configuration.value.disable_fallback + } + } + dynamic "ssl_configuration" { + for_each = var.backend_sets[var.key_name].ssl_configuration != null ? var.backend_sets[var.key_name].ssl_configuration : [] + + content { + #Optional + certificate_ids = ssl_configuration.value.certificate_ids + certificate_name = var.certificate_name + cipher_suite_name = var.cipher_suite_name + protocols = ssl_configuration.value.protocols + server_order_preference = ssl_configuration.value.server_order_preference #TODO + trusted_certificate_authority_ids = ssl_configuration.value.trusted_certificate_authority_ids #TODO + verify_depth = ssl_configuration.value.verify_depth + verify_peer_certificate = ssl_configuration.value.verify_peer_certificate + } + } +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-backend-set/oracle_provider_req.tf b/modules/loadbalancer/lb-backend-set/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/loadbalancer/lb-backend-set/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-backend-set/outputs.tf b/modules/loadbalancer/lb-backend-set/outputs.tf new file mode 100644 index 0000000..e788b43 --- /dev/null +++ b/modules/loadbalancer/lb-backend-set/outputs.tf @@ -0,0 +1,16 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Load Balancer +# Create Load Balancer Backend Set +############################ + +output "backend_set_tf_id" { + description = "Load Balancer Backend Set ocid" + value = oci_load_balancer_backend_set.backend_set.id +} + +output "backend_set_tf_name" { + description = "Load Balancer Backend Set Name" + value = oci_load_balancer_backend_set.backend_set.name +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-backend-set/variables.tf b/modules/loadbalancer/lb-backend-set/variables.tf new file mode 100644 index 0000000..b4e3b11 --- /dev/null +++ b/modules/loadbalancer/lb-backend-set/variables.tf @@ -0,0 +1,130 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Load Balancer +# Create Load Balancer Backend Set +############################ + +variable "protocol" { + type = string + description = "The protocol the health check must use; either HTTP or TCP." + default = "HTTP" # Default as per hashicorp terraform +} + +variable "interval_ms" { + type = number + description = "The interval between health checks, in milliseconds" + default = 10000 # Default as per hashicorp terraform +} + +variable "is_force_plain_text" { + type = string + description = "Specifies if health checks should always be done using plain text instead of depending on whether or not the associated backend set is using SSL." +} + +variable "port" { + type = number + description = "The backend server port against which to run the health check." + default = 80 # Default value at random +} + +variable "response_body_regex" { + type = string + description = "A regular expression for parsing the response body from the backend server" + default = null +} + +variable "retries" { + type = number + description = " The number of retries to attempt before a backend server is considered unhealthy" + default = 3 # Default value as per hashicorp terraform +} + +variable "return_code" { + type = number + description = "The status code a healthy backend server should return." + default = 200 # Default value as per hashicorp terraform +} + +variable "timeout_in_millis" { + type = number + description = "The maximum time, in milliseconds, to wait for a reply to a health check." + default = 3000 # Default value as per hashicorp terraform +} + +variable "url_path" { + type = string + description = "The path against which to run the health check." + default = "/" # Default value as per hashicorp terraform +} + +variable "load_balancer_id" { + type = string + description = "The OCID of load balancer" + default = null +} + +variable "name" { + type = string + description = "The display name of the load balancer backend set" + default = null +} + +variable "policy" { + type = string + description = "The load balancer policy for the backend set. Allowed Values: ROUND_ROBIN|LEAST_CONNECTIONS|IP_HASH" + default = "ROUND_ROBIN" #Default value as per hashicorp terraform +} + +variable "key_name" { + type = string + default = null +} + +variable "backend_sets" {} + +variable "subnet_ids" { + type = list(any) + description = "Subnets to place the load balancer in" + default = [] +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "ip_mode" { + type = string + description = "Whether the load balancer has an IPv4 or IPv6 IP address" + default = "IPV4" #Default value as per hashicorp terraform +} + +variable "is_private" { + type = bool + description = "Whether the load balancer has a VCN-local (private) IP address. If True , Load Balancer is private, else it's public" + default = "false" #Default value as per hashicorp terraform; Creates a Public Load Balancer +} + +variable "network_security_group_ids" { + type = list(any) + description = "NSGs to place the load balancer in" + default = [] +} + +variable "certificate_name" { + type = string + default = null +} + +variable "cipher_suite_name" { + type = string + default = null +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-backend/main.tf b/modules/loadbalancer/lb-backend/main.tf new file mode 100644 index 0000000..e999b14 --- /dev/null +++ b/modules/loadbalancer/lb-backend/main.tf @@ -0,0 +1,20 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Load Balancer +# Create Load Balancer Backend +############################ + +resource "oci_load_balancer_backend" "backend" { + #Required + backendset_name = var.backendset_name + ip_address = var.ip_address + load_balancer_id = var.load_balancer_id + port = var.port + + #Optional + backup = var.backup + drain = var.drain + offline = var.offline + weight = var.weight +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-backend/oracle_provider_req.tf b/modules/loadbalancer/lb-backend/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/loadbalancer/lb-backend/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-backend/outputs.tf b/modules/loadbalancer/lb-backend/outputs.tf new file mode 100644 index 0000000..9324a0b --- /dev/null +++ b/modules/loadbalancer/lb-backend/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Load Balancer +# Create Load Balancer Backend +############################ + +output "backend_tf_id" { + description = "Load Balancer Backend ocid" + value = oci_load_balancer_backend.backend.id +} diff --git a/modules/loadbalancer/lb-backend/variables.tf b/modules/loadbalancer/lb-backend/variables.tf new file mode 100644 index 0000000..6de352d --- /dev/null +++ b/modules/loadbalancer/lb-backend/variables.tf @@ -0,0 +1,54 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Load Balancer +# Create Load Balancer Backend +############################ + +variable "backendset_name" { + type = string + description = "The name of the backend set to add the backend server to." + default = null +} + +variable "ip_address" { + type = string + description = " The IP address of the backend server." + default = null +} + +variable "load_balancer_id" { + type = string + description = "The OCID of load balancer" + default = null +} + +variable "port" { + type = number + description = "The communication port for the backend server." + default = 80 # Default value at random +} + +variable "backup" { + type = bool + description = "Whether the load balancer should treat this server as a backup unit. If true, the load balancer forwards no ingress traffic to this backend server unless all other backend servers not marked as backup fail the health check policy." + default = false # Default value at random +} + +variable "drain" { + type = bool + description = "Whether the load balancer should drain this server. Servers marked drain receive no new incoming traffic." + default = false # Default value as per hashicorp terraform +} + +variable "offline" { + type = bool + description = "Whether the load balancer should treat this server as offline. Offline servers receive no incoming traffic." + default = false # Default value as per hashicorp terraform +} + +variable "weight" { + type = number + description = "The load balancing policy weight assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic. Weight values must be from 1 to 100." + default = 1 # Default value as per hashicorp terraform +} diff --git a/modules/loadbalancer/lb-certificate/main.tf b/modules/loadbalancer/lb-certificate/main.tf new file mode 100644 index 0000000..fe90890 --- /dev/null +++ b/modules/loadbalancer/lb-certificate/main.tf @@ -0,0 +1,23 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Load Balancer +# Create Load Balancer Certificate +############################ + +resource "oci_load_balancer_certificate" "certificate" { + #Required + certificate_name = var.certificate_name + load_balancer_id = var.load_balancer_id + + #Optional + ca_certificate = var.ca_certificate + passphrase = var.passphrase + private_key = var.private_key + public_certificate = var.public_certificate + + lifecycle { + create_before_destroy = true # As per hashicorp terraform + ignore_changes = [ca_certificate, public_certificate, private_key] + } +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-certificate/oracle_provider_req.tf b/modules/loadbalancer/lb-certificate/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/loadbalancer/lb-certificate/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-certificate/outputs.tf b/modules/loadbalancer/lb-certificate/outputs.tf new file mode 100644 index 0000000..6e752af --- /dev/null +++ b/modules/loadbalancer/lb-certificate/outputs.tf @@ -0,0 +1,16 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Load Balancer +# Create Load Balancer Certificate +############################ + +output "certificate_tf_id" { + description = "Load Balancer Certificate ocid" + value = oci_load_balancer_certificate.certificate.id +} + +output "certificate_tf_name" { + description = "Load Balancer Certificate Name" + value = oci_load_balancer_certificate.certificate.certificate_name +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-certificate/variables.tf b/modules/loadbalancer/lb-certificate/variables.tf new file mode 100644 index 0000000..ce467b0 --- /dev/null +++ b/modules/loadbalancer/lb-certificate/variables.tf @@ -0,0 +1,42 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Load Balancer +# Create Load Balancer Certificate +############################ + +variable "certificate_name" { + type = string + description = "Name of the certificate" + default = null +} + +variable "load_balancer_id" { + type = string + description = "The OCID of load balancer" + default = null +} + +variable "ca_certificate" { + type = string + description = "The Certificate Authority certificate, or any interim certificate" + default = null +} + +variable "passphrase" { + type = string + description = "A passphrase for encrypted private keys." + default = null +} + +variable "private_key" { + type = string + description = "The SSL private key for your certificate, in PEM format." + default = null +} + +variable "public_certificate" { + type = string + description = "The public certificate, in PEM format, that you received from your SSL certificate provider." + default = null +} diff --git a/modules/loadbalancer/lb-cipher-suite/main.tf b/modules/loadbalancer/lb-cipher-suite/main.tf new file mode 100644 index 0000000..3c1d071 --- /dev/null +++ b/modules/loadbalancer/lb-cipher-suite/main.tf @@ -0,0 +1,19 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Load Balancer +# Create Load Balancer Cipher Suite +############################ + +resource "oci_load_balancer_ssl_cipher_suite" "ssl_cipher_suite" { + #Required + ciphers = var.ciphers + name = var.name + + #Optional + load_balancer_id = var.load_balancer_id + + lifecycle { + ignore_changes = [ciphers] + } +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-cipher-suite/oracle_provider_req.tf b/modules/loadbalancer/lb-cipher-suite/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/loadbalancer/lb-cipher-suite/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-cipher-suite/outputs.tf b/modules/loadbalancer/lb-cipher-suite/outputs.tf new file mode 100644 index 0000000..9e4092e --- /dev/null +++ b/modules/loadbalancer/lb-cipher-suite/outputs.tf @@ -0,0 +1,16 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Load Balancer +# Create Load Balancer Cipher Suite +############################ + +output "cipher_suite_tf_id" { + description = "Load Balancer Cipher Suite ocid" + value = oci_load_balancer_ssl_cipher_suite.ssl_cipher_suite.id +} + +output "cipher_suite_tf_name" { + description = "Load Balancer Cipher Suite Name" + value = oci_load_balancer_ssl_cipher_suite.ssl_cipher_suite.name +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-cipher-suite/variables.tf b/modules/loadbalancer/lb-cipher-suite/variables.tf new file mode 100644 index 0000000..be9d8c9 --- /dev/null +++ b/modules/loadbalancer/lb-cipher-suite/variables.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Load Balancer +# Create Load Balancer Cipher Suite +############################ + +variable "ciphers" { + type = list(any) + description = "A list of SSL ciphers the load balancer must support for HTTPS or SSL connections." + default = [] +} + +variable "name" { + type = string + description = "A friendly name for the SSL cipher suite." + default = null +} + +variable "load_balancer_id" { + type = string + description = "The Load Balancer OCID" + default = null +} diff --git a/modules/loadbalancer/lb-hostname/main.tf b/modules/loadbalancer/lb-hostname/main.tf new file mode 100644 index 0000000..3a948b8 --- /dev/null +++ b/modules/loadbalancer/lb-hostname/main.tf @@ -0,0 +1,18 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Load Balancer +# Create Load Balancer Hostname +############################ + +resource "oci_load_balancer_hostname" "hostname" { + #Required + hostname = var.hostname + load_balancer_id = var.load_balancer_id + name = var.name + + #Optional + lifecycle { + create_before_destroy = true # As per hashicorp terraform + } +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-hostname/oracle_provider_req.tf b/modules/loadbalancer/lb-hostname/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/loadbalancer/lb-hostname/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-hostname/outputs.tf b/modules/loadbalancer/lb-hostname/outputs.tf new file mode 100644 index 0000000..c9554d6 --- /dev/null +++ b/modules/loadbalancer/lb-hostname/outputs.tf @@ -0,0 +1,16 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Load Balancer +# Create Load Balancer Hostname +############################ + +output "hostname_tf_id" { + description = "Load Balancer Hostname ocid" + value = oci_load_balancer_hostname.hostname.id +} + +output "hostname_tf_name" { + description = "Load Balancer Hostname Name" + value = oci_load_balancer_hostname.hostname.name +} diff --git a/modules/loadbalancer/lb-hostname/variables.tf b/modules/loadbalancer/lb-hostname/variables.tf new file mode 100644 index 0000000..a2af359 --- /dev/null +++ b/modules/loadbalancer/lb-hostname/variables.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Load Balancer +# Create Load Balancer Hostname +############################ + +variable "hostname" { + type = string + description = "A virtual hostname for load balancer" + default = null +} + +variable "load_balancer_id" { + type = string + description = "The OCID of load balancer" + default = null +} + +variable "name" { + type = string + description = "Load Balancer Name" + default = null +} diff --git a/modules/loadbalancer/lb-listener/main.tf b/modules/loadbalancer/lb-listener/main.tf new file mode 100644 index 0000000..bdd48c5 --- /dev/null +++ b/modules/loadbalancer/lb-listener/main.tf @@ -0,0 +1,48 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Load Balancer +# Create Load Balancer Listener +############################ + +resource "oci_load_balancer_listener" "listener" { + #Required + default_backend_set_name = var.default_backend_set_name + load_balancer_id = var.load_balancer_id + name = var.name + port = var.port + protocol = var.protocol + + #Optional + dynamic "connection_configuration" { + for_each = var.listeners[var.key_name].connection_configuration != null ? var.listeners[var.key_name].connection_configuration : [] + content { + #Required + idle_timeout_in_seconds = connection_configuration.value.idle_timeout_in_seconds + + #Optional + #backend_tcp_proxy_protocol_version = var.protocol != "TCP" ? null : (connection_configuration.value.backend_tcp_proxy_protocol_version != null ? connection_configuration.value.backend_tcp_proxy_protocol_version : 2) + backend_tcp_proxy_protocol_version = var.protocol != "TCP" ? null : (try(connection_configuration.value.backend_tcp_proxy_protocol_version, 0)) + } + } + hostname_names = var.hostname_names + path_route_set_name = var.path_route_set_name + routing_policy_name = var.routing_policy_name + rule_set_names = var.rule_set_names + + dynamic "ssl_configuration" { + for_each = var.listeners[var.key_name].ssl_configuration != null ? var.listeners[var.key_name].ssl_configuration : [] + content { + + #Optional + certificate_name = var.certificate_name + certificate_ids = ssl_configuration.value.certificate_ids + cipher_suite_name = var.cipher_suite_name + protocols = ssl_configuration.value.protocols + server_order_preference = ssl_configuration.value.server_order_preference #TODO + trusted_certificate_authority_ids = ssl_configuration.value.trusted_certificate_authority_ids #TODO + verify_depth = ssl_configuration.value.verify_depth + verify_peer_certificate = ssl_configuration.value.verify_peer_certificate + } + } +} diff --git a/modules/loadbalancer/lb-listener/oracle_provider_req.tf b/modules/loadbalancer/lb-listener/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/loadbalancer/lb-listener/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-listener/outputs.tf b/modules/loadbalancer/lb-listener/outputs.tf new file mode 100644 index 0000000..57fc162 --- /dev/null +++ b/modules/loadbalancer/lb-listener/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Load Balancer +# Create Load Balancer Listener +############################ + +output "listener_tf_id" { + description = "Load Balancer Listener ocid" + value = oci_load_balancer_listener.listener.id +} diff --git a/modules/loadbalancer/lb-listener/variables.tf b/modules/loadbalancer/lb-listener/variables.tf new file mode 100644 index 0000000..7cb3c2f --- /dev/null +++ b/modules/loadbalancer/lb-listener/variables.tf @@ -0,0 +1,75 @@ +############################ +# Variable Block - Load Balancer +# Create Load Balancer Listener +############################ + +variable "default_backend_set_name" { + type = string + description = "The name of the associated backend set" + default = null +} + +variable "load_balancer_id" { + type = string + description = "The OCID of load balancer" + default = null +} + +variable "name" { + type = string + description = "The name of the Listener." + default = null +} + +variable "port" { + type = number + description = "The communication port for the listener." + default = 80 # Default as per example in hashicorp terraform +} + +variable "protocol" { + type = string + description = "The protocol on which the listener accepts connection requests." + default = null +} + +variable "hostname_names" { + type = list(any) + description = "An array of hostname resource names." + default = [] +} + +variable "path_route_set_name" { + type = string + description = "Deprecated !! The name of the set of path-based routing rules, PathRouteSet, applied to this listener's traffic." + default = null +} + +variable "routing_policy_name" { + type = string + description = "The name of the routing policy applied to this listener's traffic." + default = null +} + +variable "rule_set_names" { + type = list(any) + description = "The names of the rule sets to apply to the listener." + default = [] +} + +variable "key_name" { + type = string + default = null +} + +variable "listeners" {} + +variable "certificate_name" { + type = string + default = null +} + +variable "cipher_suite_name" { + type = string + default = null +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-load-balancer/data.tf b/modules/loadbalancer/lb-load-balancer/data.tf new file mode 100644 index 0000000..943ba15 --- /dev/null +++ b/modules/loadbalancer/lb-load-balancer/data.tf @@ -0,0 +1,30 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +## Data Block - Load Balancers +## Create Load Balancers +############################# + +locals { + nsg_ids = var.network_security_group_ids != null ? flatten(tolist([for nsg in var.network_security_group_ids : (length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? [nsg] : data.oci_core_network_security_groups.network_security_groups[nsg].network_security_groups[*].id)])) : null +} + +data "oci_core_network_security_groups" "network_security_groups" { + for_each = var.network_security_group_ids != null ? { for nsg in var.network_security_group_ids : nsg => nsg } : {} + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value + vcn_id = data.oci_core_vcns.oci_vcns_lbs[var.vcn_names[0]].virtual_networks.*.id[0] +} + +data "oci_core_vcns" "oci_vcns_lbs" { + for_each = { for vcn in var.vcn_names : vcn => vcn } + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value +} + +data "oci_core_subnets" "oci_subnets_lbs" { + for_each = { for subnet in var.subnet_ids : subnet => subnet } + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value + vcn_id = data.oci_core_vcns.oci_vcns_lbs[var.vcn_names[0]].virtual_networks.*.id[0] +} diff --git a/modules/loadbalancer/lb-load-balancer/main.tf b/modules/loadbalancer/lb-load-balancer/main.tf new file mode 100644 index 0000000..5e8e09f --- /dev/null +++ b/modules/loadbalancer/lb-load-balancer/main.tf @@ -0,0 +1,45 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Load Balancer +# Create Load Balancer +############################ + +resource "oci_load_balancer_load_balancer" "load_balancer" { + #Required + compartment_id = var.compartment_id + display_name = var.display_name + shape = var.shape + #subnet_ids = var.subnet_ids + subnet_ids = flatten(tolist([for subnet in var.subnet_ids : (length(regexall("ocid1.subnet.oc*", subnet)) > 0 ? [subnet] : data.oci_core_subnets.oci_subnets_lbs[subnet].subnets[*].id)])) + + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + ip_mode = var.ip_mode + is_private = var.is_private + network_security_group_ids = var.network_security_group_ids != null ? (local.nsg_ids == [] ? ["INVALID NSG Name"] : local.nsg_ids) : null + + dynamic "reserved_ips" { + for_each = var.reserved_ips_id != [] ? var.reserved_ips_id : [] + content { + #Optional + id = reserved_ips.value + } + } + + dynamic "shape_details" { + for_each = var.load_balancers[var.key_name].shape_details != null ? var.load_balancers[var.key_name].shape_details : [] + content { + #Required + maximum_bandwidth_in_mbps = shape_details.value.maximum_bandwidth_in_mbps + minimum_bandwidth_in_mbps = shape_details.value.minimum_bandwidth_in_mbps + } + } + + lifecycle { + ignore_changes = [reserved_ips] + } + +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-load-balancer/oracle_provider_req.tf b/modules/loadbalancer/lb-load-balancer/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/loadbalancer/lb-load-balancer/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-load-balancer/outputs.tf b/modules/loadbalancer/lb-load-balancer/outputs.tf new file mode 100644 index 0000000..ee3cbf9 --- /dev/null +++ b/modules/loadbalancer/lb-load-balancer/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Load Balancer +# Create Load Balancer +############################ + +output "load_balancer_tf_id" { + description = "Load Balancer ocid" + value = oci_load_balancer_load_balancer.load_balancer.id +} diff --git a/modules/loadbalancer/lb-load-balancer/variables.tf b/modules/loadbalancer/lb-load-balancer/variables.tf new file mode 100644 index 0000000..6f20012 --- /dev/null +++ b/modules/loadbalancer/lb-load-balancer/variables.tf @@ -0,0 +1,83 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Load Balancer +# Create Load Balancer +############################ + +variable "compartment_id" { + type = string + description = "The OCID of the compartment" + default = null +} + +variable "network_compartment_id" { + type = string + description = "The OCID of the compartment that has Network components" + default = null +} + +variable "display_name" { + type = string + description = "The display name of the load balancer" + default = null +} + +variable "shape" { + type = string + description = "Load Balancer shape - Allowed values: 100Mbps|10Mbps|10Mbps-Micro|400Mbps|8000Mbps|flexible " + default = "100Mbps" #Default value as per hashicorp terraform +} + +variable "subnet_ids" { + type = list(any) + description = "Subnets to place the load balancer in" + default = [] +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "ip_mode" { + type = string + description = "Whether the load balancer has an IPv4 or IPv6 IP address" + default = "IPV4" #Default value as per hashicorp terraform +} + +variable "is_private" { + type = bool + description = "Whether the load balancer has a VCN-local (private) IP address. If True , Load Balancer is private, else it's public" + default = "false" #Default value as per hashicorp terraform; Creates a Public Load Balancer +} + +variable "network_security_group_ids" { + type = list(any) + description = "NSGs to place the load balancer in" + default = [] +} + +variable "key_name" { + type = string + default = null +} + +variable "vcn_names" { + type = list(any) + default = [] +} + +variable "load_balancers" {} + +variable "reserved_ips_id" { + type = list(any) + default = [] +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-path-route-set/main.tf b/modules/loadbalancer/lb-path-route-set/main.tf new file mode 100644 index 0000000..21dfb7b --- /dev/null +++ b/modules/loadbalancer/lb-path-route-set/main.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Load Balancer +# Create Load Balancer Path Route Set +############################ + +resource "oci_load_balancer_path_route_set" "path_route_set" { + #Required + load_balancer_id = var.load_balancer_id + name = var.name + dynamic "path_routes" { + for_each = var.path_route_sets[var.key_name].path_routes != null ? var.path_route_sets[var.key_name].path_routes : [] + content { + #Required + backend_set_name = path_routes.value.backend_set_name + path = path_routes.value.path + path_match_type { + #Required + match_type = path_routes.value.match_type + } + } + } +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-path-route-set/oracle_provider_req.tf b/modules/loadbalancer/lb-path-route-set/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/loadbalancer/lb-path-route-set/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-path-route-set/outputs.tf b/modules/loadbalancer/lb-path-route-set/outputs.tf new file mode 100644 index 0000000..3ff264b --- /dev/null +++ b/modules/loadbalancer/lb-path-route-set/outputs.tf @@ -0,0 +1,16 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Load Balancer +# Create Load Balancer Path Route Set +############################ + +output "path_route_set_tf_id" { + description = "Load Balancer Path Route Set ocid" + value = oci_load_balancer_path_route_set.path_route_set.id +} + +output "path_route_set_tf_name" { + description = "Load Balancer Path Route Set Name" + value = oci_load_balancer_path_route_set.path_route_set.name +} diff --git a/modules/loadbalancer/lb-path-route-set/variables.tf b/modules/loadbalancer/lb-path-route-set/variables.tf new file mode 100644 index 0000000..e750a6f --- /dev/null +++ b/modules/loadbalancer/lb-path-route-set/variables.tf @@ -0,0 +1,23 @@ +############################ +# Variable Block - Load Balancer +# Create Load Balancer Path Route Set +############################ + +variable "name" { + type = string + description = "The name of the Rule Set." + default = null +} + +variable "load_balancer_id" { + type = string + description = "The OCID of load balancer" + default = null +} + +variable "key_name" { + type = string + default = null +} + +variable "path_route_sets" {} \ No newline at end of file diff --git a/modules/loadbalancer/lb-rule-set/main.tf b/modules/loadbalancer/lb-rule-set/main.tf new file mode 100644 index 0000000..fcd6fdf --- /dev/null +++ b/modules/loadbalancer/lb-rule-set/main.tf @@ -0,0 +1,90 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Load Balancer +# Create Load Balancer Rule Set +############################ + +resource "oci_load_balancer_rule_set" "rule_set" { + + # Access Control Rules + dynamic "items" { + for_each = var.rule_sets[var.key_name].access_control_rules != null ? var.rule_sets[var.key_name].access_control_rules : [] + content { + #Required + action = items.value.action + conditions { + #Required + attribute_name = items.value.attribute_name + attribute_value = items.value.attribute_value + } + description = items.value.description + } + } + + # Access Control Method Rules + dynamic "items" { + for_each = var.rule_sets[var.key_name].access_control_method_rules != null ? var.rule_sets[var.key_name].access_control_method_rules : [] + content { + #Required + action = items.value.action + + #Optional + allowed_methods = items.value.allowed_methods + status_code = items.value.status_code + } + } + + # HTTP Header Rules + dynamic "items" { + for_each = var.rule_sets[var.key_name].http_header_rules != null ? var.rule_sets[var.key_name].http_header_rules : [] + content { + #Required + action = items.value.action + are_invalid_characters_allowed = items.value.are_invalid_characters_allowed + http_large_header_size_in_kb = items.value.http_large_header_size_in_kb + } + } + + # URI Redirect Rules + dynamic "items" { + for_each = var.rule_sets[var.key_name].uri_redirect_rules != null ? var.rule_sets[var.key_name].uri_redirect_rules : [] + content { + #Required + action = items.value.action + conditions { + #Required + attribute_name = items.value.attribute_name + attribute_value = items.value.attribute_value + + #Optional + operator = items.value.operator + } + redirect_uri { + #Optional + host = items.value.host + path = items.value.path + port = items.value.port + protocol = items.value.protocol + query = items.value.query + } + response_code = items.value.response_code + } + } + + # Request Response Header Rules + dynamic "items" { + for_each = var.rule_sets[var.key_name].request_response_header_rules != null ? var.rule_sets[var.key_name].request_response_header_rules : [] + content { + #Required + action = items.value.action + header = items.value.header + prefix = items.value.prefix + suffix = items.value.suffix + value = items.value.value + } + } + + load_balancer_id = var.load_balancer_id + name = var.name +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-rule-set/oracle_provider_req.tf b/modules/loadbalancer/lb-rule-set/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/loadbalancer/lb-rule-set/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/loadbalancer/lb-rule-set/outputs.tf b/modules/loadbalancer/lb-rule-set/outputs.tf new file mode 100644 index 0000000..584b365 --- /dev/null +++ b/modules/loadbalancer/lb-rule-set/outputs.tf @@ -0,0 +1,17 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Load Balancer +# Create Load Balancer Rule Set +############################ + +output "rule_set_tf_id" { + description = "Load Balancer Rule Set ocid" + value = oci_load_balancer_rule_set.rule_set.id +} + +output "rule_set_tf_name" { + description = "Load Balancer Rule Set Name" + value = oci_load_balancer_rule_set.rule_set.name +} + diff --git a/modules/loadbalancer/lb-rule-set/variables.tf b/modules/loadbalancer/lb-rule-set/variables.tf new file mode 100644 index 0000000..62ff5c6 --- /dev/null +++ b/modules/loadbalancer/lb-rule-set/variables.tf @@ -0,0 +1,23 @@ +############################ +# Variable Block - Load Balancer +# Create Load Balancer Rule Set +############################ + +variable "name" { + type = string + description = "The name of the Rule Set." + default = null +} + +variable "load_balancer_id" { + type = string + description = "The OCID of load balancer" + default = null +} + +variable "key_name" { + type = string + default = null +} + +variable "rule_sets" {} \ No newline at end of file diff --git a/modules/managementservices/alarm/main.tf b/modules/managementservices/alarm/main.tf new file mode 100644 index 0000000..a631514 --- /dev/null +++ b/modules/managementservices/alarm/main.tf @@ -0,0 +1,41 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - ManagementServices +# Create Alarms +############################ + +resource "oci_monitoring_alarm" "alarm" { + + # Required + compartment_id = var.compartment_id + display_name = var.alarm_name + destinations = var.destinations + is_enabled = var.is_enabled + metric_compartment_id = var.metric_compartment_id + namespace = var.namespace + query = var.query + severity = var.severity + body = var.body + + message_format = var.message_format + #metric_compartment_id_in_subtree = var.alarm_metric_compartment_id_in_subtree + pending_duration = var.trigger_delay_minutes + repeat_notification_duration = var.repeat_notification_duration + + #resolution = var.alarm_resolution + #resource_group = var.alarm_resource_group + #suppression { + #Required + # time_suppress_from = var.alarm_suppression_time_suppress_from + # time_suppress_until = var.alarm_suppression_time_suppress_until + + #Optional + # description = var.alarm_suppression_description + #} + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + +} diff --git a/modules/managementservices/alarm/oracle_provider_req.tf b/modules/managementservices/alarm/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/managementservices/alarm/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/managementservices/alarm/outputs.tf b/modules/managementservices/alarm/outputs.tf new file mode 100644 index 0000000..aa5bf12 --- /dev/null +++ b/modules/managementservices/alarm/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - ManagementServices +# Create Alarms +############################ + +output "alarm_tf_id" { + description = "Alarm OCID" + value = oci_monitoring_alarm.alarm.id +} \ No newline at end of file diff --git a/modules/managementservices/alarm/variables.tf b/modules/managementservices/alarm/variables.tf new file mode 100644 index 0000000..c452baa --- /dev/null +++ b/modules/managementservices/alarm/variables.tf @@ -0,0 +1,84 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variables Block - ManagementServices +# Create Alarms +############################ + + +variable "compartment_id" { + type = string + description = "The compartment ID where alarm is created." + default = null +} + +variable "alarm_name" { + type = string + description = "The name you assign to the alarm during creation." + default = null +} + +variable "destinations" { + type = list(any) + default = null +} + +variable "is_enabled" { + type = bool + description = "The alarm is enabled or disabled." + default = null +} + +variable "metric_compartment_id" { + type = string + description = "The compartment ID for the metric" + default = null +} + +variable "namespace" { + type = string + default = null +} + +variable "query" { + type = string + default = null +} + +variable "severity" { + type = string + description = "Severity of the Alarm" + default = null +} + +variable "body" { + type = string + default = null +} + +variable "message_format" { + type = string + default = null +} + +variable "trigger_delay_minutes" { + type = string + default = null +} + +variable "repeat_notification_duration" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} \ No newline at end of file diff --git a/modules/managementservices/event/main.tf b/modules/managementservices/event/main.tf new file mode 100644 index 0000000..819a426 --- /dev/null +++ b/modules/managementservices/event/main.tf @@ -0,0 +1,38 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - ManagementServices +# Create Events +############################ + +resource "oci_events_rule" "event" { + + #Required + compartment_id = var.compartment_id + display_name = var.event_name + + is_enabled = var.is_enabled + description = var.description + condition = var.condition + actions { + dynamic "actions" { + for_each = var.actions[var.key_name]["actions"] != [] ? var.actions[var.key_name]["actions"] : null + content { + #Required + action_type = actions.value.action_type + is_enabled = actions.value.is_enabled + + #Optional + description = actions.value.description != "" ? actions.value.description : null + function_id = actions.value.function_id + stream_id = actions.value.stream_id + topic_id = (actions.value.topic_id != "" && actions.value.topic_id != null) ? (length(regexall("ocid1.onstopic.oc*", actions.value.topic_id)) > 0 ? actions.value.topic_id : var.topic_name[actions.value.topic_id]["topic_tf_id"]) : null + } + } + } + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + +} diff --git a/modules/managementservices/event/oracle_provider_req.tf b/modules/managementservices/event/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/managementservices/event/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/managementservices/event/outputs.tf b/modules/managementservices/event/outputs.tf new file mode 100644 index 0000000..dbb99f7 --- /dev/null +++ b/modules/managementservices/event/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - ManagementServices +# Create Events +############################ + +output "event_tf_id" { + description = "Event OCID" + value = oci_events_rule.event.id +} \ No newline at end of file diff --git a/modules/managementservices/event/variables.tf b/modules/managementservices/event/variables.tf new file mode 100644 index 0000000..419c4ff --- /dev/null +++ b/modules/managementservices/event/variables.tf @@ -0,0 +1,105 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variables Block - ManagementServices +# Create Events +############################ + + +variable "compartment_id" { + type = string + description = "The compartment ID where alarm is created." + default = null +} + +variable "event_name" { + type = string + description = "The name you assign to the event rule during creation." + default = null +} + +variable "condition" { + type = string + default = "" +} + +variable "topic_name" {} + +variable "key_name" { + type = string + default = "" +} + +variable "description" { + type = string + default = null +} + +variable "actions" { + type = map(any) + default = {} +} +variable "destinations" { + type = list(any) + default = null +} + +variable "is_enabled" { + type = bool + description = "The alarm is enabled or disabled." + default = null +} + +variable "metric_compartment_name" { + type = string + description = "The compartment ID for the metric" + default = null +} + +variable "namespace" { + type = string + default = null +} + +variable "query" { + type = string + default = null +} + +variable "severity" { + type = string + description = "Severity of the Alarm" + default = null +} + +variable "body" { + type = string + default = null +} + +variable "message_format" { + type = string + default = null +} + +variable "trigger_delay_minutes" { + type = string + default = null +} + +variable "repeat_notification_duration" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} \ No newline at end of file diff --git a/modules/managementservices/log-group/main.tf b/modules/managementservices/log-group/main.tf new file mode 100644 index 0000000..31ee0c8 --- /dev/null +++ b/modules/managementservices/log-group/main.tf @@ -0,0 +1,20 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +# Module Block - Logging +# Create Log Groups +############################# + +resource "oci_logging_log_group" "log_group" { + + #Required + compartment_id = var.compartment_id + display_name = var.display_name + + #Optional + defined_tags = var.defined_tags + description = var.description + freeform_tags = var.freeform_tags + +} + diff --git a/modules/managementservices/log-group/oracle_provider_req.tf b/modules/managementservices/log-group/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/managementservices/log-group/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/managementservices/log-group/outputs.tf b/modules/managementservices/log-group/outputs.tf new file mode 100644 index 0000000..f4eec2e --- /dev/null +++ b/modules/managementservices/log-group/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +# Output Block - Logging +# Create Log Groups +############################# + +output "log_group_tf_id" { + value = oci_logging_log_group.log_group.id +} \ No newline at end of file diff --git a/modules/managementservices/log-group/variables.tf b/modules/managementservices/log-group/variables.tf new file mode 100644 index 0000000..84b247d --- /dev/null +++ b/modules/managementservices/log-group/variables.tf @@ -0,0 +1,85 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +# Variable Block - Logging +# Create Log Groups and Logs +############################# + +variable "tenancy_ocid" { + type = string + default = null +} + +variable "compartment_id" { + type = string + default = null +} + + +variable "log_type" { + type = string + default = null +} + +variable "dhcp_options_id" { + type = string + default = null +} + +variable "description" { + type = string + default = null +} + + +variable "log_group_id" { + type = string + default = null +} + +variable "source_category" { + type = string + default = null +} + +variable "source_resource" { + type = string + default = null +} + +variable "source_service" { + type = string + default = null +} + +variable "source_type" { + type = string + default = null +} + +variable "log_is_enabled" { + type = bool + default = true +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + type = string + default = null +} + +variable "log_retention_duration" { + type = number + default = 30 +} + +variable "freeform_tags" { + type = map(any) + default = {} +} diff --git a/modules/managementservices/log/main.tf b/modules/managementservices/log/main.tf new file mode 100644 index 0000000..bd82c64 --- /dev/null +++ b/modules/managementservices/log/main.tf @@ -0,0 +1,34 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +# Module Block - Logging +# Create Logs +############################# + +resource "oci_logging_log" "log" { + + #Required + display_name = var.display_name + log_group_id = var.log_group_id + log_type = var.log_type + + #Optional + configuration { + #Required + source { + #Required + category = var.source_category + resource = var.source_resource + service = var.source_service + source_type = var.source_type + } + + #Optional + compartment_id = var.compartment_id + } + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + is_enabled = var.log_is_enabled + retention_duration = var.log_retention_duration + +} \ No newline at end of file diff --git a/modules/managementservices/log/oracle_provider_req.tf b/modules/managementservices/log/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/managementservices/log/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/managementservices/log/outputs.tf b/modules/managementservices/log/outputs.tf new file mode 100644 index 0000000..ba26947 --- /dev/null +++ b/modules/managementservices/log/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - ManagementServices +# Create Log +############################ + +output "log_tf_id" { + description = "Log OCID" + value = oci_logging_log.log.id +} \ No newline at end of file diff --git a/modules/managementservices/log/variables.tf b/modules/managementservices/log/variables.tf new file mode 100644 index 0000000..d15680a --- /dev/null +++ b/modules/managementservices/log/variables.tf @@ -0,0 +1,84 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +# Variable Block - Logging +# Create Log Groups and Logs +############################# + +variable "tenancy_ocid" { + type = string + default = null +} + +variable "compartment_id" { + type = string + default = null +} + +variable "log_type" { + type = string + default = null +} + +variable "dhcp_options_id" { + type = string + default = null +} + +variable "description" { + type = string + default = null +} + + +variable "log_group_id" { + type = string + default = null +} + +variable "source_category" { + type = string + default = null +} + +variable "source_resource" { + type = string + default = null +} + +variable "source_service" { + type = string + default = null +} + +variable "source_type" { + type = string + default = null +} + +variable "log_is_enabled" { + type = bool + default = true +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + type = string + default = null +} + +variable "log_retention_duration" { + type = number + default = 30 +} + +variable "freeform_tags" { + type = map(any) + default = {} +} diff --git a/modules/managementservices/notification-subscription/main.tf b/modules/managementservices/notification-subscription/main.tf new file mode 100644 index 0000000..b0efebd --- /dev/null +++ b/modules/managementservices/notification-subscription/main.tf @@ -0,0 +1,20 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - ManagementServices +# Create Notifications_Subscriptions +############################ + +resource "oci_ons_subscription" "subscription" { + + #Required + compartment_id = var.compartment_id + endpoint = var.endpoint + protocol = var.protocol + topic_id = var.topic_id + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + +} diff --git a/modules/managementservices/notification-subscription/oracle_provider_req.tf b/modules/managementservices/notification-subscription/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/managementservices/notification-subscription/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/managementservices/notification-subscription/outputs.tf b/modules/managementservices/notification-subscription/outputs.tf new file mode 100644 index 0000000..680bf9f --- /dev/null +++ b/modules/managementservices/notification-subscription/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - ManagementServices +# Create Notifications_Subscriptions +############################ + +output "topic_subscription_tf_id" { + description = "Topic Subscription OCID" + value = oci_ons_subscription.subscription.id +} \ No newline at end of file diff --git a/modules/managementservices/notification-subscription/variables.tf b/modules/managementservices/notification-subscription/variables.tf new file mode 100644 index 0000000..c418533 --- /dev/null +++ b/modules/managementservices/notification-subscription/variables.tf @@ -0,0 +1,34 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variables Block - ManagementServices +# Create Notifications_Subscriptions +############################ + +variable "compartment_id" { + type = string +} + +variable "endpoint" { + type = string +} + +variable "protocol" { + type = string +} + +variable "topic_id" { + type = string +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} \ No newline at end of file diff --git a/modules/managementservices/notification-topic/main.tf b/modules/managementservices/notification-topic/main.tf new file mode 100644 index 0000000..92272c9 --- /dev/null +++ b/modules/managementservices/notification-topic/main.tf @@ -0,0 +1,19 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - ManagementServices +# Create Notifications_Topics +############################ + +resource "oci_ons_notification_topic" "topic" { + + #Required + compartment_id = var.compartment_id + name = var.topic_name + description = var.description + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + +} diff --git a/modules/managementservices/notification-topic/oracle_provider_req.tf b/modules/managementservices/notification-topic/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/managementservices/notification-topic/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/managementservices/notification-topic/outputs.tf b/modules/managementservices/notification-topic/outputs.tf new file mode 100644 index 0000000..5af6eab --- /dev/null +++ b/modules/managementservices/notification-topic/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - ManagementServices +# Create Notifications_Topics +############################ + +output "topic_tf_id" { + description = "Topic OCID" + value = oci_ons_notification_topic.topic.id +} \ No newline at end of file diff --git a/modules/managementservices/notification-topic/variables.tf b/modules/managementservices/notification-topic/variables.tf new file mode 100644 index 0000000..5ab194d --- /dev/null +++ b/modules/managementservices/notification-topic/variables.tf @@ -0,0 +1,29 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variables Block - ManagementServices +# Create Notifications_Topics +############################ + +variable "compartment_id" { + type = string +} + +variable "topic_name" { + type = string +} +variable "description" { + type = string +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} \ No newline at end of file diff --git a/modules/managementservices/service-connector/data.tf b/modules/managementservices/service-connector/data.tf new file mode 100755 index 0000000..27a5d17 --- /dev/null +++ b/modules/managementservices/service-connector/data.tf @@ -0,0 +1,85 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +#################################### +# Data Block - Service Connector +# Create Service Connector Hub +##################################### + +locals { + log_group_names = var.log_group_names + source_kind = var.source_kind + filtered_logs = [for item in var.log_group_names : item if split("&", item)[2] != "all"] +} + +data "oci_objectstorage_namespace" "os_namespace" { + compartment_id = var.logs_compartment_id +} +data "oci_identity_compartments" "all_compartments" { + #Required + compartment_id = var.logs_compartment_id + compartment_id_in_subtree = true +} +data "oci_streaming_streams" "source_streams" { + for_each = var.source_stream_id + name = each.value + compartment_id = each.key +} +data "oci_streaming_streams" "target_streams" { + for_each = var.stream_id + name = each.value + compartment_id = each.key +} +data "oci_ons_notification_topics" "target_topics" { + for_each = var.topic_id + name = each.value + compartment_id = each.key +} +data "oci_logging_log_groups" "source_log_groups" { + for_each = toset(var.log_group_names) + compartment_id = split("&", each.key)[0] + display_name = split("&", each.key)[1] +} +data "oci_logging_logs" "source_logs" { + for_each = toset(local.filtered_logs) + log_group_id = data.oci_logging_log_groups.source_log_groups[each.key].log_groups[0].id + display_name = split("&", each.key)[2] +} +data "oci_log_analytics_log_analytics_log_groups" "target_log_analytics_log_groups" { + for_each = var.destination_log_group_id + #Required + compartment_id = each.key + namespace = data.oci_objectstorage_namespace.os_namespace.namespace + + #Optional + display_name = each.value +} + +data "oci_functions_applications" "applications" { + for_each = toset(var.function_details) + #Required + compartment_id = split("@", each.key)[0] + + #Optional + display_name = split("@", each.key)[1] +} + +data "oci_functions_functions" "functions" { + for_each = toset(var.function_details) + #Required + application_id = data.oci_functions_applications.applications[each.key].applications[0].id + + #Optional + display_name = split("@", each.key)[2] +} + +data "oci_identity_compartments" "compartments" { + for_each = toset(keys(var.source_monitoring_details)) + #Required + compartment_id = var.logs_compartment_id + + #Optional + access_level = "ANY" + compartment_id_in_subtree = true + state = "ACTIVE" + name = each.value +} \ No newline at end of file diff --git a/modules/managementservices/service-connector/main.tf b/modules/managementservices/service-connector/main.tf new file mode 100755 index 0000000..46f846e --- /dev/null +++ b/modules/managementservices/service-connector/main.tf @@ -0,0 +1,93 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. +#################################### +# Resource Block - Service Connector +# Create Service Connector Hub +##################################### + +resource "oci_sch_service_connector" "service_connector" { + compartment_id = var.compartment_id + display_name = var.display_name + description = var.description + + source { + kind = local.source_kind + + dynamic "monitoring_sources" { + for_each = var.source_monitoring_details + content { + #Optional + compartment_id = split("&", monitoring_sources.key)[0] + namespace_details { + #Required + kind = "selected" + dynamic "namespaces" { + for_each = toset(monitoring_sources.value) + content { + namespace = namespaces.value + #Required + metrics { + #Required + kind = "all" + } + } + } + } + } + } + + dynamic "log_sources" { + for_each = toset(var.log_group_names) + content { + compartment_id = split("&", log_sources.key)[0] + log_group_id = length(regexall("Audit", split("&", log_sources.key)[1])) > 0 ? (length(regexall("Audit_In_Subcompartment", split("&", log_sources.key)[1])) > 0 ? "_Audit_Include_Subcompartment" : "_Audit") : data.oci_logging_log_groups.source_log_groups[log_sources.key].log_groups[0].id + log_id = lower(split("&", log_sources.key)[2]) == "all" ? null : data.oci_logging_logs.source_logs[log_sources.key].logs[0].id + } + } + stream_id = var.source_kind == "streaming" ? data.oci_streaming_streams.source_streams[one(keys(var.source_stream_id))].streams[0].id : null + } + + target { + kind = var.target_kind + stream_id = var.target_kind == "streaming" ? data.oci_streaming_streams.target_streams[one(keys(var.stream_id))].streams[0].id : null + log_group_id = var.target_kind == "loggingAnalytics" ? data.oci_log_analytics_log_analytics_log_groups.target_log_analytics_log_groups[one(keys(var.destination_log_group_id))].log_analytics_log_group_summary_collection[0].items[0].id : null + log_source_identifier = var.target_kind == "loggingAnalytics" ? var.target_log_source_identifier : null + + #For monitoring target + compartment_id = var.target_kind == "monitoring" ? one(keys(var.target_monitoring_details)) : null + metric = var.target_kind == "monitoring" ? flatten(values(var.target_monitoring_details))[0] : null + metric_namespace = var.target_kind == "monitoring" ? flatten(values(var.target_monitoring_details))[1] : null + + + #For object storage + bucket = var.bucket_name + #namespace = data.oci_objectstorage_namespace.os_namespace.namespace + object_name_prefix = var.object_name_prefix + + #For notifications + topic_id = var.target_kind == "notifications" ? data.oci_ons_notification_topics.target_topics[one(keys(var.topic_id))].notification_topics[0].topic_id : null + enable_formatted_messaging = var.enable_formatted_messaging + + #For functions + function_id = var.target_kind == "functions" ? data.oci_functions_functions.functions[one(var.function_details)].functions[0].id : null + } + + # dynamic tasks { + # for_each = local.source_kind == "logging" ? var.log_rules : {} + # content { + # kind = "logging" + # condition = "data.compartmentName = Ulag" + # } + # } + + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + + lifecycle { + ignore_changes = [defined_tags["Oracle-Tags.CreatedOn"], + defined_tags["Oracle-Tags.CreatedBy"]] + } +} + +output "mon_data" { + value = var.source_monitoring_details +} \ No newline at end of file diff --git a/modules/managementservices/service-connector/oracle_provider_req.tf b/modules/managementservices/service-connector/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/managementservices/service-connector/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/managementservices/service-connector/outputs.tf b/modules/managementservices/service-connector/outputs.tf new file mode 100755 index 0000000..57cb6ee --- /dev/null +++ b/modules/managementservices/service-connector/outputs.tf @@ -0,0 +1,6 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +#################################### +# Outputs Block - Service Connector +# Create Service Connector Hub +##################################### \ No newline at end of file diff --git a/modules/managementservices/service-connector/variables.tf b/modules/managementservices/service-connector/variables.tf new file mode 100755 index 0000000..ed47bac --- /dev/null +++ b/modules/managementservices/service-connector/variables.tf @@ -0,0 +1,104 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +##################################### +# Variables Block - Service Connector +# Create Service Connector Hub +##################################### + +variable "compartment_id" { + type = string + default = null +} +variable "logs_compartment_id" { + type = string + default = null +} +variable "log_group_names" { + type = list(any) + default = [] +} +variable "destination_log_group_id" { + type = map(any) + default = {} +} +variable "target_log_source_identifier" { + type = string + default = null +} +variable "source_monitoring_details" { + type = map(any) + default = {} +} +variable "target_monitoring_details" { + type = map(any) + default = {} +} +variable "function_details" { + type = list(string) + default = null +} +variable "display_name" { + type = string + default = null +} +variable "description" { + type = string + default = null +} +variable "stream_id" { + type = map(any) + default = {} +} +variable "source_stream_id" { + type = map(any) + default = {} +} +variable "source_kind" { + type = string + default = null +} +variable "target_kind" { + type = string + default = null +} +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} +variable "freeform_tags" { + type = map(any) + default = {} +} + +############### +#Object Storage +############### +variable "bucket_name" { + type = string + default = null +} +variable "object_name_prefix" { + type = string + default = null +} +############### +#Notifications +############### +variable "topic_id" { + type = map(any) + default = {} +} +variable "enable_formatted_messaging" { + type = bool + default = false +} +variable "source_details" { + type = map(any) + default = {} +} +variable "target_details" { + type = map(any) + default = {} +} \ No newline at end of file diff --git a/modules/network/custom-dhcp/main.tf b/modules/network/custom-dhcp/main.tf new file mode 100644 index 0000000..6e72c96 --- /dev/null +++ b/modules/network/custom-dhcp/main.tf @@ -0,0 +1,34 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create Custom DHCP Options +############################ + +resource "oci_core_dhcp_options" "custom_dhcp_option" { + + #Required + compartment_id = var.compartment_id + options { + type = "DomainNameServer" + server_type = var.server_type + custom_dns_servers = var.custom_dns_servers + } + + dynamic "options" { + for_each = try(var.search_domain_names, []) + content { + type = "SearchDomain" + search_domain_names = options.value + } + } + + vcn_id = var.vcn_id + + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + domain_name_type = var.domain_name_type + freeform_tags = var.freeform_tags + +} \ No newline at end of file diff --git a/modules/network/custom-dhcp/oracle_provider_req.tf b/modules/network/custom-dhcp/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/custom-dhcp/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/custom-dhcp/outputs.tf b/modules/network/custom-dhcp/outputs.tf new file mode 100644 index 0000000..cde7c6f --- /dev/null +++ b/modules/network/custom-dhcp/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Network +# Create Custom DHCP Options +############################ + +output "custom_dhcp_tf_id" { + value = oci_core_dhcp_options.custom_dhcp_option.id +} \ No newline at end of file diff --git a/modules/network/custom-dhcp/variables.tf b/modules/network/custom-dhcp/variables.tf new file mode 100644 index 0000000..f4dd4ae --- /dev/null +++ b/modules/network/custom-dhcp/variables.tf @@ -0,0 +1,63 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Network +# Create Custom DHCP Options +############################ + +variable "compartment_id" { + type = string + default = null +} + +variable "type" { + type = string + default = null +} + +variable "option_type" { + type = string + default = null +} + +variable "server_type" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + type = string + default = null +} + +variable "domain_name_type" { + type = string + default = null +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "vcn_id" { + type = string + default = null +} + +variable "custom_dns_servers" { + type = list(any) + default = [""] +} + +variable "search_domain_names" { + type = map(any) + default = {} +} \ No newline at end of file diff --git a/modules/network/default-dhcp/main.tf b/modules/network/default-dhcp/main.tf new file mode 100644 index 0000000..ae94e80 --- /dev/null +++ b/modules/network/default-dhcp/main.tf @@ -0,0 +1,31 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create Default DHCP Options +############################ + +resource "oci_core_default_dhcp_options" "default_dhcp_option" { + + # Required + manage_default_resource_id = var.manage_default_resource_id + + options { + type = "DomainNameServer" + server_type = var.server_type + custom_dns_servers = var.custom_dns_servers + } + + dynamic "options" { + for_each = try(var.search_domain_names, []) + content { + type = "SearchDomain" + search_domain_names = var.search_domain_names + } + } + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + +} \ No newline at end of file diff --git a/modules/network/default-dhcp/oracle_provider_req.tf b/modules/network/default-dhcp/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/default-dhcp/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/default-dhcp/outputs.tf b/modules/network/default-dhcp/outputs.tf new file mode 100644 index 0000000..7562b82 --- /dev/null +++ b/modules/network/default-dhcp/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Network +# Create Default DHCP Options +############################ + + +output "default_dhcp_tf_id" { + value = oci_core_default_dhcp_options.default_dhcp_option.id +} \ No newline at end of file diff --git a/modules/network/default-dhcp/variables.tf b/modules/network/default-dhcp/variables.tf new file mode 100644 index 0000000..e3228bc --- /dev/null +++ b/modules/network/default-dhcp/variables.tf @@ -0,0 +1,38 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Network +# Create Default DHCP Options +############################ + +variable "manage_default_resource_id" { + type = string + default = null +} + +variable "server_type" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "custom_dns_servers" { + type = list(any) + default = [""] +} + +variable "search_domain_names" { + type = list(any) + default = [] +} \ No newline at end of file diff --git a/modules/network/dns/dns_resolver/main.tf b/modules/network/dns/dns_resolver/main.tf new file mode 100644 index 0000000..bb046cf --- /dev/null +++ b/modules/network/dns/dns_resolver/main.tf @@ -0,0 +1,55 @@ +############################################## +# Resource Block - DNS resolver and Endpoint # +############################################## + +resource "oci_dns_resolver" "resolver" { + #Required + resolver_id = var.target_resolver_id + + #Optional + dynamic "attached_views" { + for_each = var.views != null ? var.views : null + #Required + content { + view_id = attached_views.value.view_id + } + + } + defined_tags = var.resolver_defined_tags + freeform_tags = var.resolver_freeform_tags + display_name = var.resolver_display_name != null ? var.resolver_display_name : null + + dynamic "rules" { + for_each = var.resolver_rules + content { + #Required + action = "FORWARD" + destination_addresses = rules.value.destination_addresses + source_endpoint_name = oci_dns_resolver_endpoint.resolver_endpoint[rules.value.source_endpoint_name].name + + #Optional + client_address_conditions = rules.value.client_address_conditions + # != null ? rules.value.client_address_conditions : null + qname_cover_conditions = rules.value.qname_cover_conditions + #!= null ? rules.value.qname_cover_conditions : null + } + } +} + +resource "oci_dns_resolver_endpoint" "resolver_endpoint" { + #Required + for_each = var.endpoint_names + is_forwarding = each.value.forwarding != null ? (each.value.listening == false ? each.value.forwarding : false) : false + is_listening = each.value.listening != null ? (each.value.forwarding == false ? each.value.listening : false) : false + name = each.key + resolver_id = var.target_resolver_id + subnet_id = each.value.subnet_id + #Optional + endpoint_type = each.value.endpoint_type # "VNIC" + forwarding_address = each.value.forwarding_address != null ? (each.value.forwarding == true ? each.value.forwarding_address : null) : null + listening_address = each.value.listening_address != null ? (each.value.listening == true ? each.value.listening_address : null) : null + nsg_ids = each.value.nsg_ids != null ? [for ids in each.value.nsg_ids : ids] : null + #lifecycle { + #create_before_destroy = true + #} +} \ No newline at end of file diff --git a/modules/network/dns/dns_resolver/oracle_provider_req.tf b/modules/network/dns/dns_resolver/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/dns/dns_resolver/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/dns/dns_resolver/outputs.tf b/modules/network/dns/dns_resolver/outputs.tf new file mode 100644 index 0000000..0e4ed7b --- /dev/null +++ b/modules/network/dns/dns_resolver/outputs.tf @@ -0,0 +1,7 @@ +############################ +# Outputs Block - Resolver# +############################ + +output "resolver_id" { + value = oci_dns_resolver.resolver.id +} \ No newline at end of file diff --git a/modules/network/dns/dns_resolver/variables.tf b/modules/network/dns/dns_resolver/variables.tf new file mode 100644 index 0000000..46bbf60 --- /dev/null +++ b/modules/network/dns/dns_resolver/variables.tf @@ -0,0 +1,55 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. +############################# +# Variable Block - DNS Zone # +############################# +variable "target_resolver_id" { + type = string + default = null +} + +variable "resolver_scope" { + type = string + default = "PRIVATE" +} +variable "views" { + type = map(any) + default = {} +} +variable "resolver_display_name" { + type = string + default = null +} + +variable "resolver_rules" { + type = map(any) + default = null +} + +variable "resolver_defined_tags" { + type = map(string) + default = {} +} + +variable "resolver_freeform_tags" { + type = map(string) + default = {} +} + +variable "endpoint_names" { + type = map(any) + default = { + # endpoint1 = { + # forwarding = true + # listening = false + # resolver_id = "" + # subnet_id = "" + # scope = "PRIVATE" + # endpoint_type = "VNIC" + # forwarding_address = null + # listening_address = null + # nsg_ids = [] + + } + + +} \ No newline at end of file diff --git a/modules/network/dns/rrset/main.tf b/modules/network/dns/rrset/main.tf new file mode 100644 index 0000000..289d93f --- /dev/null +++ b/modules/network/dns/rrset/main.tf @@ -0,0 +1,24 @@ +########################## +# Resource Block - rrset # +########################## +resource "oci_dns_rrset" "rrset" { + #Required + domain = var.rrset_domain + rtype = var.rrset_rtype + zone_name_or_id = var.rrset_zone + + #Optional + #compartment_id = var.rrset_compartment_id != null ? var.rrset_compartment_id : null + dynamic "items" { + for_each = { for rdata in var.rrset_rdata : rdata => rdata } + content { + #Required + domain = var.rrset_domain + rdata = items.key + rtype = var.rrset_rtype + ttl = var.rrset_ttl + } + } + scope = var.rrset_scope != null ? (var.rrset_scope != "PRIVATE" ? null : var.rrset_scope) : null + view_id = var.rrset_view_id != null ? var.rrset_view_id : null +} \ No newline at end of file diff --git a/modules/network/dns/rrset/oracle_provider_req.tf b/modules/network/dns/rrset/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/dns/rrset/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/dns/rrset/outputs.tf b/modules/network/dns/rrset/outputs.tf new file mode 100644 index 0000000..2f2b98a --- /dev/null +++ b/modules/network/dns/rrset/outputs.tf @@ -0,0 +1,7 @@ +############################ +# Outputs Block - Steering Policy # +############################ + +output "rrset_id" { + value = oci_dns_rrset.rrset.id +} \ No newline at end of file diff --git a/modules/network/dns/rrset/variables.tf b/modules/network/dns/rrset/variables.tf new file mode 100644 index 0000000..97a5ba4 --- /dev/null +++ b/modules/network/dns/rrset/variables.tf @@ -0,0 +1,41 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +# Variable Block - DNS Zone # +############################# +variable "rrset_compartment_id" { + type = string + default = null +} + +variable "rrset_domain" { + type = string + default = null +} +variable "rrset_rtype" { + type = string + default = null +} +variable "rrset_zone" { + type = string + default = null +} + +variable "rrset_ttl" { + type = number + default = null +} +variable "rrset_rdata" { + type = list(any) + default = [] +} + +variable "rrset_scope" { + type = string + default = null +} + +variable "rrset_view_id" { + type = string + default = null +} diff --git a/modules/network/dns/view/main.tf b/modules/network/dns/view/main.tf new file mode 100644 index 0000000..d9cb730 --- /dev/null +++ b/modules/network/dns/view/main.tf @@ -0,0 +1,14 @@ +######################### +# Resource Block - View # +######################### + +resource "oci_dns_view" "view" { + #Required + compartment_id = var.view_compartment_id + + #Optional + scope = var.view_scope != null ? var.view_scope : null + display_name = var.view_display_name != null ? var.view_display_name : null + defined_tags = var.view_defined_tags + freeform_tags = var.view_freeform_tags +} diff --git a/modules/network/dns/view/oracle_provider_req.tf b/modules/network/dns/view/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/dns/view/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/dns/view/outputs.tf b/modules/network/dns/view/outputs.tf new file mode 100644 index 0000000..a210418 --- /dev/null +++ b/modules/network/dns/view/outputs.tf @@ -0,0 +1,7 @@ +############################ +# Outputs Block - DNS view # +############################ + +output "dns_view_id" { + value = oci_dns_view.view.id +} \ No newline at end of file diff --git a/modules/network/dns/view/variables.tf b/modules/network/dns/view/variables.tf new file mode 100644 index 0000000..144602b --- /dev/null +++ b/modules/network/dns/view/variables.tf @@ -0,0 +1,27 @@ +############################# +# Variable Block - DNS View # +############################# +variable "view_compartment_id" { + type = string + default = null +} + +variable "view_scope" { + type = string + default = "PRIVATE" +} + +variable "view_display_name" { + type = string + default = null +} + +variable "view_defined_tags" { + type = map(string) + default = {} +} + +variable "view_freeform_tags" { + type = map(string) + default = {} +} \ No newline at end of file diff --git a/modules/network/dns/zone/main.tf b/modules/network/dns/zone/main.tf new file mode 100644 index 0000000..bed2616 --- /dev/null +++ b/modules/network/dns/zone/main.tf @@ -0,0 +1,27 @@ +######################## +# Resource Block - DNS # +######################## + +resource "oci_dns_zone" "zone" { + #Required + compartment_id = var.zone_compartment_id + name = var.zone_name + zone_type = var.zone_type + + #Optional + defined_tags = var.zone_defined_tags + #dynamic "external_masters" { # dynamic when zone_type is SECONDARY + # for_each = var.zone_type == "SECONDARY" ? (var.external_masters != null ? var.external_masters : {}) : {} + # content { + # #Required + # address = external_masters.value.address + # + # #Optional + # port = external_masters.value.port != null ? external_masters.value.port : null + # tsig_key_id = external_masters.value.tsig_key_id != null ? external_masters.value.tsig_key_id : null + # } + #} + freeform_tags = var.zone_freeform_tags + scope = var.zone_scope != null ? (var.zone_scope == "PRIVATE" ? var.zone_scope : null) : null # PRIVATE to create PRIVATE zone otherwise null + view_id = var.view_id +} \ No newline at end of file diff --git a/modules/network/dns/zone/oracle_provider_req.tf b/modules/network/dns/zone/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/dns/zone/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/dns/zone/outputs.tf b/modules/network/dns/zone/outputs.tf new file mode 100644 index 0000000..79f1b5e --- /dev/null +++ b/modules/network/dns/zone/outputs.tf @@ -0,0 +1,10 @@ +############################ +# Outputs Block - DNS Zone # +############################ + +output "dns_zone_id" { + value = oci_dns_zone.zone.id +} +output "dns_zone_name" { + value = oci_dns_zone.zone.name +} \ No newline at end of file diff --git a/modules/network/dns/zone/variables.tf b/modules/network/dns/zone/variables.tf new file mode 100644 index 0000000..ffbce8b --- /dev/null +++ b/modules/network/dns/zone/variables.tf @@ -0,0 +1,40 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +# Variable Block - DNS Zone # +############################# +variable "zone_compartment_id" { + type = string + default = null +} + +variable "zone_name" { + type = string + default = null +} +variable "zone_type" { + type = string + default = null +} +variable "zone_scope" { + type = string + default = null +} +variable "view_id" { + type = string + default = null +} +variable "external_masters" { + type = map(any) + default = {} +} + +variable "zone_defined_tags" { + type = map(string) + default = {} +} + +variable "zone_freeform_tags" { + type = map(string) + default = {} +} diff --git a/modules/network/drg-attachment/main.tf b/modules/network/drg-attachment/main.tf new file mode 100644 index 0000000..4d730b2 --- /dev/null +++ b/modules/network/drg-attachment/main.tf @@ -0,0 +1,30 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. +############################ +# Resource Block - Network +# Create Dynamic Routing Gateway Attachment +############################ +resource "oci_core_drg_attachment" "drg_attachment" { + #Required + drg_id = var.drg_id + #Optional + defined_tags = var.defined_tags + display_name = var.drg_display_name == "" ? null : var.drg_display_name #join("_",[var.drg_display_name,"attachment"]) + drg_route_table_id = var.drg_route_table_id + freeform_tags = var.freeform_tags + + dynamic "network_details" { + for_each = var.drg_attachments[var.key_name].network_details != [] ? var.drg_attachments[var.key_name].network_details : [] + + content { + #Required + id = length(regexall("ocid1.*", network_details.value.id)) > 0 ? network_details.value.id : var.vcns_tf_id[network_details.value.id]["vcn_tf_id"] + type = network_details.value.type + #Optional + #route_table_id = (network_details.value.vcn_route_table_id != "" && network_details.value.vcn_route_table_id != null) ? (length(regexall("ocid1*", network_details.value.vcn_route_table_id)) > 0 ? network_details.value.vcn_route_table_id : (length(regexall(".Default-Route-Table-for*", network_details.value.vcn_route_table_id))) > 0 ? var.default_route_table_tf_id[network_details.value.vcn_route_table_id]["default_route_table_tf_id"] : var.route_table_tf_id[network_details.value.vcn_route_table_id]["route_table_ids"]) : null + route_table_id = (network_details.value.vcn_route_table_id != "" && network_details.value.vcn_route_table_id != null) ? (length(regexall("ocid1*", network_details.value.vcn_route_table_id)) > 0 ? network_details.value.vcn_route_table_id : var.route_table_tf_id[network_details.value.vcn_route_table_id]["route_table_ids"]) : null + } + } + lifecycle { + ignore_changes = [timeouts] + } +} \ No newline at end of file diff --git a/modules/network/drg-attachment/oracle_provider_req.tf b/modules/network/drg-attachment/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/drg-attachment/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/drg-attachment/outputs.tf b/modules/network/drg-attachment/outputs.tf new file mode 100644 index 0000000..5e8cb7d --- /dev/null +++ b/modules/network/drg-attachment/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Network +# Create Dynamic Routing Gateway Attachment +############################ + +output "drg_attachment_tf_id" { + value = oci_core_drg_attachment.drg_attachment.id +} diff --git a/modules/network/drg-attachment/variables.tf b/modules/network/drg-attachment/variables.tf new file mode 100644 index 0000000..e14680a --- /dev/null +++ b/modules/network/drg-attachment/variables.tf @@ -0,0 +1,45 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. +############################ +# Variable Block - Network +# Create Dynamic Routing Gateway Attachment +############################ +variable "compartment_id" { + type = string + default = null +} +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} +variable "drg_display_name" { + type = string + default = null +} +variable "freeform_tags" { + type = map(any) + default = {} +} +variable "drg_route_table_id" { + type = string + default = null +} +variable "vcn_route_table_id" { + type = string + default = null +} +variable "drg_attachments" {} + +variable "vcns_tf_id" {} + +variable "route_table_tf_id" {} + +variable "drg_id" { + type = string + default = null +} +variable "key_name" { + type = string + default = null +} \ No newline at end of file diff --git a/modules/network/drg-route-distribution-statement/main.tf b/modules/network/drg-route-distribution-statement/main.tf new file mode 100644 index 0000000..6b2d201 --- /dev/null +++ b/modules/network/drg-route-distribution-statement/main.tf @@ -0,0 +1,27 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +########################################## +# Resource Block - Network +# Create DRG Route Distributions Statement +########################################## + +resource "oci_core_drg_route_distribution_statement" "drg_route_distribution_statement" { + + #Required + drg_route_distribution_id = var.drg_route_distribution_id + action = var.action + priority = var.priority + + #Optional + dynamic "match_criteria" { + for_each = var.drg_route_distribution_statements[var.key_name]["match_criteria"] != [] ? var.drg_route_distribution_statements[var.key_name]["match_criteria"] : [] + content { + #Required + match_type = match_criteria.value.match_type + + #Optional + attachment_type = match_criteria.value.attachment_type + drg_attachment_id = match_criteria.value.drg_attachment_id != "" && match_criteria.value.drg_attachment_id != null ? (length(regexall("ocid1.drgattachment.oc*", match_criteria.value.drg_attachment_id)) > 0 ? match_criteria.value.drg_attachment_id : var.drg_attachment_ids[match_criteria.value.drg_attachment_id]["drg_attachment_tf_id"]) : "" + } + } +} \ No newline at end of file diff --git a/modules/network/drg-route-distribution-statement/oracle_provider_req.tf b/modules/network/drg-route-distribution-statement/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/drg-route-distribution-statement/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/drg-route-distribution-statement/outputs.tf b/modules/network/drg-route-distribution-statement/outputs.tf new file mode 100644 index 0000000..b85b39b --- /dev/null +++ b/modules/network/drg-route-distribution-statement/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################################ +# Output Block - Network +# Create DRG Route Distribution Statement +############################################ + +output "drg_route_distribution_statement_tf_id" { + value = oci_core_drg_route_distribution_statement.drg_route_distribution_statement.id +} diff --git a/modules/network/drg-route-distribution-statement/variables.tf b/modules/network/drg-route-distribution-statement/variables.tf new file mode 100644 index 0000000..e4748b7 --- /dev/null +++ b/modules/network/drg-route-distribution-statement/variables.tf @@ -0,0 +1,33 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################################ +# Variable Block - Network +# Create DRG Route Distribution Statement +################################################ + +variable "drg_route_distribution_id" { + type = string + default = null +} + +variable "key_name" { + type = string + default = null +} + +variable "action" { + type = string + default = null +} + +variable "priority" { + type = number + default = null +} + +variable "drg_route_distribution_statements" { + type = map(any) + default = {} +} + +variable "drg_attachment_ids" {} diff --git a/modules/network/drg-route-distribution/main.tf b/modules/network/drg-route-distribution/main.tf new file mode 100644 index 0000000..7f4c7c4 --- /dev/null +++ b/modules/network/drg-route-distribution/main.tf @@ -0,0 +1,19 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create DRG Route Distribution +############################ + +resource "oci_core_drg_route_distribution" "drg_route_distribution" { + + #Required + distribution_type = var.distribution_type + drg_id = var.drg_id + + #Optional + defined_tags = var.defined_tags == {} ? null : var.defined_tags + freeform_tags = var.freeform_tags == {} ? null : var.freeform_tags + display_name = var.display_name == "" ? null : var.display_name + +} \ No newline at end of file diff --git a/modules/network/drg-route-distribution/oracle_provider_req.tf b/modules/network/drg-route-distribution/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/drg-route-distribution/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/drg-route-distribution/outputs.tf b/modules/network/drg-route-distribution/outputs.tf new file mode 100644 index 0000000..0fda2bc --- /dev/null +++ b/modules/network/drg-route-distribution/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Network +# Create DRG Route Distribution +############################ + +output "drg_route_distribution_tf_id" { + value = oci_core_drg_route_distribution.drg_route_distribution.id +} diff --git a/modules/network/drg-route-distribution/variables.tf b/modules/network/drg-route-distribution/variables.tf new file mode 100644 index 0000000..5f69952 --- /dev/null +++ b/modules/network/drg-route-distribution/variables.tf @@ -0,0 +1,33 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Network +# Create DRG Route Distribution +############################ + +variable "distribution_type" { + type = string + default = null +} + +variable "drg_id" { + type = string + default = null +} + +variable "display_name" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} diff --git a/modules/network/drg-route-rule/main.tf b/modules/network/drg-route-rule/main.tf new file mode 100644 index 0000000..41dd17d --- /dev/null +++ b/modules/network/drg-route-rule/main.tf @@ -0,0 +1,16 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create DRG Route Rule +############################ + +resource "oci_core_drg_route_table_route_rule" "drg_route_rule" { + + #Required + drg_route_table_id = var.drg_route_table_id + destination = var.destination + destination_type = var.destination_type + next_hop_drg_attachment_id = var.next_hop_drg_attachment_id + +} \ No newline at end of file diff --git a/modules/network/drg-route-rule/oracle_provider_req.tf b/modules/network/drg-route-rule/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/drg-route-rule/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/drg-route-rule/outputs.tf b/modules/network/drg-route-rule/outputs.tf new file mode 100644 index 0000000..67bb121 --- /dev/null +++ b/modules/network/drg-route-rule/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Network +# Create DRG Route Rule +############################ + +output "drg_route_rule_tf_id" { + value = oci_core_drg_route_table_route_rule.drg_route_rule.id +} diff --git a/modules/network/drg-route-rule/variables.tf b/modules/network/drg-route-rule/variables.tf new file mode 100644 index 0000000..725cff7 --- /dev/null +++ b/modules/network/drg-route-rule/variables.tf @@ -0,0 +1,26 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Network +# Create DRG Route Rule +############################ + +variable "drg_route_table_id" { + type = string + default = null +} + +variable "destination" { + type = string + default = null +} + +variable "destination_type" { + type = string + default = null +} + +variable "next_hop_drg_attachment_id" { + type = string + default = null +} \ No newline at end of file diff --git a/modules/network/drg-route-table/main.tf b/modules/network/drg-route-table/main.tf new file mode 100644 index 0000000..b44173b --- /dev/null +++ b/modules/network/drg-route-table/main.tf @@ -0,0 +1,20 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create DRG Route Table +############################ + + +resource "oci_core_drg_route_table" "drg_route_table" { + + #Required + drg_id = var.drg_id + + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + import_drg_route_distribution_id = var.import_drg_route_distribution_id + is_ecmp_enabled = var.is_ecmp_enabled +} \ No newline at end of file diff --git a/modules/network/drg-route-table/oracle_provider_req.tf b/modules/network/drg-route-table/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/drg-route-table/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/drg-route-table/outputs.tf b/modules/network/drg-route-table/outputs.tf new file mode 100644 index 0000000..372a964 --- /dev/null +++ b/modules/network/drg-route-table/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Network +# Create DRG Route Table +############################ + +output "drg_route_table_tf_id" { + value = oci_core_drg_route_table.drg_route_table.id +} diff --git a/modules/network/drg-route-table/variables.tf b/modules/network/drg-route-table/variables.tf new file mode 100644 index 0000000..46cde7d --- /dev/null +++ b/modules/network/drg-route-table/variables.tf @@ -0,0 +1,38 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Network +# Create DRG Route Table +############################ + +variable "drg_id" { + type = string + default = null +} + +variable "import_drg_route_distribution_id" { + type = string + default = null +} + +variable "is_ecmp_enabled" { + type = bool + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + type = string + default = null +} + +variable "freeform_tags" { + type = map(any) + default = {} +} \ No newline at end of file diff --git a/modules/network/drg/main.tf b/modules/network/drg/main.tf new file mode 100644 index 0000000..64463e8 --- /dev/null +++ b/modules/network/drg/main.tf @@ -0,0 +1,18 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create Dynamic Routing Gateway +############################ + +resource "oci_core_drg" "drg" { + + #Required + compartment_id = var.compartment_id + + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + +} \ No newline at end of file diff --git a/modules/network/drg/oracle_provider_req.tf b/modules/network/drg/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/drg/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/drg/outputs.tf b/modules/network/drg/outputs.tf new file mode 100644 index 0000000..4ec5c15 --- /dev/null +++ b/modules/network/drg/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Network +# Create Dynamic Routing Gateway +############################ + +output "drg_tf_id" { + value = oci_core_drg.drg.id +} \ No newline at end of file diff --git a/modules/network/drg/variables.tf b/modules/network/drg/variables.tf new file mode 100644 index 0000000..313d8cc --- /dev/null +++ b/modules/network/drg/variables.tf @@ -0,0 +1,49 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Network +# Create Dynamic Routing Gateway +############################ + +variable "compartment_id" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + type = string + default = null +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "drg_route_table_id" { + type = string + default = null +} + +variable "vcn_route_table_id" { + type = string + default = null +} + +variable "network_details_id" { + type = string + default = null +} + +variable "network_details_type" { + type = string + default = null +} + diff --git a/modules/network/igw/main.tf b/modules/network/igw/main.tf new file mode 100644 index 0000000..9f650a9 --- /dev/null +++ b/modules/network/igw/main.tf @@ -0,0 +1,21 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create Internet Gateway +############################ + +resource "oci_core_internet_gateway" "internet_gateway" { + + #Required + compartment_id = var.compartment_id + vcn_id = var.vcn_id + + #Optional + enabled = var.enabled + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + route_table_id = var.route_table_id + +} \ No newline at end of file diff --git a/modules/network/igw/oracle_provider_req.tf b/modules/network/igw/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/igw/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/igw/outputs.tf b/modules/network/igw/outputs.tf new file mode 100644 index 0000000..5103f46 --- /dev/null +++ b/modules/network/igw/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Network +# Create Internet Gateway +############################ + +output "igw_tf_id" { + value = oci_core_internet_gateway.internet_gateway.id +} \ No newline at end of file diff --git a/modules/network/igw/variables.tf b/modules/network/igw/variables.tf new file mode 100644 index 0000000..6000efa --- /dev/null +++ b/modules/network/igw/variables.tf @@ -0,0 +1,43 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Network +# Create Internet Gateway +############################ + +variable "compartment_id" { + type = string + default = null +} + +variable "vcn_id" { + type = string + default = null +} + +variable "enabled" { + type = bool + default = true +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + type = string + default = null +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "route_table_id" { + type = string + default = null +} diff --git a/modules/network/lpg/main.tf b/modules/network/lpg/main.tf new file mode 100644 index 0000000..ff3a6aa --- /dev/null +++ b/modules/network/lpg/main.tf @@ -0,0 +1,21 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create Local Peering Gateway +############################ + +resource "oci_core_local_peering_gateway" "local_peering_gateway" { + + #Required + compartment_id = var.compartment_id + vcn_id = var.vcn_id + + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + peer_id = var.peer_id + route_table_id = var.route_table_id + +} \ No newline at end of file diff --git a/modules/network/lpg/oracle_provider_req.tf b/modules/network/lpg/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/lpg/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/lpg/outputs.tf b/modules/network/lpg/outputs.tf new file mode 100644 index 0000000..ec1ebd8 --- /dev/null +++ b/modules/network/lpg/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Network +# Create Local Peering Gateway +############################ + +output "lpg_tf_id" { + value = oci_core_local_peering_gateway.local_peering_gateway.id +} \ No newline at end of file diff --git a/modules/network/lpg/variables.tf b/modules/network/lpg/variables.tf new file mode 100644 index 0000000..46d7ee1 --- /dev/null +++ b/modules/network/lpg/variables.tf @@ -0,0 +1,44 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Network +# Create Local Peering Gateway +############################ + +variable "compartment_id" { + type = string + default = null +} + +variable "vcn_id" { + type = string + default = null +} + +variable "peer_id" { + type = string + default = null +} + +variable "route_table_id" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + type = string + default = null +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + diff --git a/modules/network/ngw/main.tf b/modules/network/ngw/main.tf new file mode 100644 index 0000000..59752ca --- /dev/null +++ b/modules/network/ngw/main.tf @@ -0,0 +1,22 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create NAT Gateway +############################ + +resource "oci_core_nat_gateway" "nat_gateway" { + + #Required + compartment_id = var.compartment_id + vcn_id = var.vcn_id + + #Optional + block_traffic = var.block_traffic + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + public_ip_id = var.public_ip_id + route_table_id = var.route_table_id + +} \ No newline at end of file diff --git a/modules/network/ngw/oracle_provider_req.tf b/modules/network/ngw/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/ngw/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/ngw/outputs.tf b/modules/network/ngw/outputs.tf new file mode 100644 index 0000000..ce3dc53 --- /dev/null +++ b/modules/network/ngw/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Network +# Create NAT Gateway +############################ + +output "ngw_tf_id" { + value = oci_core_nat_gateway.nat_gateway.id +} \ No newline at end of file diff --git a/modules/network/ngw/variables.tf b/modules/network/ngw/variables.tf new file mode 100644 index 0000000..d13868e --- /dev/null +++ b/modules/network/ngw/variables.tf @@ -0,0 +1,49 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Network +# Create NAT Gateway +############################ + +variable "compartment_id" { + type = string + default = null +} + +variable "vcn_id" { + type = string + default = null +} + +variable "public_ip_id" { + type = string + default = null +} + +variable "block_traffic" { + type = bool + default = false +} + +variable "route_table_id" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + type = string + default = null +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + diff --git a/modules/network/nsg-rule/main.tf b/modules/network/nsg-rule/main.tf new file mode 100644 index 0000000..f5d2c4e --- /dev/null +++ b/modules/network/nsg-rule/main.tf @@ -0,0 +1,105 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create Network Security Group Rules +############################ + + +resource "oci_core_network_security_group_security_rule" "nsg_rule" { + + #Required + network_security_group_id = var.nsg_id + direction = var.direction + protocol = var.protocol + + #Optional + description = var.description + destination = var.destination_addr + destination_type = var.destination_type + source = var.source_addr + source_type = var.source_type + stateless = var.stateless + + # ICMP Options + # If type and no code + dynamic "icmp_options" { + for_each = try((var.nsg_rules_details[var.key_name].options.icmp.0.code == null ? var.nsg_rules_details[var.key_name].options.icmp : []), try(var.nsg_rules_details[var.key_name].options.icmp.0.type != null ? var.nsg_rules_details[var.key_name].options.icmp : []), []) + + content { + type = var.nsg_rules_details[var.key_name].options.icmp.0.type + } + } + + # ICMP Options + # If type and code + dynamic "icmp_options" { + for_each = try((var.nsg_rules_details[var.key_name].options.icmp.0.code != null && var.nsg_rules_details[var.key_name].options.icmp.0.type != null ? var.nsg_rules_details[var.key_name].options.icmp : []), []) + + content { + type = var.nsg_rules_details[var.key_name].options.icmp.0.type + code = var.nsg_rules_details[var.key_name].options.icmp.0.code + } + } + + + # TCP Options + dynamic "tcp_options" { + for_each = try(var.nsg_rules_details[var.key_name].options.tcp, []) + + content { + #Optional + dynamic "source_port_range" { + for_each = try(var.nsg_rules_details[var.key_name].options.tcp.0.source_port_range_max != null || var.nsg_rules_details[var.key_name].options.tcp.0.source_port_range_min != null ? var.nsg_rules_details[var.key_name].options.tcp : [], []) + + content { + #Required + max = var.nsg_rules_details[var.key_name].options.tcp.0.source_port_range_max != null ? var.nsg_rules_details[var.key_name].options.tcp.0.source_port_range_max : null + + min = var.nsg_rules_details[var.key_name].options.tcp.0.source_port_range_min != null ? var.nsg_rules_details[var.key_name].options.tcp.0.source_port_range_min : null + } + } + + dynamic "destination_port_range" { + for_each = try((var.nsg_rules_details[var.key_name].options.tcp.0.destination_port_range_max != null || var.nsg_rules_details[var.key_name].options.tcp.0.destination_port_range_min != null ? var.nsg_rules_details[var.key_name].options.tcp : []), []) + + content { + #Required + max = var.nsg_rules_details[var.key_name].options.tcp.0.destination_port_range_max != null ? var.nsg_rules_details[var.key_name].options.tcp.0.destination_port_range_max : null + + min = var.nsg_rules_details[var.key_name].options.tcp.0.destination_port_range_min != null ? var.nsg_rules_details[var.key_name].options.tcp.0.destination_port_range_min : null + } + } + } + } + + # UDP Options + dynamic "udp_options" { + for_each = try((var.nsg_rules_details[var.key_name].options.udp != [] ? var.nsg_rules_details[var.key_name].options.udp : []), []) + + content { + #Optional + dynamic "source_port_range" { + for_each = try((var.nsg_rules_details[var.key_name].options.udp.0.source_port_range_max != null || var.nsg_rules_details[var.key_name].options.udp.0.source_port_range_min != null ? var.nsg_rules_details[var.key_name].options.udp : []), []) + + content { + #Required + max = var.nsg_rules_details[var.key_name].options.udp.0.source_port_range_max != null ? var.nsg_rules_details[var.key_name].options.udp.0.source_port_range_max : null + + min = var.nsg_rules_details[var.key_name].options.udp.0.source_port_range_min != null ? var.nsg_rules_details[var.key_name].options.udp.0.source_port_range_min : null + } + } + + dynamic "destination_port_range" { + for_each = try((var.nsg_rules_details[var.key_name].options.udp.0.destination_port_range_max != null || var.nsg_rules_details[var.key_name].options.udp.0.destination_port_range_min != null ? var.nsg_rules_details[var.key_name].options.udp : []), []) + + content { + #Required + max = var.nsg_rules_details[var.key_name].options.udp.0.destination_port_range_max != null ? var.nsg_rules_details[var.key_name].options.udp.0.destination_port_range_max : null + + min = var.nsg_rules_details[var.key_name].options.udp.0.destination_port_range_min != null ? var.nsg_rules_details[var.key_name].options.udp.0.destination_port_range_min : null + } + } + } + } +} diff --git a/modules/network/nsg-rule/oracle_provider_req.tf b/modules/network/nsg-rule/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/nsg-rule/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/nsg-rule/outputs.tf b/modules/network/nsg-rule/outputs.tf new file mode 100644 index 0000000..21bfd8e --- /dev/null +++ b/modules/network/nsg-rule/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +# Output Block - Networking +# Create Network Security Groups +############################# + +output "nsg_rule_tf_id" { + value = oci_core_network_security_group_security_rule.nsg_rule.id +} diff --git a/modules/network/nsg-rule/variables.tf b/modules/network/nsg-rule/variables.tf new file mode 100644 index 0000000..b751c2e --- /dev/null +++ b/modules/network/nsg-rule/variables.tf @@ -0,0 +1,68 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +# Variable Block - Network +# Create Network Security Groups +############################# + +variable "nsg_rules_details" { + type = map(any) + default = {} +} + +variable "key_name" { + type = string + default = null +} + +variable "compartment_id" { + type = string + default = null +} + +variable "nsg_id" { + type = string + default = null +} + +variable "source_type" { + type = string + default = null +} + +variable "direction" { + type = string + default = null +} + +variable "protocol" { + type = string + default = null +} + +variable "description" { + type = string + default = null +} + +variable "destination_addr" { + type = string + default = null +} + +variable "destination_type" { + type = string + default = null +} + +variable "source_addr" { + type = string + default = null +} + +variable "stateless" { + type = string + default = null +} + + diff --git a/modules/network/nsg/main.tf b/modules/network/nsg/main.tf new file mode 100644 index 0000000..f415faf --- /dev/null +++ b/modules/network/nsg/main.tf @@ -0,0 +1,19 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create Network Security Groups +############################ + +resource "oci_core_network_security_group" "network_security_group" { + + #Required + compartment_id = var.compartment_id + vcn_id = var.vcn_id + + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + +} \ No newline at end of file diff --git a/modules/network/nsg/oracle_provider_req.tf b/modules/network/nsg/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/nsg/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/nsg/outputs.tf b/modules/network/nsg/outputs.tf new file mode 100644 index 0000000..457338b --- /dev/null +++ b/modules/network/nsg/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +# Output Block - Network +# Create Network Security Groups +############################# + +output "nsg_tf_id" { + value = oci_core_network_security_group.network_security_group.id +} \ No newline at end of file diff --git a/modules/network/nsg/variables.tf b/modules/network/nsg/variables.tf new file mode 100644 index 0000000..1b57ccc --- /dev/null +++ b/modules/network/nsg/variables.tf @@ -0,0 +1,38 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +# Variable Block - Network +# Create Network Security Groups +############################# + +variable "compartment_id" { + type = string + default = null +} + +variable "vcn_id" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + type = string + default = null +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "network_compartment_id" { + type = string + default = null +} diff --git a/modules/network/route-table/main.tf b/modules/network/route-table/main.tf new file mode 100644 index 0000000..39b85fa --- /dev/null +++ b/modules/network/route-table/main.tf @@ -0,0 +1,246 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create Route Table +############################ + +# Data Source for Service Gateway +data "oci_core_services" "oci_services" { +} + +resource "oci_core_route_table" "route_table" { + +count = var.default_route_table ==true ? 0 : 1 + + #Required + compartment_id = var.compartment_id + vcn_id = var.vcn_id + + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + + # Create Private IP Routes + dynamic "route_rules" { + for_each = var.rt_details[var.key_name].route_rules_ip != [] ? var.rt_details[var.key_name].route_rules_ip : [] + + content { + #Required + network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.privateip.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : "" + + #Optional + description = route_rules.value["description"] != "" ? route_rules.value["description"] : null + destination = route_rules.value["destination"] + destination_type = route_rules.value["destination_type"] + } + } + + # Create LPG Routes + dynamic "route_rules" { + for_each = var.gateway_route_table == false ? (var.rt_details[var.key_name].route_rules_lpg != [] ? var.rt_details[var.key_name].route_rules_lpg : [] ) : [] + + content { + #Required + network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.localpeeringgateway.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : try(var.hub_lpg_id[route_rules.value["network_entity_id"]]["lpg_tf_id"], var.spoke_lpg_id[route_rules.value["network_entity_id"]]["lpg_tf_id"], var.peer_lpg_id[route_rules.value["network_entity_id"]]["lpg_tf_id"], var.none_lpg_id[route_rules.value["network_entity_id"]]["lpg_tf_id"], var.exported_lpg_id[route_rules.value["network_entity_id"]]["lpg_tf_id"], var.drg_id[route_rules.value["network_entity_id"]]["drg_tf_id"]) + + #Optional + description = route_rules.value["description"] != "" ? route_rules.value["description"] : null + destination = route_rules.value["destination"] + destination_type = route_rules.value["destination_type"] + } + } + + # Create IGW Routes + dynamic "route_rules" { + for_each = var.gateway_route_table == false ? (var.rt_details[var.key_name].route_rules_igw != [] ? var.rt_details[var.key_name].route_rules_igw : []) : [] + + content { + #Required + network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.internetgateway.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : var.igw_id[route_rules.value["network_entity_id"]]["igw_tf_id"] + + #Optional + description = route_rules.value["description"] != "" ? route_rules.value["description"] : null + destination = route_rules.value["destination"] + destination_type = route_rules.value["destination_type"] + } + } + + # Create DRG Routes + dynamic "route_rules" { + for_each = var.rt_details[var.key_name].route_rules_drg != [] ? var.rt_details[var.key_name].route_rules_drg : [] + + content { + #Required + network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.drg.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : var.drg_id[route_rules.value["network_entity_id"]]["drg_tf_id"] + + + #length(regexall("ocid1.drg.oc*", route_rules.value["network_entity_id"])) > 0 ? route_rules.value["network_entity_id"] : null + + #Optional + description = route_rules.value["description"] != "" ? route_rules.value["description"] : null + destination = route_rules.value["destination"] + destination_type = route_rules.value["destination_type"] + } + } + + # Create NAT Routes + dynamic "route_rules" { + for_each = var.gateway_route_table == false ? (var.rt_details[var.key_name].route_rules_ngw != [] ? var.rt_details[var.key_name].route_rules_ngw : []) : [] + + content { + #Required + network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.natgateway.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : var.ngw_id[route_rules.value["network_entity_id"]]["ngw_tf_id"] + + + #length(regexall("ocid1.drg.oc*", route_rules.value["network_entity_id"])) > 0 ? route_rules.value["network_entity_id"] : null` + + #Optional + description = route_rules.value["description"] != "" ? route_rules.value["description"] : null + destination = route_rules.value["destination"] + destination_type = route_rules.value["destination_type"] + } + } + + # Create SGW Routes + dynamic "route_rules" { + for_each = var.gateway_route_table == false ? (var.rt_details[var.key_name].route_rules_sgw != [] ? var.rt_details[var.key_name].route_rules_sgw : [] ) : [] + + content { + #Required + network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.servicegateway.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : var.sgw_id[route_rules.value["network_entity_id"]]["sgw_tf_id"] + + + #length(regexall("ocid1.drg.oc*", route_rules.value["network_entity_id"])) > 0 ? route_rules.value["network_entity_id"] : null + + #Optional + description = route_rules.value["description"] != "" ? route_rules.value["description"] : null + destination = contains(split("-", route_rules.value["destination"]), "all") == true ? (contains(split("-", data.oci_core_services.oci_services.services.0.cidr_block), "all") == true ? data.oci_core_services.oci_services.services.0.cidr_block : data.oci_core_services.oci_services.services.1.cidr_block) : (contains(split("-", data.oci_core_services.oci_services.services.0.cidr_block), "objectstorage") == true ? data.oci_core_services.oci_services.services.0.cidr_block : data.oci_core_services.oci_services.services.1.cidr_block) + destination_type = route_rules.value["destination_type"] + } + } + + lifecycle { + create_before_destroy = true + } + +} + + + +resource "oci_core_default_route_table" "default_route_table" { + + count = var.default_route_table ==true ? 1 : 0 + #Required + manage_default_resource_id = var.manage_default_resource_id + + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + + # Create Private IP Routes + dynamic "route_rules" { + for_each = var.rt_details[var.key_name].route_rules_ip != [] ? var.rt_details[var.key_name].route_rules_ip : [] + + content { + #Required + network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.privateip.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : "" + + #Optional + description = route_rules.value["description"] + destination = route_rules.value["destination"] + destination_type = route_rules.value["destination_type"] + } + } + + # Create LPG Routes + dynamic "route_rules" { + for_each = var.gateway_route_table == false ? (var.rt_details[var.key_name].route_rules_lpg != [] ? var.rt_details[var.key_name].route_rules_lpg : []): [] + + content { + #Required + network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.localpeeringgateway.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : try(var.hub_lpg_id[route_rules.value["network_entity_id"]]["lpg_tf_id"], var.spoke_lpg_id[route_rules.value["network_entity_id"]]["lpg_tf_id"], var.exported_lpg_id[route_rules.value["network_entity_id"]]["lpg_tf_id"], var.drg_id[route_rules.value["network_entity_id"]]["drg_tf_id"]) + + #Optional + description = route_rules.value["description"] + destination = route_rules.value["destination"] + destination_type = route_rules.value["destination_type"] + } + } + + # Create IGW Routes + dynamic "route_rules" { + for_each = var.gateway_route_table == false ? (var.rt_details[var.key_name].route_rules_igw != [] ? var.rt_details[var.key_name].route_rules_igw : []) : [] + + content { + #Required + network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.internetgateway.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : var.igw_id[route_rules.value["network_entity_id"]]["igw_tf_id"] + + #Optional + description = route_rules.value["description"] + destination = route_rules.value["destination"] + destination_type = route_rules.value["destination_type"] + } + } + + # Create DRG Routes + dynamic "route_rules" { + for_each = var.rt_details[var.key_name].route_rules_drg != [] ? var.rt_details[var.key_name].route_rules_drg : [] + + content { + #Required + network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.drg.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : var.drg_id[route_rules.value["network_entity_id"]]["drg_tf_id"] + + + #length(regexall("ocid1.drg.oc*", route_rules.value["network_entity_id"])) > 0 ? route_rules.value["network_entity_id"] : null + + #Optional + description = route_rules.value["description"] + destination = route_rules.value["destination"] + destination_type = route_rules.value["destination_type"] + } + } + + # Create NAT Routes + dynamic "route_rules" { + for_each = var.gateway_route_table == false ? (var.rt_details[var.key_name].route_rules_ngw != [] ? var.rt_details[var.key_name].route_rules_ngw : []) :[] + + content { + #Required + network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.natgateway.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : var.ngw_id[route_rules.value["network_entity_id"]]["ngw_tf_id"] + + + #length(regexall("ocid1.drg.oc*", route_rules.value["network_entity_id"])) > 0 ? route_rules.value["network_entity_id"] : null + + #Optional + description = route_rules.value["description"] + destination = route_rules.value["destination"] + destination_type = route_rules.value["destination_type"] + } + } + + # Create SGW Routes + dynamic "route_rules" { + for_each = var.gateway_route_table == false ? (var.rt_details[var.key_name].route_rules_sgw != [] ? var.rt_details[var.key_name].route_rules_sgw : []) :[] + + content { + #Required + network_entity_id = (route_rules.value["network_entity_id"] != null && length(regexall("ocid1.servicegateway.oc*", route_rules.value["network_entity_id"])) > 0) ? route_rules.value["network_entity_id"] : var.sgw_id[route_rules.value["network_entity_id"]]["sgw_tf_id"] + + + #length(regexall("ocid1.drg.oc*", route_rules.value["network_entity_id"])) > 0 ? route_rules.value["network_entity_id"] : null + + #Optional + description = route_rules.value["description"] + destination = contains(split("-", route_rules.value["destination"]), "all") == true ? (contains(split("-", data.oci_core_services.oci_services.services.0.cidr_block), "all") == true ? data.oci_core_services.oci_services.services.0.cidr_block : data.oci_core_services.oci_services.services.1.cidr_block) : (contains(split("-", data.oci_core_services.oci_services.services.0.cidr_block), "objectstorage") == true ? data.oci_core_services.oci_services.services.0.cidr_block : data.oci_core_services.oci_services.services.1.cidr_block) + destination_type = route_rules.value["destination_type"] + } + } + + lifecycle { + create_before_destroy = true + } + +} \ No newline at end of file diff --git a/modules/network/route-table/oracle_provider_req.tf b/modules/network/route-table/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/route-table/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/route-table/outputs.tf b/modules/network/route-table/outputs.tf new file mode 100644 index 0000000..17d745e --- /dev/null +++ b/modules/network/route-table/outputs.tf @@ -0,0 +1,12 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Network +# Create Route Table +############################ + +output "route_table_ids" { + value = one(concat(oci_core_route_table.route_table.*.id,oci_core_default_route_table.default_route_table.*.id)) + #value = concat(oci_core_route_table.route_table.*.id,oci_core_default_route_table.default_route_table.*.id)[0] +} + diff --git a/modules/network/route-table/variables.tf b/modules/network/route-table/variables.tf new file mode 100644 index 0000000..6f5e194 --- /dev/null +++ b/modules/network/route-table/variables.tf @@ -0,0 +1,120 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Network +# Create Route Table +############################ + +variable "compartment_id" { + type = string + default = null +} + +variable "vcn_id" { + type = string + default = null +} + +variable "key_name" { + type = string + default = null +} + +variable "igw_id" { + type = map(any) + default = {} +} +variable "ngw_id" { + type = map(any) + default = {} +} +variable "sgw_id" { + type = map(any) + default = {} +} +variable "drg_id" { + type = map(any) + default = {} +} +variable "hub_lpg_id" { + type = map(any) + default = {} +} +variable "spoke_lpg_id" { + type = map(any) + default = {} +} +variable "peer_lpg_id" { + type = map(any) + default = {} +} +variable "exported_lpg_id" { + type = map(any) + default = {} +} +variable "none_lpg_id" { + type = map(any) + default = {} +} + +variable "rt_details" { + type = map(any) +} + +variable "cidr_block" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + type = string + default = null +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "network_entity_id" { + type = string + default = null +} + +variable "description" { + type = string + default = null +} + +variable "destination" { + type = string + default = null +} + +variable "destination_type" { + type = string + default = null +} + +variable "gateway_route_table" { + type = bool + default = false +} + +variable "default_route_table" { + type = bool + default = false +} + + +variable "manage_default_resource_id" { + type = string + default = null +} \ No newline at end of file diff --git a/modules/network/sec-list/main.tf b/modules/network/sec-list/main.tf new file mode 100644 index 0000000..3b0e6d4 --- /dev/null +++ b/modules/network/sec-list/main.tf @@ -0,0 +1,314 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create Security List +############################ + +resource "oci_core_security_list" "security_list" { + +count = var.default_seclist ==true ? 0 : 1 + #Required + compartment_id = var.compartment_id + vcn_id = var.vcn_id + + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + + dynamic "ingress_security_rules" { + for_each = try((var.seclist_details[var.key_name].ingress_sec_rules != [] && var.seclist_details[var.key_name].ingress_sec_rules.0.protocol != null ? var.seclist_details[var.key_name].ingress_sec_rules : []), []) + + content { + #Required + protocol = ingress_security_rules.value.protocol + source = ingress_security_rules.value.source + + #Optional + description = ingress_security_rules.value.description + + # If type and code + dynamic "icmp_options" { + for_each = try((ingress_security_rules.value.options.icmp.0.code != null && ingress_security_rules.value.options.icmp.0.type != null ? ingress_security_rules.value.options.icmp : []), []) + content { + #Required + type = ingress_security_rules.value.options.icmp.0.type + #Optional + code = ingress_security_rules.value.options.icmp.0.code + } + } + + # If type and no code + dynamic "icmp_options" { + for_each = try((ingress_security_rules.value.options.icmp.0.code == null ? ingress_security_rules.value.options.icmp : []), try(ingress_security_rules.value.options.icmp.0.type != null ? ingress_security_rules.value.options.icmp : []), []) + content { + #Required + type = ingress_security_rules.value.options.icmp.0.type + } + } + + source_type = try(ingress_security_rules.value.source_type, null) + stateless = try(ingress_security_rules.value.stateless, null) + + dynamic "tcp_options" { + for_each = try((ingress_security_rules.value.options.tcp != [] ? ingress_security_rules.value.options.tcp : []), []) + content { + min = tcp_options.value.destination_port_range_min != null ? tcp_options.value.destination_port_range_min : null + max = tcp_options.value.destination_port_range_max != null ? tcp_options.value.destination_port_range_max : null + dynamic "source_port_range" { + for_each = try((tcp_options.value.source_port_range_min != null || tcp_options.value.source_port_range_max != null ? ingress_security_rules.value.options.tcp : []), []) + content { + #Required + max = source_port_range.value.source_port_range_max != null ? source_port_range.value.source_port_range_max : null + min = source_port_range.value.source_port_range_min != null ? source_port_range.value.source_port_range_min : null + } + } + } + } + + dynamic "udp_options" { + for_each = try((ingress_security_rules.value.options.udp != [] ? ingress_security_rules.value.options.udp : []), []) + content { + #Optional + max = udp_options.value.destination_port_range_max != null ? udp_options.value.destination_port_range_max : null + min = udp_options.value.destination_port_range_min != null ? udp_options.value.destination_port_range_min : null + dynamic "source_port_range" { + for_each = try((udp_options.value.source_port_range_min != null || udp_options.value.source_port_range_max != null != [] ? ingress_security_rules.value.options.udp : []), []) + content { + #Required + max = source_port_range.value.source_port_range_max != null ? source_port_range.value.source_port_range_max : null + min = source_port_range.value.source_port_range_min != null ? source_port_range.value.source_port_range_min : null + } + } + } + } + } + } + + dynamic "egress_security_rules" { + for_each = try((var.seclist_details[var.key_name].egress_sec_rules != [] && var.seclist_details[var.key_name].egress_sec_rules.0.protocol != null ? var.seclist_details[var.key_name].egress_sec_rules : []), []) + + content { + #Required + protocol = egress_security_rules.value.protocol + destination = egress_security_rules.value.destination + + #Optional + description = egress_security_rules.value.description + + # If type and code + dynamic "icmp_options" { + for_each = try((egress_security_rules.value.options.icmp.0.code != null && egress_security_rules.value.options.icmp.0.type != null ? egress_security_rules.value.options.icmp : []), []) + content { + #Required + type = egress_security_rules.value.options.icmp.0.type + #Optional + code = egress_security_rules.value.options.icmp.0.code + } + } + + # If type and no code + dynamic "icmp_options" { + for_each = try((egress_security_rules.value.options.icmp.0.code == null ? egress_security_rules.value.options.icmp : []), try(egress_security_rules.value.options.icmp.0.type != null ? egress_security_rules.value.options.icmp : []), []) + content { + #Required + type = egress_security_rules.value.options.icmp.0.type + } + } + + + destination_type = try(egress_security_rules.value.destination_type, null) + stateless = try(egress_security_rules.value.stateless, null) + + dynamic "tcp_options" { + for_each = try((egress_security_rules.value.options.tcp != [] ? egress_security_rules.value.options.tcp : []), []) + content { + min = tcp_options.value.destination_port_range_min != null ? tcp_options.value.destination_port_range_min : null + max = tcp_options.value.destination_port_range_max != null ? tcp_options.value.destination_port_range_max : null + dynamic "source_port_range" { + for_each = try((tcp_options.value.source_port_range_min != null || tcp_options.value.source_port_range_max != null ? egress_security_rules.value.options.tcp : []), []) + content { + #Required + max = source_port_range.value.source_port_range_max != null ? source_port_range.value.source_port_range_max : null + min = source_port_range.value.source_port_range_min != null ? source_port_range.value.source_port_range_min : null + } + } + } + } + + dynamic "udp_options" { + for_each = try((egress_security_rules.value.options.udp != [] ? egress_security_rules.value.options.udp : []), []) + content { + #Optional + max = udp_options.value.destination_port_range_max != null ? udp_options.value.destination_port_range_max : null + min = udp_options.value.destination_port_range_min != null ? udp_options.value.destination_port_range_min : null + dynamic "source_port_range" { + for_each = try((udp_options.value.source_port_range_min != null || udp_options.value.source_port_range_max != null != [] ? egress_security_rules.value.options.udp : []), []) + content { + #Required + max = source_port_range.value.source_port_range_max != null ? source_port_range.value.source_port_range_max : null + min = source_port_range.value.source_port_range_min != null ? source_port_range.value.source_port_range_min : null + } + } + } + } + } + } + lifecycle { + create_before_destroy = true + } +} + +resource "oci_core_default_security_list" "default_security_list" { +count = var.default_seclist ==true ? 1 : 0 + + + #Required + manage_default_resource_id = var.manage_default_resource_id + + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + + dynamic "ingress_security_rules" { + for_each = try((var.seclist_details[var.key_name].ingress_sec_rules != [] && var.seclist_details[var.key_name].ingress_sec_rules.0.protocol != null ? var.seclist_details[var.key_name].ingress_sec_rules : []), []) + + content { + #Required + protocol = ingress_security_rules.value.protocol + source = ingress_security_rules.value.source + + #Optional + description = ingress_security_rules.value.description + + # If type and code + dynamic "icmp_options" { + for_each = try((ingress_security_rules.value.options.icmp.0.code != null && ingress_security_rules.value.options.icmp.0.type != null ? ingress_security_rules.value.options.icmp : []), []) + content { + #Required + type = ingress_security_rules.value.options.icmp.0.type + + #Optional + code = ingress_security_rules.value.options.icmp.0.code + } + } + + # If type and no code + dynamic "icmp_options" { + for_each = try((ingress_security_rules.value.options.icmp.0.code == null ? ingress_security_rules.value.options.icmp : []), try(ingress_security_rules.value.options.icmp.0.type != null ? ingress_security_rules.value.options.icmp : []), []) + content { + #Required + type = ingress_security_rules.value.options.icmp.0.type + } + } + + source_type = try(ingress_security_rules.value.source_type, null) + stateless = try(ingress_security_rules.value.stateless, null) + + dynamic "tcp_options" { + for_each = try((ingress_security_rules.value.options.tcp != [] ? ingress_security_rules.value.options.tcp : []), []) + content { + min = tcp_options.value.destination_port_range_min != null ? tcp_options.value.destination_port_range_min : null + max = tcp_options.value.destination_port_range_max != null ? tcp_options.value.destination_port_range_max : null + dynamic "source_port_range" { + for_each = try((tcp_options.value.source_port_range_min != null || tcp_options.value.source_port_range_max != null ? ingress_security_rules.value.options.tcp : []), []) + content { + #Required + max = source_port_range.value.source_port_range_max != null ? source_port_range.value.source_port_range_max : null + min = source_port_range.value.source_port_range_min != null ? source_port_range.value.source_port_range_min : null + } + } + } + } + + dynamic "udp_options" { + for_each = try((ingress_security_rules.value.options.udp != [] && var.seclist_details[var.key_name].ingress_sec_rules.0.protocol != null ? ingress_security_rules.value.options.udp : []), []) + content { + #Optional + max = udp_options.value.destination_port_range_max != null ? udp_options.value.destination_port_range_max : null + min = udp_options.value.destination_port_range_min != null ? udp_options.value.destination_port_range_min : null + dynamic "source_port_range" { + for_each = try((udp_options.value.source_port_range_min != null || udp_options.value.source_port_range_max != null != [] ? ingress_security_rules.value.options.udp : []), []) + content { + #Required + max = source_port_range.value.source_port_range_max != null ? source_port_range.value.source_port_range_max : null + min = source_port_range.value.source_port_range_min != null ? source_port_range.value.source_port_range_min : null + } + } + } + } + } + } + + dynamic "egress_security_rules" { + for_each = try((var.seclist_details[var.key_name].egress_sec_rules != [] && var.seclist_details[var.key_name].egress_sec_rules.0.protocol != null ? var.seclist_details[var.key_name].egress_sec_rules : []), []) + + content { + #Required + protocol = egress_security_rules.value.protocol + destination = egress_security_rules.value.destination + + #Optional + description = egress_security_rules.value.description + + # If type and code + dynamic "icmp_options" { + for_each = try((egress_security_rules.value.options.icmp.0.code != null && egress_security_rules.value.options.icmp.0.type != null ? egress_security_rules.value.options.icmp : []), []) + content { + #Required + type = egress_security_rules.value.options.icmp.0.type + #Optional + code = egress_security_rules.value.options.icmp.0.code + } + } + + # If type and no code + dynamic "icmp_options" { + for_each = try((egress_security_rules.value.options.icmp.0.code == null ? egress_security_rules.value.options.icmp : []), try(egress_security_rules.value.options.icmp.0.type != null ? egress_security_rules.value.options.icmp : []), []) + content { + #Required + type = egress_security_rules.value.options.icmp.0.type + } + } + + + destination_type = try(egress_security_rules.value.destination_type, null) + stateless = try(egress_security_rules.value.stateless, null) + + dynamic "tcp_options" { + for_each = try((egress_security_rules.value.options.tcp != [] ? egress_security_rules.value.options.tcp : []), []) + content { + min = tcp_options.value.destination_port_range_min != null ? tcp_options.value.destination_port_range_min : null + max = tcp_options.value.destination_port_range_max != null ? tcp_options.value.destination_port_range_max : null + dynamic "source_port_range" { + for_each = try((tcp_options.value.source_port_range_min != null || tcp_options.value.source_port_range_max != null ? egress_security_rules.value.options.tcp : []), []) + content { + #Required + max = source_port_range.value.source_port_range_max != null ? source_port_range.value.source_port_range_max : null + min = source_port_range.value.source_port_range_min != null ? source_port_range.value.source_port_range_min : null + } + } + } + } + + dynamic "udp_options" { + for_each = try((egress_security_rules.value.options.udp != [] ? egress_security_rules.value.options.udp : []), []) + content { + #Optional + max = udp_options.value.destination_port_range_max != null ? udp_options.value.destination_port_range_max : null + min = udp_options.value.destination_port_range_min != null ? udp_options.value.destination_port_range_min : null + dynamic "source_port_range" { + for_each = try((udp_options.value.source_port_range_min != null || udp_options.value.source_port_range_max != null != [] ? egress_security_rules.value.options.udp : []), []) + content { + #Required + max = source_port_range.value.source_port_range_max != null ? source_port_range.value.source_port_range_max : null + min = source_port_range.value.source_port_range_min != null ? source_port_range.value.source_port_range_min : null + } + } + } + } + } + } +} \ No newline at end of file diff --git a/modules/network/sec-list/oracle_provider_req.tf b/modules/network/sec-list/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/sec-list/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/sec-list/outputs.tf b/modules/network/sec-list/outputs.tf new file mode 100644 index 0000000..79001ce --- /dev/null +++ b/modules/network/sec-list/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Network +# Create Security List +############################ + +output "seclist_tf_id" { + #value = oci_core_security_list.security_list.id + value = one(concat(oci_core_security_list.security_list.*.id,oci_core_default_security_list.default_security_list.*.id)) +} \ No newline at end of file diff --git a/modules/network/sec-list/variables.tf b/modules/network/sec-list/variables.tf new file mode 100644 index 0000000..311b7f3 --- /dev/null +++ b/modules/network/sec-list/variables.tf @@ -0,0 +1,198 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Network +# Create Security List +############################ + +variable "compartment_id" { + type = string + default = null +} + +variable "key_name" { + type = string + default = null +} + +variable "vcn_id" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "seclist_details" { + type = map(any) +} + +variable "display_name" { + type = string + default = null +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "egress_security_rules_destination" { + type = string + default = null +} + +variable "egress_security_rules_protocol" { + type = string + default = null +} + +variable "egress_security_rules_description" { + type = string + default = null +} + +variable "egress_security_rules_destination_type" { + type = string + default = null +} + +variable "egress_security_rules_icmp_options_type" { + type = string + default = null +} + +variable "egress_security_rules_icmp_options_code" { + type = number + default = null +} + +variable "egress_security_rules_stateless" { + type = bool + default = false +} + +variable "egress_security_rules_tcp_options_destination_port_range_max" { + type = number + default = null +} + +variable "egress_security_rules_tcp_options_destination_port_range_min" { + type = number + default = null +} + +variable "egress_security_rules_tcp_options_source_port_range_max" { + type = number + default = null +} + +variable "egress_security_rules_tcp_options_source_port_range_min" { + type = number + default = null +} +variable "egress_security_rules_udp_options_destination_port_range_max" { + type = number + default = null +} + +variable "egress_security_rules_udp_options_destination_port_range_min" { + type = number + default = null +} +variable "egress_security_rules_udp_options_source_port_range_max" { + type = number + default = null +} + +variable "egress_security_rules_udp_options_source_port_range_min" { + type = number + default = null +} + +variable "ingress_security_rules_source" { + type = string + default = null +} + +variable "ingress_security_rules_protocol" { + type = string + default = null +} + +variable "ingress_security_rules_description" { + type = string + default = null +} + +variable "ingress_security_rules_source_type" { + type = string + default = null +} + +variable "ingress_security_rules_icmp_options_type" { + type = string + default = null +} + +variable "ingress_security_rules_icmp_options_code" { + type = number + default = null +} + +variable "ingress_security_rules_stateless" { + type = bool + default = false +} + +variable "ingress_security_rules_tcp_options_destination_port_range_max" { + type = number + default = null +} + +variable "ingress_security_rules_tcp_options_destination_port_range_min" { + type = number + default = null +} + +variable "ingress_security_rules_tcp_options_source_port_range_max" { + type = number + default = null +} + +variable "ingress_security_rules_tcp_options_source_port_range_min" { + type = number + default = null +} +variable "ingress_security_rules_udp_options_destination_port_range_max" { + type = number + default = null +} + +variable "ingress_security_rules_udp_options_destination_port_range_min" { + type = number + default = null +} +variable "ingress_security_rules_udp_options_source_port_range_max" { + type = number + default = null +} + +variable "ingress_security_rules_udp_options_source_port_range_min" { + type = number + default = null +} + +variable "default_seclist" { + type = bool + default = false +} + +variable "manage_default_resource_id" { + type = string + default = null +} \ No newline at end of file diff --git a/modules/network/sgw/main.tf b/modules/network/sgw/main.tf new file mode 100644 index 0000000..8d7421e --- /dev/null +++ b/modules/network/sgw/main.tf @@ -0,0 +1,34 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create Service Gateway +############################ + +data "oci_core_services" "oci_services" { +} + +/* +output "services_id_map"{ + value = merge(zipmap(data.oci_core_services.oci_services.services.*.name,data.oci_core_services.oci_services.services.*.id)) +} +*/ + +resource "oci_core_service_gateway" "service_gateway" { + + #Required + compartment_id = var.compartment_id + services { + #Required + service_id = contains(split("-", data.oci_core_services.oci_services.services.0.cidr_block), var.service) == true ? data.oci_core_services.oci_services.services.0.id : data.oci_core_services.oci_services.services.1.id + } + vcn_id = var.vcn_id + + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + route_table_id = var.route_table_id + #route_table_id = (var.route_table_id != "" && var.route_table_id != null) ? var.route_table_id : null + +} \ No newline at end of file diff --git a/modules/network/sgw/oracle_provider_req.tf b/modules/network/sgw/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/sgw/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/sgw/outputs.tf b/modules/network/sgw/outputs.tf new file mode 100644 index 0000000..4e68231 --- /dev/null +++ b/modules/network/sgw/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Network +# Create Service Gateway +############################ + +output "sgw_tf_id" { + value = oci_core_service_gateway.service_gateway.id +} \ No newline at end of file diff --git a/modules/network/sgw/variables.tf b/modules/network/sgw/variables.tf new file mode 100644 index 0000000..5d37c11 --- /dev/null +++ b/modules/network/sgw/variables.tf @@ -0,0 +1,44 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Network +# Create Service Gateway +############################ + +variable "compartment_id" { + type = string + default = null +} + +variable "vcn_id" { + type = string + default = null +} + +variable "route_table_id" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + type = string + default = null +} + +variable "service" { + type = string + default = null +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + diff --git a/modules/network/subnet/main.tf b/modules/network/subnet/main.tf new file mode 100644 index 0000000..d854a30 --- /dev/null +++ b/modules/network/subnet/main.tf @@ -0,0 +1,28 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create Subnets +############################ + +resource "oci_core_subnet" "subnet" { + + #Required + cidr_block = var.cidr_block + compartment_id = var.compartment_id + vcn_id = var.vcn_id + + #Optional + availability_domain = var.availability_domain + defined_tags = var.defined_tags + dhcp_options_id = var.dhcp_options_id + display_name = var.display_name + dns_label = var.dns_label + freeform_tags = var.freeform_tags + ipv6cidr_block = var.ipv6cidr_block + prohibit_internet_ingress = var.prohibit_internet_ingress + prohibit_public_ip_on_vnic = var.prohibit_public_ip_on_vnic + route_table_id = var.route_table_id + security_list_ids = var.security_list_ids != [] ? [for sl in var.security_list_ids : (length(regexall("ocid1.securitylist.oc*", sl)) > 0 ? sl : (sl == "" ? var.vcn_default_security_list_id : var.custom_security_list_id[sl]["seclist_tf_id"]))] : [] + +} \ No newline at end of file diff --git a/modules/network/subnet/oracle_provider_req.tf b/modules/network/subnet/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/subnet/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/subnet/outputs.tf b/modules/network/subnet/outputs.tf new file mode 100644 index 0000000..e6410f6 --- /dev/null +++ b/modules/network/subnet/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +# Output Block - Network +# Create Subnets +############################# + +output "subnet_tf_id" { + value = oci_core_subnet.subnet.id +} \ No newline at end of file diff --git a/modules/network/subnet/variables.tf b/modules/network/subnet/variables.tf new file mode 100644 index 0000000..6c6ef0d --- /dev/null +++ b/modules/network/subnet/variables.tf @@ -0,0 +1,87 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +# Variable Block - Network +# Create Subnets +############################# + +variable "vcn_default_security_list_id" {} + +variable "custom_security_list_id" {} + +variable "tenancy_ocid" { + type = string + default = null +} + +variable "compartment_id" { + type = string + default = null +} + +variable "vcn_id" { + type = string + default = null +} + +variable "availability_domain" { + type = string + default = null +} + +variable "dhcp_options_id" { + type = string + default = null +} + +variable "prohibit_internet_ingress" { + type = bool + default = false +} + +variable "prohibit_public_ip_on_vnic" { + type = bool + default = false +} + +variable "route_table_id" { + type = string + default = null +} + +variable "security_list_ids" { + type = list(any) + default = [""] +} + +variable "ipv6cidr_block" { + type = string + default = null +} + +variable "cidr_block" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + type = string + default = null +} + +variable "dns_label" { + type = string + default = null +} + +variable "freeform_tags" { + type = map(any) + default = {} +} diff --git a/modules/network/vcn/main.tf b/modules/network/vcn/main.tf new file mode 100644 index 0000000..6926738 --- /dev/null +++ b/modules/network/vcn/main.tf @@ -0,0 +1,34 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create VCNs +############################ + +resource "oci_core_vcn" "vcn" { + + #Required + compartment_id = var.compartment_id + + #Optional + dynamic "byoipv6cidr_details" { + for_each = try(var.byoipv6cidr_details != [] ? var.byoipv6cidr_details : [], []) + content { + #Required + byoipv6range_id = byoipv6cidr_details.value.byoipv6range_id + ipv6cidr_block = byoipv6cidr_details.value.ipv6cidr_block + } + } + #Optional + cidr_blocks = var.cidr_blocks + defined_tags = var.defined_tags + display_name = var.display_name + dns_label = var.dns_label + freeform_tags = var.freeform_tags + is_ipv6enabled = var.is_ipv6enabled + ipv6private_cidr_blocks = var.ipv6private_cidr_blocks + is_oracle_gua_allocation_enabled = var.is_oracle_gua_allocation_enabled + lifecycle { + create_before_destroy = true + } +} \ No newline at end of file diff --git a/modules/network/vcn/oracle_provider_req.tf b/modules/network/vcn/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/vcn/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/vcn/outputs.tf b/modules/network/vcn/outputs.tf new file mode 100644 index 0000000..4a8822a --- /dev/null +++ b/modules/network/vcn/outputs.tf @@ -0,0 +1,22 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Network +# Create VCNs +############################ + +output "vcn_tf_id" { + value = oci_core_vcn.vcn.id +} + +output "vcn_default_dhcp_id" { + value = oci_core_vcn.vcn.default_dhcp_options_id +} + +output "vcn_default_security_list_id" { + value = oci_core_vcn.vcn.default_security_list_id +} + +output "vcn_default_route_table_id" { + value = oci_core_vcn.vcn.default_route_table_id +} diff --git a/modules/network/vcn/variables.tf b/modules/network/vcn/variables.tf new file mode 100644 index 0000000..70d4b56 --- /dev/null +++ b/modules/network/vcn/variables.tf @@ -0,0 +1,63 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Network +# Create VCNs +############################ + +variable "tenancy_ocid" { + type = string + default = null +} + +variable "compartment_id" { + type = string + default = null +} + +variable "cidr_blocks" { + type = list(any) + default = [""] +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + type = string + default = null +} + +variable "dns_label" { + type = string + default = null +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "is_ipv6enabled" { + type = bool + default = false +} + +variable "ipv6private_cidr_blocks" { + type = list(any) + default = [] +} + +variable "is_oracle_gua_allocation_enabled" { + type = bool + default = false +} + +variable "byoipv6cidr_details" { + type = list(any) + default = [{}] +} diff --git a/modules/network/vlan/data.tf b/modules/network/vlan/data.tf new file mode 100644 index 0000000..74b845e --- /dev/null +++ b/modules/network/vlan/data.tf @@ -0,0 +1,22 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +## Data Block - VLAN +## Create VLANs +############################# + +locals { + nsg_ids = var.nsg_ids != null ? flatten(tolist([for nsg in var.nsg_ids : (length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? [nsg] : data.oci_core_network_security_groups.network_security_groups[nsg].network_security_groups[*].id)])) : null +} + +data "oci_core_network_security_groups" "network_security_groups" { + for_each = var.nsg_ids != null ? { for nsg in var.nsg_ids : nsg => nsg } : {} + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value + vcn_id = var.vcn_id +} + +data "oci_core_vcn" "vcns" { + #Required + vcn_id = var.vcn_id +} \ No newline at end of file diff --git a/modules/network/vlan/main.tf b/modules/network/vlan/main.tf new file mode 100644 index 0000000..84c68ba --- /dev/null +++ b/modules/network/vlan/main.tf @@ -0,0 +1,22 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Network +# Create VLANs +############################ + +resource "oci_core_vlan" "vlan" { + cidr_block = var.cidr_block + compartment_id = var.compartment_id + vcn_id = var.vcn_id + display_name = var.display_name + nsg_ids = var.nsg_ids != null ? (local.nsg_ids == [] ? ["INVALID NSG Name"] : local.nsg_ids) : [] + route_table_id = var.route_table_id + vlan_tag = var.vlan_tag + availability_domain = var.availability_domain + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + +} diff --git a/modules/network/vlan/oracle_provider_req.tf b/modules/network/vlan/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/network/vlan/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/network/vlan/outputs.tf b/modules/network/vlan/outputs.tf new file mode 100644 index 0000000..2961f92 --- /dev/null +++ b/modules/network/vlan/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Outputs Block - VLAN +# Create VLANs +############################ + +output "custom_vlan_tf_id" { + value = oci_core_vlan.vlan.id +} + diff --git a/modules/network/vlan/variables.tf b/modules/network/vlan/variables.tf new file mode 100644 index 0000000..741f57a --- /dev/null +++ b/modules/network/vlan/variables.tf @@ -0,0 +1,70 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Network +# Create VLANs +############################ + +variable "cidr_block" { + description = "VLAN CIDR Block" + type = string + default = null +} +variable "compartment_id" { + description = "VLAN Compartment" + type = string + default = null +} +variable "vcn_id" { + description = "VLAN VCN ID" + type = string + default = null +} +variable "availability_domain" { + type = string + default = null +} + +variable "display_name" { + description = "VLAN Display Name" + type = string + default = null +} +variable "nsg_ids" { + description = "VLAN NSG ID" + type = list(string) + default = [] +} +variable "route_table_id" { + description = "VLAN Route Table ID" + type = string + default = null +} +variable "vlan_tag" { + description = "VLAN Tag" + type = string + default = null +} +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "network_compartment_id" { + description = "Network compartmenet OCID to fetch NSG/Subnet details" + type = string + default = null +} + + +variable "vcn_names" { + type = list(any) + default = [] +} \ No newline at end of file diff --git a/modules/networkloadbalancer/nlb-backend/data.tf b/modules/networkloadbalancer/nlb-backend/data.tf new file mode 100644 index 0000000..0a34582 --- /dev/null +++ b/modules/networkloadbalancer/nlb-backend/data.tf @@ -0,0 +1,48 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +####################################### +# Data Block - Network Load Balancer +# Create Network Load Balancer Backend +####################################### + +data "oci_core_instances" "nlb_instances" { + state = "RUNNING" + compartment_id = var.instance_compartment +} + +data "oci_core_instance" "nlb_instance_ip" { + # for_each = { for k, v in var.ip_address : k => v if regexall("IP:*", var.ip_address) } + count = length(regexall("IP:*", var.ip_address)) == 0 ? 1 : 0 + instance_id = merge(local.nlb_instance_ocid.ocid.*...)[split("NAME:", var.ip_address)[1]][0] +} + +data "oci_core_vnic_attachments" "nlb_instance_vnic_attachments" { + # for_each = { for k, v in var.ip_address : k => v if regexall("IP:*", var.ip_address) } + count = length(regexall("IP:*", var.ip_address)) == 0 ? 1 : 0 + compartment_id = var.instance_compartment + instance_id = merge(local.nlb_instance_ocid.ocid.*...)[split("NAME:", var.ip_address)[1]][0] +} + +# Filter on VNIC OCID +data "oci_core_private_ips" "private_ips_by_ip_address" { + count = length(regexall("IP:*", var.ip_address)) == 0 ? 1 : 0 + vnic_id = merge(local.nlb_instance_vnic_ocid.vnic_ocids.*...)[merge(local.nlb_instance_ocid.ocid.*...)[split("NAME:", var.ip_address)[1]][0]][0] +} + +locals { + nlb_instance_ocid = { + # for instances in data.oci_core_instances.nlb_instances : + # "ocid" => { for instance in instances.instances : instance.display_name => instance.id... }... + "ocid" = { for instance in data.oci_core_instances.nlb_instances.instances : instance.display_name => instance.id... } + } + nlb_instance_vnic_ocid = { + for vnics in data.oci_core_vnic_attachments.nlb_instance_vnic_attachments : + "vnic_ocids" => { for vnic in vnics.vnic_attachments : vnic.instance_id => vnic.vnic_id... }... + } + nlb_private_ip_ocid = { + for private_ips in data.oci_core_private_ips.private_ips_by_ip_address : + "private_ocids" => { for private_ip in private_ips.private_ips : private_ip.vnic_id => private_ip.id... }... + } + +} + diff --git a/modules/networkloadbalancer/nlb-backend/main.tf b/modules/networkloadbalancer/nlb-backend/main.tf new file mode 100644 index 0000000..c8dc6c1 --- /dev/null +++ b/modules/networkloadbalancer/nlb-backend/main.tf @@ -0,0 +1,22 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +####################################### +# Resource Block - Network Load Balancer +# Create Network Load Balancer Backend +####################################### + +resource "oci_network_load_balancer_backend" "backend" { + #Required + backend_set_name = var.backend_set_name + network_load_balancer_id = var.network_load_balancer_id + port = var.port + + #Optional + ip_address = var.ip_address != "" ? (length(regexall("IP:", var.ip_address)) > 0 ? split("IP:", var.ip_address)[1] : data.oci_core_instance.nlb_instance_ip[0].private_ip) : null + is_drain = var.is_drain + is_backup = var.is_backup + is_offline = var.is_offline + name = length(regexall("IP:", var.ip_address)) > 0 ? join(":", [split("IP:", var.ip_address)[1], var.port]) : join(":", [merge(local.nlb_private_ip_ocid.private_ocids.*...)[merge(local.nlb_instance_vnic_ocid.vnic_ocids.*...)[merge(local.nlb_instance_ocid.ocid.*...)[split("NAME:", var.ip_address)[1]][0]][0]][0], var.port]) + target_id = length(regexall("IP:*", var.ip_address)) == 0 ? merge(local.nlb_private_ip_ocid.private_ocids.*...)[merge(local.nlb_instance_vnic_ocid.vnic_ocids.*...)[merge(local.nlb_instance_ocid.ocid.*...)[split("NAME:", var.ip_address)[1]][0]][0]][0] : null + weight = var.weight +} diff --git a/modules/networkloadbalancer/nlb-backend/oracle_provider_req.tf b/modules/networkloadbalancer/nlb-backend/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/networkloadbalancer/nlb-backend/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/networkloadbalancer/nlb-backend/outputs.tf b/modules/networkloadbalancer/nlb-backend/outputs.tf new file mode 100644 index 0000000..723bc78 --- /dev/null +++ b/modules/networkloadbalancer/nlb-backend/outputs.tf @@ -0,0 +1,12 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +####################################### +# Output Block - Network Load Balancer +# Create Network Load Balancer Backend +####################################### + + +output "nlb_backend_tf_id" { + description = "Network Load Balancer Backend ocid" + value = oci_network_load_balancer_backend.backend.id +} diff --git a/modules/networkloadbalancer/nlb-backend/variables.tf b/modules/networkloadbalancer/nlb-backend/variables.tf new file mode 100644 index 0000000..e56315b --- /dev/null +++ b/modules/networkloadbalancer/nlb-backend/variables.tf @@ -0,0 +1,73 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +####################################### +# Variable Block - Network Load Balancer +# Create Network Load Balancer Backend +####################################### + + +variable "instance_compartment" { + type = string + description = "The compartment of the instance" + default = null +} + +variable "backend_set_name" { + type = string + description = "The name of the backend set to add the backend server to." + default = null +} + +variable "network_load_balancer_id" { + type = string + description = "The OCID of network load balancer" + default = null +} + +variable "port" { + type = string + description = " The port of the backend server." + default = null +} + +variable "ip_address" { + type = string + description = " The IP address of the backend server." + default = null +} + + +variable "is_drain" { + type = bool + description = "Whether the load balancer should drain this server. Servers marked drain receive no new incoming traffic." + default = false # Default value as per hashicorp terraform +} + +variable "is_backup" { + type = bool + description = "Whether the load balancer should treat this server as a backup unit." + default = false # Default value as per hashicorp terraform +} + +variable "is_offline" { + type = bool + description = "Whether the load balancer should treat this server as offline. Offline servers receive no incoming traffic." + default = false # Default value as per hashicorp terraform +} + +variable "name" { + type = string + default = null +} + +variable "target_id" { + type = string + default = null +} + + +variable "weight" { + type = number + description = "The load balancing policy weight assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic. Weight values must be from 1 to 100." + default = 1 # Default value as per hashicorp terraform +} diff --git a/modules/networkloadbalancer/nlb-backendset/main.tf b/modules/networkloadbalancer/nlb-backendset/main.tf new file mode 100644 index 0000000..0987fbc --- /dev/null +++ b/modules/networkloadbalancer/nlb-backendset/main.tf @@ -0,0 +1,46 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +####################################### +# Resource Block - Network Load Balancer +# Create Network Load Balancer Backend Set +####################################### + + +resource "oci_network_load_balancer_backend_set" "backend_set" { + #Required + health_checker { + #Required + protocol = var.protocol + dynamic "dns" { + for_each = var.domain_name != null ? {1:1} : {} + content { + #Required + domain_name = var.domain_name + #Optional + query_class = var.query_class + query_type = var.query_type + rcodes = var.rcodes + transport_protocol = var.transport_protocol + } + } + #Optional + interval_in_millis = var.interval_in_millis + port = var.port + request_data = var.request_data + response_body_regex = var.response_body_regex + response_data = var.response_data + retries = var.retries + return_code = var.return_code + timeout_in_millis = var.timeout_in_millis + url_path = var.url_path + } + name = var.name + network_load_balancer_id = var.network_load_balancer_id + policy = var.policy + + #Optional + ip_version = var.ip_version + is_instant_failover_enabled = var.is_instant_failover_enabled + is_preserve_source = var.is_preserve_source + is_fail_open = var.is_fail_open +} diff --git a/modules/networkloadbalancer/nlb-backendset/oracle_provider_req.tf b/modules/networkloadbalancer/nlb-backendset/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/networkloadbalancer/nlb-backendset/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/networkloadbalancer/nlb-backendset/outputs.tf b/modules/networkloadbalancer/nlb-backendset/outputs.tf new file mode 100644 index 0000000..0e231b4 --- /dev/null +++ b/modules/networkloadbalancer/nlb-backendset/outputs.tf @@ -0,0 +1,16 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +####################################### +# Resource Block - Network Load Balancer +# Create Network Load Balancer Backend Set +####################################### + +output "nlb_backend_set_tf_id" { + description = "Load Balancer Backend Set ocid" + value = oci_network_load_balancer_backend_set.backend_set.id +} + +output "nlb_backend_set_tf_name" { + description = "Load Balancer Backend Set Name" + value = oci_network_load_balancer_backend_set.backend_set.name +} \ No newline at end of file diff --git a/modules/networkloadbalancer/nlb-backendset/variables.tf b/modules/networkloadbalancer/nlb-backendset/variables.tf new file mode 100644 index 0000000..5f88dd9 --- /dev/null +++ b/modules/networkloadbalancer/nlb-backendset/variables.tf @@ -0,0 +1,134 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +####################################### +# Variable Block - Network Load Balancer +# Create Network Load Balancer Backend Set +####################################### + +variable "protocol" { + type = string + description = "The protocol the health check must use; either HTTP or TCP." + default = null +} + +variable "domain_name" { + type = string + description = "domain_name" + default = null +} + +variable "query_class" { + type = string + description = "query_class" + default = null +} + +variable "query_type" { + type = string + description = "query_type" + default = null +} + +variable "rcodes" { + type = list(string) + description = "rcodes" + default = [] +} + +variable "transport_protocol" { + type = string + description = "transport_protocol" + default = null +} + +variable "interval_in_millis" { + type = number + description = "The interval between health checks, in milliseconds" + default = 10000 # Default as per hashicorp terraform +} + +variable "port" { + type = number + description = "The backend server port against which to run the health check." + default = null +} + +variable "request_data" { + type = string + description = "Base64 encoded pattern to be sent as UDP or TCP health check probe.r" + default = null +} + +variable "response_body_regex" { + type = string + description = "A regular expression for parsing the response body from the backend server" + default = null +} + +variable "response_data" { + type = string + description = "Base64 encoded pattern to be validated as UDP or TCP health check probe response." + default = null +} + +variable "retries" { + type = number + description = " The number of retries to attempt before a backend server is considered unhealthy" + default = 3 # Default value as per hashicorp terraform +} + +variable "return_code" { + type = number + description = "The status code a healthy backend server should return." + default = null +} + +variable "timeout_in_millis" { + type = number + description = "The maximum time, in milliseconds, to wait for a reply to a health check." + default = 3000 # Default value as per hashicorp terraform +} + +variable "url_path" { + type = string + description = "The path against which to run the health check." + default = null +} + +variable "network_load_balancer_id" { + type = string + description = "The OCID of load balancer" + default = null +} + +variable "name" { + type = string + description = "The display name of the load balancer backend set" + default = null +} + +variable "policy" { + type = string + description = "The load balancer policy for the backend set. Allowed Values: ROUND_ROBIN|LEAST_CONNECTIONS|IP_HASH" + default = null +} + +variable "ip_version" { + type = string + default = "" +} + +variable "is_preserve_source" { + type = bool + default = null +} + +variable "is_instant_failover_enabled" { + type = bool + default = null +} + +variable "is_fail_open" { + type = bool + default = null +} diff --git a/modules/networkloadbalancer/nlb-listener/main.tf b/modules/networkloadbalancer/nlb-listener/main.tf new file mode 100644 index 0000000..e7a2763 --- /dev/null +++ b/modules/networkloadbalancer/nlb-listener/main.tf @@ -0,0 +1,18 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +####################################### +# Resource Block - Network Load Balancer +# Create Network Load Balancer Listener +####################################### + +resource "oci_network_load_balancer_listener" "listener" { + #Required + default_backend_set_name = var.default_backend_set_name + name = var.name + network_load_balancer_id = var.network_load_balancer_id + port = var.port + protocol = var.protocol + + #Optional + ip_version = var.ip_version +} diff --git a/modules/networkloadbalancer/nlb-listener/oracle_provider_req.tf b/modules/networkloadbalancer/nlb-listener/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/networkloadbalancer/nlb-listener/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/networkloadbalancer/nlb-listener/outputs.tf b/modules/networkloadbalancer/nlb-listener/outputs.tf new file mode 100644 index 0000000..ef44006 --- /dev/null +++ b/modules/networkloadbalancer/nlb-listener/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +####################################### +# Output Block - Network Load Balancer +# Create Network Load Balancer Listener +####################################### + +output "nlb_listener_tf_id" { + description = "Network Load Balancer Listener ocid" + value = oci_network_load_balancer_listener.listener.id +} diff --git a/modules/networkloadbalancer/nlb-listener/variables.tf b/modules/networkloadbalancer/nlb-listener/variables.tf new file mode 100644 index 0000000..8c4971e --- /dev/null +++ b/modules/networkloadbalancer/nlb-listener/variables.tf @@ -0,0 +1,40 @@ +####################################### +# Variable Block - Network Load Balancer +# Create Network Load Balancer Listener +####################################### + +variable "default_backend_set_name" { + type = string + description = "The name of the associated backend set" + default = null +} + +variable "network_load_balancer_id" { + type = string + description = "The OCID of load balancer" + default = null +} + +variable "name" { + type = string + description = "The name of the Listener." + default = null +} + +variable "port" { + type = number + description = "The communication port for the listener." + default = 80 # Default as per example in hashicorp terraform +} + +variable "protocol" { + type = string + description = "The protocol on which the listener accepts connection requests." + default = null +} + +variable "ip_version" { + type = string + default = null +} + diff --git a/modules/networkloadbalancer/nlb/data.tf b/modules/networkloadbalancer/nlb/data.tf new file mode 100644 index 0000000..70810e5 --- /dev/null +++ b/modules/networkloadbalancer/nlb/data.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +####################################### +# Data Block - Network Load Balancer +# Create Network Load Balancer +####################################### + +locals { + nsg_ids = var.network_security_group_ids != null ? flatten(tolist([for nsg in var.network_security_group_ids : (length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? [nsg] : data.oci_core_network_security_groups.network_security_groups[nsg].network_security_groups[*].id)])) : null +} + +data "oci_core_network_security_groups" "network_security_groups" { + for_each = var.network_security_group_ids != null ? { for nsg in var.network_security_group_ids : nsg => nsg } : {} + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value + vcn_id = data.oci_core_vcns.oci_vcns_nlbs.virtual_networks[0].id +} + +data "oci_core_vcns" "oci_vcns_nlbs" { + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = var.vcn_name +} + + diff --git a/modules/networkloadbalancer/nlb/main.tf b/modules/networkloadbalancer/nlb/main.tf new file mode 100644 index 0000000..a7e27c9 --- /dev/null +++ b/modules/networkloadbalancer/nlb/main.tf @@ -0,0 +1,33 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + + +####################################### +# Resource Block - Network Load Balancer +# Create Network Load Balancer +####################################### + +resource "oci_network_load_balancer_network_load_balancer" "network_load_balancer" { + #Required + compartment_id = var.compartment_id + display_name = var.display_name + subnet_id = var.subnet_id + is_preserve_source_destination = var.is_preserve_source_destination + is_symmetric_hash_enabled = var.is_symmetric_hash_enabled + is_private = var.is_private + network_security_group_ids = var.network_security_group_ids != null ? (local.nsg_ids == [] ? ["INVALID NSG Name"] : local.nsg_ids) : null + nlb_ip_version = var.nlb_ip_version + assigned_private_ipv4 = var.assigned_private_ipv4 + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + + dynamic "reserved_ips" { + for_each = var.reserved_ips_id != [] ? var.reserved_ips_id : [] + content { + #Optional + id = reserved_ips.value + } + } + lifecycle { + ignore_changes = [reserved_ips, assigned_private_ipv4] + } +} diff --git a/modules/networkloadbalancer/nlb/oracle_provider_req.tf b/modules/networkloadbalancer/nlb/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/networkloadbalancer/nlb/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/networkloadbalancer/nlb/outputs.tf b/modules/networkloadbalancer/nlb/outputs.tf new file mode 100644 index 0000000..a30c1f8 --- /dev/null +++ b/modules/networkloadbalancer/nlb/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +####################################### +# Output Block - Network Load Balancer +# Create Network Load Balancer +####################################### + +output "network_load_balancer_tf_id" { + description = "Network Load Balancer ocid" + value = oci_network_load_balancer_network_load_balancer.network_load_balancer.id +} \ No newline at end of file diff --git a/modules/networkloadbalancer/nlb/variables.tf b/modules/networkloadbalancer/nlb/variables.tf new file mode 100644 index 0000000..1e8a18c --- /dev/null +++ b/modules/networkloadbalancer/nlb/variables.tf @@ -0,0 +1,77 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +######################################### +# Variable Block - Network Load Balancer +# Create Network Load Balancer +######################################### + +variable "compartment_id" { + type = string + default = null +} + +variable "network_compartment_id" {} + +variable "subnet_id" { + type = string + default = null +} + +variable "vcn_name" { + type = string + default = null +} + +variable "display_name" { + type = string + default = null +} + +variable "is_preserve_source_destination" { + type = bool + default = false +} + +variable "is_private" { + type = bool + default = true +} + +variable "is_symmetric_hash_enabled" { + type = bool + +} + +variable "network_security_group_ids" { + type = list(any) + description = "NSGs to place the load balancer in" + default = [] +} + +variable "nlb_ip_version" { + type = string + default = null +} + + +variable "assigned_private_ipv4" { + type = string + default = null +} + + +variable "reserved_ips_id" { + type = list(any) + default = [] +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} +variable "freeform_tags" { + type = map(any) + default = {} +} \ No newline at end of file diff --git a/modules/oke/cluster/data.tf b/modules/oke/cluster/data.tf new file mode 100755 index 0000000..781f3c6 --- /dev/null +++ b/modules/oke/cluster/data.tf @@ -0,0 +1,30 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +## Data Block - Cluster +## Create Cluster +############################# + +locals { + endpoint_nsg_ids = var.nsg_ids != null ? flatten(tolist([for nsg in var.nsg_ids : (length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? [nsg] : data.oci_core_network_security_groups.network_security_groups[nsg].network_security_groups[*].id)])) : null +} + +data "oci_core_network_security_groups" "network_security_groups" { + for_each = var.nsg_ids != null ? { for nsg in var.nsg_ids : nsg => nsg } : {} + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value + vcn_id = data.oci_core_vcns.oci_vcns_clusters[var.vcn_names[0]].virtual_networks.*.id[0] +} + +data "oci_core_vcns" "oci_vcns_clusters" { + for_each = { for vcn in var.vcn_names : vcn => vcn } + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value +} + +data "oci_core_subnets" "oci_subnets_cluster_lbs" { + for_each = { for subnet in var.service_lb_subnet_ids : subnet => subnet } + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value + vcn_id = data.oci_core_vcns.oci_vcns_clusters[var.vcn_names[0]].virtual_networks.*.id[0] +} diff --git a/modules/oke/cluster/main.tf b/modules/oke/cluster/main.tf new file mode 100644 index 0000000..21b51bb --- /dev/null +++ b/modules/oke/cluster/main.tf @@ -0,0 +1,67 @@ +# Copyright 2017, 2021 Oracle Corporation and/or affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + + +resource "oci_containerengine_cluster" "cluster" { + compartment_id = var.compartment_id + kubernetes_version = var.kubernetes_version + name = var.display_name + vcn_id = data.oci_core_vcns.oci_vcns_clusters[var.vcn_names[0]].virtual_networks.*.id[0] + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + kms_key_id = var.kms_key_id + type = var.type + + cluster_pod_network_options { + #Required + cni_type = var.cni_type + } + + endpoint_config { + is_public_ip_enabled = var.is_public_ip_enabled + nsg_ids = var.nsg_ids != null ? (local.endpoint_nsg_ids == [] ? ["INVALID ENDPOINT NSG Name"] : local.endpoint_nsg_ids) : null + subnet_id = var.endpoint_subnet_id + } + + image_policy_config { + #Optional + is_policy_enabled = var.is_policy_enabled + dynamic "key_details" { + for_each = var.policy_kms_key_id != null ? [1] : [] + content{ + #Optional + kms_key_id = var.policy_kms_key_id + } + } + } + + options { + add_ons { + #Optional + is_kubernetes_dashboard_enabled = var.is_kubernetes_dashboard_enabled + is_tiller_enabled = var.is_tiller_enabled + } + admission_controller_options { + is_pod_security_policy_enabled = var.is_pod_security_policy_enabled + } + + kubernetes_network_config { + pods_cidr = var.pods_cidr + services_cidr = var.services_cidr + } + service_lb_subnet_ids = flatten(tolist([for subnet in var.service_lb_subnet_ids : (length(regexall("ocid1.subnet.oc*", subnet)) > 0 ? [subnet] : data.oci_core_subnets.oci_subnets_cluster_lbs[subnet].subnets[*].id)])) + persistent_volume_config { + #Optional + defined_tags = var.volume_defined_tags + freeform_tags = var.volume_freeform_tags + } + service_lb_config { + #Optional + defined_tags = var.lb_defined_tags + freeform_tags = var.lb_freeform_tags + } + } + lifecycle { + ignore_changes = [defined_tags["Oracle-Tags.CreatedOn"], defined_tags["Oracle-Tags.CreatedBy"],timeouts] + } +} diff --git a/modules/oke/cluster/oracle_provider_req.tf b/modules/oke/cluster/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/oke/cluster/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/oke/cluster/outputs.tf b/modules/oke/cluster/outputs.tf new file mode 100755 index 0000000..35bfb6e --- /dev/null +++ b/modules/oke/cluster/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Outputs Block - Cluster +# Create Cluster +############################ + +output "cluster_tf_id" { + value = oci_containerengine_cluster.cluster.id +} \ No newline at end of file diff --git a/modules/oke/cluster/variables.tf b/modules/oke/cluster/variables.tf new file mode 100644 index 0000000..a45c67e --- /dev/null +++ b/modules/oke/cluster/variables.tf @@ -0,0 +1,145 @@ +# Copyright 2017, 2019 Oracle Corporation and/or affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +variable "compartment_id" { + type = string + description = "The OCID of the compartment" + default = null +} + +variable "network_compartment_id" { + type = string + description = "The OCID of the compartment that has Network components" + default = null +} + +variable "display_name" { + type = string + description = "The display name of the cluster" + default = null +} + +variable "vcn_names" { + type = list(string) + description = "The vcn name of the cluster" + default = [] +} + + +variable "kubernetes_version" { + type = string + description = "The version of the kubernetes" + default = null +} + +variable "type" { + type = string + description = "The type of the cluster" + default = null +} + +variable "cni_type" { + type = string + description = "The configuration for pod networking for the cluster" + default = null +} + +variable "is_public_ip_enabled" { + type = bool + description = "Whether public IP is enabled for endpoint" +} + +variable "nsg_ids" { + type = list(any) + description = "The NSG IDs for endpoint" + default = [] +} + +variable "endpoint_subnet_id" { + type = string + description = "The subnet for the endpoint" + default = null +} + +variable "is_policy_enabled" { + type = bool + description = "Whether the image verification policy is enabled" + default = false +} + +variable "policy_kms_key_id" { + type = string + description = "The OCIDs of the KMS key that will be used to verify whether the images are signed by an approved source" + default = null +} + +variable "is_kubernetes_dashboard_enabled" { + type = bool + description = "Whether kubernetes dashboard is enabled" +} + +variable "is_tiller_enabled" { + type = bool + description = "Whether tiller is ebabled" +} + +variable "is_pod_security_policy_enabled" { + type = bool + description = "Whether a pod security needs to be enabled for the nodepool" +} + +variable "pods_cidr" { + type = string + description = "The pod CIDR value" + default = null +} + +variable "services_cidr" { + type = string + description = "The service CIDR value" + default = null +} + +variable "service_lb_subnet_ids" { + type = list(any) + description = "The loadbalancer subnet IDs" + default = [] +} + +variable "kms_key_id" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "volume_defined_tags" { + type = map(any) + default = {} +} + +variable "volume_freeform_tags" { + type = map(any) + default = {} +} + +variable "lb_defined_tags" { + type = map(any) + default = {} +} + +variable "lb_freeform_tags" { + type = map(any) + default = {} +} + diff --git a/modules/oke/nodepool/data.tf b/modules/oke/nodepool/data.tf new file mode 100755 index 0000000..738bddd --- /dev/null +++ b/modules/oke/nodepool/data.tf @@ -0,0 +1,36 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +## Data Block - Nodepool +## Create Nodepool and nodes +############################# + +locals { + nodepool_nsg_ids = var.worker_nsg_ids != null ? flatten(tolist([for nsg in var.worker_nsg_ids : (length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? [nsg] : data.oci_core_network_security_groups.network_security_groups_workers[nsg].network_security_groups[*].id)])) : null + pod_nsg_ids = var.pod_nsg_ids != null ? flatten(tolist([for nsg in var.pod_nsg_ids : (length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? [nsg] : data.oci_core_network_security_groups.network_security_groups_pods[nsg].network_security_groups[*].id)])) : null +} + +data "oci_identity_availability_domains" "ads" { + compartment_id = var.tenancy_ocid +} + + +data "oci_core_vcns" "oci_vcns_nodepools" { + for_each = { for vcn in var.vcn_names : vcn => vcn } + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value +} + +data "oci_core_network_security_groups" "network_security_groups_pods" { + for_each = var.pod_nsg_ids != null ? { for nsg in var.pod_nsg_ids : nsg => nsg } : {} + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value + vcn_id = data.oci_core_vcns.oci_vcns_nodepools[var.vcn_names[0]].virtual_networks.*.id[0] +} + +data "oci_core_network_security_groups" "network_security_groups_workers" { + for_each = var.worker_nsg_ids != null ? { for nsg in var.worker_nsg_ids : nsg => nsg } : {} + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value + vcn_id = data.oci_core_vcns.oci_vcns_nodepools[var.vcn_names[0]].virtual_networks.*.id[0] +} diff --git a/modules/oke/nodepool/main.tf b/modules/oke/nodepool/main.tf new file mode 100644 index 0000000..ea604f9 --- /dev/null +++ b/modules/oke/nodepool/main.tf @@ -0,0 +1,67 @@ +# Copyright 2017, 2021 Oracle Corporation and/or affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +resource "oci_containerengine_node_pool" "nodepool" { + cluster_id = var.cluster_name + compartment_id = var.compartment_id + node_shape = var.node_shape + name = var.display_name + kubernetes_version = var.kubernetes_version + ssh_public_key = var.ssh_public_key + defined_tags = var.nodepool_defined_tags + freeform_tags = var.nodepool_freeform_tags + + dynamic "initial_node_labels" { + for_each = var.initial_node_labels != null ? { for k, v in var.initial_node_labels : k => v } : {} + content { + key = initial_node_labels.key + value = initial_node_labels.value + } + } + + node_config_details { + placement_configs { + #Required + availability_domain = data.oci_identity_availability_domains.ads.availability_domains[var.availability_domain].name + subnet_id = var.subnet_id + fault_domains = var.fault_domains + } + node_pool_pod_network_option_details { + #Required + cni_type = var.cni_type + + #Optional + max_pods_per_node = var.max_pods_per_node + pod_nsg_ids = var.pod_nsg_ids != null ? (local.pod_nsg_ids == [] ? ["INVALID POD NSG Name"] : local.pod_nsg_ids) : null + pod_subnet_ids = var.pod_subnet_ids != null ? [var.pod_subnet_ids] : null + } + size = var.size + nsg_ids = var.worker_nsg_ids != null ? (local.nodepool_nsg_ids == [] ? ["INVALID WORKER NSG Name"] : local.nodepool_nsg_ids) : null + is_pv_encryption_in_transit_enabled = var.is_pv_encryption_in_transit_enabled + kms_key_id = var.kms_key_id + defined_tags = var.node_defined_tags + freeform_tags = var.node_freeform_tags + } + + node_source_details { + boot_volume_size_in_gbs = var.boot_volume_size_in_gbs + image_id = var.image_id + source_type = var.source_type + } + + + # node_metadata = { + # user_data = var.cloudinit_nodepool_common == "" && lookup(var.cloudinit_nodepool, each.key, null) == null ? data.cloudinit_config.worker.rendered : lookup(var.cloudinit_nodepool, each.key, null) != null ? filebase64(lookup(var.cloudinit_nodepool, each.key, null)) : filebase64(var.cloudinit_nodepool_common) + # } + + node_shape_config { + ocpus = var.ocpus + memory_in_gbs = var.memory_in_gbs + } + + + # do not destroy the node pool if the kubernetes version has changed as part of the upgrade + lifecycle { + ignore_changes = [node_config_details[0].placement_configs, kubernetes_version, defined_tags["Oracle-Tags.CreatedOn"], defined_tags["Oracle-Tags.CreatedBy"], node_config_details[0].defined_tags["Oracle-Tags.CreatedOn"], node_config_details[0].defined_tags["Oracle-Tags.CreatedBy"]] + } +} diff --git a/modules/oke/nodepool/oracle_provider_req.tf b/modules/oke/nodepool/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/oke/nodepool/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/oke/nodepool/outputs.tf b/modules/oke/nodepool/outputs.tf new file mode 100755 index 0000000..6a9a80b --- /dev/null +++ b/modules/oke/nodepool/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Outputs Block - Nodepool +# Create Nodepool and nodes +############################ + +output "nodepool_tf_id" { + value = oci_containerengine_node_pool.nodepool.id +} \ No newline at end of file diff --git a/modules/oke/nodepool/variables.tf b/modules/oke/nodepool/variables.tf new file mode 100644 index 0000000..d3a391b --- /dev/null +++ b/modules/oke/nodepool/variables.tf @@ -0,0 +1,179 @@ +# Copyright 2017, 2019 Oracle Corporation and/or affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +variable "tenancy_ocid" { + type = string + description = "The OCID of the tenancy" + default = null +} +variable "compartment_id" { + type = string + description = "The OCID of the compartment" + default = null +} + +variable "network_compartment_id" { + type = string + description = "The OCID of the compartment that has Network components" + default = null +} + +variable "availability_domain" { + type = number + description = "The availability domain for the nodepool" + default = null +} + +variable "vcn_names" { + type = list(any) + description = "The vcn name of the nodepool" + default = null +} + +variable "display_name" { + type = string + description = "The display name of the nodepool" + default = null +} + +variable "cluster_name" { + type = string + description = "The display name of the cluster" + default = null +} + +variable "kubernetes_version" { + type = string + description = "The version of the kubernetes" + default = null +} + +variable "ssh_public_key" { + type = string + description = "The SSh key for the nodes" + default = null +} + +variable "node_shape" { + type = string + description = "The shape of the nodes in nodepool" + default = null +} + +variable "initial_node_labels" { + type = map(any) + description = "The labels for nodepool" + default = {} +} + +variable "subnet_id" { + type = string + description = "The subnet of the worker nodepool" + default = null +} + +variable "size" { + type = number + description = "The size of the nodepool" + default = null +} + +variable "cni_type" { + type = string + description = "The network configuration for the nodes" + default = null +} + +variable "fault_domains" { + type = list(any) + description = "fault domain" + default = null +} + +variable "max_pods_per_node" { + type = number + description = "The maximum nuber of pods in a node" + default = null +} + +variable "pod_nsg_ids" { + type = list(any) + description = "The nsg ids for pods" + default = [] +} + +variable "pod_subnet_ids" { + type = string + description = "The nsubnets for the pods" + default = null +} + +variable "worker_nsg_ids" { + type = list(any) + description = "The NSG IDs for nodepool" + default = [] +} + +variable "memory_in_gbs" { + type = number + description = "The node memory in GB" + default = null +} + +variable "ocpus" { + type = number + description = "The ocpu for the node" + default = null +} + +variable "image_id" { + type = string + description = "The image ID for node" + default = null +} + +variable "source_type" { + type = string + description = "The type of the image ID" + default = null +} + +variable "boot_volume_size_in_gbs" { + type = number + description = "The boot volume size for nodes in nodepool" + default = null +} + +variable "is_pv_encryption_in_transit_enabled" { + type = bool + description = "Whether in-transit encryptions is enabled for data in persistent volume" +} + +variable "kms_key_id" { + type = string + default = null +} + +variable "node_defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "node_freeform_tags" { + type = map(any) + default = {} +} +variable "nodepool_defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "nodepool_freeform_tags" { + type = map(any) + default = {} +} + diff --git a/modules/oke/virtual-nodepool/data.tf b/modules/oke/virtual-nodepool/data.tf new file mode 100755 index 0000000..e8f9e1d --- /dev/null +++ b/modules/oke/virtual-nodepool/data.tf @@ -0,0 +1,36 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +## Data Block - Nodepool +## Create Nodepool and nodes +############################# + +locals { + nodepool_nsg_ids = var.worker_nsg_ids != null ? flatten(tolist([for nsg in var.worker_nsg_ids : (length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? [nsg] : data.oci_core_network_security_groups.network_security_groups_workers[nsg].network_security_groups[*].id)])) : null + pod_nsg_ids = var.pod_nsg_ids != null ? flatten(tolist([for nsg in var.pod_nsg_ids : (length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? [nsg] : data.oci_core_network_security_groups.network_security_groups_pods[nsg].network_security_groups[*].id)])) : null +} + +data "oci_identity_availability_domains" "ads" { + compartment_id = var.tenancy_ocid +} + + +data "oci_core_vcns" "oci_vcns_virtual_nodepools" { + for_each = { for vcn in var.vcn_names : vcn => vcn } + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value +} + +data "oci_core_network_security_groups" "network_security_groups_pods" { + for_each = var.pod_nsg_ids != null ? { for nsg in var.pod_nsg_ids : nsg => nsg } : {} + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value + vcn_id = data.oci_core_vcns.oci_vcns_virtual_nodepools[var.vcn_names[0]].virtual_networks.*.id[0] +} + +data "oci_core_network_security_groups" "network_security_groups_workers" { + for_each = var.worker_nsg_ids != null ? { for nsg in var.worker_nsg_ids : nsg => nsg } : {} + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value + vcn_id = data.oci_core_vcns.oci_vcns_virtual_nodepools[var.vcn_names[0]].virtual_networks.*.id[0] +} diff --git a/modules/oke/virtual-nodepool/main.tf b/modules/oke/virtual-nodepool/main.tf new file mode 100644 index 0000000..e42f627 --- /dev/null +++ b/modules/oke/virtual-nodepool/main.tf @@ -0,0 +1,57 @@ +# Copyright 2017, 2021 Oracle Corporation and/or affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +resource "oci_containerengine_virtual_node_pool" "virtual_nodepool" { + #Required + cluster_id = var.cluster_name + compartment_id = var.compartment_id + display_name = var.display_name + placement_configurations { + availability_domain = data.oci_identity_availability_domains.ads.availability_domains[var.availability_domain].name + subnet_id = var.subnet_id + fault_domain = var.fault_domains + } + + #Optional + defined_tags = var.nodepool_defined_tags + freeform_tags = var.nodepool_freeform_tags + + dynamic "initial_virtual_node_labels" { + for_each = var.initial_virtual_node_labels != null ? { for k, v in var.initial_virtual_node_labels : k => v } : {} + content { + key = initial_virtual_node_labels.key + value = initial_virtual_node_labels.value + } + } + + nsg_ids = var.worker_nsg_ids != null ? (local.nodepool_nsg_ids == [] ? ["INVALID WORKER NSG Name"] : local.nodepool_nsg_ids) : null + #Required + pod_configuration { + #Required + shape = var.node_shape #var.virtual_node_pool_pod_configuration_shape + subnet_id = var.pod_subnet_id + + #Optional + nsg_ids = var.pod_nsg_ids != null ? (local.pod_nsg_ids == [] ? ["INVALID POD NSG Name"] : local.pod_nsg_ids) : null + } + size = var.size + + #Optional + dynamic "taints" { + for_each = var.taints != null ? var.taints : [] + content { + key = taints.value.key + value = taints.value.value + effect = taints.value.effect + } + } + + virtual_node_tags { + defined_tags = var.node_defined_tags + freeform_tags = var.node_freeform_tags + } + # do not destroy the node pool if the kubernetes version has changed as part of the upgrade + lifecycle { + ignore_changes = [defined_tags["Oracle-Tags.CreatedOn"], defined_tags["Oracle-Tags.CreatedBy"]] + } +} \ No newline at end of file diff --git a/modules/oke/virtual-nodepool/oracle_provider_req.tf b/modules/oke/virtual-nodepool/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/oke/virtual-nodepool/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/oke/virtual-nodepool/outputs.tf b/modules/oke/virtual-nodepool/outputs.tf new file mode 100755 index 0000000..cc73dc4 --- /dev/null +++ b/modules/oke/virtual-nodepool/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Outputs Block - Nodepool +# Create Nodepool and nodes +############################ + +output "virtual_nodepool_tf_id" { + value = oci_containerengine_virtual_node_pool.virtual_nodepool.id +} \ No newline at end of file diff --git a/modules/oke/virtual-nodepool/variables.tf b/modules/oke/virtual-nodepool/variables.tf new file mode 100644 index 0000000..da0bba1 --- /dev/null +++ b/modules/oke/virtual-nodepool/variables.tf @@ -0,0 +1,121 @@ +# Copyright 2017, 2019 Oracle Corporation and/or affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +variable "tenancy_ocid" { + type = string + description = "The OCID of the tenancy" + default = null +} +variable "compartment_id" { + type = string + description = "The OCID of the compartment" + default = null +} + +variable "network_compartment_id" { + type = string + description = "The OCID of the compartment that has Network components" + default = null +} + +variable "availability_domain" { + type = number + description = "The availability domain for the nodepool" + default = null +} +variable "fault_domains" { + type = list(any) + description = "fault domain" + default = null +} +variable "vcn_names" { + type = list(any) + description = "The vcn name of the nodepool" + default = null +} + +variable "display_name" { + type = string + description = "The display name of the nodepool" + default = null +} + +variable "cluster_name" { + type = string + description = "The display name of the cluster" + default = null +} + +variable "node_shape" { + type = string + description = "The shape of the nodes in nodepool" + default = null +} + +variable "initial_virtual_node_labels" { + type = map(any) + description = "The labels for nodepool" + default = {} +} + +variable "subnet_id" { + type = string + description = "The subnet of the worker nodepool" + default = null +} + +variable "size" { + type = number + description = "The size of the nodepool" + default = null +} + +variable "pod_nsg_ids" { + type = list(any) + description = "The nsg ids for pods" + default = [] +} + +variable "pod_subnet_id" { + type = string + description = "The subnet for the pods" + default = null +} + +variable "worker_nsg_ids" { + type = list(any) + description = "The NSG IDs for nodepool" + default = [] +} + + +variable "node_defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "node_freeform_tags" { + type = map(any) + default = {} +} +variable "nodepool_defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "nodepool_freeform_tags" { + type = map(any) + default = {} +} + +variable "taints" { + type = list(any) + description = "virtual node pool taints" + default = [] +} + + diff --git a/modules/sddc/sddc-cluster/main.tf b/modules/sddc/sddc-cluster/main.tf new file mode 100755 index 0000000..f294c7e --- /dev/null +++ b/modules/sddc/sddc-cluster/main.tf @@ -0,0 +1,51 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - SDDC Cluster +# Create SDDC Cluster +############################ + +resource "oci_ocvp_cluster" "sddc_cluster" { + #Required + compute_availability_domain = var.compute_availability_domain + esxi_hosts_count = var.esxi_hosts_count + network_configuration { + #Required + nsx_edge_vtep_vlan_id = var.nsx_edge_vtep_vlan_id + nsx_vtep_vlan_id = var.nsx_vtep_vlan_id + provisioning_subnet_id = var.provisioning_subnet_id + vmotion_vlan_id = var.vmotion_vlan_id + vsan_vlan_id = var.vsan_vlan_id + #Optional + hcx_vlan_id = var.hcx_vlan_id + nsx_edge_uplink1vlan_id = var.nsx_edge_uplink1vlan_id + nsx_edge_uplink2vlan_id = var.nsx_edge_uplink2vlan_id + provisioning_vlan_id = var.provisioning_vlan_id + replication_vlan_id = var.replication_vlan_id + vsphere_vlan_id = var.vsphere_vlan_id + } + sddc_id = var.sddc_id + #Optional + capacity_reservation_id = var.capacity_reservation_id + + dynamic "datastores" { + for_each = length(var.workload_datastore) != 0 ? [1] : [] + content { + datastore_type = "WORKLOAD" + block_volume_ids = var.workload_datastore + } + } + defined_tags = var.defined_tags + display_name = var.display_name + esxi_software_version = var.esxi_software_version + freeform_tags = var.freeform_tags + initial_commitment = var.initial_commitment + initial_host_ocpu_count = var.initial_host_ocpu_count + initial_host_shape_name = var.initial_host_shape_name + instance_display_name_prefix = var.instance_display_name_prefix + is_shielded_instance_enabled = var.is_shielded_instance_enabled + vmware_software_version = var.vmware_software_version + workload_network_cidr = var.workload_network_cidr + timeouts { create = "45m" } +} + diff --git a/modules/sddc/sddc-cluster/oracle_provider_req.tf b/modules/sddc/sddc-cluster/oracle_provider_req.tf new file mode 100755 index 0000000..e52742e --- /dev/null +++ b/modules/sddc/sddc-cluster/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/sddc/sddc-cluster/outputs.tf b/modules/sddc/sddc-cluster/outputs.tf new file mode 100755 index 0000000..921f980 --- /dev/null +++ b/modules/sddc/sddc-cluster/outputs.tf @@ -0,0 +1,12 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Outputs Block - Custom Backup Policy +# Create Custom Backup Policy +############################ + + + +output "sddc_cluster_tf_id" { + value = oci_ocvp_cluster.sddc_cluster.id +} diff --git a/modules/sddc/sddc-cluster/variables.tf b/modules/sddc/sddc-cluster/variables.tf new file mode 100755 index 0000000..cdcd153 --- /dev/null +++ b/modules/sddc/sddc-cluster/variables.tf @@ -0,0 +1,239 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - SDDC +# Create SDDC +############################ + +variable "compartment_id" { + description = "(Required) (Updatable) The OCID of the compartment to contain the SDDC." + type = string + default = null +} + +variable "compute_availability_domain" { + description = "(Required) The Availability Domain to create the SDDC cluster. Default is set to AD1 in main.tf" + type = string + default = null +} + + + +variable "instance_display_name_prefix" { + description = "A string that will be prepended to all ESXI " + type = string +} + +################## +# SDDC Parameters# +################## + + +variable "sddc_enabled" { + description = "Whether to deploy SDDC Cluster. If set to true, creates a SDDC Cluster." + type = bool + default = true +} + +variable "display_name" { + description = "(Optional) (Updatable) A descriptive name for the SDDC. SDDC name requirements are 1-16 character length limit, Must start with a letter, Must be English letters, numbers, - only, No repeating hyphens, Must be unique within the region. Avoid entering confidential information." + type = string + default = null +} + +variable "esxi_hosts_count" { + description = "(Required) The number of ESXi hosts to create in the SDDC. Changing this value post-deployment will delete the entire cluster. You can add more hosts in the OCI GUI following the initial deployment" + type = number +} + +variable "vmware_software_version" { + description = "(Required) The VMware software bundle to install on the ESXi hosts in the SDDC. To get a list of the available versions. Documentation states updateable but that's incorrect. DO NOT UPDATE POST-DEPLOYMENT" + type = string +} + +variable "esxi_software_version" { + description = "(Optional) (Updatable) The ESXi software bundle to install on the ESXi hosts in the Cluster" + type = string +} + +variable "initial_commitment" { + description = "commitment Hourly/Monthly" + type = string + default = null +} + +variable "workload_network_cidr" { + description = "(Optional) The CIDR block for the IP addresses that VMware VMs in the SDDC use to run application workloads." + type = string + default = null +} + +variable "ssh_authorized_keys" { + description = "(Required) (Updatable) One or more public SSH keys to be included in the ~/.ssh/authorized_keys file for the default user on each ESXi host. Use a newline character to separate multiple keys. The SSH keys must be in the format required for the authorized_keys file" + type = string +} + +variable "is_hcx_enabled" { + description = "Whether to deploy HCX during provisioning. If set to true, HCX is included in the workflow." + type = bool + default = null +} + +variable "sddc_id" { + description = "The OCID of the SDDC that the Cluster belongs to." + type = string + default = null +} + + + +########################## +# Subnets/VLANs for SDDC # +########################## +variable "provisioning_subnet_id" { + description = " The OCID of the management subnet to use for provisioning the SDDC" + type = string + default = null + +} + +variable "nsx_edge_uplink1vlan_id" { + description = "The OCID of the VLAN to use for the NSX Edge Uplink 1 component of the VMware environment" + type = string + default = null + +} + +variable "nsx_edge_uplink2vlan_id" { + description = "The OCID of the VLAN to use for the NSX Edge Uplink 2 component of the VMware environment" + type = string + default = null + +} + +variable "nsx_vtep_vlan_id" { + description = " The OCID of the VLAN to use for the NSX VTEP component of the VMware environment" + type = string + default = null +} + + +variable "nsx_edge_vtep_vlan_id" { + description = " The OCID of the VLAN to use for the NSX Edge VTEP component of the VMware environment" + type = string + default = null +} + +variable "vsan_vlan_id" { + description = "The OCID of the VLAN to use for the vSAN component of the VMware environment" + type = string + default = null +} + +variable "vmotion_vlan_id" { + description = "(Required)(Updatable) The OCID of the VLAN to use for the vMotion component of the VMware environment" + type = string + default = null +} + +variable "vsphere_vlan_id" { + description = " The OCID of the VLAN to use for the vMotion component of the VMware environment" + type = string + default = null +} + +variable "hcx_vlan_id" { + description = " The OCID of the VLAN to use for the HCX component of the VMware environment. This value is required only when isHcxEnabled is true" + type = string + default = null +} + + + +variable "provisioning_vlan_id" { + description = "The OCID of the VLAN used by the SDDC for the Provisioning component of the VMware environment." + type = string + default = null +} + +variable "replication_vlan_id" { + description = "The OCID of the VLAN used by the SDDC for the vSphere Replication component of the VMware environment." + type = string + default = null +} +variable "esxi_hardware_type" { + description = "The hardware type for esxi." + type = string + default = null +} + +variable "capacity_reservation_id" { + description = "Reservation id of ocvs allocated capacity." + type = string + default = null +} + +variable "initial_host_ocpu_count" { + description = "initial_host_ocpu_count." + type = string + default = null +} + +variable "initial_host_shape_name" { + description = "initial_host_shape_name." + type = string + default = null +} + +variable "is_shielded_instance_enabled" { + description = "is_shielded_instance_enabled" + type = string + default = null +} + +variable "is_single_host_sddc" { + description = "is_single_host_sddc" + type = string + default = null +} + +variable "defined_tags" { + description = "Reservation id of ocvs allocated capacity." + type = map(any) + default = { + "Oracle-Tags.CreatedOn" = "$$(oci.datetime)", + "Oracle-Tags-CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + description = "Free-form tags for SDDC cluster" + type = map(string) +} + + + +variable "reserving_hcx_on_premise_license_keys" { + description = "Network compartmenet OCID to fetch NSG/Subnet details" + type = string + default = null +} + +variable "refresh_hcx_license_status" { + description = "Network compartmenet OCID to fetch NSG/Subnet details" + type = string + default = null +} + +variable "network_compartment_id" { + description = "Network compartmenet OCID to fetch NSG/Subnet details" + type = string + default = null +} + + +variable "workload_datastore" { + type = list(string) + default = [] +} + diff --git a/modules/sddc/sddc/main.tf b/modules/sddc/sddc/main.tf new file mode 100755 index 0000000..dbee999 --- /dev/null +++ b/modules/sddc/sddc/main.tf @@ -0,0 +1,67 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - SDDC +# Create SDDC +############################ +resource "oci_ocvp_sddc" "sddc" { + compartment_id = var.compartment_id + vmware_software_version = var.vmware_software_version + ssh_authorized_keys = var.ssh_authorized_keys + + + initial_configuration { + initial_cluster_configurations { + display_name = var.initial_cluster_display_name + initial_commitment = var.initial_commitment + compute_availability_domain = var.compute_availability_domain + esxi_hosts_count = var.esxi_hosts_count + vsphere_type = "MANAGEMENT" + initial_host_ocpu_count = var.initial_host_ocpu_count + initial_host_shape_name = var.initial_host_shape_name + instance_display_name_prefix = var.instance_display_name_prefix + is_shielded_instance_enabled = var.is_shielded_instance_enabled + capacity_reservation_id = var.capacity_reservation_id + workload_network_cidr = var.workload_network_cidr + + network_configuration { + nsx_edge_uplink1vlan_id = var.nsx_edge_uplink1vlan_id + nsx_edge_uplink2vlan_id = var.nsx_edge_uplink2vlan_id + nsx_edge_vtep_vlan_id = var.nsx_edge_vtep_vlan_id + nsx_vtep_vlan_id = var.nsx_vtep_vlan_id + provisioning_subnet_id = var.provisioning_subnet_id + vmotion_vlan_id = var.vmotion_vlan_id + vsan_vlan_id = var.vsan_vlan_id + vsphere_vlan_id = var.vsphere_vlan_id + provisioning_vlan_id = var.provisioning_vlan_id + replication_vlan_id = var.replication_vlan_id + hcx_vlan_id = var.hcx_vlan_id + } + + + dynamic "datastores" { + for_each = length(var.management_datastore) != 0 ? [1] : [] + content { + datastore_type = "MANAGEMENT" + block_volume_ids = var.management_datastore + } + } + dynamic "datastores" { + for_each = length(var.workload_datastore) != 0 ? [1] : [] + content { + datastore_type = "WORKLOAD" + block_volume_ids = var.workload_datastore + } + } + } + } + + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + hcx_action = var.hcx_action + is_hcx_enabled = var.is_hcx_enabled + is_single_host_sddc = var.is_single_host_sddc +} + diff --git a/modules/sddc/sddc/oracle_provider_req.tf b/modules/sddc/sddc/oracle_provider_req.tf new file mode 100755 index 0000000..e52742e --- /dev/null +++ b/modules/sddc/sddc/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/sddc/sddc/outputs.tf b/modules/sddc/sddc/outputs.tf new file mode 100755 index 0000000..3abd8bd --- /dev/null +++ b/modules/sddc/sddc/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Outputs Block - Custom Backup Policy +# Create Custom Backup Policy +############################ + + +output "sddc_tf_id" { + value = oci_ocvp_sddc.sddc.id +} diff --git a/modules/sddc/sddc/variables.tf b/modules/sddc/sddc/variables.tf new file mode 100755 index 0000000..6f796ee --- /dev/null +++ b/modules/sddc/sddc/variables.tf @@ -0,0 +1,240 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - SDDC +# Create SDDC +############################ + +variable "compartment_id" { + description = "(Required) (Updatable) The OCID of the compartment to contain the SDDC." + type = string + default = null +} + +variable "compute_availability_domain" { + description = "(Required) The Availability Domain to create the SDDC cluster. Default is set to AD1 in main.tf" + type = string + default = null +} + + + +variable "instance_display_name_prefix" { + description = "A string that will be prepended to all ESXI " + type = string +} + +################## +# SDDC Parameters# +################## + +variable "initial_cluster_display_name" { + description = "initial cluster display name." + type = string + default = null +} + +variable "sddc_enabled" { + description = "Whether to deploy SDDC Cluster. If set to true, creates a SDDC Cluster." + type = bool + default = true +} + +variable "display_name" { + description = "(Optional) (Updatable) A descriptive name for the SDDC. SDDC name requirements are 1-16 character length limit, Must start with a letter, Must be English letters, numbers, - only, No repeating hyphens, Must be unique within the region. Avoid entering confidential information." + type = string + default = null +} + +variable "esxi_hosts_count" { + description = "(Required) The number of ESXi hosts to create in the SDDC. Changing this value post-deployment will delete the entire cluster. You can add more hosts in the OCI GUI following the initial deployment" + type = number +} + +variable "vmware_software_version" { + description = "(Required) The VMware software bundle to install on the ESXi hosts in the SDDC. To get a list of the available versions. Documentation states updateable but that's incorrect. DO NOT UPDATE POST-DEPLOYMENT" + type = string +} + +variable "initial_commitment" { + description = "commitment Hourly/Monthly" + type = string + default = null +} + +variable "workload_network_cidr" { + description = "(Optional) The CIDR block for the IP addresses that VMware VMs in the SDDC use to run application workloads." + type = string + default = null +} + +variable "ssh_authorized_keys" { + description = "(Required) (Updatable) One or more public SSH keys to be included in the ~/.ssh/authorized_keys file for the default user on each ESXi host. Use a newline character to separate multiple keys. The SSH keys must be in the format required for the authorized_keys file" + type = string +} + +variable "is_hcx_enabled" { + description = "Whether to deploy HCX during provisioning. If set to true, HCX is included in the workflow." + type = bool + default = null +} + + + +########################## +# Subnets/VLANs for SDDC # +########################## +variable "provisioning_subnet_id" { + description = " The OCID of the management subnet to use for provisioning the SDDC" + type = string + default = null + +} + +variable "nsx_edge_uplink1vlan_id" { + description = "The OCID of the VLAN to use for the NSX Edge Uplink 1 component of the VMware environment" + type = string + default = null + +} + +variable "nsx_edge_uplink2vlan_id" { + description = " The OCID of the VLAN to use for the NSX Edge Uplink 2 component of the VMware environment" + type = string + default = null +} + +variable "nsx_vtep_vlan_id" { + description = " The OCID of the VLAN to use for the NSX VTEP component of the VMware environment" + type = string + default = null +} + + +variable "nsx_edge_vtep_vlan_id" { + description = " The OCID of the VLAN to use for the NSX Edge VTEP component of the VMware environment" + type = string + default = null +} + +variable "vsan_vlan_id" { + description = "The OCID of the VLAN to use for the vSAN component of the VMware environment" + type = string + default = null +} + +variable "vmotion_vlan_id" { + description = "(Required)(Updatable) The OCID of the VLAN to use for the vMotion component of the VMware environment" + type = string + default = null +} + +variable "vsphere_vlan_id" { + description = " The OCID of the VLAN to use for the vMotion component of the VMware environment" + type = string + default = null +} + +variable "hcx_vlan_id" { + description = " The OCID of the VLAN to use for the HCX component of the VMware environment. This value is required only when isHcxEnabled is true" + type = string + default = null +} + +variable "hcx_action" { + description = "The action to be performed upon HCX license" + type = string + default = null +} + +variable "provisioning_vlan_id" { + description = "The OCID of the VLAN used by the SDDC for the Provisioning component of the VMware environment." + type = string + default = null +} + +variable "replication_vlan_id" { + description = "The OCID of the VLAN used by the SDDC for the vSphere Replication component of the VMware environment." + type = string + default = null +} +variable "esxi_hardware_type" { + description = "The hardware type for esxi." + type = string + default = null +} + +variable "capacity_reservation_id" { + description = "Reservation id of ocvs allocated capacity." + type = string + default = null +} + +variable "initial_host_ocpu_count" { + description = "initial_host_ocpu_count." + type = string + default = null +} + +variable "initial_host_shape_name" { + description = "initial_host_shape_name." + type = string + default = null +} + +variable "is_shielded_instance_enabled" { + description = "is_shielded_instance_enabled" + type = string + default = null +} + +variable "is_single_host_sddc" { + description = "is_single_host_sddc" + type = string + default = null +} + +variable "defined_tags" { + description = "Reservation id of ocvs allocated capacity." + type = map(any) + default = { + "Oracle-Tags.CreatedOn" = "$$(oci.datetime)", + "Oracle-Tags-CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + description = "Free-form tags for SDDC cluster" + type = map(string) +} + + + +variable "reserving_hcx_on_premise_license_keys" { + description = "Network compartmenet OCID to fetch NSG/Subnet details" + type = string + default = null +} + +variable "refresh_hcx_license_status" { + description = "Network compartmenet OCID to fetch NSG/Subnet details" + type = string + default = null +} + +variable "network_compartment_id" { + description = "Network compartmenet OCID to fetch NSG/Subnet details" + type = string + default = null +} + +variable "management_datastore" { + type = list(string) + default = [] +} + +variable "workload_datastore" { + type = list(string) + default = [] +} + diff --git a/modules/security/cloud-guard-configuration/main.tf b/modules/security/cloud-guard-configuration/main.tf new file mode 100755 index 0000000..adc62b7 --- /dev/null +++ b/modules/security/cloud-guard-configuration/main.tf @@ -0,0 +1,22 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Resource Block - Security +## Create Cloud Guard Config +################################ + +resource "oci_cloud_guard_cloud_guard_configuration" "cloud_guard_configuration" { + #Required + compartment_id = var.compartment_id + reporting_region = var.reporting_region + status = var.status + + #Optional + self_manage_resources = var.self_manage_resources +} + +resource "time_sleep" "wait_60_seconds" { + depends_on = [oci_cloud_guard_cloud_guard_configuration.cloud_guard_configuration] + create_duration = "60s" +} + diff --git a/modules/security/cloud-guard-configuration/oracle_provider_req.tf b/modules/security/cloud-guard-configuration/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/security/cloud-guard-configuration/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/security/cloud-guard-configuration/outputs.tf b/modules/security/cloud-guard-configuration/outputs.tf new file mode 100755 index 0000000..d437790 --- /dev/null +++ b/modules/security/cloud-guard-configuration/outputs.tf @@ -0,0 +1,11 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Outputs Block - Security +## Create Cloud Guard Config +################################ + +output "cg_config_tf_id" { + depends_on = [time_sleep.wait_60_seconds] + value = oci_cloud_guard_cloud_guard_configuration.cloud_guard_configuration.id +} \ No newline at end of file diff --git a/modules/security/cloud-guard-configuration/variables.tf b/modules/security/cloud-guard-configuration/variables.tf new file mode 100755 index 0000000..2526790 --- /dev/null +++ b/modules/security/cloud-guard-configuration/variables.tf @@ -0,0 +1,35 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################# +## Variables Block - Security +## Create Cloud Guard Config +################################# + +variable "compartment_id" { + description = "Compartment OCID to provision the volume" + type = string +} + +variable "reporting_region" { + description = "The reporting region value" + type = string + default = null +} + +variable "self_manage_resources" { + description = "Identifies if Oracle managed resources will be created by customers. If no value is specified false is the default." + type = bool + default = null +} + +variable "status" { + description = "Status of Cloud Guard Tenant. Allowed Values are DISABLED, ENABLED" + type = string + default = "ENABLED" +} + +variable "tenancy_ocid" { + description = "OCID of the tenancy" + type = string + default = null +} \ No newline at end of file diff --git a/modules/security/cloud-guard-target/data.tf b/modules/security/cloud-guard-target/data.tf new file mode 100644 index 0000000..3a78bca --- /dev/null +++ b/modules/security/cloud-guard-target/data.tf @@ -0,0 +1,41 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Data Block - Security +## Create Cloud Guard Target +################################ + +locals { + detector_recipes = { + "OCI Activity Detector Recipe" = data.oci_cloud_guard_detector_recipes.root_activity_detector_recipes.detector_recipe_collection[0].items[0].id + "OCI Configuration Detector Recipe" = data.oci_cloud_guard_detector_recipes.root_config_detector_recipes.detector_recipe_collection[0].items[0].id + "OCI Threat Detector Recipe" = data.oci_cloud_guard_detector_recipes.root_threat_detector_recipes.detector_recipe_collection[0].items[0].id + } + responder_recipes = { + "OCI Responder Recipe" = data.oci_cloud_guard_responder_recipes.root_responder_recipes.responder_recipe_collection[0].items[0].id + } +} + +data "oci_cloud_guard_responder_recipes" "root_responder_recipes" { + #Required + compartment_id = var.tenancy_ocid + display_name = "OCI Responder Recipe" +} + +data "oci_cloud_guard_detector_recipes" "root_activity_detector_recipes" { + #Required + compartment_id = var.tenancy_ocid + display_name = "OCI Activity Detector Recipe" +} + +data "oci_cloud_guard_detector_recipes" "root_config_detector_recipes" { + #Required + compartment_id = var.tenancy_ocid + display_name = "OCI Configuration Detector Recipe" +} + +data "oci_cloud_guard_detector_recipes" "root_threat_detector_recipes" { + #Required + compartment_id = var.tenancy_ocid + display_name = "OCI Threat Detector Recipe" +} diff --git a/modules/security/cloud-guard-target/main.tf b/modules/security/cloud-guard-target/main.tf new file mode 100755 index 0000000..d726d11 --- /dev/null +++ b/modules/security/cloud-guard-target/main.tf @@ -0,0 +1,87 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Resource Block - Security +## Create Cloud Guard Target +################################ + +resource "oci_cloud_guard_detector_recipe" "cloned_detector_recipes" { + for_each = local.detector_recipes + compartment_id = var.compartment_id + display_name = format("%s%s", var.prefix, trimprefix(each.key, "OCI")) + source_detector_recipe_id = each.value +} + + +resource "oci_cloud_guard_responder_recipe" "cloned_responder_recipes" { + for_each = local.responder_recipes + compartment_id = var.compartment_id + display_name = format("%s%s", var.prefix, trimprefix(each.key, "OCI")) + source_responder_recipe_id = each.value +} + +resource "oci_cloud_guard_target" "target" { + #Required + compartment_id = var.compartment_id + display_name = var.display_name + target_resource_id = var.target_resource_id + target_resource_type = var.target_resource_type + + #Optional + defined_tags = var.defined_tags + description = var.description + freeform_tags = var.freeform_tags + state = var.state + + dynamic "target_detector_recipes" { + for_each = oci_cloud_guard_detector_recipe.cloned_detector_recipes + content { + #Required + detector_recipe_id = target_detector_recipes.value.id + + #Optional + dynamic "detector_rules" { + for_each = try(target_detector_recipes.value.id.value.detector_rules, []) + content { + #Required + details { + #Optional + condition_groups { + #Required + compartment_id = detector_rules.value.compartment_id + condition = detector_rules.value.condition + } + } + detector_rule_id = detector_rules.value.detector_rule_id + } + } + } + } + dynamic "target_responder_recipes" { + for_each = oci_cloud_guard_responder_recipe.cloned_responder_recipes + content { + #Required + responder_recipe_id = target_responder_recipes.value.id + #Optional + dynamic "responder_rules" { + for_each = try(target_responder_recipes.value.responder_rules, []) + content { + #Required + details { + + #Optional + condition = responder_rules.value.condition + configurations { + #Required + config_key = responder_rules.value.config_key + name = responder_rules.value.name + value = responder_rules.value.value + } + mode = responder_rules.value.mode + } + responder_rule_id = responder_rules.value.responder_rule_id + } + } + } + } +} \ No newline at end of file diff --git a/modules/security/cloud-guard-target/oracle_provider_req.tf b/modules/security/cloud-guard-target/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/security/cloud-guard-target/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/security/cloud-guard-target/outputs.tf b/modules/security/cloud-guard-target/outputs.tf new file mode 100755 index 0000000..261c819 --- /dev/null +++ b/modules/security/cloud-guard-target/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Outputs Block - Security +## Create Cloud Guard Target +################################ + +output "cg_target_tf_id" { + value = oci_cloud_guard_target.target.id +} diff --git a/modules/security/cloud-guard-target/variables.tf b/modules/security/cloud-guard-target/variables.tf new file mode 100755 index 0000000..ce91ee2 --- /dev/null +++ b/modules/security/cloud-guard-target/variables.tf @@ -0,0 +1,66 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################# +## Variables Block - Security +## Create Cloud Guard Target +################################# + +variable "compartment_id" { + description = "Compartment OCID to provision the volume" + type = string +} + +variable "display_name" { + description = "DetectorTemplate identifier." + type = string + default = null +} + +variable "target_resource_id" { + description = "Resource ID which the target uses to monitor." + type = string + default = null +} + +variable "target_resource_type" { + description = "possible type of targets(compartment/HCMCloud/ERPCloud)" + type = string + default = null +} + +variable "prefix" { + description = "prefix for detector and responder recipes display names" + type = string + default = null +} + +variable "state" { + description = "The current state of the DetectorRule. Allowed Values: ACTIVE, CREATING, DELETED, DELETING, FAILED, INACTIVE, UPDATING" + type = string + default = null +} + +variable "description" { + description = "The target description." + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "tenancy_ocid" {} + +variable "target_responder_recipes" {} + +variable "target_detector_recipes" {} + diff --git a/modules/security/firewall/address-list/data.tf b/modules/security/firewall/address-list/data.tf new file mode 100644 index 0000000..12fa5c6 --- /dev/null +++ b/modules/security/firewall/address-list/data.tf @@ -0,0 +1,8 @@ +/*locals { + policy_ocid = data.oci_network_firewall_network_firewall_policies.fw-policy.network_firewall_policy_summary_collection[*].id + +} +data "oci_network_firewall_network_firewall_policies" "fw-policy" { + compartment_id = var.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", var.compartment_id)) > 0 ? var.compartment_id : var.compartment_ocids[var.compartment_id]) : var.compartment_ocids[var.compartment_id] + display_name = var.network_firewall_policy_id +*/ \ No newline at end of file diff --git a/modules/security/firewall/address-list/main.tf b/modules/security/firewall/address-list/main.tf new file mode 100644 index 0000000..d2e61a4 --- /dev/null +++ b/modules/security/firewall/address-list/main.tf @@ -0,0 +1,6 @@ +resource "oci_network_firewall_network_firewall_policy_address_list" "network_firewall_policy_address_list" { + name = var.address_list_name + network_firewall_policy_id = var.network_firewall_policy_id + type = var.address_type + addresses = var.addresses +} diff --git a/modules/security/firewall/address-list/oracle_provider_req.tf b/modules/security/firewall/address-list/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/security/firewall/address-list/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/security/firewall/address-list/output.tf b/modules/security/firewall/address-list/output.tf new file mode 100644 index 0000000..95c6fb0 --- /dev/null +++ b/modules/security/firewall/address-list/output.tf @@ -0,0 +1,3 @@ +output "address_tf_id" { + value = oci_network_firewall_network_firewall_policy_address_list.network_firewall_policy_address_list.id +} \ No newline at end of file diff --git a/modules/security/firewall/address-list/variable.tf b/modules/security/firewall/address-list/variable.tf new file mode 100644 index 0000000..eb76423 --- /dev/null +++ b/modules/security/firewall/address-list/variable.tf @@ -0,0 +1,95 @@ +variable "compartment_id" { + type = string + default = null +} +variable "subnet_name" { + type = string + default = null +} + +variable "vcn_name" { + type = string + default = null +} +variable "network_firewall_policy_id" { + type = string + default = null +} + +variable "display_name" { + type = string + default = null +} + +variable "address_list_name" { + type = string + default = null +} +variable "address_type" { + type = string + default = null +} +variable "addresses" { + type = list(string) + default = [] +} + +variable "ipv4address" { + type = string + default = null +} + +variable "icmp_type" { + type = number + default = null +} + +variable "icmp_code" { + type = number + default = null +} +variable "minimum_port" { + type = number + default = null +} + +variable "maximum_port" { + type = number + default = null +} + +variable "service_name" { + type = string + default = null +} + +variable "service" { + type = string + default = null +} + +variable "service_type" { + type = string + default = null +} + +variable "region" { + type = string + default = null +} + +variable "type" { + type = string + default = null +} + +variable "name" { + type = string + default = null +} + + + + + + diff --git a/modules/security/firewall/application-group/data.tf b/modules/security/firewall/application-group/data.tf new file mode 100644 index 0000000..12fa5c6 --- /dev/null +++ b/modules/security/firewall/application-group/data.tf @@ -0,0 +1,8 @@ +/*locals { + policy_ocid = data.oci_network_firewall_network_firewall_policies.fw-policy.network_firewall_policy_summary_collection[*].id + +} +data "oci_network_firewall_network_firewall_policies" "fw-policy" { + compartment_id = var.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", var.compartment_id)) > 0 ? var.compartment_id : var.compartment_ocids[var.compartment_id]) : var.compartment_ocids[var.compartment_id] + display_name = var.network_firewall_policy_id +*/ \ No newline at end of file diff --git a/modules/security/firewall/application-group/main.tf b/modules/security/firewall/application-group/main.tf new file mode 100644 index 0000000..51537bb --- /dev/null +++ b/modules/security/firewall/application-group/main.tf @@ -0,0 +1,6 @@ +resource "oci_network_firewall_network_firewall_policy_application_group" "network_firewall_policy_application_group" { + #Required + apps = var.apps + name = var.app_group_name + network_firewall_policy_id = var.network_firewall_policy_id +} \ No newline at end of file diff --git a/modules/security/firewall/application-group/oracle_provider_req.tf b/modules/security/firewall/application-group/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/security/firewall/application-group/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/security/firewall/application-group/output.tf b/modules/security/firewall/application-group/output.tf new file mode 100644 index 0000000..77d7cf0 --- /dev/null +++ b/modules/security/firewall/application-group/output.tf @@ -0,0 +1,3 @@ +output "application_group_tf_id" { + value = oci_network_firewall_network_firewall_policy_application_group.network_firewall_policy_application_group.id +} \ No newline at end of file diff --git a/modules/security/firewall/application-group/variable.tf b/modules/security/firewall/application-group/variable.tf new file mode 100644 index 0000000..1d45ba5 --- /dev/null +++ b/modules/security/firewall/application-group/variable.tf @@ -0,0 +1,111 @@ +variable "compartment_id" { + type = string + default = null +} +variable "app_group_name" { + type = string + default = null +} +variable "apps" { + type = list(string) + default = [] +} +variable "subnet_name" { + type = string + default = null +} +variable "vcn_name" { + type = string + default = null +} +variable "network_firewall_policy_id" { + type = string + default = null +} + +variable "display_name" { + type = string + default = null +} + +variable "address_list_name" { + type = string + default = null +} +variable "address_type" { + type = string + default = null +} +variable "addresses" { + type = list(string) + default = [] +} + +variable "ipv4address" { + type = string + default = null +} + +variable "icmp_type" { + type = number + default = null + +} +variable "app_type" { + type = string + default = null + +} +variable "app_list_name" { + type = string + default = null + +} + +variable "icmp_code" { + type = number + default = null +} +variable "minimum_port" { + type = number + default = null +} + +variable "maximum_port" { + type = number + default = null +} + +variable "service_name" { + type = string + default = null +} + +variable "service" { + type = string + default = null +} + +variable "service_type" { + type = string + default = null +} + +variable "region" { + type = string + default = "us-ashburn-1" +} + +variable "type" { + type = string + default = null +} + +variable "name" { + type = string + default = null +} + + + + diff --git a/modules/security/firewall/application/data.tf b/modules/security/firewall/application/data.tf new file mode 100644 index 0000000..12fa5c6 --- /dev/null +++ b/modules/security/firewall/application/data.tf @@ -0,0 +1,8 @@ +/*locals { + policy_ocid = data.oci_network_firewall_network_firewall_policies.fw-policy.network_firewall_policy_summary_collection[*].id + +} +data "oci_network_firewall_network_firewall_policies" "fw-policy" { + compartment_id = var.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", var.compartment_id)) > 0 ? var.compartment_id : var.compartment_ocids[var.compartment_id]) : var.compartment_ocids[var.compartment_id] + display_name = var.network_firewall_policy_id +*/ \ No newline at end of file diff --git a/modules/security/firewall/application/main.tf b/modules/security/firewall/application/main.tf new file mode 100644 index 0000000..30727d2 --- /dev/null +++ b/modules/security/firewall/application/main.tf @@ -0,0 +1,10 @@ +resource "oci_network_firewall_network_firewall_policy_application" "network_firewall_policy_application" { + #Required + icmp_type = var.icmp_type + name = var.app_list_name + network_firewall_policy_id = var.network_firewall_policy_id + type = var.app_type + + #Optional + icmp_code = var.icmp_code +} \ No newline at end of file diff --git a/modules/security/firewall/application/oracle_provider_req.tf b/modules/security/firewall/application/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/security/firewall/application/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/security/firewall/application/output.tf b/modules/security/firewall/application/output.tf new file mode 100644 index 0000000..41b2674 --- /dev/null +++ b/modules/security/firewall/application/output.tf @@ -0,0 +1,3 @@ +output "application_tf_id" { + value = oci_network_firewall_network_firewall_policy_application.network_firewall_policy_application.id +} \ No newline at end of file diff --git a/modules/security/firewall/application/variable.tf b/modules/security/firewall/application/variable.tf new file mode 100644 index 0000000..b152023 --- /dev/null +++ b/modules/security/firewall/application/variable.tf @@ -0,0 +1,105 @@ + +variable "compartment_id" { + type = string + default = null +} +variable "subnet_name" { + type = string + default = null +} + +variable "vcn_name" { + type = string + default = null +} +variable "network_firewall_policy_id" { + type = string + default = null +} + +variable "display_name" { + type = string + default = null +} + +variable "address_list_name" { + type = string + default = null +} +variable "address_type" { + type = string + default = null +} +variable "addresses" { + type = list(string) + default = [] +} + +variable "ipv4address" { + type = string + default = null +} + +variable "icmp_type" { + type = number + default = null + +} +variable "app_type" { + type = string + default = null + +} +variable "app_list_name" { + type = string + default = null + +} + +variable "icmp_code" { + type = number + default = null +} +variable "minimum_port" { + type = number + default = null +} + +variable "maximum_port" { + type = number + default = null +} + +variable "service_name" { + type = string + default = null +} + +variable "service" { + type = string + default = null +} + +variable "service_type" { + type = string + default = null +} + +variable "region" { + type = string + default = null +} + +variable "type" { + type = string + default = null +} + +variable "name" { + type = string + default = null +} + + + + diff --git a/modules/security/firewall/decryption-profile/data.tf b/modules/security/firewall/decryption-profile/data.tf new file mode 100644 index 0000000..12fa5c6 --- /dev/null +++ b/modules/security/firewall/decryption-profile/data.tf @@ -0,0 +1,8 @@ +/*locals { + policy_ocid = data.oci_network_firewall_network_firewall_policies.fw-policy.network_firewall_policy_summary_collection[*].id + +} +data "oci_network_firewall_network_firewall_policies" "fw-policy" { + compartment_id = var.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", var.compartment_id)) > 0 ? var.compartment_id : var.compartment_ocids[var.compartment_id]) : var.compartment_ocids[var.compartment_id] + display_name = var.network_firewall_policy_id +*/ \ No newline at end of file diff --git a/modules/security/firewall/decryption-profile/main.tf b/modules/security/firewall/decryption-profile/main.tf new file mode 100644 index 0000000..a45aa3b --- /dev/null +++ b/modules/security/firewall/decryption-profile/main.tf @@ -0,0 +1,15 @@ +resource "oci_network_firewall_network_firewall_policy_decryption_profile" "network_firewall_policy_decryption_profile" { + #Required + name = var.profile_name + type = var.profile_type + network_firewall_policy_id = var.network_firewall_policy_id + are_certificate_extensions_restricted = var.are_certificate_extensions_restricted + is_auto_include_alt_name = var.is_auto_include_alt_name + is_expired_certificate_blocked = var.is_expired_certificate_blocked + is_out_of_capacity_blocked =var.is_out_of_capacity_blocked + is_revocation_status_timeout_blocked = var.is_revocation_status_timeout_blocked + is_unknown_revocation_status_blocked = var.is_unknown_revocation_status_blocked + is_unsupported_cipher_blocked = var.is_unsupported_cipher_blocked + is_unsupported_version_blocked = var.is_unsupported_version_blocked + is_untrusted_issuer_blocked = var.is_untrusted_issuer_blocked +} \ No newline at end of file diff --git a/modules/security/firewall/decryption-profile/oracle_provider_req.tf b/modules/security/firewall/decryption-profile/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/security/firewall/decryption-profile/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/security/firewall/decryption-profile/output.tf b/modules/security/firewall/decryption-profile/output.tf new file mode 100644 index 0000000..368e1ab --- /dev/null +++ b/modules/security/firewall/decryption-profile/output.tf @@ -0,0 +1,3 @@ +output "decrypt_profile_tf_id" { + value = oci_network_firewall_network_firewall_policy_decryption_profile.network_firewall_policy_decryption_profile.id +} \ No newline at end of file diff --git a/modules/security/firewall/decryption-profile/variable.tf b/modules/security/firewall/decryption-profile/variable.tf new file mode 100644 index 0000000..ffc9474 --- /dev/null +++ b/modules/security/firewall/decryption-profile/variable.tf @@ -0,0 +1,176 @@ +variable "compartment_id" { + type = string + default = null +} +variable "app_group_name" { + type = string + default = null +} +variable "apps" { + type = list(string) + default = [] +} +variable "subnet_name" { + type = string + default = null +} +variable "vcn_name" { + type = string + default = null +} +variable "network_firewall_policy_id" { + type = string + default = null +} + +variable "display_name" { + type = string + default = null +} + +variable "address_list_name" { + type = string + default = null +} +variable "address_type" { + type = string + default = null +} +variable "addresses" { + type = list(string) + default = [] +} + +variable "ipv4address" { + type = string + default = null +} + +variable "icmp_type" { + type = number + default = null + +} +variable "app_type" { + type = string + default = null + +} +variable "app_list_name" { + type = string + default = null + +} + +variable "icmp_code" { + type = number + default = null +} +variable "minimum_port" { + type = number + default = null +} + +variable "maximum_port" { + type = number + default = null +} + +variable "service_name" { + type = string + default = null +} + +variable "service" { + type = string + default = null +} + +variable "service_type" { + type = string + default = null +} + +variable "region" { + type = string + default = "us-ashburn-1" +} + +variable "type" { + type = string + default = null +} + +variable "name" { + type = string + default = null +} + +variable "secret_name" { + type = string + default = null +} +variable "secret_source" { + type = string + default = null +} +variable "secret_type" { + type = string + default = null +} +variable "vault_secret_id" { + type = string + default = null +} +variable "version_number" { + type = string + default = null +} + +variable "are_certificate_extensions_restricted" { + type = bool + default = "true" +} +variable "is_auto_include_alt_name" { + type = bool + default = "true" +} +variable "is_expired_certificate_blocked" { + type = bool + default = "true" +} +variable "is_out_of_capacity_blocked" { + type = bool +} +variable "is_revocation_status_timeout_blocked" { + type = bool +} +variable "is_unknown_revocation_status_blocked" { + type = bool + default = "true" +} +variable "is_unsupported_cipher_blocked" { + type = bool + default = "true" +} +variable "is_unsupported_version_blocked" { + type = bool + default = "true" +} +variable "is_untrusted_issuer_blocked" { + type = bool + default = "true" +} + +variable "profile_name" { + type = string + default = null +} + +variable "profile_type" { + type = string + default = null +} + + + diff --git a/modules/security/firewall/decryption-rules/data.tf b/modules/security/firewall/decryption-rules/data.tf new file mode 100644 index 0000000..12fa5c6 --- /dev/null +++ b/modules/security/firewall/decryption-rules/data.tf @@ -0,0 +1,8 @@ +/*locals { + policy_ocid = data.oci_network_firewall_network_firewall_policies.fw-policy.network_firewall_policy_summary_collection[*].id + +} +data "oci_network_firewall_network_firewall_policies" "fw-policy" { + compartment_id = var.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", var.compartment_id)) > 0 ? var.compartment_id : var.compartment_ocids[var.compartment_id]) : var.compartment_ocids[var.compartment_id] + display_name = var.network_firewall_policy_id +*/ \ No newline at end of file diff --git a/modules/security/firewall/decryption-rules/main.tf b/modules/security/firewall/decryption-rules/main.tf new file mode 100644 index 0000000..1d27a89 --- /dev/null +++ b/modules/security/firewall/decryption-rules/main.tf @@ -0,0 +1,18 @@ +resource "oci_network_firewall_network_firewall_policy_decryption_rule" "network_firewall_policy_decryption_rule" { + lifecycle { + ignore_changes = [position] + } + name = var.rule_name + action = var.action + network_firewall_policy_id = var.network_firewall_policy_id + condition { + destination_address = var.destination_address + source_address = var.source_address + } + decryption_profile = var.decryption_profile + secret = var.secret + position { + after_rule = var.after_rule + before_rule = var.before_rule + } +} diff --git a/modules/security/firewall/decryption-rules/oracle_provider_req.tf b/modules/security/firewall/decryption-rules/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/security/firewall/decryption-rules/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/security/firewall/decryption-rules/output.tf b/modules/security/firewall/decryption-rules/output.tf new file mode 100644 index 0000000..ab1ef82 --- /dev/null +++ b/modules/security/firewall/decryption-rules/output.tf @@ -0,0 +1,3 @@ +output "decrypt_rules_tf_id" { + value = oci_network_firewall_network_firewall_policy_decryption_rule.network_firewall_policy_decryption_rule.id +} \ No newline at end of file diff --git a/modules/security/firewall/decryption-rules/variable.tf b/modules/security/firewall/decryption-rules/variable.tf new file mode 100644 index 0000000..e1e4ef3 --- /dev/null +++ b/modules/security/firewall/decryption-rules/variable.tf @@ -0,0 +1,159 @@ +variable "compartment_id" { + type = string + default = null +} +variable "subnet_name" { + type = string + default = null +} + +variable "vcn_name" { + type = string + default = null +} +variable "network_firewall_policy_id" { + type = string + default = null +} + +variable "display_name" { + type = string + default = null +} + +variable "ipv4address" { + type = string + default = null +} + +variable "icmp_type" { + type = number + default = null + +} + +variable "icmp_code" { + type = number + default = null +} +variable "minimum_port" { + type = number + default = null +} + +variable "maximum_port" { + type = number + default = null +} + +variable "service_name" { + type = string + default = null +} + +variable "service_type" { + type = string + default = null +} + +variable "region" { + type = string + default = "us-ashburn-1" +} + +variable "type" { + type = string + default = null +} + +variable "name" { + type = string + default = null +} + +variable "policy" { + type = map(any) + default = {} +} + +variable "service_port_ranges" { + type = map(any) + default = {} +} + +variable "key_name" { + type = string + default = null +} + +variable "rule_condition" { + type = map(any) + default = {} +} +variable "rule_position" { + type = map(any) + default = {} +} +variable "key_name1" { + type = string + default = null +} + +variable "key_name2" { + type = string + default = null +} + +variable "rule_name" { + type = string + default = null +} + +variable "action" { + type = string + default = null +} +variable "application" { + type = list(string) + default = [] +} +variable "destination_address" { + type = list(string) + default = [] +} +variable "source_address" { + type = list(string) + default = [] +} +variable "url" { + type = list(string) + default = [] +} +variable "service" { + type = list(string) + default = [] +} + +variable "after_rule" { + type = string + default = null +} +variable "before_rule" { + type = string + default = null +} +variable "inspection" { + type = string + default = null +} +variable "secret" { + type = string + default = null +} +variable "decryption_profile" { + type = string + default = null +} + + + diff --git a/modules/security/firewall/firewall-policy/main.tf b/modules/security/firewall/firewall-policy/main.tf new file mode 100644 index 0000000..ba7771d --- /dev/null +++ b/modules/security/firewall/firewall-policy/main.tf @@ -0,0 +1,11 @@ +resource "oci_network_firewall_network_firewall_policy" "network_firewall_policy" { + compartment_id = var.compartment_id + display_name = var.display_name + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + lifecycle { + ignore_changes = [defined_tags["Oracle-Tags.CreatedOn"], defined_tags["Oracle-Tags.CreatedBy"],defined_tags["SE_Details.SE_Name"]] + } + +} + diff --git a/modules/security/firewall/firewall-policy/oracle_provider_req.tf b/modules/security/firewall/firewall-policy/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/security/firewall/firewall-policy/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/security/firewall/firewall-policy/output.tf b/modules/security/firewall/firewall-policy/output.tf new file mode 100644 index 0000000..e7be38d --- /dev/null +++ b/modules/security/firewall/firewall-policy/output.tf @@ -0,0 +1,3 @@ +output "policy_tf_id" { + value = oci_network_firewall_network_firewall_policy.network_firewall_policy.id +} \ No newline at end of file diff --git a/modules/security/firewall/firewall-policy/variable.tf b/modules/security/firewall/firewall-policy/variable.tf new file mode 100644 index 0000000..8d77590 --- /dev/null +++ b/modules/security/firewall/firewall-policy/variable.tf @@ -0,0 +1,88 @@ + +variable "compartment_id" { + type = string + default = null +} +variable "subnet_name" { + type = string + default = null +} + +variable "vcn_name" { + type = string + default = null +} +variable "network_firewall_policy_id" { + type = string + default = null +} + +variable "display_name" { + type = string + default = null +} + +variable "ipv4address" { + type = string + default = null +} + +variable "icmp_type" { + type = number + default = null +} + +variable "icmp_code" { + type = number + default = null +} +variable "minimum_port" { + type = number + default = null +} + +variable "maximum_port" { + type = number + default = null +} + +variable "service_name" { + type = string + default = null +} + +variable "service_type" { + type = string + default = null +} + +variable "region" { + type = string + default = null +} + +variable "type" { + type = string + default = null +} + +variable "name" { + type = string + default = null +} + +variable "policy" { + type = map(any) + default = {} +} + + +variable "defined_tags" { + type = map(any) + default = {} +} + +variable "freeform_tags" { + type = map(any) + default = {} +} diff --git a/modules/security/firewall/firewall/data.tf b/modules/security/firewall/firewall/data.tf new file mode 100644 index 0000000..68978ed --- /dev/null +++ b/modules/security/firewall/firewall/data.tf @@ -0,0 +1,23 @@ +data "oci_core_vcns" "firewall_vcn" { + compartment_id = var.compartment_id != null ? var.compartment_id : var.compartment_id + display_name = var.vcn_name != null ? var.vcn_name : var.vcn_name +} + +data "oci_core_network_security_groups" "network_security_groups" { + for_each = var.nsg_id != null ? { for nsg in var.nsg_id : nsg => nsg } : {} + compartment_id = var.compartment_id != null ? var.compartment_id : var.compartment_id + display_name = each.value + vcn_id = data.oci_core_vcns.firewall_vcn.virtual_networks.*.id[0] +} + + +locals { + nsg_id = var.nsg_id != null ? flatten(tolist([for nsg in var.nsg_id : (length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? [nsg] : data.oci_core_network_security_groups.network_security_groups[nsg].network_security_groups[*].id) ])) : null +} + + + +/* +output "nsgid" { + value = data.oci_core_network_security_groups.network_security_groups +}*/ \ No newline at end of file diff --git a/modules/security/firewall/firewall/main.tf b/modules/security/firewall/firewall/main.tf new file mode 100644 index 0000000..bdddd67 --- /dev/null +++ b/modules/security/firewall/firewall/main.tf @@ -0,0 +1,15 @@ +resource "oci_network_firewall_network_firewall" "network_firewall" { + compartment_id = var.compartment_id + network_firewall_policy_id = var.network_firewall_policy_id + subnet_id = var.subnet_id + display_name = var.display_name + ipv4address = var.ipv4address + ipv6address = var.ipv6address + availability_domain = var.availability_domain + network_security_group_ids = var.nsg_id != null ? (local.nsg_id == [] ? ["INVALID NSG Name"] : local.nsg_id) : null + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + lifecycle { + ignore_changes = [defined_tags["Oracle-Tags.CreatedOn"], defined_tags["Oracle-Tags.CreatedBy"], defined_tags["SE_Details.SE_Name"]] + } +} diff --git a/modules/security/firewall/firewall/oracle_provider_req.tf b/modules/security/firewall/firewall/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/security/firewall/firewall/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/security/firewall/firewall/output.tf b/modules/security/firewall/firewall/output.tf new file mode 100644 index 0000000..f0c3428 --- /dev/null +++ b/modules/security/firewall/firewall/output.tf @@ -0,0 +1,4 @@ +output "firewall_tf_id" { + value = oci_network_firewall_network_firewall.network_firewall.id +} + diff --git a/modules/security/firewall/firewall/variable.tf b/modules/security/firewall/firewall/variable.tf new file mode 100644 index 0000000..a7a9b50 --- /dev/null +++ b/modules/security/firewall/firewall/variable.tf @@ -0,0 +1,79 @@ +variable "compartment_id" { + type = string + default = null + } + +variable "network_compartment_id" { + type = string + default = null + } + + +variable "subnet_id" { + type = string + default = null +} + +variable "vcn_name" { + type = string + default = null +} +variable "network_firewall_policy_id" { + type = string + default = null +} + +variable "display_name" { + type = string + default = null +} + +variable "ipv4address" { + type = string + default = null +} +variable "ipv6address" { + type = string + default = null +} +variable "availability_domain" { + type = string + default = null +} +variable "network_security_group_ids" { + type = list + default = [] +} +variable "nsg_id" { + type = list + default = [] +} +variable "policy_id" { + type = string + default = null +} + +variable "region" { + type = string + default = null +} + +variable "type" { + type = string + default = null +} + +variable "name" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = {} +} + +variable "freeform_tags" { + type = map(any) + default = {} +} diff --git a/modules/security/firewall/secret/data.tf b/modules/security/firewall/secret/data.tf new file mode 100644 index 0000000..ab898fd --- /dev/null +++ b/modules/security/firewall/secret/data.tf @@ -0,0 +1,18 @@ +data "oci_kms_vaults" "fw_vault" { + compartment_id = var.compartment_id != null ? var.compartment_id : var.compartment_id + filter { + name = "display_name" + values = [var.vault_name] + } +} + +data "oci_vault_secrets" "fw_secret" { + compartment_id = var.compartment_id != null ? var.compartment_id : var.compartment_id + name = var.vault_secret_id + vault_id = tostring(data.oci_kms_vaults.fw_vault.vaults[0].id) +} + +locals { + secret_ocid = tostring(data.oci_vault_secrets.fw_secret.secrets[0].id) + +} \ No newline at end of file diff --git a/modules/security/firewall/secret/main.tf b/modules/security/firewall/secret/main.tf new file mode 100644 index 0000000..f45c5be --- /dev/null +++ b/modules/security/firewall/secret/main.tf @@ -0,0 +1,9 @@ +resource "oci_network_firewall_network_firewall_policy_mapped_secret" "network_firewall_policy_mapped_secret" { + #Required + name = var.secret_name + network_firewall_policy_id = var.network_firewall_policy_id + source = var.secret_source + type = var.secret_type + vault_secret_id = local.secret_ocid + version_number = var.version_number +} \ No newline at end of file diff --git a/modules/security/firewall/secret/oracle_provider_req.tf b/modules/security/firewall/secret/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/security/firewall/secret/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/security/firewall/secret/output.tf b/modules/security/firewall/secret/output.tf new file mode 100644 index 0000000..a2fdd82 --- /dev/null +++ b/modules/security/firewall/secret/output.tf @@ -0,0 +1,3 @@ +output "secret_tf_id" { + value = oci_network_firewall_network_firewall_policy_mapped_secret.network_firewall_policy_mapped_secret.id +} diff --git a/modules/security/firewall/secret/variable.tf b/modules/security/firewall/secret/variable.tf new file mode 100644 index 0000000..c555f97 --- /dev/null +++ b/modules/security/firewall/secret/variable.tf @@ -0,0 +1,128 @@ + +variable "compartment_id" { + type = string + default = null +} +variable "app_group_name" { + type = string + default = null +} +variable "apps" { + type = list(string) + default = [] +} +variable "subnet_name" { + type = string + default = null +} +variable "vcn_name" { + type = string + default = null +} +variable "network_firewall_policy_id" { + type = string + default = null +} + +variable "display_name" { + type = string + default = null +} + +variable "address_list_name" { + type = string + default = null +} +variable "address_type" { + type = string + default = null +} +variable "addresses" { + type = list(string) + default = [] +} + + + +variable "ipv4address" { + type = string + default = null +} + + +variable "icmp_type" { + type = number + default = null + +} +variable "app_type" { + type = string + default = null + +} +variable "app_list_name" { + type = string + default = null + +} + +variable "icmp_code" { + type = number + default = null +} +variable "minimum_port" { + type = number + default = null +} + +variable "maximum_port" { + type = number + default = null +} + +variable "service_name" { + type = string + default = null +} + +variable "service" { + type = string + default = null +} + +variable "service_type" { + type = string + default = null +} +variable "region" { + type = string + default = null +} +variable "secret_name" { + type = string + default = null +} +variable "secret_source" { + type = string + default = null +} +variable "secret_type" { + type = string + default = null +} +variable "vault_secret_id" { + type = string + default = null +} +variable "vault_name" { + type = string + default = null +} +variable "version_number" { + type = string + default = null +} + + + + diff --git a/modules/security/firewall/security-rules/data.tf b/modules/security/firewall/security-rules/data.tf new file mode 100644 index 0000000..12fa5c6 --- /dev/null +++ b/modules/security/firewall/security-rules/data.tf @@ -0,0 +1,8 @@ +/*locals { + policy_ocid = data.oci_network_firewall_network_firewall_policies.fw-policy.network_firewall_policy_summary_collection[*].id + +} +data "oci_network_firewall_network_firewall_policies" "fw-policy" { + compartment_id = var.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", var.compartment_id)) > 0 ? var.compartment_id : var.compartment_ocids[var.compartment_id]) : var.compartment_ocids[var.compartment_id] + display_name = var.network_firewall_policy_id +*/ \ No newline at end of file diff --git a/modules/security/firewall/security-rules/main.tf b/modules/security/firewall/security-rules/main.tf new file mode 100644 index 0000000..31902d6 --- /dev/null +++ b/modules/security/firewall/security-rules/main.tf @@ -0,0 +1,20 @@ +resource "oci_network_firewall_network_firewall_policy_security_rule" "network_firewall_policy_security_rule" { + lifecycle { + ignore_changes = [position] + } + name = var.rule_name + action = var.action + network_firewall_policy_id = var.network_firewall_policy_id + condition { + application = var.application + destination_address = var.destination_address + service = var.service + source_address = var.source_address + url = var.url + } + inspection = var.inspection + position { + after_rule = var.after_rule + before_rule = var.before_rule + } +} diff --git a/modules/security/firewall/security-rules/oracle_provider_req.tf b/modules/security/firewall/security-rules/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/security/firewall/security-rules/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/security/firewall/security-rules/output.tf b/modules/security/firewall/security-rules/output.tf new file mode 100644 index 0000000..40b4b4e --- /dev/null +++ b/modules/security/firewall/security-rules/output.tf @@ -0,0 +1,3 @@ +output "secrules_tf_id" { + value = oci_network_firewall_network_firewall_policy_security_rule.network_firewall_policy_security_rule.id +} \ No newline at end of file diff --git a/modules/security/firewall/security-rules/variable.tf b/modules/security/firewall/security-rules/variable.tf new file mode 100644 index 0000000..b759c5f --- /dev/null +++ b/modules/security/firewall/security-rules/variable.tf @@ -0,0 +1,151 @@ + +variable "compartment_id" { + type = string + default = null +} +variable "subnet_name" { + type = string + default = null +} + +variable "vcn_name" { + type = string + default = null +} +variable "network_firewall_policy_id" { + type = string + default = null +} + +variable "display_name" { + type = string + default = null +} + +variable "ipv4address" { + type = string + default = null +} + +variable "icmp_type" { + type = number + default = null +} + +variable "icmp_code" { + type = number + default = null +} +variable "minimum_port" { + type = number + default = null +} + +variable "maximum_port" { + type = number + default = null +} + +variable "service_name" { + type = string + default = null +} + +variable "service_type" { + type = string + default = null +} + +variable "region" { + type = string + default = null +} + +variable "type" { + type = string + default = null +} + +variable "name" { + type = string + default = null +} + +variable "policy" { + type = map(any) + default = {} +} + +variable "service_port_ranges" { + type = map(any) + default = {} +} + +variable "key_name" { + type = string + default = null +} + +variable "rule_condition" { + type = map(any) + default = {} +} +variable "rule_position" { + type = map(any) + default = {} +} +variable "key_name1" { + type = string + default = null +} + +variable "key_name2" { + type = string + default = null +} + +variable "rule_name" { + type = string + default = null +} + +variable "action" { + type = string + default = null +} +variable "application" { + type = list(string) + default = [] +} +variable "destination_address" { + type = list(string) + default = [] +} +variable "source_address" { + type = list(string) + default = [] +} +variable "url" { + type = list(string) + default = [] +} +variable "service" { + type = list(string) + default = [] +} + +variable "after_rule" { + type = string + default = null +} +variable "before_rule" { + type = string + default = null +} +variable "inspection" { + type = string + default = null +} + + + diff --git a/modules/security/firewall/service-list/data.tf b/modules/security/firewall/service-list/data.tf new file mode 100644 index 0000000..a683419 --- /dev/null +++ b/modules/security/firewall/service-list/data.tf @@ -0,0 +1,11 @@ +/* +locals { + services = var.services != null ? flatten(tolist([for sid in var.services : (length(regexall("ocid1.networkfirewallpolicy.oc*", sid)) > 0 ? [sid] : data.oci_network_firewall_network_firewall_policy_services.fw-services[sid].*.name)])) : null + +} +data "oci_network_firewall_network_firewall_policy_services" "fw-services" { + for_each = var.services != null ? { for sid in var.services : sid => sid } : {} + network_firewall_policy_id = var.network_firewall_policy_id + display_name = each.value +} +*/ \ No newline at end of file diff --git a/modules/security/firewall/service-list/main.tf b/modules/security/firewall/service-list/main.tf new file mode 100644 index 0000000..d462830 --- /dev/null +++ b/modules/security/firewall/service-list/main.tf @@ -0,0 +1,6 @@ +resource "oci_network_firewall_network_firewall_policy_service_list" "network_firewall_policy_service_list" { + name = var.service_list_name + network_firewall_policy_id = var.network_firewall_policy_id + services = var.services + #services = var.services != null ? (local.services == null ? ["INVALID SERVICE"] : local.services) : null +} \ No newline at end of file diff --git a/modules/security/firewall/service-list/oracle_provider_req.tf b/modules/security/firewall/service-list/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/security/firewall/service-list/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/security/firewall/service-list/output.tf b/modules/security/firewall/service-list/output.tf new file mode 100644 index 0000000..9a04cbb --- /dev/null +++ b/modules/security/firewall/service-list/output.tf @@ -0,0 +1,3 @@ +output "service-list_tf_id" { + value = oci_network_firewall_network_firewall_policy_service_list.network_firewall_policy_service_list.id +} \ No newline at end of file diff --git a/modules/security/firewall/service-list/variable.tf b/modules/security/firewall/service-list/variable.tf new file mode 100644 index 0000000..f65b569 --- /dev/null +++ b/modules/security/firewall/service-list/variable.tf @@ -0,0 +1,100 @@ +variable "compartment_id" { + type = string + default = null +} +variable "subnet_name" { + type = string + default = null +} + +variable "vcn_name" { + type = string + default = null +} +variable "network_firewall_policy_id" { + type = string + default = null +} + +variable "display_name" { + type = string + default = null +} + +variable "ipv4address" { + type = string + default = null +} + +variable "icmp_type" { + type = number + default = null +} + +variable "icmp_code" { + type = number + default = null +} +variable "minimum_port" { + type = number + default = null +} + +variable "maximum_port" { + type = number + default = null +} + +variable "service_name" { + type = string + default = null +} + +variable "service_type" { + type = string + default = null +} + +variable "region" { + type = string + default = null +} + +variable "type" { + type = string + default = null +} + +variable "name" { + type = string + default = null +} + +variable "policy" { + type = map(any) + default = {} +} + +variable "service_port_ranges" { + type = map(any) + default = {} +} + +variable "key_name" { + type = string + default = null +} +variable "service_list_name" { + type = string + default = null +} + +variable "services" { + type = list(string) + default = [] +} + + + + + diff --git a/modules/security/firewall/service/data.tf b/modules/security/firewall/service/data.tf new file mode 100644 index 0000000..12fa5c6 --- /dev/null +++ b/modules/security/firewall/service/data.tf @@ -0,0 +1,8 @@ +/*locals { + policy_ocid = data.oci_network_firewall_network_firewall_policies.fw-policy.network_firewall_policy_summary_collection[*].id + +} +data "oci_network_firewall_network_firewall_policies" "fw-policy" { + compartment_id = var.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", var.compartment_id)) > 0 ? var.compartment_id : var.compartment_ocids[var.compartment_id]) : var.compartment_ocids[var.compartment_id] + display_name = var.network_firewall_policy_id +*/ \ No newline at end of file diff --git a/modules/security/firewall/service/main.tf b/modules/security/firewall/service/main.tf new file mode 100644 index 0000000..8344d4b --- /dev/null +++ b/modules/security/firewall/service/main.tf @@ -0,0 +1,18 @@ +resource "oci_network_firewall_network_firewall_policy_service" "network_firewall_policy_service" { + name = var.service_name + network_firewall_policy_id = var.network_firewall_policy_id + dynamic "port_ranges" { + for_each = var.port_ranges != null ? var.port_ranges : [] + #for_each = var.service_port_ranges[var.key_name].port_ranges != null ? var.service_port_ranges[var.key_name].port_ranges : [] + /*content { + minimum_port = port_ranges.value.minimum_port + maximum_port = port_ranges.value.maximum_port + }*/ + content { + minimum_port = port_ranges.value.minimum_port + maximum_port = port_ranges.value.maximum_port + } + } + + type = var.service_type +} diff --git a/modules/security/firewall/service/oracle_provider_req.tf b/modules/security/firewall/service/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/security/firewall/service/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/security/firewall/service/output.tf b/modules/security/firewall/service/output.tf new file mode 100644 index 0000000..c38136f --- /dev/null +++ b/modules/security/firewall/service/output.tf @@ -0,0 +1,3 @@ +output "service_tf_id" { + value = oci_network_firewall_network_firewall_policy_service.network_firewall_policy_service.id +} \ No newline at end of file diff --git a/modules/security/firewall/service/variable.tf b/modules/security/firewall/service/variable.tf new file mode 100644 index 0000000..5c5a814 --- /dev/null +++ b/modules/security/firewall/service/variable.tf @@ -0,0 +1,95 @@ +variable "compartment_id" { + type = string + default = null +} +variable "subnet_name" { + type = string + default = null +} + +variable "vcn_name" { + type = string + default = null +} +variable "network_firewall_policy_id" { + type = string + default = null +} + +variable "display_name" { + type = string + default = null +} + +variable "ipv4address" { + type = string + default = null +} + +variable "icmp_type" { + type = number + default = null +} + +variable "icmp_code" { + type = number + default = null +} +variable "minimum_port" { + type = number + default = null +} + +variable "maximum_port" { + type = number + default = null +} + +variable "service_name" { + type = string + default = null +} + +variable "service" { + type = string + default = null +} + +variable "service_type" { + type = string + default = null +} + +variable "region" { + type = string + default = null +} + +variable "type" { + type = string + default = null +} + +variable "name" { + type = string + default = null +} + +variable "policy" { + type = map(any) + default = {} +} + +variable "port_ranges" { + type = list(any) + default = [] +} + +variable "key_name" { + type = string + default = null +} + + + + diff --git a/modules/security/firewall/url-list/data.tf b/modules/security/firewall/url-list/data.tf new file mode 100644 index 0000000..12fa5c6 --- /dev/null +++ b/modules/security/firewall/url-list/data.tf @@ -0,0 +1,8 @@ +/*locals { + policy_ocid = data.oci_network_firewall_network_firewall_policies.fw-policy.network_firewall_policy_summary_collection[*].id + +} +data "oci_network_firewall_network_firewall_policies" "fw-policy" { + compartment_id = var.compartment_id != null ? (length(regexall("ocid1.compartment.oc*", var.compartment_id)) > 0 ? var.compartment_id : var.compartment_ocids[var.compartment_id]) : var.compartment_ocids[var.compartment_id] + display_name = var.network_firewall_policy_id +*/ \ No newline at end of file diff --git a/modules/security/firewall/url-list/main.tf b/modules/security/firewall/url-list/main.tf new file mode 100644 index 0000000..cf567b4 --- /dev/null +++ b/modules/security/firewall/url-list/main.tf @@ -0,0 +1,11 @@ +resource "oci_network_firewall_network_firewall_policy_url_list" "network_firewall_policy_url_list" { + name = var.urllist_name + network_firewall_policy_id = var.network_firewall_policy_id + dynamic "urls" { + for_each = var.urls_details != null ? var.urls_details : [] + content { + pattern = urls.value.pattern + type = urls.value.type + } + } +} diff --git a/modules/security/firewall/url-list/oracle_provider_req.tf b/modules/security/firewall/url-list/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/security/firewall/url-list/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/security/firewall/url-list/output.tf b/modules/security/firewall/url-list/output.tf new file mode 100644 index 0000000..3fd27e5 --- /dev/null +++ b/modules/security/firewall/url-list/output.tf @@ -0,0 +1,3 @@ +output "url_tf_id" { + value = oci_network_firewall_network_firewall_policy_url_list.network_firewall_policy_url_list.id +} \ No newline at end of file diff --git a/modules/security/firewall/url-list/variable.tf b/modules/security/firewall/url-list/variable.tf new file mode 100644 index 0000000..fc19dab --- /dev/null +++ b/modules/security/firewall/url-list/variable.tf @@ -0,0 +1,109 @@ +variable "compartment_id" { + type = string + default = null +} +variable "subnet_name" { + type = string + default = null +} + +variable "vcn_name" { + type = string + default = null +} +variable "network_firewall_policy_id" { + type = string + default = null +} + +variable "display_name" { + type = string + default = null +} + +variable "ipv4address" { + type = string + default = null +} + +variable "urllist_name" { + type = string + default = null +} +variable "pattern" { + type = string + default = null +} +variable "urls_details" { + type = list(any) + default = [] +} + +variable "icmp_type" { + type = number + default = null +} + +variable "icmp_code" { + type = number + default = null +} +variable "minimum_port" { + type = number + default = null +} + +variable "maximum_port" { + type = number + default = null +} + +variable "service_name" { + type = string + default = null +} + +variable "service" { + type = string + default = null +} + +variable "service_type" { + type = string + default = null +} + +variable "region" { + type = string + default = null +} + +variable "type" { + type = string + default = null +} + +variable "name" { + type = string + default = null +} + + +variable "policy" { + type = map(any) + default = {} +} + +variable "service_port_ranges" { + type = map(any) + default = {} +} + +variable "key_name" { + type = string + default = null +} + + + + diff --git a/modules/security/key/main.tf b/modules/security/key/main.tf new file mode 100755 index 0000000..0dfecb0 --- /dev/null +++ b/modules/security/key/main.tf @@ -0,0 +1,33 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Resource Block - Security +## Create Key +################################ + +resource "oci_kms_key" "key" { + #Required + compartment_id = var.compartment_id + display_name = var.display_name + key_shape { + #Required + algorithm = var.algorithm + length = var.length + + #Optional + curve_id = var.curve_id + } + management_endpoint = var.management_endpoint + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags + protection_mode = var.protection_mode != "" ? var.protection_mode : null + is_auto_rotation_enabled = var.is_auto_rotation_enabled + dynamic "auto_key_rotation_details" { + for_each = coalesce(var.is_auto_rotation_enabled, false) ? [1] : [] + content { + rotation_interval_in_days = var.rotation_interval_in_days + } + } +} \ No newline at end of file diff --git a/modules/security/key/oracle_provider_req.tf b/modules/security/key/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/security/key/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/security/key/outputs.tf b/modules/security/key/outputs.tf new file mode 100755 index 0000000..82cfbd9 --- /dev/null +++ b/modules/security/key/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Outputs Block - Security +## Create Key +################################ + +output "key_tf_id" { + value = oci_kms_key.key.id +} \ No newline at end of file diff --git a/modules/security/key/variables.tf b/modules/security/key/variables.tf new file mode 100755 index 0000000..402458f --- /dev/null +++ b/modules/security/key/variables.tf @@ -0,0 +1,76 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################# +## Variables Block - Security +## Create Key +################################# + +variable "compartment_id" { + description = "Compartment OCID to provision the volume" + type = string +} + +variable "vault_type" { + description = "The type of vault to create" + type = string + default = null +} + +variable "algorithm" { + description = "The algorithm used by a key's key versions to encrypt or decrypt." + type = string + default = "AES" +} + +variable "length" { + description = "The length of the key in bytes, expressed as an integer. Supported values include the following: AES: 16, 24, or 32 RSA: 256, 384, or 512 ECDSA: 32, 48, or 66" + type = number + default = 256 +} + +variable "curve_id" { + description = "Supported curve IDs for ECDSA keys." + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "display_name" { + description = "User-friendly name to the Key" + type = string +} + +variable "protection_mode" { + description = "The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed." + type = string + default = "HSM" +} + +variable "management_endpoint" { + description = "Vault ID" + type = string + default = null +} + +variable "rotation_interval_in_days"{ + description = "The interval of auto key rotation. For auto key rotation the interval should between 30 day and 365 days (1 year)." + type = string + default = "30" +} + +variable "is_auto_rotation_enabled"{ + description = "A parameter specifying whether the auto key rotation is enabled or not." + type = bool + default = false +} \ No newline at end of file diff --git a/modules/security/vault/main.tf b/modules/security/vault/main.tf new file mode 100755 index 0000000..bce4c2e --- /dev/null +++ b/modules/security/vault/main.tf @@ -0,0 +1,24 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Resource Block - Security +## Create Vault +################################ + +resource "oci_kms_vault" "vault" { + #Required + compartment_id = var.compartment_id + display_name = var.display_name + vault_type = var.vault_type + + #Optional + defined_tags = var.defined_tags + freeform_tags = var.freeform_tags +} + +resource "oci_kms_vault_replication" "vault_replication" { + count = var.replica_region != null ? 1 : 0 + #Required + vault_id = oci_kms_vault.vault.id + replica_region = var.replica_region +} \ No newline at end of file diff --git a/modules/security/vault/oracle_provider_req.tf b/modules/security/vault/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/security/vault/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/security/vault/outputs.tf b/modules/security/vault/outputs.tf new file mode 100755 index 0000000..d724ebb --- /dev/null +++ b/modules/security/vault/outputs.tf @@ -0,0 +1,14 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Outputs Block - Security +## Create Vault +################################ + +output "vault_tf_id" { + value = oci_kms_vault.vault.id +} + +output "management_endpoint_tf_id" { + value = oci_kms_vault.vault.management_endpoint +} diff --git a/modules/security/vault/variables.tf b/modules/security/vault/variables.tf new file mode 100755 index 0000000..d7a1ff8 --- /dev/null +++ b/modules/security/vault/variables.tf @@ -0,0 +1,40 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################# +## Variables Block - Security +## Create Vault +################################# + +variable "compartment_id" { + description = "Compartment OCID to provision the volume" + type = string +} + +variable "vault_type" { + description = "The type of vault to create" + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + + +variable "display_name" { + description = "User-friendly name to the Vault" + type = string +} + +variable "replica_region" { + description = "The region to be created replica to. When updated, replica will be deleted from old region, and created to updated region." + type = string +} diff --git a/modules/storage/block-volume/data.tf b/modules/storage/block-volume/data.tf new file mode 100644 index 0000000..6c3cd84 --- /dev/null +++ b/modules/storage/block-volume/data.tf @@ -0,0 +1,44 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Data Block - Block Volume +## Create Block Volume and Block Volume Backup Policy +################################ + +locals { + compartment_id = var.compartment_id + availability_domain = var.availability_domain +} + +data "oci_core_volumes" "all_volumes" { + depends_on = [oci_core_volume.block_volume] + count = var.block_tf_policy != null ? 1 : 0 + #Required + compartment_id = var.compartment_id + state = "AVAILABLE" + filter { + name = "display_name" + values = [var.display_name] + } + filter { + name = "state" + values = ["AVAILABLE"] + } +} + +data "oci_core_volume_backup_policies" "block_vol_backup_policy" { + count = var.block_tf_policy != null ? 1 : 0 + filter { + name = "display_name" + values = [lower(var.block_tf_policy)] + } +} + +data "oci_core_volume_backup_policies" "block_vol_custom_policy" { + count = var.block_tf_policy != null ? 1 : 0 + compartment_id = local.policy_tf_compartment_id + filter { + name = "display_name" + values = [var.block_tf_policy] + } +} \ No newline at end of file diff --git a/modules/storage/block-volume/main.tf b/modules/storage/block-volume/main.tf new file mode 100644 index 0000000..9e0622d --- /dev/null +++ b/modules/storage/block-volume/main.tf @@ -0,0 +1,91 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Resource Block - Block Volume +## Create Block Volume +################################ + +resource "oci_core_volume" "block_volume" { + availability_domain = local.availability_domain + compartment_id = local.compartment_id + freeform_tags = var.freeform_tags + defined_tags = var.defined_tags + display_name = var.display_name + is_auto_tune_enabled = var.is_auto_tune_enabled + vpus_per_gb = var.vpus_per_gb + kms_key_id = var.kms_key_id + size_in_gbs = var.size_in_gbs + dynamic autotune_policies { + for_each = var.autotune_policies != null ? var.autotune_policies : [] + content { + #Required + autotune_type = autotune_policies.value.autotune_type + #Optional + max_vpus_per_gb = autotune_policies.value.max_vpus_per_gb + } + } + dynamic source_details { + for_each = var.source_details != null ? var.source_details : [] + content { + #Required + id = (startswith(source_details.value.id,"ocid1.volume.oc") || startswith(source_details.value.id,"ocid1.volumebackup.oc") || startswith(source_details.value.id,"ocid1.blockvolumereplica.oc")) ? source_details.value.id : lookup(var.blockvolume_source_ocids,source_details.value.id,null) + type = source_details.value.type + } + } + dynamic block_volume_replicas { + for_each = var.block_volume_replicas != null ? var.block_volume_replicas : [] + content { + #Required + availability_domain = block_volume_replicas.value.availability_domain + #Optional + display_name = block_volume_replicas.value.display_name + } + } + block_volume_replicas_deletion = var.block_volume_replicas_deletion + lifecycle { + # ignore_changes = [freeform_tags] + } +} + +resource "oci_core_volume_attachment" "block_vol_instance_attachment" { + count = var.attachment_type != null ? 1 : 0 + attachment_type = var.attachment_type + instance_id = var.attach_to_instance + volume_id = oci_core_volume.block_volume.id + + #optional + device = var.device + display_name = var.attachment_display_name + encryption_in_transit_type = var.encryption_in_transit_type # Applicable when attachment_type=iscsi + is_pv_encryption_in_transit_enabled = var.is_pv_encryption_in_transit_enabled # Applicable when attachment_type=paravirtualized + is_read_only = var.is_read_only + is_shareable = var.is_shareable + use_chap = var.use_chap # Applicable when attachment_type=iscsi + is_agent_auto_iscsi_login_enabled = var.is_agent_auto_iscsi_login_enabled # Applicable when attachment_type=iscsi + lifecycle { + ignore_changes = [timeouts] + } +} + +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +#################################### +## Resource Block - Backup Policy +## Create Block Volume Backup Policy +#################################### + +locals { + #existing_volume_id = length(data.oci_core_volumes.all_volumes[0].volumes) > 0 ? length(regexall("ocid1.volume.oc*", data.oci_core_volumes.all_volumes[0].volumes[0].id)) > 0 ? data.oci_core_volumes.all_volumes[0].volumes[0].id : "" : "" + policy_tf_compartment_id = var.policy_tf_compartment_id != null ? var.policy_tf_compartment_id : null + current_policy_id = var.block_tf_policy != null ? (lower(var.block_tf_policy) == "gold" || lower(var.block_tf_policy) == "silver" || lower(var.block_tf_policy) == "bronze" ? data.oci_core_volume_backup_policies.block_vol_backup_policy[0].volume_backup_policies.0.id : data.oci_core_volume_backup_policies.block_vol_custom_policy[0].volume_backup_policies.0.id) : "" +} + +resource "oci_core_volume_backup_policy_assignment" "volume_backup_policy_assignment" { + depends_on = [oci_core_volume.block_volume] + count = var.block_tf_policy != null ? 1 : 0 + asset_id = data.oci_core_volumes.all_volumes[0].volumes[0].id + policy_id = local.current_policy_id + lifecycle { + ignore_changes = [timeouts] + } +} \ No newline at end of file diff --git a/modules/storage/block-volume/oracle_provider_req.tf b/modules/storage/block-volume/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/storage/block-volume/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/storage/block-volume/outputs.tf b/modules/storage/block-volume/outputs.tf new file mode 100644 index 0000000..8db4848 --- /dev/null +++ b/modules/storage/block-volume/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Outputs Block - Block Volume +## Create Block Volume and Block Volume Backup Policy +################################ + +output "block_volume_tf_id" { + value = oci_core_volume.block_volume.id +} \ No newline at end of file diff --git a/modules/storage/block-volume/variables.tf b/modules/storage/block-volume/variables.tf new file mode 100644 index 0000000..085500f --- /dev/null +++ b/modules/storage/block-volume/variables.tf @@ -0,0 +1,143 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################# +## Variables Block - Block Volume +## Create Block Volume and Block Volume Backup Policy +################################# + +variable "availability_domain" { + description = "Availability domain of the volume" + type = string +} + +variable "compartment_id" { + description = "Compartment OCID to provision the volume" + type = string +} + +variable "vpus_per_gb" { + description = "The number of volume performance units (VPUs) that will be applied to this volume per GB" + type = number + default = null +} + +#variable "existing_block_volume" { +# type = bool +# default = false +#} + +variable "freeform_tags" { + description = "Free-form tags for the volume" + type = map(string) +} + +variable "defined_tags" { + description = "Defined tags for the volume" + type = map(string) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + description = "User-friendly name to the volume" + type = string +} + +variable "is_auto_tune_enabled" { + description = "the auto-tune performance for the volume" + type = bool +} + +variable "kms_key_id" { + description = "The OCID of the Key Management master key" + type = string +} + +variable "size_in_gbs" { + description = "The size of the block volume in GBs" + type = number +} + +variable "autotune_policies" { + description = "List of Autotune Policies for Block volume" + type = list(map(any)) + default = [] +} +variable "source_details" { + description = "OCID for existing Block volume, Block volume backup or Replica" + type = list(map(any)) + default = [] +} +variable "block_volume_replicas" { + description = "Details for Block volume replication" + type = list(map(any)) + default = [] +} +variable "block_volume_replicas_deletion" { + type = bool + default = false +} + +variable "attach_to_instance" { + description = "The instance display name to attach the volume" + type = string + default = "" +} + +variable "block_tf_policy" { + description = "One of oracle defined backup policy bronze, silver and gold or custom policy name" + type = string + default = "" +} + +variable "policy_tf_compartment_id" { + description = "Provide compartment OCID if custome policy name used" + type = string + default = "" +} + +variable "attachment_type" { + description = "The attachment type iscsi or para-virtualized" + type = string + default = "" +} + + +#Volume Attachment Optional Params +variable "device" { + type = string + default = null +} +variable "attachment_display_name" { + type = string + default = null +} +variable "encryption_in_transit_type" { + type = string + default = null +} +variable "is_pv_encryption_in_transit_enabled" { + type = bool + default = null +} +variable "is_read_only" { + type = bool + default = null +} +variable "is_shareable" { + type = bool + default = null +} +variable "use_chap" { + type = bool + default = null +} +variable "is_agent_auto_iscsi_login_enabled" { + type = bool + default = null +} +variable "blockvolume_source_ocids" { + type = map(any) + default = {} +} \ No newline at end of file diff --git a/modules/storage/file-storage.zip b/modules/storage/file-storage.zip new file mode 100644 index 0000000..d16a077 Binary files /dev/null and b/modules/storage/file-storage.zip differ diff --git a/modules/storage/file-storage/export-option/main.tf b/modules/storage/file-storage/export-option/main.tf new file mode 100644 index 0000000..c9601b1 --- /dev/null +++ b/modules/storage/file-storage/export-option/main.tf @@ -0,0 +1,33 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Storage +# Create Export Options +############################ + +resource "oci_file_storage_export" "export" { + #Required + export_set_id = var.export_set_id + file_system_id = var.file_system_id + path = var.export_path + + #Optional + dynamic "export_options" { + for_each = var.nfs_export_options[var.key_name].export_options != null ? var.nfs_export_options[var.key_name].export_options : [] + + content { + #Required + source = export_options.value.source + + #Optional + access = export_options.value.access + allowed_auth = export_options.value.allowed_auth + anonymous_gid = export_options.value.anonymous_gid + anonymous_uid = export_options.value.anonymous_uid + identity_squash = export_options.value.identity_squash + is_anonymous_access_allowed = export_options.value.is_anonymous_access_allowed + require_privileged_source_port = export_options.value.require_privileged_source_port + } + } + is_idmap_groups_for_sys_auth = var.is_idmap_groups_for_sys_auth +} \ No newline at end of file diff --git a/modules/storage/file-storage/export-option/oracle_provider_req.tf b/modules/storage/file-storage/export-option/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/storage/file-storage/export-option/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/storage/file-storage/export-option/outputs.tf b/modules/storage/file-storage/export-option/outputs.tf new file mode 100644 index 0000000..a7baa57 --- /dev/null +++ b/modules/storage/file-storage/export-option/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Storage +# Create Export Options +############################ + +output "export_options_tf_id" { + value = oci_file_storage_export.export.id +} \ No newline at end of file diff --git a/modules/storage/file-storage/export-option/variables.tf b/modules/storage/file-storage/export-option/variables.tf new file mode 100644 index 0000000..6b5ab79 --- /dev/null +++ b/modules/storage/file-storage/export-option/variables.tf @@ -0,0 +1,34 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Storage +# Create Export Options +############################ + +variable "export_set_id" { + type = string + default = null +} + +variable "file_system_id" { + type = string + default = null +} + +variable "export_path" { + type = string + default = null +} + +variable "key_name" { + type = string + default = null +} + +variable "nfs_export_options" { + type = map(any) +} +variable "is_idmap_groups_for_sys_auth" { + type = bool + default = null +} diff --git a/modules/storage/file-storage/fss-replication/main.tf b/modules/storage/file-storage/fss-replication/main.tf new file mode 100644 index 0000000..dbf9487 --- /dev/null +++ b/modules/storage/file-storage/fss-replication/main.tf @@ -0,0 +1,19 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Storage +# Create FSS Replication +############################ + +resource "oci_file_storage_replication" "file_system_replication" { + #Required + compartment_id = var.compartment_id + source_id = var.source_id + target_id = var.target_id + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + replication_interval = var.replication_interval + +} diff --git a/modules/storage/file-storage/fss-replication/oracle_provider_req.tf b/modules/storage/file-storage/fss-replication/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/storage/file-storage/fss-replication/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/storage/file-storage/fss-replication/outputs.tf b/modules/storage/file-storage/fss-replication/outputs.tf new file mode 100644 index 0000000..b1aa0f3 --- /dev/null +++ b/modules/storage/file-storage/fss-replication/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Storage +# Create FSS Replication +############################ + +output "fss_replication_tf_id" { + value = oci_file_storage_replication.file_system_replication.id +} diff --git a/modules/storage/file-storage/fss-replication/variables.tf b/modules/storage/file-storage/fss-replication/variables.tf new file mode 100644 index 0000000..1bf4d7e --- /dev/null +++ b/modules/storage/file-storage/fss-replication/variables.tf @@ -0,0 +1,43 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Storage +# Create FSS Replication +############################ + +variable "compartment_id" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + type = string + default = null +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "source_id" { + type = string + default = null +} + +variable "target_id" { + type = string + default = null +} + +variable "replication_interval" { + type = number + default = 60 +} diff --git a/modules/storage/file-storage/fss/data.tf b/modules/storage/file-storage/fss/data.tf new file mode 100644 index 0000000..0cf9aa8 --- /dev/null +++ b/modules/storage/file-storage/fss/data.tf @@ -0,0 +1,11 @@ +data "oci_file_storage_filesystem_snapshot_policies" "filesystem_snapshot_policies" { + #Required + count = var.filesystem_snapshot_policy_id != null ? 1 : 0 + availability_domain = var.availability_domain + compartment_id = var.policy_compartment_id + state = "Active" + filter { + name = "display_name" + values = [var.filesystem_snapshot_policy_id] + } +} diff --git a/modules/storage/file-storage/fss/main.tf b/modules/storage/file-storage/fss/main.tf new file mode 100644 index 0000000..695fbf4 --- /dev/null +++ b/modules/storage/file-storage/fss/main.tf @@ -0,0 +1,23 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Storage +# Create FSS +############################ + +resource "oci_file_storage_file_system" "file_system" { + #Required + availability_domain = var.availability_domain + compartment_id = var.compartment_id + + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + kms_key_id = var.kms_key_id + source_snapshot_id = var.source_snapshot_id + filesystem_snapshot_policy_id = var.filesystem_snapshot_policy_id != null ? (length(regexall("ocid1.filesystemsnapshotpolicy.oc*", var.filesystem_snapshot_policy_id)) > 0 ? var.filesystem_snapshot_policy_id : data.oci_file_storage_filesystem_snapshot_policies.filesystem_snapshot_policies[0].filesystem_snapshot_policies[0].id) : null + lifecycle { + ignore_changes = [source_snapshot_id] + } +} diff --git a/modules/storage/file-storage/fss/oracle_provider_req.tf b/modules/storage/file-storage/fss/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/storage/file-storage/fss/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/storage/file-storage/fss/outputs.tf b/modules/storage/file-storage/fss/outputs.tf new file mode 100644 index 0000000..afbd0f2 --- /dev/null +++ b/modules/storage/file-storage/fss/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Storage +# Create FSS +############################ + +output "fss_tf_id" { + value = oci_file_storage_file_system.file_system.id +} diff --git a/modules/storage/file-storage/fss/variables.tf b/modules/storage/file-storage/fss/variables.tf new file mode 100644 index 0000000..90dd950 --- /dev/null +++ b/modules/storage/file-storage/fss/variables.tf @@ -0,0 +1,53 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Storage +# Create FSS +############################ + +variable "availability_domain" { + type = string + default = null +} + +variable "compartment_id" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + type = string + default = null +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "kms_key_id" { + type = string + default = null +} + +variable "source_snapshot_id" { + type = string + default = null +} + +variable "filesystem_snapshot_policy_id" { + type = string + default = null +} + +variable "policy_compartment_id" { + type = string + default = null +} diff --git a/modules/storage/file-storage/mount-target/data.tf b/modules/storage/file-storage/mount-target/data.tf new file mode 100644 index 0000000..97d4675 --- /dev/null +++ b/modules/storage/file-storage/mount-target/data.tf @@ -0,0 +1,23 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################# +## Data Block - Storage +## Create MT +############################# + +locals { + nsg_ids = var.network_security_group_ids != null ? flatten(tolist([for nsg in var.network_security_group_ids : (length(regexall("ocid1.networksecuritygroup.oc*", nsg)) > 0 ? [nsg] : data.oci_core_network_security_groups.network_security_groups_mt[nsg].network_security_groups[*].id)])) : null +} + +data "oci_core_network_security_groups" "network_security_groups_mt" { + for_each = var.network_security_group_ids != null ? { for nsg in var.network_security_group_ids : nsg => nsg } : {} + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value + vcn_id = data.oci_core_vcns.oci_vcns_mts[var.vcn_names[0]].virtual_networks.*.id[0] +} + +data "oci_core_vcns" "oci_vcns_mts" { + for_each = { for vcn in var.vcn_names : vcn => vcn } + compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id + display_name = each.value +} diff --git a/modules/storage/file-storage/mount-target/main.tf b/modules/storage/file-storage/mount-target/main.tf new file mode 100644 index 0000000..6aef590 --- /dev/null +++ b/modules/storage/file-storage/mount-target/main.tf @@ -0,0 +1,20 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Resource Block - Storage +# Create MTs +############################ + +resource "oci_file_storage_mount_target" "mount_target" { + #Required + availability_domain = var.availability_domain + compartment_id = var.compartment_id + subnet_id = var.subnet_id + #Optional + defined_tags = var.defined_tags + display_name = var.display_name + freeform_tags = var.freeform_tags + hostname_label = var.hostname_label + ip_address = var.ip_address + nsg_ids = var.network_security_group_ids != null ? (local.nsg_ids == [] ? ["INVALID NSG Name"] : local.nsg_ids) : null +} \ No newline at end of file diff --git a/modules/storage/file-storage/mount-target/oracle_provider_req.tf b/modules/storage/file-storage/mount-target/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/storage/file-storage/mount-target/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/storage/file-storage/mount-target/outputs.tf b/modules/storage/file-storage/mount-target/outputs.tf new file mode 100644 index 0000000..264b035 --- /dev/null +++ b/modules/storage/file-storage/mount-target/outputs.tf @@ -0,0 +1,14 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Output Block - Storage +# Create MTs +############################ + +output "mt_tf_id" { + value = oci_file_storage_mount_target.mount_target.id +} + +output "mt_exp_set_id" { + value = oci_file_storage_mount_target.mount_target.export_set_id +} diff --git a/modules/storage/file-storage/mount-target/variables.tf b/modules/storage/file-storage/mount-target/variables.tf new file mode 100644 index 0000000..16032ac --- /dev/null +++ b/modules/storage/file-storage/mount-target/variables.tf @@ -0,0 +1,66 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +############################ +# Variable Block - Storage +# Create MTs +############################ + +variable "availability_domain" { + type = string + default = null +} + +variable "compartment_id" { + type = string + default = null +} + +variable "subnet_id" { + type = string + default = null +} + +variable "defined_tags" { + type = map(any) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "display_name" { + type = string + default = null +} + +variable "freeform_tags" { + type = map(any) + default = {} +} + +variable "hostname_label" { + type = string + default = null +} + +variable "ip_address" { + type = string + default = null +} + +variable "network_security_group_ids" { + type = list(any) + description = "NSGs to place the load balancer in" + default = [] +} + +variable "key_name" { + type = string + default = null +} + +variable "vcn_names" { + type = list(any) + default = [] +} + +variable "network_compartment_id" {} \ No newline at end of file diff --git a/modules/storage/object-storage/main.tf b/modules/storage/object-storage/main.tf new file mode 100644 index 0000000..5048dcc --- /dev/null +++ b/modules/storage/object-storage/main.tf @@ -0,0 +1,91 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Resource Block - Object Storage +## Create Object Storage +################################ + +resource "oci_objectstorage_bucket" "bucket" { + #Required + compartment_id = var.compartment_id + name = var.name + namespace = var.namespace + + #Optional + access_type = var.access_type + auto_tiering = var.auto_tiering + freeform_tags = var.freeform_tags + defined_tags = var.defined_tags + kms_key_id = var.kms_key_id + #metadata = var.metadata + object_events_enabled = var.object_events_enabled + storage_tier = var.storage_tier + + dynamic "retention_rules" { + for_each = var.retention_rules != null ? var.retention_rules : [] + content { + #Required + display_name = retention_rules.value.display_name + dynamic "duration" { + for_each = try(retention_rules.value.duration, []) + content { + #Required + time_amount = duration.value.time_amount + time_unit = duration.value.time_unit + } + } + time_rule_locked = try(retention_rules.value.time_rule_locked, null) + + } + } + versioning = var.versioning + lifecycle { + ignore_changes = [metadata] + } +} + +resource "oci_objectstorage_replication_policy" "replication_policy" { + count = length(var.replication_policy) > 0 ? 1 : 0 + + #Required + depends_on = [resource.oci_objectstorage_bucket.bucket] + bucket = var.bucket + namespace = var.namespace + name = var.replication_policy["name"] + destination_bucket_name = var.replication_policy["destination_bucket_name"] + destination_region_name = var.replication_policy["destination_region_name"] + +} + +resource "oci_objectstorage_object_lifecycle_policy" "lifecycle_policy" { + count = length(var.rules) > 0 ? 1 : 0 + depends_on = [resource.oci_objectstorage_bucket.bucket] + bucket = var.bucket + namespace = var.namespace + + #Optional + dynamic "rules" { + for_each = var.rules + content { + action = rules.value.action + is_enabled = rules.value.is_enabled + name = rules.value.name + time_amount = rules.value.Time_Amount + time_unit = rules.value.Time_Unit + # Create a local variable for the object_name_filter block + dynamic "object_name_filter" { + #for_each = rules.value.target != "multipart-uploads" ? [1] : [] + for_each = rules.value.target != "multipart-uploads" ? (rules.value.exclusion_patterns != [] || rules.value.inclusion_patterns != [] || rules.value.inclusion_prefixes != [] ? [1] : []) : [] + + content { + exclusion_patterns = rules.value.exclusion_patterns + inclusion_patterns = rules.value.inclusion_patterns + inclusion_prefixes = rules.value.inclusion_prefixes + } + } + + target = rules.value.target + } + } + +} \ No newline at end of file diff --git a/modules/storage/object-storage/oracle_provider_req.tf b/modules/storage/object-storage/oracle_provider_req.tf new file mode 100644 index 0000000..e52742e --- /dev/null +++ b/modules/storage/object-storage/oracle_provider_req.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} \ No newline at end of file diff --git a/modules/storage/object-storage/outputs.tf b/modules/storage/object-storage/outputs.tf new file mode 100644 index 0000000..2af878e --- /dev/null +++ b/modules/storage/object-storage/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################ +## Outputs Block - Object Storage +## Create Object Storage +################################ + +output "bucket_tf_id" { + value = oci_objectstorage_bucket.bucket.id +} \ No newline at end of file diff --git a/modules/storage/object-storage/variables.tf b/modules/storage/object-storage/variables.tf new file mode 100644 index 0000000..4c418d2 --- /dev/null +++ b/modules/storage/object-storage/variables.tf @@ -0,0 +1,107 @@ +// Copyright (c) 2021, 2022, Oracle and/or its affiliates. + +################################# +## Variables Block - Object Storage +## Create Object Storage +################################# + +variable "compartment_id" { + description = "Compartment OCID to provision the volume" + type = string +} + +variable "name" { + description = "Object Storage Bucket name" + type = string +} + +variable "namespace" { + description = "Object Storage Bucket namespace" + type = string +} + +variable "access_type" { + description = "The type of public access enabled on this bucket." + type = string + default = null +} + +variable "auto_tiering" { + description = "Set the auto tiering status on the bucket. By default, a bucket is created with auto tiering Disabled" + type = string + default = false +} + +variable "freeform_tags" { + description = "Free-form tags for the volume" + type = map(string) +} + +variable "defined_tags" { + description = "Defined tags for the volume" + type = map(string) + default = { "Oracle-Tags.CreatedOn" = "$${oci.datetime}", + "Oracle-Tags.CreatedBy" = "$${iam.principal.name}" + } +} + +variable "kms_key_id" { +description = "The OCID of a master encryption key used to call the Key Management service to generate a data encryption key or to encrypt or decrypt a data #encryption key." +type = string +} + +#variable "metadata" { +#description = "Arbitrary string, up to 4KB, of keys and values for user-defined metadata." +#type = map(any) +#} + + + +variable "object_events_enabled" { + description = "Whether or not events are emitted for object state changes in this bucket. By default, objectEventsEnabled is set to false." + type = bool +} + +variable "storage_tier" { + description = "The type of storage tier of this bucket. A bucket is set to 'Standard' tier by default, which means the bucket will be put in the standard storage tier. When 'Archive' tier type is set explicitly, the bucket is put in the Archive Storage tier. The 'storageTier' property is immutable after bucket is created." + type = string +} + +variable "versioning" { + description = "Set the versioning status on the bucket. By default, a bucket is created with versioning Disabled.Allowed Create values: Enabled, Disabled. Allowed Update values: Enabled, Suspended." + type = string +} + +variable "retention_rules" {} + +variable "bucket" { + description = "The name of the bucket." + type = string +} + +variable "replpol_name" { + description = "Replication policy name." + type = string + default = "" +} +variable "replication_policy" { + description = "Replication policy detail." + type = map(any) + default = {} +} + +variable "destination_bucket_name" { + description = "Destination Bucket name to replicate to." + type = string + default = "" +} + +variable "destination_region_name" { + description = "Destination region to replicate to." + type = string + default = "" +} + +variable "lifecycle_policy" {} + +variable "rules" {} \ No newline at end of file