Merge pull request #41 from oci-landing-zones/Repo_Changes

Consolidating SCCAv1 and SCCAv2 in one repo : Adding the SCCAv2 Codebase

CONTRIBUTING.md

@@ -50,11 +50,11 @@ like more specific guidelines, see the [Contributor Covenant Code of Conduct][CO
 
 ## License
 
-Copyright (c) 2023 Oracle and/or its affiliates.
+Copyright (c) 2024 Oracle and/or its affiliates.
 
 Licensed under the Universal Permissive License (UPL), Version 1.0.
 
 See [LICENSE](./LICENSE.txt) for more details.
 
 [OCA]: https://oca.opensource.oracle.com
-[COC]: https://www.contributor-covenant.org/version/1/4/code-of-conduct/
+[COC]: https://www.contributor-covenant.org/version/1/4/code-of-conduct/

LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2023 Oracle and/or its affiliates.
+Copyright (c) 2024 Oracle and/or its affiliates.
 
 The Universal Permissive License (UPL), Version 1.0
 

Managed_SCCA_Broker_(SCCAv2)/CONTRIBUTING.md

@@ -0,0 +1,60 @@
+# Contributing to the project
+
+Oracle welcomes contributions to this repository from anyone.
+
+If you want to submit a pull request to fix a bug or enhance an existing
+feature, please first open an issue and link to that issue when you
+submit your pull request.
+
+If you have any questions about a possible submission, feel free to open
+an issue too.
+
+## Contributing code
+
+Before submitting code via a pull request, you will need to have signed 
+the [Oracle Contributor Agreement][OCA] (OCA) and your commits need to 
+include the following line using the name and e-mail address you used to 
+sign the OCA:
+
+```text
+Signed-off-by: Your Name <you@example.org>
+```
+
+This can be automatically added to pull requests by committing with `--sign-off`
+or `-s`, e.g.
+
+```text
+git commit --signoff
+```
+
+Only pull requests from committers that can be verified as having signed the OCA
+can be accepted.
+
+## Pull request process
+
+1. Fork this repository
+1. Create a branch in your fork to implement the changes. We recommend using
+the issue number as part of your branch name, e.g. `1234-fixes`
+1. Ensure that there is at least one test that would fail without the fix and
+passes post fix
+1. Submit the pull request. *Do not leave the pull request blank*. Explain exactly
+what your changes are meant to do and provide simple steps on how to validate
+your changes, ideally referencing the test. Ensure that you reference the issue
+you created as well. We will assign the pull request to 1-2 people for review
+before it is submitted internally and the PR is closed.
+
+## Code of conduct
+
+Follow the [Golden Rule](https://en.wikipedia.org/wiki/Golden_Rule). If you'd
+like more specific guidelines, see the [Contributor Covenant Code of Conduct][COC].
+
+## License
+
+Copyright (c) 2024 Oracle and/or its affiliates.
+
+Licensed under the Universal Permissive License (UPL), Version 1.0.
+
+See [LICENSE](./LICENSE.txt) for more details.
+
+[OCA]: https://oca.opensource.oracle.com
+[COC]: https://www.contributor-covenant.org/version/1/4/code-of-conduct/

Managed_SCCA_Broker_(SCCAv2)/DEPLOYMENT.md

@@ -0,0 +1,26 @@
+# Prerequisites for Deploying Managed SCCA Broker Landing Zone
+
+Prerequistes Guide ([Follow PREREQUISITES Guide](./official_documentation/PREREQUISITES.md))
+
+### Logging Analytics
+
+The Logging Analytics service should be enabled for the tenancy. 
+To check the current status of Logging Analytics for a tenancy, visit the [Logging Analytics home page][1].
+There will be a dark grey box at the top of the page. On the right hand side of that box, if Logging analytics has *not* been enabled, there will be a notice that Logging Analytics has not been enabled for the tenancy, and a blue button to enable it.  To enable it, click the blue button, and wait for the 3 onboarding steps to complete.  No further action will be required, as the Landing Zone will configure the needed datasources. 
+
+### Resource Limits
+
+Most of the initial resource limits a new tenancy comes with should be sufficient to deploy Managed SCCA LZ, Parent Template, Child Template and Workload Template.
+Resource Limit Managed SCCA LZ ([Follow PREREQUISITES Guide Section 6](./official_documentation/PREREQUISITES.md))
+
+# How to Deploy
+
+Deploy Managed SCCA LZ via Terraform CLI ([Follow Implementation Guide](./official_documentation/IMPLEMENTATION-GUIDE.md))
+
+## License
+
+Copyright (c) 2024 Oracle and/or its affiliates.
+
+Licensed under the Universal Permissive License (UPL), Version 1.0.
+
+See [LICENSE](./LICENSE.txt) for more details.

Managed_SCCA_Broker_(SCCAv2)/LICENSE.txt

@@ -0,0 +1,27 @@
+Copyright (c) 2024 Oracle and/or its affiliates.
+
+The Universal Permissive License (UPL), Version 1.0
+
+Subject to the condition set forth below, permission is hereby granted to any person obtaining a copy of this
+software, associated documentation and/or data (collectively the "Software"), free of charge and under any and
+all copyright rights in the Software, and any and all patent rights owned or freely licensable by each licensor
+hereunder covering either (i) the unmodified Software as contributed to or provided by such licensor, or
+(ii) the Larger Works (as defined below), to deal in both
+
+(a) the Software, and
+(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if one is included with the Software
+(each a “Larger Work” to which the Software is contributed by such licensors),
+
+without restriction, including without limitation the rights to copy, create derivative works of, display,
+perform, and distribute the Software and make, use, sell, offer for sale, import, export, have made, and have
+sold the Software and the Larger Work(s), and to sublicense the foregoing rights on either these or other terms.
+
+This license is subject to the following condition:
+The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must
+be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+IN THE SOFTWARE.

Managed_SCCA_Broker_(SCCAv2)/README.md

@@ -0,0 +1,46 @@
+# OCI Managed SCCA Broker Landing Zone
+
+Welcome to the [OCI Landing Zones (OLZ) Community](https://github.com/oci-landing-zones)!
+OCI Landing Zones simplify onboarding and running on OCI by providing design guidance, best practices, and pre-configured Terraform deployment templates for various architectures and use cases.
+These enable customers to easily provision a secure tenancy foundation in the cloud along with all required services, and reliably scale as workloads expand.
+
+This repository contains the Landing Zone to deploy to the Oracle Cloud Infrastructure platform that supports the requirements of DISA's SCCA.
+This landing zone is assembled from modules and templates that users can use in their default configuration or fork this repo and customize for their own use cases.
+
+## Oracle Managed Secure Cloud Computing Architecture (SCCA) Broker Landing Zone
+
+The Managed SCCA LZ deploys a secure architecture that supports DISA SCCA requirements.
+It supports the same functionality as the Mission Owner deployable SCCA Landing Zone but it also provides multi-tenancy capabilities that supports an operational model where a broker is involved.
+
+The table below details the prerequisites, configuration requirements and 
+installation steps to deploy the Managed SCCA LZ.  
+
+|#|Document       |Description|
+|-|---------------|-----------|
+|1.|[Prerequisites Guide](./official_documentation/PREREQUISITES.md) | Provides details on the tenancy and environment prerequisites for deploying the SCCA LZ |
+|2.| [Configuration Guide](./official_documentation/CONFIGURATION-GUIDE.md) | Provide details on the available configurations for deploying the SCCA LZ|
+|3.| [Implementation Guide](./official_documentation/IMPLEMENTATION-GUIDE.md) | Provides the installation instructions for deploying the Managed SCCA LZ using the Terraform Command Line Interface (CLI)|
+
+## Deploy Using Oracle Resource Manager
+
+Deploy Managed SCCA LZ via Terraform CLI ([Follow Implementation Guide](./official_documentation/IMPLEMENTATION-GUIDE.md))
+
+## The Team
+
+This repository is developed and supported by the Oracle OCI Landing Zones team.
+
+## Contributing
+
+Interested in contributing? See our [contribution guidelines](./CONTRIBUTING.md) for details.
+
+## Security
+
+Please consult the [security guide](./SECURITY.md) for our responsible security vulnerability disclosure process.
+
+## License
+
+Copyright (c) 2024 Oracle and/or its affiliates.
+
+Licensed under the Universal Permissive License (UPL), Version 1.0.
+
+See [LICENSE](./LICENSE.txt) for more details.

Managed_SCCA_Broker_(SCCAv2)/RELEASE.md

@@ -0,0 +1,19 @@
+# OCI SCCA Landing Zone Release Notes
+
+## v2.0.0 - 2024-09-29
+- The initial release of version 2.0.0 of the Managed SCCA Broker Landing Zone Landing Zone is designed to deploy an environment that supports Secure Cloud Computing Architecture (SCCA) standards for the U.S. Department of Defense (DoD) in a OCI multi-tenancy environment. 
+
+
+- Known Issues
+  * 400-InvalidParameter Error in CreateServiceConnector operation:  This can occasionally happen due to logs taking longer than normal to create while setting up the logging infrastructure.  This will correct itself when the logs finish creating. Later Apply jobs in CLI  `terraform apply` should succeed.
+  * 429-TooManyRequests Error: A tenancy making a large number of OCI API requests in rapid succession may be throttled by the API.  The solution is to wait some period of time (a few minutes) and retry the terraform operation again.  This is rarely seen on `terraform apply` but may occasionally be seen on `terraform destroy` runs, as the delete operations are much faster than create, and Terraform makes many API calls. 
+
+
+
+## License
+
+Copyright (c) 2024 Oracle and/or its affiliates.
+
+Licensed under the Universal Permissive License (UPL), Version 1.0.
+
+See [LICENSE](./LICENSE.txt) for more details.

Managed_SCCA_Broker_(SCCAv2)/SECURITY.md

@@ -0,0 +1,38 @@
+# Reporting security vulnerabilities
+
+Oracle values the independent security research community and believes that
+responsible disclosure of security vulnerabilities helps us ensure the security
+and privacy of all our users.
+
+Please do NOT raise a GitHub Issue to report a security vulnerability. If you
+believe you have found a security vulnerability, please submit a report to
+[secalert_us@oracle.com][1] preferably with a proof of concept. Please review
+some additional information on [How to Report Security Vulnerabilities to Oracle][2].
+We encourage people who contact Oracle Security to use email encryption using
+[our encryption key][3].
+
+We ask that you do not use other channels or contact the project maintainers
+directly.
+
+Non-vulnerability related security issues including ideas for new or improved
+security features are welcome on GitHub Issues.
+
+## Security updates, alerts and bulletins
+
+Security updates will be released on a regular cadence. Many of our projects
+will typically release security fixes in conjunction with the
+Oracle Critical Patch Update program. Additional
+information, including past advisories, is available on our [Security Alerts][4]
+page.
+
+## Security-related information
+
+We will provide security related information such as a threat model, considerations
+for secure use, or any known security issues in our documentation. Please note
+that labs and sample code are intended to demonstrate a concept and may not be
+sufficiently hardened for production use.
+
+[1]: mailto:secalert_us@oracle.com
+[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
+[3]: https://www.oracle.com/security-alerts/encryptionkey.html
+[4]: https://www.oracle.com/security-alerts/#SecurityAlerts

Managed_SCCA_Broker_(SCCAv2)/child-template/README.md

@@ -0,0 +1,92 @@
+# SCCA_CIS_MULTI_TENANCY
+
+
+
+## Getting started
+
+To make it easy for you to get started with GitLab, here's a list of recommended next steps.
+
+Already a pro? Just edit this README.md and make it your own. Want to make it easy? [Use the template at the bottom](#editing-this-readme)!
+
+## Add your files
+
+- [ ] [Create](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-file) or [upload](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#upload-a-file) files
+- [ ] [Add files using the command line](https://docs.gitlab.com/ee/gitlab-basics/add-file.html#add-a-file-using-the-command-line) or push an existing Git repository with the following command:
+
+```
+cd existing_repo
+git remote add origin https://orahub.oci.oraclecorp.com/pse-lz-dev/scca_cis_multi_tenancy.git
+git branch -M main
+git push -uf origin main
+```
+
+## Integrate with your tools
+
+- [ ] [Set up project integrations](https://orahub.oci.oraclecorp.com/pse-lz-dev/scca_cis_multi_tenancy/-/settings/integrations)
+
+## Collaborate with your team
+
+- [ ] [Invite team members and collaborators](https://docs.gitlab.com/ee/user/project/members/)
+- [ ] [Create a new merge request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html)
+- [ ] [Automatically close issues from merge requests](https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically)
+- [ ] [Enable merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/)
+- [ ] [Automatically merge when pipeline succeeds](https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html)
+
+## Test and Deploy
+
+Use the built-in continuous integration in GitLab.
+
+- [ ] [Get started with GitLab CI/CD](https://docs.gitlab.com/ee/ci/quick_start/index.html)
+- [ ] [Analyze your code for known vulnerabilities with Static Application Security Testing(SAST)](https://docs.gitlab.com/ee/user/application_security/sast/)
+- [ ] [Deploy to Kubernetes, Amazon EC2, or Amazon ECS using Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/requirements.html)
+- [ ] [Use pull-based deployments for improved Kubernetes management](https://docs.gitlab.com/ee/user/clusters/agent/)
+- [ ] [Set up protected environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html)
+
+***
+
+# Editing this README
+
+When you're ready to make this README your own, just edit this file and use the handy template below (or feel free to structure it however you want - this is just a starting point!). Thank you to [makeareadme.com](https://www.makeareadme.com/) for this template.
+
+## Suggestions for a good README
+Every project is different, so consider which of these sections apply to yours. The sections used in the template are suggestions for most open source projects. Also keep in mind that while a README can be too long and detailed, too long is better than too short. If you think your README is too long, consider utilizing another form of documentation rather than cutting out information.
+
+## Name
+Choose a self-explaining name for your project.
+
+## Description
+Let people know what your project can do specifically. Provide context and add a link to any reference visitors might be unfamiliar with. A list of Features or a Background subsection can also be added here. If there are alternatives to your project, this is a good place to list differentiating factors.
+
+## Badges
+On some READMEs, you may see small images that convey metadata, such as whether or not all the tests are passing for the project. You can use Shields to add some to your README. Many services also have instructions for adding a badge.
+
+## Visuals
+Depending on what you are making, it can be a good idea to include screenshots or even a video (you'll frequently see GIFs rather than actual videos). Tools like ttygif can help, but check out Asciinema for a more sophisticated method.
+
+## Installation
+Within a particular ecosystem, there may be a common way of installing things, such as using Yarn, NuGet, or Homebrew. However, consider the possibility that whoever is reading your README is a novice and would like more guidance. Listing specific steps helps remove ambiguity and gets people to using your project as quickly as possible. If it only runs in a specific context like a particular programming language version or operating system or has dependencies that have to be installed manually, also add a Requirements subsection.
+
+## Usage
+Use examples liberally, and show the expected output if you can. It's helpful to have inline the smallest example of usage that you can demonstrate, while providing links to more sophisticated examples if they are too long to reasonably include in the README.
+
+## Support
+Tell people where they can go to for help. It can be any combination of an issue tracker, a chat room, an email address, etc.
+
+## Roadmap
+If you have ideas for releases in the future, it is a good idea to list them in the README.
+
+## Contributing
+State if you are open to contributions and what your requirements are for accepting them.
+
+For people who want to make changes to your project, it's helpful to have some documentation on how to get started. Perhaps there is a script that they should run or some environment variables that they need to set. Make these steps explicit. These instructions could also be useful to your future self.
+
+You can also document commands to lint the code or run tests. These steps help to ensure high code quality and reduce the likelihood that the changes inadvertently break something. Having instructions for running tests is especially helpful if it requires external setup, such as starting a Selenium server for testing in a browser.
+
+## Authors and acknowledgment
+Show your appreciation to those who have contributed to the project.
+
+## License
+For open source projects, say how it is licensed.
+
+## Project status
+If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.