Merge pull request #14 from jason-chong/gh-update

Gh update

modules/README.md

@@ -1 +1,6 @@
 # Terraform Modules
+
+This modules directory holds the reusable modules for Oracle Enterprise Landing Zones. 
+These modules contain the very basics of our specific OCI Services configure in an 
+Oracle Enterprise Landing Zone specific way. By storing them in modules we can reuse them in 
+our [templates](../templates/README).

modules/drg-attachment/README.md

@@ -0,0 +1,34 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_oci"></a> [oci](#provider\_oci) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [oci_core_drg_attachment.drg_attachment](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_drg_attachment) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_drg_attachment_type"></a> [drg\_attachment\_type](#input\_drg\_attachment\_type) | DRG Attacment Network Type | `string` | n/a | yes |
+| <a name="input_drg_attachment_vcn_route_type"></a> [drg\_attachment\_vcn\_route\_type](#input\_drg\_attachment\_vcn\_route\_type) | DRG Attacment Network VCN Route Type | `string` | n/a | yes |
+| <a name="input_drg_id"></a> [drg\_id](#input\_drg\_id) | DRG OCID Value. | `string` | n/a | yes |
+| <a name="input_vcn_id"></a> [vcn\_id](#input\_vcn\_id) | VCN OCID Value | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

modules/drg-attachment/main.tf

@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    oci = {
+      source = "oracle/oci"
+    }
+  }
+}
+
+# -----------------------------------------------------------------------------
+# DRG VCN ATTACHMENT
+# ----------------------------------------------------------------------------- 
+
+resource "oci_core_drg_attachment" "drg_attachment" {
+    drg_id = var.drg_id
+    network_details {
+        id              = var.vcn_id
+        type            = var.drg_attachment_type
+        vcn_route_type  = var.drg_attachment_vcn_route_type
+    }
+}

modules/drg-attachment/variables.tf

@@ -0,0 +1,19 @@
+variable "drg_id" {
+  type        = string
+  description = "DRG OCID Value."
+}
+
+variable "vcn_id" {
+  type        = string
+  description = "VCN OCID Value"
+}
+
+variable "drg_attachment_type" {
+  type        = string
+  description = "DRG Attacment Network Type"
+}
+
+variable "drg_attachment_vcn_route_type" {
+  type        = string
+  description = "DRG Attacment Network VCN Route Type"
+}

modules/identity-domain-group/README.md

@@ -0,0 +1,32 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_null"></a> [null](#provider\_null) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [null_resource.groups](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_group_names"></a> [group\_names](#input\_group\_names) | The list of user group names. | `list(string)` | n/a | yes |
+| <a name="input_identity_domain_id"></a> [identity\_domain\_id](#input\_identity\_domain\_id) | the OCID of identity domain | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

modules/identity-domain-group/main.tf

@@ -0,0 +1,20 @@
+resource "null_resource" "groups" {
+  count = length(var.group_names) != 0 ? 1 : 0
+
+  triggers = {
+    domain_id   = var.identity_domain_id
+    group_names = "${join(",", var.group_names)}"
+  }
+
+  provisioner "local-exec" {
+    working_dir = path.module
+    command     = "pip3 install -r scripts/requirements.txt"
+    on_failure  = continue
+  }
+
+  provisioner "local-exec" {
+    working_dir = path.module
+    command     = "python3 scripts/manage_identity_domain.py -d ${var.identity_domain_id} -g ${join(" ", var.group_names)}"
+    on_failure  = continue
+  }
+}

modules/identity-domain-group/scripts/manage_identity_domain.py

@@ -0,0 +1,128 @@
+# Reference:
+#   https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#seven__Python
+#   https://www.ateam-oracle.com/post/oracle-cloud-infrastructure-oci-rest-call-walkthrough-with-curl
+
+import argparse
+import oci
+import os
+import json
+import requests
+
+
+class ManageIdentityDomain:
+    def __init__(self, domain_id, group_names):
+        self.config, self.auth = self.set_up_oci_config()
+        self.identity_client = oci.identity.IdentityClient(self.config)
+
+        self.host = self.get_domain_url(domain_id)
+        self.group_endpoint = self.host + "/admin/v1/Groups"
+        self.group_names = group_names
+
+    def set_up_oci_config(self):
+        '''
+        check terraform environment variables, prefixed by TF_, so it can run in our pipeline
+        '''
+        try:
+            config = oci.config.from_file()
+            auth = oci.Signer(
+                tenancy=config['tenancy'],
+                user=config['user'],
+                fingerprint=config['fingerprint'],
+                private_key_file_location=config['key_file']
+            )
+        except oci.exceptions.ConfigFileNotFound:
+
+            tenancy = os.environ.get("TF_VAR_tenancy_ocid")
+            user = os.environ.get("TF_VAR_current_user_ocid")
+            fingerprint = os.environ.get("TF_VAR_api_fingerprint")
+            private_key_file = os.environ.get("TF_VAR_api_private_key")
+            region = os.environ.get("TF_VAR_region")
+
+            config = {
+                "user": user,
+                "key_content": private_key_file,
+                "fingerprint": fingerprint,
+                "tenancy": tenancy,
+                "region": region,
+            }
+            auth = oci.Signer(
+                tenancy=config['tenancy'],
+                user=config['user'],
+                fingerprint=config['fingerprint'],
+                private_key_content=config["key_content"],
+                private_key_file_location=None
+            )
+
+        return config, auth
+
+    def get_domain_url(self, domain_id):
+        print("Waiting for domain to enter ACTIVE state")
+        get_domain_response = self.identity_client.get_domain(
+            domain_id=domain_id)
+        wait_until_domain_available_response = oci.wait_until(
+            self.identity_client, get_domain_response, 'lifecycle_state', 'ACTIVE')
+
+        print(
+            f"Got domain url {wait_until_domain_available_response.data.url}")
+
+        return wait_until_domain_available_response.data.url
+
+    def create_group(self, group_name):
+        body = {
+            "displayName": group_name,
+            "schemas": [
+                "urn:ietf:params:scim:schemas:core:2.0:Group",
+                "urn:ietf:params:scim:schemas:oracle:idcs:extension:group:Group"
+            ]
+        }
+
+        response = requests.post(
+            self.group_endpoint, json=body, auth=self.auth)
+        response.raise_for_status()
+
+        print(
+            f"Display Name: {group_name} \tOCID: {json.loads(response.content)['ocid']}")
+
+    def create_groups(self):
+        for group in self.group_names:
+            print(f"Provisioning group {group}")
+            try:
+                self.create_group(group)
+            except requests.HTTPError as e:
+                print(f"Error creating group {group}")
+                print(e)
+
+    def delete_group(self, group_name):
+        # @TODO finish delete method and add destroy provisioner
+        return
+        # filter=displayName eq "john"
+        response = requests.delete(
+            self.group_endpoint + f"/", auth=self.auth)
+        response.raise_for_status()
+
+        print(f"Display Name: {group_name} deleted")
+
+    def delete_groups(self):
+        for group in self.group_names:
+            print(f"Deleting group {group}")
+            try:
+                self.delete_group(group)
+            except requests.HTTPError as e:
+                print(f"Error deleting group {group}")
+                print(e)
+
+
+if __name__ == "__main__":
+
+    parser = argparse.ArgumentParser(description="Manage an Identity Domain")
+    parser.add_argument('-d', '--domain_id',
+                        help="<Required> Id of the domain to manage",
+                        required=True)
+    parser.add_argument('-g', '--group_names',
+                        nargs='+',
+                        help='<Required> Names of the groups to create (space seperated)',
+                        required=True)
+
+    args = parser.parse_args()
+    manage_id = ManageIdentityDomain(args.domain_id, args.group_names)
+    manage_id.create_groups()

modules/identity-domain-group/scripts/requirements.txt

@@ -0,0 +1,2 @@
+oci
+requests

modules/identity-domain-group/variables.tf

@@ -0,0 +1,9 @@
+variable "group_names" {
+  type        = list(string)
+  description = "The list of user group names."
+}
+
+variable "identity_domain_id" {
+  type        = string
+  description = "the OCID of identity domain"
+}

modules/identity-domain/README.md

@@ -13,7 +13,6 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_null"></a> [null](#provider\_null) | n/a |
 | <a name="provider_oci"></a> [oci](#provider\_oci) | n/a |
 
 ## Modules
@@ -24,7 +23,6 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [null_resource.groups](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [oci_identity_domain.domain](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_domain) | resource |
 | [oci_identity_domain_replication_to_region.test_domain_replication_to_region](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_domain_replication_to_region) | resource |
 
@@ -45,7 +43,6 @@ No modules.
 | <a name="input_domain_is_primary_email_required"></a> [domain\_is\_primary\_email\_required](#input\_domain\_is\_primary\_email\_required) | Indicate whether users in the domain are required to have a primary email address or not. | `bool` | `true` | no |
 | <a name="input_domain_license_type"></a> [domain\_license\_type](#input\_domain\_license\_type) | The license type of Domain | `string` | n/a | yes |
 | <a name="input_domain_replica_region"></a> [domain\_replica\_region](#input\_domain\_replica\_region) | A region for which domain replication is requested for. | `string` | `""` | no |
-| <a name="input_group_names"></a> [group\_names](#input\_group\_names) | The list of user group names. | `list(string)` | `[]` | no |
 
 ## Outputs
 

modules/identity-domain/main.tf

@@ -26,24 +26,3 @@ resource "oci_identity_domain_replication_to_region" "test_domain_replication_to
   domain_id      = oci_identity_domain.domain.id
   replica_region = var.domain_replica_region
 }
-
-resource "null_resource" "groups" {
-  count = length(var.group_names) != 0 ? 1 : 0
-
-  triggers = {
-    domain_id   = oci_identity_domain.domain.id
-    group_names = "${join(",", var.group_names)}"
-  }
-
-  provisioner "local-exec" {
-    working_dir = path.module
-    command     = "pip3 install -r scripts/requirements.txt"
-    on_failure  = continue
-  }
-
-  provisioner "local-exec" {
-    working_dir = path.module
-    command     = "python3 scripts/manage_identity_domain.py -d ${oci_identity_domain.domain.id} -g ${join(" ", var.group_names)}"
-    on_failure  = continue
-  }
-}

modules/identity-domain/variables.tf

@@ -73,12 +73,3 @@ variable "domain_replica_region" {
   default     = ""
   description = "A region for which domain replication is requested for."
 }
-
-# -----------------------------------------------------------------------------
-# Group Variables 
-# -----------------------------------------------------------------------------
-variable "group_names" {
-  type        = list(string)
-  default     = []
-  description = "The list of user group names."
-}

modules/route-table/README.md

@@ -24,24 +24,19 @@ No modules.
 | Name | Type |
 |------|------|
 | [oci_core_route_table.route_table](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_route_table) | resource |
-| [oci_core_route_table_attachment.oci_core_route_table_attachment](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_route_table_attachment) | resource |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_compartment_id"></a> [compartment\_id](#input\_compartment\_id) | The OCID of the compartment to contain the route table. | `string` | n/a | yes |
-| <a name="input_default_route_table_id"></a> [default\_route\_table\_id](#input\_default\_route\_table\_id) | n/a | `string` | `"The OCID of default route table"` | no |
-| <a name="input_is_default"></a> [is\_default](#input\_is\_default) | Option use default route table | `bool` | `false` | no |
 | <a name="input_route_rules"></a> [route\_rules](#input\_route\_rules) | The collection of rules for routing destination IPs to network devices. | `map(any)` | n/a | yes |
 | <a name="input_route_table_display_name"></a> [route\_table\_display\_name](#input\_route\_table\_display\_name) | The display name of route table | `string` | n/a | yes |
-| <a name="input_subnet_id"></a> [subnet\_id](#input\_subnet\_id) | The OCID of the subnet. | `string` | `""` | no |
-| <a name="input_subnet_name"></a> [subnet\_name](#input\_subnet\_name) | The name of the subnet. | `string` | `""` | no |
 | <a name="input_vcn_id"></a> [vcn\_id](#input\_vcn\_id) | The OCID of the VCN the route table belongs to. | `string` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_id"></a> [id](#output\_id) | The OCID of the route table |
+| <a name="output_route_table_id"></a> [route\_table\_id](#output\_route\_table\_id) | The OCID of the route table |
 <!-- END_TF_DOCS -->