updated vcn cidr look up method and removed deprecated vcn_cidr (#37)

Signed-off-by: Ali Mukadam <[email protected]>
oracle-terraform-modules · Sep 6, 2021 · 8de8934 · 8de8934
1 parent aeced51
commit 8de8934
Show file tree

Hide file tree

Showing 13 changed files with 34 additions and 63 deletions.
diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc
@@ -19,20 +19,20 @@ The format is based on {uri-changelog}[Keep a Changelog].
 * Set minimum Terraform version to 1.0.0
 * OCI home region provider now expected as parameter to providers
 * Renamed notification variables (#18)
-** create_bastion -> create_bastion_host
 ** enable_notification -> enable_bastion_notification
 ** notification_endpoint -> bastion_notification_endpoint
 ** notification_protocol -> bastion_notification_protocol
 ** notification_topic -> bastion_notification_topic
 ** Renamed variable bastion_upgrade --> upgrade_bastion
 ** Renamed variable timezone --> bastion_timezone
-** Renamed variable tags --> bastion_tags
+** Renamed variable tags --> freeform_tags
 * Changed bastion access from a single CIDR to a list of CIDR blocks (#29)
 * AD lookup mechanism reimplemented to remove dependency on deprecated template_file data source (#27)
 * Replaced all deprecated template_file data source with templatefile function (#27)
 
 == Deletion
 * Removed provider identity parameters except for tenancy_id
+* Removed create_bastion_host parameter (#36)
 
 = v2.0.0 (December 8, 2020)
 * Added support for flex shapes (#11)

diff --git a/README.md b/README.md
@@ -1,28 +1,28 @@
 # Terraform OCI Bastion for Oracle Cloud Infrastructure
 
-[changelog]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/master/CHANGELOG.adoc
-[contributing]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/master/CONTRIBUTING.adoc
-[contributors]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/master/CONTRIBUTORS.adoc
-[docs]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/tree/master/docs
+[changelog]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/main/CHANGELOG.adoc
+[contributing]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/main/CONTRIBUTING.adoc
+[contributors]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/main/CONTRIBUTORS.adoc
+[docs]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/tree/main/docs
 
-[license]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/master/LICENSE
+[license]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/main/LICENSE
 [canonical_license]: https://oss.oracle.com/licenses/upl/
 
 [oci]: https://cloud.oracle.com/cloud-infrastructure
 [oci_documentation]: https://docs.cloud.oracle.com/iaas/Content/home.htm
 
 [oracle]: https://www.oracle.com
-[prerequisites]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/master/docs/prerequisites.adoc
+[prerequisites]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/main/docs/prerequisites.adoc
 
-[quickstart]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/master/docs/quickstart.adoc
+[quickstart]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/main/docs/quickstart.adoc
 [repo]: https://github.com/oracle/terraform-oci-bastion
 [reuse]: https://github.com/oracle/terraform-oci-bastion/examples/db
 [subnets]: https://erikberg.com/notes/networks.html
 [terraform]: https://www.terraform.io
 [terraform_cidr_subnet]: http://blog.itsjustcode.net/blog/2017/11/18/terraform-cidrsubnet-deconstructed/
 [terraform_hashircorp_examples]: https://github.com/hashicorp/terraform-guides/tree/master/infrastructure-as-code/terraform-0.12-examples
 [terraform_oci]: https://www.terraform.io/docs/providers/oci/index.html
-[terraform_options]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/master/docs/terraformoptions.adoc
+[terraform_options]: https://github.com/oracle-terraform-modules/terraform-oci-bastion/blob/main/docs/terraformoptions.adoc
 [terraform_oci_examples]: https://github.com/terraform-providers/terraform-provider-oci/tree/master/examples
 [terraform_oci_oke]: https://github.com/oracle-terraform-modules/terraform-oci-oke
 

diff --git a/compute.tf b/compute.tf
@@ -4,7 +4,7 @@
 resource "oci_core_instance" "bastion" {
   availability_domain = data.oci_identity_availability_domain.ad.name
   compartment_id      = var.compartment_id
-  freeform_tags       = var.bastion_tags
+  freeform_tags       = var.freeform_tags
 
   agent_config {
 
@@ -22,7 +22,7 @@ resource "oci_core_instance" "bastion" {
     assign_public_ip = var.bastion_type == "public" ? true : false
     display_name     = var.label_prefix == "none" ? "bastion-vnic" : "${var.label_prefix}-bastion-vnic"
     hostname_label   = "bastion"
-    subnet_id        = oci_core_subnet.bastion[0].id
+    subnet_id        = oci_core_subnet.bastion.id
   }
 
   display_name = var.label_prefix == "none" ? "bastion" : "${var.label_prefix}-bastion"
@@ -39,7 +39,7 @@ resource "oci_core_instance" "bastion" {
 
   metadata = {
     ssh_authorized_keys = var.ssh_public_key != "" ? var.ssh_public_key : file(var.ssh_public_key_path)
-    user_data           = data.cloudinit_config.bastion[0].rendered
+    user_data           = data.cloudinit_config.bastion.rendered
   }
 
   shape = lookup(var.bastion_shape, "shape", "VM.Standard.E2.2")
@@ -64,5 +64,4 @@ resource "oci_core_instance" "bastion" {
     create = "60m"
   }
 
-  count = var.create_bastion_host == true ? 1 : 0
 }
diff --git a/datasources.tf b/datasources.tf
@@ -3,7 +3,7 @@
 
 data "oci_identity_availability_domain" "ad" {
   compartment_id = var.tenancy_id
-  ad_number = var.availability_domain
+  ad_number      = var.availability_domain
 }
 
 data "oci_core_vcn" "vcn" {
@@ -35,36 +35,29 @@ data "cloudinit_config" "bastion" {
       }
     )
   }
-  count = var.create_bastion_host == true ? 1 : 0
 }
 
 # Gets a list of VNIC attachments on the bastion instance
 data "oci_core_vnic_attachments" "bastion_vnics_attachments" {
   availability_domain = data.oci_identity_availability_domain.ad.name
   compartment_id      = var.compartment_id
   depends_on          = [oci_core_instance.bastion]
-  instance_id         = oci_core_instance.bastion[0].id
-
-  count = var.create_bastion_host == true ? 1 : 0
+  instance_id         = oci_core_instance.bastion.id
 }
 
 # Gets the OCID of the first (default) VNIC on the bastion instance
 data "oci_core_vnic" "bastion_vnic" {
   depends_on = [oci_core_instance.bastion]
-  vnic_id    = lookup(data.oci_core_vnic_attachments.bastion_vnics_attachments[0].vnic_attachments[0], "vnic_id")
-
-  count = var.create_bastion_host == true ? 1 : 0
+  vnic_id    = lookup(data.oci_core_vnic_attachments.bastion_vnics_attachments.vnic_attachments[0], "vnic_id")
 }
 
 data "oci_core_instance" "bastion" {
   depends_on  = [oci_core_instance.bastion]
-  instance_id = oci_core_instance.bastion[0].id
-
-  count = var.create_bastion_host == true ? 1 : 0
+  instance_id = oci_core_instance.bastion.id
 }
 
 data "oci_ons_notification_topic" "bastion_notification" {
   topic_id = oci_ons_notification_topic.bastion_notification[0].topic_id
 
-  count = (var.create_bastion_host == true && var.enable_bastion_notification == true) ? 1 : 0
+  count = var.enable_bastion_notification == true ? 1 : 0
 }
diff --git a/docs/terraformoptions.adoc b/docs/terraformoptions.adoc
@@ -108,11 +108,6 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |Values
 |Default
 
-|`create_bastion_host`
-|whether to create the bastion host
-| true/false
-|true
-
 |`bastion_image_id`
 |Provide a custom image id for the bastion host or leave as Autonomous.
 |imageid/Autonomous
@@ -210,13 +205,13 @@ Ensure you review the {uri-terraform-dependencies}[dependencies].
 |Values
 |Default
 
-|`bastion_tags`
+|`freeform_tags`
 |Freeform tags for bastion.
 |
 |
 [source]
 ----
-bastion_tags = {
+freeform_tags = {
     access      = "public"
     environment = "dev"
     role        = "bastion"

diff --git a/examples/README.md b/examples/README.md
@@ -89,13 +89,11 @@ module "bastion" {
 
   vcn_id = var.vcn_id
 
-  create_bastion_host = true
-
   ssh_public_key_path = "~/.ssh/id_rsa.pub"
 
   upgrade_bastion = false
 
-  bastion_tags = {
+  freeform_tags = {
     access      = "public"
     environment = "dev"
     role        = "bastion"

diff --git a/examples/main.tf b/examples/main.tf
@@ -29,13 +29,11 @@ module "bastion" {
 
   vcn_id = var.vcn_id
 
-  create_bastion_host = true
-
   ssh_public_key_path = "~/.ssh/id_rsa.pub"
 
   upgrade_bastion = false
 
-  bastion_tags = {
+  freeform_tags = {
     access      = "public"
     environment = "dev"
     role        = "bastion"

diff --git a/locals.tf b/locals.tf
@@ -26,5 +26,6 @@ locals {
 
   tcp_protocol = 6
 
-  vcn_cidr = data.oci_core_vcn.vcn.cidr_block
+  # we expect the bastion to be in the first cidr block in the list of cidr blocks
+  vcn_cidr = element(data.oci_core_vcn.vcn.cidr_blocks, 0)
 }
diff --git a/ons.tf b/ons.tf
@@ -5,7 +5,7 @@ resource "oci_ons_notification_topic" "bastion_notification" {
   compartment_id = var.compartment_id
   name           = var.label_prefix == "none" ? var.bastion_notification_topic : "${var.label_prefix}-${var.bastion_notification_topic}"
 
-  count = (var.create_bastion_host == true && var.enable_bastion_notification == true) ? 1 : 0
+  count = var.enable_bastion_notification == true ? 1 : 0
 }
 
 resource "oci_ons_subscription" "bastion_notification" {
@@ -14,7 +14,7 @@ resource "oci_ons_subscription" "bastion_notification" {
   protocol       = var.bastion_notification_protocol
   topic_id       = oci_ons_notification_topic.bastion_notification[0].topic_id
 
-  count = (var.create_bastion_host == true && var.enable_bastion_notification == true) ? 1 : 0
+  count = var.enable_bastion_notification == true ? 1 : 0
 }
 
 resource "oci_identity_dynamic_group" "bastion_notification" {
@@ -26,7 +26,7 @@ resource "oci_identity_dynamic_group" "bastion_notification" {
   matching_rule  = "ALL {instance.id = '${join(",", data.oci_core_instance.bastion.*.id)}'}"
   name           = var.label_prefix == "none" ? "bastion-notification" : "${var.label_prefix}-bastion-notification"
 
-  count = (var.create_bastion_host == true && var.enable_bastion_notification == true) ? 1 : 0
+  count = var.enable_bastion_notification == true ? 1 : 0
 }
 
 resource "oci_identity_policy" "bastion_notification" {
@@ -38,5 +38,5 @@ resource "oci_identity_policy" "bastion_notification" {
   name           = var.label_prefix == "none" ? "bastion-notification" : "${var.label_prefix}-bastion-notification"
   statements     = ["Allow dynamic-group ${oci_identity_dynamic_group.bastion_notification[0].name} to use ons-topic in compartment id ${var.compartment_id} where request.permission='ONS_TOPIC_PUBLISH'"]
 
-  count = (var.create_bastion_host == true && var.enable_bastion_notification == true) ? 1 : 0
+  count = var.enable_bastion_notification == true ? 1 : 0
 }
diff --git a/security.tf b/security.tf
@@ -4,7 +4,7 @@
 resource "oci_core_security_list" "bastion" {
   compartment_id = var.compartment_id
   display_name   = var.label_prefix == "none" ? "bastion" : "${var.label_prefix}-bastion"
-  freeform_tags  = var.bastion_tags
+  freeform_tags  = var.freeform_tags
 
   egress_security_rules {
     protocol    = local.all_protocols
@@ -27,6 +27,4 @@ resource "oci_core_security_list" "bastion" {
     }
   }
   vcn_id = var.vcn_id
-
-  count = var.create_bastion_host == true ? 1 : 0
 }
diff --git a/subnets.tf b/subnets.tf
@@ -5,12 +5,10 @@ resource "oci_core_subnet" "bastion" {
   cidr_block                 = cidrsubnet(local.vcn_cidr, var.newbits, var.netnum)
   compartment_id             = var.compartment_id
   display_name               = var.label_prefix == "none" ? "bastion" : "${var.label_prefix}-bastion"
-  dns_label                  = "bastion1"
-  freeform_tags              = var.bastion_tags
+  dns_label                  = "bastion"
+  freeform_tags              = var.freeform_tags
   prohibit_public_ip_on_vnic = var.bastion_type == "public" ? false : true
   route_table_id             = var.ig_route_id
-  security_list_ids          = [oci_core_security_list.bastion[0].id]
+  security_list_ids          = [oci_core_security_list.bastion.id]
   vcn_id                     = var.vcn_id
-
-  count = var.create_bastion_host == true ? 1 : 0
 }
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
@@ -33,8 +33,6 @@ newbits = 14
 
 vcn_id = ""
 
-create_bastion = true
-
 bastion_image_id = "Autonomous"
 
 bastion_os_version = "7.9"
@@ -68,7 +66,7 @@ bastion_notification_protocol = "EMAIL"
 
 bastion_notification_topic = "bastion"
 
-bastion_tags = {
+freeform_tags = {
     access      = "public"
     environment = "dev"
     role        = "bastion"

diff --git a/variables.tf b/variables.tf
@@ -56,13 +56,6 @@ variable "vcn_id" {
 }
 
 # bastion host parameters
-
-variable "create_bastion_host" {
-  description = "Whether to create the bastion host."
-  default     = false
-  type        = bool
-}
-
 variable "bastion_image_id" {
   description = "Provide a custom image id for the bastion host or leave as Autonomous."
   default     = "Autonomous"
@@ -145,7 +138,7 @@ variable "bastion_notification_topic" {
 }
 
 # tagging
-variable "bastion_tags" {
+variable "freeform_tags" {
   description = "Freeform tags for bastion"
   default = {
     access      = "public"