init

2024-05-23 13:26:58 +06:00 · 2024-05-23 13:26:58 +06:00 · cec420ab0e
commit cec420ab0e
16 changed files with 371 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,34 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
--- a/.terraform-docs.yml
+++ b/.terraform-docs.yml
@ -0,0 +1,6 @@
+formatter: markdown table
+output:
+  file: README.terraform.md
+  mode: replace
+sort:
+  by: required
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@ -0,0 +1,45 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/tls" {
+  version     = "4.0.5"
+  constraints = "~> 4.0.5"
+  hashes = [
+    "h1:e4LBdJoZJNOQXPWgOAG0UuPBVhCStu98PieNlqJTmeU=",
+    "zh:01cfb11cb74654c003f6d4e32bbef8f5969ee2856394a96d127da4949c65153e",
+    "zh:0472ea1574026aa1e8ca82bb6df2c40cd0478e9336b7a8a64e652119a2fa4f32",
+    "zh:1a8ddba2b1550c5d02003ea5d6cdda2eef6870ece86c5619f33edd699c9dc14b",
+    "zh:1e3bb505c000adb12cdf60af5b08f0ed68bc3955b0d4d4a126db5ca4d429eb4a",
+    "zh:6636401b2463c25e03e68a6b786acf91a311c78444b1dc4f97c539f9f78de22a",
+    "zh:76858f9d8b460e7b2a338c477671d07286b0d287fd2d2e3214030ae8f61dd56e",
+    "zh:a13b69fb43cb8746793b3069c4d897bb18f454290b496f19d03c3387d1c9a2dc",
+    "zh:a90ca81bb9bb509063b736842250ecff0f886a91baae8de65c8430168001dad9",
+    "zh:c4de401395936e41234f1956ebadbd2ed9f414e6908f27d578614aaa529870d4",
+    "zh:c657e121af8fde19964482997f0de2d5173217274f6997e16389e7707ed8ece8",
+    "zh:d68b07a67fbd604c38ec9733069fbf23441436fecf554de6c75c032f82e1ef19",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
+
+provider "registry.terraform.io/oracle/oci" {
+  version     = "5.42.0"
+  constraints = "~> 5.42.0"
+  hashes = [
+    "h1:FSU0QtxN1cRv9DSxPqwg8E7tdYy/fXrA0fqOqVaqhEM=",
+    "zh:3002adc1c0c23b56c79eac20aa8bcbeecac3ad61e959d4bf3fdbf02c43e0b6fe",
+    "zh:3de47921a93a72dc7a4661f82863f7d7d6e50aec42ec8b289201ebbc19569e2f",
+    "zh:4897dab7303c79597c5b79ed2e3158634f74582a5db22225bd3923c0019b3682",
+    "zh:5b816202c988397d6ca6ddc4919bb10227f93168eeb5d5dacffe552fdbcd643e",
+    "zh:8424d47852d1d80611d2d321c9e5aa88b77ace37cc0d3e9e3346ef0b7812d516",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:a637b4e0172c588d0b8f41995b0b36526e535ad461dd3bfd5d6f739e2d9fb37c",
+    "zh:b6cb3e0a2e93de7475cb06b3ceed4ad47bbef5dd3d626a13c4f2095cb9c7459b",
+    "zh:c54c437e136eb63cf087ec66f476e9e10fdcb5ddd695c6daf45ca634985d6b55",
+    "zh:c7563b56f31e08a2d8fefb19834f08d116581a4b47bbb43486da9082e719d6d5",
+    "zh:c8f98a1463fea84486d7ff1a7149a60684de8ebb06f408adaf74dc6940914a39",
+    "zh:cfdb86269b01c19f0f3da9d2b087d3a56343f1eba9021cf0c49d697041357359",
+    "zh:d68a4bfbd7a1d11eded456724b7876428e42aa5e86ff64b53da8bba1b8a6b2c4",
+    "zh:d755b0f6836472327116ac9c111bddcf8719a98f4a68c2377ecaa3f42dfaa094",
+    "zh:f6567eadd4469e66f6d990fcccc8dd8232d8555a2f8698bc823c57384668a074",
+  ]
+}
--- a/README.md
+++ b/README.md
--- a/README.terraform.md
+++ b/README.terraform.md
@ -0,0 +1,64 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.8.0 |
+| <a name="requirement_oci"></a> [oci](#requirement\_oci) | ~> 5.42.0 |
+| <a name="requirement_tls"></a> [tls](#requirement\_tls) | ~> 4.0.5 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_oci"></a> [oci](#provider\_oci) | 5.42.0 |
+| <a name="provider_tls"></a> [tls](#provider\_tls) | 4.0.5 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [oci_identity_api_key.admin](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_api_key) | resource |
+| [oci_identity_auth_token.admin](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_auth_token) | resource |
+| [oci_identity_compartment.compartment](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_compartment) | resource |
+| [oci_identity_customer_secret_key.admin](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_customer_secret_key) | resource |
+| [oci_identity_group.administrators](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_group) | resource |
+| [oci_identity_policy.administrators](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_policy) | resource |
+| [oci_identity_ui_password.admin_initial](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_ui_password) | resource |
+| [oci_identity_user.admin](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_user) | resource |
+| [oci_identity_user_group_membership.admin](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_user_group_membership) | resource |
+| [tls_private_key.admin_api_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
+| [oci_identity_tenancy.tenancy](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/identity_tenancy) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_oci_region"></a> [oci\_region](#input\_oci\_region) | The region for the OCI provider | `string` | n/a | yes |
+| <a name="input_tenancy_id"></a> [tenancy\_id](#input\_tenancy\_id) | The OCID of the tenancy | `string` | n/a | yes |
+| <a name="input_admin_create_credentials"></a> [admin\_create\_credentials](#input\_admin\_create\_credentials) | Types of credentials to create for the admin user | <pre>object({<br>    api_key      = bool<br>    auth_token   = bool<br>    customer_key = bool<br>    password     = bool<br>  })</pre> | <pre>{<br>  "api_key": true,<br>  "auth_token": false,<br>  "customer_key": false,<br>  "password": false<br>}</pre> | no |
+| <a name="input_iac_project_name"></a> [iac\_project\_name](#input\_iac\_project\_name) | The name of the iac project | `string` | `"oci-free"` | no |
+| <a name="input_iac_project_source"></a> [iac\_project\_source](#input\_iac\_project\_source) | The source repo of the iac project | `string` | `"https://git.bdeshi.space/bdeshi/terraform-oci-free.git"` | no |
+| <a name="input_oci_profile"></a> [oci\_profile](#input\_oci\_profile) | The config file profile for the OCI provider | `string` | `null` | no |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | Name prefix for all resources | `string` | `"free-"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_admin_auth_token"></a> [admin\_auth\_token](#output\_admin\_auth\_token) | The auth token of the admin user |
+| <a name="output_admin_initial_password"></a> [admin\_initial\_password](#output\_admin\_initial\_password) | The initial password of the admin user |
+| <a name="output_admin_user_id"></a> [admin\_user\_id](#output\_admin\_user\_id) | The ID of the admin user |
+| <a name="output_api_key_fingerprint"></a> [api\_key\_fingerprint](#output\_api\_key\_fingerprint) | The fingerprint of the admin user API key |
+| <a name="output_api_key_private"></a> [api\_key\_private](#output\_api\_key\_private) | The private part of the admin user API key |
+| <a name="output_compartment_id"></a> [compartment\_id](#output\_compartment\_id) | The ID of the created compartment |
+| <a name="output_compartment_name"></a> [compartment\_name](#output\_compartment\_name) | The name of the created compartment |
+| <a name="output_customer_key_id"></a> [customer\_key\_id](#output\_customer\_key\_id) | The ID of the customer key |
+| <a name="output_customer_key_key"></a> [customer\_key\_key](#output\_customer\_key\_key) | The ID of the customer key |
+| <a name="output_tenancy_id"></a> [tenancy\_id](#output\_tenancy\_id) | The ID of the tenancy |
+| <a name="output_tenancy_name"></a> [tenancy\_name](#output\_tenancy\_name) | The name of the tenancy |
+<!-- END_TF_DOCS -->
--- a/oci.compute.tf
+++ b/oci.compute.tf
--- a/oci.data.tf
+++ b/oci.data.tf
@ -0,0 +1,3 @@
+data "oci_identity_tenancy" "tenancy" {
+  tenancy_id = var.tenancy_id
+}
--- a/oci.db.tf
+++ b/oci.db.tf
--- a/oci.identity.tf
+++ b/oci.identity.tf
@ -0,0 +1,70 @@
+resource "oci_identity_compartment" "compartment" {
+  compartment_id = var.tenancy_id
+  name           = join("", [var.prefix, "compartment"])
+  description    = local.common_description
+  enable_delete  = true
+  freeform_tags  = local.freeform_tags
+}
+
+resource "oci_identity_group" "administrators" {
+  compartment_id = var.tenancy_id
+  name           = join("", [var.prefix, "administrators"])
+  description    = local.common_description
+  freeform_tags  = local.freeform_tags
+}
+
+resource "oci_identity_policy" "administrators" {
+  compartment_id = oci_identity_compartment.compartment.id
+  name           = join("", [var.prefix, "administrators"])
+  description    = local.common_description
+  statements = [
+    "ALLOW group ${oci_identity_group.administrators.name} TO manage all-resources IN compartment ${oci_identity_compartment.compartment.name}"
+  ]
+  freeform_tags = local.freeform_tags
+}
+
+resource "oci_identity_user" "admin" {
+  compartment_id = var.tenancy_id
+  name           = join("", [var.prefix, "admin"])
+  description    = local.common_description
+  freeform_tags  = local.freeform_tags
+}
+
+resource "oci_identity_user_group_membership" "admin" {
+  group_id = oci_identity_group.administrators.id
+  user_id  = oci_identity_user.admin.id
+}
+
+resource "oci_identity_customer_secret_key" "admin" {
+  count = var.admin_create_credentials.customer_key ? 1 : 0
+
+  display_name = join("", [var.prefix, "admin"])
+  user_id      = oci_identity_user.admin.id
+}
+
+resource "oci_identity_ui_password" "admin_initial" {
+  count = var.admin_create_credentials.password ? 1 : 0
+
+  user_id = oci_identity_user.admin.id
+}
+
+resource "oci_identity_auth_token" "admin" {
+  count = var.admin_create_credentials.auth_token ? 1 : 0
+
+  user_id     = oci_identity_user.admin.id
+  description = local.common_description
+}
+
+resource "tls_private_key" "admin_api_key" {
+  count = var.admin_create_credentials.api_key ? 1 : 0
+
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
+resource "oci_identity_api_key" "admin" {
+  count = var.admin_create_credentials.api_key ? 1 : 0
+
+  user_id   = oci_identity_user.admin.id
+  key_value = tls_private_key.admin_api_key[0].public_key_pem
+}
--- a/oci.locals.tf
+++ b/oci.locals.tf
@ -0,0 +1,8 @@
+locals {
+  common_description = "managed by terraform"
+  freeform_tags = {
+    ManagedBy       = "iac/terraform"
+    "iac/source"    = var.iac_project_source
+    "iac/component" = var.iac_project_name
+  }
+}
--- a/oci.networking.tf
+++ b/oci.networking.tf
--- a/terraform.backend.tfvars.sample
+++ b/terraform.backend.tfvars.sample
@ -0,0 +1,6 @@
+# vim:ft=hcl
+
+organization = "***"
+workspaces {
+    name = "oci-free"
+}
--- a/terraform.outputs.tf
+++ b/terraform.outputs.tf
@ -0,0 +1,58 @@
+output "tenancy_id" {
+  description = "The ID of the tenancy"
+  value       = var.tenancy_id
+}
+
+output "tenancy_name" {
+  description = "The name of the tenancy"
+  value       = data.oci_identity_tenancy.tenancy.name
+}
+
+output "compartment_id" {
+  description = "The ID of the created compartment"
+  value       = oci_identity_compartment.compartment.id
+}
+
+output "compartment_name" {
+  description = "The name of the created compartment"
+  value       = oci_identity_compartment.compartment.name
+}
+
+output "admin_user_id" {
+  description = "The ID of the admin user"
+  value       = oci_identity_user.admin.id
+}
+
+output "customer_key_id" {
+  description = "The ID of the customer key"
+  value       = try(oci_identity_customer_secret_key.admin[0].id, null)
+}
+
+output "customer_key_key" {
+  description = "The ID of the customer key"
+  value       = try(oci_identity_customer_secret_key.admin[0].key, null)
+  sensitive = true
+}
+
+output "admin_initial_password" {
+  description = "The initial password of the admin user"
+  value       = try(oci_identity_ui_password.admin_initial[0].password, null)
+  sensitive = true
+}
+
+output "admin_auth_token" {
+  description = "The auth token of the admin user"
+  value       = try(oci_identity_auth_token.admin[0].token, null)
+  sensitive = true
+}
+
+output "api_key_private" {
+  description = "The private part of the admin user API key"
+  value       = try(tls_private_key.admin_api_key[0].private_key_pem, null)
+  sensitive = true
+}
+
+output "api_key_fingerprint" {
+  description = "The fingerprint of the admin user API key"
+  value       = try(oci_identity_api_key.admin[0].fingerprint, null)
+}
--- a/terraform.tf
+++ b/terraform.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = "~> 1.8.0"
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = "~> 5.42.0"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "~> 4.0.5"
+    }
+  }
+  backend "remote" {}
+}
+
+provider "oci" {
+  region              = var.oci_region
+  config_file_profile = var.oci_profile
+}
--- a/terraform.tfvars.sample
+++ b/terraform.tfvars.sample
@ -0,0 +1,4 @@
+# vim:ft=hcl
+
+oci_region = "***"
+tenancy_id = "***"
--- a/terraform.variables.tf
+++ b/terraform.variables.tf
@ -0,0 +1,54 @@
+variable "iac_project_name" {
+  description = "The name of the iac project"
+  type        = string
+  default     = "oci-free"
+}
+
+variable "iac_project_source" {
+  description = "The source repo of the iac project"
+  type        = string
+  default     = "https://git.bdeshi.space/bdeshi/terraform-oci-free.git"
+}
+
+variable "oci_region" {
+  description = "The region for the OCI provider"
+  type        = string
+}
+
+variable "oci_profile" {
+  description = "The config file profile for the OCI provider"
+  type        = string
+  default     = null
+}
+
+variable "tenancy_id" {
+  description = "The OCID of the tenancy"
+  type        = string
+}
+
+
+variable "prefix" {
+  description = "Name prefix for all resources"
+  type        = string
+  default     = "free-"
+  validation {
+    condition     = substr(var.prefix, -1, 1) == "-"
+    error_message = "prefix must end in hyphen"
+  }
+}
+
+variable "admin_create_credentials" {
+  type = object({
+    api_key      = bool
+    auth_token   = bool
+    customer_key = bool
+    password     = bool
+  })
+  default = {
+    api_key      = true
+    auth_token   = false
+    customer_key = false
+    password     = false
+  }
+  description = "Types of credentials to create for the admin user"
+}