init (resources creation ok)

This commit is contained in:
bdeshi 2024-05-28 15:02:15 +06:00
commit 334770143c
Signed by: bdeshi
GPG Key ID: 410D03DA9A3468E0
15 changed files with 281 additions and 0 deletions

1
.envrc.sample Normal file
View File

@ -0,0 +1 @@
export TF_VAR_config_file_profile="${OCI_CLI_PROFILE}"

36
.gitignore vendored Normal file
View File

@ -0,0 +1,36 @@
# from: https://github.com/github/gitignore/blob/main/Terraform.gitignore
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
crash.*.log
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# Ignore CLI configuration files
.terraformrc
terraform.rc

6
.terraform-docs.yml Normal file
View File

@ -0,0 +1,6 @@
formatter: markdown table
output:
file: README.md
mode: inject
sort:
by: required

1
.terraform-version Normal file
View File

@ -0,0 +1 @@
latest-allowed

25
.terraform.lock.hcl generated Normal file
View File

@ -0,0 +1,25 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/oracle/oci" {
version = "5.42.0"
constraints = "~> 5.42.0"
hashes = [
"h1:FSU0QtxN1cRv9DSxPqwg8E7tdYy/fXrA0fqOqVaqhEM=",
"zh:3002adc1c0c23b56c79eac20aa8bcbeecac3ad61e959d4bf3fdbf02c43e0b6fe",
"zh:3de47921a93a72dc7a4661f82863f7d7d6e50aec42ec8b289201ebbc19569e2f",
"zh:4897dab7303c79597c5b79ed2e3158634f74582a5db22225bd3923c0019b3682",
"zh:5b816202c988397d6ca6ddc4919bb10227f93168eeb5d5dacffe552fdbcd643e",
"zh:8424d47852d1d80611d2d321c9e5aa88b77ace37cc0d3e9e3346ef0b7812d516",
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
"zh:a637b4e0172c588d0b8f41995b0b36526e535ad461dd3bfd5d6f739e2d9fb37c",
"zh:b6cb3e0a2e93de7475cb06b3ceed4ad47bbef5dd3d626a13c4f2095cb9c7459b",
"zh:c54c437e136eb63cf087ec66f476e9e10fdcb5ddd695c6daf45ca634985d6b55",
"zh:c7563b56f31e08a2d8fefb19834f08d116581a4b47bbb43486da9082e719d6d5",
"zh:c8f98a1463fea84486d7ff1a7149a60684de8ebb06f408adaf74dc6940914a39",
"zh:cfdb86269b01c19f0f3da9d2b087d3a56343f1eba9021cf0c49d697041357359",
"zh:d68a4bfbd7a1d11eded456724b7876428e42aa5e86ff64b53da8bba1b8a6b2c4",
"zh:d755b0f6836472327116ac9c111bddcf8719a98f4a68c2377ecaa3f42dfaa094",
"zh:f6567eadd4469e66f6d990fcccc8dd8232d8555a2f8698bc823c57384668a074",
]
}

32
README.md Normal file
View File

@ -0,0 +1,32 @@
# oci woodpecker cache
sets up a cache bucket on oci for use with [woodpecker ci](https://woodpecker-ci.org/).
depends on [terraform-oci-free](https://git.bdeshi.space/bdeshi/terraform-oci-free).
## Usage
```bash
terraform init -backend-config=terraform.backend.tfvars
terraform apply -var-file=terraform.tfvars
```
Collect the output values and create woodpecker ci user-level variables, eg:
```yaml
CACHE_S3_ENDPOINT: <s3_endpoint>
CACHE_S3_BUCKET: <s3_bucket_name>
CACHE_S3_ACCESS_KEY_ID: <s3_access_key_id>
CACHE_S3_SECRET_ACCESS_KEY: <s3_secret_access_key>
CACHE_USE_PATH_STYLE: true
```
these variables can then be used with the [drone-cache](https://github.com/meltwater/drone-cache/)
plugin in a woodpecker ci pipeline.
<!-- markdownlint-disable -->
# Terraform Docs
<!-- BEGIN_TF_DOCS -->
<!-- END_TF_DOCS -->

42
oci.iam.tf Normal file
View File

@ -0,0 +1,42 @@
resource "oci_identity_user" "woodpecker_cache" {
compartment_id = local.tenancy_id
name = local.woodpecker_cache_iam_name
description = local.woodpecker_cache_iam_name
freeform_tags = local.default_tags
}
resource "oci_identity_user_capabilities_management" "woodpecker_cache" {
user_id = oci_identity_user.woodpecker_cache.id
can_use_customer_secret_keys = "true"
can_use_api_keys = "false"
can_use_auth_tokens = "false"
can_use_console_password = "false"
can_use_smtp_credentials = "false"
}
resource "oci_identity_customer_secret_key" "woodpecker_cache" {
display_name = local.woodpecker_cache_iam_name
user_id = oci_identity_user.woodpecker_cache.id
}
resource "oci_identity_group" "woodpecker_cache" {
compartment_id = local.tenancy_id
name = local.woodpecker_cache_iam_name
description = local.woodpecker_cache_iam_name
freeform_tags = local.default_tags
}
resource "oci_identity_user_group_membership" "woodpecker_cache" {
group_id = oci_identity_group.woodpecker_cache.id
user_id = oci_identity_user.woodpecker_cache.id
}
resource "oci_identity_policy" "woodpecker_cache" {
compartment_id = local.compartment_id
description = local.woodpecker_cache_iam_name
name = local.woodpecker_cache_iam_name
statements = [
"ALLOW group ${oci_identity_group.woodpecker_cache.name} TO manage objects IN COMPARTMENT '${local.compartment_name}' where all {target.bucket.name = '${oci_objectstorage_bucket.woodpecker_cache.name}'}"
]
freeform_tags = local.default_tags
}

47
oci.objectstorage.tf Normal file
View File

@ -0,0 +1,47 @@
data "oci_objectstorage_namespace" "ns" {
compartment_id = local.compartment_id
}
resource "oci_objectstorage_bucket" "woodpecker_cache" {
compartment_id = local.compartment_id
name = "woodpecker-cache"
namespace = data.oci_objectstorage_namespace.ns.namespace
freeform_tags = local.default_tags
}
resource "oci_objectstorage_object_lifecycle_policy" "woodpecker_cache" {
bucket = oci_objectstorage_bucket.woodpecker_cache.name
namespace = data.oci_objectstorage_namespace.ns.namespace
rules {
is_enabled = true
action = "INFREQUENT_ACCESS"
name = "migrate-infrequent-access"
target = "objects"
time_amount = 30
time_unit = "DAYS"
}
rules {
is_enabled = true
action = "ARCHIVE"
name = "migrate-archive"
target = "objects"
time_amount = 90
time_unit = "DAYS"
}
rules {
is_enabled = true
action = "DELETE"
name = "delete-old-caches"
target = "objects"
time_amount = 120
time_unit = "DAYS"
}
rules {
is_enabled = true
action = "ABORT"
name = "cancel-multipart-uploads"
target = "multipart-uploads"
time_amount = "3"
time_unit = "DAYS"
}
}

View File

@ -0,0 +1,5 @@
#vim:ft=hcl
organization = "***"
workspaces {
name = "***"
}

4
terraform.data.tf Normal file
View File

@ -0,0 +1,4 @@
data "terraform_remote_state" "base" {
backend = var.remote_state_type
config = var.remote_state_config
}

12
terraform.locals.tf Normal file
View File

@ -0,0 +1,12 @@
locals {
tenancy_id = data.terraform_remote_state.base.outputs.tenancy_id
compartment_id = data.terraform_remote_state.base.outputs.compartment_id
compartment_name = data.terraform_remote_state.base.outputs.compartment_name
default_tags = {
ManagedBy = "iac/terraform"
"iac/source" = var.iac_source
"iac/component" = var.iac_component
}
woodpecker_cache_iam_name = "woodpecker-cache-operator"
}

21
terraform.outputs.tf Normal file
View File

@ -0,0 +1,21 @@
output "s3_bucket_name" {
value = oci_objectstorage_bucket.woodpecker_cache.name
}
output "s3_endpoint" {
value = "https://${oci_objectstorage_bucket.woodpecker_cache.namespace}.compat.objectstorage.${var.oci_region}.oraclecloud.com"
}
output "s3_accss_key_id" {
value = oci_identity_customer_secret_key.woodpecker_cache.id
}
output "s3_secret_access_key" {
value = oci_identity_customer_secret_key.woodpecker_cache.key
sensitive = true
}
output "s3_use_path_style" {
description = "Use path style access for S3. This is necessary for OCI object storage."
value = true
}

15
terraform.tf Normal file
View File

@ -0,0 +1,15 @@
terraform {
required_version = "~> 1.8.0"
required_providers {
oci = {
source = "oracle/oci"
version = "~> 5.42.0"
}
}
backend "remote" {}
}
provider "oci" {
region = var.oci_region
}

9
terraform.tfvars.sample Normal file
View File

@ -0,0 +1,9 @@
#vim:ft=hcl
oci_region = "uk-london-1"
remote_state_type = "remote"
remote_state_config = {
organization = "***"
workspaces = {
name = "***"
}
}

25
terraform.variables.tf Normal file
View File

@ -0,0 +1,25 @@
variable "oci_region" {
type = string
}
variable "iac_source" {
type = string
default = "git@git.bdeshi.space:bdeshi/terraform-oci-woodpecker-cache.git"
description = "Source of the iac config. used in various tags and metadata."
}
variable "iac_component" {
type = string
default = "oci-woodpecker-cache"
description = "Component name of the iac config. used in various tags and metadata."
}
variable "remote_state_type" {
type = string
description = "The type of the remote state backend to fetch the compartment_id from"
}
variable "remote_state_config" {
type = any
description = "The configuration of the remote state backend to fetch the compartment_id from"
}