Merge pull request #72 from oracle-devrel/develop

xs2suruchi · web-flow · commit b545c8b4df39 · 2023-09-29T11:32:08.000+05:30
Develop
diff --git a/README.md b/README.md
@@ -77,7 +77,7 @@
 CD3 stands for <b>C</b>loud <b>D</b>eployment <b>D</b>esign <b>D</b>eliverable.
 The CD3 Automation toolkit has been developed to help in automating the OCI resource object management. 
 <br><br>
-It reads input data in the form of CD3 Excel sheet and generates Terraform files which can be used to provision the resources in OCI instead of handling the task through the OCI console manually. The toolkit also reverse engineers the components in OCI back to the Excel sheet and Terraform configuration. This generated Terraform code can be used by the OCI Resource Manager or leveraged by the organisations’ CI/CD processes.
+It reads input data in the form of CD3 Excel sheet and generates Terraform files which can be used to provision the resources in OCI instead of handling the task through the OCI console manually. The toolkit also reverse engineers the components in OCI back to the Excel sheet and Terraform configuration. The toolkit can be used throughtout the lifecycle of tenancy to continuously create or modify existing resources. The generated Terraform code can be used by the OCI Resource Manager or can be integrated into organisations existing devops CI/CD ecosystem.
 <br><br>
 <kbd>
 <img width="748" alt="Screenshot 2022-12-30 at 11 57 41 AM" src="https://user-images.githubusercontent.com/111430850/210614513-5d2e97a6-3c1e-4a2b-a793-3a1b6410c856.png">
diff --git a/cd3_automation_toolkit/DeveloperServices/__init__.py b/cd3_automation_toolkit/DeveloperServices/__init__.py
@@ -2,3 +2,4 @@
 
 from .ResourceManager import *
 from .OKE import *
+
diff --git a/cd3_automation_toolkit/Network/BaseNetwork/create_all_tf_objects.py b/cd3_automation_toolkit/Network/BaseNetwork/create_all_tf_objects.py
@@ -48,5 +48,5 @@ def create_all_tf_objects(inputfile, outdir, service_dir,prefix, config, non_gf_
         create_terraform_subnet_vlan(inputfile, outdir, service_dir, prefix, non_gf_tenancy, config, network_vlan_in_setupoci,modify_network)
 
     if non_gf_tenancy == False:
-        print('\n\nMake sure to export all SecRules, RouteRules and DRG RouteRules to CD3. Use sub-options 4,5,6 under option 3(Network) of Main Menu for the same.')
+        print('\n\nMake sure to export all SecRules, RouteRules and DRG RouteRules to CD3. Use sub-options 3,4,5 under option 3(Network) of Main Menu for the same.')
 
diff --git a/cd3_automation_toolkit/Release-Notes b/cd3_automation_toolkit/Release-Notes
@@ -1,3 +1,9 @@
+----------------------------------
+CD3 Automation Toolkit Tag v12.1
+----------------------------------
+1. Bug fix for SDDC
+2. Bug fix for OPA rules
+
 ----------------------------------
 CD3 Automation Toolkit Tag v12
 ----------------------------------
diff --git a/cd3_automation_toolkit/documentation/user_guide/RunningAutomationToolkit.md b/cd3_automation_toolkit/documentation/user_guide/RunningAutomationToolkit.md
@@ -42,7 +42,7 @@ prefix=
 #input config file for Python API communication with OCI eg /cd3user/tenancies/<customer_name>/<customer_name>_config;
 config_file=
 
-#path to cd3 excel eg /cd3user/tenancies/<customer_name>\CD3-Customer.xlsx
+#path to cd3 excel eg /cd3user/tenancies/<customer_name>/CD3-Customer.xlsx
 cd3file=
 
 #Is it Non GreenField tenancy
diff --git a/cd3_automation_toolkit/example/CD3-Blank-template.xlsx b/cd3_automation_toolkit/example/CD3-Blank-template.xlsx
diff --git a/cd3_automation_toolkit/example/CD3-CIS-template.xlsx b/cd3_automation_toolkit/example/CD3-CIS-template.xlsx
diff --git a/cd3_automation_toolkit/example/CD3-HubSpoke-template.xlsx b/cd3_automation_toolkit/example/CD3-HubSpoke-template.xlsx
diff --git a/cd3_automation_toolkit/example/CD3-SingleVCN-template.xlsx b/cd3_automation_toolkit/example/CD3-SingleVCN-template.xlsx
diff --git a/cd3_automation_toolkit/user-scripts/OPA/Storage/oci_deny_public_bucket.rego b/cd3_automation_toolkit/user-scripts/OPA/Storage/oci_deny_public_bucket.rego
@@ -11,14 +11,32 @@ deny[reason] {
 	r.mode == "managed"
 	r.type == "oci_objectstorage_bucket"
 	r.change.after.access_type == "ObjectRead"
+#	r.change.after.kms_key_id == null
+#    r.change.after.versioning == "Disabled"
+
+	reason := sprintf("%-40s :: OCI buckets must be private as per CIS standard's",
+	                    [r.address])
+}
+
+deny[reason] {
+	r = tfplan.resource_changes[_]
+	r.mode == "managed"
+	r.type == "oci_objectstorage_bucket"
 	r.change.after.kms_key_id == null
-    r.change.after.versioning == "Disabled"
 
-	reason := sprintf("%-40s :: OCI buckets must be private/versioning enabled/encrypted with CMK as per CIS standard's",
+	reason := sprintf("%-40s :: OCI buckets must be encrypted with CMK as per CIS standard's",
 	                    [r.address])
 }
 
+deny[reason] {
+	r = tfplan.resource_changes[_]
+	r.mode == "managed"
+	r.type == "oci_objectstorage_bucket"
+   r.change.after.versioning == "Disabled"
 
+	reason := sprintf("%-40s :: OCI buckets should be private/versioning enabled/encrypted with CMK as per CIS standard's",
+	                    [r.address])
+}
 
 #To enforce encryption at rest for object storage:
 default enforce_object_storage_encryption = false
diff --git a/cd3_automation_toolkit/user-scripts/terraform/modules/compute/instance/main.tf b/cd3_automation_toolkit/user-scripts/terraform/modules/compute/instance/main.tf
@@ -156,9 +156,9 @@ resource "null_resource" "ansible-remote-exec" {
     inline = [
       "sudo dnf install -y epel-release",
       "sudo dnf install ansible -y",
-      "sudo ansible --version",
       "sudo ansible-galaxy collection install community.general",
       "sudo ansible-galaxy collection install ansible.posix",
+      "sudo ansible --version",
       "sudo chmod 777 /home/opc/${local.remote_execute_script}",
       "sudo touch /etc/cron.d/ansible",
       "sudo chmod 600 /etc/cron.d/ansible",
@@ -270,4 +270,4 @@ resource "oci_core_app_catalog_subscription" "mp_image_subscription" {
   timeouts {
     create = "20m"
   }
-}
+}
diff --git a/cd3_automation_toolkit/user-scripts/terraform/sddc.tf b/cd3_automation_toolkit/user-scripts/terraform/sddc.tf
@@ -14,26 +14,36 @@ locals {
     }
   ]])
 
-  ds_vols = flatten([
-    for key, val in var.sddcs : [
-    for item in (try (concat(val.management_datastore, val.workload_datastore),[])): {
-    volume_compartment_id = split("@", item)[0]
-    volume_display_name = split("@", item)[1]
-    }
-        ]
-  ])
-  management_datastores = { for key,val in var.sddcs : key =>
-   try([for value in val.management_datastore: data.oci_core_volumes.ds_volumes[split("@", value)[1]].volumes.*.id[0]],[])
+  ds_vols = flatten([ for key, val in var.sddcs : [
+  for item in concat(local.mgmt_vols[val.display_name],local.wkld_vols[val.display_name]): {
+  volume_display_name = item.volume_display_name
+  volume_compartment_id = item.volume_compartment_id
+  }
+  ]])
+
+  mgmt_vols = { for key, val in var.sddcs :
+     val.display_name =>  try([for item in val.management_datastore: {
+    volume_compartment_id = try(split("@", item)[0],null)
+    volume_display_name = try(split("@", item)[1],null)
+    }],[])}
+
+  wkld_vols = { for key, val in var.sddcs :
+     val.display_name => try([ for item in val.workload_datastore:
+    {
+    volume_compartment_id = try(split("@", item)[0],null)
+    volume_display_name = try(split("@", item)[1],null)
+     }] ,[])}
+
+ management_datastores = { for key,val in var.sddcs : key => (val.management_datastore != null ? [for value in val.management_datastore: data.oci_core_volumes.ds_volumes[split("@", value)[1]].volumes.*.id[0]] : [])
   }
 
- workload_datastores = {for key,val in var.sddcs: key =>
- try([for value in val.workload_datastore: data.oci_core_volumes.ds_volumes[split("@", value)[1]].volumes.*.id[0]],[])
+ workload_datastores = {for key,val in var.sddcs: key => (val.workload_datastore != null ? [for value in val.workload_datastore: data.oci_core_volumes.ds_volumes[split("@", value)[1]].volumes.*.id[0]] : [])
              }
  }
 
 
 data "oci_core_volumes" "ds_volumes" {
-    for_each = {for value in local.ds_vols : value.volume_display_name => value.volume_compartment_id if local.ds_vols != null }
+    for_each = {for value in local.ds_vols : value.volume_display_name => value.volume_compartment_id if value.volume_display_name != null }
     compartment_id = each.value != null ? (length(regexall("ocid1.compartment.oc1*", each.value)) > 0 ? each.value : var.compartment_ocids[each.value]) : var.compartment_ocids[each.value]
     display_name = each.key
     state = "AVAILABLE"
diff --git a/cd3_automation_toolkit/user-scripts/terraform/variables_example.tf b/cd3_automation_toolkit/user-scripts/terraform/variables_example.tf
@@ -1479,8 +1479,8 @@ variable "sddcs" {
     replication_vlan_id                   = optional(string)
     reserving_hcx_on_premise_license_keys = optional(string)
     workload_network_cidr                 = optional(string)
-    management_datastore                  = optional(list(string),[])
-    workload_datastore                    = optional(list(string),[])
+    management_datastore                  = optional(list(string))
+    workload_datastore                    = optional(list(string))
 
   }))
   default = {}

Original file line number	Diff line number	Diff line change
`@@ -2,3 +2,4 @@`
`2`	`2`
`3`	`3`	`from .ResourceManager import *`
`4`	`4`	`from .OKE import *`
	`5`	`+`