Skip to content

Commit b545c8b

Browse files
authored
Merge pull request #72 from oracle-devrel/develop
Develop
2 parents d6b5681 + bac04b0 commit b545c8b

File tree

13 files changed

+57
-22
lines changed

13 files changed

+57
-22
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@
7777
CD3 stands for <b>C</b>loud <b>D</b>eployment <b>D</b>esign <b>D</b>eliverable.
7878
The CD3 Automation toolkit has been developed to help in automating the OCI resource object management.
7979
<br><br>
80-
It reads input data in the form of CD3 Excel sheet and generates Terraform files which can be used to provision the resources in OCI instead of handling the task through the OCI console manually. The toolkit also reverse engineers the components in OCI back to the Excel sheet and Terraform configuration. This generated Terraform code can be used by the OCI Resource Manager or leveraged by the organisationsCI/CD processes.
80+
It reads input data in the form of CD3 Excel sheet and generates Terraform files which can be used to provision the resources in OCI instead of handling the task through the OCI console manually. The toolkit also reverse engineers the components in OCI back to the Excel sheet and Terraform configuration. The toolkit can be used throughtout the lifecycle of tenancy to continuously create or modify existing resources. The generated Terraform code can be used by the OCI Resource Manager or can be integrated into organisations existing devops CI/CD ecosystem.
8181
<br><br>
8282
<kbd>
8383
<img width="748" alt="Screenshot 2022-12-30 at 11 57 41 AM" src="https://user-images.githubusercontent.com/111430850/210614513-5d2e97a6-3c1e-4a2b-a793-3a1b6410c856.png">

cd3_automation_toolkit/DeveloperServices/__init__.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,4 @@
22

33
from .ResourceManager import *
44
from .OKE import *
5+

cd3_automation_toolkit/Network/BaseNetwork/create_all_tf_objects.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,5 +48,5 @@ def create_all_tf_objects(inputfile, outdir, service_dir,prefix, config, non_gf_
4848
create_terraform_subnet_vlan(inputfile, outdir, service_dir, prefix, non_gf_tenancy, config, network_vlan_in_setupoci,modify_network)
4949

5050
if non_gf_tenancy == False:
51-
print('\n\nMake sure to export all SecRules, RouteRules and DRG RouteRules to CD3. Use sub-options 4,5,6 under option 3(Network) of Main Menu for the same.')
51+
print('\n\nMake sure to export all SecRules, RouteRules and DRG RouteRules to CD3. Use sub-options 3,4,5 under option 3(Network) of Main Menu for the same.')
5252

cd3_automation_toolkit/Release-Notes

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,9 @@
1+
----------------------------------
2+
CD3 Automation Toolkit Tag v12.1
3+
----------------------------------
4+
1. Bug fix for SDDC
5+
2. Bug fix for OPA rules
6+
17
----------------------------------
28
CD3 Automation Toolkit Tag v12
39
----------------------------------

cd3_automation_toolkit/documentation/user_guide/RunningAutomationToolkit.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ prefix=
4242
#input config file for Python API communication with OCI eg /cd3user/tenancies/<customer_name>/<customer_name>_config;
4343
config_file=
4444
45-
#path to cd3 excel eg /cd3user/tenancies/<customer_name>\CD3-Customer.xlsx
45+
#path to cd3 excel eg /cd3user/tenancies/<customer_name>/CD3-Customer.xlsx
4646
cd3file=
4747
4848
#Is it Non GreenField tenancy
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.

cd3_automation_toolkit/user-scripts/OPA/Storage/oci_deny_public_bucket.rego

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,14 +11,32 @@ deny[reason] {
1111
r.mode == "managed"
1212
r.type == "oci_objectstorage_bucket"
1313
r.change.after.access_type == "ObjectRead"
14+
# r.change.after.kms_key_id == null
15+
# r.change.after.versioning == "Disabled"
16+
17+
reason := sprintf("%-40s :: OCI buckets must be private as per CIS standard's",
18+
[r.address])
19+
}
20+
21+
deny[reason] {
22+
r = tfplan.resource_changes[_]
23+
r.mode == "managed"
24+
r.type == "oci_objectstorage_bucket"
1425
r.change.after.kms_key_id == null
15-
r.change.after.versioning == "Disabled"
1626

17-
reason := sprintf("%-40s :: OCI buckets must be private/versioning enabled/encrypted with CMK as per CIS standard's",
27+
reason := sprintf("%-40s :: OCI buckets must be encrypted with CMK as per CIS standard's",
1828
[r.address])
1929
}
2030

31+
deny[reason] {
32+
r = tfplan.resource_changes[_]
33+
r.mode == "managed"
34+
r.type == "oci_objectstorage_bucket"
35+
r.change.after.versioning == "Disabled"
2136

37+
reason := sprintf("%-40s :: OCI buckets should be private/versioning enabled/encrypted with CMK as per CIS standard's",
38+
[r.address])
39+
}
2240

2341
#To enforce encryption at rest for object storage:
2442
default enforce_object_storage_encryption = false

0 commit comments

Comments
 (0)