You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: cd3_automation_toolkit/documentation/user_guide/GreenField.md
+3-1Lines changed: 3 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -34,7 +34,9 @@ Choose the resources by specifying a single option (for choosing one of these re
34
34
<br>Change your directory to _/cd3user/tenancies/<customer\_name>/terraform\_files/<region\_dir>/_ and Execute:
35
35
36
36
**terraform init** - To initialize and prepare your working/out directory soTerraform can run the configuration.<br>
37
-
**terraform plan** - To preview any changes before you apply them.<br>
37
+
38
+
**terraform plan** - To preview any changes before you apply them. Run the plan against [OPA policies](/cd3_automation_toolkit/documentation/user_guide/learn_more/OPAForCompliance.md) for compliance against CIS.
39
+
38
40
**terraform apply** - To make the changes defined by Terraform configuration to create, update, or destroy resources in OCI.
This occurs when NSG and the VCN are in different compartments. In such cases, please modify <prefix>_nsgs.auto.tfvars, specify the compartment name of the VCN in network_compartment_id field of the problematic NSG.
129
129
130
+
- Terraform ordering changes observed during plan phase for OCI compute plugin's.
Copy file name to clipboardExpand all lines: cd3_automation_toolkit/documentation/user_guide/Upgrade_Toolkit.md
+6Lines changed: 6 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,11 @@
1
1
# Steps to Upgrade Your Toolkit (For Existing Customers using older versions):
2
2
3
+
## Upgrade to Release v12
4
+
1. Follow the steps in Launch Docker Container to build new image with latest code and launch the container by specifying new path for <directory_in_local_system_where_the_files_must_be_generated> to create a fresh outdir.
5
+
2. Use Non Greenfield workflow to export the required OCI services into new excel sheet and the tfvars. Run terraform import commands also.
6
+
3. Once terraform is in synch, Switch to Greenfield workflow and use for any future modifications to the infra.
7
+
8
+
3
9
## Upgrade to Release v11.1 from v11
4
10
1. Follow the steps in [Launch Docker Container](/cd3_automation_toolkit/documentation/user_guide/Launch_Docker_container.md) to build new image with latest code and launch the container by specifying same path for <directory_in_local_system_where_the_files_must_be_generated> to keep using same outdir.
Copy file name to clipboardExpand all lines: cd3_automation_toolkit/documentation/user_guide/learn_more/OPAForCompliance.md
+9-8Lines changed: 9 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -9,26 +9,27 @@ As part of CD3, we have meticulously developed a comprehensive set of policies t
9
9
10
10
Our carefully crafted policies act as gatekeepers, preventing any IAC deployments that do not align with the stringent security and compliance guidelines set by the CIS benchmarks for OCI. By leveraging our policies, you can ensure that your infrastructure deployments remain impervious to any potential vulnerabilities or non-compliance issues.
11
11
12
-
#### **Run OPA inside CD3 container**
13
12
14
-
1. First, ensure you have OPA installed inside CD3 containers.
13
+
#### **Run OPA inside CD3 container**
15
14
16
-
2. Open your command line interface inside CD3 container and run OPA. You should see all available options for OPA.
15
+
1. Open your command line interface inside CD3 container and run OPA. You should see all available options for OPA.
17
16
18
17
opa --help
18
+
Currently CD3 container has OPA version 0.55.0 installed.
19
19
20
20
3. Generate the terraform plan output in json format since OPA accepts that format alone for evaluation.
21
21
22
22
terraform plan -out tfplan.binary
23
23
terraform show -json tfplan.binary > tfplan.json
24
24
25
-
4. Run the following command to evaluate the "deny_ingress_for_sl.rego" policy with a pretty output format:
25
+
4. Run the terraform plan against all the available OPA rules. It should return an empty array which means the plan has no non-compliant action against CIS benchmarks.
5. Also, We can run only one cmd which will run the terraform plan against all the available OPA rules.It should return an empty array which means the plan has no non-compliant action against CIS benchmarks.
0 commit comments