Automation Toolkit Release v12.1

Author: bhlohumi

cd3_automation_toolkit/DeveloperServices/__init__.py

@@ -2,3 +2,4 @@
 
 from .ResourceManager import *
 from .OKE import *
+

cd3_automation_toolkit/Network/BaseNetwork/create_all_tf_objects.py

@@ -48,5 +48,5 @@ def create_all_tf_objects(inputfile, outdir, service_dir,prefix, config, non_gf_
         create_terraform_subnet_vlan(inputfile, outdir, service_dir, prefix, non_gf_tenancy, config, network_vlan_in_setupoci,modify_network)
 
     if non_gf_tenancy == False:
-        print('\n\nMake sure to export all SecRules, RouteRules and DRG RouteRules to CD3. Use sub-options 4,5,6 under option 3(Network) of Main Menu for the same.')
+        print('\n\nMake sure to export all SecRules, RouteRules and DRG RouteRules to CD3. Use sub-options 3,4,5 under option 3(Network) of Main Menu for the same.')
 

cd3_automation_toolkit/Release-Notes

@@ -402,4 +402,4 @@ Export Security Rules/Route Rules
 It also offers functionality to create OCS Work VM into customer's OCI tenancy using which all other tasks can be carried out.
 Please go through readMe under SetUpOCI_ViaTF for details on how to use the automation.
 
-It works for 2 regions currently: Ashburn and Phoenix ie it works for customer tenancy subscribed to Ashburn and Phoenix
+It works for 2 regions currently: Ashburn and Phoenix ie it works for customer tenancy subscribed to Ashburn and Phoenix

cd3_automation_toolkit/example/CD3-Blank-template.xlsx

@@ -5,11 +5,15 @@ package terraform
 #Ensure versioning is enabled for buckets.
 import input as tfplan
 
+
 deny[reason] {
 	r = tfplan.resource_changes[_]
 	r.mode == "managed"
 	r.type == "oci_objectstorage_bucket"
 	r.change.after.access_type == "ObjectRead"
+#	r.change.after.kms_key_id == null
+#    r.change.after.versioning == "Disabled"
+
 	reason := sprintf("%-40s :: OCI buckets must be private as per CIS standard's",
 	                    [r.address])
 }
@@ -19,6 +23,7 @@ deny[reason] {
 	r.mode == "managed"
 	r.type == "oci_objectstorage_bucket"
 	r.change.after.kms_key_id == null
+
 	reason := sprintf("%-40s :: OCI buckets must be encrypted with CMK as per CIS standard's",
 	                    [r.address])
 }
@@ -27,7 +32,8 @@ deny[reason] {
 	r = tfplan.resource_changes[_]
 	r.mode == "managed"
 	r.type == "oci_objectstorage_bucket"
-        r.change.after.versioning == "Disabled"
+   r.change.after.versioning == "Disabled"
+
 	reason := sprintf("%-40s :: OCI buckets should be private/versioning enabled/encrypted with CMK as per CIS standard's",
 	                    [r.address])
 }
@@ -54,4 +60,4 @@ enforce_object_storage_config {
     bucket.is_public_access_allowed == false
     bucket.are_server_side_encryption_rules_enabled
     #bucket.defined_tags["cis.cis-benchmark"] == "true"
-}
+}

cd3_automation_toolkit/example/CD3-CIS-template.xlsx

@@ -156,9 +156,9 @@ resource "null_resource" "ansible-remote-exec" {
     inline = [
       "sudo dnf install -y epel-release",
       "sudo dnf install ansible -y",
-      "sudo ansible --version",
       "sudo ansible-galaxy collection install community.general",
       "sudo ansible-galaxy collection install ansible.posix",
+      "sudo ansible --version",
       "sudo chmod 777 /home/opc/${local.remote_execute_script}",
       "sudo touch /etc/cron.d/ansible",
       "sudo chmod 600 /etc/cron.d/ansible",
@@ -270,4 +270,4 @@ resource "oci_core_app_catalog_subscription" "mp_image_subscription" {
   timeouts {
     create = "20m"
   }
-}
+}

cd3_automation_toolkit/example/CD3-HubSpoke-template.xlsx

@@ -14,26 +14,36 @@ locals {
     }
   ]])
 
-  ds_vols = flatten([
-    for key, val in var.sddcs : [
-    for item in (try (concat(val.management_datastore, val.workload_datastore),[])): {
-    volume_compartment_id = split("@", item)[0]
-    volume_display_name = split("@", item)[1]
-    }
-        ]
-  ])
-  management_datastores = { for key,val in var.sddcs : key =>
-   try([for value in val.management_datastore: data.oci_core_volumes.ds_volumes[split("@", value)[1]].volumes.*.id[0]],[])
+  ds_vols = flatten([ for key, val in var.sddcs : [
+  for item in concat(local.mgmt_vols[val.display_name],local.wkld_vols[val.display_name]): {
+  volume_display_name = item.volume_display_name
+  volume_compartment_id = item.volume_compartment_id
+  }
+  ]])
+
+  mgmt_vols = { for key, val in var.sddcs :
+     val.display_name =>  try([for item in val.management_datastore: {
+    volume_compartment_id = try(split("@", item)[0],null)
+    volume_display_name = try(split("@", item)[1],null)
+    }],[])}
+
+  wkld_vols = { for key, val in var.sddcs :
+     val.display_name => try([ for item in val.workload_datastore:
+    {
+    volume_compartment_id = try(split("@", item)[0],null)
+    volume_display_name = try(split("@", item)[1],null)
+     }] ,[])}
+
+ management_datastores = { for key,val in var.sddcs : key => (val.management_datastore != null ? [for value in val.management_datastore: data.oci_core_volumes.ds_volumes[split("@", value)[1]].volumes.*.id[0]] : [])
   }
 
- workload_datastores = {for key,val in var.sddcs: key =>
- try([for value in val.workload_datastore: data.oci_core_volumes.ds_volumes[split("@", value)[1]].volumes.*.id[0]],[])
+ workload_datastores = {for key,val in var.sddcs: key => (val.workload_datastore != null ? [for value in val.workload_datastore: data.oci_core_volumes.ds_volumes[split("@", value)[1]].volumes.*.id[0]] : [])
              }
  }
 
 
 data "oci_core_volumes" "ds_volumes" {
-    for_each = {for value in local.ds_vols : value.volume_display_name => value.volume_compartment_id if local.ds_vols != null }
+    for_each = {for value in local.ds_vols : value.volume_display_name => value.volume_compartment_id if value.volume_display_name != null }
     compartment_id = each.value != null ? (length(regexall("ocid1.compartment.oc1*", each.value)) > 0 ? each.value : var.compartment_ocids[each.value]) : var.compartment_ocids[each.value]
     display_name = each.key
     state = "AVAILABLE"