Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add skipping variable #644

Merged
merged 23 commits into from
Jan 10, 2024
Merged

add skipping variable #644

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
cbac92a
add skipping variable
Aayush-Abhyarthi Nov 29, 2023
b329d00
renaming policy skipping variables
Aayush-Abhyarthi Dec 5, 2023
1229e5c
Merge branch 'main' into skip-s2s-auth-policy-creation
Aayush-Abhyarthi Dec 5, 2023
b62f2f1
Merge branch 'main' into skip-s2s-auth-policy-creation
Aayush-Abhyarthi Dec 6, 2023
ed8c45d
Merge branch 'main' into skip-s2s-auth-policy-creation
Aayush-Abhyarthi Dec 7, 2023
4c820a9
update descriptions
Aayush-Abhyarthi Dec 10, 2023
3eda99c
resolve conflicts
Aayush-Abhyarthi Dec 13, 2023
7e45d2e
Merge branch 'main' into skip-s2s-auth-policy-creation
ocofaigh Dec 14, 2023
31f4a22
Merge branch 'main' into skip-s2s-auth-policy-creation
ocofaigh Dec 15, 2023
1df1aff
Merge branch 'main' into skip-s2s-auth-policy-creation
Aayush-Abhyarthi Dec 15, 2023
8e9cfe4
add wait_till
Aayush-Abhyarthi Dec 15, 2023
a64fa2b
Merge branch 'main' into skip-s2s-auth-policy-creation
Aayush-Abhyarthi Dec 15, 2023
3bb5f9a
remove cluster variables from vsi and vpc patterns
Aayush-Abhyarthi Dec 18, 2023
d6b1e4f
Merge branch 'main' into skip-s2s-auth-policy-creation
Aayush-Abhyarthi Dec 18, 2023
640d04d
fix: inconsistent conditional types
Aayush-Abhyarthi Dec 18, 2023
c108818
fix inconsistent conditional types
Aayush-Abhyarthi Dec 20, 2023
a44c41a
fix: resolve conflicts
Aayush-Abhyarthi Jan 6, 2024
10cb446
update common dev assets
Aayush-Abhyarthi Jan 8, 2024
8d4e3e3
Merge branch 'main' into skip-s2s-auth-policy-creation
ocofaigh Jan 8, 2024
32ce82a
fix: resolve conflicts
Aayush-Abhyarthi Jan 8, 2024
3a231ec
Merge branch 'main' into skip-s2s-auth-policy-creation
Aayush-Abhyarthi Jan 8, 2024
9b60488
Merge branch 'main' into skip-s2s-auth-policy-creation
ocofaigh Jan 9, 2024
6126eab
fix: resolve conflicts
Aayush-Abhyarthi Jan 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -899,7 +899,6 @@ module "cluster_pattern" {
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_access_groups"></a> [access\_groups](#input\_access\_groups) | A list of access groups to create | <pre>list(<br> object({<br> name = string # Name of the group<br> description = string # Description of group<br> policies = list(<br> object({<br> name = string # Name of the policy<br> roles = list(string) # list of roles for the policy<br> resources = object({<br> resource_group = optional(string) # Name of the resource group the policy will apply to<br> resource_type = optional(string) # Name of the resource type for the policy ex. "resource-group"<br> resource = optional(string) # The resource of the policy definition<br> service = optional(string) # Name of the service type for the policy ex. "cloud-object-storage"<br> resource_instance_id = optional(string) # ID of a service instance to give permissions<br> })<br> })<br> )<br> dynamic_policies = optional(<br> list(<br> object({<br> name = string # Dynamic group name<br> identity_provider = string # URI for identity provider<br> expiration = number # How many hours authenticated users can work before refresh<br> conditions = object({<br> claim = string # key value to evaluate the condition against.<br> operator = string # The operation to perform on the claim. Supported values are EQUALS, EQUALS_IGNORE_CASE, IN, NOT_EQUALS_IGNORE_CASE, NOT_EQUALS, and CONTAINS.<br> value = string # Value to be compared agains<br> })<br> })<br> )<br> )<br> account_management_policies = optional(list(string))<br> invite_users = optional(list(string)) # Users to invite to the access group<br> })<br> )</pre> | `[]` | no |
| <a name="input_add_kms_block_storage_s2s"></a> [add\_kms\_block\_storage\_s2s](#input\_add\_kms\_block\_storage\_s2s) | Whether to create a service-to-service authorization between block storage and the key management service. | `bool` | `true` | no |
| <a name="input_appid"></a> [appid](#input\_appid) | The App ID instance to be used for the teleport vsi deployments | <pre>object({<br> name = optional(string)<br> resource_group = optional(string)<br> use_data = optional(bool)<br> keys = optional(list(string))<br> use_appid = bool<br> })</pre> | <pre>{<br> "use_appid": false<br>}</pre> | no |
| <a name="input_atracker"></a> [atracker](#input\_atracker) | atracker variables | <pre>object({<br> resource_group = string<br> receive_global_events = bool<br> collector_bucket_name = string<br> add_route = bool<br> })</pre> | n/a | yes |
| <a name="input_clusters"></a> [clusters](#input\_clusters) | A list describing clusters workloads to create | <pre>list(<br> object({<br> name = string # Name of Cluster<br> vpc_name = string # Name of VPC<br> subnet_names = list(string) # List of vpc subnets for cluster<br> workers_per_subnet = number # Worker nodes per subnet.<br> machine_type = string # Worker node flavor<br> kube_type = string # iks or openshift<br> kube_version = optional(string) # Can be a version from `ibmcloud ks versions`, `latest` or `default`<br> entitlement = optional(string) # entitlement option for openshift<br> pod_subnet = optional(string) # Portable subnet for pods<br> service_subnet = optional(string) # Portable subnet for services<br> resource_group = string # Resource Group used for cluster<br> cos_name = optional(string) # Name of COS instance Required only for OpenShift clusters<br> update_all_workers = optional(bool) # If true force workers to update<br> access_tags = optional(list(string), [])<br> boot_volume_crk_name = optional(string) # Boot volume encryption key name<br> kms_config = optional(<br> object({<br> crk_name = string # Name of key<br> private_endpoint = optional(bool) # Private endpoint<br> })<br> )<br> worker_pools = optional(<br> list(<br> object({<br> name = string # Worker pool name<br> vpc_name = string # VPC name<br> workers_per_subnet = number # Worker nodes per subnet<br> flavor = string # Worker node flavor<br> subnet_names = list(string) # List of vpc subnets for worker pool<br> entitlement = optional(string) # entitlement option for openshift<br> boot_volume_crk_name = optional(string) # Boot volume encryption key name<br> })<br> )<br> )<br> })<br> )</pre> | n/a | yes |
Expand All @@ -916,6 +915,8 @@ module "cluster_pattern" {
| <a name="input_secrets_manager"></a> [secrets\_manager](#input\_secrets\_manager) | Map describing an optional secrets manager deployment | <pre>object({<br> use_secrets_manager = bool<br> name = optional(string)<br> kms_key_name = optional(string)<br> resource_group = optional(string)<br> access_tags = optional(list(string), [])<br> })</pre> | <pre>{<br> "use_secrets_manager": false<br>}</pre> | no |
| <a name="input_security_groups"></a> [security\_groups](#input\_security\_groups) | Security groups for VPC | <pre>list(<br> object({<br> name = string<br> vpc_name = string<br> resource_group = optional(string)<br> access_tags = optional(list(string), [])<br> rules = list(<br> object({<br> name = string<br> direction = string<br> source = string<br> tcp = optional(<br> object({<br> port_max = number<br> port_min = number<br> })<br> )<br> udp = optional(<br> object({<br> port_max = number<br> port_min = number<br> })<br> )<br> icmp = optional(<br> object({<br> type = number<br> code = number<br> })<br> )<br> })<br> )<br> })<br> )</pre> | `[]` | no |
| <a name="input_service_endpoints"></a> [service\_endpoints](#input\_service\_endpoints) | Service endpoints. Can be `public`, `private`, or `public-and-private` | `string` | `"private"` | no |
| <a name="input_skip_all_s2s_auth_policies"></a> [skip\_all\_s2s\_auth\_policies](#input\_skip\_all\_s2s\_auth\_policies) | Set it to true to create the authorization policy. | `bool` | `false` | no |
| <a name="input_skip_kms_block_storage_s2s_auth_policy"></a> [skip\_kms\_block\_storage\_s2s\_auth\_policy](#input\_skip\_kms\_block\_storage\_s2s\_auth\_policy) | Whether to create a service-to-service authorization between block storage and the key management service. | `bool` | `false` | no |
| <a name="input_ssh_keys"></a> [ssh\_keys](#input\_ssh\_keys) | SSH keys to use to provision a VSI. Must be an RSA key with a key size of either 2048 bits or 4096 bits (recommended). If `public_key` is not provided, the named key will be looked up from data. If a resource group name is added, it must be included in `var.resource_groups`. See https://cloud.ibm.com/docs/vpc?topic=vpc-ssh-keys. | <pre>list(<br> object({<br> name = string<br> public_key = optional(string)<br> resource_group = optional(string)<br> })<br> )</pre> | n/a | yes |
| <a name="input_tags"></a> [tags](#input\_tags) | List of resource tags to apply to resources created by this module. | `list(string)` | `[]` | no |
| <a name="input_teleport_config_data"></a> [teleport\_config\_data](#input\_teleport\_config\_data) | Teleport config data. This is used to create a single template for all teleport instances to use. Creating a single template allows for values to remain sensitive | <pre>object({<br> teleport_license = optional(string)<br> https_cert = optional(string)<br> https_key = optional(string)<br> domain = optional(string)<br> cos_bucket_name = optional(string)<br> cos_key_name = optional(string)<br> teleport_version = optional(string)<br> message_of_the_day = optional(string)<br> hostname = optional(string)<br> app_id_key_name = optional(string)<br> claims_to_roles = optional(<br> list(<br> object({<br> email = string<br> roles = list(string)<br> })<br> )<br> )<br> })</pre> | `null` | no |
Expand Down
60 changes: 30 additions & 30 deletions dynamic_values.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,36 +3,36 @@
##############################################################################

module "dynamic_values" {
source = "./dynamic_values"
region = var.region
prefix = var.prefix
key_management = var.key_management
key_management_guid = module.key_management.key_management_guid
clusters = var.clusters
vpcs = var.vpcs
resource_groups = local.resource_groups
vpc_modules = module.vpc
cos = var.cos
cos_data_source = data.ibm_resource_instance.cos
cos_resource = ibm_resource_instance.cos
cos_resource_keys = ibm_resource_key.key
suffix = random_string.random_cos_suffix.result
ssh_keys = var.ssh_keys
vsi = var.vsi
virtual_private_endpoints = var.virtual_private_endpoints
vpn_gateways = var.vpn_gateways
security_groups = var.security_groups
bastion_vsi = var.teleport_vsi
access_groups = var.access_groups
appid = var.appid
appid_resource = ibm_resource_instance.appid
appid_data = data.ibm_resource_instance.appid
teleport_domain = tostring(var.teleport_config_data.domain)
f5_vsi = var.f5_vsi
f5_template_data = var.f5_template_data
secrets_manager = var.secrets_manager
add_kms_block_storage_s2s = var.add_kms_block_storage_s2s
atracker_cos_bucket = var.atracker.add_route == true ? var.atracker.collector_bucket_name : null
source = "./dynamic_values"
region = var.region
prefix = var.prefix
key_management = var.key_management
key_management_guid = module.key_management.key_management_guid
clusters = var.clusters
vpcs = var.vpcs
resource_groups = local.resource_groups
vpc_modules = module.vpc
cos = var.cos
cos_data_source = data.ibm_resource_instance.cos
cos_resource = ibm_resource_instance.cos
cos_resource_keys = ibm_resource_key.key
suffix = random_string.random_cos_suffix.result
ssh_keys = var.ssh_keys
vsi = var.vsi
virtual_private_endpoints = var.virtual_private_endpoints
vpn_gateways = var.vpn_gateways
security_groups = var.security_groups
bastion_vsi = var.teleport_vsi
access_groups = var.access_groups
appid = var.appid
appid_resource = ibm_resource_instance.appid
appid_data = data.ibm_resource_instance.appid
teleport_domain = tostring(var.teleport_config_data.domain)
f5_vsi = var.f5_vsi
f5_template_data = var.f5_template_data
secrets_manager = var.secrets_manager
skip_kms_block_storage_s2s_auth_policy = var.skip_kms_block_storage_s2s_auth_policy
atracker_cos_bucket = var.atracker.add_route == true ? var.atracker.collector_bucket_name : null
}

##############################################################################
4 changes: 2 additions & 2 deletions dynamic_values/config_modules/service_authorizations/service_authorizations.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ variable "secrets_manager" {
description = "Secrets Manager config"
}

variable "add_kms_block_storage_s2s" {
variable "skip_kms_block_storage_s2s_auth_policy" {
description = "Add kms to block storage s2s"
}

Expand All @@ -43,7 +43,7 @@ locals {
module "kms_to_block_storage" {
source = "../list_to_map"
list = [
for instance in(var.add_kms_block_storage_s2s ? ["block-storage"] : []) :
for instance in(var.skip_kms_block_storage_s2s_auth_policy ? ["block-storage"] : []) :
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The logic needs to be reversed now since skip_kms_block_storage_s2s_auth_policy will have value of false now

{
name = instance
source_service_name = "server-protect"
Expand Down
16 changes: 8 additions & 8 deletions dynamic_values/service_authorizations.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,14 @@
##############################################################################

module "service_authorizations" {
source = "./config_modules/service_authorizations"
key_management = var.key_management
key_management_guid = var.key_management_guid
cos = var.cos
cos_instance_ids = local.cos_instance_ids
secrets_manager = var.secrets_manager
add_kms_block_storage_s2s = var.add_kms_block_storage_s2s
atracker_cos_bucket = var.atracker_cos_bucket
source = "./config_modules/service_authorizations"
key_management = var.key_management
key_management_guid = var.key_management_guid
cos = var.cos
cos_instance_ids = local.cos_instance_ids
secrets_manager = var.secrets_manager
skip_kms_block_storage_s2s_auth_policy = var.skip_kms_block_storage_s2s_auth_policy
atracker_cos_bucket = var.atracker_cos_bucket
}

##############################################################################
2 changes: 1 addition & 1 deletion dynamic_values/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ variable "secrets_manager" {
# Service Authorization Variables
##############################################################################

variable "add_kms_block_storage_s2s" {
variable "skip_kms_block_storage_s2s_auth_policy" {
description = "Direct reference to kms block storage variable"
}

Expand Down
Loading