fix for policies,examples update

karthicgit · karthicgit · commit 2f4b4361c8ac · 2023-05-11T17:26:12.000+05:30
Signed-off-by: Karthic Ravindran &lt;karthic.ravindran@oracle.com&gt;
diff --git a/examples/serviceconnector/main.tf b/examples/serviceconnector/main.tf
@@ -0,0 +1,38 @@
+module "svc" {
+  source                = "./modules/serviceconnector"
+  service_connector_def = local.service_connector_def
+  policy_compartment_id = local.policy_compartment_id
+  dynamic_group         = local.dynamic_group
+
+  tenancy_ocid = local.tenancy_ocid
+  providers = {
+    oci.home = oci.home
+  }
+
+}
+
+locals {
+  tenancy_ocid = "<tenancy_ocid>"
+  dynamic_group = {
+    dg1 = { compartment_id = "<service connector compartment id>" }
+  }
+  policy_compartment_id = "<policy compartment>" #if not set policy will be created default in root compartment
+  service_connector_def = { sch2 = {
+    compartment_id = "<service connector compartment id>"
+    #If policy needs to be created set the below two values. By default its set to false to not create policy
+    #Set create_policy to true 
+    #set dynamic group name with respect to service connector compartment
+    create_policy      = true
+    dynamic_group_name = "<dynamicgroupname>"
+
+    sch_source   = "streaming"
+    sch_target   = "objectstorage"
+    display_name = "sch2"
+
+    stream_id = "existing stream ocid"
+    target = {
+      bucket = "<bucket name>"
+    }
+    }
+  }
+}
diff --git a/examples/serviceconnector/provider.tf.example b/examples/serviceconnector/provider.tf.example
@@ -0,0 +1,30 @@
+provider "oci" {
+  region           = "<region where service connector to be created>"
+  fingerprint      = ""
+  private_key_path = ""
+
+  tenancy_ocid = ""
+  user_ocid    = ""
+
+}
+
+provider "oci" {
+  alias            = "home"
+  region           = "<region>"
+  fingerprint      = ""
+  private_key_path = ""
+
+  tenancy_ocid = ""
+  user_ocid    = ""
+
+}
+
+terraform {
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = ">= 4.67.3"
+    }
+  }
+  required_version = ">= 1.3.0"
+}
diff --git a/modules/serviceconnector/README.md b/modules/serviceconnector/README.md
@@ -11,6 +11,7 @@
 | Name | Version |
 |------|---------|
 | <a name="provider_oci"></a> [oci](#provider\_oci) | >= 4.67.3 |
+| <a name="provider_oci.home"></a> [oci.home](#provider\_oci.home) | >= 4.67.3 |
 
 ## Modules
 
@@ -28,11 +29,9 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_compartment_ocid"></a> [compartment\_ocid](#input\_compartment\_ocid) | Compartment OCID | `string` | n/a | yes |
-| <a name="input_create_dg"></a> [create\_dg](#input\_create\_dg) | Whether to create dynamic group or not | `bool` | n/a | yes |
-| <a name="input_dynamic_group_name"></a> [dynamic\_group\_name](#input\_dynamic\_group\_name) | Dynamic group display name | `string` | n/a | yes |
+| <a name="input_dynamic_group"></a> [dynamic\_group](#input\_dynamic\_group) | Dynamic group definition for service connector | `map(any)` | n/a | yes |
 | <a name="input_policy_compartment_id"></a> [policy\_compartment\_id](#input\_policy\_compartment\_id) | Compartment where policy will be created | `string` | n/a | yes |
-| <a name="input_service_connector_def"></a> [service\_connector\_def](#input\_service\_connector\_def) | n/a | <pre>map(object({<br>    defined_tags  = optional(map(string))<br>    freeform_tags = optional(map(string))<br>    display_name  = string<br>    description   = optional(string)<br>    state         = optional(string, "ACTIVE")<br>    sch_source    = string<br>    sch_target    = string<br><br>    #For Streaming source<br>    stream_id     = optional(string)<br>    stream_cursor = optional(string)<br>    #For logging source<br>    log_source = optional(list(object({<br>      compartment_id = optional(string)<br>      log_group_id   = optional(string, "_Audit")<br>      log_id         = optional(string)<br>    })))<br>    #For monitoring source<br>    monitoring_source = optional(list(object({<br>      compartment_id   = optional(string)<br>      metric_namespace = list(string)<br>    })))<br><br>    target = object({<br>      #For Objectstorage target<br>      bucket_name                = optional(string)<br>      batch_rollover_size_in_mbs = optional(number, 100)<br>      batch_rollover_time_in_ms  = optional(number, 420000)<br>      object_name_prefix         = optional(string)<br>      #For Streaming target<br>      stream_id = optional(string)<br>      #For Notification target<br>      topic_id = optional(string)<br>      #For Function target<br>      function_id = optional(string)<br>      #For LoggingAnalytics Target<br>      log_group_id   = optional(string)<br>      log_source     = optional(string)<br>      compartment_id = optional(string)<br>    })<br>    tasks = optional(object({<br>      log_condition     = optional(string)<br>      function_id       = optional(string)<br>      batch_size_in_kbs = optional(string, 5120)<br>      batch_time_in_sec = optional(string, 600)<br><br>    }))<br>  }))</pre> | n/a | yes |
+| <a name="input_service_connector_def"></a> [service\_connector\_def](#input\_service\_connector\_def) | n/a | <pre>map(object({<br>    defined_tags       = optional(map(string))<br>    freeform_tags      = optional(map(string))<br>    display_name       = string<br>    description        = optional(string)<br>    state              = optional(string, "ACTIVE")<br>    sch_source         = string<br>    sch_target         = string<br>    compartment_id     = string<br>    create_policy      = optional(bool, false)<br>    dynamic_group_name = optional(string)<br><br>    #For Streaming source<br>    stream_id     = optional(string)<br>    stream_cursor = optional(string)<br>    #For logging source<br>    log_source = optional(list(object({<br>      compartment_id = optional(string)<br>      log_group_id   = optional(string, "_Audit")<br>      log_id         = optional(string)<br>    })))<br>    #For monitoring source<br>    monitoring_source = optional(list(object({<br>      compartment_id   = optional(string)<br>      metric_namespace = list(string)<br>    })))<br><br>    target = object({<br>      #For Objectstorage target<br>      bucket                     = optional(string)<br>      batch_rollover_size_in_mbs = optional(number, 100)<br>      batch_rollover_time_in_ms  = optional(number, 420000)<br>      object_name_prefix         = optional(string)<br>      #For Streaming target<br>      stream_id = optional(string)<br>      #For Notification target<br>      topic_id = optional(string)<br>      #For Function target<br>      function_id = optional(string)<br>      #For LoggingAnalytics Target<br>      log_group_id   = optional(string)<br>      log_source     = optional(string)<br>      compartment_id = optional(string)<br>    })<br>    tasks = optional(object({<br>      log_condition     = optional(string)<br>      function_id       = optional(string)<br>      batch_size_in_kbs = optional(string, 5120)<br>      batch_time_in_sec = optional(string, 600)<br><br>    }))<br>  }))</pre> | n/a | yes |
 | <a name="input_tenancy_ocid"></a> [tenancy\_ocid](#input\_tenancy\_ocid) | Tenancy OCID | `string` | n/a | yes |
 
 ## Outputs
diff --git a/modules/serviceconnector/main.tf b/modules/serviceconnector/main.tf
@@ -3,7 +3,7 @@
 
 resource "oci_sch_service_connector" "this" {
   for_each       = var.service_connector_def
-  compartment_id = var.compartment_ocid
+  compartment_id = each.value.compartment_id
   display_name   = each.value.display_name
   source {
     kind = each.value.sch_source
@@ -18,7 +18,7 @@ resource "oci_sch_service_connector" "this" {
     dynamic "log_sources" {
       for_each = each.value.sch_source == "logging" ? each.value.log_source : []
       content {
-        compartment_id = coalesce(log_sources.value.compartment_id, var.compartment_ocid)
+        compartment_id = coalesce(log_sources.value.compartment_id, each.value.compartment_id)
         log_group_id   = log_sources.value.log_group_id
         log_id         = log_sources.value.log_id
 
@@ -28,7 +28,7 @@ resource "oci_sch_service_connector" "this" {
       for_each = each.value.sch_source == "monitoring" ? each.value.monitoring_source : []
       content {
 
-        compartment_id = coalesce(monitoring_sources.value.compartment_id, var.compartment_ocid)
+        compartment_id = coalesce(monitoring_sources.value.compartment_id, each.value.compartment_id)
         namespace_details {
           kind = "selected"
           dynamic "namespaces" {
@@ -49,7 +49,7 @@ resource "oci_sch_service_connector" "this" {
     kind                       = each.value.sch_target
     log_group_id               = each.value.sch_target == "loggingAnalytics" ? each.value.target.log_group_id : null
     log_source_identifier      = (each.value.sch_source == "streaming" && each.value.sch_target == "loggingAnalytics") ? each.value.target.la_log_source : null
-    compartment_id             = coalesce(each.value.target.compartment_id, var.compartment_ocid)
+    compartment_id             = each.value.sch_target == "monitoring" ? coalesce(each.value.target.compartment_id, each.value.compartment_id) : null
     stream_id                  = each.value.sch_target == "streaming" ? each.value.target.stream_id : null
     bucket                     = each.value.sch_target == "objectstorage" ? each.value.target.bucket : null
     object_name_prefix         = each.value.sch_target == "objectstorage" ? each.value.target.object_name_prefix : null
diff --git a/modules/serviceconnector/policies.tf b/modules/serviceconnector/policies.tf
@@ -5,15 +5,15 @@ locals {
   policy_compartment_id = var.policy_compartment_id == null ? var.tenancy_ocid : var.policy_compartment_id
 
   target_policies = {
-    for k, v in var.service_connector_def : k => (v.create_policy && v.sch_target == "loggingAnalytics") ? "Allow dynamic-group ${var.dynamic_group_name} to use loganalytics-log-group in compartment id ${coalesce(v.target.compartment_id, var.compartment_ocid)} where target.loganalytics-log-group.id='${v.target.log_group_id}'" :
-    (v.create_policy && v.sch_target == "notifications") ? "Allow dynamic-group ${var.dynamic_group_name} to use ons-topics in compartment id ${coalesce(v.target.compartment_id, var.compartment_ocid)}" :
-    (v.create_policy && v.sch_target == "functions") ? "Allow dynamic-group ${var.dynamic_group_name} to use fn-invocation in compartment id ${coalesce(v.target.compartment_id, var.compartment_ocid)}" :
-    (v.create_policy && v.sch_target == "objectstorage") ? "Allow dynamic-group ${var.dynamic_group_name} to manage objects in compartment id ${coalesce(v.target.compartment_id, var.compartment_ocid)} where target.bucket.name='${coalesce(v.target.bucket_name, "dummy")}'" :
-    (v.create_policy && v.sch_target == "streaming") ? "Allow dynamic-group ${var.dynamic_group_name} to use stream-push in compartment id ${coalesce(v.target.compartment_id, var.compartment_ocid)} where target.stream.id='${v.target.stream_id}'" : ""
+    for k, v in var.service_connector_def : k => (v.create_policy && v.sch_target == "loggingAnalytics") ? "Allow dynamic-group ${v.dynamic_group_name} to use loganalytics-log-group in compartment id ${coalesce(v.target.compartment_id, v.compartment_id)} where target.loganalytics-log-group.id='${v.target.log_group_id}'" :
+    (v.create_policy && v.sch_target == "notifications") ? "Allow dynamic-group ${v.dynamic_group_name} to use ons-topics in compartment id ${coalesce(v.target.compartment_id, v.compartment_id)}" :
+    (v.create_policy && v.sch_target == "functions") ? "Allow dynamic-group ${v.dynamic_group_name} to use fn-invocation in compartment id ${coalesce(v.target.compartment_id, v.compartment_id)}" :
+    (v.create_policy && v.sch_target == "objectstorage") ? "Allow dynamic-group ${v.dynamic_group_name} to manage objects in compartment id ${coalesce(v.target.compartment_id, v.compartment_id)} where target.bucket.name='${v.target.bucket}'" :
+    (v.create_policy && v.sch_target == "streaming") ? "Allow dynamic-group ${v.dynamic_group_name} to use stream-push in compartment id ${coalesce(v.target.compartment_id, v.compartment_id)} where target.stream.id='${v.target.stream_id}'" : ""
   }
   source_policies = {
-    for k, v in var.service_connector_def : k => (v.create_policy && v.sch_source == "streaming") ? "Allow dynamic-group ${var.dynamic_group_name} to {STREAM_READ, STREAM_CONSUME} in compartment id ${coalesce(v.target.compartment_id, var.compartment_ocid)} where target.stream.id='${v.stream_id}'" :
-    (v.create_policy && v.sch_source == "monitoring") ? "Allow dynamic-group ${var.dynamic_group_name} to read metrics in compartment id ${coalesce(v.target.compartment_id, var.compartment_ocid)}" : ""
+    for k, v in var.service_connector_def : k => (v.create_policy && v.sch_source == "streaming") ? "Allow dynamic-group ${v.dynamic_group_name} to {STREAM_READ, STREAM_CONSUME} in compartment id ${coalesce(v.target.compartment_id, v.compartment_id)} where target.stream.id='${v.stream_id}'" :
+    (v.create_policy && v.sch_source == "monitoring") ? "Allow dynamic-group ${v.dynamic_group_name} to read metrics in compartment id ${coalesce(v.target.compartment_id, v.compartment_id)}" : ""
   }
 
   allpolicies = { for key in distinct(concat(keys(local.target_policies), keys(local.source_policies))) :
@@ -30,11 +30,11 @@ locals {
 resource "oci_identity_dynamic_group" "serviceconnector_dynamic_group" {
   provider = oci.home
 
-  count          = var.create_dg ? 1 : 0
+  for_each       = var.dynamic_group
   compartment_id = var.tenancy_ocid
   description    = "Dynamic group for service connector"
-  matching_rule  = "All {resource.type = 'serviceconnector', resource.compartment.id = '${var.compartment_ocid}'}"
-  name           = var.dynamic_group_name
+  matching_rule  = "All {resource.type = 'serviceconnector', resource.compartment.id = '${each.value.compartment_id}'}"
+  name           = each.key
 
 }
 
diff --git a/modules/serviceconnector/variables.tf b/modules/serviceconnector/variables.tf
@@ -1,15 +1,6 @@
 #Copyright (c) 2023 Oracle Corporation and/or its affiliates.
 #Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
-variable "compartment_ocid" {
-  description = "Compartment OCID"
-  type        = string
-}
-
-variable "create_dg" {
-  type        = bool
-  description = "Whether to create dynamic group or not"
-}
 variable "tenancy_ocid" {
   description = "Tenancy OCID"
   type        = string
@@ -21,25 +12,29 @@ variable "policy_compartment_id" {
 
 }
 
-variable "dynamic_group_name" {
-  type        = string
-  description = "Dynamic group display name"
+variable "dynamic_group" {
+  type        = map(any)
+  description = "Dynamic group definition for service connector"
+  default     = {}
 
 }
 
 variable "service_connector_def" {
   type = map(object({
-    defined_tags  = optional(map(string))
-    freeform_tags = optional(map(string))
-    display_name  = string
-    description   = optional(string)
-    state         = optional(string, "ACTIVE")
-    sch_source    = string
-    sch_target    = string
+    defined_tags       = optional(map(string))
+    freeform_tags      = optional(map(string))
+    display_name       = string
+    description        = optional(string)
+    state              = optional(string, "ACTIVE")
+    sch_source         = string
+    sch_target         = string
+    compartment_id     = string
+    create_policy      = optional(bool, false)
+    dynamic_group_name = optional(string)
 
     #For Streaming source
     stream_id     = optional(string)
-    stream_cursor = optional(string)
+    stream_cursor = optional(string, "LATEST")
     #For logging source
     log_source = optional(list(object({
       compartment_id = optional(string)
@@ -54,7 +49,7 @@ variable "service_connector_def" {
 
     target = object({
       #For Objectstorage target
-      bucket_name                = optional(string)
+      bucket                     = optional(string)
       batch_rollover_size_in_mbs = optional(number, 100)
       batch_rollover_time_in_ms  = optional(number, 420000)
       object_name_prefix         = optional(string)
@@ -84,8 +79,8 @@ variable "service_connector_def" {
   }
   validation {
     condition = alltrue([
-    for i in var.service_connector_def : contains(["loggingAnalytics", "objectstorage", "streaming", "notifications"], i.sch_target)])
-    error_message = "Allowed value for sch_target is loggingAnalytics,notifications,objectstorage and streaming."
+    for i in var.service_connector_def : contains(["loggingAnalytics", "objectstorage", "streaming", "notifications", "functions"], i.sch_target)])
+    error_message = "Allowed value for sch_target is functions,loggingAnalytics,notifications,objectstorage and streaming."
   }
 
 }
