service connector module

karthicgit · karthicgit · commit f5780fa95192 · 2023-05-10T00:30:08.000+05:30
Signed-off-by: Karthic Ravindran &lt;karthic.ravindran@oracle.com&gt;
diff --git a/modules/serviceconnector/README.md b/modules/serviceconnector/README.md
@@ -0,0 +1,43 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_oci"></a> [oci](#requirement\_oci) | >= 4.67.3 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_oci"></a> [oci](#provider\_oci) | >= 4.67.3 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [oci_identity_dynamic_group.serviceconnector_dynamic_group](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_dynamic_group) | resource |
+| [oci_identity_policy.serviceconnector_policy](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_policy) | resource |
+| [oci_sch_service_connector.this](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/sch_service_connector) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_compartment_ocid"></a> [compartment\_ocid](#input\_compartment\_ocid) | Compartment OCID | `string` | n/a | yes |
+| <a name="input_create_dg"></a> [create\_dg](#input\_create\_dg) | Whether to create dynamic group or not | `bool` | n/a | yes |
+| <a name="input_dynamic_group_name"></a> [dynamic\_group\_name](#input\_dynamic\_group\_name) | Dynamic group display name | `string` | n/a | yes |
+| <a name="input_policy_compartment_id"></a> [policy\_compartment\_id](#input\_policy\_compartment\_id) | Compartment where policy will be created | `string` | n/a | yes |
+| <a name="input_service_connector_def"></a> [service\_connector\_def](#input\_service\_connector\_def) | n/a | <pre>map(object({<br>    defined_tags  = optional(map(string))<br>    freeform_tags = optional(map(string))<br>    display_name  = string<br>    description   = optional(string)<br>    state         = optional(string, "ACTIVE")<br>    sch_source    = string<br>    sch_target    = string<br><br>    #For Streaming source<br>    stream_id     = optional(string)<br>    stream_cursor = optional(string)<br>    #For logging source<br>    log_source = optional(list(object({<br>      compartment_id = optional(string)<br>      log_group_id   = optional(string, "_Audit")<br>      log_id         = optional(string)<br>    })))<br>    #For monitoring source<br>    monitoring_source = optional(list(object({<br>      compartment_id   = optional(string)<br>      metric_namespace = list(string)<br>    })))<br><br>    target = object({<br>      #For Objectstorage target<br>      bucket_name                = optional(string)<br>      batch_rollover_size_in_mbs = optional(number, 100)<br>      batch_rollover_time_in_ms  = optional(number, 420000)<br>      object_name_prefix         = optional(string)<br>      #For Streaming target<br>      stream_id = optional(string)<br>      #For Notification target<br>      topic_id = optional(string)<br>      #For Function target<br>      function_id = optional(string)<br>      #For LoggingAnalytics Target<br>      log_group_id   = optional(string)<br>      log_source     = optional(string)<br>      compartment_id = optional(string)<br>    })<br>    tasks = optional(object({<br>      log_condition     = optional(string)<br>      function_id       = optional(string)<br>      batch_size_in_kbs = optional(string, 5120)<br>      batch_time_in_sec = optional(string, 600)<br><br>    }))<br>  }))</pre> | n/a | yes |
+| <a name="input_tenancy_ocid"></a> [tenancy\_ocid](#input\_tenancy\_ocid) | Tenancy OCID | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_service_connectors"></a> [service\_connectors](#output\_service\_connectors) | Service Connector |
+<!-- END_TF_DOCS -->
diff --git a/modules/serviceconnector/main.tf b/modules/serviceconnector/main.tf
@@ -0,0 +1,85 @@
+#Copyright (c) 2023 Oracle Corporation and/or its affiliates.
+#Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
+
+resource "oci_sch_service_connector" "this" {
+  for_each       = var.service_connector_def
+  compartment_id = var.compartment_ocid
+  display_name   = each.value.display_name
+  source {
+    kind = each.value.sch_source
+    dynamic "cursor" {
+      for_each = each.value.sch_source == "streaming" ? [1] : []
+      content {
+        #https://docs.oracle.com/en-us/iaas/Content/Streaming/Tasks/using_a_single_consumer.htm#usingcursors
+        kind = each.value.stream_cursor
+      }
+    }
+
+    dynamic "log_sources" {
+      for_each = each.value.sch_source == "logging" ? each.value.log_source : []
+      content {
+        compartment_id = coalesce(log_sources.value.compartment_id, var.compartment_ocid)
+        log_group_id   = log_sources.value.log_group_id
+        log_id         = log_sources.value.log_id
+
+      }
+    }
+    dynamic "monitoring_sources" {
+      for_each = each.value.sch_source == "monitoring" ? each.value.monitoring_source : []
+      content {
+
+        compartment_id = coalesce(monitoring_sources.value.compartment_id, var.compartment_ocid)
+        namespace_details {
+          kind = "selected"
+          dynamic "namespaces" {
+            for_each = monitoring_sources.value.metric_namespace
+            content {
+              metrics {
+                kind = "all"
+              }
+              namespace = namespaces.value
+            }
+          }
+        }
+      }
+    }
+    stream_id = each.value.sch_source == "streaming" ? each.value.stream_id : null
+  }
+  target {
+    kind                       = each.value.sch_target
+    log_group_id               = each.value.sch_target == "loggingAnalytics" ? each.value.target.log_group_id : null
+    log_source_identifier      = (each.value.sch_source == "streaming" && each.value.sch_target == "loggingAnalytics") ? each.value.target.la_log_source : null
+    compartment_id             = coalesce(each.value.target.compartment_id, var.compartment_ocid)
+    stream_id                  = each.value.sch_target == "streaming" ? each.value.target.stream_id : null
+    bucket                     = each.value.sch_target == "objectstorage" ? each.value.target.bucket : null
+    object_name_prefix         = each.value.sch_target == "objectstorage" ? each.value.target.object_name_prefix : null
+    batch_rollover_size_in_mbs = each.value.sch_target == "objectstorage" ? each.value.target.batch_rollover_size_in_mbs : null
+    batch_rollover_time_in_ms  = each.value.sch_target == "objectstorage" ? each.value.target.batch_rollover_time_in_ms : null
+    topic_id                   = each.value.sch_target == "notifications" ? each.value.target.topic_id : null
+    enable_formatted_messaging = each.value.sch_target == "notifications" ? each.value.target.enable_formatted_messaging : null
+    function_id                = each.value.sch_target == "functions" ? each.value.target.function_id : null
+
+  }
+  defined_tags  = each.value.defined_tags
+  description   = "Service connector for ${each.value.sch_source} to ${each.value.sch_target}"
+  freeform_tags = each.value.freeform_tags
+  dynamic "tasks" {
+    for_each = each.value.tasks != null ? [1] : []
+    content {
+      kind      = "logRule"
+      condition = each.value.tasks.log_condition
+    }
+  }
+  dynamic "tasks" {
+    for_each = each.value.tasks != null ? [1] : []
+    content {
+
+      kind = "function"
+
+      batch_size_in_kbs = each.value.tasks.batch_size_in_kbs
+      batch_time_in_sec = each.value.tasks.batch_time_in_sec
+      function_id       = each.value.tasks.function_id
+    }
+  }
+
+}
diff --git a/modules/serviceconnector/outputs.tf b/modules/serviceconnector/outputs.tf
@@ -0,0 +1,7 @@
+#Copyright (c) 2023 Oracle Corporation and/or its affiliates.
+#Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
+
+output "service_connectors" {
+  description = "Service Connector"
+  value       = { for k in oci_sch_service_connector.this : k.display_name => k.id }
+}
diff --git a/modules/serviceconnector/policies.tf b/modules/serviceconnector/policies.tf
@@ -0,0 +1,51 @@
+#Copyright (c) 2023 Oracle Corporation and/or its affiliates.
+#Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
+
+locals {
+  policy_compartment_id = var.policy_compartment_id == null ? var.tenancy_ocid : var.policy_compartment_id
+
+  target_policies = {
+    for k, v in var.service_connector_def : k => (v.create_policy && v.sch_target == "loggingAnalytics") ? "Allow dynamic-group ${var.dynamic_group_name} to use loganalytics-log-group in compartment id ${coalesce(v.target.compartment_id, var.compartment_ocid)} where target.loganalytics-log-group.id='${v.target.log_group_id}'" :
+    (v.create_policy && v.sch_target == "notifications") ? "Allow dynamic-group ${var.dynamic_group_name} to use ons-topics in compartment id ${coalesce(v.target.compartment_id, var.compartment_ocid)}" :
+    (v.create_policy && v.sch_target == "functions") ? "Allow dynamic-group ${var.dynamic_group_name} to use fn-invocation in compartment id ${coalesce(v.target.compartment_id, var.compartment_ocid)}" :
+    (v.create_policy && v.sch_target == "objectstorage") ? "Allow dynamic-group ${var.dynamic_group_name} to manage objects in compartment id ${coalesce(v.target.compartment_id, var.compartment_ocid)} where target.bucket.name='${coalesce(v.target.bucket_name, "dummy")}'" :
+    (v.create_policy && v.sch_target == "streaming") ? "Allow dynamic-group ${var.dynamic_group_name} to use stream-push in compartment id ${coalesce(v.target.compartment_id, var.compartment_ocid)} where target.stream.id='${v.target.stream_id}'" : ""
+  }
+  source_policies = {
+    for k, v in var.service_connector_def : k => (v.create_policy && v.sch_source == "streaming") ? "Allow dynamic-group ${var.dynamic_group_name} to {STREAM_READ, STREAM_CONSUME} in compartment id ${coalesce(v.target.compartment_id, var.compartment_ocid)} where target.stream.id='${v.stream_id}'" :
+    (v.create_policy && v.sch_source == "monitoring") ? "Allow dynamic-group ${var.dynamic_group_name} to read metrics in compartment id ${coalesce(v.target.compartment_id, var.compartment_ocid)}" : ""
+  }
+
+  allpolicies = { for key in distinct(concat(keys(local.target_policies), keys(local.source_policies))) :
+    key => compact(flatten([lookup(local.target_policies, key, []),
+      lookup(local.source_policies, key, [])
+    ]))
+  }
+
+  policies = { for k, v in local.allpolicies : k => v if length(v) > 0 }
+
+}
+
+#Create dynamic group
+resource "oci_identity_dynamic_group" "serviceconnector_dynamic_group" {
+  provider = oci.home
+
+  count          = var.create_dg ? 1 : 0
+  compartment_id = var.tenancy_ocid
+  description    = "Dynamic group for service connector"
+  matching_rule  = "All {resource.type = 'serviceconnector', resource.compartment.id = '${var.compartment_ocid}'}"
+  name           = var.dynamic_group_name
+
+}
+
+#Create policy for service connector
+resource "oci_identity_policy" "serviceconnector_policy" {
+  provider = oci.home
+
+  for_each       = local.policies
+  compartment_id = local.policy_compartment_id
+  description    = format("%s%s", "Policies for service connector ", each.key)
+  name           = format("%s_%s", "serviceconnector", each.key)
+  statements     = each.value
+
+}
diff --git a/modules/serviceconnector/variables.tf b/modules/serviceconnector/variables.tf
@@ -0,0 +1,91 @@
+#Copyright (c) 2023 Oracle Corporation and/or its affiliates.
+#Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
+
+variable "compartment_ocid" {
+  description = "Compartment OCID"
+  type        = string
+}
+
+variable "create_dg" {
+  type        = bool
+  description = "Whether to create dynamic group or not"
+}
+variable "tenancy_ocid" {
+  description = "Tenancy OCID"
+  type        = string
+}
+
+variable "policy_compartment_id" {
+  type        = string
+  description = "Compartment where policy will be created"
+
+}
+
+variable "dynamic_group_name" {
+  type        = string
+  description = "Dynamic group display name"
+
+}
+
+variable "service_connector_def" {
+  type = map(object({
+    defined_tags  = optional(map(string))
+    freeform_tags = optional(map(string))
+    display_name  = string
+    description   = optional(string)
+    state         = optional(string, "ACTIVE")
+    sch_source    = string
+    sch_target    = string
+
+    #For Streaming source
+    stream_id     = optional(string)
+    stream_cursor = optional(string)
+    #For logging source
+    log_source = optional(list(object({
+      compartment_id = optional(string)
+      log_group_id   = optional(string, "_Audit")
+      log_id         = optional(string)
+    })))
+    #For monitoring source
+    monitoring_source = optional(list(object({
+      compartment_id   = optional(string)
+      metric_namespace = list(string)
+    })))
+
+    target = object({
+      #For Objectstorage target
+      bucket_name                = optional(string)
+      batch_rollover_size_in_mbs = optional(number, 100)
+      batch_rollover_time_in_ms  = optional(number, 420000)
+      object_name_prefix         = optional(string)
+      #For Streaming target
+      stream_id = optional(string)
+      #For Notification target
+      topic_id = optional(string)
+      #For Function target
+      function_id = optional(string)
+      #For LoggingAnalytics Target
+      log_group_id   = optional(string)
+      log_source     = optional(string)
+      compartment_id = optional(string)
+    })
+    tasks = optional(object({
+      log_condition     = optional(string)
+      function_id       = optional(string)
+      batch_size_in_kbs = optional(string, 5120)
+      batch_time_in_sec = optional(string, 600)
+
+    }))
+  }))
+  validation {
+    condition = alltrue([
+    for i in var.service_connector_def : contains(["logging", "monitoring", "streaming"], i.sch_source)])
+    error_message = "Allowed value for sch_source is logging,monitoring and streaming."
+  }
+  validation {
+    condition = alltrue([
+    for i in var.service_connector_def : contains(["loggingAnalytics", "objectstorage", "streaming", "notifications"], i.sch_target)])
+    error_message = "Allowed value for sch_target is loggingAnalytics,notifications,objectstorage and streaming."
+  }
+
+}
diff --git a/modules/serviceconnector/versions.tf b/modules/serviceconnector/versions.tf
@@ -0,0 +1,13 @@
+#Copyright (c) 2023 Oracle Corporation and/or its affiliates.
+#Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
+
+terraform {
+  required_providers {
+    oci = {
+      source                = "oracle/oci"
+      version               = ">= 4.67.3"
+      configuration_aliases = [oci.home]
+    }
+  }
+  required_version = ">= 1.3.0"
+}
