From 9f62a0e6dccf9ba318f0268b9a68496ffc0e1a9b Mon Sep 17 00:00:00 2001 From: vinaykumar-oci Date: Thu, 6 Jul 2023 13:46:46 -0700 Subject: [PATCH 1/7] TagNameSpace Optimization and Bucket Rotation Issue Fix. TagNameSpace Optimization and Bucket Rotation Issue Fix . --- modules/bucket/main.tf | 3 +++ modules/service-connector/main.tf | 3 ++- templates/elz-budget/tagging.tf | 1 + templates/elz-budget/variables.tf | 5 ++++- templates/elz-compartment/tagging.tf | 1 + templates/elz-compartment/variables.tf | 4 ++++ templates/elz-environment/logging.tf | 1 + templates/elz-environment/main.tf | 7 +++++++ templates/elz-environment/network-extension.tf | 1 + templates/elz-environment/variables.tf | 5 +++++ templates/elz-exadata-workload/tagging.tf | 1 + templates/elz-exadata-workload/variables.tf | 4 ++++ templates/elz-hub/tagging.tf | 1 + templates/elz-hub/variables.tf | 5 +++++ templates/elz-identity/tagging.tf | 1 + templates/elz-identity/variables.tf | 4 ++++ templates/elz-logging/tagging.tf | 1 + templates/elz-logging/variables.tf | 4 ++++ templates/elz-monitoring/tagging.tf | 1 + templates/elz-monitoring/variables.tf | 4 ++++ templates/elz-network-extension/tagging.tf | 1 + templates/elz-network-extension/variables.tf | 4 ++++ templates/elz-network/main.tf | 2 ++ templates/elz-network/tagging.tf | 1 + templates/elz-network/variables.tf | 5 ++++- templates/elz-security/tagging.tf | 1 + templates/elz-security/variables.tf | 4 ++++ templates/elz-spoke/tagging.tf | 1 + templates/elz-spoke/variables.tf | 4 ++++ templates/elz-tagging/tagging.tf | 1 + templates/elz-tagging/variables.tf | 4 ++++ templates/elz-workload/CONFIGURATION.md | 8 ++++---- templates/elz-workload/IMPLEMENTATION.md | 4 ++-- templates/elz-workload/network.tf | 2 ++ templates/elz-workload/tagging.tf | 1 + templates/enterprise-landing-zone/environment.tf | 4 +++- templates/enterprise-landing-zone/integration.tfvars | 4 +++- templates/enterprise-landing-zone/tagging.tf | 1 + templates/enterprise-landing-zone/variables.tf | 6 ++++++ templates/freetrial-landing-zone/environment.tf | 1 + templates/freetrial-landing-zone/livelab.tfvars | 1 + templates/freetrial-landing-zone/tagging.tf | 1 + templates/freetrial-landing-zone/variables.tf | 5 ++++- 43 files changed, 111 insertions(+), 12 deletions(-) diff --git a/modules/bucket/main.tf b/modules/bucket/main.tf index 63c29d1a..8dcaceee 100644 --- a/modules/bucket/main.tf +++ b/modules/bucket/main.tf @@ -22,4 +22,7 @@ resource "oci_objectstorage_bucket" "bucket" { time_unit = var.retention_policy_duration_time_unit } } + lifecycle { + ignore_changes = all + } } diff --git a/modules/service-connector/main.tf b/modules/service-connector/main.tf index 6e41bb77..68652638 100644 --- a/modules/service-connector/main.tf +++ b/modules/service-connector/main.tf @@ -30,7 +30,8 @@ resource "oci_sch_service_connector" "service_connector" { } lifecycle { ignore_changes = [ - source[0].stream_id + source[0], + target[0] ] } } \ No newline at end of file diff --git a/templates/elz-budget/tagging.tf b/templates/elz-budget/tagging.tf index 5aedaafe..982ab460 100644 --- a/templates/elz-budget/tagging.tf +++ b/templates/elz-budget/tagging.tf @@ -30,6 +30,7 @@ resource "random_id" "tag" { } module "architecture_tag" { + count = var.is_baseline_deploy ? 0 : 1 source = "../../modules/tag" compartment_id = var.tenancy_ocid tag_namespace_description = local.architecture_tag.tag_namespace_description diff --git a/templates/elz-budget/variables.tf b/templates/elz-budget/variables.tf index a424e65a..b1f08f4e 100644 --- a/templates/elz-budget/variables.tf +++ b/templates/elz-budget/variables.tf @@ -20,7 +20,10 @@ variable "home_compartment_id" { type = string description = "Home Compartment ID" } - +variable "is_baseline_deploy" { + type = bool + description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." +} # ----------------------------------------------------------------------------- # # ----------------------------------------------------------------------------- diff --git a/templates/elz-compartment/tagging.tf b/templates/elz-compartment/tagging.tf index 5aedaafe..982ab460 100644 --- a/templates/elz-compartment/tagging.tf +++ b/templates/elz-compartment/tagging.tf @@ -30,6 +30,7 @@ resource "random_id" "tag" { } module "architecture_tag" { + count = var.is_baseline_deploy ? 0 : 1 source = "../../modules/tag" compartment_id = var.tenancy_ocid tag_namespace_description = local.architecture_tag.tag_namespace_description diff --git a/templates/elz-compartment/variables.tf b/templates/elz-compartment/variables.tf index 4b0eb677..950a338a 100644 --- a/templates/elz-compartment/variables.tf +++ b/templates/elz-compartment/variables.tf @@ -15,6 +15,10 @@ variable "environment_prefix" { type = string description = "the 1 character string representing the environment eg. P (prod), N (non-prod), D, T, U" } +variable "is_baseline_deploy" { + type = bool + description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." +} # ----------------------------------------------------------------------------- # Compartment Variables # ----------------------------------------------------------------------------- diff --git a/templates/elz-environment/logging.tf b/templates/elz-environment/logging.tf index cd9a38f2..9feb8e9f 100644 --- a/templates/elz-environment/logging.tf +++ b/templates/elz-environment/logging.tf @@ -13,6 +13,7 @@ module "logging" { retention_policy_duration_amount = var.retention_policy_duration_amount retention_policy_duration_time_unit = var.retention_policy_duration_time_unit subnets_map = module.network.subnets + is_baseline_deploy = var.is_baseline_deploy depends_on = [ module.network ] diff --git a/templates/elz-environment/main.tf b/templates/elz-environment/main.tf index ec376759..baaf21d1 100644 --- a/templates/elz-environment/main.tf +++ b/templates/elz-environment/main.tf @@ -8,6 +8,7 @@ module "compartment" { environment_compartment_name = var.environment_compartment_name enable_tf_state_backup = var.enable_tf_state_backup enable_logging = var.enable_logging + is_baseline_deploy = var.is_baseline_deploy providers = { oci = oci @@ -43,6 +44,7 @@ module "identity" { workload_compartment_name = module.workload.compartment_name workload_compartment_names = var.workload_compartment_names home_compartment_id = var.home_compartment_id + is_baseline_deploy = var.is_baseline_deploy providers = { oci = oci @@ -73,6 +75,7 @@ module "budget" { budget_alert_rule_message = var.budget_alert_rule_message budget_alert_rule_recipients = var.budget_alert_rule_recipients home_compartment_id = var.home_compartment_id + is_baseline_deploy = var.is_baseline_deploy providers = { oci = oci @@ -99,6 +102,7 @@ module "security" { replica_region = var.vault_replica_region enable_replication = var.enable_vault_replication create_master_encryption_key = var.create_master_encryption_key + is_baseline_deploy = var.is_baseline_deploy providers = { oci = oci @@ -120,6 +124,7 @@ module "network" { region = var.region network_compartment_id = module.compartment.compartments.network.id home_compartment_id = var.home_compartment_id + is_baseline_deploy = var.is_baseline_deploy enable_internet_gateway_hub = var.enable_internet_gateway_hub enable_nat_gateway_hub = var.enable_nat_gateway_hub @@ -169,6 +174,7 @@ module "tagging" { cost_center_tagging = var.cost_center_tagging geo_location_tagging = var.geo_location_tagging home_compartment_id = var.home_compartment_id + is_baseline_deploy = var.is_baseline_deploy providers = { oci = oci @@ -184,6 +190,7 @@ module "monitoring" { environment_prefix = var.environment_prefix resource_label = var.resource_label home_compartment_id = var.home_compartment_id + is_baseline_deploy = var.is_baseline_deploy environment_compartment_id = module.compartment.compartments.environment.id security_compartment_id = module.compartment.compartments.security.id diff --git a/templates/elz-environment/network-extension.tf b/templates/elz-environment/network-extension.tf index b4e30cc2..e5524696 100644 --- a/templates/elz-environment/network-extension.tf +++ b/templates/elz-environment/network-extension.tf @@ -40,6 +40,7 @@ module "network-extension" { drg_route_table_rpc_id = var.enable_vpn_or_fastconnect == "FASTCONNECT" && var.enable_fastconnect_on_environment ? module.network.drg_route_tables.RT-RPC.id : null drg_route_table_vc_id = var.enable_vpn_or_fastconnect == "FASTCONNECT" && var.enable_fastconnect_on_environment ? module.network.drg_route_tables.RT-Onprem.id : null home_compartment_id = var.home_compartment_id + is_baseline_deploy = var.is_baseline_deploy providers = { oci = oci diff --git a/templates/elz-environment/variables.tf b/templates/elz-environment/variables.tf index fe32e6ba..8c9ea12f 100644 --- a/templates/elz-environment/variables.tf +++ b/templates/elz-environment/variables.tf @@ -25,6 +25,11 @@ variable "workload_compartment_names" { default = [] description = "The names of the workload compartments to update policies for the Admin Groups" } +variable "is_baseline_deploy" { + type = bool + description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." +} + # ----------------------------------------------------------------------------- # Compartment Variables # ----------------------------------------------------------------------------- diff --git a/templates/elz-exadata-workload/tagging.tf b/templates/elz-exadata-workload/tagging.tf index da851bba..a2fcbc6f 100644 --- a/templates/elz-exadata-workload/tagging.tf +++ b/templates/elz-exadata-workload/tagging.tf @@ -30,6 +30,7 @@ resource "random_id" "tag" { } module "architecture_tag" { + count = var.is_baseline_deploy ? 0 : 1 source = "../../modules/tag" compartment_id = var.tenancy_ocid tag_namespace_description = local.architecture_tag.tag_namespace_description diff --git a/templates/elz-exadata-workload/variables.tf b/templates/elz-exadata-workload/variables.tf index 93107a32..0c6a1b29 100644 --- a/templates/elz-exadata-workload/variables.tf +++ b/templates/elz-exadata-workload/variables.tf @@ -33,6 +33,10 @@ variable "enable_fan_events" { description = "Security List to be enabled for ONS FAN events" default = true } +variable "is_baseline_deploy" { + type = bool + description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." +} # ----------------------------------------------------------------------------- # IAM Variables diff --git a/templates/elz-hub/tagging.tf b/templates/elz-hub/tagging.tf index 5aedaafe..982ab460 100644 --- a/templates/elz-hub/tagging.tf +++ b/templates/elz-hub/tagging.tf @@ -30,6 +30,7 @@ resource "random_id" "tag" { } module "architecture_tag" { + count = var.is_baseline_deploy ? 0 : 1 source = "../../modules/tag" compartment_id = var.tenancy_ocid tag_namespace_description = local.architecture_tag.tag_namespace_description diff --git a/templates/elz-hub/variables.tf b/templates/elz-hub/variables.tf index 88f47579..105bc6e6 100644 --- a/templates/elz-hub/variables.tf +++ b/templates/elz-hub/variables.tf @@ -20,6 +20,11 @@ variable "home_compartment_id" { type = string description = "Home Compartment ID" } +variable "is_baseline_deploy" { + type = bool + description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." +} + # ----------------------------------------------------------------------------- # Network Variables # ----------------------------------------------------------------------------- diff --git a/templates/elz-identity/tagging.tf b/templates/elz-identity/tagging.tf index 5aedaafe..982ab460 100644 --- a/templates/elz-identity/tagging.tf +++ b/templates/elz-identity/tagging.tf @@ -30,6 +30,7 @@ resource "random_id" "tag" { } module "architecture_tag" { + count = var.is_baseline_deploy ? 0 : 1 source = "../../modules/tag" compartment_id = var.tenancy_ocid tag_namespace_description = local.architecture_tag.tag_namespace_description diff --git a/templates/elz-identity/variables.tf b/templates/elz-identity/variables.tf index d6072856..9638125c 100644 --- a/templates/elz-identity/variables.tf +++ b/templates/elz-identity/variables.tf @@ -20,6 +20,10 @@ variable "home_compartment_id" { type = string description = "Home Compartment ID" } +variable "is_baseline_deploy" { + type = bool + description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." +} # ----------------------------------------------------------------------------- # Domain Variables # ----------------------------------------------------------------------------- diff --git a/templates/elz-logging/tagging.tf b/templates/elz-logging/tagging.tf index 5aedaafe..982ab460 100644 --- a/templates/elz-logging/tagging.tf +++ b/templates/elz-logging/tagging.tf @@ -30,6 +30,7 @@ resource "random_id" "tag" { } module "architecture_tag" { + count = var.is_baseline_deploy ? 0 : 1 source = "../../modules/tag" compartment_id = var.tenancy_ocid tag_namespace_description = local.architecture_tag.tag_namespace_description diff --git a/templates/elz-logging/variables.tf b/templates/elz-logging/variables.tf index eb5aba93..b4708ecd 100644 --- a/templates/elz-logging/variables.tf +++ b/templates/elz-logging/variables.tf @@ -60,4 +60,8 @@ variable "subnets_map" { variable "is_service_connector_limit" { type = bool description = "Restrict Number of Service Connector Deployment" +} +variable "is_baseline_deploy" { + type = bool + description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." } \ No newline at end of file diff --git a/templates/elz-monitoring/tagging.tf b/templates/elz-monitoring/tagging.tf index 5aedaafe..982ab460 100644 --- a/templates/elz-monitoring/tagging.tf +++ b/templates/elz-monitoring/tagging.tf @@ -30,6 +30,7 @@ resource "random_id" "tag" { } module "architecture_tag" { + count = var.is_baseline_deploy ? 0 : 1 source = "../../modules/tag" compartment_id = var.tenancy_ocid tag_namespace_description = local.architecture_tag.tag_namespace_description diff --git a/templates/elz-monitoring/variables.tf b/templates/elz-monitoring/variables.tf index aa7a8266..dd292a89 100644 --- a/templates/elz-monitoring/variables.tf +++ b/templates/elz-monitoring/variables.tf @@ -24,6 +24,10 @@ variable "home_compartment_id" { type = string description = "Home Compartment ID" } +variable "is_baseline_deploy" { + type = bool + description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." +} # ----------------------------------------------------------------------------- # Common Variables # ----------------------------------------------------------------------------- diff --git a/templates/elz-network-extension/tagging.tf b/templates/elz-network-extension/tagging.tf index 5aedaafe..982ab460 100644 --- a/templates/elz-network-extension/tagging.tf +++ b/templates/elz-network-extension/tagging.tf @@ -30,6 +30,7 @@ resource "random_id" "tag" { } module "architecture_tag" { + count = var.is_baseline_deploy ? 0 : 1 source = "../../modules/tag" compartment_id = var.tenancy_ocid tag_namespace_description = local.architecture_tag.tag_namespace_description diff --git a/templates/elz-network-extension/variables.tf b/templates/elz-network-extension/variables.tf index e7ed6dfe..bdc49181 100644 --- a/templates/elz-network-extension/variables.tf +++ b/templates/elz-network-extension/variables.tf @@ -165,3 +165,7 @@ variable "drg_route_table_rpc_id" { variable "drg_route_table_vc_id" { type = string } +variable "is_baseline_deploy" { + type = bool + description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." +} diff --git a/templates/elz-network/main.tf b/templates/elz-network/main.tf index 3568fe74..0b66e01e 100644 --- a/templates/elz-network/main.tf +++ b/templates/elz-network/main.tf @@ -28,6 +28,7 @@ module "hub" { customer_onprem_ip_cidr = var.customer_onprem_ip_cidr additional_workload_subnets_cidr_blocks = var.additional_workload_subnets_cidr_blocks home_compartment_id = var.home_compartment_id + is_baseline_deploy = var.is_baseline_deploy providers = { oci = oci @@ -87,6 +88,7 @@ module "spoke" { customer_onprem_ip_cidr = var.customer_onprem_ip_cidr ipsec_connection_static_routes = var.ipsec_connection_static_routes home_compartment_id = var.home_compartment_id + is_baseline_deploy = var.is_baseline_deploy providers = { oci = oci diff --git a/templates/elz-network/tagging.tf b/templates/elz-network/tagging.tf index 5aedaafe..982ab460 100644 --- a/templates/elz-network/tagging.tf +++ b/templates/elz-network/tagging.tf @@ -30,6 +30,7 @@ resource "random_id" "tag" { } module "architecture_tag" { + count = var.is_baseline_deploy ? 0 : 1 source = "../../modules/tag" compartment_id = var.tenancy_ocid tag_namespace_description = local.architecture_tag.tag_namespace_description diff --git a/templates/elz-network/variables.tf b/templates/elz-network/variables.tf index 00afab5e..2090546b 100644 --- a/templates/elz-network/variables.tf +++ b/templates/elz-network/variables.tf @@ -20,7 +20,10 @@ variable "home_compartment_id" { type = string description = "Home Compartment ID" } - +variable "is_baseline_deploy" { + type = bool + description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." +} # ----------------------------------------------------------------------------- # Network Variables # ----------------------------------------------------------------------------- diff --git a/templates/elz-security/tagging.tf b/templates/elz-security/tagging.tf index 5aedaafe..982ab460 100644 --- a/templates/elz-security/tagging.tf +++ b/templates/elz-security/tagging.tf @@ -30,6 +30,7 @@ resource "random_id" "tag" { } module "architecture_tag" { + count = var.is_baseline_deploy ? 0 : 1 source = "../../modules/tag" compartment_id = var.tenancy_ocid tag_namespace_description = local.architecture_tag.tag_namespace_description diff --git a/templates/elz-security/variables.tf b/templates/elz-security/variables.tf index d5138f49..1718f1a4 100644 --- a/templates/elz-security/variables.tf +++ b/templates/elz-security/variables.tf @@ -83,4 +83,8 @@ variable "enable_replication" { variable "create_master_encryption_key" { type = bool description = "Option create master encryption key" +} +variable "is_baseline_deploy" { + type = bool + description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." } \ No newline at end of file diff --git a/templates/elz-spoke/tagging.tf b/templates/elz-spoke/tagging.tf index 5aedaafe..982ab460 100644 --- a/templates/elz-spoke/tagging.tf +++ b/templates/elz-spoke/tagging.tf @@ -30,6 +30,7 @@ resource "random_id" "tag" { } module "architecture_tag" { + count = var.is_baseline_deploy ? 0 : 1 source = "../../modules/tag" compartment_id = var.tenancy_ocid tag_namespace_description = local.architecture_tag.tag_namespace_description diff --git a/templates/elz-spoke/variables.tf b/templates/elz-spoke/variables.tf index 886b81bb..f27f6d46 100644 --- a/templates/elz-spoke/variables.tf +++ b/templates/elz-spoke/variables.tf @@ -118,6 +118,10 @@ variable "security_list_display_name" { type = string description = "Workload Expansion Spoke Security List Name Disly Name." } +variable "is_baseline_deploy" { + type = bool + description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." +} variable "enable_vpn_or_fastconnect" {} variable "enable_vpn_on_environment" {} variable "ipsec_connection_static_routes" {} diff --git a/templates/elz-tagging/tagging.tf b/templates/elz-tagging/tagging.tf index 5aedaafe..982ab460 100644 --- a/templates/elz-tagging/tagging.tf +++ b/templates/elz-tagging/tagging.tf @@ -30,6 +30,7 @@ resource "random_id" "tag" { } module "architecture_tag" { + count = var.is_baseline_deploy ? 0 : 1 source = "../../modules/tag" compartment_id = var.tenancy_ocid tag_namespace_description = local.architecture_tag.tag_namespace_description diff --git a/templates/elz-tagging/variables.tf b/templates/elz-tagging/variables.tf index 56813b6a..b3e66d9e 100644 --- a/templates/elz-tagging/variables.tf +++ b/templates/elz-tagging/variables.tf @@ -38,4 +38,8 @@ variable "region" { variable "home_compartment_id" { type = string description = "Home Compartment ID" +} +variable "is_baseline_deploy" { + type = bool + description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." } \ No newline at end of file diff --git a/templates/elz-workload/CONFIGURATION.md b/templates/elz-workload/CONFIGURATION.md index 66122079..bff92581 100644 --- a/templates/elz-workload/CONFIGURATION.md +++ b/templates/elz-workload/CONFIGURATION.md @@ -1,4 +1,4 @@ -## Oracle Enterprise Landing Zone Workload Extension Configuration Guide +## Oracle Enterprise Landing Zone Workload Expansion Configuration Guide This configuration guide will detail the required and available configurations needed to deploy an Oracle Enterprise Landing Zone(OELZ) 2.0 Workload Expansion on Oracle Cloud Infrastructure. @@ -84,7 +84,7 @@ The required arguments for OELZ Workload Network: | [hub\_public\_subnet\_cidr\_block](#hub\_public\_subnet\_cidr\_block) | Provide Hub Public Subnet IPv4 CIDR Block. | `string` | `""(Valid IPv4 CIDR Block)` | yes | | [hub\_private\_subnet\_cidr\_block](#hub\_private\_subnet\_cidr\_block) | Provide Hub Private Subnet IPv4 CIDR Block. | `string` | `""(Valid IPv4 CIDR Block)` | yes | -## IAM +## IAM The required arguments Workload Expansion IAM: @@ -94,7 +94,7 @@ The required arguments Workload Expansion IAM: | [application\_admin\_group\_name](#application\_admin\_group\_name) | Provide Workload Application Admin Group Name. | `string` | `"OCI-ELZ-UGP-[workload_prefix]-APP-ADMIN"` | yes | | [database\_admin\_group\_name](#database\_admin\_group\_name) | Provide Workload DB Admin Group Name. | `string` | `"OCI-ELZ-UGP-[workload_prefix]-DB-ADMIN"` | yes | -## Policy +## Policy The required arguments Workload Expansion Policy: @@ -105,7 +105,7 @@ The required arguments Workload Expansion Policy: | [identity\_domain\_name](#security\_compartment\_name) | Identity Domain Name. | `string` | `""` | yes | | [identity\_domain\_ocid](#security\_compartment\_ocid) | Identity Domain OCID. | `string` | `""` | yes | -## Monitoring +## Monitoring These are the configuration options for Workload Monitoring: diff --git a/templates/elz-workload/IMPLEMENTATION.md b/templates/elz-workload/IMPLEMENTATION.md index 9d3a68ea..4e9f515f 100644 --- a/templates/elz-workload/IMPLEMENTATION.md +++ b/templates/elz-workload/IMPLEMENTATION.md @@ -1,4 +1,4 @@ -# Oracle Enterprise Landing Zone Workload Extension +# Oracle Enterprise Landing Zone Workload Expansion ## Prerequisites @@ -143,7 +143,7 @@ OELZ Workload Expansion Stack will deploy one Spoke VCN on user defined Compartm Logging for the Oracle Enterprise Landing Zone is configured at the Environment level, with logs for all Workloads within a given Environment being sent to object storage buckets set up per-environment, as well as an archive bucket for all Environments, with a long term retention policy. No logging configuration per Workload is necessary. -### Workload Expansion : Policy +### Workload Expansion : Policy As part of Workload Expansion three user groups will be created Workload Admin, Application Admin and Database Admin. We are adding default policy so that newly created user groups have fine-grained access to workload resources. diff --git a/templates/elz-workload/network.tf b/templates/elz-workload/network.tf index c5308293..acd7aab2 100644 --- a/templates/elz-workload/network.tf +++ b/templates/elz-workload/network.tf @@ -7,6 +7,8 @@ module "workload_expansion_spoke" { environment_prefix = var.environment_prefix tenancy_ocid = var.tenancy_ocid region = var.region + is_baseline_deploy = var.workload_expansion_flag + #Spoke VCN Variables workload_spoke_vcn_cidr = var.workload_spoke_vcn_cidr vcn_dns_label = var.vcn_dns_label diff --git a/templates/elz-workload/tagging.tf b/templates/elz-workload/tagging.tf index f2282b65..ad49970f 100644 --- a/templates/elz-workload/tagging.tf +++ b/templates/elz-workload/tagging.tf @@ -30,6 +30,7 @@ resource "random_id" "tag" { } module "architecture_tag" { + count = var.workload_expansion_flag ? 1 : 0 source = "../../modules/tag" compartment_id = var.tenancy_ocid tag_namespace_description = local.architecture_tag.tag_namespace_description diff --git a/templates/enterprise-landing-zone/environment.tf b/templates/enterprise-landing-zone/environment.tf index b345f589..5f2e3ec6 100644 --- a/templates/enterprise-landing-zone/environment.tf +++ b/templates/enterprise-landing-zone/environment.tf @@ -27,6 +27,7 @@ module "prod_environment" { ops_admin_group_name = var.prod_ops_admin_group_name security_admin_group_name = var.prod_security_admin_group_name workload_compartment_names = var.prod_workload_compartment_names + is_baseline_deploy = var.is_baseline_deploy workload_admin_group_name = var.prod_workload_admin_group_name application_admin_group_name = var.prod_application_admin_group_name @@ -164,7 +165,8 @@ module "nonprod_environment" { ops_admin_group_name = var.nonprod_ops_admin_group_name security_admin_group_name = var.nonprod_security_admin_group_name workload_compartment_names = var.nonprod_workload_compartment_names - + is_baseline_deploy = var.is_baseline_deploy + workload_admin_group_name = var.nonprod_workload_admin_group_name application_admin_group_name = var.nonprod_application_admin_group_name database_admin_group_name = var.nonprod_database_admin_group_name diff --git a/templates/enterprise-landing-zone/integration.tfvars b/templates/enterprise-landing-zone/integration.tfvars index 346e3016..ec330435 100644 --- a/templates/enterprise-landing-zone/integration.tfvars +++ b/templates/enterprise-landing-zone/integration.tfvars @@ -1,7 +1,9 @@ #tfvars file for the ci pipline + # iam resource_label = "INTEGRATION" enable_compartment_delete = false +is_baseline_deploy = true # security enable_cloud_guard = true @@ -75,4 +77,4 @@ onboard_log_analytics = false # Workload Expansion # prod_additional_workload_subnets_cidr_blocks = [] -# nonprod_additional_workload_subnets_cidr_blocks = [] \ No newline at end of file +# nonprod_additional_workload_subnets_cidr_blocks = [] diff --git a/templates/enterprise-landing-zone/tagging.tf b/templates/enterprise-landing-zone/tagging.tf index 0a1eff91..4fd3ddf5 100644 --- a/templates/enterprise-landing-zone/tagging.tf +++ b/templates/enterprise-landing-zone/tagging.tf @@ -30,6 +30,7 @@ resource "random_id" "tag" { } module "architecture_tag" { + count = var.is_baseline_deploy ? 1 : 0 source = "../../modules/tag" compartment_id = var.tenancy_ocid tag_namespace_description = local.architecture_tag.tag_namespace_description diff --git a/templates/enterprise-landing-zone/variables.tf b/templates/enterprise-landing-zone/variables.tf index 5ad82211..e0e2edbd 100644 --- a/templates/enterprise-landing-zone/variables.tf +++ b/templates/enterprise-landing-zone/variables.tf @@ -17,6 +17,12 @@ variable "resource_label" { description = "A prefix used to avoid naming conflicts if multiple Landing Zones are deployed." } +variable "is_baseline_deploy" { + type = bool + default = false + description = "TagNameSpace Optimization: Set to True(if the deployment is baseline) and on dependent module TagNameSpace Tag will not get Created." +} + # ----------------------------------------------------------------------------- # Compartment Variables # ----------------------------------------------------------------------------- diff --git a/templates/freetrial-landing-zone/environment.tf b/templates/freetrial-landing-zone/environment.tf index 61106682..58992565 100644 --- a/templates/freetrial-landing-zone/environment.tf +++ b/templates/freetrial-landing-zone/environment.tf @@ -15,6 +15,7 @@ module "prod_environment" { tenancy_ocid = var.tenancy_ocid region = var.region resource_label = var.resource_label + is_baseline_deploy = var.is_freetrial_deploy home_compartment_id = module.home_compartment.compartment_id environment_prefix = local.prod_environment.environment_prefix diff --git a/templates/freetrial-landing-zone/livelab.tfvars b/templates/freetrial-landing-zone/livelab.tfvars index 4d8ba62d..f4c2f994 100644 --- a/templates/freetrial-landing-zone/livelab.tfvars +++ b/templates/freetrial-landing-zone/livelab.tfvars @@ -12,6 +12,7 @@ resource_label = "LIVELAB" enable_compartment_delete = false prod_domain_admin_email = "" +is_freetrial_deploy = true # security enable_cloud_guard = false cloud_guard_target_tenancy = false diff --git a/templates/freetrial-landing-zone/tagging.tf b/templates/freetrial-landing-zone/tagging.tf index ac2456be..d2928dee 100644 --- a/templates/freetrial-landing-zone/tagging.tf +++ b/templates/freetrial-landing-zone/tagging.tf @@ -30,6 +30,7 @@ resource "random_id" "tag" { } module "architecture_tag" { + count = var.is_freetrial_deploy ? 1 : 0 source = "../../modules/tag" compartment_id = var.tenancy_ocid tag_namespace_description = local.architecture_tag.tag_namespace_description diff --git a/templates/freetrial-landing-zone/variables.tf b/templates/freetrial-landing-zone/variables.tf index a0e10b5d..77b6a498 100644 --- a/templates/freetrial-landing-zone/variables.tf +++ b/templates/freetrial-landing-zone/variables.tf @@ -21,7 +21,10 @@ variable "home_compartment_id" { type = string description = "Home Compartment ID" } - +variable "is_freetrial_deploy" { + type = bool + description = "true if you want to deploying the baseline template" +} # ----------------------------------------------------------------------------- # Compartment Variables # ----------------------------------------------------------------------------- From 15089a616d58db21f1f4b99126f182e96154493a Mon Sep 17 00:00:00 2001 From: vinaykumar-oci Date: Thu, 6 Jul 2023 14:10:05 -0700 Subject: [PATCH 2/7] TagNameSpace Optimization and Bucket Rotation Issue Fix v1 TagNameSpace Optimization and Bucket Rotation Issue Fix. --- templates/elz-budget/README.md | 2 + templates/elz-budget/variables.tf | 2 +- templates/elz-compartment/README.md | 1 + templates/elz-compartment/variables.tf | 2 +- templates/elz-environment/README.md | 1 + templates/elz-environment/tagging.tf | 1 + templates/elz-environment/variables.tf | 2 +- templates/elz-environment/workload.tf | 16 +++---- templates/elz-exadata-workload/README.md | 7 +-- templates/elz-exadata-workload/variables.tf | 2 +- templates/elz-hub/README.md | 2 + templates/elz-hub/variables.tf | 2 +- templates/elz-identity/README.md | 2 + templates/elz-identity/variables.tf | 2 +- templates/elz-logging/README.md | 1 + templates/elz-logging/variables.tf | 2 +- templates/elz-monitoring/README.md | 2 + templates/elz-monitoring/variables.tf | 2 +- templates/elz-network-extension/README.md | 2 + templates/elz-network-extension/variables.tf | 2 +- templates/elz-network/README.md | 2 + templates/elz-network/variables.tf | 2 +- templates/elz-security/README.md | 1 + templates/elz-security/variables.tf | 2 +- templates/elz-spoke/README.md | 2 + templates/elz-spoke/variables.tf | 2 +- templates/elz-tagging/README.md | 2 + templates/elz-tagging/variables.tf | 2 +- templates/elz-workload/README.md | 48 ++++++++++--------- .../enterprise-landing-zone/variables.tf | 2 +- 30 files changed, 72 insertions(+), 48 deletions(-) diff --git a/templates/elz-budget/README.md b/templates/elz-budget/README.md index 545e84a7..cd913664 100644 --- a/templates/elz-budget/README.md +++ b/templates/elz-budget/README.md @@ -40,6 +40,8 @@ | [budget\_display\_name](#input\_budget\_display\_name) | n/a | `string` | n/a | yes | | [budget\_target](#input\_budget\_target) | The compartment ocid for the budget | `string` | n/a | yes | | [environment\_prefix](#input\_environment\_prefix) | the 1 character string representing the environment eg. P (prod), N (non-prod), D, T, U | `string` | n/a | yes | +| [home\_compartment\_id](#input\_home\_compartment\_id) | Home Compartment ID | `string` | n/a | yes | +| [is\_baseline\_deploy](#input\_is\_baseline\_deploy) | TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation. | `bool` | n/a | yes | | [region](#input\_region) | The OCI region | `string` | n/a | yes | | [tenancy\_ocid](#input\_tenancy\_ocid) | The OCID of tenancy | `string` | n/a | yes | diff --git a/templates/elz-budget/variables.tf b/templates/elz-budget/variables.tf index b1f08f4e..efa8bb9e 100644 --- a/templates/elz-budget/variables.tf +++ b/templates/elz-budget/variables.tf @@ -22,7 +22,7 @@ variable "home_compartment_id" { } variable "is_baseline_deploy" { type = bool - description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." + description = "TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation." } # ----------------------------------------------------------------------------- # diff --git a/templates/elz-compartment/README.md b/templates/elz-compartment/README.md index 343b7642..73dd7830 100644 --- a/templates/elz-compartment/README.md +++ b/templates/elz-compartment/README.md @@ -44,6 +44,7 @@ | [environment\_compartment\_name](#input\_environment\_compartment\_name) | The name of the compartment that acts as the main compartment for the environment. Resources related to this environment will be created under this compartment. | `string` | `""` | no | | [environment\_prefix](#input\_environment\_prefix) | the 1 character string representing the environment eg. P (prod), N (non-prod), D, T, U | `string` | n/a | yes | | [home\_compartment\_id](#input\_home\_compartment\_id) | the OCID of the compartment where the environment will be created. In general, this should be the Landing zone parent compartment. | `string` | n/a | yes | +| [is\_baseline\_deploy](#input\_is\_baseline\_deploy) | TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation. | `bool` | n/a | yes | | [region](#input\_region) | The OCI region | `string` | n/a | yes | | [tenancy\_ocid](#input\_tenancy\_ocid) | The OCID of tenancy | `string` | n/a | yes | diff --git a/templates/elz-compartment/variables.tf b/templates/elz-compartment/variables.tf index 950a338a..2cfa1248 100644 --- a/templates/elz-compartment/variables.tf +++ b/templates/elz-compartment/variables.tf @@ -17,7 +17,7 @@ variable "environment_prefix" { } variable "is_baseline_deploy" { type = bool - description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." + description = "TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation." } # ----------------------------------------------------------------------------- # Compartment Variables diff --git a/templates/elz-environment/README.md b/templates/elz-environment/README.md index c66bcfe3..0dc13bc9 100644 --- a/templates/elz-environment/README.md +++ b/templates/elz-environment/README.md @@ -94,6 +94,7 @@ | [igw\_hub\_check](#input\_igw\_hub\_check) | n/a | `list(string)` | n/a | yes | | [ipsec\_connection\_static\_routes](#input\_ipsec\_connection\_static\_routes) | n/a | `list(string)` | n/a | yes | | [ipsec\_display\_name](#input\_ipsec\_display\_name) | n/a | `string` | n/a | yes | +| [is\_baseline\_deploy](#input\_is\_baseline\_deploy) | TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation. | `bool` | n/a | yes | | [is\_create\_alarms](#input\_is\_create\_alarms) | Enable Alarms Creation in all Compartment | `bool` | n/a | yes | | [is\_service\_connector\_limit](#input\_is\_service\_connector\_limit) | Restrict Number of Service Connector Deployment | `bool` | n/a | yes | | [nat\_gw\_hub\_check](#input\_nat\_gw\_hub\_check) | n/a | `list(string)` | n/a | yes | diff --git a/templates/elz-environment/tagging.tf b/templates/elz-environment/tagging.tf index 5aedaafe..982ab460 100644 --- a/templates/elz-environment/tagging.tf +++ b/templates/elz-environment/tagging.tf @@ -30,6 +30,7 @@ resource "random_id" "tag" { } module "architecture_tag" { + count = var.is_baseline_deploy ? 0 : 1 source = "../../modules/tag" compartment_id = var.tenancy_ocid tag_namespace_description = local.architecture_tag.tag_namespace_description diff --git a/templates/elz-environment/variables.tf b/templates/elz-environment/variables.tf index 8c9ea12f..bc7ecc7f 100644 --- a/templates/elz-environment/variables.tf +++ b/templates/elz-environment/variables.tf @@ -27,7 +27,7 @@ variable "workload_compartment_names" { } variable "is_baseline_deploy" { type = bool - description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." + description = "TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation." } # ----------------------------------------------------------------------------- diff --git a/templates/elz-environment/workload.tf b/templates/elz-environment/workload.tf index f7f1a876..647b11e0 100644 --- a/templates/elz-environment/workload.tf +++ b/templates/elz-environment/workload.tf @@ -11,15 +11,15 @@ locals { module "workload" { source = "../elz-workload" - tenancy_ocid = var.tenancy_ocid - region = var.region - environment_prefix = var.environment_prefix + tenancy_ocid = var.tenancy_ocid + region = var.region + environment_prefix = var.environment_prefix - workload_name = local.workload.workload_name - enable_compartment_delete = local.workload.enable_compartment_delete - environment_compartment_id = module.compartment.compartments.environment.id - security_compartment_id = module.compartment.compartments.security.id - network_compartment_id = module.compartment.compartments.network.id + workload_name = local.workload.workload_name + enable_compartment_delete = local.workload.enable_compartment_delete + environment_compartment_id = module.compartment.compartments.environment.id + security_compartment_id = module.compartment.compartments.security.id + network_compartment_id = module.compartment.compartments.network.id security_compartment_name = module.compartment.compartments.security.name identity_domain_id = module.identity.domain.id diff --git a/templates/elz-exadata-workload/README.md b/templates/elz-exadata-workload/README.md index defab617..4ba31b9b 100644 --- a/templates/elz-exadata-workload/README.md +++ b/templates/elz-exadata-workload/README.md @@ -4,13 +4,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0.0 | -| [oci](#requirement\_oci) | 4.122.0 | +| [oci](#requirement\_oci) | 5.1.0 | ## Providers | Name | Version | |------|---------| -| [oci](#provider\_oci) | 4.122.0 | +| [oci](#provider\_oci) | 5.1.0 | | [random](#provider\_random) | n/a | ## Modules @@ -35,7 +35,7 @@ | Name | Type | |------|------| | [random_id.tag](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource | -| [oci_identity_region_subscriptions.regions](https://registry.terraform.io/providers/oracle/oci/4.122.0/docs/data-sources/identity_region_subscriptions) | data source | +| [oci_identity_region_subscriptions.regions](https://registry.terraform.io/providers/oracle/oci/5.1.0/docs/data-sources/identity_region_subscriptions) | data source | ## Inputs @@ -73,6 +73,7 @@ | [identity\_domain\_id](#input\_identity\_domain\_id) | the ocid of identity domain | `string` | `"ocid1.domain."` | no | | [identity\_domain\_name](#input\_identity\_domain\_name) | identity domain name | `string` | `""` | no | | [ipsec\_connection\_static\_routes](#input\_ipsec\_connection\_static\_routes) | n/a | `list(string)` | 
[
  ""
]
| no | +| [is\_baseline\_deploy](#input\_is\_baseline\_deploy) | TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation. | `bool` | n/a | yes | | [is\_create\_alarms](#input\_is\_create\_alarms) | Enable Alarms Creation in all Compartment | `bool` | `true` | no | | [nat\_gateway\_display\_name](#input\_nat\_gateway\_display\_name) | (Updatable) Name of NAT Gateway. Does not have to be unique. | `string` | `"ngw"` | no | | [nat\_gw\_spoke\_check](#input\_nat\_gw\_spoke\_check) | n/a | `list(string)` | 
[
  ""
]
| no | diff --git a/templates/elz-exadata-workload/variables.tf b/templates/elz-exadata-workload/variables.tf index 0c6a1b29..d54f28ac 100644 --- a/templates/elz-exadata-workload/variables.tf +++ b/templates/elz-exadata-workload/variables.tf @@ -35,7 +35,7 @@ variable "enable_fan_events" { } variable "is_baseline_deploy" { type = bool - description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." + description = "TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation." } # ----------------------------------------------------------------------------- diff --git a/templates/elz-hub/README.md b/templates/elz-hub/README.md index d15714b6..81737cd3 100644 --- a/templates/elz-hub/README.md +++ b/templates/elz-hub/README.md @@ -53,8 +53,10 @@ | [enable\_vpn\_on\_environment](#input\_enable\_vpn\_on\_environment) | n/a | `bool` | n/a | yes | | [enable\_vpn\_or\_fastconnect](#input\_enable\_vpn\_or\_fastconnect) | Option to enable VPN or FASTCONNECT service. Options are NONE, VPN, FASTCONNECT. | `string` | n/a | yes | | [environment\_prefix](#input\_environment\_prefix) | the 1 character string representing the environment eg. P (prod), N (non-prod), D, T, U | `string` | n/a | yes | +| [home\_compartment\_id](#input\_home\_compartment\_id) | Home Compartment ID | `string` | n/a | yes | | [igw\_hub\_check](#input\_igw\_hub\_check) | n/a | `list(string)` | n/a | yes | | [ipsec\_connection\_static\_routes](#input\_ipsec\_connection\_static\_routes) | ----------------------------------------------------------------------------- Network Extension Variables ----------------------------------------------------------------------------- | `list(string)` | n/a | yes | +| [is\_baseline\_deploy](#input\_is\_baseline\_deploy) | TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation. | `bool` | n/a | yes | | [nat\_gw\_hub\_check](#input\_nat\_gw\_hub\_check) | n/a | `list(string)` | n/a | yes | | [network\_compartment\_id](#input\_network\_compartment\_id) | Network Compartment OCID | `string` | n/a | yes | | [private\_spoke\_subnet\_app\_cidr\_block](#input\_private\_spoke\_subnet\_app\_cidr\_block) | Spoke: Private Subnet App CIDR Block-1. | `string` | n/a | yes | diff --git a/templates/elz-hub/variables.tf b/templates/elz-hub/variables.tf index 105bc6e6..d4fa823e 100644 --- a/templates/elz-hub/variables.tf +++ b/templates/elz-hub/variables.tf @@ -22,7 +22,7 @@ variable "home_compartment_id" { } variable "is_baseline_deploy" { type = bool - description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." + description = "TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation." } # ----------------------------------------------------------------------------- diff --git a/templates/elz-identity/README.md b/templates/elz-identity/README.md index acf5cfb5..345f7070 100644 --- a/templates/elz-identity/README.md +++ b/templates/elz-identity/README.md @@ -51,7 +51,9 @@ | [environment\_compartment\_id](#input\_environment\_compartment\_id) | n/a | `string` | n/a | yes | | [environment\_compartment\_name](#input\_environment\_compartment\_name) | ----------------------------------------------------------------------------- Policy Variables ----------------------------------------------------------------------------- | `string` | n/a | yes | | [environment\_prefix](#input\_environment\_prefix) | the 1 character string representing the environment eg. P (prod), N (non-prod), D, T, U | `string` | n/a | yes | +| [home\_compartment\_id](#input\_home\_compartment\_id) | Home Compartment ID | `string` | n/a | yes | | [iam\_admin\_group\_name](#input\_iam\_admin\_group\_name) | The group name for the OCI Landing Zone IAM Administrators Group | `string` | `""` | no | +| [is\_baseline\_deploy](#input\_is\_baseline\_deploy) | TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation. | `bool` | n/a | yes | | [network\_admin\_group\_name](#input\_network\_admin\_group\_name) | The group name for the OCI Landing Zone Network Administrators Group | `string` | `""` | no | | [network\_compartment\_id](#input\_network\_compartment\_id) | n/a | `string` | n/a | yes | | [network\_compartment\_name](#input\_network\_compartment\_name) | n/a | `string` | n/a | yes | diff --git a/templates/elz-identity/variables.tf b/templates/elz-identity/variables.tf index 9638125c..1e9272bf 100644 --- a/templates/elz-identity/variables.tf +++ b/templates/elz-identity/variables.tf @@ -22,7 +22,7 @@ variable "home_compartment_id" { } variable "is_baseline_deploy" { type = bool - description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." + description = "TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation." } # ----------------------------------------------------------------------------- # Domain Variables diff --git a/templates/elz-logging/README.md b/templates/elz-logging/README.md index 30e2d621..c6f5340d 100644 --- a/templates/elz-logging/README.md +++ b/templates/elz-logging/README.md @@ -49,6 +49,7 @@ | [environment\_prefix](#input\_environment\_prefix) | the 1 character string representing the environment eg. P (prod), N (non-prod), D, T, U | `string` | n/a | yes | | [home\_compartment\_id](#input\_home\_compartment\_id) | The id of the home compartment. | `string` | n/a | yes | | [home\_compartment\_name](#input\_home\_compartment\_name) | The name of the home compartment. | `string` | n/a | yes | +| [is\_baseline\_deploy](#input\_is\_baseline\_deploy) | TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation. | `bool` | n/a | yes | | [is\_service\_connector\_limit](#input\_is\_service\_connector\_limit) | Restrict Number of Service Connector Deployment | `bool` | n/a | yes | | [logging\_compartment\_id](#input\_logging\_compartment\_id) | The ocid of the logging compartment. | `string` | n/a | yes | | [master\_encryption\_key](#input\_master\_encryption\_key) | The ocid of master encryption key | `string` | n/a | yes | diff --git a/templates/elz-logging/variables.tf b/templates/elz-logging/variables.tf index b4708ecd..521c0043 100644 --- a/templates/elz-logging/variables.tf +++ b/templates/elz-logging/variables.tf @@ -63,5 +63,5 @@ variable "is_service_connector_limit" { } variable "is_baseline_deploy" { type = bool - description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." + description = "TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation." } \ No newline at end of file diff --git a/templates/elz-monitoring/README.md b/templates/elz-monitoring/README.md index 268ce276..8495ad1b 100644 --- a/templates/elz-monitoring/README.md +++ b/templates/elz-monitoring/README.md @@ -52,7 +52,9 @@ | [enable\_workload\_monitoring\_alarms](#input\_enable\_workload\_monitoring\_alarms) | Enable Workload Monitoring Alarms in Workload Compartment | `bool` | n/a | yes | | [environment\_compartment\_id](#input\_environment\_compartment\_id) | ----------------------------------------------------------------------------- Common Variables ----------------------------------------------------------------------------- | `string` | n/a | yes | | [environment\_prefix](#input\_environment\_prefix) | the 1 character string representing the environment eg. P (prod), N (non-prod), D, T, U | `string` | n/a | yes | +| [home\_compartment\_id](#input\_home\_compartment\_id) | Home Compartment ID | `string` | n/a | yes | | [identity\_topic\_endpoints](#input\_identity\_topic\_endpoints) | List of email addresses for Identity notifications. | `list(string)` | `[]` | no | +| [is\_baseline\_deploy](#input\_is\_baseline\_deploy) | TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation. | `bool` | n/a | yes | | [is\_create\_alarms](#input\_is\_create\_alarms) | Enable Alarms Creation in all Compartment | `bool` | n/a | yes | | [network\_compartment\_id](#input\_network\_compartment\_id) | n/a | `string` | n/a | yes | | [network\_topic\_endpoints](#input\_network\_topic\_endpoints) | List of email addresses for Network Warning and Critical notifications. | `list(string)` | `[]` | no | diff --git a/templates/elz-monitoring/variables.tf b/templates/elz-monitoring/variables.tf index dd292a89..d5724173 100644 --- a/templates/elz-monitoring/variables.tf +++ b/templates/elz-monitoring/variables.tf @@ -26,7 +26,7 @@ variable "home_compartment_id" { } variable "is_baseline_deploy" { type = bool - description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." + description = "TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation." } # ----------------------------------------------------------------------------- # Common Variables diff --git a/templates/elz-network-extension/README.md b/templates/elz-network-extension/README.md index c2178dd1..f58d1d12 100644 --- a/templates/elz-network-extension/README.md +++ b/templates/elz-network-extension/README.md @@ -53,8 +53,10 @@ | [environment\_prefix](#input\_environment\_prefix) | n/a | `string` | n/a | yes | | [fastconnect\_provider](#input\_fastconnect\_provider) | Fastconnect Variables | `string` | n/a | yes | | [fastconnect\_routing\_policy](#input\_fastconnect\_routing\_policy) | n/a | `list(string)` | n/a | yes | +| [home\_compartment\_id](#input\_home\_compartment\_id) | Home Compartment ID | `string` | n/a | yes | | [ipsec\_connection\_static\_routes](#input\_ipsec\_connection\_static\_routes) | n/a | `list(string)` | n/a | yes | | [ipsec\_display\_name](#input\_ipsec\_display\_name) | n/a | `string` | n/a | yes | +| [is\_baseline\_deploy](#input\_is\_baseline\_deploy) | TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation. | `bool` | n/a | yes | | [network\_compartment\_id](#input\_network\_compartment\_id) | n/a | `string` | n/a | yes | | [oracle\_primary\_bgp\_peering\_ip](#input\_oracle\_primary\_bgp\_peering\_ip) | n/a | `string` | n/a | yes | | [oracle\_secondary\_bgp\_peering\_ip](#input\_oracle\_secondary\_bgp\_peering\_ip) | n/a | `string` | n/a | yes | diff --git a/templates/elz-network-extension/variables.tf b/templates/elz-network-extension/variables.tf index bdc49181..e1c8304a 100644 --- a/templates/elz-network-extension/variables.tf +++ b/templates/elz-network-extension/variables.tf @@ -167,5 +167,5 @@ variable "drg_route_table_vc_id" { } variable "is_baseline_deploy" { type = bool - description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." + description = "TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation." } diff --git a/templates/elz-network/README.md b/templates/elz-network/README.md index 3ea109aa..0ddc3106 100644 --- a/templates/elz-network/README.md +++ b/templates/elz-network/README.md @@ -44,8 +44,10 @@ | [enable\_vpn\_on\_environment](#input\_enable\_vpn\_on\_environment) | n/a | `bool` | n/a | yes | | [enable\_vpn\_or\_fastconnect](#input\_enable\_vpn\_or\_fastconnect) | Option to enable VPN or FASTCONNECT service. Options are NONE, VPN, FASTCONNECT. | `string` | n/a | yes | | [environment\_prefix](#input\_environment\_prefix) | the 1 character string representing the environment eg. P (prod), N (non-prod), D, T, U | `string` | n/a | yes | +| [home\_compartment\_id](#input\_home\_compartment\_id) | Home Compartment ID | `string` | n/a | yes | | [igw\_hub\_check](#input\_igw\_hub\_check) | n/a | `list(string)` | n/a | yes | | [ipsec\_connection\_static\_routes](#input\_ipsec\_connection\_static\_routes) | ----------------------------------------------------------------------------- VPN Variables ----------------------------------------------------------------------------- | `list(string)` | n/a | yes | +| [is\_baseline\_deploy](#input\_is\_baseline\_deploy) | TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation. | `bool` | n/a | yes | | [nat\_gw\_hub\_check](#input\_nat\_gw\_hub\_check) | n/a | `list(string)` | n/a | yes | | [nat\_gw\_spoke\_check](#input\_nat\_gw\_spoke\_check) | n/a | `list(string)` | n/a | yes | | [network\_compartment\_id](#input\_network\_compartment\_id) | Network Compartment OCID | `string` | n/a | yes | diff --git a/templates/elz-network/variables.tf b/templates/elz-network/variables.tf index 2090546b..56e0a3db 100644 --- a/templates/elz-network/variables.tf +++ b/templates/elz-network/variables.tf @@ -22,7 +22,7 @@ variable "home_compartment_id" { } variable "is_baseline_deploy" { type = bool - description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." + description = "TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation." } # ----------------------------------------------------------------------------- # Network Variables diff --git a/templates/elz-security/README.md b/templates/elz-security/README.md index 44d2b8e5..56c88ddc 100644 --- a/templates/elz-security/README.md +++ b/templates/elz-security/README.md @@ -47,6 +47,7 @@ | [environment\_prefix](#input\_environment\_prefix) | the 1 character string representing the environment eg. P (prod), N (non-prod), D, T, U | `string` | n/a | yes | | [home\_compartment\_id](#input\_home\_compartment\_id) | the OCID of the compartment where the environment will be created. In general, this should be the Landing zone parent compartment. | `string` | n/a | yes | | [home\_compartment\_name](#input\_home\_compartment\_name) | Landing Zone home compartment name | `string` | n/a | yes | +| [is\_baseline\_deploy](#input\_is\_baseline\_deploy) | TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation. | `bool` | n/a | yes | | [region](#input\_region) | The OCI region | `string` | n/a | yes | | [replica\_region](#input\_replica\_region) | the region to be created replica to. | `string` | n/a | yes | | [resource\_label](#input\_resource\_label) | Prefix used to avoid naming conflict | `string` | n/a | yes | diff --git a/templates/elz-security/variables.tf b/templates/elz-security/variables.tf index 1718f1a4..4cfee237 100644 --- a/templates/elz-security/variables.tf +++ b/templates/elz-security/variables.tf @@ -86,5 +86,5 @@ variable "create_master_encryption_key" { } variable "is_baseline_deploy" { type = bool - description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." + description = "TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation." } \ No newline at end of file diff --git a/templates/elz-spoke/README.md b/templates/elz-spoke/README.md index cb7f13df..b0d7d6c1 100644 --- a/templates/elz-spoke/README.md +++ b/templates/elz-spoke/README.md @@ -45,9 +45,11 @@ | [enable\_vpn\_on\_environment](#input\_enable\_vpn\_on\_environment) | n/a | `any` | n/a | yes | | [enable\_vpn\_or\_fastconnect](#input\_enable\_vpn\_or\_fastconnect) | n/a | `any` | n/a | yes | | [environment\_prefix](#input\_environment\_prefix) | the 1 character string representing the environment eg. P (prod), N (non-prod), D, T, U | `string` | n/a | yes | +| [home\_compartment\_id](#input\_home\_compartment\_id) | Home Compartment ID | `string` | n/a | yes | | [hub\_private\_subnet\_cidr\_block](#input\_hub\_private\_subnet\_cidr\_block) | n/a | `string` | n/a | yes | | [hub\_public\_subnet\_cidr\_block](#input\_hub\_public\_subnet\_cidr\_block) | n/a | `string` | n/a | yes | | [ipsec\_connection\_static\_routes](#input\_ipsec\_connection\_static\_routes) | n/a | `any` | n/a | yes | +| [is\_baseline\_deploy](#input\_is\_baseline\_deploy) | TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation. | `bool` | n/a | yes | | [nat\_gateway\_display\_name](#input\_nat\_gateway\_display\_name) | (Updatable) Name of NAT Gateway. Does not have to be unique. | `string` | n/a | yes | | [nat\_gw\_spoke\_check](#input\_nat\_gw\_spoke\_check) | n/a | `list(string)` | 
[
  ""
]
| no | | [region](#input\_region) | The OCI region | `string` | n/a | yes | diff --git a/templates/elz-spoke/variables.tf b/templates/elz-spoke/variables.tf index f27f6d46..824d299a 100644 --- a/templates/elz-spoke/variables.tf +++ b/templates/elz-spoke/variables.tf @@ -120,7 +120,7 @@ variable "security_list_display_name" { } variable "is_baseline_deploy" { type = bool - description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." + description = "TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation." } variable "enable_vpn_or_fastconnect" {} variable "enable_vpn_on_environment" {} diff --git a/templates/elz-tagging/README.md b/templates/elz-tagging/README.md index 3aa707fd..9ee1dd25 100644 --- a/templates/elz-tagging/README.md +++ b/templates/elz-tagging/README.md @@ -37,6 +37,8 @@ | [environment\_compartment\_name](#input\_environment\_compartment\_name) | The OCID of the compartment. | `string` | n/a | yes | | [environment\_prefix](#input\_environment\_prefix) | the 1 character string representing the environment eg. P (prod), N (non-prod), D, T, U | `string` | n/a | yes | | [geo\_location\_tagging](#input\_geo\_location\_tagging) | Compartment Geo Location Tag. | `string` | n/a | yes | +| [home\_compartment\_id](#input\_home\_compartment\_id) | Home Compartment ID | `string` | n/a | yes | +| [is\_baseline\_deploy](#input\_is\_baseline\_deploy) | TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation. | `bool` | n/a | yes | | [region](#input\_region) | The OCI region | `string` | n/a | yes | | [tenancy\_ocid](#input\_tenancy\_ocid) | Set to true to enable Tagging. | `string` | n/a | yes | diff --git a/templates/elz-tagging/variables.tf b/templates/elz-tagging/variables.tf index b3e66d9e..fdb08b0f 100644 --- a/templates/elz-tagging/variables.tf +++ b/templates/elz-tagging/variables.tf @@ -41,5 +41,5 @@ variable "home_compartment_id" { } variable "is_baseline_deploy" { type = bool - description = "TagNameSpace Optimization: Enable this flag to disble dependent module TagNameSpace Tag Creation." + description = "TagNameSpace Optimization: Enable this flag to disable dependent module TagNameSpace Tag Creation." } \ No newline at end of file diff --git a/templates/elz-workload/README.md b/templates/elz-workload/README.md index a7a7f896..ded480e2 100644 --- a/templates/elz-workload/README.md +++ b/templates/elz-workload/README.md @@ -4,90 +4,91 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0.0 | -| [oci](#requirement\_oci) | 4.96.0 | +| [oci](#requirement\_oci) | 5.1.0 | ## Providers | Name | Version | |------|---------| -| [oci](#provider\_oci) | 4.96.0 | +| [oci](#provider\_oci) | 5.1.0 | +| [random](#provider\_random) | n/a | ## Modules | Name | Source | Version | |------|--------|---------| +| [architecture\_tag](#module\_architecture\_tag) | ../../modules/tag | n/a | | [groups](#module\_groups) | ../../modules/identity-domain-group | n/a | -| [spoke\_workload\_compartment](#module\_spoke\_workload\_compartment) | ../elz-spoke | n/a | | [workload\_compartment](#module\_workload\_compartment) | ../../modules/compartment | n/a | | [workload\_critical\_topic](#module\_workload\_critical\_topic) | ../../modules/notification-topic | n/a | | [workload\_expansion\_policy](#module\_workload\_expansion\_policy) | ../../modules/policies | n/a | | [workload\_expansion\_sec\_policy](#module\_workload\_expansion\_sec\_policy) | ../../modules/policies | n/a | +| [workload\_expansion\_spoke](#module\_workload\_expansion\_spoke) | ../elz-spoke | n/a | | [workload\_warning\_topic](#module\_workload\_warning\_topic) | ../../modules/notification-topic | n/a | ## Resources | Name | Type | |------|------| -| [oci_identity_region_subscriptions.regions](https://registry.terraform.io/providers/oracle/oci/4.96.0/docs/data-sources/identity_region_subscriptions) | data source | +| [random_id.tag](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource | +| [oci_identity_region_subscriptions.regions](https://registry.terraform.io/providers/oracle/oci/5.1.0/docs/data-sources/identity_region_subscriptions) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [application\_admin\_group\_name](#input\_application\_admin\_group\_name) | the name of workload application admin group | `string` | `""` | no | +| [customer\_onprem\_ip\_cidr](#input\_customer\_onprem\_ip\_cidr) | ----------------------------------------------------------------------------- Workload Expansion Variables ----------------------------------------------------------------------------- | `list(string)` | `[]` | no | | [database\_admin\_group\_name](#input\_database\_admin\_group\_name) | the name of workload database admin group | `string` | `""` | no | -| [drg\_id](#input\_drg\_id) | n/a | `string` | `"ocid1.drg."` | no | +| [drg\_id](#input\_drg\_id) | n/a | `string` | n/a | yes | | [enable\_compartment\_delete](#input\_enable\_compartment\_delete) | Set to true to allow the compartments to delete on terraform destroy. | `bool` | `true` | no | | [enable\_internet\_gateway\_spoke](#input\_enable\_internet\_gateway\_spoke) | n/a | `bool` | `false` | no | | [enable\_nat\_gateway\_spoke](#input\_enable\_nat\_gateway\_spoke) | n/a | `bool` | `false` | no | | [enable\_network\_monitoring\_alarms](#input\_enable\_network\_monitoring\_alarms) | Enable Network Monitoring Alarms in Network Compartment | `bool` | `false` | no | | [enable\_security\_monitoring\_alarms](#input\_enable\_security\_monitoring\_alarms) | Enable Security Monitoring Alarms in Security Compartment | `bool` | `false` | no | | [enable\_service\_gateway\_spoke](#input\_enable\_service\_gateway\_spoke) | n/a | `bool` | `false` | no | +| [enable\_vpn\_on\_environment](#input\_enable\_vpn\_on\_environment) | n/a | `bool` | `false` | no | +| [enable\_vpn\_or\_fastconnect](#input\_enable\_vpn\_or\_fastconnect) | n/a | `string` | `"NONE"` | no | | [enable\_workload\_monitoring\_alarms](#input\_enable\_workload\_monitoring\_alarms) | Enable Workload Monitoring Alarms in Workload Compartment | `bool` | `false` | no | -| [environment\_compartment\_id](#input\_environment\_compartment\_id) | n/a | `string` | n/a | yes | +| [environment\_compartment\_id](#input\_environment\_compartment\_id) | the OCID of the compartment where the environment will be created. In general, this should be the Landing zone parent compartment. | `string` | n/a | yes | | [environment\_prefix](#input\_environment\_prefix) | the 1 character string representing the environment eg. P (prod), N (non-prod), D, T, U | `string` | n/a | yes | | [hub\_private\_subnet\_cidr\_block](#input\_hub\_private\_subnet\_cidr\_block) | n/a | `string` | `"10.1.2.0/24"` | no | | [hub\_public\_subnet\_cidr\_block](#input\_hub\_public\_subnet\_cidr\_block) | n/a | `string` | `"10.1.1.0/24"` | no | -| [hub\_route\_table\_name](#input\_hub\_route\_table\_name) | n/a | `string` | `""` | no | -| [hub\_security\_list\_id](#input\_hub\_security\_list\_id) | n/a | `string` | `"ocid1.securitylist."` | no | -| [hub\_vcn\_id](#input\_hub\_vcn\_id) | n/a | `string` | `"ocid1.vcn."` | no | -| [hub\_vcn\_parent\_compartment\_id](#input\_hub\_vcn\_parent\_compartment\_id) | n/a | `string` | `"ocid1.compartment."` | no | | [identity\_domain\_id](#input\_identity\_domain\_id) | the ocid of identity domain | `string` | `"ocid1.domain."` | no | | [identity\_domain\_name](#input\_identity\_domain\_name) | identity domain name | `string` | `""` | no | -| [internet\_gateway\_display\_name](#input\_internet\_gateway\_display\_name) | (Updatable) Name of Internet Gateway. Does not have to be unique. | `string` | `"igw"` | no | +| [ipsec\_connection\_static\_routes](#input\_ipsec\_connection\_static\_routes) | n/a | `list(string)` | 
[
  ""
]
| no | +| [is\_create\_alarms](#input\_is\_create\_alarms) | Enable Alarms Creation in all Compartment | `bool` | `true` | no | | [nat\_gateway\_display\_name](#input\_nat\_gateway\_display\_name) | (Updatable) Name of NAT Gateway. Does not have to be unique. | `string` | `"ngw"` | no | | [nat\_gw\_spoke\_check](#input\_nat\_gw\_spoke\_check) | n/a | `list(string)` | 
[
  ""
]
| no | -| [network\_admin\_group\_name](#input\_network\_admin\_group\_name) | Network Admin Group Name. | `string` | `""` | no | +| [network\_admin\_group\_name](#input\_network\_admin\_group\_name) | the name of landing zone Network admin group | `string` | `""` | no | | [network\_compartment\_id](#input\_network\_compartment\_id) | the OCID of the compartment where the environment will be created. In general, this should be the Landing zone parent compartment. | `string` | `""` | no | | [network\_topic\_endpoints](#input\_network\_topic\_endpoints) | List of email addresses for Network Warning and Critical notifications. | `list(string)` | `[]` | no | | [region](#input\_region) | The OCI region | `string` | n/a | yes | | [route\_table\_display\_name](#input\_route\_table\_display\_name) | Workload Expansion Spoke Route Table Name Disply Name. | `string` | `""` | no | | [secops\_topic\_endpoints](#input\_secops\_topic\_endpoints) | List of email addresses for Secops Warning and Critical notifications. | `list(string)` | `[]` | no | -| [security\_admin\_group\_name](#input\_security\_admin\_group\_name) | Security Admin Group Name. | `string` | `""` | no | | [security\_compartment\_id](#input\_security\_compartment\_id) | the OCID of the compartment where the environment will be created. In general, this should be the Landing zone parent compartment. | `string` | `""` | no | | [security\_compartment\_name](#input\_security\_compartment\_name) | Security Compartment Name. | `string` | `""` | no | -| [security\_compartment\_ocid](#input\_security\_compartment\_ocid) | Security Compartment OCID. | `string` | `""` | no | | [security\_list\_display\_name](#input\_security\_list\_display\_name) | Workload Expansion Spoke Security List Name Disly Name. | `string` | `""` | no | | [service\_gateway\_display\_name](#input\_service\_gateway\_display\_name) | (Updatable) Name of Service Gateway. Does not have to be unique. | `string` | `"sgw"` | no | | [service\_gw\_spoke\_check](#input\_service\_gw\_spoke\_check) | n/a | `list(string)` | 
[
  ""
]
| no | | [tenancy\_ocid](#input\_tenancy\_ocid) | The OCID of tenancy | `string` | n/a | yes | | [vcn\_display\_name](#input\_vcn\_display\_name) | Workload Expansion Spoke VCN Display Name | `string` | `""` | no | -| [vcn\_dns\_label](#input\_vcn\_dns\_label) | A DNS label for the VCN, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet | `string` | `"wrkspokevcn"` | no | +| [vcn\_dns\_label](#input\_vcn\_dns\_label) | A DNS label for the VCN, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet | `string` | `"spokelabel"` | no | | [workload\_admin\_group\_name](#input\_workload\_admin\_group\_name) | the name of workload admin group | `string` | `""` | no | | [workload\_compartment\_name](#input\_workload\_compartment\_name) | The name of the workload compartment by default OCI-ELZ--. | `string` | `""` | no | | [workload\_expansion\_flag](#input\_workload\_expansion\_flag) | Set to true if you want to use this as independent Workload Expansion Deployment Stack. | `bool` | `false` | no | -| [workload\_name](#input\_workload\_name) | The name of the workload. | `string` | `""` | no | +| [workload\_name](#input\_workload\_name) | The name of the workload. | `string` | `"W"` | no | | [workload\_prefix](#input\_workload\_prefix) | Atleast 4 Alphanumeric Charater to Describe the Workload : WRK1 | `string` | `"WRK1"` | no | -| [workload\_private\_spoke\_subnet\_app\_cidr\_block](#input\_workload\_private\_spoke\_subnet\_app\_cidr\_block) | Workload Enivornment Spoke VCN CIDR Block. | `string` | `"10.5.2.0/24"` | no | +| [workload\_private\_spoke\_subnet\_app\_cidr\_block](#input\_workload\_private\_spoke\_subnet\_app\_cidr\_block) | Workload Enivornment Spoke VCN CIDR Block. | `string` | n/a | yes | | [workload\_private\_spoke\_subnet\_app\_display\_name](#input\_workload\_private\_spoke\_subnet\_app\_display\_name) | Workload Expansion Spoke App Subnet Display Name. | `string` | `""` | no | -| [workload\_private\_spoke\_subnet\_app\_dns\_label](#input\_workload\_private\_spoke\_subnet\_app\_dns\_label) | A DNS label for the VCN Subnet, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet | `string` | `"wrkapplabel"` | no | -| [workload\_private\_spoke\_subnet\_db\_cidr\_block](#input\_workload\_private\_spoke\_subnet\_db\_cidr\_block) | Workload Enivornment Spoke VCN CIDR Block. | `string` | `"10.5.3.0/24"` | no | +| [workload\_private\_spoke\_subnet\_app\_dns\_label](#input\_workload\_private\_spoke\_subnet\_app\_dns\_label) | A DNS label for the VCN Subnet, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet | `string` | `"appdnslabel"` | no | +| [workload\_private\_spoke\_subnet\_db\_cidr\_block](#input\_workload\_private\_spoke\_subnet\_db\_cidr\_block) | Workload Enivornment Spoke VCN CIDR Block. | `string` | n/a | yes | | [workload\_private\_spoke\_subnet\_db\_display\_name](#input\_workload\_private\_spoke\_subnet\_db\_display\_name) | Workload Expansion Spoke Db Subnet Display Name. | `string` | `""` | no | -| [workload\_private\_spoke\_subnet\_db\_dns\_label](#input\_workload\_private\_spoke\_subnet\_db\_dns\_label) | A DNS label for the VCN Subnet, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet | `string` | `"wrkdblabel"` | no | -| [workload\_private\_spoke\_subnet\_web\_cidr\_block](#input\_workload\_private\_spoke\_subnet\_web\_cidr\_block) | Workload Enivornment Spoke VCN CIDR Block. | `string` | `"10.5.1.0/24"` | no | +| [workload\_private\_spoke\_subnet\_db\_dns\_label](#input\_workload\_private\_spoke\_subnet\_db\_dns\_label) | A DNS label for the VCN Subnet, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet | `string` | `"dbdnslabel"` | no | +| [workload\_private\_spoke\_subnet\_web\_cidr\_block](#input\_workload\_private\_spoke\_subnet\_web\_cidr\_block) | Workload Enivornment Spoke VCN CIDR Block. | `string` | n/a | yes | | [workload\_private\_spoke\_subnet\_web\_display\_name](#input\_workload\_private\_spoke\_subnet\_web\_display\_name) | Workload Expansion Spoke Web Subnet Display Name. | `string` | `""` | no | -| [workload\_private\_spoke\_subnet\_web\_dns\_label](#input\_workload\_private\_spoke\_subnet\_web\_dns\_label) | A DNS label for the VCN Subnet, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet | `string` | `"wrkweblabel"` | no | -| [workload\_spoke\_vcn\_cidr](#input\_workload\_spoke\_vcn\_cidr) | The list of IPv4 CIDR blocks the VCN will use. | `list(string)` | 
[
  "10.5.0.0/16"
]
| no | +| [workload\_private\_spoke\_subnet\_web\_dns\_label](#input\_workload\_private\_spoke\_subnet\_web\_dns\_label) | A DNS label for the VCN Subnet, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet | `string` | `"webdnslabel"` | no | +| [workload\_spoke\_vcn\_cidr](#input\_workload\_spoke\_vcn\_cidr) | IPv4 CIDR blocks the VCN will use. | `string` | n/a | yes | | [workload\_topic\_endpoints](#input\_workload\_topic\_endpoints) | List of email addresses for Workload notifications. | `list(string)` | `[]` | no | ## Outputs @@ -96,4 +97,5 @@ |------|-------------| | [compartment\_id](#output\_compartment\_id) | The ocid of workload compartment | | [compartment\_name](#output\_compartment\_name) | The Workload Compartment Name | +| [subnet\_cidr\_blocks](#output\_subnet\_cidr\_blocks) | n/a | \ No newline at end of file diff --git a/templates/enterprise-landing-zone/variables.tf b/templates/enterprise-landing-zone/variables.tf index e0e2edbd..da00118e 100644 --- a/templates/enterprise-landing-zone/variables.tf +++ b/templates/enterprise-landing-zone/variables.tf @@ -20,7 +20,7 @@ variable "resource_label" { variable "is_baseline_deploy" { type = bool default = false - description = "TagNameSpace Optimization: Set to True(if the deployment is baseline) and on dependent module TagNameSpace Tag will not get Created." + description = "TagNameSpace Optimization: Set to True(if the deployment is baseline) to disable dependent module TagNameSpace Tag Creation." } # ----------------------------------------------------------------------------- From 51a5dec0acdeade56fb99a2bd22c68d6e2a4eeab Mon Sep 17 00:00:00 2001 From: vinaykumar-oci Date: Thu, 6 Jul 2023 14:12:51 -0700 Subject: [PATCH 3/7] Readme File Updated Readme File Updated --- templates/elz-exadata-spoke/README.md | 8 ++++---- templates/enterprise-landing-zone/README.md | 20 +++++++++++++++----- templates/freetrial-landing-zone/README.md | 19 +++++++++++-------- 3 files changed, 30 insertions(+), 17 deletions(-) diff --git a/templates/elz-exadata-spoke/README.md b/templates/elz-exadata-spoke/README.md index 240e69f4..d32228fa 100644 --- a/templates/elz-exadata-spoke/README.md +++ b/templates/elz-exadata-spoke/README.md @@ -4,13 +4,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0.0 | -| [oci](#requirement\_oci) | 4.122.0 | +| [oci](#requirement\_oci) | 5.1.0 | ## Providers | Name | Version | |------|---------| -| [oci](#provider\_oci) | 4.122.0 | +| [oci](#provider\_oci) | 5.1.0 | ## Modules @@ -32,8 +32,8 @@ | Name | Type | |------|------| -| [oci_core_services.service_gateway](https://registry.terraform.io/providers/oracle/oci/4.122.0/docs/data-sources/core_services) | data source | -| [oci_identity_region_subscriptions.regions](https://registry.terraform.io/providers/oracle/oci/4.122.0/docs/data-sources/identity_region_subscriptions) | data source | +| [oci_core_services.service_gateway](https://registry.terraform.io/providers/oracle/oci/5.1.0/docs/data-sources/core_services) | data source | +| [oci_identity_region_subscriptions.regions](https://registry.terraform.io/providers/oracle/oci/5.1.0/docs/data-sources/identity_region_subscriptions) | data source | ## Inputs diff --git a/templates/enterprise-landing-zone/README.md b/templates/enterprise-landing-zone/README.md index d6e20604..75fe5c36 100644 --- a/templates/enterprise-landing-zone/README.md +++ b/templates/enterprise-landing-zone/README.md @@ -8,14 +8,14 @@ Version 2 of Oracle Enterprise Landing Zone | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0.0 | -| [oci](#requirement\_oci) | 4.96.0 | +| [oci](#requirement\_oci) | 5.1.0 | ## Providers | Name | Version | |------|---------| -| [oci](#provider\_oci) | 4.96.0 | -| [random](#provider\_random) | 3.4.3 | +| [oci](#provider\_oci) | 5.1.0 | +| [random](#provider\_random) | 3.5.1 | ## Modules @@ -54,8 +54,8 @@ Version 2 of Oracle Enterprise Landing Zone | Name | Type | |------|------| | [random_id.tag](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource | -| [oci_identity_region_subscriptions.regions](https://registry.terraform.io/providers/oracle/oci/4.96.0/docs/data-sources/identity_region_subscriptions) | data source | -| [oci_objectstorage_namespace.ns](https://registry.terraform.io/providers/oracle/oci/4.96.0/docs/data-sources/objectstorage_namespace) | data source | +| [oci_identity_region_subscriptions.regions](https://registry.terraform.io/providers/oracle/oci/5.1.0/docs/data-sources/identity_region_subscriptions) | data source | +| [oci_objectstorage_namespace.ns](https://registry.terraform.io/providers/oracle/oci/5.1.0/docs/data-sources/objectstorage_namespace) | data source | ## Inputs @@ -73,6 +73,7 @@ Version 2 of Oracle Enterprise Landing Zone | [customer\_onprem\_ip\_cidr](#input\_customer\_onprem\_ip\_cidr) | n/a | `list(string)` | `[]` | no | | [customer\_primary\_bgp\_peering\_ip](#input\_customer\_primary\_bgp\_peering\_ip) | The primary BGP IPv4 address of the customer's router | `string` | `""` | no | | [customer\_secondary\_bgp\_peering\_ip](#input\_customer\_secondary\_bgp\_peering\_ip) | [Optional] The secondary BGP IPv4 address of the customer's router | `string` | `""` | no | +| [domain\_license\_type](#input\_domain\_license\_type) | Identity Domain License Type | `string` | `"premium"` | no | | [enable\_cloud\_guard](#input\_enable\_cloud\_guard) | true if you don't have cloud guard enabled, false if you've already have cloud guard enabled. | `bool` | `true` | no | | [enable\_compartment\_delete](#input\_enable\_compartment\_delete) | Set to true to allow the compartments to delete on terraform destroy. | `bool` | `true` | no | | [enable\_vpn\_or\_fastconnect](#input\_enable\_vpn\_or\_fastconnect) | Option to enable VPN or FASTCONNECT service. Options are NONE, VPN, FASTCONNECT. | `string` | `"NONE"` | no | @@ -80,8 +81,12 @@ Version 2 of Oracle Enterprise Landing Zone | [fastconnect\_routing\_policy](#input\_fastconnect\_routing\_policy) | Available FastConnect routing policies: ORACLE\_SERVICE\_NETWORK, REGIONAL, MARKET\_LEVEL, GLOBAL | `list(string)` | `[]` | no | | [home\_compartment\_name](#input\_home\_compartment\_name) | The name of the Landing Zone home compartment. | `string` | `"OCI-ELZ-CMP-HOME"` | no | | [igw\_hub\_check](#input\_igw\_hub\_check) | n/a | `list(string)` | 
[
  ""
]
| no | +| [is\_baseline\_deploy](#input\_is\_baseline\_deploy) | TagNameSpace Optimization: Set to True(if the deployment is baseline) to disable dependent module TagNameSpace Tag Creation. | `bool` | `false` | no | +| [is\_create\_alarms](#input\_is\_create\_alarms) | Enable Alarms Creation in all Compartment | `bool` | `true` | no | +| [is\_service\_connector\_limit](#input\_is\_service\_connector\_limit) | Restrict Number of Service Connector Deployment in Tenancy if limit is two | `bool` | `false` | no | | [nat\_gw\_hub\_check](#input\_nat\_gw\_hub\_check) | n/a | `list(string)` | 
[
  ""
]
| no | | [nat\_gw\_spoke\_check](#input\_nat\_gw\_spoke\_check) | n/a | `list(string)` | 
[
  ""
]
| no | +| [nonprod\_additional\_workload\_subnets\_cidr\_blocks](#input\_nonprod\_additional\_workload\_subnets\_cidr\_blocks) | A list of subnets cidr blocks in additional workload stack in non-prod | `list(string)` | `[]` | no | | [nonprod\_application\_admin\_group\_name](#input\_nonprod\_application\_admin\_group\_name) | The group name for the OCI Application Administrators Group. Defaults to OCI-ELZ-UGP-N-APP-ADMIN if blank or not provided. | `string` | `""` | no | | [nonprod\_bastion\_client\_cidr\_block\_allow\_list](#input\_nonprod\_bastion\_client\_cidr\_block\_allow\_list) | A list of address ranges in CIDR notation that you want to allow to connect to sessions hosted by this bastion. | `list(string)` | n/a | yes | | [nonprod\_bgp\_cust\_tunnela\_ip](#input\_nonprod\_bgp\_cust\_tunnela\_ip) | The IP address for the CPE end of the inside tunnel interface. | `string` | `""` | no | @@ -140,10 +145,12 @@ Version 2 of Oracle Enterprise Landing Zone | [nonprod\_vault\_replica\_region](#input\_nonprod\_vault\_replica\_region) | the region to be created replica to. Required *if* nonprod\_enable\_vault\_replication is true. | `string` | `""` | no | | [nonprod\_vault\_type](#input\_nonprod\_vault\_type) | The type of vault to create. | `string` | `"DEFAULT"` | no | | [nonprod\_workload\_admin\_group\_name](#input\_nonprod\_workload\_admin\_group\_name) | The group name for the OCI Workload Administrators Group. Defaults to OCI-ELZ-UGP-N-WRK-ADMIN if blank or not provided. | `string` | `""` | no | +| [nonprod\_workload\_compartment\_names](#input\_nonprod\_workload\_compartment\_names) | The names of the workload compartments to update policies for the Admin Groups | `list(string)` | `[]` | no | | [nonprod\_workload\_topic\_endpoints](#input\_nonprod\_workload\_topic\_endpoints) | List of email addresses for Non Prod Workload notifications. | `list(string)` | `[]` | no | | [onboard\_log\_analytics](#input\_onboard\_log\_analytics) | Set to true to onboard the tenancy to logging analytics. | `bool` | `true` | no | | [oracle\_primary\_bgp\_peering\_ip](#input\_oracle\_primary\_bgp\_peering\_ip) | The primary BGP IPv4 address for Oracle's end of the BGP session | `string` | `""` | no | | [oracle\_secondary\_bgp\_peering\_ip](#input\_oracle\_secondary\_bgp\_peering\_ip) | [Optional] Secondary IPv4 address for Oracle's end of the BGP session | `string` | `""` | no | +| [prod\_additional\_workload\_subnets\_cidr\_blocks](#input\_prod\_additional\_workload\_subnets\_cidr\_blocks) | A list of subnets cidr blocks in additional workload stack in prod | `list(string)` | `[]` | no | | [prod\_application\_admin\_group\_name](#input\_prod\_application\_admin\_group\_name) | The group name for the OCI Application Administrators Group. Defaults to OCI-ELZ-UGP-P-APP-ADMIN if blank or not provided. | `string` | `""` | no | | [prod\_bastion\_client\_cidr\_block\_allow\_list](#input\_prod\_bastion\_client\_cidr\_block\_allow\_list) | A list of address ranges in CIDR notation that you want to allow to connect to sessions hosted by this bastion. | `list(string)` | n/a | yes | | [prod\_bgp\_cust\_tunnela\_ip](#input\_prod\_bgp\_cust\_tunnela\_ip) | The IP address for the CPE end of the inside tunnel interface. | `string` | `""` | no | @@ -202,6 +209,7 @@ Version 2 of Oracle Enterprise Landing Zone | [prod\_vault\_replica\_region](#input\_prod\_vault\_replica\_region) | the region to be created replica to. Required *if* prod\_enable\_vault\_replication is true. | `string` | `""` | no | | [prod\_vault\_type](#input\_prod\_vault\_type) | The type of vault to create. | `string` | `"DEFAULT"` | no | | [prod\_workload\_admin\_group\_name](#input\_prod\_workload\_admin\_group\_name) | The group name for the OCI Workload Administrators Group. Defaults to OCI-ELZ-UGP-P-WRK-ADMIN if blank or not provided. | `string` | `""` | no | +| [prod\_workload\_compartment\_names](#input\_prod\_workload\_compartment\_names) | The names of the workload compartments to update policies for the Admin Groups | `list(string)` | `[]` | no | | [prod\_workload\_topic\_endpoints](#input\_prod\_workload\_topic\_endpoints) | List of email addresses for Prod Workload notifications. | `list(string)` | `[]` | no | | [provider\_service\_key\_name](#input\_provider\_service\_key\_name) | The provider service key that the provider gives you when you set up a virtual circuit connection from the provider to OCI | `string` | `""` | no | | [region](#input\_region) | The OCI region | `string` | n/a | yes | @@ -220,6 +228,8 @@ Version 2 of Oracle Enterprise Landing Zone | Name | Description | |------|-------------| | [dynamic\_group\_detail](#output\_dynamic\_group\_detail) | n/a | +| [nonprod\_environment](#output\_nonprod\_environment) | n/a | +| [prod\_environment](#output\_prod\_environment) | n/a | | [subnets](#output\_subnets) | The subnet OCID | | [vcn](#output\_vcn) | n/a | | [workload\_compartment\_id](#output\_workload\_compartment\_id) | n/a | diff --git a/templates/freetrial-landing-zone/README.md b/templates/freetrial-landing-zone/README.md index d158a204..6381e910 100644 --- a/templates/freetrial-landing-zone/README.md +++ b/templates/freetrial-landing-zone/README.md @@ -8,14 +8,14 @@ Version 2 of Oracle Enterprise Landing Zone | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0.0 | -| [oci](#requirement\_oci) | 4.96.0 | +| [oci](#requirement\_oci) | 5.1.0 | ## Providers | Name | Version | |------|---------| -| [oci](#provider\_oci) | 4.96.0 | -| [random](#provider\_random) | 3.4.3 | +| [oci](#provider\_oci) | 5.1.0 | +| [random](#provider\_random) | n/a | ## Modules @@ -49,8 +49,8 @@ Version 2 of Oracle Enterprise Landing Zone | Name | Type | |------|------| | [random_id.tag](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource | -| [oci_identity_region_subscriptions.regions](https://registry.terraform.io/providers/oracle/oci/4.96.0/docs/data-sources/identity_region_subscriptions) | data source | -| [oci_objectstorage_namespace.ns](https://registry.terraform.io/providers/oracle/oci/4.96.0/docs/data-sources/objectstorage_namespace) | data source | +| [oci_identity_region_subscriptions.regions](https://registry.terraform.io/providers/oracle/oci/5.1.0/docs/data-sources/identity_region_subscriptions) | data source | +| [oci_objectstorage_namespace.ns](https://registry.terraform.io/providers/oracle/oci/5.1.0/docs/data-sources/objectstorage_namespace) | data source | ## Inputs @@ -69,14 +69,17 @@ Version 2 of Oracle Enterprise Landing Zone | [customer\_primary\_bgp\_peering\_ip](#input\_customer\_primary\_bgp\_peering\_ip) | The primary BGP IPv4 address of the customer's router | `string` | `""` | no | | [customer\_secondary\_bgp\_peering\_ip](#input\_customer\_secondary\_bgp\_peering\_ip) | [Optional] The secondary BGP IPv4 address of the customer's router | `string` | `""` | no | | [domain\_license\_type](#input\_domain\_license\_type) | Identity Domain License Type. | `string` | `"premium"` | no | -| [enable\_cloud\_guard](#input\_enable\_cloud\_guard) | true if you don't have cloud guard enabled, false if you've already have cloud guard enabled. | `bool` | `true` | no | +| [enable\_cloud\_guard](#input\_enable\_cloud\_guard) | true if you don't have cloud guard enabled, false if you've already have cloud guard enabled. | `bool` | `false` | no | | [enable\_compartment\_delete](#input\_enable\_compartment\_delete) | Set to true to allow the compartments to delete on terraform destroy. | `bool` | `true` | no | | [enable\_vpn\_or\_fastconnect](#input\_enable\_vpn\_or\_fastconnect) | Option to enable VPN or FASTCONNECT service. Options are NONE, VPN, FASTCONNECT. | `string` | `"NONE"` | no | | [fastconnect\_provider](#input\_fastconnect\_provider) | Fastconnect provider. Please choose from: AT&T, Azure, Megaport, QTS, CEintro, Cologix, CoreSite, Digitial Realty, EdgeConneX, Epsilon, Equinix, InterCloud, Lumen, Neutrona, OMCS, OracleL2ItegDeployment, OracleL3ItegDeployment, Orange, Verizon, Zayo | `string` | `""` | no | | [fastconnect\_routing\_policy](#input\_fastconnect\_routing\_policy) | Available FastConnect routing policies: ORACLE\_SERVICE\_NETWORK, REGIONAL, MARKET\_LEVEL, GLOBAL | `list(string)` | `[]` | no | -| [home\_compartment\_name](#input\_home\_compartment\_name) | The name of the Landing Zone home compartment. | `string` | `"OCI-ELZ-CMP-HOME"` | no | +| [home\_compartment\_id](#input\_home\_compartment\_id) | Home Compartment ID | `string` | n/a | yes | +| [home\_compartment\_name](#input\_home\_compartment\_name) | The name of the Landing Zone home compartment. | `string` | `"LIVELAB-OCI-CMP-HOME"` | no | | [igw\_hub\_check](#input\_igw\_hub\_check) | n/a | `list(string)` | 
[
  ""
]
| no | -| [is\_create\_alarms](#input\_is\_create\_alarms) | Enable Alarms Creation in all Compartment | `bool` | `true` | no | +| [is\_create\_alarms](#input\_is\_create\_alarms) | Enable Alarms Creation in all Compartment | `bool` | `false` | no | +| [is\_freetrial\_deploy](#input\_is\_freetrial\_deploy) | true if you want to deploying the baseline template | `bool` | n/a | yes | +| [is\_service\_connector\_limit](#input\_is\_service\_connector\_limit) | Restrict Number of Service Connector Deployment in Tenancy if limit is two | `bool` | `true` | no | | [nat\_gw\_hub\_check](#input\_nat\_gw\_hub\_check) | n/a | `list(string)` | 
[
  ""
]
| no | | [nat\_gw\_spoke\_check](#input\_nat\_gw\_spoke\_check) | n/a | `list(string)` | 
[
  ""
]
| no | | [nonprod\_application\_admin\_group\_name](#input\_nonprod\_application\_admin\_group\_name) | The group name for the OCI Application Administrators Group. Defaults to OCI-ELZ-UGP-N-APP-ADMIN if blank or not provided. | `string` | `""` | no | From c7f6ab14b38a3133f8c5ab784395d18f2720409c Mon Sep 17 00:00:00 2001 From: vinaykumar-oci Date: Thu, 6 Jul 2023 15:13:34 -0700 Subject: [PATCH 4/7] Vault Key Fix. Vault Key Fix. --- templates/enterprise-landing-zone/logging-variables.tf | 5 +++++ templates/enterprise-landing-zone/variables.tf | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/templates/enterprise-landing-zone/logging-variables.tf b/templates/enterprise-landing-zone/logging-variables.tf index aab4a19d..64338f2c 100644 --- a/templates/enterprise-landing-zone/logging-variables.tf +++ b/templates/enterprise-landing-zone/logging-variables.tf @@ -32,4 +32,9 @@ variable "archive_log_retention_policy_duration_time_unit" { type = string description = "The unit that should be used to interpret timeAmount." default = "DAYS" +} +variable "archive_external_master_encryption_key" { + type = string + description = "OCID of existing key to use (instead of creating a new MEK)" + default = "" } \ No newline at end of file diff --git a/templates/enterprise-landing-zone/variables.tf b/templates/enterprise-landing-zone/variables.tf index da00118e..72cbe074 100644 --- a/templates/enterprise-landing-zone/variables.tf +++ b/templates/enterprise-landing-zone/variables.tf @@ -322,6 +322,16 @@ variable "nonprod_create_master_encryption_key" { description = "Option create master encryption key" default = true } +variable "nonprod_external_master_encryption_key" { + type = string + description = "OCID of existing key to use (instead of creating a new MEK)" + default = "" +} +variable "prod_external_master_encryption_key" { + type = string + description = "OCID of existing key to use (instead of creating a new MEK)" + default = "" +} # ----------------------------------------------------------------------------- # Network Variables From 311ecc3d05ed1233a478ca6badadda321c62a4e2 Mon Sep 17 00:00:00 2001 From: vinaykumar-oci Date: Thu, 6 Jul 2023 15:14:53 -0700 Subject: [PATCH 5/7] Updated the ReadMe File Updated the ReadMe File --- templates/enterprise-landing-zone/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/enterprise-landing-zone/README.md b/templates/enterprise-landing-zone/README.md index 75fe5c36..9e634956 100644 --- a/templates/enterprise-landing-zone/README.md +++ b/templates/enterprise-landing-zone/README.md @@ -64,6 +64,7 @@ Version 2 of Oracle Enterprise Landing Zone | [api\_fingerprint](#input\_api\_fingerprint) | The fingerprint of API | `string` | `""` | no | | [api\_private\_key](#input\_api\_private\_key) | The API private key | `string` | `""` | no | | [api\_private\_key\_path](#input\_api\_private\_key\_path) | The local path to the API private key | `string` | `""` | no | +| [archive\_external\_master\_encryption\_key](#input\_archive\_external\_master\_encryption\_key) | OCID of existing key to use (instead of creating a new MEK) | `string` | `""` | no | | [archive\_log\_retention\_policy\_duration\_amount](#input\_archive\_log\_retention\_policy\_duration\_amount) | The timeAmount is interpreted in units defined by the timeUnit parameter, and is calculated in relation to each object's Last-Modified timestamp. | `string` | `"1"` | no | | [archive\_log\_retention\_policy\_duration\_time\_unit](#input\_archive\_log\_retention\_policy\_duration\_time\_unit) | The unit that should be used to interpret timeAmount. | `string` | `"DAYS"` | no | | [bgp\_md5auth\_key](#input\_bgp\_md5auth\_key) | The key for BGP MD5 authentication. Only applicable if your system requires MD5 authentication | `string` | `""` | no | @@ -117,6 +118,7 @@ Version 2 of Oracle Enterprise Landing Zone | [nonprod\_enable\_vault\_replication](#input\_nonprod\_enable\_vault\_replication) | Option to enable vault replication | `bool` | `false` | no | | [nonprod\_enable\_vpn](#input\_nonprod\_enable\_vpn) | Enable VPN in non prod environment | `bool` | `false` | no | | [nonprod\_enable\_workload\_monitoring\_alarms](#input\_nonprod\_enable\_workload\_monitoring\_alarms) | Enable Workload Monitoring Alarms in Non-Production Workload Compartment | `bool` | `false` | no | +| [nonprod\_external\_master\_encryption\_key](#input\_nonprod\_external\_master\_encryption\_key) | OCID of existing key to use (instead of creating a new MEK) | `string` | `""` | no | | [nonprod\_geo\_location\_tagging](#input\_nonprod\_geo\_location\_tagging) | Non-Production Geo Location. | `string` | n/a | yes | | [nonprod\_hub\_private\_subnet\_cidr\_block](#input\_nonprod\_hub\_private\_subnet\_cidr\_block) | Non-Production Enivornment HUB Private Subnet CIDR Block. | `string` | n/a | yes | | [nonprod\_hub\_public\_subnet\_cidr\_block](#input\_nonprod\_hub\_public\_subnet\_cidr\_block) | Non-Production Enivornment HUB Public Subnet CIDR Block. | `string` | n/a | yes | @@ -181,6 +183,7 @@ Version 2 of Oracle Enterprise Landing Zone | [prod\_enable\_vault\_replication](#input\_prod\_enable\_vault\_replication) | Option to enable vault replication | `bool` | `false` | no | | [prod\_enable\_vpn](#input\_prod\_enable\_vpn) | Enable VPN in prod environment | `bool` | `false` | no | | [prod\_enable\_workload\_monitoring\_alarms](#input\_prod\_enable\_workload\_monitoring\_alarms) | Enable Workload Monitoring Alarms in Production Workload Compartment | `bool` | `false` | no | +| [prod\_external\_master\_encryption\_key](#input\_prod\_external\_master\_encryption\_key) | OCID of existing key to use (instead of creating a new MEK) | `string` | `""` | no | | [prod\_geo\_location\_tagging](#input\_prod\_geo\_location\_tagging) | Production Geo Center. | `string` | n/a | yes | | [prod\_hub\_private\_subnet\_cidr\_block](#input\_prod\_hub\_private\_subnet\_cidr\_block) | Production Enivornment HUB Private Subnet CIDR Block. | `string` | n/a | yes | | [prod\_hub\_public\_subnet\_cidr\_block](#input\_prod\_hub\_public\_subnet\_cidr\_block) | Production Enivornment HUB Public Subnet CIDR Block. | `string` | n/a | yes | From 22e7717347e732ca16727f32c1c08b25fcd31820 Mon Sep 17 00:00:00 2001 From: vinaykumar-oci Date: Thu, 6 Jul 2023 16:22:09 -0700 Subject: [PATCH 6/7] Added new Variable on the Schema Yaml File. Added new Variable on the Schema Yaml File. --- templates/enterprise-landing-zone/schema.yaml | 6 ++++++ templates/enterprise-landing-zone/variables.tf | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/templates/enterprise-landing-zone/schema.yaml b/templates/enterprise-landing-zone/schema.yaml index e89980ad..adf6a927 100644 --- a/templates/enterprise-landing-zone/schema.yaml +++ b/templates/enterprise-landing-zone/schema.yaml @@ -262,6 +262,12 @@ variables: in the tenancy" required: true title: Break Glass User Email List + is_baseline_deploy: + type: boolean + description: "Set to true in case of Baseline Deployment." + default: true + required: false + title: Is Baseline Deployment show_extra_group_names: type: boolean default: false diff --git a/templates/enterprise-landing-zone/variables.tf b/templates/enterprise-landing-zone/variables.tf index 72cbe074..d5577833 100644 --- a/templates/enterprise-landing-zone/variables.tf +++ b/templates/enterprise-landing-zone/variables.tf @@ -19,7 +19,7 @@ variable "resource_label" { variable "is_baseline_deploy" { type = bool - default = false + default = true description = "TagNameSpace Optimization: Set to True(if the deployment is baseline) to disable dependent module TagNameSpace Tag Creation." } From 12de0334da6f8db12475356c7b8cf89cac7bf05f Mon Sep 17 00:00:00 2001 From: vinaykumar-oci Date: Fri, 7 Jul 2023 14:57:29 -0700 Subject: [PATCH 7/7] Update schema.yaml --- templates/enterprise-landing-zone/schema.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/templates/enterprise-landing-zone/schema.yaml b/templates/enterprise-landing-zone/schema.yaml index adf6a927..f58f2eb8 100644 --- a/templates/enterprise-landing-zone/schema.yaml +++ b/templates/enterprise-landing-zone/schema.yaml @@ -257,8 +257,7 @@ variables: items: type: string pattern: ^[^\s@]+@([^\s@.,]+\.)+[^\s@.,]{2,}$ - description: - "Unique list of break glass user email addresses that do not exist. These users are added to the Administrator group. + description: "Unique list of break glass user email addresses that do not exist. These users are added to the Administrator group. in the tenancy" required: true title: Break Glass User Email List