Merge pull request #5 from oracle-quickstart/issue-4-cmp-data-source

Issue 4 cmp data source

Author: andrecorreaneto

RELEASE-NOTES.md

@@ -1,7 +1,15 @@
-# March 30, 2023 Release Notes - 0.1.0
+# March 30, 2023 Release Notes - 0.1.1
 
 ## Added
 1. [Initial Release](#0-1-0-initial)
 
 ### <a name="0-1-0-initial">Initial Release</a>
-Modules for compartments, policies, groups and dynamic groups.
+Modules for compartments, policies, groups and dynamic groups.
+
+# May 15, 2023 Release Notes - 0.1.1
+
+## Updates
+1. [Policy Module](#0-1-1-policies)
+### <a name="0-1-1-policies">Policy Module</a>
+- Policy target compartments must be passed as a map of objects via *supplied_compartments* attribute.
+- Policy examples updated, showcasing template policies and supplied policies.

compartments/README.md

@@ -80,13 +80,13 @@ module "compartments" {
 For invoking the module remotely, set the module *source* attribute to the compartments module folder in this repository, as shown:
 ```
 module "compartments" {
-  source = "git@github.com:oracle-quickstart/terraform-oci-cis-landing-zone-iam-modules.git//compartments"
+  source = "git@github.com:oracle-quickstart/terraform-oci-cis-landing-zone-iam.git//compartments"
   compartments_configuration = var.compartments_configuration
 }
 ```
 For referring to a specific module version, append *ref=\<version\>* to the *source* attribute value, as in:
 ```
-  source = "git@github.com:oracle-quickstart/terraform-oci-cis-landing-zone-iam-modules.git//compartments?ref=v0.1.0"
+  source = "git@github.com:oracle-quickstart/terraform-oci-cis-landing-zone-iam.git//compartments?ref=v0.1.0"
 ```
 
 ## Related Documentation

compartments/SPEC.md

@@ -31,6 +31,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_compartments_configuration"></a> [compartments\_configuration](#input\_compartments\_configuration) | The compartments configuration. Use the compartments attribute to define your topology. OCI supports compartment hierarchies up to six levels. | <pre>object({<br>    default_parent_ocid = optional(string) # the default parent for all top (first level) compartments. Use parent_ocid attribute within each compartment to specify different parents.<br>    default_defined_tags = optional(map(string)) # applies to all compartments, unless overriden by defined_tags in a compartment object<br>    default_freeform_tags = optional(map(string)) # applies to all compartments, unless overriden by freeform_tags in a compartment object<br>    enable_delete = optional(bool) # whether or not compartments are physically deleted when destroyed. Default is false.<br>    compartments = map(object({<br>      name          = string<br>      description   = string<br>      parent_ocid   = optional(string)<br>      defined_tags  = optional(map(string))<br>      freeform_tags = optional(map(string))<br>      tag_defaults     = optional(map(object({<br>        tag_ocid = string,<br>        default_value = string,<br>        is_user_required = optional(bool)<br>      })))<br>      children      = optional(map(object({<br>        name          = string<br>        description   = string<br>        defined_tags  = optional(map(string))<br>        freeform_tags = optional(map(string))<br>        tag_defaults     = optional(map(object({<br>            tag_ocid = string,<br>            default_value = string,<br>            is_user_required = optional(bool)<br>          })))<br>        children      = optional(map(object({<br>          name          = string<br>          description   = string<br>          defined_tags  = optional(map(string))<br>          freeform_tags = optional(map(string))<br>          tag_defaults     = optional(map(object({<br>            tag_ocid = string,<br>            default_value = string,<br>            is_user_required = optional(bool)<br>          })))<br>          children      = optional(map(object({<br>            name          = string<br>            description   = string<br>            defined_tags  = optional(map(string))<br>            freeform_tags = optional(map(string))<br>            tag_defaults     = optional(map(object({<br>              tag_ocid = string,<br>              default_value = string,<br>              is_user_required = optional(bool)<br>            })))<br>            children      = optional(map(object({<br>              name          = string<br>              description   = string<br>              defined_tags  = optional(map(string))<br>              freeform_tags = optional(map(string))<br>              tag_defaults     = optional(map(object({<br>                tag_ocid = string,<br>                default_value = string,<br>                is_user_required = optional(bool)<br>              })))<br>              children      = optional(map(object({<br>                name          = string<br>                description   = string<br>                defined_tags  = optional(map(string))<br>                freeform_tags = optional(map(string))<br>                tag_defaults     = optional(map(object({<br>                  tag_ocid = string,<br>                  default_value = string,<br>                  is_user_required = optional(bool)<br>                })))<br>              })))  <br>            })))<br>          })))<br>        })))<br>      })))  <br>    }))<br>  })</pre> | n/a | yes |
+| <a name="input_module_name"></a> [module\_name](#input\_module\_name) | The module name. | `string` | `"iam-compartments"` | no |
 | <a name="input_tenancy_ocid"></a> [tenancy\_ocid](#input\_tenancy\_ocid) | The OCID of the tenancy. | `string` | n/a | yes |
 
 ## Outputs

compartments/main.tf

@@ -10,7 +10,7 @@ locals {
       description = v1.description
       parent_ocid = v1.parent_ocid != null ? v1.parent_ocid : var.compartments_configuration.default_parent_ocid != null ? var.compartments_configuration.default_parent_ocid : var.tenancy_ocid
       defined_tags = v1.defined_tags != null ? v1.defined_tags :  var.compartments_configuration.default_defined_tags != null ?  var.compartments_configuration.default_defined_tags : null
-      freeform_tags = v1.freeform_tags != null ? v1.freeform_tags : var.compartments_configuration.default_freeform_tags ?  var.compartments_configuration.default_freeform_tags : null
+      freeform_tags = v1.freeform_tags != null ? v1.freeform_tags : var.compartments_configuration.default_freeform_tags != null ?  var.compartments_configuration.default_freeform_tags : null
       tag_defaults = v1.tag_defaults
       enable_delete = var.compartments_configuration.enable_delete != null ? var.compartments_configuration.enable_delete : false
     }
@@ -24,7 +24,7 @@ locals {
         description = v2.description
         parent_ocid = oci_identity_compartment.these[k1].id
         defined_tags = v2.defined_tags != null ? v2.defined_tags :  var.compartments_configuration.default_defined_tags != null ?  var.compartments_configuration.default_defined_tags : null
-        freeform_tags = v2.freeform_tags != null ? v2.freeform_tags : var.compartments_configuration.default_freeform_tags ?  var.compartments_configuration.default_freeform_tags : null
+        freeform_tags = v2.freeform_tags != null ? v2.freeform_tags : var.compartments_configuration.default_freeform_tags != null ?  var.compartments_configuration.default_freeform_tags : null
         tag_defaults = v2.tag_defaults
         enable_delete = var.compartments_configuration.enable_delete != null ? var.compartments_configuration.enable_delete : false
       } 
@@ -40,7 +40,7 @@ locals {
           description = v3.description
           parent_ocid = oci_identity_compartment.level_2[k2].id
           defined_tags = v3.defined_tags != null ? v3.defined_tags :  var.compartments_configuration.default_defined_tags != null ?  var.compartments_configuration.default_defined_tags : null
-          freeform_tags = v3.freeform_tags != null ? v3.freeform_tags : var.compartments_configuration.default_freeform_tags ?  var.compartments_configuration.default_freeform_tags : null
+          freeform_tags = v3.freeform_tags != null ? v3.freeform_tags : var.compartments_configuration.default_freeform_tags != null ?  var.compartments_configuration.default_freeform_tags : null
           tag_defaults = v3.tag_defaults
           enable_delete = var.compartments_configuration.enable_delete != null ? var.compartments_configuration.enable_delete : false
         } 
@@ -58,7 +58,7 @@ locals {
             description = v4.description
             parent_ocid = oci_identity_compartment.level_3[k3].id
             defined_tags = v4.defined_tags != null ? v4.defined_tags :  var.compartments_configuration.default_defined_tags != null ?  var.compartments_configuration.default_defined_tags : null
-            freeform_tags = v4.freeform_tags != null ? v4.freeform_tags : var.compartments_configuration.default_freeform_tags ?  var.compartments_configuration.default_freeform_tags : null
+            freeform_tags = v4.freeform_tags != null ? v4.freeform_tags : var.compartments_configuration.default_freeform_tags != null ?  var.compartments_configuration.default_freeform_tags : null
             tag_defaults = v4.tag_defaults
             enable_delete = var.compartments_configuration.enable_delete != null ? var.compartments_configuration.enable_delete : false
           } 
@@ -78,7 +78,7 @@ locals {
               description = v5.description
               parent_ocid = oci_identity_compartment.level_4[k4].id
               defined_tags = v5.defined_tags != null ? v5.defined_tags :  var.compartments_configuration.default_defined_tags != null ?  var.compartments_configuration.default_defined_tags : null
-              freeform_tags = v5.freeform_tags != null ? v5.freeform_tags : var.compartments_configuration.default_freeform_tags ?  var.compartments_configuration.default_freeform_tags : null
+              freeform_tags = v5.freeform_tags != null ? v5.freeform_tags : var.compartments_configuration.default_freeform_tags != null ?  var.compartments_configuration.default_freeform_tags : null
               tag_defaults = v5.tag_defaults
               enable_delete = var.compartments_configuration.enable_delete != null ? var.compartments_configuration.enable_delete : false
             }  
@@ -100,7 +100,7 @@ locals {
                 description = v6.description
                 parent_ocid = oci_identity_compartment.level_5[k5].id
                 defined_tags = v6.defined_tags != null ? v6.defined_tags :  var.compartments_configuration.default_defined_tags != null ?  var.compartments_configuration.default_defined_tags : null
-                freeform_tags = v6.freeform_tags != null ? v6.freeform_tags : var.compartments_configuration.default_freeform_tags ?  var.compartments_configuration.default_freeform_tags : null
+                freeform_tags = v6.freeform_tags != null ? v6.freeform_tags : var.compartments_configuration.default_freeform_tags != null ?  var.compartments_configuration.default_freeform_tags : null
                 tag_defaults = v6.tag_defaults
                 enable_delete = var.compartments_configuration.enable_delete != null ? var.compartments_configuration.enable_delete : false
               } 
@@ -140,7 +140,7 @@ resource "oci_identity_compartment" "these" {
     description    = each.value.description
     enable_delete  = each.value.enable_delete
     defined_tags   = each.value.defined_tags
-    freeform_tags  = each.value.freeform_tags
+    freeform_tags  = merge(local.cislz_module_tag, each.value.freeform_tags)
 }
 
 resource "oci_identity_compartment" "level_2" {
@@ -155,7 +155,7 @@ resource "oci_identity_compartment" "level_2" {
     description    = each.value.description
     enable_delete  = each.value.enable_delete
     defined_tags   = each.value.defined_tags
-    freeform_tags  = each.value.freeform_tags
+    freeform_tags  = merge(local.cislz_module_tag, each.value.freeform_tags)
 }
 
 resource "oci_identity_compartment" "level_3" {
@@ -170,7 +170,7 @@ resource "oci_identity_compartment" "level_3" {
     description    = each.value.description
     enable_delete  = each.value.enable_delete
     defined_tags   = each.value.defined_tags
-    freeform_tags  = each.value.freeform_tags
+    freeform_tags  = merge(local.cislz_module_tag, each.value.freeform_tags)
 }
 
 resource "oci_identity_compartment" "level_4" {
@@ -185,7 +185,7 @@ resource "oci_identity_compartment" "level_4" {
     description    = each.value.description
     enable_delete  = each.value.enable_delete
     defined_tags   = each.value.defined_tags
-    freeform_tags  = each.value.freeform_tags
+    freeform_tags  = merge(local.cislz_module_tag, each.value.freeform_tags)
 }
 
 resource "oci_identity_compartment" "level_5" {
@@ -200,7 +200,7 @@ resource "oci_identity_compartment" "level_5" {
     description    = each.value.description
     enable_delete  = each.value.enable_delete
     defined_tags   = each.value.defined_tags
-    freeform_tags  = each.value.freeform_tags
+    freeform_tags  = merge(local.cislz_module_tag, each.value.freeform_tags)
 }
 
 resource "oci_identity_compartment" "level_6" {
@@ -215,7 +215,7 @@ resource "oci_identity_compartment" "level_6" {
     description    = each.value.description
     enable_delete  = each.value.enable_delete
     defined_tags   = each.value.defined_tags
-    freeform_tags  = each.value.freeform_tags
+    freeform_tags  = merge(local.cislz_module_tag, each.value.freeform_tags)
 } 
 
 resource "oci_identity_tag_default" "these" {

compartments/metadata.tf

@@ -0,0 +1,7 @@
+# Copyright (c) 2023 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+#-- Used to inform module and release number.
+locals {
+    cislz_module_tag = {"cislz-terraform-module" : fileexists("${path.module}/../release.txt") ? "${var.module_name}/${file("${path.module}/../release.txt")}" : "${var.module_name}"}
+}    

compartments/variables.tf

@@ -84,4 +84,10 @@ variable "compartments_configuration" {
       })))  
     }))
   })
+}
+
+variable module_name {
+  description = "The module name."
+  type = string
+  default = "iam-compartments"
 }

dynamic-groups/README.md

@@ -57,14 +57,14 @@ module "dynamic-groups" {
 For invoking the module remotely, set the module *source* attribute to the dynamic-groups module folder in this repository, as shown:
 ```
 module "dynamic-groups" {
-  source = "git@github.com:oracle-quickstart/terraform-oci-cis-landing-zone-iam-modules.git//dynamic-groups"
+  source = "git@github.com:oracle-quickstart/terraform-oci-cis-landing-zone-iam.git//dynamic-groups"
   tenancy_id     = var.tenancy_id
   dynamic_groups_configuration = var.dynamic_groups_configuration
 }
 ```
 For referring to a specific module version, append *ref=\<version\>* to the *source* attribute value, as in:
 ```
-  source = "git@github.com:oracle-quickstart/terraform-oci-cis-landing-zone-iam-modules.git//dynamic-groups?ref=v0.1.0"
+  source = "git@github.com:oracle-quickstart/terraform-oci-cis-landing-zone-iam.git//dynamic-groups?ref=v0.1.0"
 ```
 
 ## Related Documentation

dynamic-groups/SPEC.md

@@ -25,6 +25,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_dynamic_groups_configuration"></a> [dynamic\_groups\_configuration](#input\_dynamic\_groups\_configuration) | The dynamic groups. | <pre>object({<br>    default_defined_tags = optional(map(string)),<br>    default_freeform_tags = optional(map(string))<br>    dynamic_groups = map(object({<br>      name          = string,<br>      description   = string,<br>      matching_rule = string<br>      defined_tags  = optional(map(string)),<br>      freeform_tags = optional(map(string))<br>    }))<br>  })</pre> | n/a | yes |
+| <a name="input_module_name"></a> [module\_name](#input\_module\_name) | The module name. | `string` | `"iam-dynamic-groups"` | no |
 | <a name="input_tenancy_ocid"></a> [tenancy\_ocid](#input\_tenancy\_ocid) | The OCID of the tenancy. | `any` | n/a | yes |
 
 ## Outputs

dynamic-groups/examples/vision/variables.tf

@@ -2,7 +2,7 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 variable "tenancy_ocid" {}
-vvariable "region" {description = "Your tenancy home region"}
+variable "region" {description = "Your tenancy home region"}
 variable "user_ocid" {default = ""}
 variable "fingerprint" {default = ""}
 variable "private_key_path" {default = ""}

dynamic-groups/main.tf

@@ -8,5 +8,5 @@ resource "oci_identity_dynamic_group" "these" {
     compartment_id = var.tenancy_ocid
     matching_rule  = each.value.matching_rule
     defined_tags   = each.value.defined_tags != null ? each.value.defined_tags : var.dynamic_groups_configuration.default_defined_tags != null ? var.dynamic_groups_configuration.default_defined_tags : null
-    freeform_tags  = each.value.freeform_tags != null ? each.value.freeform_tags : var.dynamic_groups_configuration.default_freeform_tags != null ? var.dynamic_groups_configuration.default_freeform_tags : null
+    freeform_tags  = merge(local.cislz_module_tag, each.value.freeform_tags != null ? each.value.freeform_tags : var.dynamic_groups_configuration.default_freeform_tags != null ? var.dynamic_groups_configuration.default_freeform_tags : null)
 }