secret changes and added variable validation (#374)

* variable validation,secret change * updated variables with default values
oracle-terraform-modules · Sep 14, 2021 · 3a407d5 · 3a407d5
1 parent 1856b36
commit 3a407d5
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 64 deletions.
diff --git a/modules/extensions/locals.tf b/modules/extensions/locals.tf
@@ -80,7 +80,7 @@ locals {
     }
   )
 
-  secret_template = templatefile("${path.module}/scripts/secret.py",
+  secret_template = templatefile("${path.module}/scripts/secret.sh",
     {
       compartment_id = var.compartment_id
       region         = var.region

diff --git a/modules/extensions/scripts/secret.py b/modules/extensions/scripts/secret.py
diff --git a/modules/extensions/scripts/secret.sh b/modules/extensions/scripts/secret.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+# Copyright 2017, 2020, Oracle Corporation and/or affiliates.  All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
+
+cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: Namespace
+metadata:
+    name: ${secret_namespace}
+EOF
+
+crtsecret=$(kubectl create secret docker-registry ${secret_name} -n ${secret_namespace} --docker-server=${region_registry} --docker-username=${tenancy_namespace}/${username} --docker-email=${email_address} --docker-password=`oci secrets secret-bundle get --raw-output --secret-id ${secret_id} --query "data.\"secret-bundle-content\".content" | base64 -d` --dry-run=client -o yaml | kubectl apply -f -)
diff --git a/modules/extensions/secrets.tf b/modules/extensions/secrets.tf
@@ -3,7 +3,7 @@
 
 resource "null_resource" "secret" {
   triggers = {
-    secret_id = var.secret_id
+    always_run = "${timestamp()}"
   }
   connection {
     host        = var.operator_private_ip
@@ -21,15 +21,15 @@ resource "null_resource" "secret" {
 
   provisioner "file" {
     content     = local.secret_template
-    destination = "~/secret.py"
+    destination = "~/secret.sh"
   }
 
   provisioner "remote-exec" {
     inline = [
-      "chmod +x $HOME/secret.py",
-      "$HOME/secret.py",
+      "chmod +x $HOME/secret.sh",
+      "$HOME/secret.sh",
       "sleep 10",
-      "rm -f $HOME/secret.py"
+      "rm -f $HOME/secret.sh"
     ]
   }
 

diff --git a/variables.tf b/variables.tf
@@ -196,6 +196,10 @@ variable "bastion_state" {
   description = "The target state for the bastion instance. Could be set to RUNNING or STOPPED. (Updatable)"
   default     = "RUNNING"
   type        = string
+  validation {
+    condition     = contains(["RUNNING", "STOPPED"], var.bastion_state)
+    error_message = "Accepted values are RUNNING or STOPPED."
+  }
 }
 
 variable "bastion_timezone" {
@@ -208,6 +212,11 @@ variable "bastion_type" {
   description = "Whether to make the bastion host public or private."
   default     = "public"
   type        = string
+
+  validation {
+    condition     = contains(["public", "private"], var.bastion_type)
+    error_message = "Accepted values are public or private."
+  }
 }
 
 variable "upgrade_bastion" {
@@ -313,6 +322,11 @@ variable "operator_state" {
   description = "The target state for the operator instance. Could be set to RUNNING or STOPPED. (Updatable)"
   default     = "RUNNING"
   type        = string
+  validation {
+    condition     = contains(["RUNNING", "STOPPED"], var.operator_state)
+    error_message = "Accepted values are RUNNING or STOPPED."
+  }
+
 }
 
 variable "operator_timezone" {
@@ -399,6 +413,11 @@ variable "control_plane_access" {
   default     = "public"
   description = "Whether to allow public or private access to the control plane endpoint"
   type        = string
+
+  validation {
+    condition     = contains(["public", "private"], var.control_plane_access)
+    error_message = "Accepted values are public, or private."
+  }
 }
 
 variable "control_plane_access_source" {
@@ -469,6 +488,10 @@ variable "check_node_active" {
   description = "check worker node is active"
   type        = string
   default     = "none"
+  validation {
+    condition     = contains(["none", "one", "all"], var.check_node_active)
+    error_message = "Accepted values are none, one or all."
+  }
 }
 
 variable "node_pools" {
@@ -509,6 +532,10 @@ variable "worker_mode" {
   default     = "private"
   description = "Whether to provision public or private workers."
   type        = string
+  validation {
+    condition     = contains(["public", "private"], var.worker_mode)
+    error_message = "Accepted values are public or private."
+  }
 }
 
 # upgrade of existing node pools
@@ -537,6 +564,10 @@ variable "lb_subnet_type" {
   default     = "public"
   description = "The type of load balancer subnets to create."
   type        = string
+  validation {
+    condition     = contains(["public", "internal", "both"], var.lb_subnet_type)
+    error_message = "Accepted values are public, internal or both."
+  }
 }
 
 variable "preferred_lb_subnet_type" {
@@ -545,6 +576,10 @@ variable "preferred_lb_subnet_type" {
   default     = "public"
   description = "The preferred load balancer subnets that OKE will automatically choose when creating a load balancer. valid values are public or internal. if 'public' is chosen, the value for lb_subnet_type must be either 'public' or 'both'. If 'private' is chosen, the value for lb_subnet_type must be either 'internal' or 'both'."
   type        = string
+  validation {
+    condition     = contains(["public", "internal"], var.preferred_lb_subnet_type)
+    error_message = "Accepted values are public or internal."
+  }
 }
 
 variable "public_lb_ports" {