feat: add support for Network Security Groups (#83)

kral2 · web-flow · commit 80b33703e8e4 · 2021-11-12T13:35:44.000+01:00
Examples also provision their own networking environment Fix #81
diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc
@@ -14,6 +14,13 @@ Given a version number MAJOR.MINOR.PATCH:
 * MINOR version when adding functionality in a backwards compatible manner,
 * PATCH version when making backwards compatible bug fixes.
 
+== 2.3.0 - 2021-11-12
+
+=== New features
+
+* Add support for instance_state: the provisionned instance state can be RUNNING or STOPPED
+* Add support for NSG: option to attach an NSG to the first VNIC
+
 == 2.2.0 - 2021-09-27
 
 === Deprecated
diff --git a/README.md b/README.md
@@ -65,7 +65,7 @@ The current focus is to close the gap between this module and the provider's cap
 
 We will continue to push in that direction with the goal of [feature parity with the provider's capabilities](https://github.com/oracle-terraform-modules/terraform-oci-compute-instance/projects/4), as well as adding more features and integration points with other OCI services: Block Volume Backups, Secondary VNICs and IPs, etc ...
 
-Given the dependency to Network and Storage for Compute Instances, it is a perfect place to illustrate [module composition principles](https://www.terraform.io/docs/language/modules/develop/composition.html) and how to reuse the other official Terraform OCI modules.
+Given the dependency to Network and Storage for Compute Instances, this module is also a perfect place to illustrate [module composition principles](https://www.terraform.io/docs/language/modules/develop/composition.html) and how to reuse the other official Terraform OCI modules.
 
 ## Contributing
 
diff --git a/docs/terraformoptions.adoc b/docs/terraformoptions.adoc
@@ -1,4 +1,3 @@
-// BEGIN_TF_DOCS
 
 == Requirements
 
@@ -13,7 +12,7 @@
 [cols="a,a",options="header,autowidth"]
 |===
 |Name |Version
-|[[provider_oci]] <<provider_oci,oci>> |4.17.0
+|[[provider_oci]] <<provider_oci,oci>> |>= 3.27
 |===
 == Resources
 
@@ -152,6 +151,12 @@
 |`false`
 |no
 
+|[[input_primary_vnic_nsg_ids]] <<input_primary_vnic_nsg_ids,primary_vnic_nsg_ids>>
+|A list of the OCIDs of the network security groups (NSGs) to add the primary VNIC to
+|`list(string)`
+|`null`
+|no
+
 |[[input_private_ips]] <<input_private_ips,private_ips>>
 |Private IP addresses of your choice to assign to the VNICs.
 |`list(string)`
@@ -255,5 +260,3 @@
 |[[output_volume_all_attributes]] <<output_volume_all_attributes,volume_all_attributes>> |all attributes of created volumes
 |[[output_volume_attachment_all_attributes]] <<output_volume_attachment_all_attributes,volume_attachment_all_attributes>> |all attributes of created volumes attachments
 |===
-
-// END_TF_DOCS
diff --git a/examples/instances_fixed_shape/README.md b/examples/instances_fixed_shape/README.md
@@ -1,12 +1,18 @@
 # Creating Compute Instances using fixed shape
 
-This example illustrates how to use this module to creates compute instances using Fixed Shape, and optionally provision and attach a block volume to the created instances.
+This example illustrates how to use this module to creates compute instances using Fixed Shape with all the related networking, and optionally provision and attach a block volume to the created instances.
 
-Two modules will be configured:
+Two compute-instance modules will be configured:
 
 - the first module will create 1 instance (shape VM.Standard2.1) with 1 Block Volume (50GB) attached to it
 - the second module will create 1 instances (shape VM.Standard2.1) with no additional Block Volume
 
+Networking to house theses instances will also be created:
+
+- one VCN using the [VCN module](https://registry.terraform.io/modules/oracle-terraform-modules/vcn/oci/latest) from Terraform Registry
+- one subnet
+- on Network Security Group
+
 ## Prerequisites
 
 You will need to collect the following information before you start:
diff --git a/examples/instances_fixed_shape/main.tf b/examples/instances_fixed_shape/main.tf
@@ -35,8 +35,9 @@ module "instance_nonflex" {
   # operating system parameters
   ssh_public_keys = var.ssh_public_keys
   # networking parameters
-  public_ip    = var.public_ip # NONE, RESERVED or EPHEMERAL
-  subnet_ocids = var.subnet_ocids
+  public_ip            = var.public_ip # NONE, RESERVED or EPHEMERAL
+  subnet_ocids         = [oci_core_subnet.example_sub.id]
+  primary_vnic_nsg_ids = null
   # storage parameters
   boot_volume_backup_policy  = var.boot_volume_backup_policy
   block_storage_sizes_in_gbs = var.block_storage_sizes_in_gbs
@@ -68,8 +69,9 @@ module "instance_nonflex_custom" {
   # operating system parameters
   ssh_public_keys = var.ssh_public_keys
   # networking parameters
-  public_ip    = var.public_ip # NONE, RESERVED or EPHEMERAL
-  subnet_ocids = var.subnet_ocids
+  public_ip            = var.public_ip # NONE, RESERVED or EPHEMERAL
+  subnet_ocids         = [oci_core_subnet.example_sub.id]
+  primary_vnic_nsg_ids = [oci_core_network_security_group.example_nsg.id]
   # storage parameters
   boot_volume_backup_policy  = var.boot_volume_backup_policy
   block_storage_sizes_in_gbs = [] # no block volume will be created
@@ -79,3 +81,35 @@ output "instance_nonflex_custom" {
   description = "ocid of created instances."
   value       = module.instance_nonflex_custom.instances_summary
 }
+
+module "example_vcn" {
+  source = "oracle-terraform-modules/vcn/oci"
+
+  # general oci parameters
+  compartment_id = var.compartment_ocid
+
+  # vcn parameters
+  lockdown_default_seclist = false # boolean: true or false
+}
+
+resource "oci_core_network_security_group" "example_nsg" {
+  #Required
+  compartment_id = var.compartment_ocid
+  vcn_id         = module.example_vcn.vcn_id
+
+  #Optional
+  display_name  = "NSG_example"
+  freeform_tags = var.freeform_tags
+}
+
+resource "oci_core_subnet" "example_sub" {
+  #Required
+  cidr_block     = "10.0.0.0/24"
+  compartment_id = var.compartment_ocid
+  vcn_id         = module.example_vcn.vcn_id
+
+  #Optional
+  display_name               = "example-sub"
+  dns_label                  = "example"
+  prohibit_public_ip_on_vnic = true
+}
diff --git a/examples/instances_fixed_shape/variables.tf b/examples/instances_fixed_shape/variables.tf
@@ -135,11 +135,6 @@ variable "public_ip" {
   default     = "NONE"
 }
 
-variable "subnet_ocids" {
-  description = "The unique identifiers (OCIDs) of the subnets in which the instance primary VNICs are created."
-  type        = list(string)
-}
-
 # storage parameters
 
 variable "boot_volume_backup_policy" {
diff --git a/examples/instances_flex_shape/README.md b/examples/instances_flex_shape/README.md
@@ -1,12 +1,18 @@
 # Creating Compute Instances using Flex shape
 
-This example illustrates how to use this module to creates compute instances using Flex Shape, and optionally provision and attach a block volume to the created instances.
+This example illustrates how to use this module to creates compute instances using Flex Shape with all the related networking, and optionally provision and attach a block volume to the created instances.
 
-Two modules will be configured:
+Two compute-instance modules will be configured:
 
 - the first module will create 1 instance (1 OCPU, 16GB RAM) with 1 Block Volume (50GB) attached to it
 - the second module, if uncommented,  will create 4 instances (1 OCUP, 1GB RAM) with no additional Block Volume
 
+Networking to house theses instances will also be created:
+
+- one VCN using the [VCN module](https://registry.terraform.io/modules/oracle-terraform-modules/vcn/oci/latest) from Terraform Registry
+- one subnet
+- on Network Security Group
+
 ## Prerequisites
 
 You will need to collect the following information before you start:
diff --git a/examples/instances_flex_shape/main.tf b/examples/instances_flex_shape/main.tf
@@ -33,13 +33,14 @@ module "instance_flex" {
   shape                       = var.shape
   source_ocid                 = var.source_ocid
   source_type                 = var.source_type
-  instance_flex_memory_in_gbs = 1 # only used if shape is Flex type
-  instance_flex_ocpus         = 1 # only used if shape is Flex type
+  instance_flex_memory_in_gbs = var.instance_flex_memory_in_gbs # only used if shape is Flex type
+  instance_flex_ocpus         = 1                               # only used if shape is Flex type
   # operating system parameters
   ssh_public_keys = var.ssh_public_keys
   # networking parameters
-  public_ip    = var.public_ip # NONE, RESERVED or EPHEMERAL
-  subnet_ocids = var.subnet_ocids
+  public_ip            = var.public_ip # NONE, RESERVED or EPHEMERAL
+  subnet_ocids         = [oci_core_subnet.example_sub.id]
+  primary_vnic_nsg_ids = [oci_core_network_security_group.example_nsg.id]
   # storage parameters
   boot_volume_backup_policy  = var.boot_volume_backup_policy
   block_storage_sizes_in_gbs = var.block_storage_sizes_in_gbs
@@ -50,6 +51,38 @@ output "instance_flex" {
   value       = module.instance_flex.instances_summary
 }
 
+module "example_vcn" {
+  source = "oracle-terraform-modules/vcn/oci"
+
+  # general oci parameters
+  compartment_id = var.compartment_ocid
+
+  # vcn parameters
+  lockdown_default_seclist = false # boolean: true or false
+}
+
+resource "oci_core_network_security_group" "example_nsg" {
+  #Required
+  compartment_id = var.compartment_ocid
+  vcn_id         = module.example_vcn.vcn_id
+
+  #Optional
+  display_name  = "NSG_example"
+  freeform_tags = var.freeform_tags
+}
+
+resource "oci_core_subnet" "example_sub" {
+  #Required
+  cidr_block     = "10.0.0.0/24"
+  compartment_id = var.compartment_ocid
+  vcn_id         = module.example_vcn.vcn_id
+
+  #Optional
+  display_name               = "example-sub"
+  dns_label                  = "example"
+  prohibit_public_ip_on_vnic = true
+}
+
 # # # * This module will create 4 Flex Compute Instances, using values provided to the module: 1 OCPU, 1 GB memory.
 # module "instance_flex_custom" {
 #   source = "oracle-terraform-modules/compute-instance/oci"
diff --git a/examples/instances_flex_shape/variables.tf b/examples/instances_flex_shape/variables.tf
@@ -136,11 +136,6 @@ variable "public_ip" {
   default     = "NONE"
 }
 
-variable "subnet_ocids" {
-  description = "The unique identifiers (OCIDs) of the subnets in which the instance primary VNICs are created."
-  type        = list(string)
-}
-
 # storage parameters
 
 variable "boot_volume_backup_policy" {
diff --git a/main.tf b/main.tf
@@ -93,6 +93,7 @@ resource "oci_core_instance" "instance" {
     skip_source_dest_check = var.skip_source_dest_check
     // Current implementation requires providing a list of subnets when using ad-specific subnets
     subnet_id = data.oci_core_subnet.instance_subnet[count.index % length(data.oci_core_subnet.instance_subnet.*.id)].id
+    nsg_ids   = var.primary_vnic_nsg_ids
 
     freeform_tags = local.merged_freeform_tags
     defined_tags  = var.defined_tags
diff --git a/variables.tf b/variables.tf
@@ -196,6 +196,12 @@ variable "vnic_name" {
   default     = ""
 }
 
+variable "primary_vnic_nsg_ids" {
+  description = "A list of the OCIDs of the network security groups (NSGs) to add the primary VNIC to"
+  type        = list(string)
+  default     = null
+}
+
 # storage parameters
 
 variable "attachment_type" {
