From 77924527bcd52980c9a88d6c02d4ab78b2931615 Mon Sep 17 00:00:00 2001 From: Andre Correa Date: Thu, 23 May 2024 11:03:37 -0300 Subject: [PATCH] Release 0.1.6 (#7) * Release 0.1.5 * add compartment key support * added retention_rules and storage_tier to buckets * updated README, updated sc vision example, added versioning check with retention rules, added precondition for storage_tier * add announcement subscription modules * fix template tfvars * added cursor options for sc streaming source; updated README and example * fix filter groups * doc: updates --------- Co-authored-by: Rory Nguyen Co-authored-by: Erna Guerrero --- RELEASE-NOTES.md | 10 ++++ alarms/SPEC.md | 2 +- logging/SPEC.md | 51 ++++++++++--------- notifications/SPEC.md | 4 +- notifications/announcement-subscription.tf | 48 +++++++++++++++++ .../input.auto.tfvars.template | 44 ++++++++++++++++ .../announcement_subscription/main.tf | 4 ++ .../announcement_subscription/provider.tf | 13 +++++ .../announcement_subscription/variables.tf | 14 +++++ .../examples/external_dependency/variables.tf | 15 ++++++ notifications/examples/vision/variables.tf | 15 ++++++ notifications/variables.tf | 15 ++++++ release.txt | 2 +- service-connectors/README.md | 25 +++++++++ service-connectors/SPEC.md | 2 +- service-connectors/buckets.tf | 19 ++++++- service-connectors/constants.tf | 2 + .../vision/input.auto.tfvars.template | 9 ++++ .../examples/vision/variables.tf | 8 +++ service-connectors/service-connectors.tf | 9 +++- service-connectors/variables.tf | 7 +++ 21 files changed, 288 insertions(+), 30 deletions(-) create mode 100644 notifications/announcement-subscription.tf create mode 100644 notifications/examples/announcement_subscription/input.auto.tfvars.template create mode 100644 notifications/examples/announcement_subscription/main.tf create mode 100644 notifications/examples/announcement_subscription/provider.tf create mode 100644 notifications/examples/announcement_subscription/variables.tf diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index ec6b044..58e1550 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,3 +1,13 @@ +# May 22, 2024 Release Notes - 0.1.6 + +## Updates +1. [Notifications module](./notifications/) + - Support for announcement subscriptions via the newly added *announcement_subscriptions* attribute. + +2. [Service Connector Hub module](./service-connectors/) + - Retention rules support for bucket targets. + - Cursor support for streaming targets. + # April 05, 2024 Release Notes - 0.1.5 ## Updates diff --git a/alarms/SPEC.md b/alarms/SPEC.md index 2a25c3f..9a6d89e 100644 --- a/alarms/SPEC.md +++ b/alarms/SPEC.md @@ -27,7 +27,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [alarms\_configuration](#input\_alarms\_configuration) | Alarms configuration settings, defining all aspects to manage alarms in OCI. Please see the comments within each attribute for details. | 
object({

    default_compartment_id = string,                # the default compartment where all resources are defined. It's overriden by the compartment_id attribute within each object. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
    default_defined_tags   = optional(map(string)), # the default defined tags. It's overriden by the defined_tags attribute within each object.
    default_freeform_tags  = optional(map(string)), # the default freeform tags. It's overriden by the frreform_tags attribute within each object.

    alarms = map(object({                           # the alarms to manage in this configuration.
      compartment_id           = optional(string)   # the compartment where the alarm is created. default_compartment_id is used if undefined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
      display_name             = string             # the alarm name.
      is_enabled               = optional(bool)     # if the alarm is enabled. Default is true.
      preconfigured_alarm_type = optional(string)   # use a preconfigured alarm.
      supplied_alarm           = optional(object({
        query                    = string       # specify the query for the alarm. can't use the preconfigured_alarm_type attribute if this is set.
        namespace                = string       # specify the namespace for the query. can't use the preconfigured_alarm_type attribute if this is set.
        severity                 = optional(string) # response required when the alarm is in the "FIRING" state. Valid values are: "CRITICAL", "ERROR", "WARNING", "INFO". Default is "CRITICAL".
        pending_duration         = optional(string) # the period of time the condition must persist before the alarm is fired. Default is 5 minutes: "PT5M"
        metric_compartment_id    = optional(string)   # the compartment containing the metric being evaluated by the alarm. compartment_id is used if undefined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
        message_format           = optional(string) # format to use for notification messages sent from this alarm. Valid formats are: "RAW", "PRETTY_JSON", "ONS_OPTIMIZED". Default is "PRETTY_JSON".
        repeat_frequency_for_critical_alarms = optional(string) #option to repeat critical alarms
      }))
      destination_topic_ids = optional(list(string)) # List of topics to send alarms to. This attribute is overloaded: values can be either topic OCIDs or references (keys) to the topics OCIDs. The references are first looked up in the topics attribute and then in the topics_dependency object. 
      destination_stream_ids = optional(list(string)) # List of streams to send alarms to. This attribute is overloaded: values can be either stream OCIDs or references (keys) to the streams OCIDs. The references are first looked up in the streams attribute and then in the streams_dependency object. 
      defined_tags             = optional(map(string))  # alarm defined_tags. default_defined_tags is used if undefined.
      freeform_tags            = optional(map(string))  # alarm freeform_tags. default_freeform_tags is used if undefined.
    }))

    topics = optional(map(object({      # the topics to manage in this configuration.
      compartment_id = optional(string) # the compartment where the topic is created. default_compartment_id is used if undefined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
      name             = string           # the topic name
      description      = optional(string) # the topic description
      subscriptions    = optional(list(object({
        compartment_id = optional(string)      # the compartment where the subscription is created. Topic compartment_id is used if undefined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
        protocol         = string                # valid values (case insensitive): EMAIL, CUSTOM_HTTPS, PAGERDUTY, SLACK, ORACLE_FUNCTIONS, SMS
        values           = list(string)          # list of endpoint values, specific to each protocol.
        defined_tags     = optional(map(string)) # subscription defined_tags. topic defined_tags is used if undefined.
        freeform_tags    = optional(map(string)) # subscription freeform_tags. topic freeform_tags is used if undefined.
      })))
      defined_tags  = optional(map(string)) # topic defined_tags. default_defined_tags is used if undefined.
      freeform_tags = optional(map(string)) # topic freeform_tags. default_freeform_tags is used if undefined.
    })))

    streams = optional(map(object({ # the streams to manage in this configuration.
      compartment_id = optional(string) # the compartment where the stream is created. default_compartment_id is used if undefined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
      name = string # the stream name
      num_partitions = optional(number) # the number of stream partitions. Default is 1.  
      log_retention_in_hours = optional(number) # for how long to keep messages in the stream. Default is 24 hours.
      defined_tags = optional(map(string)) # stream defined_tags. default_defined_tags is used if undefined.
      freeform_tags = optional(map(string)) # stream freeform_tags. default_freeform_tags is used if undefined.
    })))
  })
| n/a | yes | +| [alarms\_configuration](#input\_alarms\_configuration) | Alarms configuration settings, defining all aspects to manage alarms in OCI. Please see the comments within each attribute for details. | 
object({

    default_compartment_id = string,                # the default compartment where all resources are defined. It's overriden by the compartment_id attribute within each object. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
    default_defined_tags   = optional(map(string)), # the default defined tags. It's overriden by the defined_tags attribute within each object.
    default_freeform_tags  = optional(map(string)), # the default freeform tags. It's overriden by the frreform_tags attribute within each object.

    alarms = map(object({                           # the alarms to manage in this configuration.
      compartment_id           = optional(string)   # the compartment where the alarm is created. default_compartment_id is used if undefined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
      display_name             = string             # the alarm name.
      is_enabled               = optional(bool)     # if the alarm is enabled. Default is true.
      preconfigured_alarm_type = optional(string)   # use a preconfigured alarm.
      supplied_alarm           = optional(object({
        query                    = string       # specify the query for the alarm. can't use the preconfigured_alarm_type attribute if this is set.
        namespace                = string       # specify the namespace for the query. can't use the preconfigured_alarm_type attribute if this is set.
        severity                 = optional(string) # response required when the alarm is in the "FIRING" state. Valid values are: "CRITICAL", "ERROR", "WARNING", "INFO". Default is "CRITICAL".
        pending_duration         = optional(string) # the period of time the condition must persist before the alarm is fired. Default is 5 minutes: "PT5M"
        metric_compartment_id    = optional(string)   # the compartment containing the metric being evaluated by the alarm. compartment_id is used if undefined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
        message_format           = optional(string) # format to use for notification messages sent from this alarm. Valid formats are: "RAW", "PRETTY_JSON", "ONS_OPTIMIZED". Default is "PRETTY_JSON".
        repeat_notification_critical_alarms = optional(string) #option to repeat critical alarms
      }))
      destination_topic_ids = optional(list(string)) # List of topics to send alarms to. This attribute is overloaded: values can be either topic OCIDs or references (keys) to the topics OCIDs. The references are first looked up in the topics attribute and then in the topics_dependency object. 
      destination_stream_ids = optional(list(string)) # List of streams to send alarms to. This attribute is overloaded: values can be either stream OCIDs or references (keys) to the streams OCIDs. The references are first looked up in the streams attribute and then in the streams_dependency object. 
      defined_tags             = optional(map(string))  # alarm defined_tags. default_defined_tags is used if undefined.
      freeform_tags            = optional(map(string))  # alarm freeform_tags. default_freeform_tags is used if undefined.
    }))

    topics = optional(map(object({      # the topics to manage in this configuration.
      compartment_id = optional(string) # the compartment where the topic is created. default_compartment_id is used if undefined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
      name             = string           # the topic name
      description      = optional(string) # the topic description
      subscriptions    = optional(list(object({
        compartment_id = optional(string)      # the compartment where the subscription is created. Topic compartment_id is used if undefined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
        protocol         = string                # valid values (case insensitive): EMAIL, CUSTOM_HTTPS, PAGERDUTY, SLACK, ORACLE_FUNCTIONS, SMS
        values           = list(string)          # list of endpoint values, specific to each protocol.
        defined_tags     = optional(map(string)) # subscription defined_tags. topic defined_tags is used if undefined.
        freeform_tags    = optional(map(string)) # subscription freeform_tags. topic freeform_tags is used if undefined.
      })))
      defined_tags  = optional(map(string)) # topic defined_tags. default_defined_tags is used if undefined.
      freeform_tags = optional(map(string)) # topic freeform_tags. default_freeform_tags is used if undefined.
    })))

    streams = optional(map(object({ # the streams to manage in this configuration.
      compartment_id = optional(string) # the compartment where the stream is created. default_compartment_id is used if undefined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
      name = string # the stream name
      num_partitions = optional(number) # the number of stream partitions. Default is 1.  
      log_retention_in_hours = optional(number) # for how long to keep messages in the stream. Default is 24 hours.
      defined_tags = optional(map(string)) # stream defined_tags. default_defined_tags is used if undefined.
      freeform_tags = optional(map(string)) # stream freeform_tags. default_freeform_tags is used if undefined.
    })))
  })
| n/a | yes | | [compartments\_dependency](#input\_compartments\_dependency) | A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the compartment OCID) of string type. | `map(any)` | `null` | no | | [enable\_output](#input\_enable\_output) | Whether Terraform should enable the module output. | `bool` | `true` | no | | [module\_name](#input\_module\_name) | The module name. | `string` | `"alarms"` | no | diff --git a/logging/SPEC.md b/logging/SPEC.md index f831740..d4f890c 100644 --- a/logging/SPEC.md +++ b/logging/SPEC.md @@ -9,6 +9,7 @@ | Name | Version | |------|---------| | [oci](#provider\_oci) | n/a | +| [time](#provider\_time) | n/a | ## Modules @@ -16,22 +17,24 @@ No modules. ## Resources -| Name | Type | -|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------| -| [oci_logging_log.bucket_logs](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/logging_log) | resource | -| [oci_logging_log.flow_logs](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/logging_log) | resource | -| [oci_logging_log.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/logging_log) | resource | -| [oci_logging_log.these_custom](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/logging_log) | resource | -| [oci_logging_log_group.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/logging_log_group) | resource | -| [oci_log_analytics_log_analytics_log_group.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/log_analytics_log_analytics_log_group) | resource | -| [oci_log_analytics_namespace.this](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/log_analytics_namespace) | resource | -| [oci_logging_unified_agent_configuration.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/logging_unified_agent_configuration) | resource | -| [oci_core_private_ips.nlbs](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_private_ips) | data source | -| [oci_core_subnets.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_subnets) | data source | -| [oci_core_vcns.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_vcns) | data source | -| [oci_core_vnic.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_vnic) | data source | -| [oci_core_vnic_attachments.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_vnic_attachments) | data source | -| [oci_identity_compartment.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/identity_compartment) | data source | +| Name | Type | +|------|------| +| [oci_log_analytics_log_analytics_log_group.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/log_analytics_log_analytics_log_group) | resource | +| [oci_log_analytics_namespace.this](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/log_analytics_namespace) | resource | +| [oci_logging_log.bucket_logs](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/logging_log) | resource | +| [oci_logging_log.flow_logs](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/logging_log) | resource | +| [oci_logging_log.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/logging_log) | resource | +| [oci_logging_log.these_custom](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/logging_log) | resource | +| [oci_logging_log_group.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/logging_log_group) | resource | +| [oci_logging_unified_agent_configuration.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/logging_unified_agent_configuration) | resource | +| [time_sleep.log_group_propagation_delay](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | +| [oci_core_private_ips.nlbs](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_private_ips) | data source | +| [oci_core_subnets.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_subnets) | data source | +| [oci_core_vcns.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_vcns) | data source | +| [oci_core_vnic.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_vnic) | data source | +| [oci_core_vnic_attachments.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_vnic_attachments) | data source | +| [oci_identity_compartment.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/identity_compartment) | data source | +| [oci_log_analytics_namespaces.logging_analytics_namespaces](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/log_analytics_namespaces) | data source | | [oci_network_load_balancer_network_load_balancers.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/network_load_balancer_network_load_balancers) | data source | | [oci_objectstorage_bucket_summaries.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/objectstorage_bucket_summaries) | data source | | [oci_objectstorage_namespace.this](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/objectstorage_namespace) | data source | @@ -43,16 +46,16 @@ No modules. |------|-------------|------|---------|:--------:| | [compartments\_dependency](#input\_compartments\_dependency) | A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the compartment OCID) of string type. | `map(any)` | `null` | no | | [enable\_output](#input\_enable\_output) | Whether Terraform should enable module output. | `bool` | `true` | no | -| [logging\_configuration](#input\_logging\_configuration) | Logging configuration settings, defining all aspects to manage logging in OCI. Please see the comments within each attribute for details. | 
object({
    default_compartment_id   = string,                
    default_defined_tags     = optional(map(string)), 
    default_freeform_tags    = optional(map(string)), 
    onboard_logging_analytics = optional(bool), 
    log_groups = map(object({
      type             = optional(string) 
      compartment_id   = optional(string)
      name             = string
      description      = optional(string)
      freeform_tags    = optional(map(string))
      defined_tags     = optional(map(string))
    }))
    service_logs = optional(map(object({    
      name               = string           
      log_group_id       = string
      service            = string
      category           = string
      resource_id        = string
      is_enabled         = optional(bool)
      retention_duration = optional(number)
      defined_tags       = optional(map(string)) 
      freeform_tags      = optional(map(string)) 
    })))
    flow_logs = optional(map(object({
      name_prefix    = optional(string)
      log_group_id   = string
      target_resource_type = string 
      target_compartment_ids = list(string) 
      is_enabled         = optional(bool)
      retention_duration = optional(number)
      defined_tags       = optional(map(string)) 
      freeform_tags      = optional(map(string)) 
    })))
    bucket_logs = optional(map(object({
      name_prefix    = optional(string)
      log_group_id   = string
      target_compartment_ids = list(string) 
      category           = string 
      is_enabled         = optional(bool)
      retention_duration = optional(number)
      defined_tags       = optional(map(string)) 
      freeform_tags      = optional(map(string)) 
    })))
    custom_logs = optional(map(object({
      name               = string
      log_group_id       = string
      dynamic_groups     = list(string)
      parser_type        = optional(string)
      path               = list(string)
      is_enabled         = optional(bool)
      retention_duration = optional(number)
      defined_tags       = optional(map(string)) 
      freeform_tags      = optional(map(string))
    })))
  })
| n/a | yes | +| [logging\_configuration](#input\_logging\_configuration) | Logging configuration settings, defining all aspects to manage logging in OCI. Please see the comments within each attribute for details. | 
object({
    default_compartment_id    = string,
    default_defined_tags      = optional(map(string)),
    default_freeform_tags     = optional(map(string)),
    onboard_logging_analytics = optional(bool),
    log_groups = map(object({
      type           = optional(string)
      compartment_id = optional(string)
      name           = string
      description    = optional(string)
      freeform_tags  = optional(map(string))
      defined_tags   = optional(map(string))
    }))
    service_logs = optional(map(object({
      name               = string
      log_group_id       = string
      service            = string
      category           = string
      resource_id        = string
      is_enabled         = optional(bool)
      retention_duration = optional(number)
      defined_tags       = optional(map(string))
      freeform_tags      = optional(map(string))
    })))
    flow_logs = optional(map(object({
      name_prefix            = optional(string)
      log_group_id           = string
      target_resource_type   = string
      target_compartment_ids = list(string)
      is_enabled             = optional(bool)
      retention_duration     = optional(number)
      defined_tags           = optional(map(string))
      freeform_tags          = optional(map(string))
    })))
    bucket_logs = optional(map(object({
      name_prefix            = optional(string)
      log_group_id           = string
      target_compartment_ids = list(string)
      category               = string
      is_enabled             = optional(bool)
      retention_duration     = optional(number)
      defined_tags           = optional(map(string))
      freeform_tags          = optional(map(string))
    })))
    custom_logs = optional(map(object({
      name               = string
      log_group_id       = string
      dynamic_groups     = list(string)
      parser_type        = optional(string)
      path               = list(string)
      is_enabled         = optional(bool)
      retention_duration = optional(number)
      defined_tags       = optional(map(string))
      freeform_tags      = optional(map(string))
    })))
  })
| n/a | yes | | [module\_name](#input\_module\_name) | The module name. | `string` | `"logging"` | no | | [tenancy\_ocid](#input\_tenancy\_ocid) | The tenancy OCID | `string` | `null` | no | ## Outputs -| Name | Description | -|--------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------| -| [custom\_logs](#output\_custom\_logs) | The custom logs. | -| [custom\_logs\_agent\_config](#output\_custom\_logs\_agent\_config) | The agent configurations for custom logs. | -| [log\_groups](#output\_log\_groups) | The default log groups. | -| [logging\_analytics\_log\_groups](#output\_logging\_analytics\_log\_groups) | The logging analytics log groups. | -| [service\_logs](#output\_service\_logs) | The logs. | +| Name | Description | +|------|-------------| +| [custom\_logs](#output\_custom\_logs) | The custom logs. | +| [custom\_logs\_agent\_config](#output\_custom\_logs\_agent\_config) | The agent configurations for custom logs. | +| [log\_groups](#output\_log\_groups) | The log groups. | +| [logging\_analytics\_log\_groups](#output\_logging\_analytics\_log\_groups) | Logging analytics log groups | +| [service\_logs](#output\_service\_logs) | The logs. | \ No newline at end of file diff --git a/notifications/SPEC.md b/notifications/SPEC.md index 8b6d405..e896456 100644 --- a/notifications/SPEC.md +++ b/notifications/SPEC.md @@ -18,6 +18,8 @@ No modules. | Name | Type | |------|------| +| [oci_announcements_service_announcement_subscription.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/announcements_service_announcement_subscription) | resource | +| [oci_announcements_service_announcement_subscriptions_filter_group.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/announcements_service_announcement_subscriptions_filter_group) | resource | | [oci_ons_notification_topic.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/ons_notification_topic) | resource | | [oci_ons_subscription.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/ons_subscription) | resource | @@ -28,7 +30,7 @@ No modules. | [compartments\_dependency](#input\_compartments\_dependency) | A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the compartment OCID) of string type. | `map(any)` | `null` | no | | [enable\_output](#input\_enable\_output) | Whether Terraform should enable module output. | `bool` | `true` | no | | [module\_name](#input\_module\_name) | The module name. | `string` | `"notifications"` | no | -| [notifications\_configuration](#input\_notifications\_configuration) | Notifications configuration settings, defining all aspects to manage notifications in OCI. Please see the comments within each attribute for details. | 
object({

    default_compartment_id = string, # the default compartment where all resources are defined. It's overriden by the compartment_id attribute within each object. It can be either a compartment OCID or a reference (a key) to the compartment OCID.
    default_defined_tags   = optional(map(string)), # the default defined tags. It's overriden by the defined_tags attribute within each object.
    default_freeform_tags  = optional(map(string)), # the default freeform tags. It's overriden by the frreform_tags attribute within each object.

    topics = optional(map(object({ # the topics to manage in this configuration.
      compartment_id = optional(string) # the compartment where the topic is created. default_compartment_id is used if undefined. It can be either a compartment OCID or a reference (a key) to the compartment OCID.
      name = string # topic name
      description = optional(string) # topic description. Defaults to topic name if undefined.
      subscriptions = optional(list(object({
        protocol = string # valid values (case insensitive): EMAIL, CUSTOM_HTTPS, PAGERDUTY, SLACK, ORACLE_FUNCTIONS, SMS
        values = list(string) # list of endpoint values, specific to each protocol.
        defined_tags = optional(map(string)) # subscription defined_tags. The topic defined_tags is used if undefined.
        freeform_tags = optional(map(string)) # subscription freeform_tags. The topic freeform_tags is used if undefined.
      })))
      defined_tags = optional(map(string)) # topic defined_tags. default_defined_tags is used if undefined.
      freeform_tags = optional(map(string)) # topic freeform_tags. default_freeform_tags is used if undefined.
    })))
  })
| n/a | yes | +| [notifications\_configuration](#input\_notifications\_configuration) | Notifications configuration settings, defining all aspects to manage notifications in OCI. Please see the comments within each attribute for details. | 
object({

    default_compartment_id = string, # the default compartment where all resources are defined. It's overriden by the compartment_id attribute within each object. It can be either a compartment OCID or a reference (a key) to the compartment OCID.
    default_defined_tags   = optional(map(string)), # the default defined tags. It's overriden by the defined_tags attribute within each object.
    default_freeform_tags  = optional(map(string)), # the default freeform tags. It's overriden by the frreform_tags attribute within each object.

    topics = optional(map(object({ # the topics to manage in this configuration.
      compartment_id = optional(string) # the compartment where the topic is created. default_compartment_id is used if undefined. It can be either a compartment OCID or a reference (a key) to the compartment OCID.
      name = string # topic name
      description = optional(string) # topic description. Defaults to topic name if undefined.
      subscriptions = optional(list(object({
        protocol = string # valid values (case insensitive): EMAIL, CUSTOM_HTTPS, PAGERDUTY, SLACK, ORACLE_FUNCTIONS, SMS
        values = list(string) # list of endpoint values, specific to each protocol.
        defined_tags = optional(map(string)) # subscription defined_tags. The topic defined_tags is used if undefined.
        freeform_tags = optional(map(string)) # subscription freeform_tags. The topic freeform_tags is used if undefined.
      })))
      defined_tags = optional(map(string)) # topic defined_tags. default_defined_tags is used if undefined.
      freeform_tags = optional(map(string)) # topic freeform_tags. default_freeform_tags is used if undefined.
    })))
    announcement_subscriptions = optional(map(object({
      compartment_id        = optional(string)
      display_name          = string
      notification_topic_id = string
      description           = optional(string)
      defined_tags          = optional(map(string))
      freeform_tags         = optional(map(string))
      preferred_language    = optional(string)
      preferred_time_zone   = optional(string)
      filter_groups         = optional(map(object({
        name                         = string
        filter_type                  = string
        filter_value                 = list(string)
      })))
    })))
  })
| n/a | yes | ## Outputs diff --git a/notifications/announcement-subscription.tf b/notifications/announcement-subscription.tf new file mode 100644 index 0000000..22d3e6c --- /dev/null +++ b/notifications/announcement-subscription.tf @@ -0,0 +1,48 @@ +# ###################################################################################################### # +# Copyright (c) 2024 Oracle and/or its affiliates, All rights reserved. # +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # +# ###################################################################################################### # + +locals { + filter_groups = flatten([ + for announcement_subs_key, announcement_subs in (var.notifications_configuration.announcement_subscriptions != null ? var.notifications_configuration.announcement_subscriptions : {}) : [ + for filter_group_key, filter_group in (announcement_subs.filter_groups != null ? announcement_subs.filter_groups : {}) : { + key = filter_group_key + name = filter_group.name + announcement_subscription_key = announcement_subs_key + filter_type = filter_group.filter_type + filter_value = filter_group.filter_value + } + ] + ]) +} + +resource "oci_announcements_service_announcement_subscription" "these" { + for_each = var.notifications_configuration.announcement_subscriptions != null ? var.notifications_configuration.announcement_subscriptions : {} + compartment_id = each.value.compartment_id != null ? (length(regexall("^ocid1.*$", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartments_dependency[each.value.compartment_id].id) : (length(regexall("^ocid1.*$", var.notifications_configuration.default_compartment_id)) > 0 ? var.notifications_configuration.default_compartment_id : var.compartments_dependency[var.notifications_configuration.default_compartment_id].id) + display_name = each.value.display_name + ons_topic_id = each.value.notification_topic_id + description = each.value.description + defined_tags = merge(each.value.defined_tags, var.notifications_configuration.default_defined_tags) + freeform_tags = merge(each.value.freeform_tags, var.notifications_configuration.default_freeform_tags) + preferred_language = each.value.preferred_language + preferred_time_zone = each.value.preferred_time_zone +} + +resource "oci_announcements_service_announcement_subscriptions_filter_group" "these" { + for_each = {for filter in local.filter_groups : filter.key => { + name = filter.name, + announcement_subscription_key = filter.announcement_subscription_key + filter_type = filter.filter_type + filter_value = filter.filter_value + }} + announcement_subscription_id = oci_announcements_service_announcement_subscription.these[each.value.announcement_subscription_key].id + name = each.value.name + dynamic "filters" { + for_each = toset(each.value.filter_value) + content { + type = each.value.filter_type + value = filters.key + } + } +} \ No newline at end of file diff --git a/notifications/examples/announcement_subscription/input.auto.tfvars.template b/notifications/examples/announcement_subscription/input.auto.tfvars.template new file mode 100644 index 0000000..7ed0547 --- /dev/null +++ b/notifications/examples/announcement_subscription/input.auto.tfvars.template @@ -0,0 +1,44 @@ +# Copyright (c) 2024 Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +#------------------------------------------------------------------------------------------------------------------------------------------- +# 1. Rename this file to .auto.tfvars, where is a name of your choice. +# 2. Provide values for "Tenancy Connectivity Variables". +# 3. Replace placeholder with the OCID of the compartment the resource will be placed in. +# 4. Replace placeholder with the OCID of the notification topic the announcement will be attached to. +#------------------------------------------------------------------------------------------------------------------------------------------- + +#--------------------------------------- +# Tenancy Connectivity Variables +#--------------------------------------- + +tenancy_ocid = "" # Get this from OCI Console (after logging in, go to top-right-most menu item and click option "Tenancy: "). +user_ocid = "" # Get this from OCI Console (after logging in, go to top-right-most menu item and click option "My profile"). +fingerprint = "" # The fingerprint can be gathered from your user account. In the "My profile page, click "API keys" on the menu in left hand side). +private_key_path = "" # This is the full path on your local system to the API signing private key. +private_key_password = "" # This is the password that protects the private key, if any. +region = "" # This is your region, where all other events are created. It can be the same as home_region. + +#--------------------------------------- +# Input variable +#--------------------------------------- + +notifications_configuration = { + default_compartment_id = "" + #default_defined_tags = null + #default_freeform_tags = null + + announcement_subscriptions = { + ANNOUNCEMENT-SUBSCRIPTION-TEST = { + display_name = "announcement-test" + notification_topic_id = "" + filter_groups = { + TEST-FILTER-GROUP = { + name = "test-filter-group" + filter_type = "ANNOUNCEMENT_TYPE", + filter_value = ["ACTION_REQUIRED", "EMERGENCY_MAINTENANCE", "EMERGENCY_CHANGE", "PRODUCTION_EVENT_NOTIFICATION"] + } + } + } + } +} \ No newline at end of file diff --git a/notifications/examples/announcement_subscription/main.tf b/notifications/examples/announcement_subscription/main.tf new file mode 100644 index 0000000..d99970a --- /dev/null +++ b/notifications/examples/announcement_subscription/main.tf @@ -0,0 +1,4 @@ +module "test_announcenment_subscription" { + source = "../../" + notifications_configuration = var.notifications_configuration +} \ No newline at end of file diff --git a/notifications/examples/announcement_subscription/provider.tf b/notifications/examples/announcement_subscription/provider.tf new file mode 100644 index 0000000..ea1913e --- /dev/null +++ b/notifications/examples/announcement_subscription/provider.tf @@ -0,0 +1,13 @@ +# ###################################################################################################### # +# Copyright (c) 2024 Oracle and/or its affiliates, All rights reserved. # +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # +# ###################################################################################################### # + +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } + experiments = [module_variable_optional_attrs] +} \ No newline at end of file diff --git a/notifications/examples/announcement_subscription/variables.tf b/notifications/examples/announcement_subscription/variables.tf new file mode 100644 index 0000000..0479e1e --- /dev/null +++ b/notifications/examples/announcement_subscription/variables.tf @@ -0,0 +1,14 @@ +# Copyright (c) 2023 Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +variable "tenancy_ocid" {} +variable "region" {description = "Your tenancy region"} +variable "user_ocid" {default = ""} +variable "fingerprint" {default = ""} +variable "private_key_path" {default = ""} +variable "private_key_password" {default = ""} + +variable "notifications_configuration" { + description = "Notifications configuration settings, defining all aspects to manage notifications in OCI. Please see the comments within each attribute for details." + type = any +} \ No newline at end of file diff --git a/notifications/examples/external_dependency/variables.tf b/notifications/examples/external_dependency/variables.tf index bcd17cd..7e1cab0 100644 --- a/notifications/examples/external_dependency/variables.tf +++ b/notifications/examples/external_dependency/variables.tf @@ -29,6 +29,21 @@ variable "notifications_configuration" { defined_tags = optional(map(string)) # topic defined_tags. default_defined_tags is used if undefined. freeform_tags = optional(map(string)) # topic freeform_tags. default_freeform_tags is used if undefined. }))) + announcement_subscriptions = optional(map(object({ + compartment_id = optional(string) + display_name = string + notification_topic_id = string + description = optional(string) + defined_tags = optional(string) + freeform_tags = optional(string) + preferred_language = optional(string) + preferred_time_zone = optional(string) + filter_groups = optional(map(object({ + name = string + filter_type = string + filter_value = list(string) + }))) + }))) }) } diff --git a/notifications/examples/vision/variables.tf b/notifications/examples/vision/variables.tf index e8fce07..37aeafe 100644 --- a/notifications/examples/vision/variables.tf +++ b/notifications/examples/vision/variables.tf @@ -29,6 +29,21 @@ variable "notifications_configuration" { defined_tags = optional(map(string)) # topic defined_tags. default_defined_tags is used if undefined. freeform_tags = optional(map(string)) # topic freeform_tags. default_freeform_tags is used if undefined. }))) + announcement_subscriptions = optional(map(object({ + compartment_id = optional(string) + display_name = string + notification_topic_id = string + description = optional(string) + defined_tags = optional(string) + freeform_tags = optional(string) + preferred_language = optional(string) + preferred_time_zone = optional(string) + filter_groups = optional(map(object({ + name = string + filter_type = string + filter_value = list(string) + }))) + }))) }) } diff --git a/notifications/variables.tf b/notifications/variables.tf index c84cff9..6ccd74a 100644 --- a/notifications/variables.tf +++ b/notifications/variables.tf @@ -22,6 +22,21 @@ variable "notifications_configuration" { defined_tags = optional(map(string)) # topic defined_tags. default_defined_tags is used if undefined. freeform_tags = optional(map(string)) # topic freeform_tags. default_freeform_tags is used if undefined. }))) + announcement_subscriptions = optional(map(object({ + compartment_id = optional(string) + display_name = string + notification_topic_id = string + description = optional(string) + defined_tags = optional(map(string)) + freeform_tags = optional(map(string)) + preferred_language = optional(string) + preferred_time_zone = optional(string) + filter_groups = optional(map(object({ + name = string + filter_type = string + filter_value = list(string) + }))) + }))) }) } diff --git a/release.txt b/release.txt index def9a01..a192233 100644 --- a/release.txt +++ b/release.txt @@ -1 +1 @@ -0.1.5 \ No newline at end of file +0.1.6 \ No newline at end of file diff --git a/service-connectors/README.md b/service-connectors/README.md index bdbf477..5bd2ebd 100644 --- a/service-connectors/README.md +++ b/service-connectors/README.md @@ -105,6 +105,7 @@ Service connectors are created in "INACTIVE" state by default. Within the *servi #### Defining the Source Within the *service_connectors* attribute, use the *source* attribute to define the service connector source resources. Within *source*, the following attributes are supported. - **kind**: the type of source. Supported values are "logging" and "streaming". +- **cursor_kind**: the type of cursor, which determines the starting point from which the stream will be consumed. Options "LATEST", "TRIM_HORIZON". Only applicable if *kind* = "streaming". - **audit_logs**: a list of objects where audit logs are expected to be found. Multiple audit log locations can be specified using the *cmp_id* attribute. Only applicable if *kind* is "logging". - **cmp_id**: the compartment where audit logs are expected to be found. For referring to all audit logs in the tenancy, provide the value "ALL". This attribute is overloaded: it can be either a compartment OCID, a reference (a key) to the compartment OCID, or the "ALL" value. - **non_audit_logs**: a list of objects where any logs other than audit logs are expected to be found. Multiple logs can be specified using *cmp_id*, *log_group_id* and *log_id* attributes. Only applicable if *kind* is "logging". @@ -171,6 +172,11 @@ Within *service_connectors_configuration*, use the *buckets* attribute to define - **kms_key_id**: the customer managed key. Required if cis_level = "2". This attribute is overloaded: it can be either a Key OCID or a reference (a key) to the Key OCID. - **defined_tags**: the bucket defined_tags. *default_defined_tags* is used if this is not defined. - **freeform_tags**: the bucket freeform_tags. *default_freeform_tags* is used if this is not defined. +- **storage_tier**: the bucket's storage tier type. Default is "Standard'. When 'Archive' tier type is set explicitly, the bucket is put in the Archive Storage tier. The 'storageTier' property is immutable after bucket is created. +- **retention_rules**: a list of objects defining the bucket retention rules (Optional). You cannot add retention rules to a bucket that has versioning enabled. + - **display_name**: the rule's display name + - **time_amount**: the retention duration time amount (number) + - **time_unit**: the retention duration time unit in "DAYS" or "YEARS" The following example defines a bucket that is versioned and encrypted with a customer managed key: ``` @@ -181,6 +187,25 @@ buckets = { cis_level = "2" kms_key_id = "ocid1.key.oc1..kkkkk..uir" } +} +``` + +The following example defines a bucket that is encrypted with a customer managed key and with retention rules defined. Retention rules cannot be added to a bucket that has versioning Enabled (when cis_level = "2"): +``` +buckets = { + SERVICE-CONNECTOR-BUCKET-KEY = { # this referring key can be referred by bucket_name in target attribute + name = "vision-service-connector-bucket" + compartment_id = "ocid1.compartment.oc1..bbbbb...epa" + cis_level = "1" + kms_key_id = "ocid1.key.oc1..kkkkk..uir" + retention_rules = { + RULE1 = { + display_name = "bucket retention rule 1" + time_amount = 1 + time_unit = "DAYS" + } + } + } } ``` diff --git a/service-connectors/SPEC.md b/service-connectors/SPEC.md index 4e9c80d..956015d 100644 --- a/service-connectors/SPEC.md +++ b/service-connectors/SPEC.md @@ -39,7 +39,7 @@ No modules. | [kms\_dependency](#input\_kms\_dependency) | A map of objects containing the externally managed encryption keys this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the key OCID) of string type. | `map(any)` | `null` | no | | [logs\_dependency](#input\_logs\_dependency) | A map of objects containing the externally managed log groups and logs this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the log\_group or log OCID) of string type. | `map(any)` | `null` | no | | [module\_name](#input\_module\_name) | The module name. | `string` | `"service-connectors"` | no | -| [service\_connectors\_configuration](#input\_service\_connectors\_configuration) | Service Connectors configuration settings, defining all aspects to manage service connectors and related resources in OCI. Please see the comments within each attribute for details. | 
object({
    default_compartment_id = string, # the default compartment where all resources are defined. It's overriden by the compartment_id attribute within each object. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
    default_defined_tags   = optional(map(string)), # the default defined tags. It's overriden by the defined_tags attribute within each object.
    default_freeform_tags  = optional(map(string)), # the default freeform tags. It's overriden by the frreform_tags attribute within each object.

    service_connectors = map(object({
      display_name = string # the service connector name.
      compartment_id = optional(string) # the compartment where the service connector is created. default_compartment_id is used if undefined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
      description = optional(string) # the service connector description. Defaults to display_name if not defined.
      activate = optional(bool) # whether the service connector is active. Default is false.
      defined_tags = optional(map(string)) # the service connector defined_tags. Default to default_defined_tags if undefined.
      freeform_tags = optional(map(string)) # the service connector freeform_tags. Default to default_freeform_tags if undefined.

      source = object({
        kind = string # Supported sources: "logging" and "streaming".
        audit_logs = optional(list(object({ # the audit logs (only applicable if kind = "logging").
          cmp_id = string # the compartment where to get audit logs from. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID. Use "ALL" to include all audit logs in the tenancy.
        })))
        non_audit_logs = optional(list(object({ # all logs that are not audit logs. Includes bucket logs, flow logs, custom logs, etc (only applicable if kind = "logging").
          cmp_id = string # the compartment where to get non-audit logs from. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
          log_group_id = optional(string) # the log group. This attribute is overloaded: it can be either a log group OCID or a reference (a key) to the log group OCID.
          log_id = optional(string) # the log. This attribute is overloaded: it can be either a log OCID or a reference (a key) to the log OCID.
        })))
        stream_id = optional(string) # The source stream (only applicable if kind = "streaming"). This attribute is overloaded: it can be either a stream OCID or a reference (a key) to the stream OCID.
      })

      log_rule_filter = optional(string) # A condition for filtering log data (only applicable if source kind = "logging").
      
      target = object({ # the target
        kind = string, # supported targets: "objectstorage", "streaming", "functions", "logginganalytics", "notifications".
        bucket_name = optional(string), # the target bucket name (only applicable if kind is "objectstorage"). This attribute is overloaded: it can be either a bucket name or a reference (a key) to the bucket name.
        bucket_batch_rollover_size_in_mbs = optional(number), # the bucket batch rollover size in megabytes (only applicable if kind is "objectstorage"). 
        bucket_batch_rollover_time_in_ms = optional(number), # the bucket batch rollover time in milliseconds (only applicable if kind is "objectstorage"). 
        bucket_object_name_prefix = optional(string), # the prefix of objects eventually created in the bucket (only applicable if kind is "objectstorage").
        stream_id = optional(string) # the target stream (only applicable if kind is "streaming"). This attribute is overloaded: it can be either a stream OCID or a reference (a key) to the stream OCID.
        topic_id = optional(string) # the target topic (only applicable if kind is "notifications"). This attribute is overloaded: it can be either a topic OCID or a reference (a key) to the topic OCID.
        function_id = optional(string) # the target function (only applicable if kind is "functions"). This attribute is overloaded: it can be either a function OCID or a reference (a key) to the function OCID.
        log_group_id = optional(string) # the target log group (only applicable if kind is "logginganalytics"). This attribute is overloaded: it can be either a log group OCID or a reference (a key) to the log group OCID.
        compartment_id = optional(string), # the target resource compartment. Required if using a literal name for bucket_name or a literal OCID for stream_id, topic_id, function_id, or log_group_id. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
      })

      policy = optional(object({ # If you omit this block in the declaration, the policy compartment_id, name and description are derived from the target.
        compartment_id = optional(string), # the compartment where the policy is attached. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
        name = optional(string), # the policy name.
        description = optional(string) # the policy description.
      }))
    }))  

    buckets = optional(map(object({ # the buckets to manage.
      name = string, # the bucket name
      compartment_id = optional(string), # the compartment where the bucket is created. default_compartment_id is used if this is not defined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
      cis_level = optional(string), # the cis_level. Default is "1". Drives bucket versioning and encryption. cis_level = "1": no versioning, encryption with Oracle managed key. cis_level = "2": versioning enabled, encryption with customer managed key.
      kms_key_id = optional(string), # the customer managed key. Required if cis_level = "2". This attribute is overloaded: it can be either a key OCID or a reference (a key) to the key OCID.
      defined_tags = optional(map(string)), # bucket defined_tags. default_defined_tags is used if this is not defined.
      freeform_tags = optional(map(string)) # bucket freeform_tags. default_freeform_tags is used if this is not defined.
    })))

    streams = optional(map(object({ # the streams to manage.
      name = string # the stream name
      compartment_id = optional(string) # the compartment where the stream is created. default_compartment_id is used if this is not defined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
      num_partitions = optional(number) # the number of stream partitions. Default is 1.  
      log_retention_in_hours = optional(number) # for how long to keep messages in the stream. Default is 24 hours.
      defined_tags = optional(map(string)) # stream defined_tags. default_defined_tags is used if this is not defined.
      freeform_tags = optional(map(string)) # stream freeform_tags. default_freeform_tags is used if this is not defined.
    })))

    topics = optional(map(object({ # the topics to manage in this configuration.
      name = string # topic name
      compartment_id = optional(string) # the compartment where the topic is created. default_compartment_id is used if undefined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
      description = optional(string) # topic description. Defaults to topic name if undefined.
      subscriptions = optional(list(object({
        protocol = string # valid values (case insensitive): EMAIL, CUSTOM_HTTPS, PAGERDUTY, SLACK, ORACLE_FUNCTIONS, SMS
        values = list(string) # list of endpoint values, specific to each protocol.
        defined_tags = optional(map(string)) # subscription defined_tags. The topic defined_tags is used if undefined.
        freeform_tags = optional(map(string)) # subscription freeform_tags. The topic freeform_tags is used if undefined.
      })))
      defined_tags = optional(map(string)) # topic defined_tags. default_defined_tags is used if undefined.
      freeform_tags = optional(map(string)) # topic freeform_tags. default_freeform_tags is used if undefined.
    })))

  })
| n/a | yes | +| [service\_connectors\_configuration](#input\_service\_connectors\_configuration) | Service Connectors configuration settings, defining all aspects to manage service connectors and related resources in OCI. Please see the comments within each attribute for details. | 
object({
    default_compartment_id = string, # the default compartment where all resources are defined. It's overriden by the compartment_id attribute within each object. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
    default_defined_tags   = optional(map(string)), # the default defined tags. It's overriden by the defined_tags attribute within each object.
    default_freeform_tags  = optional(map(string)), # the default freeform tags. It's overriden by the frreform_tags attribute within each object.

    service_connectors = map(object({
      display_name = string # the service connector name.
      compartment_id = optional(string) # the compartment where the service connector is created. default_compartment_id is used if undefined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
      description = optional(string) # the service connector description. Defaults to display_name if not defined.
      activate = optional(bool) # whether the service connector is active. Default is false.
      defined_tags = optional(map(string)) # the service connector defined_tags. Default to default_defined_tags if undefined.
      freeform_tags = optional(map(string)) # the service connector freeform_tags. Default to default_freeform_tags if undefined.

      source = object({
        kind = string # Supported sources: "logging" and "streaming".
        cursor_kind = optional(string) # The type of cursor, which determines the starting point from which the stream will be consumed. Options "LATEST", "TRIM_HORIZON" (only applicable if kind = "streaming")
        audit_logs = optional(list(object({ # the audit logs (only applicable if kind = "logging").
          cmp_id = string # the compartment where to get audit logs from. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID. Use "ALL" to include all audit logs in the tenancy.
        })))
        non_audit_logs = optional(list(object({ # all logs that are not audit logs. Includes bucket logs, flow logs, custom logs, etc (only applicable if kind = "logging").
          cmp_id = string # the compartment where to get non-audit logs from. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
          log_group_id = optional(string) # the log group. This attribute is overloaded: it can be either a log group OCID or a reference (a key) to the log group OCID.
          log_id = optional(string) # the log. This attribute is overloaded: it can be either a log OCID or a reference (a key) to the log OCID.
        })))
        stream_id = optional(string) # The source stream (only applicable if kind = "streaming"). This attribute is overloaded: it can be either a stream OCID or a reference (a key) to the stream OCID.
      })

      log_rule_filter = optional(string) # A condition for filtering log data (only applicable if source kind = "logging").
      
      target = object({ # the target
        kind = string, # supported targets: "objectstorage", "streaming", "functions", "logginganalytics", "notifications".
        bucket_name = optional(string), # the target bucket name (only applicable if kind is "objectstorage"). This attribute is overloaded: it can be either a bucket name or a reference (a key) to the bucket name.
        bucket_batch_rollover_size_in_mbs = optional(number), # the bucket batch rollover size in megabytes (only applicable if kind is "objectstorage"). 
        bucket_batch_rollover_time_in_ms = optional(number), # the bucket batch rollover time in milliseconds (only applicable if kind is "objectstorage"). 
        bucket_object_name_prefix = optional(string), # the prefix of objects eventually created in the bucket (only applicable if kind is "objectstorage").
        stream_id = optional(string) # the target stream (only applicable if kind is "streaming"). This attribute is overloaded: it can be either a stream OCID or a reference (a key) to the stream OCID.
        topic_id = optional(string) # the target topic (only applicable if kind is "notifications"). This attribute is overloaded: it can be either a topic OCID or a reference (a key) to the topic OCID.
        function_id = optional(string) # the target function (only applicable if kind is "functions"). This attribute is overloaded: it can be either a function OCID or a reference (a key) to the function OCID.
        log_group_id = optional(string) # the target log group (only applicable if kind is "logginganalytics"). This attribute is overloaded: it can be either a log group OCID or a reference (a key) to the log group OCID.
        compartment_id = optional(string), # the target resource compartment. Required if using a literal name for bucket_name or a literal OCID for stream_id, topic_id, function_id, or log_group_id. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
      })

      policy = optional(object({ # If you omit this block in the declaration, the policy compartment_id, name and description are derived from the target.
        compartment_id = optional(string), # the compartment where the policy is attached. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
        name = optional(string), # the policy name.
        description = optional(string) # the policy description.
      }))
    }))  

    buckets = optional(map(object({ # the buckets to manage.
      name = string, # the bucket name
      compartment_id = optional(string), # the compartment where the bucket is created. default_compartment_id is used if this is not defined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
      cis_level = optional(string), # the cis_level. Default is "1". Drives bucket versioning and encryption. cis_level = "1": no versioning, encryption with Oracle managed key. cis_level = "2": versioning enabled, encryption with customer managed key.
      kms_key_id = optional(string), # the customer managed key. Required if cis_level = "2". This attribute is overloaded: it can be either a key OCID or a reference (a key) to the key OCID.
      defined_tags = optional(map(string)), # bucket defined_tags. default_defined_tags is used if this is not defined.
      freeform_tags = optional(map(string)) # bucket freeform_tags. default_freeform_tags is used if this is not defined.
      storage_tier = optional(string),  # the type of storage tier of this bucket. Archive, Standard
      retention_rules = optional(map(object({
        display_name          = string # A user-specified name for the retention rule
        time_amount           = number # The timeAmount is interpreted in units defined by the timeUnit parameter
        time_unit             = string # The unit that should be used to interpret timeAmount.  Days, Years
      }))) # bucket retention rules
    })))

    streams = optional(map(object({ # the streams to manage.
      name = string # the stream name
      compartment_id = optional(string) # the compartment where the stream is created. default_compartment_id is used if this is not defined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
      num_partitions = optional(number) # the number of stream partitions. Default is 1.  
      log_retention_in_hours = optional(number) # for how long to keep messages in the stream. Default is 24 hours.
      defined_tags = optional(map(string)) # stream defined_tags. default_defined_tags is used if this is not defined.
      freeform_tags = optional(map(string)) # stream freeform_tags. default_freeform_tags is used if this is not defined.
    })))

    topics = optional(map(object({ # the topics to manage in this configuration.
      name = string # topic name
      compartment_id = optional(string) # the compartment where the topic is created. default_compartment_id is used if undefined. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID.
      description = optional(string) # topic description. Defaults to topic name if undefined.
      subscriptions = optional(list(object({
        protocol = string # valid values (case insensitive): EMAIL, CUSTOM_HTTPS, PAGERDUTY, SLACK, ORACLE_FUNCTIONS, SMS
        values = list(string) # list of endpoint values, specific to each protocol.
        defined_tags = optional(map(string)) # subscription defined_tags. The topic defined_tags is used if undefined.
        freeform_tags = optional(map(string)) # subscription freeform_tags. The topic freeform_tags is used if undefined.
      })))
      defined_tags = optional(map(string)) # topic defined_tags. default_defined_tags is used if undefined.
      freeform_tags = optional(map(string)) # topic freeform_tags. default_freeform_tags is used if undefined.
    })))

  })
| n/a | yes | | [streams\_dependency](#input\_streams\_dependency) | A map of objects containing the externally managed streams this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the stream OCID) of string type. | `map(any)` | `null` | no | | [tenancy\_ocid](#input\_tenancy\_ocid) | The tenancy ocid | `string` | n/a | yes | | [topics\_dependency](#input\_topics\_dependency) | A map of objects containing the externally managed topics this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the topic OCID) of string type. | `map(any)` | `null` | no | diff --git a/service-connectors/buckets.tf b/service-connectors/buckets.tf index 31fed3e..2b536a7 100644 --- a/service-connectors/buckets.tf +++ b/service-connectors/buckets.tf @@ -18,9 +18,13 @@ resource "oci_objectstorage_bucket" "these" { for_each = var.service_connectors_configuration.buckets != null ? var.service_connectors_configuration.buckets : {} lifecycle { precondition { - condition = coalesce(each.value.cis_level,"1") == "2" ? (each.value.kms_key_ocid != null ? true : false) : true # false triggers this. + condition = coalesce(each.value.cis_level,"1") == "2" ? (each.value.kms_key_id != null ? true : false) : true # false triggers this. error_message = "VALIDATION FAILURE (CIS Storage 4.1.2): A customer managed key is required when CIS level is set to 2." } + precondition { + condition = contains(local.storage_tier_types, coalesce(each.value.storage_tier, "Standard")) + error_message = "VALIDATION FAILURE : Invalid value for \"storage_tier\" attribute. Valid values are ${join(", ",local.storage_tier_types)} (case sensitive)." + } } provider = oci compartment_id = each.value.compartment_id != null ? (length(regexall("^ocid1.*$", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartments_dependency[each.value.compartment_id].id) : (length(regexall("^ocid1.*$", var.service_connectors_configuration.default_compartment_id)) > 0 ? var.service_connectors_configuration.default_compartment_id : var.compartments_dependency[var.service_connectors_configuration.default_compartment_id].id) @@ -30,6 +34,19 @@ resource "oci_objectstorage_bucket" "these" { versioning = coalesce(each.value.cis_level,"1") == "2" ? "Enabled" : "Disabled" defined_tags = each.value.defined_tags != null ? each.value.defined_tags : var.service_connectors_configuration.default_defined_tags freeform_tags = merge(local.cislz_module_tag, each.value.freeform_tags != null ? each.value.defined_tags : var.service_connectors_configuration.default_freeform_tags) + + storage_tier = each.value.storage_tier + dynamic retention_rules { + for_each = coalesce(each.value.cis_level,"1") == "2" ? {} : ( each.value.retention_rules != null ? each.value.retention_rules : {} ) # cannot add retention rules to a bucket that has versioning enabled + iterator = ls + content { + display_name = ls.value.display_name + duration { + time_amount = ls.value.time_amount + time_unit = upper(ls.value.time_unit) + } + } + } } /* locals { diff --git a/service-connectors/constants.tf b/service-connectors/constants.tf index f409fdc..5845485 100644 --- a/service-connectors/constants.tf +++ b/service-connectors/constants.tf @@ -24,4 +24,6 @@ locals { (local.TARGET_NOTIFICATIONS) : "topic_id" } subscription_protocols = ["EMAIL","CUSTOM_HTTPS","SLACK","PAGERDUTY","ORACLE_FUNCTIONS","SMS"] + storage_tier_types = ["Archive", "Standard"] + retention_rules_time_units = ["DAYS", "YEARS"] } \ No newline at end of file diff --git a/service-connectors/examples/vision/input.auto.tfvars.template b/service-connectors/examples/vision/input.auto.tfvars.template index 78c1ba1..bfb70ad 100644 --- a/service-connectors/examples/vision/input.auto.tfvars.template +++ b/service-connectors/examples/vision/input.auto.tfvars.template @@ -38,6 +38,7 @@ service_connectors_configuration = { #activate = true # Service Connector is created inactive. Uncomment this line to make it active. source = { kind = "logging" # Other supported values: "streaming" + #cursor_kind = "TRIM_HORIZON" ## "LATEST", "TRIM_HORIZON" (only applicable if kind = "streaming") audit_logs = [ {cmp_id = "ALL"} # "ALL" means all tenancy audit logs. Only applicable if kind = "logging". ] @@ -75,6 +76,14 @@ service_connectors_configuration = { #kms_key_id = null # The ocid of an existing KMS key. Required if cis_level = "2". #defined_tags = null #freeform_tags = null + # storage_tier = "Standard" ## Value can be "Standard" or "Archive". If left commented out, the default oci value is "Standard" + # retention_rules = { # If cis_level = "2", retention rules are ignored; cannot use retention rules if versioning is Enabled + # RULE1 = { + # display_name = "bucket retention rule 1" + # time_amount = 1 ## duration time amount + # time_unit = "DAYS" ## duration time unit (DAYS | YEARS) + # } + # } } } } \ No newline at end of file diff --git a/service-connectors/examples/vision/variables.tf b/service-connectors/examples/vision/variables.tf index 542a0f0..2aff24c 100644 --- a/service-connectors/examples/vision/variables.tf +++ b/service-connectors/examples/vision/variables.tf @@ -27,6 +27,7 @@ variable "service_connectors_configuration" { source = object({ kind = string # Supported sources: "logging" and "streaming". + cursor_kind = optional(string) # The type of cursor, which determines the starting point from which the stream will be consumed. Options "LATEST", "TRIM_HORIZON" (only applicable if kind = "streaming") audit_logs = optional(list(object({ # the audit logs (only applicable if kind = "logging"). cmp_id = string # the compartment where to get audit logs from. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID. Use "ALL" to include all audit logs in the tenancy. }))) @@ -70,6 +71,13 @@ variable "service_connectors_configuration" { kms_key_id = optional(string), # the customer managed key. Required if cis_level = "2". This attribute is overloaded: it can be either a key OCID or a reference (a key) to the key OCID. defined_tags = optional(map(string)), # bucket defined_tags. default_defined_tags is used if this is not defined. freeform_tags = optional(map(string)) # bucket freeform_tags. default_freeform_tags is used if this is not defined. + storage_tier = optional(string), # the type of storage tier of this bucket. Archive, Standard + retention_rules = optional(map(object({ + display_name = string # A user-specified name for the retention rule + time_amount = number # The timeAmount is interpreted in units defined by the timeUnit parameter + time_unit = string # The unit that should be used to interpret timeAmount. Days, Years + time_rule_locked = optional(string) # The date and time as per RFC 3339 after which this rule is locked and can only be deleted by deleting the bucket. + }))) # bucket retention rules }))) streams = optional(map(object({ # the streams to manage. diff --git a/service-connectors/service-connectors.tf b/service-connectors/service-connectors.tf index 833f35c..1743b14 100644 --- a/service-connectors/service-connectors.tf +++ b/service-connectors/service-connectors.tf @@ -44,11 +44,18 @@ resource "oci_sch_service_connector" "these" { freeform_tags = merge(local.cislz_module_tag, each.value.freeform_tags != null ? each.value.freeform_tags : var.service_connectors_configuration.default_freeform_tags) source { kind = lower(each.value.source.kind) + dynamic "cursor" { + for_each = lower(each.value.source.kind) == local.SOURCE_STREAMING ? each.value.source.cursor_kind != null ? [each.value.source.cursor_kind] : [] : [] + iterator = ls + content { + kind = upper(ls.value) + } + } dynamic "log_sources" { for_each = lower(each.value.source.kind) == local.SOURCE_LOGGING ? each.value.source.audit_logs != null ? toset(each.value.source.audit_logs) : [] : [] iterator = ls content { - compartment_id = upper(ls.value.cmp_id) == "ALL" ? var.tenancy_ocid : ls.value.cmp_id + compartment_id = upper(ls.value.cmp_id) == "ALL" ? var.tenancy_ocid : length(regexall("^ocid1.*$", ls.value.cmp_id)) > 0 ? ls.value.cmp_id : var.compartments_dependency[ls.value.cmp_id].id log_group_id = upper(ls.value.cmp_id) == "ALL" ? "_Audit_Include_Subcompartment" : "_Audit" log_id = "" } diff --git a/service-connectors/variables.tf b/service-connectors/variables.tf index b8d694d..a6376a1 100644 --- a/service-connectors/variables.tf +++ b/service-connectors/variables.tf @@ -23,6 +23,7 @@ variable "service_connectors_configuration" { source = object({ kind = string # Supported sources: "logging" and "streaming". + cursor_kind = optional(string) # The type of cursor, which determines the starting point from which the stream will be consumed. Options "LATEST", "TRIM_HORIZON" (only applicable if kind = "streaming") audit_logs = optional(list(object({ # the audit logs (only applicable if kind = "logging"). cmp_id = string # the compartment where to get audit logs from. This attribute is overloaded: it can be either a compartment OCID or a reference (a key) to the compartment OCID. Use "ALL" to include all audit logs in the tenancy. }))) @@ -63,6 +64,12 @@ variable "service_connectors_configuration" { kms_key_id = optional(string), # the customer managed key. Required if cis_level = "2". This attribute is overloaded: it can be either a key OCID or a reference (a key) to the key OCID. defined_tags = optional(map(string)), # bucket defined_tags. default_defined_tags is used if this is not defined. freeform_tags = optional(map(string)) # bucket freeform_tags. default_freeform_tags is used if this is not defined. + storage_tier = optional(string), # the type of storage tier of this bucket. Archive, Standard + retention_rules = optional(map(object({ + display_name = string # A user-specified name for the retention rule + time_amount = number # The timeAmount is interpreted in units defined by the timeUnit parameter + time_unit = string # The unit that should be used to interpret timeAmount. Days, Years + }))) # bucket retention rules }))) streams = optional(map(object({ # the streams to manage.