fix coding conventions related problems

kral2 · kral2 · commit 03fa1ff957fb · 2021-02-04T02:11:06.000+01:00
- Use snake_case when naming variables/resources
- If your variable is controlling a behaviour, use imperative style to
name it e.g. lockdown_default_seclist
- Use simple file names where possible; avoid '-', '' for terraform
files. '' is ok for bash/python.
- Add documentation for new variable in docs/terraformoptions.adoc
diff --git a/docs/terraformoptions.adoc b/docs/terraformoptions.adoc
@@ -111,4 +111,9 @@ tags = {
 |
 |
 
+|`lockdown_default_seclist`
+|whether to remove all default security rules from the VCN Default Security List
+|true/false
+|true
+
 |===
diff --git a/examples/README.md b/examples/README.md
@@ -78,7 +78,7 @@ module "vcn" {
   vcn_cidr                 = var.vcn_cidr
   vcn_dns_label            = var.vcn_dns_label
   vcn_name                 = var.vcn_name
-  default_SL_lockdown      = var.default_SL_lockdown
+  lockdown_default_seclist     = var.lockdown_default_seclist
 }
 ```
 
diff --git a/examples/main.tf b/examples/main.tf
@@ -1,4 +1,4 @@
-# Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates.  All rights reserved.
+# Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
 module "vcn" {
@@ -25,7 +25,7 @@ module "vcn" {
 
   vcn_name = "vcn"
 
-  default_SL_lockdown = "true"
+  lockdown_default_seclist = true
 
   tags = {
     environment = "dev"
diff --git a/examples/variables.tf b/examples/variables.tf
@@ -1,4 +1,4 @@
-# Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates.  All rights reserved.
+# Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
 # provider identity parameters
@@ -83,7 +83,7 @@ variable "vcn_name" {
   type        = string
 }
 
-variable "default_SL_lockdown" {
+variable "lockdown_default_seclist" {
   description = "whether to remove all default security rules from the VCN Default Security List"
   default     = true
   type        = bool
diff --git a/nat.tf b/nat.tf
diff --git a/schema.yaml b/schema.yaml
@@ -9,7 +9,7 @@ groupings:
     - vcn_cidr
     - vcn_name
     - vcn_dns_label
-    - default_SL_lockdown
+    - lockdown_default_seclist
 
 variables:
   region:
@@ -49,7 +49,7 @@ variables:
     required: true
     default: vcn
 
-  default_SL_lockdown:
+  lockdown_default_seclist:
     title: Enable VCN Default Security List Lockdown
     type: string
     required: false
diff --git a/servicegateway.tf b/servicegateway.tf
diff --git a/variables.tf b/variables.tf
@@ -66,7 +66,7 @@ variable "vcn_name" {
   type        = string
 }
 
-variable "default_SL_lockdown" {
+variable "lockdown_default_seclist" {
   description = "whether to remove all default security rules from the VCN Default Security List"
   default     = true
   type        = bool
diff --git a/vcn.tf b/vcn.tf
@@ -1,4 +1,4 @@
-# Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates.  All rights reserved.
+# Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
 resource "oci_core_vcn" "vcn" {
@@ -9,30 +9,3 @@ resource "oci_core_vcn" "vcn" {
 
   freeform_tags = var.tags
 }
-
-resource "oci_core_internet_gateway" "ig" {
-  compartment_id = var.compartment_id
-  display_name   = var.label_prefix == "none" ? "internet-gateway" : "${var.label_prefix}-internet-gateway"
-
-  freeform_tags = var.tags
-
-  vcn_id = oci_core_vcn.vcn.id
-
-  count = var.internet_gateway_enabled == true ? 1 : 0
-}
-
-resource "oci_core_route_table" "ig" {
-  compartment_id = var.compartment_id
-  display_name   = var.label_prefix == "none" ? "internet-route" : "${var.label_prefix}-internet-route"
-
-  freeform_tags = var.tags
-
-  route_rules {
-    destination       = local.anywhere
-    network_entity_id = oci_core_internet_gateway.ig[0].id
-  }
-
-  vcn_id = oci_core_vcn.vcn.id
-
-  count = var.internet_gateway_enabled == true ? 1 : 0
-}
diff --git a/vcn_defaultresources.tf b/vcn_defaultresources.tf
@@ -1,17 +1,17 @@
-# Copyright (c) 2021 Oracle Corporation and/or affiliates.
+# Copyright (c) 2021, Oracle Corporation and/or affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
 # VCN default Security List Lockdown
-// See Issue #22 for 
+// See Issue #22 for the reasoning
 resource "oci_core_default_security_list" "lockdown" {
   // If variable is true, removes all rules from default security list
-  count                      = var.default_SL_lockdown == true ? 1 : 0
+  count                      = var.lockdown_default_seclist == true ? 1 : 0
   manage_default_resource_id = oci_core_vcn.vcn.default_security_list_id
 }
 
 resource "oci_core_default_security_list" "restore_default" {
   // If variable is false, restore all default rules to default security list
-  count                      = var.default_SL_lockdown == false ? 1 : 0
+  count                      = var.lockdown_default_seclist == false ? 1 : 0
   manage_default_resource_id = oci_core_vcn.vcn.default_security_list_id
 
   egress_security_rules {
diff --git a/vcn_gateways.tf b/vcn_gateways.tf
@@ -0,0 +1,91 @@
+# Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
+
+resource « oci_core_internet_gateway » « ig » {
+  compartment_id = var.compartment_id
+  display_name   = var.label_prefix == « none » ? « internet-gateway » : « ${var.label_prefix}-internet-gateway »
+            
+  freeform_tags = var.tags
+
+  vcn_id = oci_core_vcn.vcn.id
+
+  count = var.internet_gateway_enabled == true ? 1 : 0
+}
+
+resource « oci_core_route_table » « ig » {
+  compartment_id = var.compartment_id
+  display_name   = var.label_prefix == « none » ? « internet-route » : « ${var.label_prefix}-internet-route »
+
+  freeform_tags = var.tags
+
+  route_rules {
+    destination       = local.anywhere
+    network_entity_id = oci_core_internet_gateway.ig[0].id
+  }
+
+  vcn_id = oci_core_vcn.vcn.id
+
+  count = var.internet_gateway_enabled == true ? 1 : 0
+}
+
+
+data "oci_core_services" "all_oci_services" {
+  filter {
+    name   = "name"
+    values = ["All .* Services In Oracle Services Network"]
+    regex  = true
+  }
+  count = var.service_gateway_enabled == true ? 1 : 0
+}
+
+resource "oci_core_service_gateway" "service_gateway" {
+  compartment_id = var.compartment_id
+  display_name   = var.label_prefix == "none" ? "service-gateway" : "${var.label_prefix}-service-gateway"
+
+  freeform_tags = var.tags
+  services {
+    service_id = lookup(data.oci_core_services.all_oci_services[0].services[0], "id")
+  }
+
+  vcn_id = oci_core_vcn.vcn.id
+
+  count = var.service_gateway_enabled == true ? 1 : 0
+}
+
+resource « oci_core_nat_gateway » « nat_gateway » {
+  compartment_id = var.compartment_id
+  display_name   = var.label_prefix == « none » ? « nat-gateway » : « ${var.label_prefix}-nat-gateway »
+
+  freeform_tags = var.tags
+
+  vcn_id = oci_core_vcn.vcn.id
+
+  count = var.nat_gateway_enabled == true ? 1 : 0
+}
+
+resource "oci_core_route_table" "nat" {
+  compartment_id = var.compartment_id
+  display_name   = var.label_prefix == "none" ? "nat-route" : "${var.label_prefix}-nat-route"
+
+  freeform_tags = var.tags
+
+  route_rules {
+    destination       = local.anywhere
+    destination_type  = "CIDR_BLOCK"
+    network_entity_id = oci_core_nat_gateway.nat_gateway[0].id
+  }
+
+  dynamic "route_rules" {
+    for_each = var.service_gateway_enabled == true ? list(1) : []
+
+    content {
+      destination       = lookup(data.oci_core_services.all_oci_services[0].services[0], "cidr_block")
+      destination_type  = "SERVICE_CIDR_BLOCK"
+      network_entity_id = oci_core_service_gateway.service_gateway[0].id
+    }
+  }
+
+  vcn_id = oci_core_vcn.vcn.id
+
+  count = var.nat_gateway_enabled == true ? 1 : 0
+}

Original file line number	Diff line number	Diff line change
`@@ -111,4 +111,9 @@ tags = {`
`111`	`111`	`\|`
`112`	`112`	`\|`
`113`	`113`
	`114`	+\|`lockdown_default_seclist`
	`115`	`+\|whether to remove all default security rules from the VCN Default Security List`
	`116`	`+\|true/false`
	`117`	`+\|true`
	`118`	`+`
`114`	`119`	`\|===`
Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ module "vcn" {`
`78`	`78`	`vcn_cidr = var.vcn_cidr`
`79`	`79`	`vcn_dns_label = var.vcn_dns_label`
`80`	`80`	`vcn_name = var.vcn_name`
`81`		`- default_SL_lockdown = var.default_SL_lockdown`
	`81`	`+ lockdown_default_seclist = var.lockdown_default_seclist`
`82`	`82`	`}`
`83`	`83`	```
`84`	`84`
Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ variable "vcn_name" {`
`66`	`66`	`type = string`
`67`	`67`	`}`
`68`	`68`
`69`		`-variable "default_SL_lockdown" {`
	`69`	`+variable "lockdown_default_seclist" {`
`70`	`70`	`description = "whether to remove all default security rules from the VCN Default Security List"`
`71`	`71`	`default = true`
`72`	`72`	`type = bool`