Show more options to user, customize inputs

Author: naikvenu

examples/oci-logging-analytics/main.tf

@@ -3,6 +3,17 @@
 
 locals {
   tenancy_id = var.tenancy_ocid # Tenancy OCID
+
+  compartments = {
+    "${var.logging_analytics_compartment_name}" = {
+      description    = "Logging Analytics Compartment"
+      compartment_id = null # The OCID of the parent compartment containing the compartment.
+      defined_tags   = null
+      freeform_tags  = null
+    }
+  }
+
+  find_compartment_id = var.create_compartment == "yes" ? module.logging_analytics_compartment.iam_config.compartments[var.logging_analytics_compartment_name].id : var.compartment_ocid
 }
 
 module "logging_analytics_compartment" {
@@ -20,28 +31,7 @@ module "logging_analytics_compartment" {
     users                  = null
     policies               = null
     dynamic_groups         = null
-    compartments           = null
-
-    /* If you need to create a compartment then follow the below sample:
-    compartments = {
-      Logging-Analytics-Compartment = {
-        description    = "Logging Analytics Compartment"
-        compartment_id = null # The OCID of the parent compartment containing the compartment.
-        defined_tags   = null
-        freeform_tags  = null
-      }*/
-    
-    /* Optionally you can also create a Agent compartment for Agents and agent keys. 
-    Refer: https://docs.oracle.com/en/cloud/paas/logging-analytics/logqs/
-    
-    Logging-Analytics-Agent-Compartment = {
-      description    = "Logging Analytics Agent Compartment"
-      compartment_id = null # The OCID of the parent compartment containing the compartment.
-      defined_tags   = null
-      freeform_tags  = null
-    }
-    
-    }*/
+    compartments           = var.create_compartment == "yes" ? local.compartments : null
   }
 }
 
@@ -61,7 +51,7 @@ module "logging_analytics_quickstart" {
     compartments           = null
 
     groups = {
-      Logging-Analytics-SuperAdmins = {
+      "${var.logging_analytics_group_name}" = {
         compartment_id = null #Tenancy OCID
         defined_tags   = null
         freeform_tags  = null
@@ -70,44 +60,43 @@ module "logging_analytics_quickstart" {
     }
 
     users = {
-      Logging-Analytics-User-01 = {
+      "${var.logging_analytics_user_name}" = {
         compartment_id = null #Tenancy OCID
         defined_tags   = null
         freeform_tags  = null
         description    = "Logging Analytics User"
-        email          = var.logging_analytics_user_email != "" ? var.logging_analytics_user_email : "<Your_Logging_Analytics_User_Email>"
-        groups = ["Logging-Analytics-SuperAdmins"]
+        email          = var.logging_analytics_user_email
+        groups         = ["${var.logging_analytics_group_name}"]
       }
     }
 
     dynamic_groups = {
-      ManagementAgentAdminss = {
+      "${var.loganalytics_dynamic_group_name}" = {
         compartment_id = null #Tenancy OCID
         defined_tags   = null
         freeform_tags  = null
         description    = "Logging Analytics Management Agent Dynamic group"
-        #matching_rules = ["All {resource.type = 'managementagent', resource.compartment.id = ${module.logging_analytics_compartment.iam_config.compartments["Logging-Analytics-Compartment"].id}}"]
-        matching_rules = ["All {resource.type = 'managementagent', resource.compartment.id = ${var.compartment_ocid}}"]
+        matching_rules = ["All {resource.type = 'managementagent', resource.compartment.id = ${local.find_compartment_id} }"]
       }
     }
 
     policies = {
-      Logging-Analytics-Policy = {
+      "${var.logging_analytics_policy_name}" = {
         description = "Logging Analytics Policy"
         statements = ["allow service loganalytics to READ loganalytics-features-family in tenancy",
-          "allow group Logging-Analytics-SuperAdmins to READ compartments in tenancy",
-          "allow group Logging-Analytics-SuperAdmins to MANAGE loganalytics-features-family in tenancy",
+          "allow group ${var.logging_analytics_group_name} to READ compartments in tenancy",
+          "allow group ${var.logging_analytics_group_name} to MANAGE loganalytics-features-family in tenancy",
           /* Use the following policies for production usage.
-          "allow group Logging-Analytics-SuperAdmins to MANAGE loganalytics-resources-family in tenancy",
-          "allow group Logging-Analytics-SuperAdmins to MANAGE management-dashboard-family in tenancy",
-          "allow group Logging-Analytics-SuperAdmins to READ metrics IN tenancy",
-          "allow group Logging-Analytics-SuperAdmins TO MANAGE management-agents IN tenancy",
-          "allow group Logging-Analytics-SuperAdmins to MANAGE management-agent-install-keys IN tenancy",
-          "allow group Logging-Analytics-SuperAdmins to READ users IN tenancy",*/
-          "allow dynamic-group ManagementAgentAdminss to MANAGE management-agents IN tenancy",
-          "allow dynamic-group ManagementAgentAdminss to USE METRICS IN tenancy",
-          "allow dynamic-group ManagementAgentAdminss to {LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS} in tenancy",
-        "allow dynamic-group ManagementAgentAdminss to USE loganalytics-collection-warning in tenancy"
+          "allow group ${var.logging_analytics_group_name} to MANAGE loganalytics-resources-family in tenancy",
+          "allow group ${var.logging_analytics_group_name} to MANAGE management-dashboard-family in tenancy",
+          "allow group ${var.logging_analytics_group_name} to READ metrics IN tenancy",
+          "allow group ${var.logging_analytics_group_name} TO MANAGE management-agents IN tenancy",
+          "allow group ${var.logging_analytics_group_name} to MANAGE management-agent-install-keys IN tenancy",
+          "allow group ${var.logging_analytics_group_name} to READ users IN tenancy",*/
+          "allow dynamic-group ${var.loganalytics_dynamic_group_name} to MANAGE management-agents IN tenancy",
+          "allow dynamic-group ${var.loganalytics_dynamic_group_name} to USE METRICS IN tenancy",
+          "allow dynamic-group ${var.loganalytics_dynamic_group_name} to {LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS} in tenancy",
+          "allow dynamic-group ${var.loganalytics_dynamic_group_name} to USE loganalytics-collection-warning in tenancy"
         ]
         version_date   = null
         compartment_id = null # Tenancy OCID
@@ -118,17 +107,17 @@ module "logging_analytics_quickstart" {
   }
 }
 
-resource "oci_log_analytics_namespace" "log_analytics_namespace" {
+resource "oci_log_analytics_namespace" "logging_analytics_namespace" {
   #Required
-  count          = var.log_analytics_namespace != "" ? 1 : 0
+  count          = var.onboard_logging_analytics == "yes" ? 1 : 0
   compartment_id = local.tenancy_id
   is_onboarded   = true
-  namespace      = var.log_analytics_namespace
+  namespace      = var.tenancy_ocid
   depends_on     = [module.logging_analytics_quickstart]
 }
 
-data "oci_log_analytics_namespace" "log_analytics_namespace" {
+data "oci_log_analytics_namespace" "logging_analytics_namespace" {
   #Required
-  count = 0
-  namespace = oci_log_analytics_namespace.log_analytics_namespace[count.index].namespace
+  #namespace = oci_log_analytics_namespace.logging_analytics_namespace[count.index].namespace
+  namespace = var.tenancy_ocid
 }

examples/oci-logging-analytics/outputs.tf

@@ -9,6 +9,6 @@ output "logging_analytics_config" {
 
 output "logging_analytics_namespace" {
   description = "logging analytics namespace"
-  value       = data.oci_log_analytics_namespace.log_analytics_namespace
+  value       = data.oci_log_analytics_namespace.logging_analytics_namespace
 }
 

examples/oci-logging-analytics/providers.tf

@@ -3,14 +3,14 @@
 
 
 provider "oci" {
-  tenancy_ocid     = var.tenancy_ocid
-  region           = var.region
+  tenancy_ocid = var.tenancy_ocid
+  region       = var.region
 }
 
 provider "oci" {
-  alias            = "home"
-  tenancy_ocid     = var.tenancy_ocid
-  region           = [for i in data.oci_identity_region_subscriptions.this.region_subscriptions : i.region_name if i.is_home_region == true][0]
+  alias        = "home"
+  tenancy_ocid = var.tenancy_ocid
+  region       = [for i in data.oci_identity_region_subscriptions.this.region_subscriptions : i.region_name if i.is_home_region == true][0]
 }
 
 data "oci_identity_region_subscriptions" "this" {

examples/oci-logging-analytics/schema.yaml

@@ -9,45 +9,105 @@ It creates all the necessary OCI resources
 * Create Dynamic Groups
 * Create Logging Analytics Policies
 * Onboard Logging Analytics
+
 All this is done using terraform."
 
 schemaVersion: 1.1.0
 version: "20190304"
-
 logoUrl: "https://cloudmarketplace.oracle.com/marketplace/content?contentId=58352039"
-
 source:
   type: marketplace
   reference: 47726045
 
 locale: "en"
-
 variableGroups:
   - title: General Configuration
     visible: false
     variables:
       - tenancy_ocid
       - compartment_ocid
+      - compartment_id
       - region
 
-  - title: Optional Configuration
-    visible: true  
+  - title: Logging Analytics Configuration
     variables:
-      - log_analytics_namespace
+      - create_compartment
+      - compartment_ocid
+      - logging_analytics_compartment_name
       - logging_analytics_user_email
+      - onboard_logging_analytics
+      - log_analytics_namespace
+      - logging_analytics_group_name
+      - logging_analytics_user_name
+      - loganalytics_dynamic_group_name
+      - logging_analytics_policy_name
 
 variables:
-  log_analytics_namespace:
-    title: Logging Analytics Namespace for onboarding a tenancy (Tenancy Name)
-    required: false
-    default: ""
+  create_compartment:
+    type: enum
+    title: Create New Logging Analytics Compartment ?
+    enum:
+      - "yes"
+      - "no"
+    default: "yes"
+    required: true
+  
+  compartment_ocid:
+    type: oci:identity:compartment:id
+    title: Logging Analytics Compartment
+    description: Select the existing compartment
+    default: compartment_ocid
+    required: true
+    visible:
+      eq:
+        - create_compartment
+        - "no"
+  
+  logging_analytics_compartment_name:
+    type: string
+    title: New Logging Analytics Compartment Name
+    default: "Logging-Analytics-Compartment"
+    required: true
+    visible:
+      eq:
+        - create_compartment
+        - "yes"
+
   logging_analytics_user_email:
       title: logging analytics New User Email
       description: This will create a new user and sends the activation email. If not provided, it creates a user with dummy email.
-      required: false
-      default: ""
+      required: true
+      default: "[email protected]"
+  
+  onboard_logging_analytics:
+    type: enum
+    title: Onboard Logging Analytics Namespace ?
+    enum:
+      - "yes"
+      - "no"
+    default: "yes"
+    required: true
+  
+  logging_analytics_group_name:
+    title: Logging Analytics Admin group name
+    default: "Logging-Analytics-SuperAdmins"
+    required: true
 
- 
+  logging_analytics_user_name:
+    title: Logging Analytics User name
+    default: "Logging-Analytics-User-01"
+    required: true
+  
+  loganalytics_dynamic_group_name:
+    title: Logging Analytics dynamic group name
+    default: "ManagementAgentAdmins"
+    required: true
+  
+  logging_analytics_policy_name:
+    title: Logging Analytics Policy name
+    default: "Logging-Analytics-Policy"
+    required: true
+  
 outputGroups:
   - title: Logging Analytics Configuration
     outputs:

examples/oci-logging-analytics/variables.tf

@@ -6,7 +6,32 @@
 variable "tenancy_ocid" {}
 variable "compartment_ocid" {}
 variable "region" {}
-variable "log_analytics_namespace" {}
-variable "logging_analytics_user_email" {}
+
+variable "onboard_logging_analytics" {}
+
+variable "logging_analytics_user_email" {
+    default = "[email protected]"
+}
+
+variable "create_compartment" {}
+variable "logging_analytics_compartment_name" {
+  default = "Logging-Analytics-Compartment"
+}
+
+variable "logging_analytics_group_name" {
+  default = "Logging-Analytics-SuperAdmins"
+}
+
+variable "logging_analytics_user_name" {
+  default = "Logging-Analytics-User-01"
+}
+
+variable "loganalytics_dynamic_group_name" {
+  default = "ManagementAgentAdmins"
+}
+
+variable "logging_analytics_policy_name" {
+  default = "Logging-Analytics-Policy"
+}