Merge branch 'bastion' into 'development'

Resolve some naming conflicts and recover tenancy ocid See merge request pse-lz-dev/eslz!18
oracle-quickstart · Aug 9, 2022 · 3bee1d8 · 3bee1d8
2 parents 44d5628 + 1f3cd18
commit 3bee1d8
Show file tree

Hide file tree

Showing 7 changed files with 35 additions and 9 deletions.
diff --git a/budget/variables.tf b/budget/variables.tf
@@ -1,6 +1,11 @@
 # -----------------------------------------------------------------------------
 # Required inputs
 # -----------------------------------------------------------------------------
+variable "tenancy_ocid" {
+  type        = string
+  description = "the ocid of tenancy"
+}
+
 variable "budget_amount" {
   description = "The amount of the budget expressed as a whole number in the currency of the customer's rate card."
   default     = null

diff --git a/compartments.tf b/compartments.tf
@@ -12,7 +12,7 @@ locals {
 # Create Parent compartment, for top level organization
 # -----------------------------------------------------------------------------
 module "parent-compartment" {
-  source                     = "./compartments/parent-compartment"
+  source                     = "./compartments/parent_compartment"
   compartment_delete_enabled = var.is_sandbox_mode_enabled
   tenancy_ocid               = var.tenancy_ocid
   compartment_name           = var.parent_compartment_name
@@ -29,7 +29,7 @@ module "parent-compartment" {
 # Create compartment for common infrastructure compartments
 # -----------------------------------------------------------------------------
 module "common-infra-compartment" {
-  source                     = "./compartments/common-infra-compartment"
+  source                     = "./compartments/common_infra_compartment"
   compartment_delete_enabled = var.is_sandbox_mode_enabled
   parent_compartment_ocid    = module.parent-compartment.parent_compartment_id
   compartment_name           = var.common_infra_compartment_name
@@ -46,7 +46,7 @@ module "common-infra-compartment" {
 # Create compartment for application compartments
 # -----------------------------------------------------------------------------
 module "applications-compartment" {
-  source                     = "./compartments/applications-compartment"
+  source                     = "./compartments/applications_compartment"
   compartment_delete_enabled = var.is_sandbox_mode_enabled
   parent_compartment_ocid    = module.parent-compartment.parent_compartment_id
   compartment_name           = var.applications_compartment_name
@@ -63,7 +63,7 @@ module "applications-compartment" {
 # Create compartment for network components
 # -----------------------------------------------------------------------------
 module "network-compartment" {
-  source                        = "./compartments/network-compartment"
+  source                        = "./compartments/network_compartment"
   compartment_delete_enabled    = var.is_sandbox_mode_enabled
   common_infra_compartment_ocid = module.common-infra-compartment.common_infra_compartment_id
   compartment_name              = var.network_compartment_name
@@ -80,7 +80,7 @@ module "network-compartment" {
 # Create compartment for security components
 # -----------------------------------------------------------------------------
 module "security-compartment" {
-  source                        = "./compartments/security-compartment"
+  source                        = "./compartments/security_compartment"
   compartment_delete_enabled    = var.is_sandbox_mode_enabled
   common_infra_compartment_ocid = module.common-infra-compartment.common_infra_compartment_id
   compartment_name              = var.security_compartment_name

diff --git a/compartments/parent_compartment/variables.tf b/compartments/parent_compartment/variables.tf
@@ -1,6 +1,11 @@
 # -----------------------------------------------------------------------------
 # Required inputs
 # -----------------------------------------------------------------------------
+variable "tenancy_ocid" {
+  type        = string
+  description = "root-level / tenancy OCID"
+}
+
 variable "compartment_name" {
   type        = string
   description = "Name of the compartment to create"

diff --git a/iam/policies/main.tf b/iam/policies/main.tf
@@ -172,10 +172,14 @@ resource "oci_identity_policy" "security_admins_policy_network" {
   ]
 }
 
+resource "random_id" "security" {
+  byte_length = 4
+}
+
 resource "oci_identity_policy" "security_admins_policy_root" {
   compartment_id = var.tenancy_ocid
   description    = "OCI Landing Zone Security Admin Root Policy"
-  name           = "${var.security_admins_policy_name}-Root"
+  name           = "${var.security_admins_policy_name}-Root-${random_id.security.hex}"
 
   freeform_tags = {
     "Description" = "Root Policy for Security Admin Users",

diff --git a/security/audit/main.tf b/security/audit/main.tf
@@ -34,10 +34,14 @@ resource "time_offset" "bucket_creation_timestamp" {
   offset_days = 15
 }
 
+resource "random_id" "bucket" {
+  byte_length = 4
+}
+
 resource "oci_objectstorage_bucket" "audit_log_bucket" {
   compartment_id = var.security_compartment_ocid
   namespace      = data.oci_objectstorage_namespace.ns.namespace
-  name           = "${var.audit_log_bucket_name}${var.suffix}"
+  name           = "${var.audit_log_bucket_name}${var.suffix}${random_id.bucket.hex}"
   access_type    = "NoPublicAccess"
   kms_key_id     = var.key_id
   storage_tier   = "Archive"

diff --git a/security/cloud-guard/main.tf b/security/cloud-guard/main.tf
@@ -17,11 +17,15 @@ resource "oci_cloud_guard_cloud_guard_configuration" "tenancy_cloud_guard_config
 # ---------------------------------------------------------------------------------------------------------------------
 # Cloud Guard policies
 # ---------------------------------------------------------------------------------------------------------------------
+resource "random_id" "cloudguard" {
+  byte_length = 4
+}
+
 resource "oci_identity_policy" "cloud_guard_policy" {
   provider       = oci.home_region
   compartment_id = var.tenancy_ocid
   description    = "OCI Landing Zone Cloud Guard Policy"
-  name           = "${var.cloud_guard_policy_name}${var.suffix}"
+  name           = "${var.cloud_guard_policy_name}${var.suffix}${random_id.cloudguard.hex}"
 
   freeform_tags = {
     "Description" = "Cloud guard policy"

diff --git a/security/flow-logs/main.tf b/security/flow-logs/main.tf
@@ -21,10 +21,14 @@ resource "oci_logging_log_group" "central_log_group" {
   }
 }
 
+resource "random_id" "log" {
+  byte_length = 4
+}
+
 resource "oci_log_analytics_log_analytics_log_group" "log_analytics_log_group" {
   count          = var.using_third_party_siem ? 0 : 1
   compartment_id = var.security_compartment_ocid
-  display_name   = "${var.log_analytics_log_group_display_name}${var.suffix}"
+  display_name   = "${var.log_analytics_log_group_display_name}${var.suffix}${random_id.log.hex}"
   namespace      = data.oci_log_analytics_namespaces.logging_analytics_namespaces.namespace_collection[0].items[0].namespace
 
   freeform_tags = {