├── .gitignore ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── iam.tf ├── images ├── apply.png ├── create_stack.gif ├── destroy.png ├── orm_iam.png ├── orm_vault.png └── plan.png ├── provider.tf ├── schema.yaml ├── terraform.tfvars.example └── variables.tf /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | 8 | # Crash log files 9 | crash.log 10 | 11 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 12 | # .tfvars files are managed as part of configuration and so should be included in 13 | # version control. 14 | # 15 | # example.tfvars 16 | 17 | # Ignore override files as they are usually used to override resources locally and so 18 | # are not checked in 19 | override.tf 20 | override.tf.json 21 | *_override.tf 22 | *_override.tf.json 23 | 24 | .idea 25 | *.zip 26 | 27 | # Include override files you do wish to add to version control using negated pattern 28 | # 29 | # !example_override.tf 30 | 31 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 32 | # example: *tfplan* 33 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Oracle welcomes contributions to this repository from anyone. 4 | 5 | If you want to submit a pull request to fix a bug or enhance an existing 6 | feature, please first open an issue and link to that issue when you 7 | submit your pull request. 8 | 9 | If you have any questions about a possible submission, feel free to open 10 | an issue too. 11 | 12 | ## Contributing to the oci-ods-orm repository 13 | 14 | Pull requests can be made under 15 | [The Oracle Contributor Agreement](https://www.oracle.com/technetwork/community/oca-486395.html) (OCA). 16 | 17 | For pull requests to be accepted, the bottom of your commit message must have 18 | the following line using your name and e-mail address as it appears in the 19 | OCA Signatories list. 20 | 21 | ```Signed-off-by: Your Name ``` 22 | 23 | This can be automatically added to pull requests by committing with: 24 | 25 | ```git commit --signoff``` 26 | 27 | Only pull requests from committers that can be verified as having 28 | signed the OCA can be accepted. 29 | 30 | ### Pull request process 31 | 32 | 1. Fork this repository 33 | 1. Create a branch in your fork to implement the changes. We recommend using 34 | the issue number as part of your branch name, e.g. `1234-fixes` 35 | 1. Ensure that any documentation is updated with the changes that are required 36 | by your fix. 37 | 1. Ensure that any samples are updated if the base image has been changed. 38 | 1. Submit the pull request. *Do not leave the pull request blank*. Explain exactly 39 | what your changes are meant to do and provide simple steps on how to validate 40 | your changes. Ensure that you reference the issue you created as well. 41 | We will assign the pull request to 2-3 people for review before it is merged. -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2020 Oracle and/or its affiliates. All rights reserved. 2 | 3 | The Universal Permissive License (UPL), Version 1.0 4 | 5 | Subject to the condition set forth below, permission is hereby granted to any person obtaining a copy of this 6 | software, associated documentation and/or data (collectively the "Software"), free of charge and under any and 7 | all copyright rights in the Software, and any and all patent rights owned or freely licensable by each licensor 8 | hereunder covering either (i) the unmodified Software as contributed to or provided by such licensor, or 9 | (ii) the Larger Works (as defined below), to deal in both 10 | 11 | (a) the Software, and 12 | (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if one is included with the Software 13 | (each a “Larger Work” to which the Software is contributed by such licensors), 14 | 15 | without restriction, including without limitation the rights to copy, create derivative works of, display, 16 | perform, and distribute the Software and make, use, sell, offer for sale, import, export, have made, and have 17 | sold the Software and the Larger Work(s), and to sublicense the foregoing rights on either these or other terms. 18 | 19 | This license is subject to the following condition: 20 | The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must 21 | be included in all copies or substantial portions of the Software. 22 | 23 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO 24 | THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 25 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF 26 | CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 27 | IN THE SOFTWARE. 28 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Provision Oracle Data Science (**_ODS_**) Using Oracle Cloud Infrastructure Resource Manager and Terraform 2 | 3 | ## Introduction 4 | 5 | [![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-quickstart/oci-ods-orm/releases/download/v2.0.0.1/oci-ods-orm-v2.0.1.zip) 6 | 7 | This solution allows you to provision [Oracle Data Science (**_ODS_**)](https://docs.cloud.oracle.com/en-us/iaas/data-science/using/data-science.htm) and all its related artifacts using [Terraform](https://www.terraform.io/docs/providers/oci/index.html) and [Oracle Cloud Infrastructure Resource Manager](https://docs.cloud.oracle.com/en-us/iaas/Content/ResourceManager/Concepts/resourcemanager.htm). 8 | 9 | Below is a list of all artifacts that will be provisioned: 10 | 11 | | Component | Default Name | Optional | Notes 12 | |--------------|-------------------------|----------|:-----------| 13 | | [Group](https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Tasks/managinggroups.htm) | Oracle Cloud Infrastructure Users Group | False | All Policies are granted to this group, you can add users to this group to grant me access to ODS services. 14 | | [Dynamic Group](https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm) | Oracle Cloud Infrastructure Dynamic Group | False | Dynamic Group for Data Science Resources. 15 | | [Policies (compartment)](https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm) | Oracle Cloud Infrastructure Security Policies | False | A policy at the compartment level to grant access to ODS 16 | | [Vault Master Key](https://docs.cloud.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm) | Oracle Cloud Infrastructure Vault Master Key | True | Oracle Cloud Infrastructure Vault Master Key can be used encrypt/decrypt credentials for secured access. 17 | 18 | ## Prerequisite 19 | 20 | - You need a user with an **Administrator** privileges to execute the ORM stack or Terraform scripts. 21 | - Make sure your tenancy has service limits availabilities for the above components in the table. 22 | 23 | ## Using Oracle Resource Manager (ORM) 24 | 25 | 1. clone repo `git clone git@github.com:oracle-quickstart/oci-ods-orm.git` 26 | 1. Download [`oci-ods-orm-v2.0.1.zip`](https://github.com/oracle-quickstart/oci-ods-orm/releases/download/v2.0.0.1/oci-ods-orm-v2.0.1.zip) file 27 | 1. From Oracle Cloud Infrastructure **Console/Resource Manager**, create a new stack. 28 | 1. Make sure you select **My Configurations** and then upload the zip file downloaded in the previous step. 29 | 1. Set a name for the stack and click Next. 30 | 1. Set the required variables values and then Create. 31 | ![create stack](images/create_stack.gif) 32 | 33 | 1. From the stack details page, Select **Plan** under **Terraform Actions** menu button and make sure it completes successfully. 34 | ![plan](images/plan.png) 35 | 36 | 1. From the stack details page, Select **Apply** under **Terraform Actions** menu button and make sure it completes successfully. 37 | ![Apply](images/apply.png) 38 | 39 | 1. To destroy all created artifacts, from the stack details page, Select **Destroy** under **Terraform Actions** menu button and make sure it completes successfully. 40 | ![Destroy](images/destroy.png) 41 | 42 | ### Understanding Provisioning Options 43 | 44 | - **IAM Groups/Policies** change default names of Groups and Policies to be created. 45 | 46 | ![IAM Configs](images/orm_iam.png) 47 | 48 | - If **Enable Vault Support** is selected, Oracle Cloud Infrastructure Vault along with all required IAM policies will be provisioned, you can change the default values if needed, otherwise Oracle Cloud Infrastructure Vault will not be provisioned. 49 | 50 | ![Vault Configs](images/orm_vault.png) 51 | 52 | ## Using Terraform 53 | 54 | 1. Clone repo 55 | 56 | ```bash 57 | git clone git@github.com:oracle-quickstart/oci-ods-orm.git 58 | cd oci-ods-orm/terraform 59 | ``` 60 | 61 | 1. Create a copy of the file **oci-ods-orm/terraform/terraform.tfvars.example** in the same directory and name it **terraform.tfvars**. 62 | 1. Open the newly created **oci-ods-orm/terraform/terraform.tfvars** file and edit the following sections: 63 | - **TF Requirements** : Add your Oracle Cloud Infrastructure user and tenant details: 64 | 65 | ```text 66 | #************************************* 67 | # TF Requirements 68 | #************************************* 69 | 70 | // Oracle Cloud Infrastructure Region, user "Region Identifier" as documented here https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm 71 | region="" 72 | // The Compartment OCID to provision artificats within 73 | compartment_ocid="" 74 | // Oracle Cloud Infrastructure User OCID, more details can be found at https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#five 75 | user_ocid="" 76 | // Oracle Cloud Infrastructure tenant OCID, more details can be found at https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#five 77 | tenancy_ocid="" 78 | // Path to private key used to create Oracle Cloud Infrastructure "API Key", more details can be found at https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/credentials.htm#two 79 | private_key_path="" 80 | // "API Key" fingerprint, more details can be found at https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/credentials.htm#two 81 | fingerprint="" 82 | ``` 83 | 84 | - **IAM Requirements**: Check default values for IAM artifacts and change them if needed 85 | 86 | ```text 87 | #************************************* 88 | # IAM Specific 89 | #************************************* 90 | 91 | // ODS IAM Group Name (no spaces) 92 | ods_group_name= "DataScienceGroup" 93 | // ODS IAM Dynamic Group Name (no spaces) 94 | ods_dynamic_group_name= "DataScienceDynamicGroup" 95 | // ODS IAM Policy Name (no spaces) 96 | ods_policy_name= "DataSciencePolicies" 97 | // If enabled, the needed OCI policies to manage "OCI Vault service" will be created 98 | enable_vault_policies= true 99 | ``` 100 | 101 | - **Vault Specific**: check default values for OCI Vault and change them if needed 102 | 103 | ```text 104 | #************************************* 105 | # Vault Specific 106 | #************************************* 107 | // If enabled, an Oracle Cloud Infrastructure Vault along with the needed policies to manage "Vault service" will be created 108 | enable_vault= true 109 | // ODS Vault Name 110 | ods_vault_name= "Data Science Vault" 111 | // ODS Vault Type, allowed values (VIRTUAL, DEFAULT) 112 | ods_vault_type = "DEFAULT" 113 | // If enabled, a Vault Master Key will be created. 114 | enable_create_vault_master_key = true 115 | // ODS Vault Master Key Name 116 | ods_vault_master_key_name = "DataScienceKey" 117 | // ODS Vault Master Key length, allowed values (16, 24, 32) 118 | ods_vault_master_key_length = 32 119 | ``` 120 | 121 | 1. Open file **oci-ods-orm/terraform/provider.tf** and uncomment the (user_id , fingerprint, private_key_path) in the **_two_** providers (**Default Provider** and **Home Provider**) 122 | 123 | ```text 124 | // Default Provider 125 | provider "oci" { 126 | region = var.region 127 | tenancy_ocid = var.tenancy_ocid 128 | ###### Uncomment the below if running locally using terraform and not as Oracle Cloud Infrastructure Resource Manager stack ##### 129 | // user_ocid = var.user_ocid 130 | // fingerprint = var.fingerprint 131 | // private_key_path = var.private_key_path 132 | 133 | } 134 | 135 | 136 | 137 | // Home Provider 138 | provider "oci" { 139 | alias = "home" 140 | region = lookup(data.oci_identity_regions.home-region.regions[0], "name") 141 | tenancy_ocid = var.tenancy_ocid 142 | ###### Uncomment the below if running locally using terraform and not as Oracle Cloud Infrastructure Resource Manager stack ##### 143 | // user_ocid = var.user_ocid 144 | // fingerprint = var.fingerprint 145 | // private_key_path = var.private_key_path 146 | 147 | } 148 | ``` 149 | 150 | 1. Initialize terraform provider 151 | 152 | ```bash 153 | > terraform init 154 | ``` 155 | 156 | 1. Plan terraform scripts 157 | 158 | ```bash 159 | > terraform plan 160 | ``` 161 | 162 | 1. Run terraform scripts 163 | 164 | ```bash 165 | > terraform apply -auto-approve 166 | ``` 167 | 168 | 1. To Destroy all created artifacts 169 | 170 | ```bash 171 | > terraform destroy -auto-approve 172 | ``` 173 | 174 | ## Contributing 175 | 176 | `oci-ods-orm` is an open source project. See [CONTRIBUTING](CONTRIBUTING.md) for details. 177 | 178 | Oracle gratefully acknowledges the contributions to `oci-ods-orm` that have been made by the community. 179 | -------------------------------------------------------------------------------- /iam.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl. 3 | # 4 | 5 | #************************************* 6 | # Groups 7 | #************************************* 8 | 9 | resource "oci_identity_group" "ods-group" { 10 | provider = oci.home 11 | compartment_id = var.tenancy_ocid 12 | description = "Data Science Group" 13 | name = var.ods_group_name 14 | } 15 | 16 | #************************************* 17 | # Dynamic Groups 18 | #************************************* 19 | 20 | resource "oci_identity_dynamic_group" "ods-dynamic-group" { 21 | provider = oci.home 22 | compartment_id = var.tenancy_ocid 23 | description = "Data Science Dynamic Group" 24 | name = var.ods_dynamic_group_name 25 | matching_rule = "any {all {resource.type='datasciencenotebooksession',resource.compartment.id='${var.compartment_ocid}'}, all {resource.type='datasciencejobrun',resource.compartment.id='${var.compartment_ocid}'}, all {resource.type='datasciencemodeldeployment',resource.compartment.id='${var.compartment_ocid}'}}" 26 | } 27 | 28 | #************************************* 29 | # Policies 30 | #************************************* 31 | locals { 32 | ods_policies = [ 33 | "Allow service datascience to use virtual-network-family in compartment ${data.oci_identity_compartment.current_compartment.name}", 34 | "Allow group ${oci_identity_group.ods-group.name} to read metrics in compartment ${data.oci_identity_compartment.current_compartment.name}", 35 | "Allow group ${oci_identity_group.ods-group.name} to manage data-science-family in compartment ${data.oci_identity_compartment.current_compartment.name}" , 36 | "Allow group ${oci_identity_group.ods-group.name} to manage log-groups in compartment ${data.oci_identity_compartment.current_compartment.name}", 37 | "Allow group ${oci_identity_group.ods-group.name} to use log-content in compartment ${data.oci_identity_compartment.current_compartment.name}", 38 | "Allow group ${oci_identity_group.ods-group.name} to use virtual-network-family in compartment ${data.oci_identity_compartment.current_compartment.name}", 39 | "Allow group ${oci_identity_group.ods-group.name} to use object-family in compartment ${data.oci_identity_compartment.current_compartment.name}", 40 | "Allow dynamic-group ${oci_identity_dynamic_group.ods-dynamic-group.name} to use log-content in compartment ${data.oci_identity_compartment.current_compartment.name}", 41 | "Allow dynamic-group ${oci_identity_dynamic_group.ods-dynamic-group.name} to read virtual-network-family in compartment ${data.oci_identity_compartment.current_compartment.name}", 42 | "Allow dynamic-group ${oci_identity_dynamic_group.ods-dynamic-group.name} to manage data-science-family in compartment ${data.oci_identity_compartment.current_compartment.name}", 43 | "Allow dynamic-group ${oci_identity_dynamic_group.ods-dynamic-group.name} to use object-family in compartment ${data.oci_identity_compartment.current_compartment.name}", 44 | "Allow dynamic-group ${oci_identity_dynamic_group.ods-dynamic-group.name} to read repos in compartment ${data.oci_identity_compartment.current_compartment.name}" 45 | ] 46 | vault_policies = [ 47 | "Allow group ${oci_identity_group.ods-group.name} to use vaults in compartment ${data.oci_identity_compartment.current_compartment.name}", 48 | "Allow group ${oci_identity_group.ods-group.name} to manage keys in compartment ${data.oci_identity_compartment.current_compartment.name}", 49 | "Allow dynamic-group ${oci_identity_dynamic_group.ods-dynamic-group.name} to use vaults in compartment ${data.oci_identity_compartment.current_compartment.name}", 50 | "Allow dynamic-group ${oci_identity_dynamic_group.ods-dynamic-group.name} to manage keys in compartment ${data.oci_identity_compartment.current_compartment.name}" 51 | ] 52 | ods_root_policies = [ 53 | "Allow service datascience to use virtual-network-family in tenancy", 54 | "Allow group ${oci_identity_group.ods-group.name} to read metrics in tenancy", 55 | "Allow group ${oci_identity_group.ods-group.name} to manage data-science-family in tenancy" , 56 | "Allow group ${oci_identity_group.ods-group.name} to manage log-groups in tenancy", 57 | "Allow group ${oci_identity_group.ods-group.name} to use log-content in tenancy", 58 | "Allow group ${oci_identity_group.ods-group.name} to use virtual-network-family in tenancy", 59 | "Allow group ${oci_identity_group.ods-group.name} to use object-family in tenancy", 60 | "Allow dynamic-group ${oci_identity_dynamic_group.ods-dynamic-group.name} to use log-content in tenancy", 61 | "Allow dynamic-group ${oci_identity_dynamic_group.ods-dynamic-group.name} to read virtual-network-family in tenancy", 62 | "Allow dynamic-group ${oci_identity_dynamic_group.ods-dynamic-group.name} to manage data-science-family in tenancy", 63 | "Allow dynamic-group ${oci_identity_dynamic_group.ods-dynamic-group.name} to use object-family in tenancy", 64 | "Allow dynamic-group ${oci_identity_dynamic_group.ods-dynamic-group.name} to read repos in tenancy" 65 | ] 66 | vault_root_policies = [ 67 | "Allow group ${oci_identity_group.ods-group.name} to use vaults in tenancy", 68 | "Allow group ${oci_identity_group.ods-group.name} to manage keys in tenancy", 69 | "Allow dynamic-group ${oci_identity_dynamic_group.ods-dynamic-group.name} to use vaults in tenancy", 70 | "Allow dynamic-group ${oci_identity_dynamic_group.ods-dynamic-group.name} to manage keys in tenancy" 71 | ] 72 | } 73 | resource "oci_identity_policy" "ods-policy" { 74 | provider = oci.home 75 | compartment_id = var.compartment_ocid 76 | description = "Data Science Policies" 77 | name = var.ods_policy_name 78 | statements = var.compartment_ocid == var.tenancy_ocid ? var.enable_vault ? concat(local.ods_root_policies, local.vault_root_policies) : local.ods_root_policies : var.enable_vault ? concat(local.ods_policies, local.vault_policies) : local.ods_policies 79 | 80 | } 81 | 82 | #************************************* 83 | # Vault 84 | #************************************* 85 | 86 | resource "oci_kms_vault" "ods-vault" { 87 | count = var.enable_vault ? 1 : 0 88 | #Required 89 | compartment_id = var.compartment_ocid 90 | display_name = var.ods_vault_name 91 | vault_type = var.ods_vault_type 92 | } 93 | 94 | resource "oci_kms_key" "ods-key" { 95 | count = var.enable_vault ? var.enable_create_vault_master_key ? 1 : 0 : 0 96 | #Required 97 | compartment_id = var.compartment_ocid 98 | display_name = var.ods_vault_master_key_name 99 | key_shape { 100 | #Required 101 | algorithm = "AES" 102 | length = var.ods_vault_master_key_length 103 | } 104 | management_endpoint = oci_kms_vault.ods-vault[0].management_endpoint 105 | } 106 | -------------------------------------------------------------------------------- /images/apply.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-ods-orm/9bc9cb3f1db7d6df4b72015f7b155856b68dbdb3/images/apply.png -------------------------------------------------------------------------------- /images/create_stack.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-ods-orm/9bc9cb3f1db7d6df4b72015f7b155856b68dbdb3/images/create_stack.gif -------------------------------------------------------------------------------- /images/destroy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-ods-orm/9bc9cb3f1db7d6df4b72015f7b155856b68dbdb3/images/destroy.png -------------------------------------------------------------------------------- /images/orm_iam.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-ods-orm/9bc9cb3f1db7d6df4b72015f7b155856b68dbdb3/images/orm_iam.png -------------------------------------------------------------------------------- /images/orm_vault.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-ods-orm/9bc9cb3f1db7d6df4b72015f7b155856b68dbdb3/images/orm_vault.png -------------------------------------------------------------------------------- /images/plan.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-ods-orm/9bc9cb3f1db7d6df4b72015f7b155856b68dbdb3/images/plan.png -------------------------------------------------------------------------------- /provider.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl. 3 | # 4 | 5 | terraform { 6 | required_version = ">= 1.0" 7 | } 8 | 9 | // Default Provider 10 | provider "oci" { 11 | region = var.region 12 | tenancy_ocid = var.tenancy_ocid 13 | ###### Uncomment the below if running locally using terraform and not as OCI Resource Manager stack ##### 14 | // user_ocid = var.user_ocid 15 | // fingerprint = var.fingerprint 16 | // private_key_path = var.private_key_path 17 | 18 | } 19 | 20 | 21 | 22 | // Home Provider 23 | provider "oci" { 24 | alias = "home" 25 | region = lookup(data.oci_identity_regions.home-region.regions[0], "name") 26 | tenancy_ocid = var.tenancy_ocid 27 | ###### Uncomment the below if running locally using terraform and as not OCI Resource Manager stack ##### 28 | // user_ocid = var.user_ocid 29 | // fingerprint = var.fingerprint 30 | // private_key_path = var.private_key_path 31 | } 32 | -------------------------------------------------------------------------------- /schema.yaml: -------------------------------------------------------------------------------- 1 | # Title shown in Application Information tab. 2 | title: "Data Science Resource Manager Stack" 3 | # Sub Title shown in Application Information tab. 4 | description: "Provision Data Science and its prerequisites" 5 | schemaVersion: 1.1.0 6 | version: "1.0" 7 | locale: "en" 8 | variableGroups: 9 | - title: "Hidden" 10 | variables: 11 | - compartment_ocid 12 | - tenancy_ocid 13 | - user_ocid 14 | - region 15 | - fingerprint 16 | - private_key_path 17 | visible: false 18 | - title: "Provision in" 19 | variables: 20 | - region 21 | - compartment_ocid 22 | visible: false 23 | - title: "IAM Groups and Policies Configuration" 24 | variables: 25 | - ods_group_name 26 | - ods_dynamic_group_name 27 | - ods_policy_name 28 | - title: "Vault Configuration" 29 | variables: 30 | - enable_vault 31 | - ods_use_existing_vault 32 | - ods_existing_vault 33 | - ods_vault_name 34 | - ods_vault_type 35 | - enable_create_vault_master_key 36 | - ods_vault_master_key_name 37 | - ods_vault_master_key_length 38 | 39 | variables: 40 | region: 41 | type: oci:identity:region:name 42 | required: true 43 | visible: true 44 | compartment_ocid: 45 | type: oci:identity:compartment:id 46 | required: true 47 | title: "Compartment" 48 | visible: true 49 | tenancy_ocid: 50 | type: string 51 | required: true 52 | visible: false 53 | ods_group_name: 54 | type: string 55 | title: "Group Name for security policies" 56 | description: "Do not use spaces." 57 | required: true 58 | default: "DataScienceGroup" 59 | pattern: "^[a-zA-Z0-9]+$" 60 | ods_dynamic_group_name: 61 | type: string 62 | title: "Dynamic Group Name for Data Science resources" 63 | description: "Do not use spaces." 64 | required: true 65 | default: "DataScienceDynamicGroup" 66 | pattern: "^[a-zA-Z0-9]+$" 67 | ods_policy_name: 68 | type: string 69 | title: "Policy Name (Compartment Level)" 70 | description: "Do not use spaces." 71 | required: true 72 | default: "DataSciencePolicies" 73 | pattern: "^[a-zA-Z0-9]+$" 74 | enable_vault: 75 | type: boolean 76 | title: "Enable Vault Support ?" 77 | description: "Use a vault to store secrets and manage encrypted resources." 78 | required: true 79 | default: false 80 | ods_use_existing_vault: 81 | type: boolean 82 | title: "Use Existing vault?" 83 | description: "Use a pre-existing vault in the current compartment." 84 | required: true 85 | default: false 86 | visible: enable_vault 87 | 88 | ods_existing_vault: 89 | type: oci:kms:vault:id 90 | title: "Select a vault" 91 | dependsOn: 92 | compartmentId: ${compartment_ocid} 93 | visible: 94 | and: 95 | - ods_use_existing_vault 96 | - enable_vault 97 | 98 | ods_vault_name: 99 | type: string 100 | title: "Vault Name" 101 | default: "Data Science Vault" 102 | required: true 103 | visible: 104 | and: 105 | - enable_vault 106 | - not: 107 | - ods_use_existing_vault 108 | ods_vault_type: 109 | type: enum 110 | title: "Vault Type" 111 | default: "DEFAULT" 112 | required: true 113 | visible: 114 | and: 115 | - enable_vault 116 | - not: 117 | - ods_use_existing_vault 118 | enum: 119 | - DEFAULT 120 | - VIRTUAL 121 | enable_create_vault_master_key: 122 | type: boolean 123 | title: "Create a master encryption key in the vault?" 124 | required: true 125 | default: true 126 | visible: 127 | and: 128 | - enable_vault 129 | - not: 130 | - ods_use_existing_vault 131 | ods_vault_master_key_name: 132 | type: string 133 | title: "Master Encryption Key Name" 134 | default: "DataScienceKey" 135 | required: true 136 | visible: 137 | and: 138 | - enable_vault 139 | - enable_create_vault_master_key 140 | - not: 141 | - ods_use_existing_vault 142 | 143 | ods_vault_master_key_length: 144 | type: enum 145 | title: "Length of the master encryption key" 146 | default: 32 147 | required: true 148 | visible: 149 | and: 150 | - enable_vault 151 | - enable_create_vault_master_key 152 | - not: 153 | - ods_use_existing_vault 154 | enum: 155 | - 16 156 | - 24 157 | - 32 158 | -------------------------------------------------------------------------------- /terraform.tfvars.example: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl. 3 | # 4 | 5 | #************************************* 6 | # IAM Specific 7 | #************************************* 8 | 9 | // ODS IAM Group Name (no spaces) 10 | ods_group_name= "DataScienceGroup" 11 | // ODS IAM Dynamic Group Name (no spaces) 12 | ods_dynamic_group_name= "DataScienceDynamicGroup" 13 | // ODS IAM Policy Name (no spaces) 14 | ods_policy_name= "DataSciencePolicies" 15 | 16 | #************************************* 17 | # Vault Specific 18 | #************************************* 19 | // If enabled, an OCI Vault along with the needed OCI policies to manage "Vault service" will be created 20 | enable_vault= true 21 | // ODS Vault Name 22 | ods_vault_name= "Data Science Vault" 23 | // ODS Vault Type, allowed values (VIRTUAL, DEFAULT) 24 | ods_vault_type = "DEFAULT" 25 | // If enabled, a Vault Master Key will be created. 26 | enable_create_vault_master_key = true 27 | // ODS Vault Master Key Name 28 | ods_vault_master_key_name = "DataScienceKey" 29 | // ODS Vault Master Key length, allowed values (16, 24, 32) 30 | ods_vault_master_key_length = 32 31 | 32 | #************************************* 33 | # TF Requirements 34 | #************************************* 35 | 36 | // OCI Region, user "Region Identifier" as documented here https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm 37 | region="" 38 | // The Compartment OCID to provision artificats within 39 | compartment_ocid="" 40 | // OCI User OCID, more details can be found at https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#five 41 | user_ocid="" 42 | // OCI tenant OCID, more details can be found at https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#five 43 | tenancy_ocid="" 44 | // Path to private key used to create OCI "API Key", more details can be found at https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/credentials.htm#two 45 | private_key_path="" 46 | // "API Key" fingerprint, more details can be found at https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/credentials.htm#two 47 | fingerprint="" 48 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl. 3 | # 4 | 5 | #************************************* 6 | # IAM Specific 7 | #************************************* 8 | 9 | variable "ods_group_name" { 10 | default = "DataScienceGroup" 11 | } 12 | variable "ods_dynamic_group_name" { 13 | default = "DataScienceDynamicGroup" 14 | } 15 | variable "ods_policy_name" { 16 | default = "DataSciencePolicies" 17 | } 18 | 19 | #************************************* 20 | # Vault Specific 21 | #************************************* 22 | variable "enable_vault" { 23 | type = bool 24 | default = true 25 | } 26 | variable "ods_use_existing_vault" { 27 | type = bool 28 | default = false 29 | } 30 | variable "ods_vault_name" { 31 | default = "Data Science Vault" 32 | } 33 | variable "ods_vault_type" { 34 | default = "DEFAULT" 35 | } 36 | variable "enable_create_vault_master_key" { 37 | type = bool 38 | default = true 39 | } 40 | variable "ods_vault_master_key_name" { 41 | default = "Data Science Master Key" 42 | } 43 | variable "ods_vault_master_key_length" { 44 | default = 32 45 | } 46 | #************************************* 47 | # TF Requirements 48 | #************************************* 49 | variable "tenancy_ocid" { 50 | default = "" 51 | } 52 | variable "region" { 53 | default = "" 54 | } 55 | variable "user_ocid" { 56 | default = "" 57 | } 58 | variable "private_key_path" { 59 | default = "" 60 | } 61 | variable "fingerprint" { 62 | default = "" 63 | } 64 | variable "compartment_ocid" { 65 | default = "" 66 | } 67 | 68 | #************************************* 69 | # Data Sources 70 | #************************************* 71 | 72 | data "oci_identity_tenancy" "tenant_details" { 73 | #Required 74 | tenancy_id = var.tenancy_ocid 75 | } 76 | data "oci_identity_regions" "home-region" { 77 | filter { 78 | name = "key" 79 | values = [data.oci_identity_tenancy.tenant_details.home_region_key] 80 | } 81 | } 82 | data "oci_identity_regions" "current_region" { 83 | filter { 84 | name = "name" 85 | values = [var.region] 86 | } 87 | } 88 | data "oci_identity_compartment" "current_compartment" { 89 | #Required 90 | id = var.compartment_ocid 91 | } 92 | 93 | --------------------------------------------------------------------------------