Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(examples): flexible bootstrap options #22

Merged
merged 1 commit into from
Apr 18, 2024
Merged

feat(examples): flexible bootstrap options #22

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion examples/multi_nic_common/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the
| [google_compute_instance.linux_vm](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance) | resource |
| [google_compute_route.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_route) | resource |
| [local_file.bootstrap_xml](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.init_cfg](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_sensitive_file.init_cfg](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |
| [google_compute_image.my_image](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_image) | data source |

### Inputs
Expand Down
17 changes: 7 additions & 10 deletions examples/multi_nic_common/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,20 +29,17 @@ resource "local_file" "bootstrap_xml" {
)
}

resource "local_file" "init_cfg" {
resource "local_sensitive_file" "init_cfg" {

for_each = { for k, v in var.vmseries : k => v
if can(v.bootstrap_template_map)
}

filename = "files/${each.key}/config/init-cfg.txt"
content = templatefile("templates/init-cfg.tmpl",
{
panorama-server = try(each.value.bootstrap_options.panorama-server, var.vmseries_common.bootstrap_options.panorama-server, "")
type = try(each.value.bootstrap_options.type, var.vmseries_common.bootstrap_options.type, "")
dns-primary = try(each.value.bootstrap_options.dns-primary, var.vmseries_common.bootstrap_options.dns-primary, "")
dns-secondary = try(each.value.bootstrap_options.dns-secondary, var.vmseries_common.bootstrap_options.dns-secondary, "")
})
content = templatefile(
"templates/init-cfg.tmpl",
{ bootstrap_options = merge(var.vmseries_common.bootstrap_options, each.value.bootstrap_options) }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we exclude some bootstrap_options here like authcodes for example?

Copy link
Contributor Author

@michalbil michalbil Apr 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point! However, simply excluding those will result in making licensing options not available.
To exclude sensitive data from output of plan/apply, which is definitely relevant if such logs are stored in, for example, some CI/CD system, I've updated resource to local_sensitive_file.
Storing contents in the tfstate (eg. in a bucket) is a different story - you either have it or have no panorama licensing at all. This should be covered by local or bucket-level protection (encryption, appropriate access control).
Unless you have any proposal, I will mark this one as resolved.

)
}

module "bootstrap" {
Expand All @@ -56,8 +53,8 @@ module "bootstrap" {
service_account = module.iam_service_account[each.value.service_account_key].email
location = each.value.location
files = merge(
{ for k, v in var.vmseries : "files/${k}/config/bootstrap.xml" => "${k}/config/bootstrap.xml" },
{ for k, v in var.vmseries : "files/${k}/config/init-cfg.txt" => "${k}/config/init-cfg.txt" },
{ for k, v in var.vmseries : "files/${k}/config/bootstrap.xml" => "${k}/config/bootstrap.xml" if can(v.bootstrap_template_map) },
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How do we handle authcodes in the example? How we do the licensing in general?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently authcodes are not handled in the examples.

{ for k, v in var.vmseries : "files/${k}/config/init-cfg.txt" => "${k}/config/init-cfg.txt" if can(v.bootstrap_template_map) },
)
}

Expand Down
15 changes: 3 additions & 12 deletions examples/multi_nic_common/templates/init-cfg.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,3 @@
%{ if panorama-server != "" ~}
panorama-server=${panorama-server}
%{ endif ~}
%{ if type != "" ~}
type=${type}
%{ endif ~}
%{ if dns-primary != "" ~}
dns-primary=${dns-primary}
%{ endif ~}
%{ if dns-secondary != "" ~}
dns-secondary=${dns-secondary}
%{ endif ~}
%{ for k, v in bootstrap_options ~}
${k}=${v}
%{ endfor ~}
2 changes: 1 addition & 1 deletion examples/vmseries_ha/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@ Check the succesful inbound and outbound traffic fail-over to and from the spoke
| [google_compute_instance.linux_vm](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance) | resource |
| [google_compute_route.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_route) | resource |
| [local_file.bootstrap_xml](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.init_cfg](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_sensitive_file.init_cfg](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |
| [google_compute_image.my_image](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_image) | data source |

### Inputs
Expand Down
19 changes: 8 additions & 11 deletions examples/vmseries_ha/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,20 +32,17 @@ resource "local_file" "bootstrap_xml" {
)
}

resource "local_file" "init_cfg" {
resource "local_sensitive_file" "init_cfg" {

for_each = { for k, v in var.vmseries : k => v
if can(v.bootstrap_template_map)
}

filename = "files/${each.key}/config/init-cfg.txt"
content = templatefile("templates/init-cfg.tmpl",
{
panorama-server = try(each.value.bootstrap_options.panorama-server, var.vmseries_common.bootstrap_options.panorama-server, "")
type = try(each.value.bootstrap_options.type, var.vmseries_common.bootstrap_options.type, "")
dns-primary = try(each.value.bootstrap_options.dns-primary, var.vmseries_common.bootstrap_options.dns-primary, "")
dns-secondary = try(each.value.bootstrap_options.dns-secondary, var.vmseries_common.bootstrap_options.dns-secondary, "")
})
content = templatefile(
"templates/init-cfg.tmpl",
{ bootstrap_options = merge(var.vmseries_common.bootstrap_options, each.value.bootstrap_options) }
)
}

module "bootstrap" {
Expand All @@ -59,10 +56,10 @@ module "bootstrap" {
service_account = module.iam_service_account[each.value.service_account_key].email
location = each.value.location
files = merge(
{ for k, v in var.vmseries : "files/${k}/config/bootstrap.xml" => "${k}/config/bootstrap.xml" },
{ for k, v in var.vmseries : "files/${k}/config/init-cfg.txt" => "${k}/config/init-cfg.txt" },
{ for k, v in var.vmseries : "files/${k}/config/bootstrap.xml" => "${k}/config/bootstrap.xml" if can(v.bootstrap_template_map) },
{ for k, v in var.vmseries : "files/${k}/config/init-cfg.txt" => "${k}/config/init-cfg.txt" if can(v.bootstrap_template_map) },
)
depends_on = [local_file.bootstrap_xml, local_file.init_cfg]
depends_on = [local_file.bootstrap_xml, local_sensitive_file.init_cfg]
}

module "vpc" {
Expand Down
15 changes: 3 additions & 12 deletions examples/vmseries_ha/templates/init-cfg.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,3 @@
%{ if panorama-server != "" ~}
panorama-server=${panorama-server}
%{ endif ~}
%{ if type != "" ~}
type=${type}
%{ endif ~}
%{ if dns-primary != "" ~}
dns-primary=${dns-primary}
%{ endif ~}
%{ if dns-secondary != "" ~}
dns-secondary=${dns-secondary}
%{ endif ~}
%{ for k, v in bootstrap_options ~}
${k}=${v}
%{ endfor ~}
2 changes: 1 addition & 1 deletion examples/vpc_peering_common/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -217,7 +217,7 @@ please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the
| [google_compute_instance.linux_vm](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance) | resource |
| [google_compute_route.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_route) | resource |
| [local_file.bootstrap_xml](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.init_cfg](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_sensitive_file.init_cfg](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |
| [google_compute_image.my_image](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_image) | data source |

### Inputs
Expand Down
17 changes: 7 additions & 10 deletions examples/vpc_peering_common/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,20 +27,17 @@ resource "local_file" "bootstrap_xml" {
)
}

resource "local_file" "init_cfg" {
resource "local_sensitive_file" "init_cfg" {

for_each = { for k, v in var.vmseries : k => v
if can(v.bootstrap_template_map)
}

filename = "files/${each.key}/config/init-cfg.txt"
content = templatefile("templates/init-cfg.tmpl",
{
panorama-server = try(each.value.bootstrap_options.panorama-server, var.vmseries_common.bootstrap_options.panorama-server, "")
type = try(each.value.bootstrap_options.type, var.vmseries_common.bootstrap_options.type, "")
dns-primary = try(each.value.bootstrap_options.dns-primary, var.vmseries_common.bootstrap_options.dns-primary, "")
dns-secondary = try(each.value.bootstrap_options.dns-secondary, var.vmseries_common.bootstrap_options.dns-secondary, "")
})
content = templatefile(
"templates/init-cfg.tmpl",
{ bootstrap_options = merge(var.vmseries_common.bootstrap_options, each.value.bootstrap_options) }
)
}

module "bootstrap" {
Expand All @@ -54,8 +51,8 @@ module "bootstrap" {
service_account = module.iam_service_account[each.value.service_account_key].email
location = each.value.location
files = merge(
{ for k, v in var.vmseries : "files/${k}/config/bootstrap.xml" => "${k}/config/bootstrap.xml" },
{ for k, v in var.vmseries : "files/${k}/config/init-cfg.txt" => "${k}/config/init-cfg.txt" },
{ for k, v in var.vmseries : "files/${k}/config/bootstrap.xml" => "${k}/config/bootstrap.xml" if can(v.bootstrap_template_map) },
{ for k, v in var.vmseries : "files/${k}/config/init-cfg.txt" => "${k}/config/init-cfg.txt" if can(v.bootstrap_template_map) },
)
}

Expand Down
15 changes: 3 additions & 12 deletions examples/vpc_peering_common/templates/init-cfg.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,3 @@
%{ if panorama-server != "" ~}
panorama-server=${panorama-server}
%{ endif ~}
%{ if type != "" ~}
type=${type}
%{ endif ~}
%{ if dns-primary != "" ~}
dns-primary=${dns-primary}
%{ endif ~}
%{ if dns-secondary != "" ~}
dns-secondary=${dns-secondary}
%{ endif ~}
%{ for k, v in bootstrap_options ~}
${k}=${v}
%{ endfor ~}
2 changes: 1 addition & 1 deletion examples/vpc_peering_common_with_network_tags/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -235,7 +235,7 @@ please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the
| [google_compute_instance.linux_vm](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance) | resource |
| [google_compute_route.route](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_route) | resource |
| [local_file.bootstrap_xml](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.init_cfg](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_sensitive_file.init_cfg](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |
| [google_compute_image.my_image](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_image) | data source |

### Inputs
Expand Down
17 changes: 7 additions & 10 deletions examples/vpc_peering_common_with_network_tags/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,20 +27,17 @@ resource "local_file" "bootstrap_xml" {
)
}

resource "local_file" "init_cfg" {
resource "local_sensitive_file" "init_cfg" {

for_each = { for k, v in var.vmseries : k => v
if can(v.bootstrap_template_map)
}

filename = "files/${each.key}/config/init-cfg.txt"
content = templatefile("templates/init-cfg.tmpl",
{
panorama-server = try(each.value.bootstrap_options.panorama-server, var.vmseries_common.bootstrap_options.panorama-server, "")
type = try(each.value.bootstrap_options.type, var.vmseries_common.bootstrap_options.type, "")
dns-primary = try(each.value.bootstrap_options.dns-primary, var.vmseries_common.bootstrap_options.dns-primary, "")
dns-secondary = try(each.value.bootstrap_options.dns-secondary, var.vmseries_common.bootstrap_options.dns-secondary, "")
})
content = templatefile(
"templates/init-cfg.tmpl",
{ bootstrap_options = merge(var.vmseries_common.bootstrap_options, each.value.bootstrap_options) }
)
}

module "bootstrap" {
Expand All @@ -54,8 +51,8 @@ module "bootstrap" {
service_account = module.iam_service_account[each.value.service_account_key].email
location = each.value.location
files = merge(
{ for k, v in var.vmseries : "files/${k}/config/bootstrap.xml" => "${k}/config/bootstrap.xml" },
{ for k, v in var.vmseries : "files/${k}/config/init-cfg.txt" => "${k}/config/init-cfg.txt" },
{ for k, v in var.vmseries : "files/${k}/config/bootstrap.xml" => "${k}/config/bootstrap.xml" if can(v.bootstrap_template_map) },
{ for k, v in var.vmseries : "files/${k}/config/init-cfg.txt" => "${k}/config/init-cfg.txt" if can(v.bootstrap_template_map) },
)
}

Expand Down
15 changes: 3 additions & 12 deletions examples/vpc_peering_common_with_network_tags/templates/init-cfg.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,3 @@
%{ if panorama-server != "" ~}
panorama-server=${panorama-server}
%{ endif ~}
%{ if type != "" ~}
type=${type}
%{ endif ~}
%{ if dns-primary != "" ~}
dns-primary=${dns-primary}
%{ endif ~}
%{ if dns-secondary != "" ~}
dns-secondary=${dns-secondary}
%{ endif ~}
%{ for k, v in bootstrap_options ~}
${k}=${v}
%{ endfor ~}
2 changes: 1 addition & 1 deletion examples/vpc_peering_dedicated/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@ The GCP Global HTTP LB acts as a proxy and sends traffic to the VM-Series `Untru
| [google_compute_instance.linux_vm](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance) | resource |
| [google_compute_route.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_route) | resource |
| [local_file.bootstrap_xml](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.init_cfg](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_sensitive_file.init_cfg](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |
| [google_compute_image.my_image](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_image) | data source |

### Inputs
Expand Down
17 changes: 7 additions & 10 deletions examples/vpc_peering_dedicated/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,20 +27,17 @@ resource "local_file" "bootstrap_xml" {
)
}

resource "local_file" "init_cfg" {
resource "local_sensitive_file" "init_cfg" {

for_each = { for k, v in var.vmseries : k => v
if can(v.bootstrap_template_map)
}

filename = "files/${each.key}/config/init-cfg.txt"
content = templatefile("templates/init-cfg.tmpl",
{
panorama-server = try(each.value.bootstrap_options.panorama-server, var.vmseries_common.bootstrap_options.panorama-server, "")
type = try(each.value.bootstrap_options.type, var.vmseries_common.bootstrap_options.type, "")
dns-primary = try(each.value.bootstrap_options.dns-primary, var.vmseries_common.bootstrap_options.dns-primary, "")
dns-secondary = try(each.value.bootstrap_options.dns-secondary, var.vmseries_common.bootstrap_options.dns-secondary, "")
})
content = templatefile(
"templates/init-cfg.tmpl",
{ bootstrap_options = merge(var.vmseries_common.bootstrap_options, each.value.bootstrap_options) }
)
}

module "bootstrap" {
Expand All @@ -54,8 +51,8 @@ module "bootstrap" {
service_account = module.iam_service_account[each.value.service_account_key].email
location = each.value.location
files = merge(
{ for k, v in var.vmseries : "files/${k}/config/bootstrap.xml" => "${k}/config/bootstrap.xml" },
{ for k, v in var.vmseries : "files/${k}/config/init-cfg.txt" => "${k}/config/init-cfg.txt" },
{ for k, v in var.vmseries : "files/${k}/config/bootstrap.xml" => "${k}/config/bootstrap.xml" if can(v.bootstrap_template_map) },
{ for k, v in var.vmseries : "files/${k}/config/init-cfg.txt" => "${k}/config/init-cfg.txt" if can(v.bootstrap_template_map) },
)
}

Expand Down
15 changes: 3 additions & 12 deletions examples/vpc_peering_dedicated/templates/init-cfg.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,3 @@
%{ if panorama-server != "" ~}
panorama-server=${panorama-server}
%{ endif ~}
%{ if type != "" ~}
type=${type}
%{ endif ~}
%{ if dns-primary != "" ~}
dns-primary=${dns-primary}
%{ endif ~}
%{ if dns-secondary != "" ~}
dns-secondary=${dns-secondary}
%{ endif ~}
%{ for k, v in bootstrap_options ~}
${k}=${v}
%{ endfor ~}
Loading