chore: add zip diff

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2023 Oracle and/or its affiliates. 
+Copyright (c) 2023 Oracle and/or its affiliates.
 
 The Universal Permissive License (UPL), Version 1.0
 
@@ -32,4 +32,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+SOFTWARE.

README.md

@@ -11,7 +11,7 @@ The following modules are available:
 - [Vaults](./vaults/) (a.k.a KMS)
 - [Vulnerability Scanning](./vss/)
 
-Within each module you find an *examples* folder. Each example is a fully runnable Terraform configuration that you can quickly test and put to use by modifying the input data according to your own needs.  
+Within each module you find an *examples* folder. Each example is a fully runnable Terraform configuration that you can quickly test and put to use by modifying the input data according to your own needs.
 
 ## CIS OCI Foundations Benchmark Modules Collection
 
@@ -38,4 +38,4 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
 See [LICENSE](./LICENSE) for more details.
 
 ## Known Issues
-None.
+None.

RELEASE-NOTES.md

@@ -53,4 +53,4 @@
 1. [Initial Release](#0-1-0-initial)
 
 ### <a name="0-1-0-initial">Initial Release</a>
-Modules for Cloud Guard, Security Zones, Vault (a.k.a KMS), and Vulnerability Scanning services.
+Modules for Cloud Guard, Security Zones, Vault (a.k.a KMS), and Vulnerability Scanning services.

bastion/README.md

@@ -41,7 +41,7 @@ For more information about Bastion policies [click here](https://docs.oracle.com
 This module relies on [Terraform Optional Object Type Attributes feature](https://developer.hashicorp.com/terraform/language/expressions/type-constraints#optional-object-type-attributes), which has been promoted and no longer experimental in versions greater than or equal to 1.3.0. The feature shortens the amount of input values in complex object types, by having Terraform automatically inserting a default value for any missing optional attributes.
 
 ## <a name="functioning">Module Functioning</a>
-The module defines two top level attributes used to manage bastions and sessions: 
+The module defines two top level attributes used to manage bastions and sessions:
 - **bastions_configuration**: for managing bastions.
 - **sessions_configuration**: for managing bastion sessions.
 
@@ -79,7 +79,7 @@ Sessions are defined using the  **sessions** attribute. In Terraform terms, it i
 - **ssh_public_key**: (Optional) The SSH public key path to connect to target. *default_ssh_public_key* is used if undefined.
 - **session_type**: (Optional) The session type. Supported values are "MANAGED_SSH" and "PORT_FORWARDING". *default_session_type* if undefined.
 - **target_resource**: Either the FQDN, OCID or private IP address of the target resource that the session connects to.
-- **target_user**: (Optional) The SSH user name in the target resource. Required for "MANAGED_SSH" session type. 
+- **target_user**: (Optional) The SSH user name in the target resource. Required for "MANAGED_SSH" session type.
 - **target_port**: The SSH port number.
 - **session_ttl_in_seconds**: (Optional) The session time to live.
 - **session_name**: The session display name.
@@ -118,8 +118,8 @@ Example:
 {
   "INSTANCE-1" : {
     "id" : "ocid1.instance.oc1.iad.aaaaaaaax...e7a"
-  }, 
-} 
+  },
+}
 ```
 
 - **endpoints_dependency**: A map of objects containing the externally managed endpoint resources this module may depend on. All map objects must have the same type and should contain the following attributes:
@@ -130,8 +130,8 @@ Example:
 {
   "OKE1" : {
     "ip_address" : "10.0.1.23"
-  } 
-} 
+  }
+}
 ```
 ## <a name="related">Related Documentation</a>
 - [Bastions](https://docs.oracle.com/en-us/iaas/Content/Bastion/Concepts/bastionoverview.htm)

bastion/bastions.tf

@@ -3,30 +3,30 @@
 
 resource "oci_bastion_bastion" "these" {
   for_each = var.bastions_configuration != null ? var.bastions_configuration["bastions"] : {}
-    lifecycle {
+  lifecycle {
     ## Check 1: Check if the value of the session time to live.
-      precondition {
-        condition     = each.value.max_session_ttl_in_seconds != null ? each.value.max_session_ttl_in_seconds < 1800 || each.value.max_session_ttl_in_seconds > 10800 ? false : true : true
-        error_message = "VALIDATION FAILURE in bastion \"${each.key}\": the session time to live must be between 1800s(30min) and 10800s(3h). Please change the \"max_session_ttl_in_seconds\" attribute value."
-      }
-      ## Check 2: Check if cidr_block_allow_list or var.bastions_configuration.default_cidr_block_allow_list is set
-      precondition {
-        condition     = each.value.cidr_block_allow_list != null || var.bastions_configuration.default_cidr_block_allow_list != null
-        error_message = "VALIDATION FAILURE in bastion \"${each.key}\": You must provide at least one CIDR block either in \"cidr_block_allow_list\" or \"default_cidr_block_allow_list\". "
-      }
-      ## Check 3: Check if cidr_block_allow_list or var.bastions_configuration.default_cidr_block_allow_list is 0.0.0.0\0
-      precondition {
-        condition     = var.bastions_configuration.enable_cidr_check ? (each.value.cidr_block_allow_list != null ? (contains(each.value.cidr_block_allow_list,"0.0.0.0/0") ? false : true ) : var.bastions_configuration.default_cidr_block_allow_list != null (contains(var.bastions_configuration.default_cidr_block_allow_list,"0.0.0.0/0") ? false : true)) : true
-        error_message = "VALIDATION FAILURE in bastion \"${each.key}\": \"cidr_block_allow_list\" or \"default_cidr_block_allow_list\" must not be \"0.0.0.0/0\". Either change their values or disable this check by setting \"enable_cidr_check\" attribute of \"bastions_configuration\" to false."
-      }
+    precondition {
+      condition     = each.value.max_session_ttl_in_seconds != null ? each.value.max_session_ttl_in_seconds < 1800 || each.value.max_session_ttl_in_seconds > 10800 ? false : true : true
+      error_message = "VALIDATION FAILURE in bastion \"${each.key}\": the session time to live must be between 1800s(30min) and 10800s(3h). Please change the \"max_session_ttl_in_seconds\" attribute value."
     }
-    bastion_type     = upper(each.value.bastion_type)
-    compartment_id   = each.value.compartment_id != null ? (length(regexall("^ocid1.*$", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartments_dependency[each.value.compartment_id].id) : (length(regexall("^ocid1.*$", var.bastions_configuration.default_compartment_id)) > 0 ? var.bastions_configuration.default_compartment_id : var.compartments_dependency[var.bastions_configuration.default_compartment_id].id)
-    target_subnet_id = each.value.subnet_id != null ? (length(regexall("^ocid1.*$", each.value.subnet_id)) > 0 ? each.value.subnet_id : var.network_dependency["subnets"][each.value.subnet_id].id) : (length(regexall("^ocid1.*$", var.bastions_configuration.default_subnet_id)) > 0 ? var.bastions_configuration.default_subnet_id : var.network_dependency["subnets"][var.bastions_configuration.default_subnet_id].id)
-    defined_tags  = each.value.defined_tags != null ? each.value.defined_tags : var.bastions_configuration.default_defined_tags
-    freeform_tags = merge(local.cislz_module_tag, each.value.freeform_tags != null ? each.value.freeform_tags : var.bastions_configuration.default_freeform_tags)
-    client_cidr_block_allow_list = each.value.cidr_block_allow_list != null ? each.value.cidr_block_allow_list : var.bastions_configuration.default_cidr_block_allow_list
-    dns_proxy_status = each.value.enable_dns_proxy ? "ENABLED" : "DISABLED"
-    max_session_ttl_in_seconds = each.value.max_session_ttl_in_seconds
-    name = each.value.name
-}
+    ## Check 2: Check if cidr_block_allow_list or var.bastions_configuration.default_cidr_block_allow_list is set
+    precondition {
+      condition     = each.value.cidr_block_allow_list != null || var.bastions_configuration.default_cidr_block_allow_list != null
+      error_message = "VALIDATION FAILURE in bastion \"${each.key}\": You must provide at least one CIDR block either in \"cidr_block_allow_list\" or \"default_cidr_block_allow_list\". "
+    }
+    ## Check 3: Check if cidr_block_allow_list or var.bastions_configuration.default_cidr_block_allow_list is 0.0.0.0\0
+    precondition {
+      condition     = var.bastions_configuration.enable_cidr_check ? (each.value.cidr_block_allow_list != null ? (contains(each.value.cidr_block_allow_list, "0.0.0.0/0") ? false : true) : var.bastions_configuration.default_cidr_block_allow_list != null(contains(var.bastions_configuration.default_cidr_block_allow_list, "0.0.0.0/0") ? false : true)) : true
+      error_message = "VALIDATION FAILURE in bastion \"${each.key}\": \"cidr_block_allow_list\" or \"default_cidr_block_allow_list\" must not be \"0.0.0.0/0\". Either change their values or disable this check by setting \"enable_cidr_check\" attribute of \"bastions_configuration\" to false."
+    }
+  }
+  bastion_type                 = upper(each.value.bastion_type)
+  compartment_id               = each.value.compartment_id != null ? (length(regexall("^ocid1.*$", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartments_dependency[each.value.compartment_id].id) : (length(regexall("^ocid1.*$", var.bastions_configuration.default_compartment_id)) > 0 ? var.bastions_configuration.default_compartment_id : var.compartments_dependency[var.bastions_configuration.default_compartment_id].id)
+  target_subnet_id             = each.value.subnet_id != null ? (length(regexall("^ocid1.*$", each.value.subnet_id)) > 0 ? each.value.subnet_id : var.network_dependency["subnets"][each.value.subnet_id].id) : (length(regexall("^ocid1.*$", var.bastions_configuration.default_subnet_id)) > 0 ? var.bastions_configuration.default_subnet_id : var.network_dependency["subnets"][var.bastions_configuration.default_subnet_id].id)
+  defined_tags                 = each.value.defined_tags != null ? each.value.defined_tags : var.bastions_configuration.default_defined_tags
+  freeform_tags                = merge(local.cislz_module_tag, each.value.freeform_tags != null ? each.value.freeform_tags : var.bastions_configuration.default_freeform_tags)
+  client_cidr_block_allow_list = each.value.cidr_block_allow_list != null ? each.value.cidr_block_allow_list : var.bastions_configuration.default_cidr_block_allow_list
+  dns_proxy_status             = each.value.enable_dns_proxy ? "ENABLED" : "DISABLED"
+  max_session_ttl_in_seconds   = each.value.max_session_ttl_in_seconds
+  name                         = each.value.name
+}

bastion/examples/bastion_managed_ssh_session/README.md

@@ -1,4 +1,4 @@
-# Bastion with Managed SSH Session Example 
+# Bastion with Managed SSH Session Example
 
 ## Introduction
 
@@ -22,13 +22,13 @@ See [input.auto.tfvars.template](./input.auto.tfvars.template) for the variables
 1. Rename *input.auto.tfvars.template* to *\<project-name\>.auto.tfvars*, where *\<project-name\>* is any name of your choice.
 
 2. Within *\<project-name\>.auto.tfvars*, provide tenancy connectivity information and adjust the input variables, by making the appropriate substitutions:
-   - Replace \<REPLACE-BY-\*\> placeholders with appropriate values. 
-   
+   - Replace \<REPLACE-BY-\*\> placeholders with appropriate values.
+
 Refer to [bastion module README.md](../../README.md) for overall attributes usage.
 
 3. In this folder, run the typical Terraform workflow:
 ```
 terraform init
 terraform plan -out plan.out
 terraform apply plan.out
-```
+```

bastion/examples/bastion_managed_ssh_session/input.auto.tfvars.template

@@ -23,7 +23,7 @@
 #---------------------------------------
 
 bastions_configuration = {
-    bastions = { 
+    bastions = {
       BASTION-1 = {
         compartment_id        = "<REPLACE-BY-COMPARTMENT-OCID>"
         subnet_id             = "<REPLACE-BY-SUBNET-OCID>"
@@ -44,4 +44,4 @@ sessions_configuration = {
         session_name    = "ManagedSSHByTerraform"
       }
   }
-}
+}

bastion/examples/bastion_managed_ssh_session/main.tf

@@ -3,7 +3,7 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 module "bastion" {
-  source = "github.com/oracle-quickstart/terraform-oci-cis-landing-zone-security/bastion"
+  source                 = "github.com/oracle-quickstart/terraform-oci-cis-landing-zone-security/bastion"
   bastions_configuration = var.bastions_configuration
   sessions_configuration = var.sessions_configuration
-}
+}

bastion/examples/bastion_managed_ssh_session/outputs.tf

@@ -10,4 +10,4 @@ output "bastions" {
 output "sessions" {
   description = "Sessions details"
   value       = module.bastion.sessions
-}
+}

bastion/examples/bastion_managed_ssh_session/variables.tf

@@ -1,18 +1,12 @@
 # Copyright (c) 2023 Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
-variable "tenancy_ocid" {}
-variable "region" { description = "Your tenancy region" }
-variable "user_ocid" { default = "" }
-variable "fingerprint" { default = "" }
-variable "private_key_path" { default = "" }
-variable "private_key_password" { default = "" }
 
 variable "bastions_configuration" {
-  type = any
+  type    = any
   default = null
 }
 variable "sessions_configuration" {
-  type = any
+  type    = any
   default = null
-}
+}

bastion/examples/bastion_port_forwarding_session/README.md

@@ -1,4 +1,4 @@
-# Bastion with Port Forwarding Session Example 
+# Bastion with Port Forwarding Session Example
 
 ## Introduction
 
@@ -20,13 +20,13 @@ See [input.auto.tfvars.template](./input.auto.tfvars.template) for the variables
 1. Rename *input.auto.tfvars.template* to *\<project-name\>.auto.tfvars*, where *\<project-name\>* is any name of your choice.
 
 2. Within *\<project-name\>.auto.tfvars*, provide tenancy connectivity information and adjust the input variables, by making the appropriate substitutions:
-   - Replace \<REPLACE-BY-\*\> placeholders with appropriate values. 
-   
+   - Replace \<REPLACE-BY-\*\> placeholders with appropriate values.
+
 Refer to [bastion module README.md](../../README.md) for overall attributes usage.
 
 3. In this folder, run the typical Terraform workflow:
 ```
 terraform init
 terraform plan -out plan.out
 terraform apply plan.out
-```
+```

bastion/examples/bastion_port_forwarding_session/input.auto.tfvars.template

@@ -23,7 +23,7 @@
 #---------------------------------------
 
 bastions_configuration = {
-  bastions = { 
+  bastions = {
     BASTION-1 = {
       compartment_id        = "<REPLACE-BY-COMPARTMENT-OCID>"
       subnet_id             = "<REPLACE-BY-SUBNET-OCID>"
@@ -43,4 +43,4 @@ sessions_configuration = {
         session_name    = "PortForwardingByTerraform"
       }
   }
-}
+}

bastion/examples/bastion_port_forwarding_session/main.tf

@@ -3,7 +3,7 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 module "bastion" {
-  source = "github.com/oracle-quickstart/terraform-oci-cis-landing-zone-security/bastion"
+  source                 = "github.com/oracle-quickstart/terraform-oci-cis-landing-zone-security/bastion"
   bastions_configuration = var.bastions_configuration
   sessions_configuration = var.sessions_configuration
-}
+}

bastion/examples/bastion_port_forwarding_session/outputs.tf

@@ -10,4 +10,4 @@ output "bastions" {
 output "sessions" {
   description = "Sessions details"
   value       = module.bastion.sessions
-}
+}

bastion/examples/bastion_port_forwarding_session/variables.tf

@@ -1,18 +1,12 @@
 # Copyright (c) 2023 Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
-variable "tenancy_ocid" {}
-variable "region" { description = "Your tenancy region" }
-variable "user_ocid" { default = "" }
-variable "fingerprint" { default = "" }
-variable "private_key_path" { default = "" }
-variable "private_key_password" { default = "" }
 
 variable "bastions_configuration" {
-  type = any
+  type    = any
   default = null
 }
 variable "sessions_configuration" {
-  type = any
+  type    = any
   default = null
-}
+}

bastion/metadata.tf

@@ -3,5 +3,5 @@
 
 #-- Used to inform module and release number.
 locals {
-    cislz_module_tag = {"cislz-terraform-module" : fileexists("${path.module}/../release.txt") ? "${var.module_name}/${file("${path.module}/../release.txt")}" : "${var.module_name}"}
-}
+  cislz_module_tag = { "cislz-terraform-module" : fileexists("${path.module}/../release.txt") ? "${var.module_name}/${file("${path.module}/../release.txt")}" : var.module_name }
+}

bastion/outputs.tf

@@ -8,5 +8,5 @@ output "bastions" {
 
 output "sessions" {
   description = "The bastion sessions connection string."
-  value = var.enable_output ? {for k, v in oci_bastion_session.these : k => v.ssh_metadata["command"]} : null
+  value       = var.enable_output ? { for k, v in oci_bastion_session.these : k => v.ssh_metadata["command"] } : null
 }

bastion/providers.tf

@@ -1,11 +1,10 @@
-# Copyright (c) 2024 Oracle and/or its affiliates.
+# Copyright (c) 2023 Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 terraform {
-  required_version = ">= 1.3.0"
   required_providers {
     oci = {
-      source  = "oracle/oci"
+      source = "oracle/oci"
     }
   }
-}
+}