forked from pkrishn1-pk/vnf-vpc-f5
-
Notifications
You must be signed in to change notification settings - Fork 0
/
image.tf
93 lines (83 loc) · 4.01 KB
/
image.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
##############################################################################
# This file creates custom image using F5-BIGIP qcow2 image hosted in vnfsvc COS
# - Creates IAM Authorization Policy in vnfsvc account
# - Creates Custom Image in User account
#
# Note: There are following gaps in ibm is provider and thus using Terraform tricks
# to overcome the gaps for the PoC sake.
# Gap1: IBM IS Provider missing resource implementation for is_image (Create, update, delete)
# Gap2: IBM IS provider missing data source to read logged user provider session info
# example: account-id
##############################################################################
# =============================================================================
# Hack: parse out the user account from the vpc resource crn
# Fix: Get data_source_ibm_iam_target added that would provide information
# about user from provider session
# =============================================================================
locals {
user_acct_id = "${substr(element(split("a/", data.ibm_is_vpc.f5_vpc.resource_crn), 1), 0, 32)}"
apikey = "${var.ibmcloud_endpoint == "cloud.ibm.com" ? var.ibmcloud_svc_api_key : var.ibmcloud_svc_api_key_test}"
instance_id = "${var.ibmcloud_endpoint == "cloud.ibm.com" ? var.vnf_cos_instance_id : var.vnf_cos_instance_id_test}"
image_url = "${var.ibmcloud_endpoint == "cloud.ibm.com" ? var.vnf_cos_image_url : var.vnf_cos_image_url_test}"
}
##############################################################################
# Create IAM Authorization Policy for user to able to create custom image
# pointing to COS object url hosted in vnfsvc account.
##############################################################################
#resource "ibm_iam_authorization_policy" "authorize_image" {
# depends_on = ["data.ibm_is_vpc.f5_vpc"]
# provider = "ibm.vfnsvc"
# source_service_account = "${local.user_acct_id}"
# source_service_name = "is"
# source_resource_type = "image"
# target_service_name = "cloud-object-storage"
# target_resource_type = "bucket"
# roles = ["Reader"]
# target_resource_instance_id = "${var.vnf_cos_instance_id}"
#}
# IAM Authorization to create custom images
data "external" "authorize_policy_for_image" {
depends_on = ["data.ibm_is_vpc.f5_vpc"]
program = ["bash", "${path.module}/scripts/create_auth.sh"]
query = {
ibmcloud_endpoint = "${var.ibmcloud_endpoint}"
ibmcloud_svc_api_key = "${local.apikey}"
source_service_account = "${local.user_acct_id}"
source_service_name = "is"
source_resource_type = "image"
target_service_name = "cloud-object-storage"
target_resource_type = "bucket"
roles = "Reader"
target_resource_instance_id = "${local.instance_id}"
region = "${data.ibm_is_region.region.name}"
resource_group_id = "${data.ibm_resource_group.rg.id}"
}
}
resource "ibm_is_image" "f5_custom_image" {
count = "${var.vnf_image_copy == "y" ? 1 : 0}"
depends_on = ["data.external.authorize_policy_for_image"]
href = "${local.image_url}"
name = "${var.vnf_vpc_image_name}"
operating_system = "centos-7-amd64"
timeouts {
create = "30m"
delete = "10m"
}
}
data "external" "delete_auth_policy_for_image" {
depends_on = ["ibm_is_image.f5_custom_image"]
program = ["bash", "${path.module}/scripts/delete_auth.sh"]
query = {
id = "${lookup(data.external.authorize_policy_for_image.result, "id")}"
ibmcloud_endpoint = "${var.ibmcloud_endpoint}"
ibmcloud_svc_api_key = "${local.apikey}"
region = "${data.ibm_is_region.region.name}"
}
}
data "ibm_is_image" "f5_custom_image" {
name = "${var.vnf_vpc_image_name}"
depends_on = ["ibm_is_image.f5_custom_image"]
}
output "auth_policy_id" {
value = "${lookup(data.external.authorize_policy_for_image.result, "id")}"
}