Creating S3 bucket module with access to OP (#184)

* Creating S3 bucket with access to OP

* Adding provider

* Using region

* Adding bucket policy

* Moving the provider

* One password module

* Removing unnecessaries

* Removing op

* Creating loadbalancer module (#185)

* Creating loadbalancer module

* Upd version

* Changes loadbalancer

* Adding l4 and l7 conf

* Description

otc/loadbalancer/main.tf

@@ -0,0 +1,25 @@
+resource "opentelekomcloud_lb_loadbalancer_v3" "elb" {
+  name        = "${var.name}-lb"
+  router_id   = var.vpc_id
+  network_ids = [var.subnet_id]
+
+  availability_zones = var.availability_zones
+  l4_flavor          = var.l4_flavor
+  l7_flavor          = var.l7_flavor
+
+  public_ip {
+    id = opentelekomcloud_vpc_eip_v1.ingress_eip.id
+  }
+}
+
+resource "opentelekomcloud_vpc_eip_v1" "ingress_eip" {
+  bandwidth {
+    charge_mode = "traffic"
+    name        = "${var.name}-ingress-bandwidth"
+    share_type  = "PER"
+    size        = var.bandwidth
+  }
+  publicip {
+    type = "5_bgp"
+  }
+}

otc/loadbalancer/outputs.tf

@@ -0,0 +1,11 @@
+output "elb_id" {
+  value = opentelekomcloud_lb_loadbalancer_v3.elb.id
+}
+
+output "elb_private_ip" {
+  value = opentelekomcloud_lb_loadbalancer_v3.elb.vip_address
+}
+
+output "elb_public_ip" {
+  value = opentelekomcloud_vpc_eip_v1.ingress_eip.publicip[0].ip_address
+}

otc/loadbalancer/terraform.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = "v1.3.7"
+  required_providers {
+    opentelekomcloud = {
+      source  = "opentelekomcloud/opentelekomcloud"
+      version = "1.36.1"
+    }
+  }
+}

otc/loadbalancer/variables.tf

@@ -0,0 +1,37 @@
+variable "name" {
+  type        = string
+  description = "Project name."
+}
+
+variable "bandwidth" {
+  type        = number
+  default     = 300
+  description = "The bandwidth size. The value ranges from 1 to 1000 Mbit/s."
+}
+
+variable "vpc_id" {
+  type        = string
+  description = "VPC where the elastic load balancer will be created."
+}
+
+variable "subnet_id" {
+  type        = string
+  description = "Subnets where the elastic load balancer will be created."
+}
+
+variable "availability_zones" {
+  type        = list(string)
+  description = "Specifies the availability zones where the LoadBalancer will be located."
+}
+
+variable "l4_flavor" {
+  type        = string
+  description = "The flavor for the L4(NLB) ELB, if not assigned and L7 also not assigned then both will be created with default values"
+  default     = null
+}
+
+variable "l7_flavor" {
+  type        = string
+  description = "The flavor for the L7(ALB) ELB, if not assigned and L4 also not assigned then both will be created with default values"
+  default     = null
+}

otc/s3_bucket_op/main.tf

@@ -0,0 +1,57 @@
+locals {
+  bucket_name = replace(lower(var.bucket_name), "_", "-")
+}
+
+data "onepassword_item" "ak" {
+  vault = var.vault_id
+  uuid  = var.access_key_uid
+}
+
+data "onepassword_item" "sk" {
+  vault = var.vault_id
+  uuid  = var.secret_key_uid
+}
+
+resource "opentelekomcloud_obs_bucket" "tf_remote_state" {
+  bucket     = local.bucket_name
+  acl        = "private"
+  versioning = true
+  server_side_encryption {
+    algorithm  = "kms"
+    kms_key_id = opentelekomcloud_kms_key_v1.tf_remote_state_bucket_kms_key.id
+  }
+}
+
+resource "opentelekomcloud_obs_bucket_policy" "policy" {
+  bucket = opentelekomcloud_obs_bucket.tf_remote_state.id
+  policy = <<POLICY
+{
+  "Statement": [{
+    "Effect": "Allow",
+    "Principal": {
+      "ID": ["*"]
+    },
+    "Action": [
+      "GetObject",
+      "PutObject"
+    ],
+    "Resource": [
+      "${opentelekomcloud_obs_bucket.tf_remote_state.bucket}/*"
+    ]
+  }]
+}
+POLICY
+}
+
+resource "random_id" "id" {
+  byte_length = 4
+}
+
+resource "opentelekomcloud_kms_key_v1" "tf_remote_state_bucket_kms_key" {
+  key_alias       = "${local.bucket_name}-key-${random_id.id.hex}"
+  key_description = "${local.bucket_name} encryption key"
+  pending_days    = 7
+  is_enabled      = "true"
+}
+
+

otc/s3_bucket_op/outputs.tf

@@ -0,0 +1,14 @@
+output "backend_config" {
+  value = <<EOT
+    backend "s3" {
+      bucket = "${opentelekomcloud_obs_bucket.tf_remote_state.bucket}"
+      kms_key_id = "arn:aws:kms:${var.region}:${opentelekomcloud_kms_key_v1.tf_remote_state_bucket_kms_key.domain_id}:key/${opentelekomcloud_kms_key_v1.tf_remote_state_bucket_kms_key.id}"
+      key = "tfstate"
+      region = "${opentelekomcloud_obs_bucket.tf_remote_state.region}"
+      endpoint = "obs.${var.region}.otc.t-systems.com"
+      encrypt = true
+      skip_region_validation = true
+      skip_credentials_validation = true
+    }
+  EOT
+}

otc/s3_bucket_op/terraform.tf

@@ -0,0 +1,28 @@
+terraform {
+  required_version = "v1.3.7"
+  required_providers {
+    opentelekomcloud = {
+      source  = "opentelekomcloud/opentelekomcloud"
+      version = "1.29.0"
+    }
+    onepassword = {
+      source  = "1Password/onepassword"
+      version = "1.4.1"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "3.6.0"
+    }
+  }
+}
+
+provider "onepassword" {
+  account = "https://xaynag.1password.com/"
+}
+
+provider "opentelekomcloud" {
+  auth_url    = "https://iam.${var.region}.otc.t-systems.com/v3"
+  tenant_name = var.region
+  access_key  = data.onepassword_item.ak.password
+  secret_key  = data.onepassword_item.sk.password
+}

otc/s3_bucket_op/variables.tf

@@ -0,0 +1,29 @@
+variable "bucket_name" {
+  type        = string
+  description = "Project name or context"
+}
+
+variable "vault_id" {
+  type        = string
+  description = "ID of the vault where the keys are stored"
+}
+
+variable "access_key_uid" {
+  type        = string
+  description = "ID of the item for the Access Key"
+}
+
+variable "secret_key_uid" {
+  type        = string
+  description = "ID of the item for the Secret Key"
+}
+
+variable "region" {
+  type        = string
+  description = "OTC region for the project: eu-nl(default) or eu-de"
+  default     = "eu-nl"
+  validation {
+    condition     = contains(["eu-de", "eu-nl"], var.region)
+    error_message = "Allowed values for region are \"eu-de\" and \"eu-nl\"."
+  }
+}