Mastering Terraform on Oracle Cloud Infrastructure – Deep dive training

Table of Content

Creating a Federated User

Terraform on OCI non-federated create user

Here we would need 2 files in a folder they are listed below

variables.tf
main.tf

variables.tf

You can get these variable values from our previous exercise

#*************************************
#           TF Requirements
#*************************************
variable "tenancy_ocid" {
  default = "ocid1.tenancy.oc1..aaaaaaaaXXXXX5vjqpsdd6ahdouq"
}
variable "region" {
  default = "us-ashburn-1"
}
variable "user_ocid" {
  default = "ocid1.user.oc1..aaaaaaaa7XXXXfcue4nbuxjsf3s4mca"
}
variable "private_key_path"{
  default = "/Users/madhusudhanrao/tf/keys/myopensslkey.pem"
}
variable "fingerprint"{
  default = "e6:65:1d:3f:8f:94:c9:43:05:8f:a0:6a:9c:9b:45:a1"
}
variable "compartment_ocid" {
  #Compartment-15Nov
  default = "ocid1.compartment.oc1..aaaaaaaXXXXexkqukwwbzx5nuauaa"
}
variable "ssh_public_key" { 
   # cat id_rsa.pub       
   default =  "ssh-rsa AAAAB3NzaC1yc2EAAAAXXXXXuZw== [email protected]" 
}
variable "ssh_private_key" { 
    default = "/Users/madhusudhanrao/tf/keys/myopensslkey.pem"
}

main.tf

Create Non Federated user by name tf-example-user

  
#variable "tenancy_ocid" {} 
#variable "user_ocid" {} 
#variable "fingerprint" {} 
#variable "private_key_path" {} 
#variable "compartment_ocid" {}

#variable "region" { default = "us-ashburn-1" }

provider "oci" {
  region           = var.region
  tenancy_ocid     = var.tenancy_ocid
  user_ocid        = var.user_ocid
  fingerprint      = var.fingerprint
  private_key_path = var.private_key_path
}

data "oci_identity_tenancy" "tenancy" {
  tenancy_id = var.tenancy_ocid
}

data "oci_identity_regions" "home-region" {
  filter {
    name   = "key"
    values = [data.oci_identity_tenancy.tenancy.home_region_key]
  }
}

provider "oci" {
  alias            = "home"
  region           = data.oci_identity_regions.home-region.regions[0]["name"]
  tenancy_ocid     = var.tenancy_ocid
  user_ocid        = var.user_ocid
  fingerprint      = var.fingerprint
  private_key_path = var.private_key_path
}

resource "oci_identity_user" "user1" {
  provider    = oci.home
  name        = "tf-example-user"
  description = "user created by terraform"
}

terraform init

- statements ignored -

terraform plan

- statements ignored -

terraform apply

madhusudhanrao@MadhuMac mytf-identity % terraform apply
data.oci_identity_tenancy.tenancy: Refreshing state...
data.oci_identity_regions.home-region: Refreshing state...

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # oci_identity_user.user1 will be created
  + resource "oci_identity_user" "user1" {
      + capabilities         = (known after apply)
      + compartment_id       = (known after apply)
      + defined_tags         = (known after apply)
      + description          = "user created by terraform"
      + email                = (known after apply)
      + external_identifier  = (known after apply)
      + freeform_tags        = (known after apply)
      + id                   = (known after apply)
      + identity_provider_id = (known after apply)
      + inactive_state       = (known after apply)
      + name                 = "tf-example-user"
      + state                = (known after apply)
      + time_created         = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

oci_identity_user.user1: Creating...
oci_identity_user.user1: Creation complete after 3s [id=ocid1.user.oc1..aaaaaaaampi6uXXXXiakggoikeggecq]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
madhusudhanrao@MadhuMac mytf-identity %

Reality Check

Cleanup what was created .

madhusudhanrao@MadhuMac mytf-vnc % terraform destroy
- ignored -