feat: add example terraform code for contract expiry

Author: Sashwat-K

terraform-hpvs/contract-expiry/compose/docker-compose.yml

@@ -0,0 +1,3 @@
+services:
+  helloworld:
+    image: docker.io/library/hello-world@sha256:4f53e2564790c8e7856ec08e384732aa38dc43c52f02952483e3f003afbf23db

terraform-hpvs/contract-expiry/my-settings.auto.tfvars-template

@@ -0,0 +1,15 @@
+logdna_ingestion_key="<logdna-ingestion-key>"
+logdna_ingestion_hostname="<logdna-hostname>"
+
+hpcr_csr_country="<CSR - Country>"
+hpcr_csr_state="<CSR - State>"
+hpcr_csr_location="<CSR - Location>"
+hpcr_csr_org="<CSR - Organisation>"
+hpcr_csr_unit="<CSR - Unit>"
+hpcr_csr_domain="<CSR - Domain>"
+hpcr_csr_mail="<CSR - Mail>"
+
+hpcr_private_key_path="<Private key path>"
+hpcr_contract_expiry_days=<Expiry days>
+hpcr_ca_privatekey_path="<CA private key path>"
+hpcr_cacert_path="<CA certificate path>"

terraform-hpvs/contract-expiry/terraform.tf

@@ -0,0 +1,57 @@
+terraform {
+  required_providers {
+    hpcr = {
+      source  = "ibm-hyper-protect/hpcr"
+      version = ">= 0.5.0"
+    }
+  }
+}
+
+resource "hpcr_tgz" "contract" {
+  folder = "compose"
+}
+
+locals {
+  # contract in clear text
+  contract = yamlencode({
+    "env" : {
+      "type" : "env",
+      "logging" : {
+        "logDNA" : {
+          "ingestionKey" : var.logdna_ingestion_key,
+          "hostname" : var.logdna_ingestion_hostname,
+        },
+      },
+    },
+    "workload" : {
+      "type" : "workload",
+      "compose" : {
+        "archive" : hpcr_tgz.contract.rendered
+      }
+    }
+  })
+
+  csrParams = {
+    "country": var.hpcr_csr_country,
+    "state":  var.hpcr_csr_state,
+    "location":  var.hpcr_csr_location,
+    "org":  var.hpcr_csr_org,
+    "unit":  var.hpcr_csr_unit,
+    "domain":  var.hpcr_csr_domain,
+    "mail": var.hpcr_csr_mail
+  }
+}
+
+resource "hpcr_contract_encrypted_contract_expiry" "contract" {
+  contract = local.contract
+  privkey= file(var.hpcr_private_key_path)
+  expiry = var.hpcr_contract_expiry_days
+  cakey = file(var.hpcr_ca_privatekey_path)
+  cacert = file(var.hpcr_cacert_path)
+  csrparams = local.csrParams
+}
+
+resource "local_file" "contract" {
+  content  = hpcr_contract_encrypted_contract_expiry.contract.rendered
+  filename = "${path.module}/build/contract.yml"
+}

terraform-hpvs/contract-expiry/variables.tf

@@ -0,0 +1,74 @@
+variable "hpcr_private_key_path" {
+  type = string
+  description = "Path of private key for signature"
+}
+
+variable "hpcr_ca_privatekey_path" {
+  type = string
+  description = "Path to CA private key"
+}
+
+variable "hpcr_cacert_path" {
+  type = string
+  description = "Path to CA certificate"
+}
+
+variable "hpcr_csr_country" {
+  type = string
+  description = "HPCR CSR country"
+}
+
+variable "hpcr_csr_state" {
+  type = string
+  description = "HPCR CSR state"
+}
+
+variable "hpcr_csr_location" {
+  type = string
+  description = "HPCR CSR location"
+}
+
+variable "hpcr_csr_org" {
+  type = string
+  description = "HPCR CSR org"
+}
+
+variable "hpcr_csr_unit" {
+  type = string
+  description = "HPCR CSR unit"
+}
+
+variable "hpcr_csr_domain" {
+  type = string
+  description = "HPCR CSR domain"
+}
+
+variable "hpcr_csr_mail" {
+  type = string
+  description = "HPCR CSR Mail ID"
+}
+
+variable "hpcr_contract_expiry_days" {
+  type = number
+  description = "Number of days for contract to expire"
+}
+
+variable "logdna_ingestion_key" {
+  type        = string
+  sensitive   = true
+  description = <<-DESC
+                  Ingestion key for IBM Log Analysis instance. This can be 
+                  obtained from "Linux/Ubuntu" section of "Logging resource" 
+                  tab of IBM Log Analysis instance
+                DESC
+}
+
+variable "logdna_ingestion_hostname" {
+  type        = string
+  description = <<-DESC
+                  rsyslog endpoint of IBM Log Analysis instance. 
+                  Don't include the port. Example: 
+                  syslog-a.<log_region>.logging.cloud.ibm.com
+                  log_region is the region where IBM Log Analysis is deployed
+                DESC
+}