Updating with 201 content

01_read_state/primary/main.tf

@@ -0,0 +1,4 @@
+# primary/main.tf
+output "public_ip" {
+  value = "8.8.8.8"
+}

01_read_state/secondary/main.tf

@@ -0,0 +1,12 @@
+# secondary/main.tf
+# Read state from another Terraform config’s state
+data "terraform_remote_state" "primary" {
+  backend = "local"
+  config = {
+    path = "../primary/terraform.tfstate"
+  }
+}
+
+output "primary_public_ip" {
+  value = data.terraform_remote_state.primary.outputs.public_ip
+}

02_store_state/read_state/main.tf

@@ -0,0 +1,29 @@
+terraform {
+  backend "remote" {
+    organization = "<ORGANIZATION NAME>"
+
+    workspaces {
+      name = "terraform_cloud_read_state"
+    }
+  }
+}
+
+resource "random_id" "random" {
+  keepers = {
+    uuid = uuid()
+  }
+
+  byte_length = 8
+}
+
+data "terraform_remote_state" "write_state" {
+  backend = "remote"
+
+  config = {
+    organization = "<ORGANIZATION NAME>"
+
+    workspaces = {
+      name = "terraform_cloud_write_state"
+    }
+  }
+}

02_store_state/write_state/main.tf

@@ -0,0 +1,23 @@
+# lab_2_terraform_cloud_demo/write_state/main.tf
+terraform {
+  backend "remote" {
+    organization = "<ORGANIZATION NAME>"
+
+    workspaces {
+      name = "terraform_cloud_write_state"
+    }
+  }
+}
+
+
+resource "random_id" "random" {
+  keepers = {
+    uuid = uuid()
+  }
+
+  byte_length = 8
+}
+
+output "random" {
+  value = random_id.random.hex
+}

04_template_file/main.tf

@@ -0,0 +1,33 @@
+variable "owner_id" {
+  default = "anaconda"
+}
+
+locals {
+  policy = templatefile("${path.module}/templates/iam_policy.json.tpl", {
+    owner_id = var.owner_id
+    bucket_name = "${var.owner_id}-${uuid()}"
+  })
+}
+
+
+provider "aws" {
+}
+
+resource "aws_s3_bucket" "bucket1" {
+  bucket = "${var.owner_id}-${uuid()}"
+  acl = "private"
+}
+
+resource "aws_iam_policy" "bucket1"{
+  name = "${aws_s3_bucket.bucket1.id}-policy"
+  policy = local.policy
+}
+
+resource "aws_iam_user_policy_attachment" "attach-policy" {
+  user       = var.owner_id
+  policy_arn = aws_iam_policy.bucket1.arn
+}
+
+output "iam_policy" {
+  value = local.policy
+}

04_template_file/templates/iam_policy.json.tpl

@@ -0,0 +1,18 @@
+{
+  "Id": "Policy1527877254663",
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "Stmt1527877245190",
+      "Action": [
+        "s3:CreateBucket",
+        "s3:DeleteBucket",
+        "s3:DeleteObject",
+        "s3:GetObject",
+        "s3:ListObjects"
+      ],
+      "Effect": "Allow",
+      "Resource": "arn:aws:s3:::${bucket_name}"
+    }
+  ]
+}

05_multi-provider/main.tf

@@ -0,0 +1,89 @@
+variable "github_token" {
+}
+
+variable "ami" {
+}
+
+variable "identity" {
+  default = "anaconda"
+}
+
+variable "namespace" {
+  default = "multi-provider-demo"
+}
+
+provider "github" {
+  token        = var.github_token
+  organization = "placeholder"
+}
+
+provider "aws" {
+  version = ">= 1.19.0"
+}
+
+data "github_ip_ranges" "test" {
+}
+
+resource "aws_security_group" "training" {
+  name_prefix = var.namespace
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port = 0
+    to_port   = 0
+    protocol  = "-1"
+
+    cidr_blocks = ["0.0.0.0/0"]
+    #cidr_blocks = data.github_ip_ranges.test.pages
+  }
+}
+
+resource "aws_key_pair" "training" {
+  key_name   = "${var.identity}-${var.namespace}-key"
+  public_key = file("~/.ssh/id_rsa.pub")
+}
+
+resource "aws_instance" "example" {
+  ami                    = var.ami
+  instance_type          = "t2.micro"
+  vpc_security_group_ids = [aws_security_group.training.id]
+
+  key_name = aws_key_pair.training.id
+
+  tags = {
+    Name = "${var.identity}-simple-instance"
+  }
+
+  connection {
+    type        = "ssh"
+    user        = "ubuntu"
+    private_key = file("~/.ssh/id_rsa")
+    host        = aws_instance.example.public_ip
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "ping -c 5 ${cidrhost(element(data.github_ip_ranges.test.pages, 0), 0)}",
+      "ping -c 5 hashicorp.com",
+    ]
+  }
+}
+
+output "github_pages_ip_ranges" {
+  value = data.github_ip_ranges.test.pages
+}
+
+output "public_ip" {
+  value = [aws_instance.example.*.public_ip]
+}
+
+output "public_dns" {
+  value = [aws_instance.example.*.public_dns]
+}
+

06_lifecycles/main.tf

@@ -0,0 +1,34 @@
+provider "aws" {}
+
+resource "aws_security_group" "training" {
+  name_prefix = "demo"
+  #name_prefix = "demo-modified"
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # lifecycle {
+  #   create_before_destroy = true
+  #   prevent_destroy = true
+  # }
+}
+
+resource "aws_instance" "web" {
+  ami                    = "ami-0735ea082a1534cac"
+  instance_type          = "t2.micro"
+  vpc_security_group_ids = [aws_security_group.training.id]
+
+  tags = {
+    name = "demo-simple-instance"
+  }
+}

07_sentinel/sentinel.json

@@ -0,0 +1,7 @@
+{
+  "mock": {
+    "tfconfig": "testdata/mock-tfconfig.sentinel",
+    "tfplan": "testdata/mock-tfplan.sentinel",
+    "tfstate": "testdata/mock-tfstate.sentinel"
+  }
+}

07_sentinel/sentinel_demo/instance_type_is_medium.sentinel

@@ -0,0 +1,28 @@
+import "tfplan"
+
+allowed_sizes = ["t2.medium"]
+
+# Get all AWS instances contained in all modules being used
+get_aws_instances = func() {
+	instances = []
+	for tfplan.module_paths as path {
+		instances += values(tfplan.module(path).resources.aws_instance) else []
+	}
+	return instances
+}
+
+aws_instances = get_aws_instances()
+
+instance_types = rule {
+	all aws_instances as _, instances {
+		all instances as index, r {
+			all allowed_sizes as t {
+				r.applied.instance_type contains t
+			}
+		}
+	}
+}
+
+main = rule {
+	(instance_types) else true
+}

07_sentinel/simple/simple.sentinel

@@ -0,0 +1,3 @@
+main = rule {
+  true
+}

07_sentinel/simple/test/simple/pass.json

@@ -0,0 +1,5 @@
+{
+  "test": {
+    "main": true
+  }
+}

07_sentinel/with-data/test/with-data/expected-failure.json

@@ -0,0 +1,30 @@
+{
+  "global": {
+    "instance_type": "t2.nano",
+    "ami": {
+      "id": "ami-11111111"
+    }
+  },
+  "mock": {
+    "tfplan": {
+      "random_pet": {
+        "server": {
+          "0": {
+            "applied": {
+              "id": "deciding-pegasus",
+              "length": "2",
+              "separator": "-"
+            },
+            "diff": {}
+          }
+        }
+      }
+    }
+  },
+  "test": {
+    "main": false,
+    "instance_type_is_medium": false,
+    "ami_is_present": false,
+    "has_id": false
+  }
+}

07_sentinel/with-data/test/with-data/pass.json

@@ -0,0 +1,29 @@
+{
+  "global": {
+    "instance_type": "t2.medium",
+    "ami": {
+      "id": "ami-e474db9c"
+    }
+  },
+  "mock": {
+    "tfplan": {
+      "random_pet": {
+        "server": {
+          "0": {
+            "applied": {
+              "id": "deciding-pegasus",
+              "length": "2",
+              "separator": "-"
+            },
+            "diff": {}
+          }
+        }
+      }
+    }
+  },
+  "test": {
+    "main": true,
+    "instance_type_is_medium": true
+
+  }
+}

07_sentinel/with-data/with-data.sentinel

@@ -0,0 +1,21 @@
+import "tfplan"
+
+main = rule {
+	instance_type_is_medium and
+	ami_is_present and
+	has_id
+}
+
+instance_type_is_medium = rule {
+	instance_type is "t2.medium"
+}
+
+ami_is_present = rule {
+	ami.id is "ami-e474db9c"
+}
+
+has_id = rule {
+	any tfplan.random_pet.server as _, servers {
+		servers.applied.id is "deciding-pegasus"
+	}
+}