Adding license

Author: harsh97

feature_store/apigw_terraform/LICENSE

@@ -0,0 +1,27 @@
+Copyright (c) 2024 Oracle and/or its affiliates.  All rights reserved.
+
+The Universal Permissive License (UPL), Version 1.0
+
+Subject to the condition set forth below, permission is hereby granted to any person obtaining a copy of this
+software, associated documentation and/or data (collectively the "Software"), free of charge and under any and
+all copyright rights in the Software, and any and all patent rights owned or freely licensable by each licensor
+hereunder covering either (i) the unmodified Software as contributed to or provided by such licensor, or
+(ii) the Larger Works (as defined below), to deal in both
+
+(a) the Software, and
+(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if one is included with the Software
+(each a “Larger Work” to which the Software is contributed by such licensors),
+
+without restriction, including without limitation the rights to copy, create derivative works of, display,
+perform, and distribute the Software and make, use, sell, offer for sale, import, export, have made, and have
+sold the Software and the Larger Work(s), and to sublicense the foregoing rights on either these or other terms.
+
+This license is subject to the following condition:
+The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must
+be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+IN THE SOFTWARE.

feature_store/apigw_terraform/README.md

@@ -2,13 +2,11 @@ This module handles opinionated Feature Store AuthN/AuthZ configuration using AP
 
 ## Deploy Using Oracle Resource Manager
 
-> ___NOTE:___ If you aren't already signed in, when prompted, enter the tenancy and user credentials. Review and accept the terms and conditions.
+> ___NOTE:___ If you aren't already signed in, when prompted, enter the compartment <compartment_name> and user credentials. Review and accept the terms and conditions.
 
-1. Click to deploy the stack
+1. Click to download the [terraform bundle][https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://raw.githubusercontent.com/harsh97/oci-data-science-ai-samples/feature-store/feature_store/fs_apigw_terraform.zip]
 
-   [![Deploy to Oracle Cloud][magic_button]][magic_oke_stack]
-
-1. Select the region and compartment where you want to deploy the stack.
+1. Create a stack in OCI resource manager with the downloaded bundle
 
 1. Follow the on-screen prompts and instructions to create the stack.
 
@@ -23,14 +21,16 @@ This module handles opinionated Feature Store AuthN/AuthZ configuration using AP
 1. After the stack application is complete attach the auto-provisioned security rules to the respective service and node subnets of the OKE cluster. 
 
 ### Prerequisites
-
-Create a terraform.tfvars file and populate with the required variables or override existing variables.
-
-Note: An example [tfvars file](examples/terraform.tfvars.example) is included for reference. Using this file is the
-preferred way to run the stack from the CLI, because of the large number of variables to manage.
-
-To use this file just copy the example [tfvars file](examples/terraform.tfvars.example) and save it in the outermost directory.
-Next, rename the file to __terraform.tfvars__. You can override the example values set in this file.
+#### Required permissions:
+allow group <user_group> to manage orm-stacks in compartment <compartment_name>
+allow group <user_group> to manage orm-jobs in compartment <compartment_name>
+allow group <user_group> to read network-load-balancers in compartment <compartment_name>
+allow group <user_group> to read instances in compartment <compartment_name>
+allow group <user_group> to manage groups in compartment <compartment_name>
+allow group <user_group> to manage dynamic-groups in compartment <compartment_name>
+allow group <user_group> to manage functions-family in compartment <compartment_name>
+allow group <user_group> to manage virtual-network-family in compartment <compartment_name>
+allow group <user_group> to manage policies in tenancy
 
 
 ### Running Terraform
@@ -42,11 +42,11 @@ terraform init
 ```
 
 ```bash
-terraform plan
+terraform plan -var-file=<path-to-variable-file>
 ```
 
 ```bash
-terraform apply
+terraform apply -var-file=<path-to-variable-file>
 ```
 
 ```bash
@@ -62,5 +62,4 @@ See [LICENSE](./LICENSE) for more details.
 
 [oci]: https://cloud.oracle.com/en_US/cloud-infrastructure
 [oci_rm]: https://docs.cloud.oracle.com/iaas/Content/ResourceManager/Concepts/resourcemanager.htm
-[magic_button]: https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg
-[magic_oke_stack]: https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://raw.githubusercontent.com/harsh97/oci-data-science-ai-samples/feature-store/feature_store/fs_apigw_terraform.zip
+[stack]: https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://raw.githubusercontent.com/harsh97/oci-data-science-ai-samples/feature-store/feature_store/fs_apigw_terraform.zip

feature_store/apigw_terraform/main.tf

@@ -15,8 +15,8 @@ data oci_network_load_balancer_network_load_balancer nlb {
   network_load_balancer_id = var.nlb_id
 }
 
-module "feature_store_gw_subnet" {
-  source = "./modules/subnet"
+module "feature_store_networking" {
+  source = "./modules/feature_store_networking"
   kubernetes_nlb_id = var.nlb_id
   compartment_id = local.compartment_id
   subnet_name = "fs-gw-subnet"
@@ -30,7 +30,7 @@ module "function" {
   authorized_groups = var.authorized_user_groups
   compartment_id = local.compartment_id
   ocir_path = var.function_img_ocir_url
-  subnet_id = module.feature_store_gw_subnet.subnet_id
+  subnet_id = module.feature_store_networking.subnet_id
   name_suffix = random_string.suffix.id
 }
 
@@ -39,7 +39,7 @@ module "api_gw" {
   compartment_id = local.compartment_id
   function_id = module.function.fn_id
   nlb_id = var.nlb_id
-  subnet_id = module.feature_store_gw_subnet.subnet_id
+  subnet_id = module.feature_store_networking.subnet_id
 }
 
 resource oci_identity_policy feature_store_policies {

feature_store/apigw_terraform/modules/api_gw/main.tf

@@ -6,11 +6,11 @@ locals {
   # we are doing it like this because of issues in escaping ${ character
   path_str = format("%s%s","$","{request.path[")
   path_map = {for path,methods in local.unique_paths: path=>replace(replace(tostring(path), "{", local.path_str),"}", "]}")}
-  policies = ["allow any-user to use functions-family in compartment ${data.oci_identity_compartment.compartment1.name} where ALL {request.principal.type='ApiGateway'}"]
+  policies = ["allow any-user to use functions-family in compartment ${data.oci_identity_compartment.compartment.name} where ALL {request.principal.type='ApiGateway'}"]
 
 }
 
-data "oci_identity_compartment" "compartment1" {
+data "oci_identity_compartment" "compartment" {
   id = var.compartment_id
 }