Merge pull request #7592 from miyamotoh/transit-gateway-quota

openshift-merge-bot[bot] · web-flow · commit 4b2260918b23 · 2023-12-06T17:50:18.000Z
MULTIARCH-4042: Reuse existing Transit Gateway in target Workspace, or create anew
diff --git a/data/data/powervs/cluster/main.tf b/data/data/powervs/cluster/main.tf
@@ -35,14 +35,13 @@ module "pi_network" {
   }
   source = "./power_network"
 
-  cluster_id              = var.cluster_id
-  cloud_instance_id       = module.iaas.si_guid
-  resource_group          = var.powervs_resource_group
-  machine_cidr            = var.machine_v4_cidrs[0]
-  vpc_crn                 = module.vpc.vpc_crn
-  dns_server              = module.dns.dns_server
-  enable_snat             = var.powervs_enable_snat
-  transit_gateway_enabled = var.powervs_transit_gateway_enabled
+  cluster_id        = var.cluster_id
+  cloud_instance_id = module.iaas.si_guid
+  resource_group    = var.powervs_resource_group
+  machine_cidr      = var.machine_v4_cidrs[0]
+  vpc_crn           = module.vpc.vpc_crn
+  dns_server        = module.dns.dns_server
+  enable_snat       = var.powervs_enable_snat
 }
 
 resource "ibm_pi_key" "cluster_key" {
@@ -148,12 +147,13 @@ module "transit_gateway" {
   }
   source = "./transit_gateway"
 
-  cluster_id              = var.cluster_id
-  resource_group          = var.powervs_resource_group
-  service_instance_crn    = module.iaas.si_crn
-  transit_gateway_enabled = var.powervs_transit_gateway_enabled
-  vpc_crn                 = module.vpc.vpc_crn
-  vpc_region              = var.powervs_vpc_region
+  cluster_id               = var.cluster_id
+  resource_group           = var.powervs_resource_group
+  service_instance_crn     = module.iaas.si_crn
+  attached_transit_gateway = var.powervs_attached_transit_gateway
+  tg_connection_vpc_id     = var.powervs_tg_connection_vpc_id
+  vpc_crn                  = module.vpc.vpc_crn
+  vpc_region               = var.powervs_vpc_region
 }
 
 module "iaas" {
diff --git a/data/data/powervs/cluster/transit_gateway/transit_gateway.tf b/data/data/powervs/cluster/transit_gateway/transit_gateway.tf
@@ -1,6 +1,6 @@
 # https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/tg_gateway
 resource "ibm_tg_gateway" "transit_gateway" {
-  count          = var.transit_gateway_enabled ? 1 : 0
+  count          = var.attached_transit_gateway == "" ? 1 : 0
   name           = "tg-${var.cluster_id}"
   location       = var.vpc_region
   global         = true
@@ -14,16 +14,16 @@ data "ibm_resource_group" "rg_pvs_ipi_rg" {
 
 # https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/tg_connection
 resource "ibm_tg_connection" "tg_connection_vpc" {
-  count        = var.transit_gateway_enabled ? 1 : 0
-  gateway      = resource.ibm_tg_gateway.transit_gateway[count.index].id
+  count        = var.tg_connection_vpc_id == "" ? 1 : 0
+  gateway      = var.attached_transit_gateway == "" ? resource.ibm_tg_gateway.transit_gateway[0].id : var.attached_transit_gateway
   network_type = "vpc"
   name         = "tg-${var.cluster_id}-conn-vpc"
   network_id   = var.vpc_crn
 }
 
 # https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/tg_connection
 resource "ibm_tg_connection" "tg_connection_pvs" {
-  count        = var.transit_gateway_enabled ? 1 : 0
+  count        = var.attached_transit_gateway == "" ? 1 : 0
   gateway      = resource.ibm_tg_gateway.transit_gateway[count.index].id
   network_type = "power_virtual_server"
   name         = "tg-${var.cluster_id}-conn-pvs"
diff --git a/data/data/powervs/cluster/transit_gateway/variables.tf b/data/data/powervs/cluster/transit_gateway/variables.tf
@@ -8,10 +8,14 @@ variable "resource_group" {
   description = "The name of the Power VS resource group to which the user belongs."
 }
 
-variable "transit_gateway_enabled" {
-  type        = bool
-  description = "Boolean indicating if Transit Gateways should be used."
-  default     = false
+variable "attached_transit_gateway" {
+  type        = string
+  description = "The ID of already attached Transit Gateways, if any."
+}
+
+variable "tg_connection_vpc_id" {
+  type        = string
+  description = "ID of a VPC connection to the transit gateway specified in attached_transit_gateway, if any."
 }
 
 variable "service_instance_crn" {
diff --git a/data/data/powervs/variables-powervs.tf b/data/data/powervs/variables-powervs.tf
@@ -93,6 +93,11 @@ variable "powervs_vpc_gateway_attached" {
   default     = false
 }
 
+variable "powervs_tg_connection_vpc_id" {
+  type        = string
+  description = "ID of a VPC connection to the transit gateway specified in attached_transit_gateway, if any."
+}
+
 variable "powervs_vpc_gateway_name" {
   type        = string
   description = "The name of a pre-created VPC gateway. Must be in $powervs_vpc_region"
@@ -117,6 +122,12 @@ variable "powervs_transit_gateway_enabled" {
   default     = false
 }
 
+variable "powervs_attached_transit_gateway" {
+  type        = string
+  description = "ID of already attached Transit Gateways."
+  default     = ""
+}
+
 ################################################################
 # Configure instances
 ################################################################
diff --git a/pkg/asset/cluster/tfvars.go b/pkg/asset/cluster/tfvars.go
@@ -895,10 +895,10 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error {
 		}
 		var (
 			vpcRegion, vpcZone string
+			vpc                *vpcv1.VPC
 		)
 		vpcName := installConfig.Config.PowerVS.VPCName
 		if vpcName != "" {
-			var vpc *vpcv1.VPC
 			vpc, err = client.GetVPCByName(ctx, vpcName)
 			if err != nil {
 				return err
@@ -940,7 +940,20 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error {
 			}
 		}
 
-		transitGatewayEnabled := powervsconfig.TransitGatewayEnabledZone(installConfig.Config.Platform.PowerVS.Zone)
+		attachedTG := ""
+		tgConnectionVPCID := ""
+		if installConfig.Config.PowerVS.ServiceInstanceGUID != "" {
+			attachedTG, err = client.GetAttachedTransitGateway(ctx, installConfig.Config.PowerVS.ServiceInstanceGUID)
+			if err != nil {
+				return err
+			}
+			if attachedTG != "" && vpc != nil {
+				tgConnectionVPCID, err = client.GetTGConnectionVPC(ctx, attachedTG, *vpc.ID)
+				if err != nil {
+					return err
+				}
+			}
+		}
 
 		// If a service instance GUID was passed in the install-config.yaml file, then
 		// find the corresponding name for it.  Otherwise, we expect our Terraform to
@@ -953,27 +966,28 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error {
 		osImage := strings.SplitN(string(*rhcosImage), "/", 2)
 		data, err = powervstfvars.TFVars(
 			powervstfvars.TFVarsSources{
-				MasterConfigs:         masterConfigs,
-				Region:                installConfig.Config.Platform.PowerVS.Region,
-				Zone:                  installConfig.Config.Platform.PowerVS.Zone,
-				APIKey:                APIKey,
-				SSHKey:                installConfig.Config.SSHKey,
-				PowerVSResourceGroup:  installConfig.Config.PowerVS.PowerVSResourceGroup,
-				ImageBucketName:       osImage[0],
-				ImageBucketFileName:   osImage[1],
-				VPCRegion:             vpcRegion,
-				VPCZone:               vpcZone,
-				VPCName:               vpcName,
-				VPCSubnetName:         vpcSubnet,
-				VPCPermitted:          vpcPermitted,
-				VPCGatewayName:        vpcGatewayName,
-				VPCGatewayAttached:    vpcGatewayAttached,
-				CISInstanceCRN:        cisCRN,
-				DNSInstanceCRN:        dnsCRN,
-				PublishStrategy:       installConfig.Config.Publish,
-				EnableSNAT:            len(installConfig.Config.DeprecatedImageContentSources) == 0 && len(installConfig.Config.ImageDigestSources) == 0,
-				TransitGatewayEnabled: transitGatewayEnabled,
-				ServiceInstanceName:   serviceInstanceName,
+				MasterConfigs:          masterConfigs,
+				Region:                 installConfig.Config.Platform.PowerVS.Region,
+				Zone:                   installConfig.Config.Platform.PowerVS.Zone,
+				APIKey:                 APIKey,
+				SSHKey:                 installConfig.Config.SSHKey,
+				PowerVSResourceGroup:   installConfig.Config.PowerVS.PowerVSResourceGroup,
+				ImageBucketName:        osImage[0],
+				ImageBucketFileName:    osImage[1],
+				VPCRegion:              vpcRegion,
+				VPCZone:                vpcZone,
+				VPCName:                vpcName,
+				VPCSubnetName:          vpcSubnet,
+				VPCPermitted:           vpcPermitted,
+				VPCGatewayName:         vpcGatewayName,
+				VPCGatewayAttached:     vpcGatewayAttached,
+				CISInstanceCRN:         cisCRN,
+				DNSInstanceCRN:         dnsCRN,
+				PublishStrategy:        installConfig.Config.Publish,
+				EnableSNAT:             len(installConfig.Config.DeprecatedImageContentSources) == 0 && len(installConfig.Config.ImageDigestSources) == 0,
+				AttachedTransitGateway: attachedTG,
+				TGConnectionVPCID:      tgConnectionVPCID,
+				ServiceInstanceName:    serviceInstanceName,
 			},
 		)
 		if err != nil {
diff --git a/pkg/asset/installconfig/powervs/client.go b/pkg/asset/installconfig/powervs/client.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"strings"
 	"time"
 
 	"github.com/IBM-Cloud/bluemix-go/crn"
@@ -14,6 +15,7 @@ import (
 	"github.com/IBM/networking-go-sdk/dnssvcsv1"
 	"github.com/IBM/networking-go-sdk/dnszonesv1"
 	"github.com/IBM/networking-go-sdk/resourcerecordsv1"
+	"github.com/IBM/networking-go-sdk/transitgatewayapisv1"
 	"github.com/IBM/networking-go-sdk/zonesv1"
 	"github.com/IBM/platform-services-go-sdk/iamidentityv1"
 	"github.com/IBM/platform-services-go-sdk/resourcecontrollerv2"
@@ -42,16 +44,19 @@ type API interface {
 	ListServiceInstances(ctx context.Context) ([]string, error)
 	ServiceInstanceGUIDToName(ctx context.Context, id string) (string, error)
 	GetDatacenterCapabilities(ctx context.Context, region string) (map[string]bool, error)
+	GetAttachedTransitGateway(ctx context.Context, svcInsID string) (string, error)
+	GetTGConnectionVPC(ctx context.Context, gatewayID string, vpcSubnetID string) (string, error)
 }
 
 // Client makes calls to the PowerVS API.
 type Client struct {
-	APIKey         string
-	BXCli          *BxClient
-	managementAPI  *resourcemanagerv2.ResourceManagerV2
-	controllerAPI  *resourcecontrollerv2.ResourceControllerV2
-	vpcAPI         *vpcv1.VpcV1
-	dnsServicesAPI *dnssvcsv1.DnsSvcsV1
+	APIKey            string
+	BXCli             *BxClient
+	managementAPI     *resourcemanagerv2.ResourceManagerV2
+	controllerAPI     *resourcecontrollerv2.ResourceControllerV2
+	vpcAPI            *vpcv1.VpcV1
+	dnsServicesAPI    *dnssvcsv1.DnsSvcsV1
+	transitGatewayAPI *transitgatewayapisv1.TransitGatewayApisV1
 }
 
 // cisServiceID is the Cloud Internet Services' catalog service ID.
@@ -138,6 +143,7 @@ func (c *Client) loadSDKServices() error {
 		c.loadResourceControllerAPI,
 		c.loadVPCV1API,
 		c.loadDNSServicesAPI,
+		c.loadTransitGatewayAPI,
 	}
 
 	// Call all the load functions.
@@ -504,6 +510,22 @@ func (c *Client) loadDNSServicesAPI() error {
 	return nil
 }
 
+func (c *Client) loadTransitGatewayAPI() error {
+	authenticator := &core.IamAuthenticator{
+		ApiKey: c.APIKey,
+	}
+	versionDate := "2023-07-04"
+	tgSvc, err := transitgatewayapisv1.NewTransitGatewayApisV1(&transitgatewayapisv1.TransitGatewayApisV1Options{
+		Authenticator: authenticator,
+		Version:       &versionDate,
+	})
+	if err != nil {
+		return err
+	}
+	c.transitGatewayAPI = tgSvc
+	return nil
+}
+
 // SetVPCServiceURLForRegion will set the VPC Service URL to a specific IBM Cloud Region, in order to access Region scoped resources
 func (c *Client) SetVPCServiceURLForRegion(ctx context.Context, region string) error {
 	regionOptions := c.vpcAPI.NewGetRegionOptions(region)
@@ -663,12 +685,6 @@ func (c *Client) ListServiceInstances(ctx context.Context) ([]string, error) {
 	return serviceInstances, nil
 }
 
-// TransitGatewayEnabledZone returns if a zone is configured for transit gateways rather than cloud connections.
-func TransitGatewayEnabledZone(zone string) bool {
-	// @TBD - HACK.  Waiting for officially supported detection function
-	return zone == "dal10"
-}
-
 // ServiceInstanceGUIDToName returns the name of the matching service instance GUID which was passed in.
 func (c *Client) ServiceInstanceGUIDToName(ctx context.Context, id string) (string, error) {
 	var (
@@ -765,3 +781,111 @@ func (c *Client) GetDatacenterCapabilities(ctx context.Context, region string) (
 	}
 	return getOk.Payload.Capabilities, nil
 }
+
+// GetAttachedTransitGateway finds an existing Transit Gateway attached to the provided PowerVS cloud instance.
+func (c *Client) GetAttachedTransitGateway(ctx context.Context, svcInsID string) (string, error) {
+	var (
+		gateways []transitgatewayapisv1.TransitGateway
+		gateway  transitgatewayapisv1.TransitGateway
+		err      error
+		conns    []transitgatewayapisv1.TransitConnection
+		conn     transitgatewayapisv1.TransitConnection
+	)
+	gateways, err = c.getTransitGateways(ctx)
+	if err != nil {
+		return "", err
+	}
+	for _, gateway = range gateways {
+		conns, err = c.getTransitConnections(ctx, *gateway.ID)
+		if err != nil {
+			return "", err
+		}
+		for _, conn = range conns {
+			if *conn.NetworkType == "power_virtual_server" && strings.Contains(*conn.NetworkID, svcInsID) {
+				return *conn.TransitGateway.ID, nil
+			}
+		}
+	}
+	return "", nil
+}
+
+// GetTGConnectionVPC checks if the VPC subnet is attached to the provided Transit Gateway.
+func (c *Client) GetTGConnectionVPC(ctx context.Context, gatewayID string, vpcSubnetID string) (string, error) {
+	conns, err := c.getTransitConnections(ctx, gatewayID)
+	if err != nil {
+		return "", err
+	}
+	for _, conn := range conns {
+		if *conn.NetworkType == "vpc" && strings.Contains(*conn.NetworkID, vpcSubnetID) {
+			return *conn.ID, nil
+		}
+	}
+	return "", nil
+}
+
+func (c *Client) getTransitGateways(ctx context.Context) ([]transitgatewayapisv1.TransitGateway, error) {
+	var (
+		listTransitGatewaysOptions *transitgatewayapisv1.ListTransitGatewaysOptions
+		gatewayCollection          *transitgatewayapisv1.TransitGatewayCollection
+		response                   *core.DetailedResponse
+		err                        error
+		perPage                    int64 = 32
+		moreData                         = true
+	)
+
+	listTransitGatewaysOptions = c.transitGatewayAPI.NewListTransitGatewaysOptions()
+	listTransitGatewaysOptions.Limit = &perPage
+
+	result := []transitgatewayapisv1.TransitGateway{}
+
+	for moreData {
+		// https://github.com/IBM/networking-go-sdk/blob/master/transitgatewayapisv1/transit_gateway_apis_v1.go#L184
+		gatewayCollection, response, err = c.transitGatewayAPI.ListTransitGatewaysWithContext(ctx, listTransitGatewaysOptions)
+		if err != nil {
+			return nil, fmt.Errorf("failed to list transit gateways: %w and the respose is: %s", err, response)
+		}
+
+		result = append(result, gatewayCollection.TransitGateways...)
+
+		if gatewayCollection.Next != nil {
+			listTransitGatewaysOptions.SetStart(*gatewayCollection.Next.Start)
+		}
+
+		moreData = gatewayCollection.Next != nil
+	}
+
+	return result, nil
+}
+
+func (c *Client) getTransitConnections(ctx context.Context, tgID string) ([]transitgatewayapisv1.TransitConnection, error) {
+	var (
+		listConnectionsOptions *transitgatewayapisv1.ListConnectionsOptions
+		connectionCollection   *transitgatewayapisv1.TransitConnectionCollection
+		response               *core.DetailedResponse
+		err                    error
+		perPage                int64 = 32
+		moreData                     = true
+	)
+
+	listConnectionsOptions = c.transitGatewayAPI.NewListConnectionsOptions()
+	listConnectionsOptions.Limit = &perPage
+
+	result := []transitgatewayapisv1.TransitConnection{}
+
+	for moreData {
+		connectionCollection, response, err = c.transitGatewayAPI.ListConnectionsWithContext(ctx, listConnectionsOptions)
+		if err != nil {
+			return nil, fmt.Errorf("failed to list transit gateways: %w and the respose is: %s", err, response)
+		}
+
+		result = append(result, connectionCollection.Connections...)
+
+		if connectionCollection.Next != nil {
+			listConnectionsOptions.SetStart(*connectionCollection.Next.Start)
+		}
+
+		moreData = connectionCollection.Next != nil
+	}
+
+	return result, nil
+}
diff --git a/pkg/asset/installconfig/powervs/mock/powervsclient_generated.go b/pkg/asset/installconfig/powervs/mock/powervsclient_generated.go
diff --git a/pkg/tfvars/powervs/powervs.go b/pkg/tfvars/powervs/powervs.go
