feat: support for managing ODF version based on the OCP version. <br>- Ability to edit subnets of the VPC addon DA <br><br>fixes: <br>- Retry operator failure when running reset_api_key (#712)

Aashiq-J · web-flow · commit 2f339be5b62a · 2025-07-17T14:49:36.000+05:30
diff --git a/ibm_catalog.json b/ibm_catalog.json
@@ -92,8 +92,10 @@
             },
             {
               "service_name": "is.vpc",
-              "role_crns": ["crn:v1:bluemix:public:iam::::role:Administrator"],
-               "notes": "Required for creating Virtual Private Cloud(VPC)."
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Administrator"
+              ],
+              "notes": "Required for creating Virtual Private Cloud(VPC)."
             },
             {
               "service_name": "cloud-object-storage",
@@ -140,7 +142,7 @@
               "role_crns": [
                 "crn:v1:bluemix:public:iam::::serviceRole:Manager"
               ],
-               "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Logs Routing."
+              "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Logs Routing."
             },
             {
               "service_name": "atracker",
@@ -271,7 +273,8 @@
                 {
                   "displayname": "cx2.16x32",
                   "value": "cx2.16x32"
-                },{
+                },
+                {
                   "displayname": "cx2.32x64",
                   "value": "cx2.32x64"
                 },
@@ -367,7 +370,8 @@
                   "displayname": "mx2d.metal.96x768 (Only available in Toronto (ca-tor))) ",
                   "value": "mx2d.metal.96x768"
                 },
-                { "displayname": "mx2.16x128.2000gb (Not available in Sao Paulo (br-sao), Montreal (ca-mon), Madrid (eu-es), Osaka (jp-osa))",
+                {
+                  "displayname": "mx2.16x128.2000gb (Not available in Sao Paulo (br-sao), Montreal (ca-mon), Madrid (eu-es), Osaka (jp-osa))",
                   "value": "mx2.16x128.2000gb"
                 },
                 {
@@ -726,6 +730,14 @@
             {
               "key": "skip_ocp_secrets_manager_iam_auth_policy"
             },
+            {
+              "key": "subnets",
+              "type": "object",
+              "default_value": "{\n    zone-1 = [\n      {\n        name           = \"subnet-a\"\n        cidr           = \"10.10.10.0/24\"\n        public_gateway = true\n        acl_name       = \"vpc-acl\"\n        no_addr_prefix = false\n      }\n    ],\n    zone-2 = [\n      {\n        name           = \"subnet-b\"\n        cidr           = \"10.20.10.0/24\"\n        public_gateway = false\n        acl_name       = \"vpc-acl\"\n        no_addr_prefix = false\n      }\n    ],\n    zone-3 = [\n      {\n        name           = \"subnet-c\"\n        cidr           = \"10.30.10.0/24\"\n        public_gateway = false\n        acl_name       = \"vpc-acl\"\n        no_addr_prefix = false\n      }\n    ]\n  }",
+              "description": "List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#subnets-).",
+              "required": false,
+              "virtual": true
+            },
             {
               "key": "provider_visibility",
               "options": [
@@ -769,13 +781,18 @@
                   "reference_version": true
                 },
                 {
-                  "dependency_input":"region",
-                  "version_input":"region",
+                  "dependency_input": "region",
+                  "version_input": "region",
                   "reference_version": true
                 },
                 {
                   "dependency_output": "vpc_crn",
                   "version_input": "existing_vpc_crn"
+                },
+                {
+                  "dependency_input": "subnets",
+                  "version_input": "subnets",
+                  "reference_version": true
                 }
               ]
             },
diff --git a/modules/kube-audit/scripts/set_audit_log_policy.sh b/modules/kube-audit/scripts/set_audit_log_policy.sh
@@ -27,7 +27,7 @@ function apply_oc_patch() {
         else
             echo "Failed to apply patch. Retrying in ${RETRY_WAIT}s..."
             sleep $RETRY_WAIT
-            ((attempt++))
+            attempt=$((attempt+1))
             RETRY_WAIT=$((RETRY_WAIT * 2))
         fi
     done
diff --git a/scripts/enable_disable_ocp_console.sh b/scripts/enable_disable_ocp_console.sh
@@ -28,7 +28,7 @@ function apply_oc_patch() {
     else
       echo "Failed to apply patch. Retrying in ${retry_wait_time}s..."
       sleep $retry_wait_time
-      ((attempt++))
+      attempt=$((attempt+1))
     fi
   done
 
@@ -50,7 +50,7 @@ function remove_oc_patch() {
     else
       echo "Failed to remove patch. Retrying in ${retry_wait_time}s..."
       sleep $retry_wait_time
-      ((attempt++))
+      attempt=$((attempt+1))
     fi
   done
 
diff --git a/scripts/reset_iks_api_key.sh b/scripts/reset_iks_api_key.sh
@@ -107,7 +107,7 @@ if [ "${reset}" == true ]; then
             echo "ERROR:: FAILED TO RESET THE IAM API KEY"
             echo "$result"
             sleep $retry_wait_time
-            ((attempt++))
+            attempt=$((attempt+1))
         fi
         # sleep for 10 secs to allow the new key to be replicated across backend DB instances before attempting to create cluster
     done
diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf
@@ -191,6 +191,13 @@ locals {
       additional_security_group_ids = pool.additional_security_group_ids
       subnet_prefix                 = "default"
   } if length(pool.vpc_subnets) == 0])
+
+  # Managing the ODF version accordingly, as it changes with each OCP version.
+  addons = lookup(var.addons, "openshift-data-foundation", null) != null ? lookup(var.addons["openshift-data-foundation"], "version", null) == null ? { for key, value in var.addons :
+    key => value != null ? {
+      version         = lookup(value, "version", null) == null && key == "openshift-data-foundation" ? "${var.ocp_version}.0" : lookup(value, "version", null)
+      parameters_json = lookup(value, "parameters_json", null)
+  } : null } : var.addons : var.addons
 }
 
 module "ocp_base" {
@@ -210,7 +217,7 @@ module "ocp_base" {
   ocp_entitlement                          = var.ocp_entitlement
   additional_lb_security_group_ids         = var.additional_lb_security_group_ids
   additional_vpe_security_group_ids        = var.additional_vpe_security_group_ids
-  addons                                   = var.addons
+  addons                                   = local.addons
   allow_default_worker_pool_replacement    = var.allow_default_worker_pool_replacement
   attach_ibm_managed_security_group        = var.attach_ibm_managed_security_group
   cluster_config_endpoint_type             = var.cluster_config_endpoint_type
