fix: update OCP landing zone UI validations and field configurations

[HarikaPonna]

Description

Addresses multiple UI-related issues in the OCP Landing Zone DA, including:

1. Default prefix changed to "ocp"
2. Added Regex validation for worker pool count
3. Enhanced boolean field descriptions with context-based widgets for:

• allow_public_access_to_cluster_management
• allow_outbound_traffic

5. Added clarity for SM trial selection

Release required?

• No release
• Patch release (x.x.X)
• Minor release (x.X.x)
• Major release (X.x.x)

Release notes content

updated OCP landing zone UI validations and field configurations

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

• If relevant, a test for the change is included or updated with this PR.
• If relevant, documentation for the change is included or updated with this PR.

For mergers

• Use a conventional commit message to set the release level. Follow the guidelines.
• Include information that users need to know about the PR in the commit message. The commit message becomes part of the GitHub release notes.
• Use the Squash and merge option.

[ocofaigh]

see comments

[maheshwarishikha]

LGTM

[ocofaigh]

see comments

[Aashiq-J]

LGTM

[HarikaPonna]

/run pipeline

[HarikaPonna]

tested and deployed to verify changes with

1. allow_public_access_to_cluster_management: Enabled

2. allow_public_access_to_cluster_management: disabled

[Aashiq-J]

@ocofaigh , @maheshwarishikha

On second thought, if allow_public_access_to_cluster_management is set to false, the cluster will be private. In that case, there's no reason to display the "Open Web Console" button, since it won’t be accessible from the public internet.

[ocofaigh]

@Aashiq-J You could access it if you had a client to site VPN on your machine. Also the IKS Dashboard shows the button even if you don't have access, so its just the same.

[HarikaPonna]

/run pipeline

[HarikaPonna]

Skipping upgrade tests for this PR.
I updated the cluster name and prefix, which makes Terraform detect resource changes ,plan a recreation, and hence the pipeline is failing.This is expected due to the naming update.So skipping the upgrade test.

[HarikaPonna]

/run pipeline

[ocofaigh]

@HarikaPonna When skipping the upgrade test, please include the snippet from the logs that shows the upgrade test failure reason. I can see this was actually the failure in the last run before upgrade test was skipped:

│ Error: ---
│ id: terraform-8b32a0b4
│ summary: 'CreatePublicGatewayWithContext failed: Creating a new public gateway will
│   put the user over quota. Allocated: 1, Requested: 1, Quota: 1'
│ severity: error
│ resource: ibm_is_public_gateway
│ operation: create
│ component:
│   name: github.com/IBM-Cloud/terraform-provider-ibm
│   version: 1.85.0
│ ---
│ 
│ 
│   with module.vpc.ibm_is_public_gateway.gateway["zone-1"],
│   on .terraform/modules/vpc/main.tf line 282, in resource "ibm_is_public_gateway" "gateway":
│  282: resource "ibm_is_public_gateway" "gateway" {
│ 
╵}

However I can see the run before that, the following (which as you said is expected):

        	Test:       	TestRunQuickstartUpgradeSchematics
        	Messages:   	Resource(s) identified to be destroyed 
        	            	Name: cluster
        	            	Address: module.ocp_base.ibm_container_vpc_cluster.cluster[0]
        	            	Actions: [delete create]

2025/11/12 10:09:55 Terraform plan |   # module.ocp_base.ibm_container_vpc_cluster.cluster[0] must be replaced
         2025/11/12 10:09:55 Terraform plan | -/+ resource "ibm_container_vpc_cluster" "cluster" {
         2025/11/12 10:09:55 Terraform plan |       ~ albs                                = [] -> (known after apply)
         2025/11/12 10:09:55 Terraform plan |       ~ crn                                 = "crn:v1:bluemix:public:containers-kubernetes:br-sao:a/abac0df06b644a9cabc6e44f55b3880e:d4a51aqz0h5946sob000::" -> (known after apply)
         2025/11/12 10:09:55 Terraform plan |       ~ id                                  = "d4a51aqz0h5946sob000" -> (known after apply)
         2025/11/12 10:09:55 Terraform plan |       ~ ingress_hostname                    = "ocp-qs-upg-17k-openshift-3b5bf5f75003778663c521c8c35ad277-0000.br-sao.containers.appdomain.cloud" -> (known after apply)
         2025/11/12 10:09:55 Terraform plan |       ~ ingress_secret                      = (sensitive value)
         2025/11/12 10:09:55 Terraform plan |       ~ master_status                       = "Ready" -> (known after apply)
         2025/11/12 10:09:55 Terraform plan |       ~ master_url                          = "https://c104-e.br-sao.containers.cloud.ibm.com:32106/" -> (known after apply)
         2025/11/12 10:09:55 Terraform plan |       ~ name                                = "ocp-qs-upg-17k-openshift-qs" -> "ocp-qs-upg-17k-cluster" # forces replacement

[HarikaPonna]

Re-running the pipeline.

The apply phase completed successfully — verified in the Schematics logs.

 module.ocp_base.ibm_container_addons.addons: Still creating... [00m10s elapsed]
 2025/11/13 06:00:30 Terraform apply | module.ocp_base.ibm_container_addons.addons: Creation complete after 16s [id=d4amj1tz0tn4npedkebg]
 2025/11/13 06:00:30 Terraform apply | 
 2025/11/13 06:00:30 Terraform apply | Apply complete! Resources: 15 added, 0 changed, 0 destroyed.
 2025/11/13 06:00:30 Terraform apply | 
 ]

The destroy phase failed due to a timeout error

y | Error: ---
 2025/11/13 05:59:08 Terraform destroy | id: terraform-c907de16
 2025/11/13 05:59:08 Terraform destroy | summary: 'DeleteSubnetWithContext on retry failed: timeout while waiting for state
 2025/11/13 05:59:08 Terraform destroy |   to become ''deleting, done, '' (last state: ''resources_attached'', timeout: 10m0s)'
 2025/11/13 05:59:08 Terraform destroy | severity: error
 2025/11/13 05:59:08 Terraform destroy | resource: ibm_is_subnet
 2025/11/13 05:59:08 Terraform destroy | operation: delete
 

[HarikaPonna]

/run pipeline

addressed

[ocofaigh]

@HarikaPonna Can we make sure we are consistent in the other variations too. The source code is in https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone

[terraform-ibm-modules-ops]

🎉 This PR is included in version 3.72.0 🎉

The release is available on:

• GitHub release
• v3.72.0

Your semantic-release bot 📦🚀

[HarikaPonna]

@HarikaPonna Can we make sure we are consistent in the other variations too. The source code is in https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone

Yes, I’ve updated the other variations as well.