feat: onboard "Existing VPC" VSI extension deployable architecture to IBM catalog (#610)

Author: ocofaigh

.catalog-onboard-pipeline.yaml

@@ -10,14 +10,18 @@ offerings:
         mark_ready: false
         install_type: fullstack
         pre_validation: "tests/scripts/pre-validation-generate-ssh-key.sh ssh_key patterns/vsi-quickstart"
-        destroy_resources_on_failure: true
-        destroy_workspace_on_failure: false
       - name: standard
         mark_ready: false
         install_type: fullstack
         pre_validation: "tests/scripts/pre-validation-generate-ssh-key.sh ssh_public_key patterns/vsi"
-        destroy_resources_on_failure: true
-        destroy_workspace_on_failure: false
+        scc:
+          instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
+          region: us-south
+      - name: existing-vpc
+        mark_ready: false
+        install_type: extension
+        pre_validation: "tests/scripts/pre-validation-deploy-slz-vpc.sh"
+        post_validation: "tests/scripts/post-validation-destroy-slz-vpc.sh"
         scc:
           instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
           region: us-south
@@ -29,8 +33,6 @@ offerings:
       - name: standard
         mark_ready: false
         install_type: fullstack
-        destroy_resources_on_failure: true
-        destroy_workspace_on_failure: false
         scc:
           instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
           region: us-south
@@ -42,8 +44,6 @@ offerings:
       - name: standard
         mark_ready: false
         install_type: fullstack
-        destroy_resources_on_failure: true
-        destroy_workspace_on_failure: false
         scc:
           instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
           region: us-south

ibm_catalog.json

@@ -1,11 +1,11 @@
 # Add a VSI to a landing zone VPC
 
-This architecture creates virtual server instances (VSI) for VPC in some or all of the subnets of any existing landing zone VPC deployable architecture.
+This architecture creates virtual server instances (VSI) in some or all of the subnets of one VPC of an existing landing zone deployable architecture. To create VSIs in multiple VPCs, deploy the extension once for each VPC.
 
 ## Before you begin
 
 - You must have either the [VPC landing zone](https://cloud.ibm.com/catalog/architecture/deploy-arch-ibm-slz-vpc-9fc0fa64-27af-4fed-9dce-47b3640ba739-global) or [Red Hat OpenShift Container Platform on VPC landing zone](https://cloud.ibm.com/catalog/architecture/deploy-arch-ibm-slz-ocp-95fccffc-ae3b-42df-b6d9-80be5914d852-global) deployable architecture deployed.
-- The block storage to KMS auth policy must exist. This policy would have been created by one of the above deployable architectures if the `add_kms_block_storage_s2s` variable was set to `true`, which is default value.
-- You need the VPC ID, subnet names, and boot volume encryption key from your existing landing zone VPC deployable architecture. For information about finding these values, see [Adding a VSI to your VPC landing zone deployable architecture](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-ext-with-vsi).
+- You need an authorization policy that grants access between block storage and the KMS. The policy exists if you set the `add_kms_block_storage_s2s` input variable to `true` (the default value) in your existing landing zone deployable architecture.
+- You need the VPC ID, subnet names, and boot volume encryption key from your existing landing zone deployable architecture. For information about finding these values, see [Adding a VSI to your VPC landing zone deployable architecture](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-ext-with-vsi).
 
 ![Architecture diagram for adding a VSI to your VPC landing zone deployable architecture](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vsi-extension.drawio.svg)

patterns/vsi-extension/README.md

@@ -0,0 +1,4 @@
+{
+  "ibmcloud_api_key": $VALIDATION_APIKEY,
+  "resource_tags": $TAGS
+}

patterns/vsi-extension/catalogValidationValues.json.template

@@ -30,6 +30,7 @@ variable "existing_ssh_key_name" {
 variable "ssh_public_key" {
   description = "A public SSH key that does not exist in the region where you want to deploy the VSI. The key must be an RSA key with a key size of either 2048 bits or 4096 bits (recommended). [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-ssh-keys). To use an existing key, specify a value in the `existing_ssh_key_name` input instead."
   type        = string
+  default     = null
 
   validation {
     error_message = "The public SSH key must be a valid SSH RSA public key."

patterns/vsi-extension/variables.tf

@@ -0,0 +1 @@
+The terraform code in this directory is used by the existing VPC VSI DA extension for catalog validation.

tests/resources/slz-vpc/README.md

@@ -0,0 +1,12 @@
+##############################################################################
+# SLZ VPC
+##############################################################################
+
+module "landing_zone" {
+  source                 = "../../../patterns/vpc/module"
+  region                 = var.region
+  prefix                 = var.prefix
+  tags                   = var.resource_tags
+  enable_transit_gateway = false
+  add_atracker_route     = false
+}

tests/resources/slz-vpc/main.tf

@@ -0,0 +1,35 @@
+##############################################################################
+# Outputs
+##############################################################################
+
+output "prefix" {
+  value       = var.prefix
+  description = "Prefix"
+}
+
+output "management_vpc_id" {
+  value = lookup(
+    [for vpc in module.landing_zone.vpc_data : vpc if vpc.vpc_name == "${var.prefix}-management-vpc"][0],
+    "vpc_id",
+  "")
+  description = "Management VPC ID"
+}
+
+output "workload_vpc_id" {
+  value = lookup(
+    [for vpc in module.landing_zone.vpc_data : vpc if vpc.vpc_name == "${var.prefix}-workload-vpc"][0],
+    "vpc_id",
+  "")
+  description = "Workload VPC ID"
+}
+
+# Parse the VSI KMS Key CRN
+locals {
+  vsi_key_map = lookup(module.landing_zone.key_map, "${var.prefix}-vsi-volume-key", "")
+  vsi_key_crn = lookup(local.vsi_key_map, "crn", "")
+}
+
+output "vsi_kms_key_crn" {
+  value       = local.vsi_key_crn
+  description = "VSI KMS Key CRN"
+}

tests/resources/slz-vpc/outputs.tf

@@ -0,0 +1,4 @@
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+  region           = var.region
+}

tests/resources/slz-vpc/provider.tf

@@ -0,0 +1,23 @@
+variable "ibmcloud_api_key" {
+  type        = string
+  description = "The IBM Cloud API Key"
+  sensitive   = true
+}
+
+variable "region" {
+  type        = string
+  description = "Region to provision all resources created by this example"
+  default     = "us-south"
+}
+
+variable "prefix" {
+  type        = string
+  description = "Prefix to append to all resources created by this example"
+  default     = "slz-vpc"
+}
+
+variable "resource_tags" {
+  type        = list(string)
+  description = "Optional list of tags to be added to created resources"
+  default     = []
+}