feat: refactored the VSI extension pattern in preperation for catalog release (#643)

Aashiq-J · web-flow · commit 92893c07f365 · 2023-12-06T17:32:46.000Z
diff --git a/patterns/vsi-extension/README.md b/patterns/vsi-extension/README.md
@@ -1,27 +1,11 @@
 # Add a VSI to a landing zone VPC
 
-This logic creates a VSI to an existing landing zone VPC.
+This architecture creates virtual server instances (VSI) for VPC in some or all of the subnets of any existing landing zone VPC deployable architecture.
 
-This code creates and configures the following infrastructure:
-- Adds an SSH key to IBM Cloud or uses an existing one.
-- Adds a VSI in each subnet of the landing zone VPC.
+## Before you begin
 
-There are two ways through which a user can pass the VPC details for deploying the VSI, both the approaches are mutually exclusive.
+- You must have either the [VPC landing zone](https://cloud.ibm.com/catalog/architecture/deploy-arch-ibm-slz-vpc-9fc0fa64-27af-4fed-9dce-47b3640ba739-global) or [Red Hat OpenShift Container Platform on VPC landing zone](https://cloud.ibm.com/catalog/architecture/deploy-arch-ibm-slz-ocp-95fccffc-ae3b-42df-b6d9-80be5914d852-global) deployable architecture deployed.
+- The block storage to KMS auth policy must exist. This policy would have been created by one of the above deployable architectures if the `add_kms_block_storage_s2s` variable was set to `true`, which is default value.
+- You need the VPC ID, subnet names, and boot volume encryption key from your existing landing zone VPC deployable architecture. For information about finding these values, see [Adding a VSI to your VPC landing zone deployable architecture](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-ext-with-vsi).
 
-## Using `vpc_id`
-
-The VPC ID of the landing zone VPC can be assigned to the variable vpc_id in order to create a VSI within that specific VPC.
-
-## Using `prerequisite_workspace_id` and `existing_vpc_name`
-
-The user can specify the workspace ID associated with the deployment of the landing zone VPC when creating a new VSI.
-
-Follow these steps to get the schematics workspace ID.
-
-1. Click the Navigation menu icon, and then click Schematics > Workspaces.
-1. Select the Workspace that is associated with landing zone VPC.
-1. Click the Settings.
-1. In the Details section, you can find the Workspace ID.
-
-Pass the Workspace ID to the `prerequisite_workspace_id` variable and pass the name of the VPC to the `existing_vpc_name` to choosse the name of the VPC to which the user wants to deploy the VSI.
-Please provide the Workspace ID for the prerequisite workspace and the name of the existing VPC to the `prerequisite_workspace_id` and `existing_vpc_name` variables respectively, to identify the VPC where you want to deploy the VSI.
+![Architecture diagram for adding a VSI to your VPC landing zone deployable architecture](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vsi-extension.drawio.svg)
diff --git a/patterns/vsi-extension/main.tf b/patterns/vsi-extension/main.tf
@@ -1,34 +1,3 @@
-##############################################################################
-# Schematics Data
-##############################################################################
-
-locals {
-  # tflint-ignore: terraform_unused_declarations
-  validate_vpc_vars = var.prerequisite_workspace_id == null && var.vpc_id == null ? tobool("var.prerequisite_workspace_id and var.vpc_id cannot be both set to null.") : true
-  # tflint-ignore: terraform_unused_declarations
-  validate_vpc_names = var.prerequisite_workspace_id != null && var.existing_vpc_name == null ? tobool("A value must be passed for var.existing_vpc_name to choose a VPC from the list of VPCs from the schematics workspace.") : true
-
-  location         = var.prerequisite_workspace_id != null ? regex("^[a-z/-]+", var.prerequisite_workspace_id) : null
-  fullstack_output = length(data.ibm_schematics_output.schematics_output) > 0 ? jsondecode(data.ibm_schematics_output.schematics_output[0].output_json) : null
-  vpc_id = var.prerequisite_workspace_id != null ? [
-    for vpc in local.fullstack_output[0].vpc_data.value :
-    vpc.vpc_data.id if vpc.vpc_data.name == var.existing_vpc_name
-  ][0] : var.vpc_id
-}
-
-data "ibm_schematics_workspace" "schematics_workspace" {
-  count        = var.prerequisite_workspace_id != null ? 1 : 0
-  workspace_id = var.prerequisite_workspace_id
-  location     = local.location
-}
-
-data "ibm_schematics_output" "schematics_output" {
-  count        = var.prerequisite_workspace_id != null ? 1 : 0
-  workspace_id = var.prerequisite_workspace_id
-  location     = local.location
-  template_id  = data.ibm_schematics_workspace.schematics_workspace[0].runtime_data[0].id
-}
-
 ##############################################################################
 # Locals
 ##############################################################################
@@ -54,7 +23,7 @@ data "ibm_is_ssh_key" "ssh_key" {
 }
 
 data "ibm_is_vpc" "vpc_by_id" {
-  identifier = local.vpc_id
+  identifier = var.vpc_id
 }
 
 data "ibm_is_image" "image" {
@@ -74,19 +43,18 @@ module "vsi" {
   resource_group_id             = data.ibm_is_vpc.vpc_by_id.resource_group
   create_security_group         = true
   prefix                        = "${var.prefix}-vsi"
-  vpc_id                        = local.vpc_id
+  vpc_id                        = var.vpc_id
   subnets                       = var.subnet_names != null ? local.subnets : data.ibm_is_vpc.vpc_by_id.subnets
   tags                          = var.resource_tags
   access_tags                   = var.access_tags
   kms_encryption_enabled        = true
-  skip_iam_authorization_policy = var.skip_iam_authorization_policy
+  skip_iam_authorization_policy = true
   user_data                     = var.user_data
   image_id                      = data.ibm_is_image.image.id
   boot_volume_encryption_key    = var.boot_volume_encryption_key
-  existing_kms_instance_guid    = var.existing_kms_instance_guid
   security_group_ids            = var.security_group_ids
   ssh_key_ids                   = [local.ssh_key_id]
-  machine_type                  = var.machine_type
+  machine_type                  = var.vsi_instance_profile
   vsi_per_subnet                = var.vsi_per_subnet
   security_group                = local.env.security_groups[0]
   load_balancers                = var.load_balancers
diff --git a/patterns/vsi-extension/variables.tf b/patterns/vsi-extension/variables.tf
@@ -1,5 +1,5 @@
 variable "ibmcloud_api_key" {
-  description = "The API key that's associated with the account to provision resources to"
+  description = "The API key that's associated with the account to provision resources to."
   type        = string
   sensitive   = true
 }
@@ -16,20 +16,19 @@ variable "prefix" {
 }
 
 variable "vpc_id" {
-  description = "The ID of the VPC where the VSI will be created."
+  description = "The ID of the VPC where you want to deploy the VSI. [Learn more](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-ext-with-vsi)."
   type        = string
-  default     = null
 }
 
 variable "existing_ssh_key_name" {
-  description = "The ID of the VPC where the VSI will be created."
+  description = "The name of a public SSH key in the region where you want to deploy the VSI. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-ssh-keys). To create an SSH key, use the 'ssh_public_key' input instead."
   type        = string
   default     = null
 }
 
 
 variable "ssh_public_key" {
-  description = "SSH keys to use to provision a VSI. Must be an RSA key with a key size of either 2048 bits or 4096 bits (recommended). If `public_key` is not provided, the named key will be looked up from data. See https://cloud.ibm.com/docs/vpc?topic=vpc-ssh-keys."
+  description = "A public SSH key that does not exist in the region where you want to deploy the VSI. The key must be an RSA key with a key size of either 2048 bits or 4096 bits (recommended). [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-ssh-keys). To use an existing key, specify a value in the `existing_ssh_key_name` input instead."
   type        = string
 
   validation {
@@ -39,75 +38,65 @@ variable "ssh_public_key" {
 }
 
 variable "resource_tags" {
-  description = "A list of tags to add to the VSI, block storage, security group, floating IP, and load balancer created by the module."
+  description = "A list of resource tags to apply to resources created by this solution."
   type        = list(string)
   default     = []
 }
 
 variable "access_tags" {
   type        = list(string)
-  description = "A list of access tags to apply to the VSI resources created by the module."
+  description = "A list of access tags to apply to the VSI resources created by this solution."
   default     = []
 }
 
 variable "image_name" {
-  description = "Image ID used for the VSI. Run the 'ibmcloud is images' CLI command to find available images. The IDs are different in each region."
+  description = "The image ID used for the VSI. You can run the `ibmcloud is images` CLI command to find available images. The IDs are different in each region."
   type        = string
-  default     = "ibm-ubuntu-22-04-2-minimal-amd64-1"
+  default     = "ibm-ubuntu-22-04-3-minimal-amd64-1"
 }
 
-variable "machine_type" {
-  description = "VSI machine type"
+variable "vsi_instance_profile" {
+  description = "The VSI image profile. You can run the `ibmcloud is instance-profiles` CLI command to see available image profiles."
   type        = string
-  default     = "cx2-2x4"
+  default     = "cx2-4x8"
 }
 
 variable "user_data" {
-  description = "User data to initialize VSI deployment."
+  description = "The user data to transfer to the instance. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-user-data)."
   type        = string
   default     = null
 }
 
 variable "boot_volume_encryption_key" {
-  description = "The CRN of the boot volume encryption key."
+  description = "The CRN of the boot volume encryption key. [Learn more](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-ext-with-vsi)."
   type        = string
 }
 
-variable "existing_kms_instance_guid" {
-  description = "The GUID of the KMS instance that holds the key specified in `var.boot_volume_encryption_key`."
-  type        = string
-}
-
-variable "skip_iam_authorization_policy" {
-  type        = bool
-  description = "By default (true), the Landing Zone VPC creates an IAM authorization policy that permits all storage blocks to read the encryption key from the KMS instance. Set to false to create the authorization policy in a different KMS instance, and specify the GUID of the KMS instance in the existing_kms_instance_guid variable."
-  default     = true
-}
-
 variable "vsi_per_subnet" {
-  description = "The number of VSI instances for each subnet."
+  description = "The number of virtual servers to create on each VSI subnet."
   type        = number
   default     = 1
 }
 
 variable "subnet_names" {
-  description = "The subnets to deploy the VSI instances to."
+  description = "A list of subnet names where you want to deploy a VSI. If not specified, the VSI is deployed to all the subnets in the VPC. [Learn more](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-ext-with-vsi)."
   type        = list(string)
-  default = [
-    "vpe-zone-1",
-    "vpe-zone-2",
-    "vpe-zone-3"
-  ]
+  default     = null
+
+  validation {
+    error_message = "subnet_names cannot be an empty list."
+    condition     = var.subnet_names == null ? true : length(var.subnet_names) > 0 ? true : false
+  }
 }
 
 variable "security_group_ids" {
-  description = "IDs of additional security groups to add to the VSI deployment primary interface. A VSI interface can have a maximum of 5 security groups."
+  description = "The IDs of additional security groups to add to the VSI primary network interface (5 or fewer). [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-using-security-groups)."
   type        = list(string)
   default     = []
 }
 
 variable "block_storage_volumes" {
-  description = "The list of block storage volumes to attach to each VSI."
+  description = "The list of block storage volumes to attach to each VSI. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-creating-block-storage&interface=ui#create-from-vsi)."
   type = list(
     object({
       name           = string
@@ -121,13 +110,13 @@ variable "block_storage_volumes" {
 }
 
 variable "enable_floating_ip" {
-  description = "Set to `true` to create a floating IP for each virtual server."
+  description = "Whether to create a floating IP for each virtual server."
   type        = bool
   default     = false
 }
 
 variable "placement_group_id" {
-  description = "Unique Identifier of the Placement Group for restricting the placement of the instance, default behaviour is placement on any host"
+  description = "Unique ID of the Placement Group for restricting the placement of the instance. If not specified (the default), the VSI are placed on any host. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-about-placement-groups-for-vpc)."
   type        = string
   default     = null
 }
@@ -183,15 +172,3 @@ variable "load_balancers" {
   )
   default = []
 }
-
-variable "prerequisite_workspace_id" {
-  type        = string
-  description = "IBM Cloud Schematics workspace ID of the prerequisite IBM VPC landing zone. If you do not have an existing deployment yet, create a new architecture using the same catalog tile."
-  default     = null
-}
-
-variable "existing_vpc_name" {
-  type        = string
-  description = "Name of the VPC to be used for deploying the VSI from the list of VPCs retrived from the IBM Cloud Schematics workspace."
-  default     = null
-}
diff --git a/reference-architectures/vsi-extension.drawio.svg b/reference-architectures/vsi-extension.drawio.svg
diff --git a/tests/pr_test.go b/tests/pr_test.go
@@ -3,14 +3,15 @@ package test
 import (
 	"encoding/json"
 	"fmt"
-	tfjson "github.com/hashicorp/terraform-json"
 	"io/fs"
 	"log"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
 
+	tfjson "github.com/hashicorp/terraform-json"
+
 	"github.com/gruntwork-io/terratest/modules/files"
 	"github.com/gruntwork-io/terratest/modules/logger"
 	"github.com/gruntwork-io/terratest/modules/random"
@@ -574,7 +575,6 @@ func TestRunVsiExtention(t *testing.T) {
 			TerraformVars: map[string]interface{}{
 				"prefix":                     prefix,
 				"region":                     region,
-				"existing_kms_instance_guid": terraform.Output(t, existingTerraformOptions, "key_management_guid"),
 				"boot_volume_encryption_key": keyID,
 				"vpc_id":                     managementVpcID,
 				"ssh_public_key":             sshPublicKey,
