feat: removed support for passing the string latest for ocp/kube version to ensure an untested version cannot be used (#692)

Author: shemau

README.md

@@ -901,7 +901,7 @@ module "cluster_pattern" {
 |------|-------------|------|---------|:--------:|
 | <a name="input_appid"></a> [appid](#input\_appid) | The App ID instance to be used for the teleport vsi deployments | <pre>object({<br>    name           = optional(string)<br>    resource_group = optional(string)<br>    use_data       = optional(bool)<br>    keys           = optional(list(string))<br>    use_appid      = bool<br>  })</pre> | <pre>{<br>  "use_appid": false<br>}</pre> | no |
 | <a name="input_atracker"></a> [atracker](#input\_atracker) | atracker variables | <pre>object({<br>    resource_group        = string<br>    receive_global_events = bool<br>    collector_bucket_name = string<br>    add_route             = bool<br>  })</pre> | n/a | yes |
-| <a name="input_clusters"></a> [clusters](#input\_clusters) | A list describing clusters workloads to create | <pre>list(<br>    object({<br>      name                 = string           # Name of Cluster<br>      vpc_name             = string           # Name of VPC<br>      subnet_names         = list(string)     # List of vpc subnets for cluster<br>      workers_per_subnet   = number           # Worker nodes per subnet.<br>      machine_type         = string           # Worker node flavor<br>      kube_type            = string           # iks or openshift<br>      kube_version         = optional(string) # Can be a version from `ibmcloud ks versions`, `latest` or `default`<br>      entitlement          = optional(string) # entitlement option for openshift<br>      secondary_storage    = optional(string) # Secondary storage type<br>      pod_subnet           = optional(string) # Portable subnet for pods<br>      service_subnet       = optional(string) # Portable subnet for services<br>      resource_group       = string           # Resource Group used for cluster<br>      cos_name             = optional(string) # Name of COS instance Required only for OpenShift clusters<br>      access_tags          = optional(list(string), [])<br>      boot_volume_crk_name = optional(string) # Boot volume encryption key name<br>      kms_config = optional(<br>        object({<br>          crk_name         = string         # Name of key<br>          private_endpoint = optional(bool) # Private endpoint<br>        })<br>      )<br>      worker_pools = optional(<br>        list(<br>          object({<br>            name                 = string           # Worker pool name<br>            vpc_name             = string           # VPC name<br>            workers_per_subnet   = number           # Worker nodes per subnet<br>            flavor               = string           # Worker node flavor<br>            subnet_names         = list(string)     # List of vpc subnets for worker pool<br>            entitlement          = optional(string) # entitlement option for openshift<br>            secondary_storage    = optional(string) # Secondary storage type<br>            boot_volume_crk_name = optional(string) # Boot volume encryption key name<br>          })<br>        )<br>      )<br>    })<br>  )</pre> | n/a | yes |
+| <a name="input_clusters"></a> [clusters](#input\_clusters) | A list describing clusters workloads to create | <pre>list(<br>    object({<br>      name                 = string           # Name of Cluster<br>      vpc_name             = string           # Name of VPC<br>      subnet_names         = list(string)     # List of vpc subnets for cluster<br>      workers_per_subnet   = number           # Worker nodes per subnet.<br>      machine_type         = string           # Worker node flavor<br>      kube_type            = string           # iks or openshift<br>      kube_version         = optional(string) # Can be a version from `ibmcloud ks versions` or `default`<br>      entitlement          = optional(string) # entitlement option for openshift<br>      secondary_storage    = optional(string) # Secondary storage type<br>      pod_subnet           = optional(string) # Portable subnet for pods<br>      service_subnet       = optional(string) # Portable subnet for services<br>      resource_group       = string           # Resource Group used for cluster<br>      cos_name             = optional(string) # Name of COS instance Required only for OpenShift clusters<br>      access_tags          = optional(list(string), [])<br>      boot_volume_crk_name = optional(string) # Boot volume encryption key name<br>      kms_config = optional(<br>        object({<br>          crk_name         = string         # Name of key<br>          private_endpoint = optional(bool) # Private endpoint<br>        })<br>      )<br>      worker_pools = optional(<br>        list(<br>          object({<br>            name                 = string           # Worker pool name<br>            vpc_name             = string           # VPC name<br>            workers_per_subnet   = number           # Worker nodes per subnet<br>            flavor               = string           # Worker node flavor<br>            subnet_names         = list(string)     # List of vpc subnets for worker pool<br>            entitlement          = optional(string) # entitlement option for openshift<br>            secondary_storage    = optional(string) # Secondary storage type<br>            boot_volume_crk_name = optional(string) # Boot volume encryption key name<br>          })<br>        )<br>      )<br>    })<br>  )</pre> | n/a | yes |
 | <a name="input_cos"></a> [cos](#input\_cos) | Object describing the cloud object storage instance, buckets, and keys. Set `use_data` to false to create instance | <pre>list(<br>    object({<br>      name           = string<br>      use_data       = optional(bool)<br>      resource_group = string<br>      plan           = optional(string)<br>      random_suffix  = optional(bool) # Use a random suffix for COS instance<br>      access_tags    = optional(list(string), [])<br>      buckets = list(object({<br>        name                  = string<br>        storage_class         = string<br>        endpoint_type         = string<br>        force_delete          = bool<br>        single_site_location  = optional(string)<br>        region_location       = optional(string)<br>        cross_region_location = optional(string)<br>        kms_key               = optional(string)<br>        access_tags           = optional(list(string), [])<br>        allowed_ip            = optional(list(string))<br>        hard_quota            = optional(number)<br>        archive_rule = optional(object({<br>          days    = number<br>          enable  = bool<br>          rule_id = optional(string)<br>          type    = string<br>        }))<br>        expire_rule = optional(object({<br>          days                         = optional(number)<br>          date                         = optional(string)<br>          enable                       = bool<br>          expired_object_delete_marker = optional(string)<br>          prefix                       = optional(string)<br>          rule_id                      = optional(string)<br>        }))<br>        activity_tracking = optional(object({<br>          activity_tracker_crn = string<br>          read_data_events     = bool<br>          write_data_events    = bool<br>        }))<br>        metrics_monitoring = optional(object({<br>          metrics_monitoring_crn  = string<br>          request_metrics_enabled = optional(bool)<br>          usage_metrics_enabled   = optional(bool)<br>        }))<br>      }))<br>      keys = optional(<br>        list(object({<br>          name        = string<br>          role        = string<br>          enable_HMAC = bool<br>        }))<br>      )<br><br>    })<br>  )</pre> | n/a | yes |
 | <a name="input_enable_transit_gateway"></a> [enable\_transit\_gateway](#input\_enable\_transit\_gateway) | Create transit gateway | `bool` | `true` | no |
 | <a name="input_f5_template_data"></a> [f5\_template\_data](#input\_f5\_template\_data) | Data for all f5 templates | <pre>object({<br>    tmos_admin_password     = optional(string)<br>    license_type            = optional(string)<br>    byol_license_basekey    = optional(string)<br>    license_host            = optional(string)<br>    license_username        = optional(string)<br>    license_password        = optional(string)<br>    license_pool            = optional(string)<br>    license_sku_keyword_1   = optional(string)<br>    license_sku_keyword_2   = optional(string)<br>    license_unit_of_measure = optional(string)<br>    do_declaration_url      = optional(string)<br>    as3_declaration_url     = optional(string)<br>    ts_declaration_url      = optional(string)<br>    phone_home_url          = optional(string)<br>    template_source         = optional(string)<br>    template_version        = optional(string)<br>    app_id                  = optional(string)<br>    tgactive_url            = optional(string)<br>    tgstandby_url           = optional(string)<br>    tgrefresh_url           = optional(string)<br>  })</pre> | <pre>{<br>  "license_type": "none"<br>}</pre> | no |

cluster.tf

@@ -22,10 +22,6 @@ data "ibm_iam_account_settings" "iam_account_settings" {}
 locals {
   worker_pools_map = module.dynamic_values.worker_pools_map # Convert list to map
   clusters_map     = module.dynamic_values.clusters_map     # Convert list to map
-  latest_kube_version = {
-    openshift = "${data.ibm_container_cluster_versions.cluster_versions.valid_openshift_versions[length(data.ibm_container_cluster_versions.cluster_versions.valid_openshift_versions) - 1]}_openshift"
-    iks       = data.ibm_container_cluster_versions.cluster_versions.valid_kube_versions[length(data.ibm_container_cluster_versions.cluster_versions.valid_kube_versions) - 1]
-  }
   default_kube_version = {
     openshift = "${data.ibm_container_cluster_versions.cluster_versions.default_openshift_version}_openshift"
     iks       = data.ibm_container_cluster_versions.cluster_versions.default_kube_version
@@ -47,12 +43,10 @@ resource "ibm_container_vpc_cluster" "cluster" {
   flavor            = each.value.machine_type
   worker_count      = each.value.workers_per_subnet
   # if version is default or null then use default
-  # if version is latest then use latest
   # otherwise use value
   kube_version = (
     lookup(each.value, "kube_version", null) == "default" || lookup(each.value, "kube_version", null) == null
-    ? local.default_kube_version[each.value.kube_type]
-    : (lookup(each.value, "kube_version", null) == "latest" ? local.latest_kube_version[each.value.kube_type] : each.value.kube_version)
+    ? local.default_kube_version[each.value.kube_type] : each.value.kube_version
   )
   tags              = var.tags
   wait_till         = var.wait_till

patterns/mixed/variables.tf

@@ -166,9 +166,9 @@ variable "cluster_zones" {
 }
 
 variable "kube_version" {
-  description = "Kubernetes version to use for cluster. To get available versions, use the IBM Cloud CLI command `ibmcloud ks versions`. To use the latest version, leave as latest. Updates to the latest versions may force this to change."
+  description = "The version of the OpenShift cluster that should be provisioned (format 4.x). This is only used during initial cluster provisioning, but ignored for future updates. Supports passing the string 'default' (current IKS default recommended version). If no value is passed, it will default to 'default'."
   type        = string
-  default     = "latest"
+  default     = "default"
 }
 
 variable "flavor" {

patterns/roks/module/variables.tf

@@ -119,7 +119,7 @@ variable "cluster_zones" {
 }
 
 variable "kube_version" {
-  description = "Kubernetes version to use for cluster. To get available versions, use the IBM Cloud CLI command `ibmcloud ks versions`. Also supports passing the string 'latest' (current latest available version) or 'default' (current IKS default recommended version)."
+  description = "Kubernetes version to use for cluster. To get available versions, use the IBM Cloud CLI command `ibmcloud ks versions`. Also supports passing the string 'default' (current IKS default recommended version)."
   type        = string
   default     = "default"
 }

patterns/roks/variables.tf

@@ -125,7 +125,7 @@ variable "cluster_zones" {
 }
 
 variable "kube_version" {
-  description = "The version of the OpenShift cluster that should be provisioned. Current supported values are '4.12_openshift' (default), '4.11_openshift', or '4.10_openshift'. NOTE: This is only used during initial cluster provisioning, but ignored for future updates. Cluster version updates should be done outside of terraform to prevent possible destructive changes."
+  description = "The version of the OpenShift cluster that should be provisioned. Current supported values are '4.14_openshift', '4.13_openshift', or '4.12_openshift'. NOTE: This is only used during initial cluster provisioning, but ignored for future updates. Cluster version updates should be done outside of terraform to prevent possible destructive changes."
   type        = string
   default     = "4.14_openshift"
   validation {

variables.tf

@@ -809,7 +809,7 @@ variable "clusters" {
       workers_per_subnet   = number           # Worker nodes per subnet.
       machine_type         = string           # Worker node flavor
       kube_type            = string           # iks or openshift
-      kube_version         = optional(string) # Can be a version from `ibmcloud ks versions`, `latest` or `default`
+      kube_version         = optional(string) # Can be a version from `ibmcloud ks versions` or `default`
       entitlement          = optional(string) # entitlement option for openshift
       secondary_storage    = optional(string) # Secondary storage type
       pod_subnet           = optional(string) # Portable subnet for pods