From ada7a3b58b23ba18334d8871831d2f439ed59f73 Mon Sep 17 00:00:00 2001 From: ocofaigh Date: Fri, 24 Oct 2025 11:48:03 +0100 Subject: [PATCH 1/2] chore: remove VSI extension DA --- .catalog-onboard-pipeline.yaml | 9 - README.md | 6 - ibm_catalog.json | 177 ------ tests/pr_test.go | 181 ------ tests/resources/override-example.json | 524 ------------------ tests/resources/slz-vpc/README.md | 1 - tests/resources/slz-vpc/main.tf | 12 - tests/resources/slz-vpc/outputs.tf | 35 -- tests/resources/slz-vpc/provider.tf | 4 - tests/resources/slz-vpc/variables.tf | 23 - tests/resources/slz-vpc/version.tf | 9 - .../post-validation-destroy-slz-vpc.sh | 19 - .../scripts/pre-validation-deploy-slz-vpc.sh | 64 --- 13 files changed, 1064 deletions(-) delete mode 100644 tests/resources/override-example.json delete mode 100644 tests/resources/slz-vpc/README.md delete mode 100644 tests/resources/slz-vpc/main.tf delete mode 100644 tests/resources/slz-vpc/outputs.tf delete mode 100644 tests/resources/slz-vpc/provider.tf delete mode 100644 tests/resources/slz-vpc/variables.tf delete mode 100644 tests/resources/slz-vpc/version.tf delete mode 100755 tests/scripts/post-validation-destroy-slz-vpc.sh delete mode 100755 tests/scripts/pre-validation-deploy-slz-vpc.sh diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index ffbed78b7..4b2eaa547 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -17,15 +17,6 @@ offerings: scc: instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37 region: us-south - - name: existing-vpc - mark_ready: false - install_type: extension - validation_type: schematics - pre_validation: "tests/scripts/pre-validation-deploy-slz-vpc.sh" - post_validation: "tests/scripts/post-validation-destroy-slz-vpc.sh" - scc: - instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37 - region: us-south - name: deploy-arch-ibm-slz-vpc kind: solution catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd diff --git a/README.md b/README.md index 4c84ce2e8..261a37e36 100644 --- a/README.md +++ b/README.md @@ -44,12 +44,6 @@ For more information about the default configuration, see [Default Secure Landin * [Contributing](#contributing) -## Reference architectures -- [VPC landing zone - Standard variation](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-vpc-ra) -- [VSI on VPC landing zone - Standard variation](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-vsi-ra) -- [VSI on VPC landing zone - QuickStart variation](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-vsi-ra-qs) -- [Red Hat OpenShift Container Platform on VPC landing zone](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-ocp-ra) - ## terraform-ibm-landing-zone Complete the following steps before you deploy the Secure Landing Zone module. diff --git a/ibm_catalog.json b/ibm_catalog.json index a4f34eec8..e66f8daee 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -596,183 +596,6 @@ }, "terraform_version": "1.10.5", "dependency_version_2": true - }, - { - "label": "Existing VPC", - "name": "existing-vpc", - "index": 5, - "install_type": "fullstack", - "working_directory": "patterns/vsi-extension", - "release_notes_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-secure-infrastructure-vpc-relnotes", - "dependencies": [ - { - "flavors": [ - "standard" - ], - "id": "95fccffc-ae3b-42df-b6d9-80be5914d852-global", - "name": "deploy-arch-ibm-slz-ocp", - "version": ">=1.0.0", - "optional": false - }, - { - "flavors": [ - "standard" - ], - "id": "9fc0fa64-27af-4fed-9dce-47b3640ba739-global", - "name": "deploy-arch-ibm-slz-vpc", - "version": ">=1.0.0" - } - ], - "compliance": { - "authority": "scc-v3", - "profiles": [ - { - "profile_name": "IBM Cloud Framework for Financial Services", - "profile_version": "1.7.0" - } - ] - }, - "configuration": [ - { - "key": "ssh_public_key", - "required": true, - "value_constraints": [ - { - "type": "regex", - "description": "The value provided for 'ssh_public_key' is not valid.", - "value": "^__NULL__$|^ssh-rsa AAAA[0-9A-Za-z+/]+[=]{0,3} ?([^@]+@[^@]+)?" - } - ] - }, - { - "custom_config": { - "config_constraints": { - "generationType": "2" - }, - "grouping": "deployment", - "original_grouping": "deployment", - "type": "vpc_region" - }, - "key": "region", - "required": true - }, - { - "key": "ibmcloud_api_key" - }, - { - "key": "prefix", - "required": true, - "type": "string", - "default_value": "dev", - "random_string": { - "length": 4 - } - }, - { - "key": "vpc_id" - }, - { - "key": "existing_ssh_key_name" - }, - { - "key": "resource_tags", - "custom_config": { - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } - } - }, - { - "key": "access_tags", - "custom_config": { - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } - } - }, - { - "key": "image_name" - }, - { - "key": "vsi_instance_profile" - }, - { - "key": "user_data" - }, - { - "key": "boot_volume_encryption_key" - }, - { - "key": "vsi_per_subnet" - }, - { - "key": "subnet_names" - }, - { - "key": "security_group_ids" - }, - { - "key": "block_storage_volumes" - }, - { - "key": "skip_iam_authorization_policy" - }, - { - "key": "enable_floating_ip" - }, - { - "key": "placement_group_id" - }, - { - "key": "load_balancers" - }, - { - "key": "primary_vni_additional_ip_count" - }, - { - "key": "use_legacy_network_interface" - }, - { - "key": "allow_ip_spoofing" - } - ], - "iam_permissions": [ - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator" - ], - "service_name": "is.vpc", - "notes": "Required to create Virtual Private Cloud(VPC)." - } - ], - "architecture": { - "features": [ - { - "title": " ", - "description": "Ideal for extending existing VPC environments" - }, - { - "title": " ", - "description": "Validated configuration that enhances resiliency and security while aligning with financial services compliance requirements." - } - ], - "diagrams": [ - { - "diagram": { - "caption": "Virtual Server Instance topology - VSI on existing VPC", - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vsi-vsi.drawio.svg", - "type": "image/svg+xml" - }, - "description": "This variation is aligned to the IBM Cloud for Financial Services reference architecture. It provisions Virtual Server Instances (VSIs) in every subnet across multiple availability zones, delivering a resilient and secure multizone infrastructure to run your workloads.

The extension integrates Key Management to strengthen security of sensitive data and uses Activity Tracker with Flow Logs to collect and store Internet Protocol (IP) traffic data. A transit gateway connects the Management and Workload VPCs, while Virtual Private Endpoints (VPEs) provide private access to IBM Cloud services. Secure connectivity to enterprise environments is enabled through a site-to-site VPN, and CBR (Context-based restrictions) rules manage traffic flows to approved services.

This variation avoids the use of floating IPs for internet access, relying instead on private and controlled connections. It simplifies risk management and demonstrates regulatory compliance for Financial Services scenarios." - } - ] - }, - "terraform_version": "1.10.5", - "dependency_version_2": true } ] }, diff --git a/tests/pr_test.go b/tests/pr_test.go index 4e72dced8..6f5ca6c24 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -1,7 +1,6 @@ package test import ( - "encoding/json" "fmt" "io/fs" "log" @@ -10,9 +9,7 @@ import ( "strings" "testing" - "github.com/gruntwork-io/terratest/modules/files" "github.com/gruntwork-io/terratest/modules/logger" - "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/cloudinfo" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/common" @@ -428,63 +425,6 @@ func setupOptionsSchematics(t *testing.T, prefix string, dir string) *testschema return options } -func setupOptionsVsiExstention(t *testing.T, prefix string, region string, existingTerraformOptions *terraform.Options) *testhelper.TestOptions { - - sshPublicKey := sshPublicKey(t) - outputVpcJson := terraform.OutputJson(t, existingTerraformOptions, "vpc_data") - - var managementVpcID string - var vpcs []struct { - VpcID string `json:"vpc_id"` - VpcName string `json:"vpc_name"` - } - // Unmarshal the JSON data into the struct - if err := json.Unmarshal([]byte(outputVpcJson), &vpcs); err != nil { - fmt.Println(err) - return nil - } - // Loop through the vpcs and find the vpc_id when vpc_name is "-management" - for _, vpc := range vpcs { - if vpc.VpcName == fmt.Sprintf("%s-management", prefix) { - managementVpcID = vpc.VpcID - } - } - - outputKeysJson := terraform.OutputJson(t, existingTerraformOptions, "key_map") - var keyID string - var keys map[string]map[string]string - // Unmarshal the JSON data into the map - if err := json.Unmarshal([]byte(outputKeysJson), &keys); err != nil { - fmt.Println(err) - return nil - } - - // Extract the key_id for the name "test-vsi-volume-key." - if keyData, ok := keys[fmt.Sprintf("%s-vsi-volume-key", prefix)]; ok { - keyID = keyData["crn"] - } else { - fmt.Println("Name 'test-vsi-volume-key' not found in the JSON data.") - } - // ------------------------------------------------------------------------------------ - // Deploy landing-zone extension - // ------------------------------------------------------------------------------------ - options := testhelper.TestOptionsDefault(&testhelper.TestOptions{ - Testing: t, - TerraformDir: "patterns/vsi-extension", - // Do not hard fail the test if the implicit destroy steps fail to allow a full destroy of resource to occur - ImplicitRequired: false, - TerraformVars: map[string]interface{}{ - "prefix": prefix, - "region": region, - "boot_volume_encryption_key": keyID, - "vpc_id": managementVpcID, - "ssh_public_key": sshPublicKey, - }, - }) - - return options -} - /*************************************************************************** SCHEMATICS TESTS These schematics tests will only be run if the "RUN_SCHEMATICS_TESTS" @@ -598,127 +538,6 @@ func TestRunVPCPatternSchematics(t *testing.T) { assert.NoError(t, err, "Schematic Test had unexpected error") } -func TestRunVsiExstention(t *testing.T) { - t.Parallel() - - // ------------------------------------------------------------------------------------ - // Deploy SLZ VPC first since it is needed for the landing-zone extension input - // ------------------------------------------------------------------------------------ - - prefix := fmt.Sprintf("vsi-slz-%s", strings.ToLower(random.UniqueId())) - realTerraformDir := ".." - tempTerraformDir, _ := files.CopyTerraformFolderToTemp(realTerraformDir, fmt.Sprintf(prefix+"-%s", strings.ToLower(random.UniqueId()))) - vpcTerraformDir := realTerraformDir + "/patterns/vpc" - tags := common.GetTagsFromTravis() - - // Verify ibmcloud_api_key variable is set - checkVariable := "TF_VAR_ibmcloud_api_key" - val, present := os.LookupEnv(checkVariable) - require.True(t, present, checkVariable+" environment variable not set") - require.NotEqual(t, "", val, checkVariable+" environment variable is empty") - - // Programmatically determine region to use based on availability - region, _ := testhelper.GetBestVpcRegion(val, "../common-dev-assets/common-go-assets/cloudinfo-region-vpc-gen2-prefs.yaml", "eu-de") - - logger.Log(t, "Tempdir: ", tempTerraformDir) - existingTerraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ - TerraformDir: vpcTerraformDir, - Vars: map[string]interface{}{ - "prefix": prefix, - "region": region, - "tags": tags, - "enable_transit_gateway": false, - }, - // Set Upgrade to true to ensure latest version of providers and modules are used by terratest. - // This is the same as setting the -upgrade=true flag with terraform. - Upgrade: true, - }) - - terraform.WorkspaceSelectOrNew(t, existingTerraformOptions, prefix) - _, existErr := terraform.InitAndApplyE(t, existingTerraformOptions) - if existErr != nil { - assert.True(t, existErr == nil, "Init and Apply of temp existing resource failed") - } else { - options := setupOptionsVsiExstention(t, prefix, region, existingTerraformOptions) - output, err := options.RunTestConsistency() - assert.Nil(t, err, "This should not have errored") - assert.NotNil(t, output, "Expected some output") - } - - // Check if "DO_NOT_DESTROY_ON_FAILURE" is set - envVal, _ := os.LookupEnv("DO_NOT_DESTROY_ON_FAILURE") - // Destroy the temporary existing resources if required - if t.Failed() && strings.ToLower(envVal) == "true" { - fmt.Println("Terratest failed. Debug the test and delete resources manually.") - } else { - logger.Log(t, "START: Destroy (existing resources)") - // ignore resource groups when destroying - terraform.RunTerraformCommand(t, existingTerraformOptions, "state", "rm", "module.vpc_landing_zone.module.landing_zone.ibm_resource_group.resource_groups") - terraform.Destroy(t, existingTerraformOptions) - terraform.WorkspaceDelete(t, existingTerraformOptions, prefix) - logger.Log(t, "END: Destroy (existing resources)") - } -} - -func TestRunUpgradeVsiExstention(t *testing.T) { - // ------------------------------------------------------------------------------------ - // Deploy SLZ VPC first since it is needed for the landing-zone extension input - // ------------------------------------------------------------------------------------ - - prefix := fmt.Sprintf("vsi-upg-%s", strings.ToLower(random.UniqueId())) - realTerraformDir := ".." - tempTerraformDir, _ := files.CopyTerraformFolderToTemp(realTerraformDir, fmt.Sprintf(prefix+"-%s", strings.ToLower(random.UniqueId()))) - vpcTerraformDir := realTerraformDir + "/patterns/vpc" - tags := common.GetTagsFromTravis() - - // Verify ibmcloud_api_key variable is set - checkVariable := "TF_VAR_ibmcloud_api_key" - val, present := os.LookupEnv(checkVariable) - require.True(t, present, checkVariable+" environment variable not set") - require.NotEqual(t, "", val, checkVariable+" environment variable is empty") - - // Programmatically determine region to use based on availability - region, _ := testhelper.GetBestVpcRegion(val, "../common-dev-assets/common-go-assets/cloudinfo-region-vpc-gen2-prefs.yaml", "eu-de") - - logger.Log(t, "Tempdir: ", tempTerraformDir) - existingTerraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ - TerraformDir: vpcTerraformDir, - Vars: map[string]interface{}{ - "prefix": prefix, - "region": region, - "tags": tags, - }, - // Set Upgrade to true to ensure latest version of providers and modules are used by terratest. - // This is the same as setting the -upgrade=true flag with terraform. - Upgrade: true, - }) - - terraform.WorkspaceSelectOrNew(t, existingTerraformOptions, prefix) - _, existErr := terraform.InitAndApplyE(t, existingTerraformOptions) - if existErr != nil { - assert.True(t, existErr == nil, "Init and Apply of temp existing resource failed") - } else { - options := setupOptionsVsiExstention(t, prefix, region, existingTerraformOptions) - output, err := options.RunTestUpgrade() - if !options.UpgradeTestSkipped { - assert.Nil(t, err, "This should not have errored") - assert.NotNil(t, output, "Expected some output") - } - } - - // Check if "DO_NOT_DESTROY_ON_FAILURE" is set - envVal, _ := os.LookupEnv("DO_NOT_DESTROY_ON_FAILURE") - // Destroy the temporary existing resources if required - if t.Failed() && strings.ToLower(envVal) == "true" { - fmt.Println("Terratest failed. Debug the test and delete resources manually.") - } else { - logger.Log(t, "START: Destroy (existing resources)") - terraform.Destroy(t, existingTerraformOptions) - terraform.WorkspaceDelete(t, existingTerraformOptions, prefix) - logger.Log(t, "END: Destroy (existing resources)") - } -} - func TestRunOverrideExample(t *testing.T) { t.Parallel() diff --git a/tests/resources/override-example.json b/tests/resources/override-example.json deleted file mode 100644 index e880f0b46..000000000 --- a/tests/resources/override-example.json +++ /dev/null @@ -1,524 +0,0 @@ -{ - "appid": { - "keys": [ - "slz-appid-key" - ], - "name": "slz-appid", - "resource_group": "slz-service-rg", - "use_appid": false, - "use_data": false - }, - "clusters": [ - { - "cos_name": "cos", - "entitlement": "cloud_pak", - "kube_type": "openshift", - "kube_version": "default", - "machine_type": "bx2.16x64", - "name": "workload-cluster", - "secondary_storage": "300gb.5iops-tier", - "resource_group": "slz-work-rg", - "operating_system": "RHCOS", - "use_ibm_cloud_private_api_endpoints": false, - "verify_cluster_network_readiness": false, - "kms_config": { - "crk_name": "slz-key", - "private_endpoint": true - }, - "subnet_names": [ - "vsi-zone-1", - "vsi-zone-2", - "vsi-zone-3" - ], - "vpc_name": "workload", - "worker_pools": [ - { - "entitlement": "cloud_pak", - "flavor": "bx2.16x64", - "name": "logging-worker-pool", - "secondary_storage": "300gb.5iops-tier", - "operating_system": "RHCOS", - "subnet_names": [ - "vsi-zone-1", - "vsi-zone-2", - "vsi-zone-3" - ], - "vpc_name": "workload", - "workers_per_subnet": 2 - } - ], - "workers_per_subnet": 2 - } - ], - "enable_transit_gateway": true, - "transit_gateway_global": false, - "transit_gateway_connections": [ - "management", - "workload", - "edge" - ], - "transit_gateway_resource_group": "slz-service-rg", - "virtual_private_endpoints": [ - { - "access_tags": [], - "resource_group": "slz-service-rg", - "service_name": "cos", - "service_type": "cloud-object-storage", - "vpcs": [ - { - "name": "management", - "subnets": [ - "vpe-zone-1" - ] - }, - { - "name": "workload", - "subnets": [ - "vpe-zone-1" - ] - } - ] - } - ], - "service_endpoints": "public-and-private", - "existing_vpc_cbr_zone_id": null, - "security_groups": [], - "vpn_gateways": [ - { - "access_tags": [], - "connections": [], - "name": "management-gateway", - "resource_group": "slz-management-rg", - "subnet_name": "vpn-zone-1", - "vpc_name": "management" - } - ], - "atracker": { - "collector_bucket_name": "atracker-bucket", - "receive_global_events": true, - "resource_group": "slz-service-rg", - "add_route": true - }, - "cos": [ - { - "access_tags": [], - "buckets": [ - { - "access_tags": [], - "endpoint_type": "public", - "force_delete": true, - "kms_key": "slz-atracker-key", - "name": "atracker-bucket", - "storage_class": "standard", - "expire_rule": { - "rule_id": "a-bucket-expire-rule", - "enable": true, - "days": 30, - "prefix": "logs/" - }, - "archive_rule": { - "rule_id": "a-bucket-arch-rule", - "enable": true, - "days": 0, - "type": "Glacier" - } - } - ], - "keys": [ - { - "name": "cos-bind-key", - "role": "Writer", - "enable_HMAC": false - } - ], - "name": "atracker-cos", - "plan": "standard", - "random_suffix": true, - "resource_group": "slz-service-rg", - "use_data": false - }, - { - "access_tags": [], - "buckets": [ - { - "access_tags": [], - "endpoint_type": "public", - "force_delete": true, - "kms_key": "slz-key", - "name": "management-bucket", - "storage_class": "standard" - }, - { - "access_tags": [], - "endpoint_type": "public", - "force_delete": true, - "kms_key": "slz-key", - "name": "workload-bucket", - "storage_class": "standard" - }, - { - "access_tags": [], - "endpoint_type": "public", - "force_delete": true, - "kms_key": "slz-key", - "name": "edge-bucket", - "storage_class": "standard" - } - ], - "keys": [], - "name": "cos", - "plan": "standard", - "random_suffix": true, - "resource_group": "slz-service-rg", - "use_data": false - } - ], - "key_management": { - "access_tags": [], - "keys": [ - { - "key_ring": "slz-slz-ring", - "name": "slz-key", - "root_key": true - }, - { - "key_ring": "slz-slz-ring", - "name": "slz-atracker-key", - "root_key": true - }, - { - "key_ring": "slz-slz-ring", - "name": "slz-vsi-volume-key", - "root_key": true - } - ], - "name": "slz-kms", - "resource_group": "slz-service-rg", - "use_hs_crypto": false, - "service_endpoints": "public-and-private" - }, - "resource_groups": [ - { - "create": true, - "name": "slz-service-rg", - "use_prefix": true - }, - { - "create": true, - "name": "slz-management-rg", - "use_prefix": true - }, - { - "create": true, - "name": "slz-work-rg", - "use_prefix": true - }, - { - "create": true, - "name": "slz-edge-rg", - "use_prefix": true - } - ], - "network_cidr": "10.0.0.0/8", - "vpcs": [ - { - "access_tags": [], - "address_prefixes": { - "zone-1": [], - "zone-2": [], - "zone-3": [] - }, - "default_security_group_rules": [], - "clean_default_security_group": true, - "clean_default_acl": true, - "flow_logs_bucket_name": null, - "network_acls": [ - { - "name": "management-acl", - "rules": [ - { - "action": "allow", - "destination": "0.0.0.0/0", - "direction": "inbound", - "name": "allow-all-inbound", - "source": "0.0.0.0/0" - }, - { - "action": "allow", - "destination": "0.0.0.0/0", - "direction": "outbound", - "name": "allow-all-outbound", - "source": "0.0.0.0/0" - } - ] - } - ], - "prefix": "management", - "resource_group": "slz-management-rg", - "subnets": { - "zone-1": [ - { - "acl_name": "management-acl", - "cidr": "10.10.10.0/24", - "name": "vsi-zone-1", - "public_gateway": false - }, - { - "acl_name": "management-acl", - "cidr": "10.10.20.0/24", - "name": "vpe-zone-1", - "public_gateway": false - }, - { - "acl_name": "management-acl", - "cidr": "10.10.30.0/24", - "name": "vpn-zone-1", - "public_gateway": false - } - ], - "zone-2": null, - "zone-3": null - }, - "use_public_gateways": { - "zone-1": false, - "zone-2": false, - "zone-3": false - } - }, - { - "address_prefixes": { - "zone-1": [], - "zone-2": [], - "zone-3": [] - }, - "default_security_group_rules": [], - "clean_default_security_group": true, - "clean_default_acl": true, - "flow_logs_bucket_name": null, - "network_acls": [ - { - "name": "workload-acl", - "rules": [ - { - "action": "allow", - "destination": "0.0.0.0/0", - "direction": "inbound", - "name": "allow-all-inbound", - "source": "0.0.0.0/0" - }, - { - "action": "allow", - "destination": "0.0.0.0/0", - "direction": "outbound", - "name": "allow-all-outbound", - "source": "0.0.0.0/0" - } - ] - } - ], - "prefix": "workload", - "resource_group": "slz-work-rg", - "subnets": { - "zone-1": [ - { - "acl_name": "workload-acl", - "cidr": "10.20.10.0/24", - "name": "vsi-zone-1", - "public_gateway": true - }, - { - "acl_name": "workload-acl", - "cidr": "10.20.20.0/24", - "name": "vpe-zone-1", - "public_gateway": false - } - ], - "zone-2": null, - "zone-3": null - }, - "use_public_gateways": { - "zone-1": false, - "zone-2": false, - "zone-3": false - } - }, - { - "address_prefixes": { - "zone-1": [], - "zone-2": [], - "zone-3": [] - }, - "default_security_group_rules": [], - "clean_default_security_group": true, - "clean_default_acl": true, - "flow_logs_bucket_name": null, - "network_acls": [ - { - "name": "edge-acl", - "rules": [ - { - "action": "allow", - "destination": "0.0.0.0/0", - "direction": "inbound", - "name": "allow-all-inbound", - "source": "0.0.0.0/0" - }, - { - "action": "allow", - "destination": "0.0.0.0/0", - "direction": "outbound", - "name": "allow-all-outbound", - "source": "0.0.0.0/0" - } - ] - } - ], - "prefix": "edge", - "resource_group": "slz-edge-rg", - "subnets": { - "zone-1": [ - { - "acl_name": "edge-acl", - "cidr": "10.30.10.0/24", - "name": "vsi-zone-1", - "public_gateway": true - }, - { - "acl_name": "edge-acl", - "cidr": "10.30.20.0/24", - "name": "vpe-zone-1", - "public_gateway": false - } - ], - "zone-2": null, - "zone-3": null - }, - "use_public_gateways": { - "zone-1": true, - "zone-2": false, - "zone-3": false - } - } - ], - "vsi": [ - { - "access_tags": [], - "boot_volume_encryption_key_name": "slz-vsi-volume-key", - "image_name": "ibm-ubuntu-24-04-6-minimal-amd64-2", - "machine_type": "cx2-2x4", - "name": "jump-box", - "resource_group": "slz-management-rg", - "enable_floating_ip": true, - "security_group": { - "name": "management", - "rules": [ - { - "direction": "inbound", - "name": "allow-all-inbound", - "source": "0.0.0.0/0" - }, - { - "direction": "outbound", - "name": "allow-all-outbound", - "source": "0.0.0.0/0" - } - ], - "vpc_name": "management" - }, - "ssh_keys": [ - "ssh-key" - ], - "subnet_names": [ - "vsi-zone-1" - ], - "vpc_name": "management", - "vsi_per_subnet": 1, - "use_legacy_network_interface": false - }, - { - "access_tags": [], - "boot_volume_encryption_key_name": "slz-vsi-volume-key", - "image_name": "ibm-ubuntu-24-04-6-minimal-amd64-2", - "machine_type": "cx2-2x4", - "name": "private-svs", - "resource_group": "slz-work-rg", - "enable_floating_ip": false, - "security_group": { - "name": "workload", - "rules": [ - { - "direction": "inbound", - "name": "allow-all-inbound", - "source": "0.0.0.0/0" - }, - { - "direction": "outbound", - "name": "allow-all-outbound", - "source": "0.0.0.0/0" - } - ], - "vpc_name": "workload" - }, - "ssh_keys": [ - "ssh-key" - ], - "subnet_names": [ - "vsi-zone-1" - ], - "vpc_name": "workload", - "vsi_per_subnet": 1, - "use_legacy_network_interface": false - }, - { - "access_tags": [], - "boot_volume_encryption_key_name": "slz-vsi-volume-key", - "image_name": "ibm-ubuntu-24-04-6-minimal-amd64-2", - "machine_type": "cx2-2x4", - "name": "inet-svs", - "resource_group": "slz-edge-rg", - "security_group": { - "name": "inet-svs", - "rules": [ - { - "direction": "inbound", - "name": "allow-all-inbound", - "source": "0.0.0.0/0" - }, - { - "direction": "outbound", - "name": "allow-all-outbound", - "source": "0.0.0.0/0" - } - ], - "vpc_name": "edge" - }, - "ssh_keys": [ - "ssh-key" - ], - "subnet_names": [ - "vsi-zone-1" - ], - "vpc_name": "edge", - "vsi_per_subnet": 1, - "load_balancers": [ - { - "name": "edge", - "type": "public", - "listener_port": 443, - "listener_protocol": "tcp", - "protocol": "tcp", - "pool_member_port": 443, - "algorithm": "least_connections", - "connection_limit": 0, - "health_delay": 60, - "health_retries": 2, - "health_timeout": 2, - "health_type": "tcp", - "idle_connection_timeout": 50 - } - ], - "use_legacy_network_interface": false - } - ], - "wait_till": "IngressReady" -} diff --git a/tests/resources/slz-vpc/README.md b/tests/resources/slz-vpc/README.md deleted file mode 100644 index ae4e760b4..000000000 --- a/tests/resources/slz-vpc/README.md +++ /dev/null @@ -1 +0,0 @@ -The terraform code in this directory is used by the existing VPC VSI DA extension for catalog validation. diff --git a/tests/resources/slz-vpc/main.tf b/tests/resources/slz-vpc/main.tf deleted file mode 100644 index f8f631921..000000000 --- a/tests/resources/slz-vpc/main.tf +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# SLZ VPC -############################################################################## - -module "landing_zone" { - source = "../../../patterns/vpc/module" - region = var.region - prefix = var.prefix - tags = var.resource_tags - enable_transit_gateway = false - add_atracker_route = false -} diff --git a/tests/resources/slz-vpc/outputs.tf b/tests/resources/slz-vpc/outputs.tf deleted file mode 100644 index c2279f582..000000000 --- a/tests/resources/slz-vpc/outputs.tf +++ /dev/null @@ -1,35 +0,0 @@ -############################################################################## -# Outputs -############################################################################## - -output "prefix" { - value = var.prefix - description = "Prefix" -} - -output "management_vpc_id" { - value = lookup( - [for vpc in module.landing_zone.vpc_data : vpc if vpc.vpc_name == "${var.prefix}-management"][0], - "vpc_id", - "") - description = "Management VPC ID" -} - -output "workload_vpc_id" { - value = lookup( - [for vpc in module.landing_zone.vpc_data : vpc if vpc.vpc_name == "${var.prefix}-workload"][0], - "vpc_id", - "") - description = "Workload VPC ID" -} - -# Parse the VSI KMS Key CRN -locals { - vsi_key_map = lookup(module.landing_zone.key_map, "${var.prefix}-vsi-volume-key", "") - vsi_key_crn = lookup(local.vsi_key_map, "crn", "") -} - -output "vsi_kms_key_crn" { - value = local.vsi_key_crn - description = "VSI KMS Key CRN" -} diff --git a/tests/resources/slz-vpc/provider.tf b/tests/resources/slz-vpc/provider.tf deleted file mode 100644 index df45ef50b..000000000 --- a/tests/resources/slz-vpc/provider.tf +++ /dev/null @@ -1,4 +0,0 @@ -provider "ibm" { - ibmcloud_api_key = var.ibmcloud_api_key - region = var.region -} diff --git a/tests/resources/slz-vpc/variables.tf b/tests/resources/slz-vpc/variables.tf deleted file mode 100644 index e49e397c3..000000000 --- a/tests/resources/slz-vpc/variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -variable "ibmcloud_api_key" { - type = string - description = "The IBM Cloud API Key" - sensitive = true -} - -variable "region" { - type = string - description = "Region to provision all resources created by this example" - default = "us-south" -} - -variable "prefix" { - type = string - description = "Prefix to append to all resources created by this example" - default = "slz-vpc" -} - -variable "resource_tags" { - type = list(string) - description = "Optional list of tags to be added to created resources" - default = [] -} diff --git a/tests/resources/slz-vpc/version.tf b/tests/resources/slz-vpc/version.tf deleted file mode 100644 index 3e2849be1..000000000 --- a/tests/resources/slz-vpc/version.tf +++ /dev/null @@ -1,9 +0,0 @@ -terraform { - required_version = ">= 1.9.0" - required_providers { - ibm = { - source = "ibm-cloud/ibm" - version = ">= 1.49.0, < 2.0.0" - } - } -} diff --git a/tests/scripts/post-validation-destroy-slz-vpc.sh b/tests/scripts/post-validation-destroy-slz-vpc.sh deleted file mode 100755 index c4bbdbc14..000000000 --- a/tests/scripts/post-validation-destroy-slz-vpc.sh +++ /dev/null @@ -1,19 +0,0 @@ -#! /bin/bash - -######################################################################################################################## -## This script is used by the catalog pipeline to destroy the SLZ VPC, which was provisioned as a prerequisite ## -## for the existing VPC VSI extension DA ## -######################################################################################################################## - -set -e - -TERRAFORM_SOURCE_DIR="tests/resources/slz-vpc" -TF_VARS_FILE="terraform.tfvars" - -( - cd ${TERRAFORM_SOURCE_DIR} - echo "Destroying prerequisite SLZ VPC .." - terraform destroy -input=false -auto-approve -var-file=${TF_VARS_FILE} || exit 1 - - echo "Post-validation complete successfully" -) diff --git a/tests/scripts/pre-validation-deploy-slz-vpc.sh b/tests/scripts/pre-validation-deploy-slz-vpc.sh deleted file mode 100755 index a80f80ded..000000000 --- a/tests/scripts/pre-validation-deploy-slz-vpc.sh +++ /dev/null @@ -1,64 +0,0 @@ -#! /bin/bash - -######################################################################################################################## -## This script is used by the catalog pipeline to deploy SLZ VPC, which is a prerequisite for the existing VPC VSI DA ## -## extension ## -######################################################################################################################## - -set -e - -DA_DIR="patterns/vsi-extension" -TERRAFORM_SOURCE_DIR="tests/resources/slz-vpc" -JSON_FILE="${DA_DIR}/catalogValidationValues.json" -REGION="au-syd" -TF_VARS_FILE="terraform.tfvars" - -( - cwd=$(pwd) - cd ${TERRAFORM_SOURCE_DIR} - echo "Provisioning prerequisite SLZ VPC .." - terraform init || exit 1 - # $VALIDATION_APIKEY is available in the catalog runtime - { - echo "ibmcloud_api_key=\"${VALIDATION_APIKEY}\"" - echo "prefix=\"slz-$(openssl rand -hex 2)\"" - echo "region=\"${REGION}\"" - } >> ${TF_VARS_FILE} - terraform apply -input=false -auto-approve -var-file=${TF_VARS_FILE} || exit 1 - - # Generate SSH keys and place in temp directory - temp_dir=$(mktemp -d) - ssh-keygen -f "${temp_dir}/id_rsa" -t rsa -N '' << tmpfile && mv tmpfile "${JSON_FILE}" || exit 1 - - echo "Pre-validation complete successfully" -) From 4f55f084ba56afdb798f67fad79f3f056a9f1642 Mon Sep 17 00:00:00 2001 From: ocofaigh Date: Fri, 24 Oct 2025 12:53:35 +0100 Subject: [PATCH 2/2] add back sample override json --- tests/resources/override-example.json | 524 ++++++++++++++++++++++++++ 1 file changed, 524 insertions(+) create mode 100644 tests/resources/override-example.json diff --git a/tests/resources/override-example.json b/tests/resources/override-example.json new file mode 100644 index 000000000..e880f0b46 --- /dev/null +++ b/tests/resources/override-example.json @@ -0,0 +1,524 @@ +{ + "appid": { + "keys": [ + "slz-appid-key" + ], + "name": "slz-appid", + "resource_group": "slz-service-rg", + "use_appid": false, + "use_data": false + }, + "clusters": [ + { + "cos_name": "cos", + "entitlement": "cloud_pak", + "kube_type": "openshift", + "kube_version": "default", + "machine_type": "bx2.16x64", + "name": "workload-cluster", + "secondary_storage": "300gb.5iops-tier", + "resource_group": "slz-work-rg", + "operating_system": "RHCOS", + "use_ibm_cloud_private_api_endpoints": false, + "verify_cluster_network_readiness": false, + "kms_config": { + "crk_name": "slz-key", + "private_endpoint": true + }, + "subnet_names": [ + "vsi-zone-1", + "vsi-zone-2", + "vsi-zone-3" + ], + "vpc_name": "workload", + "worker_pools": [ + { + "entitlement": "cloud_pak", + "flavor": "bx2.16x64", + "name": "logging-worker-pool", + "secondary_storage": "300gb.5iops-tier", + "operating_system": "RHCOS", + "subnet_names": [ + "vsi-zone-1", + "vsi-zone-2", + "vsi-zone-3" + ], + "vpc_name": "workload", + "workers_per_subnet": 2 + } + ], + "workers_per_subnet": 2 + } + ], + "enable_transit_gateway": true, + "transit_gateway_global": false, + "transit_gateway_connections": [ + "management", + "workload", + "edge" + ], + "transit_gateway_resource_group": "slz-service-rg", + "virtual_private_endpoints": [ + { + "access_tags": [], + "resource_group": "slz-service-rg", + "service_name": "cos", + "service_type": "cloud-object-storage", + "vpcs": [ + { + "name": "management", + "subnets": [ + "vpe-zone-1" + ] + }, + { + "name": "workload", + "subnets": [ + "vpe-zone-1" + ] + } + ] + } + ], + "service_endpoints": "public-and-private", + "existing_vpc_cbr_zone_id": null, + "security_groups": [], + "vpn_gateways": [ + { + "access_tags": [], + "connections": [], + "name": "management-gateway", + "resource_group": "slz-management-rg", + "subnet_name": "vpn-zone-1", + "vpc_name": "management" + } + ], + "atracker": { + "collector_bucket_name": "atracker-bucket", + "receive_global_events": true, + "resource_group": "slz-service-rg", + "add_route": true + }, + "cos": [ + { + "access_tags": [], + "buckets": [ + { + "access_tags": [], + "endpoint_type": "public", + "force_delete": true, + "kms_key": "slz-atracker-key", + "name": "atracker-bucket", + "storage_class": "standard", + "expire_rule": { + "rule_id": "a-bucket-expire-rule", + "enable": true, + "days": 30, + "prefix": "logs/" + }, + "archive_rule": { + "rule_id": "a-bucket-arch-rule", + "enable": true, + "days": 0, + "type": "Glacier" + } + } + ], + "keys": [ + { + "name": "cos-bind-key", + "role": "Writer", + "enable_HMAC": false + } + ], + "name": "atracker-cos", + "plan": "standard", + "random_suffix": true, + "resource_group": "slz-service-rg", + "use_data": false + }, + { + "access_tags": [], + "buckets": [ + { + "access_tags": [], + "endpoint_type": "public", + "force_delete": true, + "kms_key": "slz-key", + "name": "management-bucket", + "storage_class": "standard" + }, + { + "access_tags": [], + "endpoint_type": "public", + "force_delete": true, + "kms_key": "slz-key", + "name": "workload-bucket", + "storage_class": "standard" + }, + { + "access_tags": [], + "endpoint_type": "public", + "force_delete": true, + "kms_key": "slz-key", + "name": "edge-bucket", + "storage_class": "standard" + } + ], + "keys": [], + "name": "cos", + "plan": "standard", + "random_suffix": true, + "resource_group": "slz-service-rg", + "use_data": false + } + ], + "key_management": { + "access_tags": [], + "keys": [ + { + "key_ring": "slz-slz-ring", + "name": "slz-key", + "root_key": true + }, + { + "key_ring": "slz-slz-ring", + "name": "slz-atracker-key", + "root_key": true + }, + { + "key_ring": "slz-slz-ring", + "name": "slz-vsi-volume-key", + "root_key": true + } + ], + "name": "slz-kms", + "resource_group": "slz-service-rg", + "use_hs_crypto": false, + "service_endpoints": "public-and-private" + }, + "resource_groups": [ + { + "create": true, + "name": "slz-service-rg", + "use_prefix": true + }, + { + "create": true, + "name": "slz-management-rg", + "use_prefix": true + }, + { + "create": true, + "name": "slz-work-rg", + "use_prefix": true + }, + { + "create": true, + "name": "slz-edge-rg", + "use_prefix": true + } + ], + "network_cidr": "10.0.0.0/8", + "vpcs": [ + { + "access_tags": [], + "address_prefixes": { + "zone-1": [], + "zone-2": [], + "zone-3": [] + }, + "default_security_group_rules": [], + "clean_default_security_group": true, + "clean_default_acl": true, + "flow_logs_bucket_name": null, + "network_acls": [ + { + "name": "management-acl", + "rules": [ + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "inbound", + "name": "allow-all-inbound", + "source": "0.0.0.0/0" + }, + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "outbound", + "name": "allow-all-outbound", + "source": "0.0.0.0/0" + } + ] + } + ], + "prefix": "management", + "resource_group": "slz-management-rg", + "subnets": { + "zone-1": [ + { + "acl_name": "management-acl", + "cidr": "10.10.10.0/24", + "name": "vsi-zone-1", + "public_gateway": false + }, + { + "acl_name": "management-acl", + "cidr": "10.10.20.0/24", + "name": "vpe-zone-1", + "public_gateway": false + }, + { + "acl_name": "management-acl", + "cidr": "10.10.30.0/24", + "name": "vpn-zone-1", + "public_gateway": false + } + ], + "zone-2": null, + "zone-3": null + }, + "use_public_gateways": { + "zone-1": false, + "zone-2": false, + "zone-3": false + } + }, + { + "address_prefixes": { + "zone-1": [], + "zone-2": [], + "zone-3": [] + }, + "default_security_group_rules": [], + "clean_default_security_group": true, + "clean_default_acl": true, + "flow_logs_bucket_name": null, + "network_acls": [ + { + "name": "workload-acl", + "rules": [ + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "inbound", + "name": "allow-all-inbound", + "source": "0.0.0.0/0" + }, + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "outbound", + "name": "allow-all-outbound", + "source": "0.0.0.0/0" + } + ] + } + ], + "prefix": "workload", + "resource_group": "slz-work-rg", + "subnets": { + "zone-1": [ + { + "acl_name": "workload-acl", + "cidr": "10.20.10.0/24", + "name": "vsi-zone-1", + "public_gateway": true + }, + { + "acl_name": "workload-acl", + "cidr": "10.20.20.0/24", + "name": "vpe-zone-1", + "public_gateway": false + } + ], + "zone-2": null, + "zone-3": null + }, + "use_public_gateways": { + "zone-1": false, + "zone-2": false, + "zone-3": false + } + }, + { + "address_prefixes": { + "zone-1": [], + "zone-2": [], + "zone-3": [] + }, + "default_security_group_rules": [], + "clean_default_security_group": true, + "clean_default_acl": true, + "flow_logs_bucket_name": null, + "network_acls": [ + { + "name": "edge-acl", + "rules": [ + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "inbound", + "name": "allow-all-inbound", + "source": "0.0.0.0/0" + }, + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "outbound", + "name": "allow-all-outbound", + "source": "0.0.0.0/0" + } + ] + } + ], + "prefix": "edge", + "resource_group": "slz-edge-rg", + "subnets": { + "zone-1": [ + { + "acl_name": "edge-acl", + "cidr": "10.30.10.0/24", + "name": "vsi-zone-1", + "public_gateway": true + }, + { + "acl_name": "edge-acl", + "cidr": "10.30.20.0/24", + "name": "vpe-zone-1", + "public_gateway": false + } + ], + "zone-2": null, + "zone-3": null + }, + "use_public_gateways": { + "zone-1": true, + "zone-2": false, + "zone-3": false + } + } + ], + "vsi": [ + { + "access_tags": [], + "boot_volume_encryption_key_name": "slz-vsi-volume-key", + "image_name": "ibm-ubuntu-24-04-6-minimal-amd64-2", + "machine_type": "cx2-2x4", + "name": "jump-box", + "resource_group": "slz-management-rg", + "enable_floating_ip": true, + "security_group": { + "name": "management", + "rules": [ + { + "direction": "inbound", + "name": "allow-all-inbound", + "source": "0.0.0.0/0" + }, + { + "direction": "outbound", + "name": "allow-all-outbound", + "source": "0.0.0.0/0" + } + ], + "vpc_name": "management" + }, + "ssh_keys": [ + "ssh-key" + ], + "subnet_names": [ + "vsi-zone-1" + ], + "vpc_name": "management", + "vsi_per_subnet": 1, + "use_legacy_network_interface": false + }, + { + "access_tags": [], + "boot_volume_encryption_key_name": "slz-vsi-volume-key", + "image_name": "ibm-ubuntu-24-04-6-minimal-amd64-2", + "machine_type": "cx2-2x4", + "name": "private-svs", + "resource_group": "slz-work-rg", + "enable_floating_ip": false, + "security_group": { + "name": "workload", + "rules": [ + { + "direction": "inbound", + "name": "allow-all-inbound", + "source": "0.0.0.0/0" + }, + { + "direction": "outbound", + "name": "allow-all-outbound", + "source": "0.0.0.0/0" + } + ], + "vpc_name": "workload" + }, + "ssh_keys": [ + "ssh-key" + ], + "subnet_names": [ + "vsi-zone-1" + ], + "vpc_name": "workload", + "vsi_per_subnet": 1, + "use_legacy_network_interface": false + }, + { + "access_tags": [], + "boot_volume_encryption_key_name": "slz-vsi-volume-key", + "image_name": "ibm-ubuntu-24-04-6-minimal-amd64-2", + "machine_type": "cx2-2x4", + "name": "inet-svs", + "resource_group": "slz-edge-rg", + "security_group": { + "name": "inet-svs", + "rules": [ + { + "direction": "inbound", + "name": "allow-all-inbound", + "source": "0.0.0.0/0" + }, + { + "direction": "outbound", + "name": "allow-all-outbound", + "source": "0.0.0.0/0" + } + ], + "vpc_name": "edge" + }, + "ssh_keys": [ + "ssh-key" + ], + "subnet_names": [ + "vsi-zone-1" + ], + "vpc_name": "edge", + "vsi_per_subnet": 1, + "load_balancers": [ + { + "name": "edge", + "type": "public", + "listener_port": 443, + "listener_protocol": "tcp", + "protocol": "tcp", + "pool_member_port": 443, + "algorithm": "least_connections", + "connection_limit": 0, + "health_delay": 60, + "health_retries": 2, + "health_timeout": 2, + "health_type": "tcp", + "idle_connection_timeout": 50 + } + ], + "use_legacy_network_interface": false + } + ], + "wait_till": "IngressReady" +}