fix: update code

Author: Jordan-Williams2

common-dev-assets

@@ -33,21 +33,10 @@
           "compliance": {},
           "iam_permissions": [
             {
-              "service_name": "sysdig-monitor",
+              "service_name": "containers-kubernetes",
               "role_crns": [
-                "crn:v1:bluemix:public:iam::::serviceRole:Manager"
-              ]
-            },
-            {
-              "service_name": "logs",
-              "role_crns": [
-                "crn:v1:bluemix:public:iam::::role:Editor"
-              ]
-            },
-            {
-              "service_name": "metrics-router",
-              "role_crns": [
-                "crn:v1:bluemix:public:iam::::role:Editor"
+                "crn:v1:bluemix:public:iam::::serviceRole:Manager",
+                "crn:v1:bluemix:public:iam::::role:Viewer"
               ]
             }
           ],

ibm_catalog.json

@@ -74,7 +74,7 @@ The `logs_agent_additional_metadata` variable is used to configure additional me
 
 # Configuring Logs Agent Resources
 
-When you deploy the IBM Logs agent using the `terraform-ibm-logs-agent` module, you can configure the resource requests and limits for the logs agent pods by using the `logs_agent_resources` variable. This variable allows you to specify the CPU and memory resources allocated to the logs agent.
+When you deploy the IBM Logs agent using the `terraform-ibm-logs-agent` module, you can configure the resource requests and limits for the logs agent pods by using the `logs_agent_resources` variable. This variable allows you to specify the CPU and memory resources allocated to the logs agent. [Learn More](https://cloud.ibm.com/docs/cloud-logs?topic=cloud-logs-agent-helm-template-clusters#agent-helm-template-clusters-chart-options-resources).
 
 ### Options for `logs_agent_resources`
 - `requests` (optional): Specifies the minimum amount of resources required. Includes:

solutions/fully-configurable/DA-types.md

@@ -107,7 +107,7 @@ variable "logs_agent_iam_api_key" {
 }
 
 variable "logs_agent_tolerations" {
-  description = "List of tolerations to apply to Logs agent. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-logs-agent/tree/main/solutions/fully-configurable/DA-types.md)."
+  description = "List of tolerations to apply to Logs agent. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-logs-agent/tree/main/solutions/fully-configurable/DA-types.md#configuring-logs-agent-tolerations)."
   type = list(object({
     key               = optional(string)
     operator          = optional(string)
@@ -121,7 +121,7 @@ variable "logs_agent_tolerations" {
 }
 
 variable "logs_agent_resources" {
-  description = "The resources configuration for cpu/memory/storage. Learn more [here](https://cloud.ibm.com/docs/cloud-logs?topic=cloud-logs-agent-helm-template-clusters#agent-helm-template-clusters-chart-options-resources) and [here](https://github.com/terraform-ibm-modules/terraform-ibm-logs-agent/tree/main/solutions/fully-configurable/DA-types.md)."
+  description = "The resources configuration for cpu/memory/storage. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-logs-agent/blob/main/solutions/fully-configurable/DA-types.md#configuring-logs-agent-resources)."
   type = object({
     limits = object({
       cpu    = string
@@ -193,7 +193,7 @@ variable "logs_agent_iam_environment" {
 }
 
 variable "logs_agent_additional_metadata" {
-  description = "The list of additional metadata fields to add to the routed logs. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-logs-agent/tree/main/solutions/fully-configurable/DA-types.md)."
+  description = "The list of additional metadata fields to add to the routed logs. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-logs-agent/blob/main/solutions/fully-configurable/DA-types.md#configuring-logs-agent-additional-metadata)."
   type = list(object({
     key   = optional(string)
     value = optional(string)

solutions/fully-configurable/variables.tf

@@ -10,21 +10,81 @@ module "resource_group" {
   existing_resource_group_name = var.resource_group
 }
 
-##############################################################################
-# SLZ ROKS Pattern
-##############################################################################
+########################################################################################################################
+# VPC + Subnet + Public Gateway
+#
+# NOTE: This is a very simple VPC with single subnet in a single zone with a public gateway enabled, that will allow
+# all traffic ingress/egress by default.
+# For production use cases this would need to be enhanced by adding more subnets and zones for resiliency, and
+# ACLs/Security Groups for network security.
+########################################################################################################################
+
+resource "ibm_is_vpc" "vpc" {
+  name                      = "${var.prefix}-vpc"
+  resource_group            = module.resource_group.resource_group_id
+  address_prefix_management = "auto"
+  tags                      = var.resource_tags
+}
+
+resource "ibm_is_public_gateway" "gateway" {
+  name           = "${var.prefix}-gateway-1"
+  vpc            = ibm_is_vpc.vpc.id
+  resource_group = module.resource_group.resource_group_id
+  zone           = "${var.region}-1"
+}
+
+resource "ibm_is_subnet" "subnet_zone_1" {
+  name                     = "${var.prefix}-subnet-1"
+  vpc                      = ibm_is_vpc.vpc.id
+  resource_group           = module.resource_group.resource_group_id
+  zone                     = "${var.region}-1"
+  total_ipv4_address_count = 256
+  public_gateway           = ibm_is_public_gateway.gateway.id
+}
+
+########################################################################################################################
+# OCP VPC cluster (single zone)
+########################################################################################################################
+
+locals {
+  cluster_vpc_subnets = {
+    default = [
+      {
+        id         = ibm_is_subnet.subnet_zone_1.id
+        cidr_block = ibm_is_subnet.subnet_zone_1.ipv4_cidr_block
+        zone       = ibm_is_subnet.subnet_zone_1.zone
+      }
+    ]
+  }
 
-module "landing_zone" {
-  source                              = "git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone//patterns//roks//module?ref=v7.3.0"
+  worker_pools = [
+    {
+      subnet_prefix    = "default"
+      pool_name        = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
+      machine_type     = "bx2.4x16"
+      workers_per_zone = 2 # minimum of 2 is allowed when using single zone
+      operating_system = "REDHAT_8_64"
+    }
+  ]
+}
+
+locals {
+  cluster_name = "${var.prefix}-cluster"
+}
+
+module "ocp_base" {
+  source                              = "terraform-ibm-modules/base-ocp-vpc/ibm"
+  version                             = "3.46.11"
+  resource_group_id                   = module.resource_group.resource_group_id
   region                              = var.region
-  prefix                              = var.prefix
   tags                                = var.resource_tags
-  add_atracker_route                  = false
-  enable_transit_gateway              = false
-  cluster_force_delete_storage        = true
-  verify_cluster_network_readiness    = false
-  use_ibm_cloud_private_api_endpoints = false
-  ignore_vpcs_for_cluster_deployment  = ["management"]
+  cluster_name                        = local.cluster_name
+  force_delete_storage                = true
+  vpc_id                              = ibm_is_vpc.vpc.id
+  vpc_subnets                         = local.cluster_vpc_subnets
+  worker_pools                        = local.worker_pools
+  access_tags                         = []
+  disable_outbound_traffic_protection = true # set as True to enable outbound traffic
 }
 
 ##############################################################################
@@ -78,15 +138,10 @@ module "buckets" {
 # - Cloud Logs instance
 ##############################################################################
 
-locals {
-  cluster_resource_group_id = module.landing_zone.cluster_data["${var.prefix}-workload-cluster"].resource_group_id
-  cluster_crn               = module.landing_zone.cluster_data["${var.prefix}-workload-cluster"].crn
-}
-
 module "cloud_logs" {
   source            = "terraform-ibm-modules/cloud-logs/ibm"
   version           = "1.0.0"
-  resource_group_id = local.cluster_resource_group_id
+  resource_group_id = module.ocp_base.resource_group_id
   region            = var.region
   instance_name     = "${var.prefix}-cloud-logs"
   resource_tags     = var.resource_tags
@@ -130,7 +185,7 @@ module "trusted_profile" {
   trusted_profile_links = [{
     cr_type = "ROKS_SA"
     links = [{
-      crn       = local.cluster_crn
+      crn       = module.ocp_base.cluster_crn
       namespace = local.logs_agent_namespace
       name      = local.logs_agent_name
     }]

tests/resources/main.tf

@@ -12,23 +12,18 @@ output "prefix" {
   description = "prefix"
 }
 
-output "cluster_data" {
-  value       = module.landing_zone.cluster_data
-  description = "Details of OCP cluster."
-}
-
 output "workload_cluster_id" {
-  value       = module.landing_zone.workload_cluster_id
+  value       = module.ocp_base.cluster_id
   description = "ID of the workload cluster."
 }
 
 output "workload_cluster_crn" {
-  value       = local.cluster_crn
+  value       = module.ocp_base.cluster_crn
   description = "CRN of the workload cluster."
 }
 
 output "cluster_resource_group_id" {
-  value       = local.cluster_resource_group_id
+  value       = module.ocp_base.resource_group_id
   description = "Resource group ID of the workload cluster."
 }
 

tests/resources/outputs.tf

@@ -10,7 +10,6 @@ set -e
 DA_DIR="solutions/fully-configurable"
 TERRAFORM_SOURCE_DIR="tests/resources"
 JSON_FILE="${DA_DIR}/catalogValidationValues.json"
-REGION="us-south"
 TF_VARS_FILE="terraform.tfvars"
 
 (
@@ -21,12 +20,10 @@ TF_VARS_FILE="terraform.tfvars"
   # $VALIDATION_APIKEY is available in the catalog runtime
   {
     echo "ibmcloud_api_key=\"${VALIDATION_APIKEY}\""
-    echo "region=\"${REGION}\""
     echo "prefix=\"slz-$(openssl rand -hex 2)\""
   } >> ${TF_VARS_FILE}
   terraform apply -input=false -auto-approve -var-file=${TF_VARS_FILE} || exit 1
 
-  region_var_name="region"
   cluster_id_var_name="cluster_id"
   cluster_id_value=$(terraform output -state=terraform.tfstate -raw workload_cluster_id)
   cluster_resource_group_id_var_name="cluster_resource_group_id"
@@ -36,20 +33,18 @@ TF_VARS_FILE="terraform.tfvars"
   cloud_logs_ingress_endpoint_var_name="cloud_logs_ingress_endpoint"
   cloud_logs_ingress_endpoint_value=$(terraform output -state=terraform.tfstate -raw cloud_logs_ingress_private_endpoint)
 
-  echo "Appending '${region_var_name}', '${cluster_id_var_name}' '${cluster_resource_group_id_var_name}', '${logs_agent_trusted_profile_var_name}', and '${cloud_logs_ingress_endpoint_var_name}' input variable values to ${JSON_FILE}.."
+  echo "Appending '${cluster_id_var_name}' '${cluster_resource_group_id_var_name}', '${logs_agent_trusted_profile_var_name}', and '${cloud_logs_ingress_endpoint_var_name}' input variable values to ${JSON_FILE}.."
 
   cd "${cwd}"
-  jq -r --arg region_var_name "${region_var_name}" \
-        --arg region_var_value "${REGION}" \
-        --arg cluster_id_var_name "${cluster_id_var_name}" \
+  jq -r --arg cluster_id_var_name "${cluster_id_var_name}" \
         --arg cluster_id_value "${cluster_id_value}" \
         --arg cluster_resource_group_id_var_name "${cluster_resource_group_id_var_name}" \
         --arg cluster_resource_group_id_value "${cluster_resource_group_id_value}" \
         --arg logs_agent_trusted_profile_var_name "${logs_agent_trusted_profile_var_name}" \
         --arg logs_agent_trusted_profile_value "${logs_agent_trusted_profile_value}" \
         --arg cloud_logs_ingress_endpoint_var_name "${cloud_logs_ingress_endpoint_var_name}" \
         --arg cloud_logs_ingress_endpoint_value "${cloud_logs_ingress_endpoint_value}" \
-        '. + {($region_var_name): $region_var_value, ($cluster_id_var_name): $cluster_id_value, ($cluster_resource_group_id_var_name): $cluster_resource_group_id_value, ($logs_agent_trusted_profile_var_name): $logs_agent_trusted_profile_value, ($cloud_logs_ingress_endpoint_var_name): $cloud_logs_ingress_endpoint_value}' "${JSON_FILE}" > tmpfile && mv tmpfile "${JSON_FILE}" || exit 1
+        '. + {($cluster_id_var_name): $cluster_id_value, ($cluster_resource_group_id_var_name): $cluster_resource_group_id_value, ($logs_agent_trusted_profile_var_name): $logs_agent_trusted_profile_value, ($cloud_logs_ingress_endpoint_var_name): $cloud_logs_ingress_endpoint_value}' "${JSON_FILE}" > tmpfile && mv tmpfile "${JSON_FILE}" || exit 1
 
   echo "Pre-validation complete successfully"
 )