test: moved all mutlitenant test to other (#658)

Author: toddgiguere

README.md

@@ -26,6 +26,7 @@ An IBM Provider [issue](https://github.com/IBM-Cloud/terraform-provider-ibm/issu
 * [Examples](./examples)
     * [Advanced dedicated service VPE gateway](./examples/advanced)
     * [Basic multi-tenant VPE gateway](./examples/basic)
+    * [Every supported multi-tenant ("provider_cloud_service") VPE gateway](./examples/every-multi-tenant-svc)
     * [Existing Reserved IPs example](./examples/reserved-ips)
 * [Contributing](#contributing)
 <!-- END OVERVIEW HOOK -->

examples/basic/README.md

@@ -4,4 +4,4 @@ This example creates the following infrastructure:
 - A resource group, if one is not passed in.
 - A VPC
     - The VPC is created with three subnets across the three availability zones of the region that is passed as input.
-- A virtual private endpoint (VPE) gateways for every multitenant service supported
+- A virtual private endpoint (VPE) gateways for a couple of the  multitenant services

examples/basic/main.tf

@@ -38,107 +38,11 @@ module "vpes" {
   subnet_zone_list  = module.vpc.subnet_zone_list
   resource_group_id = module.resource_group.resource_group_id
   cloud_services = [
-    {
-      service_name = "account-management"
-    },
-    {
-      service_name = "billing"
-    },
-    {
-      service_name = "cloud-object-storage"
-      vpe_name     = "${var.prefix}-cos"
-    },
-    {
-      service_name = "cloud-object-storage-config"
-      vpe_name     = "${var.prefix}-cos-config"
-    },
-    {
-      service_name = "codeengine"
-    },
-    {
-      service_name = "container-registry"
-    },
-    {
-      service_name = "containers-kubernetes"
-      vpe_name     = "${var.prefix}-kubernetes"
-    },
-    {
-      service_name = "context-based-restrictions"
-      vpe_name     = "${var.prefix}-cbr"
-    },
-    {
-      service_name = "directlink"
-    },
-    {
-      service_name = "dns-svcs"
-    },
-    {
-      service_name = "enterprise"
-    },
-    {
-      service_name = "global-search"
-      vpe_name     = "${var.prefix}-search"
-    },
-    {
-      service_name = "global-tagging"
-      vpe_name     = "${var.prefix}-tagging"
-    },
-    {
-      service_name = "globalcatalog"
-    },
-    {
-      service_name = "hs-crypto"
-    },
-    {
-      service_name = "hs-crypto-cert-mgr"
-    },
-    {
-      service_name = "hs-crypto-ep11"
-    },
-    {
-      service_name = "hs-crypto-ep11-az1"
-    },
-    {
-      service_name = "hs-crypto-ep11-az2"
-    },
-    {
-      service_name = "hs-crypto-ep11-az3"
-    },
-    {
-      service_name = "hs-crypto-kmip"
-    },
-    {
-      service_name = "hs-crypto-tke"
-    },
-    {
-      service_name = "iam-svcs"
-    },
     {
       service_name = "is"
     },
     {
       service_name = "kms"
-    },
-    {
-      service_name = "messaging"
-    },
-    {
-      service_name = "resource-controller"
-    },
-    {
-      service_name = "support-center"
-    },
-    {
-      service_name = "transit"
-    },
-    {
-      service_name = "user-management"
-    },
-    {
-      service_name = "vmware"
-    },
-    {
-      service_name = "ntp"
     }
   ]
 }

examples/every-multi-tenant-svc/README.md

@@ -0,0 +1,14 @@
+# Every supported multi-tenant ("provider_cloud_service") VPE gateway
+
+This example creates the following infrastructure:
+- A resource group, if one is not passed in.
+- A VPC
+    - The VPC is created with three subnets across the three availability zones of the region that is passed as input.
+- A virtual private endpoint (VPE) gateways for EVERY multitenant service supported
+
+> [!WARNING]
+> Creating all service VPEs in one apply may cause the VPC to enter "locked" state, and some endpoints may fail to be created.
+> In this scenario you can keep re-applying until all endpoints are created, or execute your `terraform apply` using the
+> `-parallelism=n` option with a small thread number to avoid the lock.
+>
+> [IBM Terraform provider issue reporting this issue](https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6224)

examples/every-multi-tenant-svc/main.tf

@@ -0,0 +1,147 @@
+##############################################################################
+# Resource Group
+##############################################################################
+module "resource_group" {
+  source  = "terraform-ibm-modules/resource-group/ibm"
+  version = "1.1.6"
+  # if an existing resource group is not set (null) create a new one using prefix
+  resource_group_name          = var.resource_group == null ? "${var.prefix}-resource-group" : null
+  existing_resource_group_name = var.resource_group
+}
+
+##############################################################################
+# Create a VPC for this example using defaults from terraform-ibm-landing-zone-vpc
+# ( 3 subnets across the 3 AZs in the region )
+##############################################################################
+
+module "vpc" {
+  source            = "terraform-ibm-modules/landing-zone-vpc/ibm"
+  version           = "7.20.2"
+  resource_group_id = module.resource_group.resource_group_id
+  region            = var.region
+  prefix            = var.prefix
+  name              = "vpc"
+  tags              = var.resource_tags
+}
+
+##############################################################################
+# Create every multi-tenant VPEs in the VPC
+# NOTE: forcing a shorter VPE name for some services due to length limitations
+# on VPE service side
+##############################################################################
+module "vpes" {
+  source            = "../../"
+  region            = var.region
+  prefix            = var.prefix
+  vpc_name          = module.vpc.vpc_name
+  vpc_id            = module.vpc.vpc_id
+  subnet_zone_list  = module.vpc.subnet_zone_list
+  resource_group_id = module.resource_group.resource_group_id
+  cloud_services = [
+    {
+      service_name = "account-management"
+    },
+    {
+      service_name = "billing"
+    },
+    {
+      service_name = "cloud-object-storage"
+      vpe_name     = "${var.prefix}-cos"
+    },
+    {
+      service_name = "cloud-object-storage-config"
+      vpe_name     = "${var.prefix}-cos-config"
+    },
+    {
+      service_name = "codeengine"
+    },
+    {
+      service_name = "container-registry"
+    },
+    {
+      service_name = "containers-kubernetes"
+      vpe_name     = "${var.prefix}-kubernetes"
+    },
+    {
+      service_name = "context-based-restrictions"
+      vpe_name     = "${var.prefix}-cbr"
+    },
+    {
+      service_name = "directlink"
+    },
+    {
+      service_name = "dns-svcs"
+    },
+    {
+      service_name = "enterprise"
+    },
+    {
+      service_name = "global-search"
+      vpe_name     = "${var.prefix}-search"
+    },
+    {
+      service_name = "global-tagging"
+      vpe_name     = "${var.prefix}-tagging"
+    },
+    {
+      service_name = "globalcatalog"
+    },
+    {
+      service_name = "hs-crypto"
+    },
+    {
+      service_name = "hs-crypto-cert-mgr"
+    },
+    {
+      service_name = "hs-crypto-ep11"
+    },
+    {
+      service_name = "hs-crypto-ep11-az1"
+    },
+    {
+      service_name = "hs-crypto-ep11-az2"
+    },
+    {
+      service_name = "hs-crypto-ep11-az3"
+    },
+    {
+      service_name = "hs-crypto-kmip"
+    },
+    {
+      service_name = "hs-crypto-tke"
+    },
+    {
+      service_name = "iam-svcs"
+    },
+    {
+      service_name = "is"
+    },
+    {
+      service_name = "kms"
+    },
+    {
+      service_name = "messaging"
+    },
+    {
+      service_name = "resource-controller"
+    },
+    {
+      service_name = "support-center"
+    },
+    {
+      service_name = "transit"
+    },
+    {
+      service_name = "user-management"
+    },
+    {
+      service_name = "vmware"
+    },
+    {
+      service_name = "ntp"
+    }
+  ]
+}
+
+
+##############################################################################

examples/every-multi-tenant-svc/outputs.tf

@@ -0,0 +1,9 @@
+output "vpe_ips" {
+  description = "The endpoint gateway reserved ips"
+  value       = module.vpes.vpe_ips
+}
+
+output "crn" {
+  description = "The CRN of the endpoint gateway"
+  value       = module.vpes.crn
+}

examples/every-multi-tenant-svc/provider.tf

@@ -0,0 +1,4 @@
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+  region           = var.region
+}

examples/every-multi-tenant-svc/variables.tf

@@ -0,0 +1,27 @@
+variable "ibmcloud_api_key" {
+  type        = string
+  description = "The IBM Cloud API Key"
+  sensitive   = true
+}
+
+variable "region" {
+  description = "The region where VPC and services are deployed"
+  type        = string
+}
+
+variable "prefix" {
+  description = "The prefix that you would like to append to your resources"
+  type        = string
+}
+
+variable "resource_group" {
+  type        = string
+  description = "An existing resource group name to use for this example, if unset a new resource group will be created"
+  default     = null
+}
+
+variable "resource_tags" {
+  type        = list(string)
+  description = "Optional list of tags to be added to created resources"
+  default     = []
+}

examples/every-multi-tenant-svc/versions.tf

@@ -0,0 +1,18 @@
+##############################################################################
+# Terraform Providers
+##############################################################################
+
+terraform {
+  required_version = ">= 1.3.0"
+  # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
+  # module's version.tf (basic or default), and 1 example that will always use the latest provider version.
+  required_providers {
+    ibm = {
+      source = "IBM-Cloud/ibm"
+      # pin to lowest vesion, required for IAM auth policy
+      version = "1.61.0"
+    }
+  }
+}
+
+##############################################################################

tests/other_test.go

@@ -35,3 +35,40 @@ func TestRunReservedIpExample(t *testing.T) {
 	assert.NoErrorf(t, outputErrMap, "Some outputs not having the expected structure")
 	options.TestTearDown()
 }
+
+// TEST NOTE:
+// This test will deploy all 30+ multitenant services in order to test that our current CRN mappings are correct
+// for these service names.
+// However there is an issue with the provider currently that prevents all 30+ VPEs to deploy at once, resulting in a
+// "VPC Locked" error.
+// In order to test all 30+ services, we will run this other test single-threaded (parallelism=1).
+//
+// IBM Terraform provider issue for this issue: https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6224
+func TestRunEveryMultiTenantExample(t *testing.T) {
+	t.Parallel()
+
+	options := setupOptions(t, "vpe-allmt", "examples/every-multi-tenant-svc")
+
+	// need to do setup so that TerraformOptions is created
+	options.TestSetup()
+
+	// save the current parallelism value, we will reset to this value later
+	currentParallelValue := options.TerraformOptions.Parallelism
+	t.Logf("Terratest Parallelism currently set to %d, replacing with 1 for single-threaded apply", currentParallelValue)
+	options.TerraformOptions.Parallelism = 1
+
+	// after apply, set parallelism back to default to help quicken remaining steps
+	options.PostApplyHook = func(options *testhelper.TestOptions) error {
+		t.Logf("Terratest Parallelism will be switched back to %d from single-threaded", currentParallelValue)
+		options.TerraformOptions.Parallelism = currentParallelValue
+		return nil
+	}
+
+	// turn off test setup, already done
+	options.SkipTestSetup = true
+
+	// now do full test single-threaded
+	output, err := options.RunTestConsistency()
+	assert.Nil(t, err, "This should not have errored.")
+	assert.NotNil(t, output, "Expected some output")
+}