feat: update modules and add support for legacy VNI (#94)

Aashiq-J · web-flow · commit add06f0b8e61 · 2025-12-05T11:25:15.000+05:30
BREAKING CHANGE: The VSI's will be re-created.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -8,5 +8,5 @@ on:
 
 jobs:
   call-terraform-release-pipeline:
-    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-release.yml@v1.22.5
+    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-release.yml@v1.24.0
     secrets: inherit
diff --git a/common-dev-assets b/common-dev-assets
@@ -1 +1 @@
-Subproject commit 81eca72442c82d8fe4b67fe175e6979d058426e9
+Subproject commit 238892dddce116998ab6b6ebdb998708401174d1
diff --git a/ibm_catalog.json b/ibm_catalog.json
@@ -226,6 +226,9 @@
             {
               "key": "data_vsi_per_subnet"
             },
+            {
+              "key": "use_legacy_network_interface"
+            },
             {
               "key": "data_security_group"
             },
diff --git a/solutions/e2e/README.md b/solutions/e2e/README.md
@@ -105,35 +105,35 @@ statement instead the previous block.
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.76.3 |
-| <a name="requirement_null"></a> [null](#requirement\_null) | 3.2.3 |
-| <a name="requirement_random"></a> [random](#requirement\_random) | 3.7.1 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.85.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | 3.2.4 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | 3.7.2 |
 
 ### Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_app_tier_autoscale"></a> [app\_tier\_autoscale](#module\_app\_tier\_autoscale) | github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vsi-autoscale | v1.0.3 |
-| <a name="module_data_tier_vsi"></a> [data\_tier\_vsi](#module\_data\_tier\_vsi) | terraform-ibm-modules/landing-zone-vsi/ibm | 4.2.0 |
-| <a name="module_landing_zone"></a> [landing\_zone](#module\_landing\_zone) | git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone.git//patterns/vsi/module | v6.2.1 |
-| <a name="module_private_secret_engine"></a> [private\_secret\_engine](#module\_private\_secret\_engine) | terraform-ibm-modules/secrets-manager-private-cert-engine/ibm | 1.3.4 |
-| <a name="module_secrets_manager_group"></a> [secrets\_manager\_group](#module\_secrets\_manager\_group) | terraform-ibm-modules/secrets-manager-secret-group/ibm | 1.2.2 |
-| <a name="module_secrets_manager_private_certificate"></a> [secrets\_manager\_private\_certificate](#module\_secrets\_manager\_private\_certificate) | terraform-ibm-modules/secrets-manager-private-cert/ibm | 1.3.2 |
-| <a name="module_sm_resource_group"></a> [sm\_resource\_group](#module\_sm\_resource\_group) | terraform-ibm-modules/resource-group/ibm | 1.1.6 |
+| <a name="module_data_tier_vsi"></a> [data\_tier\_vsi](#module\_data\_tier\_vsi) | terraform-ibm-modules/landing-zone-vsi/ibm | 5.17.0 |
+| <a name="module_landing_zone"></a> [landing\_zone](#module\_landing\_zone) | git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone.git//patterns/vsi/module | v8.13.1 |
+| <a name="module_private_secret_engine"></a> [private\_secret\_engine](#module\_private\_secret\_engine) | terraform-ibm-modules/secrets-manager-private-cert-engine/ibm | 1.11.1 |
+| <a name="module_secrets_manager_group"></a> [secrets\_manager\_group](#module\_secrets\_manager\_group) | terraform-ibm-modules/secrets-manager-secret-group/ibm | 1.3.19 |
+| <a name="module_secrets_manager_private_certificate"></a> [secrets\_manager\_private\_certificate](#module\_secrets\_manager\_private\_certificate) | terraform-ibm-modules/secrets-manager-private-cert/ibm | 1.9.2 |
+| <a name="module_sm_resource_group"></a> [sm\_resource\_group](#module\_sm\_resource\_group) | terraform-ibm-modules/resource-group/ibm | 1.4.0 |
 | <a name="module_web_tier_autoscale"></a> [web\_tier\_autoscale](#module\_web\_tier\_autoscale) | github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vsi-autoscale | v1.0.3 |
 
 ### Resources
 
 | Name | Type |
 |------|------|
-| [ibm_iam_authorization_policy.s2s_lb_to_sm](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.76.3/docs/resources/iam_authorization_policy) | resource |
-| [ibm_resource_instance.secrets_manager](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.76.3/docs/resources/resource_instance) | resource |
-| [null_resource.primary_postgresql_install](https://registry.terraform.io/providers/hashicorp/null/3.2.3/docs/resources/resource) | resource |
-| [null_resource.secondary_postgresql_install](https://registry.terraform.io/providers/hashicorp/null/3.2.3/docs/resources/resource) | resource |
-| [random_password.password](https://registry.terraform.io/providers/hashicorp/random/3.7.1/docs/resources/password) | resource |
-| [ibm_is_image.app_is_image](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.76.3/docs/data-sources/is_image) | data source |
-| [ibm_is_image.data_is_image](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.76.3/docs/data-sources/is_image) | data source |
-| [ibm_is_image.web_is_image](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.76.3/docs/data-sources/is_image) | data source |
+| [ibm_iam_authorization_policy.s2s_lb_to_sm](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.85.0/docs/resources/iam_authorization_policy) | resource |
+| [ibm_resource_instance.secrets_manager](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.85.0/docs/resources/resource_instance) | resource |
+| [null_resource.primary_postgresql_install](https://registry.terraform.io/providers/hashicorp/null/3.2.4/docs/resources/resource) | resource |
+| [null_resource.secondary_postgresql_install](https://registry.terraform.io/providers/hashicorp/null/3.2.4/docs/resources/resource) | resource |
+| [random_password.password](https://registry.terraform.io/providers/hashicorp/random/3.7.2/docs/resources/password) | resource |
+| [ibm_is_image.app_is_image](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.85.0/docs/data-sources/is_image) | data source |
+| [ibm_is_image.data_is_image](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.85.0/docs/data-sources/is_image) | data source |
+| [ibm_is_image.web_is_image](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.85.0/docs/data-sources/is_image) | data source |
 
 ### Inputs
 
@@ -168,10 +168,11 @@ statement instead the previous block.
 | <a name="input_root_ca_name"></a> [root\_ca\_name](#input\_root\_ca\_name) | The name of the Root CA to create for a private\_cert secret engine. Only used when `var.existing_sm_instance_guid` is `false`. | `string` | `"root-ca"` | no |
 | <a name="input_sample_application"></a> [sample\_application](#input\_sample\_application) | Apply the sample web application to the pattern. | `bool` | `false` | no |
 | <a name="input_sm_instance_rg_existing"></a> [sm\_instance\_rg\_existing](#input\_sm\_instance\_rg\_existing) | Resource group exists in your account already. If set to `true`, you will need to set the variable sm\_instance\_rg\_name | `bool` | `false` | no |
-| <a name="input_sm_instance_rg_name"></a> [sm\_instance\_rg\_name](#input\_sm\_instance\_rg\_name) | Resource group to provison the secrets manager instance.  If no resource group name is defined, it will try to use the service resource group otherwise a random from the landing zone | `string` | `null` | no |
+| <a name="input_sm_instance_rg_name"></a> [sm\_instance\_rg\_name](#input\_sm\_instance\_rg\_name) | Resource group to provision the secrets manager instance.  If no resource group name is defined, it will try to use the service resource group otherwise a random from the landing zone | `string` | `null` | no |
 | <a name="input_sm_service_plan"></a> [sm\_service\_plan](#input\_sm\_service\_plan) | The service/pricing plan to use when provisioning a new Secrets Manager instance. Allowed values: `standard` and `trial`. | `string` | `"standard"` | no |
 | <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | Public SSH Key for VSI creation. Must be a valid SSH key that does not already exist in the deployment region. | `string` | n/a | yes |
 | <a name="input_ssh_private_key"></a> [ssh\_private\_key](#input\_ssh\_private\_key) | Private SSH key (RSA format) that is paired with the public ssh key. | `string` | n/a | yes |
+| <a name="input_use_legacy_network_interface"></a> [use\_legacy\_network\_interface](#input\_use\_legacy\_network\_interface) | Set this to true to use legacy network interface for the created instances. | `bool` | `false` | no |
 | <a name="input_use_sm"></a> [use\_sm](#input\_use\_sm) | Whether to use Secrets Manager to generate certificates. | `bool` | `true` | no |
 | <a name="input_web_application_port"></a> [web\_application\_port](#input\_web\_application\_port) | The instance group the web tier uses when scaling up instances to supply the port for the Load Balancer pool member. | `number` | `80` | no |
 | <a name="input_web_block_storage_volumes"></a> [web\_block\_storage\_volumes](#input\_web\_block\_storage\_volumes) | List describing the block storage volumes that will be attached to each vsi | <pre>list(<br/>    object({<br/>      name              = string<br/>      profile           = string<br/>      capacity          = optional(number)<br/>      iops              = optional(number)<br/>      encryption_key    = optional(string)<br/>      resource_group_id = optional(string)<br/>    })<br/>  )</pre> | `[]` | no |
diff --git a/solutions/e2e/data-tier.tf b/solutions/e2e/data-tier.tf
@@ -35,7 +35,7 @@ resource "random_password" "password" {
 
 module "data_tier_vsi" {
   source                        = "terraform-ibm-modules/landing-zone-vsi/ibm"
-  version                       = "4.2.0"
+  version                       = "5.17.0"
   resource_group_id             = local.vpc_data.vpc_data.resource_group
   prefix                        = "${var.prefix}-data-vsi"
   vpc_id                        = local.vpc_data.vpc_id
@@ -53,6 +53,7 @@ module "data_tier_vsi" {
   create_security_group         = var.data_security_group != null ? true : false
   security_group                = var.data_security_group
   block_storage_volumes         = local.data_block_storage_volumes_list
+  use_legacy_network_interface  = var.use_legacy_network_interface
 }
 
 resource "null_resource" "primary_postgresql_install" {
diff --git a/solutions/e2e/main.tf b/solutions/e2e/main.tf
@@ -7,11 +7,11 @@
 ##############################################################################
 
 module "landing_zone" {
-  source               = "git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone.git//patterns/vsi/module?ref=v6.2.1"
+  source               = "git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone.git//patterns/vsi/module?ref=v8.13.1"
   prefix               = var.prefix
   region               = var.region
   ssh_public_key       = var.ssh_key
-  override_json_string = templatefile("${path.module}/override.tftpl", { prefix = var.prefix })
+  override_json_string = templatefile("${path.module}/override.tftpl", { prefix = var.prefix, use_legacy_network_interface = var.use_legacy_network_interface })
 }
 
 ##############################################################################
@@ -39,7 +39,7 @@ module "sm_resource_group" {
   count = var.sm_instance_rg_existing || (!var.sm_instance_rg_existing && var.sm_instance_rg_name != null) ? 1 : 0
 
   source  = "terraform-ibm-modules/resource-group/ibm"
-  version = "1.1.6"
+  version = "1.4.0"
 
   resource_group_name          = !var.sm_instance_rg_existing ? var.sm_instance_rg_name : null
   existing_resource_group_name = var.sm_instance_rg_existing ? var.sm_instance_rg_name : null
@@ -68,7 +68,7 @@ module "private_secret_engine" {
   depends_on                = [ibm_resource_instance.secrets_manager]
   count                     = (var.use_sm && var.existing_sm_instance_guid == null) ? 1 : 0
   source                    = "terraform-ibm-modules/secrets-manager-private-cert-engine/ibm"
-  version                   = "1.3.4"
+  version                   = "1.11.1"
   secrets_manager_guid      = local.sm_guid
   region                    = local.sm_region
   root_ca_name              = var.root_ca_name
@@ -85,7 +85,7 @@ module "private_secret_engine" {
 # Create a secret group to place the certificate in
 module "secrets_manager_group" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.2.2"
+  version                  = "1.3.19"
   count                    = var.use_sm ? 1 : 0
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
@@ -100,7 +100,7 @@ module "secrets_manager_group" {
 module "secrets_manager_private_certificate" {
   depends_on             = [module.private_secret_engine]
   source                 = "terraform-ibm-modules/secrets-manager-private-cert/ibm"
-  version                = "1.3.2"
+  version                = "1.9.2"
   count                  = var.use_sm ? 1 : 0
   cert_name              = "${var.prefix}-cts-vpn-private-cert"
   cert_description       = "Example private cert"
diff --git a/solutions/e2e/override.tftpl b/solutions/e2e/override.tftpl
@@ -659,6 +659,7 @@
       "machine_type": "cx2-4x8",
       "name": "management-bastion-server",
       "resource_group": "${prefix}-management-rg",
+      "use_legacy_network_interface": ${use_legacy_network_interface},
       "security_group": {
         "name": "${prefix}-management",
         "rules": [
diff --git a/solutions/e2e/variables.tf b/solutions/e2e/variables.tf
@@ -41,6 +41,12 @@ variable "ssh_private_key" {
   sensitive   = true
 }
 
+variable "use_legacy_network_interface" {
+  description = "Set this to true to use legacy network interface for the created instances."
+  type        = bool
+  default     = false
+}
+
 ############################################################################
 # Sample web application
 ############################################################################
@@ -73,7 +79,7 @@ variable "existing_sm_instance_region" {
 
 variable "sm_instance_rg_name" {
   type        = string
-  description = "Resource group to provison the secrets manager instance.  If no resource group name is defined, it will try to use the service resource group otherwise a random from the landing zone"
+  description = "Resource group to provision the secrets manager instance.  If no resource group name is defined, it will try to use the service resource group otherwise a random from the landing zone"
   default     = null
 }
 
diff --git a/solutions/e2e/version.tf b/solutions/e2e/version.tf
@@ -4,15 +4,15 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.76.3"
+      version = "1.85.0"
     }
     random = {
       source  = "hashicorp/random"
-      version = "3.7.1"
+      version = "3.7.2"
     }
     null = {
       source  = "hashicorp/null"
-      version = "3.2.3"
+      version = "3.2.4"
     }
   }
 }
diff --git a/tests/go.mod b/tests/go.mod
diff --git a/tests/go.sum b/tests/go.sum

Original file line number	Diff line number	Diff line change
`@@ -226,6 +226,9 @@`
`226`	`226`	`{`
`227`	`227`	`"key": "data_vsi_per_subnet"`
`228`	`228`	`},`
	`229`	`+ {`
	`230`	`+ "key": "use_legacy_network_interface"`
	`231`	`+ },`
`229`	`232`	`{`
`230`	`233`	`"key": "data_security_group"`
`231`	`234`	`},`
Original file line number	Diff line number	Diff line change
`@@ -4,15 +4,15 @@ terraform {`
`4`	`4`	`required_providers {`
`5`	`5`	`ibm = {`
`6`	`6`	`source = "IBM-Cloud/ibm"`
`7`		`- version = "1.76.3"`
	`7`	`+ version = "1.85.0"`
`8`	`8`	`}`
`9`	`9`	`random = {`
`10`	`10`	`source = "hashicorp/random"`
`11`		`- version = "3.7.1"`
	`11`	`+ version = "3.7.2"`
`12`	`12`	`}`
`13`	`13`	`null = {`
`14`	`14`	`source = "hashicorp/null"`
`15`		`- version = "3.2.3"`
	`15`	`+ version = "3.2.4"`
`16`	`16`	`}`
`17`	`17`	`}`
`18`	`18`	`}`