diff --git a/cra-config.yaml b/cra-config.yaml index 557eade6c..1ee943294 100644 --- a/cra-config.yaml +++ b/cra-config.yaml @@ -7,6 +7,7 @@ CRA_TARGETS: CRA_ENVIRONMENT_VARIABLES: TF_VAR_prefix: "slz-vpc" TF_VAR_region: "us-south" + TF_VAR_provider_visibility: "public" - CRA_TARGET: "patterns/vsi" CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3" # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile). @@ -14,9 +15,11 @@ CRA_TARGETS: TF_VAR_prefix: "slz-vsi" TF_VAR_region: "us-south" TF_VAR_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/hfNI5cNjimtcVgNA1acGmi1iv7PTjKcF8D+8DqffkGMsY6vU7KtB1mASwVU8GMGLzU2qvGmXwHSANYqPOraEitgI06zhq5VXVvtjOR41IJjP+ssjHIbql+EDzls2yJuZd2g4Wmk5NKTzJFNYsvIaCGUYCSMUPT9bepUqIOyjsrCEiHGLaphF5W2V/hj1+1NEZqV3ozhmHmtff2tIb6+VQpd/dl61RKuF74rywd1krmBOe4kbPzfYRqiRKV0rl0bPuyL+FV3Zv5gdzRRLNQiOxapv9uSkCal3W0umpSQyBYtj6BhGxeKrBKVgXgdq7byStRFSlREaKIg+tkekieqNZbBArgSYoNACZilxrzzC6u0KuWtllldy1CwCtFEdBlSPnHwnD/XhAs6FVuoh5tmw+FLtVyg8UyMgSvVr1Vcya9uAOCLLiihsgAB5xqqcJaXcfk+zkWn7rUJ9F+R3CZs9rgEvBbHpFAKJqcMsInZ+G0Jt0s6kIpAPr/plcfrK2bcwG/L9Kbuedf31dmHAylKqfMpdqm2YoSXOs5Y7Wh6KV/1VhL/u0++hxGt6APjvpY0BTlvsw7fmBSPniHkC8fF6bEzP0blCRcI3SB7P/glrZqM5UptBoEI5a8LBv5G4YsVolRepj6FjwlPvfgBbLF5AXxFtZTk07UW7CRauO5xbJw==" + TF_VAR_provider_visibility: "public" - CRA_TARGET: "patterns/roks" CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3" # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile). CRA_ENVIRONMENT_VARIABLES: TF_VAR_prefix: "slz-roks" TF_VAR_region: "us-south" + TF_VAR_provider_visibility: "public" diff --git a/ibm_catalog.json b/ibm_catalog.json index b74820059..17fb91607 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -89,6 +89,24 @@ }, "key": "override_json_string" }, + { + "key": "provider_visibility", + "hidden":true, + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ] + }, { "custom_config": { "grouping": "deployment", @@ -241,6 +259,24 @@ } ] }, + { + "key": "provider_visibility", + "hidden":true, + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ] + }, { "key": "ibmcloud_api_key" }, @@ -632,6 +668,24 @@ } ] }, + { + "key": "provider_visibility", + "hidden":true, + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ] + }, { "custom_config": { "config_constraints": { @@ -848,6 +902,24 @@ "key": "region", "required": true }, + { + "key": "provider_visibility", + "hidden":true, + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ] + }, { "key": "ibmcloud_api_key" }, @@ -1256,6 +1328,24 @@ "required": true, "type": "string" }, + { + "key": "provider_visibility", + "hidden":true, + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ] + }, { "key": "ibmcloud_api_key" }, @@ -1586,6 +1676,24 @@ "key": "region", "required": true }, + { + "key": "provider_visibility", + "hidden":true, + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ] + }, { "key": "kube_version", "type": "string", diff --git a/patterns/mixed/main.tf b/patterns/mixed/main.tf index 19db25af0..f1022ff5b 100644 --- a/patterns/mixed/main.tf +++ b/patterns/mixed/main.tf @@ -6,6 +6,7 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region ibmcloud_timeout = 60 + visibility = var.provider_visibility } ############################################################################## diff --git a/patterns/mixed/variables.tf b/patterns/mixed/variables.tf index bcda8151b..f2763c3c5 100644 --- a/patterns/mixed/variables.tf +++ b/patterns/mixed/variables.tf @@ -8,6 +8,16 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "provider_visibility" { + description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." + type = string + default = "private" + validation { + condition = contains(["public", "private", "public-and-private"], var.provider_visibility) + error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'." + } +} + variable "prefix" { description = "A unique identifier for resources that is prepended to resources that are provisioned. Must begin with a lowercase letter and end with a lowercase letter or number. Must be 16 or fewer characters." type = string diff --git a/patterns/roks-quickstart/provider.tf b/patterns/roks-quickstart/provider.tf index df45ef50b..f69fb6da2 100644 --- a/patterns/roks-quickstart/provider.tf +++ b/patterns/roks-quickstart/provider.tf @@ -1,4 +1,5 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region + visibility = var.provider_visibility } diff --git a/patterns/roks-quickstart/variables.tf b/patterns/roks-quickstart/variables.tf index c0810d3a4..be8fddbb3 100644 --- a/patterns/roks-quickstart/variables.tf +++ b/patterns/roks-quickstart/variables.tf @@ -8,6 +8,16 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "provider_visibility" { + description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." + type = string + default = "private" + validation { + condition = contains(["public", "private", "public-and-private"], var.provider_visibility) + error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'." + } +} + variable "prefix" { description = "A unique identifier for resources that is prepended to resources that are provisioned. Must begin with a lowercase letter and end with a lowercase letter or number. Must be 13 or fewer characters." type = string diff --git a/patterns/roks/main.tf b/patterns/roks/main.tf index 209e4d7c9..526bb5192 100644 --- a/patterns/roks/main.tf +++ b/patterns/roks/main.tf @@ -6,6 +6,7 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region ibmcloud_timeout = 60 + visibility = var.provider_visibility } ############################################################################## diff --git a/patterns/roks/variables.tf b/patterns/roks/variables.tf index b54b86257..d4c0bf653 100644 --- a/patterns/roks/variables.tf +++ b/patterns/roks/variables.tf @@ -8,6 +8,16 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "provider_visibility" { + description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." + type = string + default = "private" + validation { + condition = contains(["public", "private", "public-and-private"], var.provider_visibility) + error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'." + } +} + variable "prefix" { description = "A unique identifier for resources that is prepended to resources that are provisioned. Must begin with a lowercase letter and end with a lowercase letter or number. Must be 13 or fewer characters." type = string diff --git a/patterns/vpc/main.tf b/patterns/vpc/main.tf index fc0426da1..ed63c4fc0 100644 --- a/patterns/vpc/main.tf +++ b/patterns/vpc/main.tf @@ -6,6 +6,7 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region ibmcloud_timeout = 60 + visibility = var.provider_visibility } ############################################################################## diff --git a/patterns/vpc/variables.tf b/patterns/vpc/variables.tf index 99648f873..8e6288517 100644 --- a/patterns/vpc/variables.tf +++ b/patterns/vpc/variables.tf @@ -8,6 +8,16 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "provider_visibility" { + description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." + type = string + default = "private" + validation { + condition = contains(["public", "private", "public-and-private"], var.provider_visibility) + error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'." + } +} + variable "prefix" { description = "A unique identifier for resources that is prepended to resources that are provisioned. Must begin with a lowercase letter and end with a lowercase letter or number. Must be 16 or fewer characters." type = string diff --git a/patterns/vsi-extension/provider.tf b/patterns/vsi-extension/provider.tf index df45ef50b..f69fb6da2 100644 --- a/patterns/vsi-extension/provider.tf +++ b/patterns/vsi-extension/provider.tf @@ -1,4 +1,5 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region + visibility = var.provider_visibility } diff --git a/patterns/vsi-extension/variables.tf b/patterns/vsi-extension/variables.tf index 8b1a8f368..98d6633de 100644 --- a/patterns/vsi-extension/variables.tf +++ b/patterns/vsi-extension/variables.tf @@ -4,6 +4,16 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "provider_visibility" { + description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." + type = string + default = "private" + validation { + condition = contains(["public", "private", "public-and-private"], var.provider_visibility) + error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'." + } +} + variable "region" { description = "The region of the landing zone VPC." type = string diff --git a/patterns/vsi-quickstart/provider.tf b/patterns/vsi-quickstart/provider.tf index df45ef50b..f69fb6da2 100644 --- a/patterns/vsi-quickstart/provider.tf +++ b/patterns/vsi-quickstart/provider.tf @@ -1,4 +1,5 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region + visibility = var.provider_visibility } diff --git a/patterns/vsi-quickstart/variables.tf b/patterns/vsi-quickstart/variables.tf index 6c80d6a07..bb3658a9b 100644 --- a/patterns/vsi-quickstart/variables.tf +++ b/patterns/vsi-quickstart/variables.tf @@ -8,6 +8,16 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "provider_visibility" { + description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." + type = string + default = "private" + validation { + condition = contains(["public", "private", "public-and-private"], var.provider_visibility) + error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'." + } +} + variable "prefix" { description = "A unique identifier for resources that is prepended to resources that are provisioned. Must begin with a lowercase letter and end with a lowercase letter or number. Must be 16 or fewer characters." type = string diff --git a/patterns/vsi/main.tf b/patterns/vsi/main.tf index 5d4c0ad03..c8c0c5768 100644 --- a/patterns/vsi/main.tf +++ b/patterns/vsi/main.tf @@ -6,6 +6,7 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region ibmcloud_timeout = 60 + visibility = var.provider_visibility } ############################################################################## diff --git a/patterns/vsi/variables.tf b/patterns/vsi/variables.tf index 087967a59..222628d85 100644 --- a/patterns/vsi/variables.tf +++ b/patterns/vsi/variables.tf @@ -8,6 +8,16 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "provider_visibility" { + description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." + type = string + default = "private" + validation { + condition = contains(["public", "private", "public-and-private"], var.provider_visibility) + error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'." + } +} + variable "prefix" { description = "A unique identifier for resources that is prepended to resources that are provisioned. Must begin with a lowercase letter and end with a lowercase letter or number. Must be 16 or fewer characters." type = string diff --git a/tests/other_test.go b/tests/other_test.go index 21a9078a6..577b17098 100644 --- a/tests/other_test.go +++ b/tests/other_test.go @@ -16,6 +16,7 @@ func TestRunRoksPatternWithHPCS(t *testing.T) { options.TerraformVars["hs_crypto_instance_name"] = permanentResources["hpcs_name_south"] options.TerraformVars["hs_crypto_resource_group"] = permanentResources["hpcs_rg_south"] options.TerraformVars["skip_kms_block_storage_s2s_auth_policy"] = true + options.TerraformVars["provider_visibility"] = "public" // If "jp-osa" was the best region selected, default to us-south instead. // "jp-osa" is currently not allowing hs-crypto be used for encrypting buckets in that region. currentRegion, ok := options.TerraformVars["region"] @@ -37,6 +38,7 @@ func TestRunVSIPatternWithHPCS(t *testing.T) { options.TerraformVars["hs_crypto_instance_name"] = permanentResources["hpcs_name_south"] options.TerraformVars["hs_crypto_resource_group"] = permanentResources["hpcs_rg_south"] options.TerraformVars["skip_kms_block_storage_s2s_auth_policy"] = true + options.TerraformVars["provider_visibility"] = "public" // If "jp-osa" was the best region selected, default to us-south instead. // "jp-osa" is currently not allowing hs-crypto be used for encrypting buckets in that region. currentRegion, ok := options.TerraformVars["region"] diff --git a/tests/pr_test.go b/tests/pr_test.go index 4e72dced8..278260e92 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -102,7 +102,8 @@ func setupOptionsQuickStartPattern(t *testing.T, prefix string, dir string) *tes TerraformDir: dir, Prefix: prefix, TerraformVars: map[string]interface{}{ - "ssh_key": sshPublicKey, + "ssh_key": sshPublicKey, + "provider_visibility": "public", }, CloudInfoService: sharedInfoSvc, }) @@ -184,7 +185,8 @@ func setupOptionsROKSQuickStartPattern(t *testing.T, prefix string, dir string) Prefix: prefix, CloudInfoService: sharedInfoSvc, TerraformVars: map[string]interface{}{ - "entitlement": "cloud_pak", + "entitlement": "cloud_pak", + "provider_visibility": "public", }, }) @@ -235,6 +237,7 @@ func setupOptionsRoksPattern(t *testing.T, prefix string) *testhelper.TestOption "enable_transit_gateway": false, "use_ibm_cloud_private_api_endpoints": false, "verify_cluster_network_readiness": false, + "provider_visibility": "public", } return options @@ -284,6 +287,7 @@ func setupOptionsVsiPattern(t *testing.T, prefix string) *testhelper.TestOptions "region": options.Region, "add_atracker_route": add_atracker_route, "enable_transit_gateway": false, + "provider_visibility": "public", } return options @@ -330,6 +334,7 @@ func setupOptionsVpcPattern(t *testing.T, prefix string) *testhelper.TestOptions "region": options.Region, "add_atracker_route": add_atracker_route, "enable_transit_gateway": false, + "provider_visibility": "public", } return options @@ -479,6 +484,7 @@ func setupOptionsVsiExstention(t *testing.T, prefix string, region string, exist "boot_volume_encryption_key": keyID, "vpc_id": managementVpcID, "ssh_public_key": sshPublicKey, + "provider_visibility": "public", }, }) @@ -628,6 +634,7 @@ func TestRunVsiExstention(t *testing.T) { "region": region, "tags": tags, "enable_transit_gateway": false, + "provider_visibility": "public", }, // Set Upgrade to true to ensure latest version of providers and modules are used by terratest. // This is the same as setting the -upgrade=true flag with terraform. @@ -684,9 +691,10 @@ func TestRunUpgradeVsiExstention(t *testing.T) { existingTerraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ TerraformDir: vpcTerraformDir, Vars: map[string]interface{}{ - "prefix": prefix, - "region": region, - "tags": tags, + "prefix": prefix, + "region": region, + "provider_visibility": "public", + "tags": tags, }, // Set Upgrade to true to ensure latest version of providers and modules are used by terratest. // This is the same as setting the -upgrade=true flag with terraform.