From 62b03f81eac7207725f975d6f53f4888d1f7c5f9 Mon Sep 17 00:00:00 2001 From: Piyush Kumar Sahu Date: Tue, 5 Aug 2025 10:55:40 +0530 Subject: [PATCH 1/4] Expose provider visibility --- cra-config.yaml | 3 + ibm_catalog.json | 108 ++++++++++++++++++++++++++ patterns/mixed/main.tf | 1 + patterns/mixed/variables.tf | 10 +++ patterns/roks-quickstart/provider.tf | 1 + patterns/roks-quickstart/variables.tf | 10 +++ patterns/roks/main.tf | 1 + patterns/roks/variables.tf | 10 +++ patterns/vpc/main.tf | 1 + patterns/vpc/variables.tf | 10 +++ patterns/vsi-extension/provider.tf | 1 + patterns/vsi-extension/variables.tf | 10 +++ patterns/vsi-quickstart/provider.tf | 1 + patterns/vsi-quickstart/variables.tf | 10 +++ patterns/vsi/main.tf | 1 + patterns/vsi/variables.tf | 10 +++ tests/other_test.go | 2 + tests/pr_test.go | 19 +++-- 18 files changed, 204 insertions(+), 5 deletions(-) diff --git a/cra-config.yaml b/cra-config.yaml index 557eade6c..1ee943294 100644 --- a/cra-config.yaml +++ b/cra-config.yaml @@ -7,6 +7,7 @@ CRA_TARGETS: CRA_ENVIRONMENT_VARIABLES: TF_VAR_prefix: "slz-vpc" TF_VAR_region: "us-south" + TF_VAR_provider_visibility: "public" - CRA_TARGET: "patterns/vsi" CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3" # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile). @@ -14,9 +15,11 @@ CRA_TARGETS: TF_VAR_prefix: "slz-vsi" TF_VAR_region: "us-south" TF_VAR_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/hfNI5cNjimtcVgNA1acGmi1iv7PTjKcF8D+8DqffkGMsY6vU7KtB1mASwVU8GMGLzU2qvGmXwHSANYqPOraEitgI06zhq5VXVvtjOR41IJjP+ssjHIbql+EDzls2yJuZd2g4Wmk5NKTzJFNYsvIaCGUYCSMUPT9bepUqIOyjsrCEiHGLaphF5W2V/hj1+1NEZqV3ozhmHmtff2tIb6+VQpd/dl61RKuF74rywd1krmBOe4kbPzfYRqiRKV0rl0bPuyL+FV3Zv5gdzRRLNQiOxapv9uSkCal3W0umpSQyBYtj6BhGxeKrBKVgXgdq7byStRFSlREaKIg+tkekieqNZbBArgSYoNACZilxrzzC6u0KuWtllldy1CwCtFEdBlSPnHwnD/XhAs6FVuoh5tmw+FLtVyg8UyMgSvVr1Vcya9uAOCLLiihsgAB5xqqcJaXcfk+zkWn7rUJ9F+R3CZs9rgEvBbHpFAKJqcMsInZ+G0Jt0s6kIpAPr/plcfrK2bcwG/L9Kbuedf31dmHAylKqfMpdqm2YoSXOs5Y7Wh6KV/1VhL/u0++hxGt6APjvpY0BTlvsw7fmBSPniHkC8fF6bEzP0blCRcI3SB7P/glrZqM5UptBoEI5a8LBv5G4YsVolRepj6FjwlPvfgBbLF5AXxFtZTk07UW7CRauO5xbJw==" + TF_VAR_provider_visibility: "public" - CRA_TARGET: "patterns/roks" CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3" # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile). CRA_ENVIRONMENT_VARIABLES: TF_VAR_prefix: "slz-roks" TF_VAR_region: "us-south" + TF_VAR_provider_visibility: "public" diff --git a/ibm_catalog.json b/ibm_catalog.json index bec34c6f1..147c0bba2 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -79,6 +79,24 @@ }, "key": "override_json_string" }, + { + "key": "provider_visibility", + "hidden":true, + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ] + }, { "custom_config": { "grouping": "deployment", @@ -234,6 +252,24 @@ "key": "ssh_public_key", "required": true }, + { + "key": "provider_visibility", + "hidden":true, + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ] + }, { "key": "ibmcloud_api_key" }, @@ -638,6 +674,24 @@ "key": "ssh_public_key", "required": true }, + { + "key": "provider_visibility", + "hidden":true, + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ] + }, { "custom_config": { "config_constraints": { @@ -847,6 +901,24 @@ "key": "region", "required": true }, + { + "key": "provider_visibility", + "hidden":true, + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ] + }, { "key": "ibmcloud_api_key" }, @@ -1259,6 +1331,24 @@ "required": true, "type": "string" }, + { + "key": "provider_visibility", + "hidden":true, + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ] + }, { "key": "ibmcloud_api_key" }, @@ -1590,6 +1680,24 @@ "key": "region", "required": true }, + { + "key": "provider_visibility", + "hidden":true, + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ] + }, { "key": "kube_version", "type": "string", diff --git a/patterns/mixed/main.tf b/patterns/mixed/main.tf index 19db25af0..f1022ff5b 100644 --- a/patterns/mixed/main.tf +++ b/patterns/mixed/main.tf @@ -6,6 +6,7 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region ibmcloud_timeout = 60 + visibility = var.provider_visibility } ############################################################################## diff --git a/patterns/mixed/variables.tf b/patterns/mixed/variables.tf index 2b9761652..2ddc8935b 100644 --- a/patterns/mixed/variables.tf +++ b/patterns/mixed/variables.tf @@ -8,6 +8,16 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "provider_visibility" { + description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." + type = string + default = "private" + validation { + condition = contains(["public", "private", "public-and-private"], var.provider_visibility) + error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'." + } +} + variable "prefix" { description = "A unique identifier for resources that is prepended to resources that are provisioned. Must begin with a lowercase letter and end with a lowercase letter or number. Must be 16 or fewer characters." type = string diff --git a/patterns/roks-quickstart/provider.tf b/patterns/roks-quickstart/provider.tf index df45ef50b..f69fb6da2 100644 --- a/patterns/roks-quickstart/provider.tf +++ b/patterns/roks-quickstart/provider.tf @@ -1,4 +1,5 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region + visibility = var.provider_visibility } diff --git a/patterns/roks-quickstart/variables.tf b/patterns/roks-quickstart/variables.tf index 6c454c47a..e7bfdd4a1 100644 --- a/patterns/roks-quickstart/variables.tf +++ b/patterns/roks-quickstart/variables.tf @@ -8,6 +8,16 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "provider_visibility" { + description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." + type = string + default = "private" + validation { + condition = contains(["public", "private", "public-and-private"], var.provider_visibility) + error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'." + } +} + variable "prefix" { description = "A unique identifier for resources that is prepended to resources that are provisioned. Must begin with a lowercase letter and end with a lowercase letter or number. Must be 13 or fewer characters." type = string diff --git a/patterns/roks/main.tf b/patterns/roks/main.tf index 209e4d7c9..526bb5192 100644 --- a/patterns/roks/main.tf +++ b/patterns/roks/main.tf @@ -6,6 +6,7 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region ibmcloud_timeout = 60 + visibility = var.provider_visibility } ############################################################################## diff --git a/patterns/roks/variables.tf b/patterns/roks/variables.tf index 4886fe4db..ce7d77b32 100644 --- a/patterns/roks/variables.tf +++ b/patterns/roks/variables.tf @@ -8,6 +8,16 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "provider_visibility" { + description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." + type = string + default = "private" + validation { + condition = contains(["public", "private", "public-and-private"], var.provider_visibility) + error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'." + } +} + variable "prefix" { description = "A unique identifier for resources that is prepended to resources that are provisioned. Must begin with a lowercase letter and end with a lowercase letter or number. Must be 13 or fewer characters." type = string diff --git a/patterns/vpc/main.tf b/patterns/vpc/main.tf index fc0426da1..ed63c4fc0 100644 --- a/patterns/vpc/main.tf +++ b/patterns/vpc/main.tf @@ -6,6 +6,7 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region ibmcloud_timeout = 60 + visibility = var.provider_visibility } ############################################################################## diff --git a/patterns/vpc/variables.tf b/patterns/vpc/variables.tf index 7a5304b6e..aa2557b74 100644 --- a/patterns/vpc/variables.tf +++ b/patterns/vpc/variables.tf @@ -8,6 +8,16 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "provider_visibility" { + description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." + type = string + default = "private" + validation { + condition = contains(["public", "private", "public-and-private"], var.provider_visibility) + error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'." + } +} + variable "prefix" { description = "A unique identifier for resources that is prepended to resources that are provisioned. Must begin with a lowercase letter and end with a lowercase letter or number. Must be 16 or fewer characters." type = string diff --git a/patterns/vsi-extension/provider.tf b/patterns/vsi-extension/provider.tf index df45ef50b..f69fb6da2 100644 --- a/patterns/vsi-extension/provider.tf +++ b/patterns/vsi-extension/provider.tf @@ -1,4 +1,5 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region + visibility = var.provider_visibility } diff --git a/patterns/vsi-extension/variables.tf b/patterns/vsi-extension/variables.tf index 2b4724a29..d9e54f688 100644 --- a/patterns/vsi-extension/variables.tf +++ b/patterns/vsi-extension/variables.tf @@ -4,6 +4,16 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "provider_visibility" { + description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." + type = string + default = "private" + validation { + condition = contains(["public", "private", "public-and-private"], var.provider_visibility) + error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'." + } +} + variable "region" { description = "The region of the landing zone VPC." type = string diff --git a/patterns/vsi-quickstart/provider.tf b/patterns/vsi-quickstart/provider.tf index df45ef50b..f69fb6da2 100644 --- a/patterns/vsi-quickstart/provider.tf +++ b/patterns/vsi-quickstart/provider.tf @@ -1,4 +1,5 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region + visibility = var.provider_visibility } diff --git a/patterns/vsi-quickstart/variables.tf b/patterns/vsi-quickstart/variables.tf index 387826e8b..172418abb 100644 --- a/patterns/vsi-quickstart/variables.tf +++ b/patterns/vsi-quickstart/variables.tf @@ -8,6 +8,16 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "provider_visibility" { + description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." + type = string + default = "private" + validation { + condition = contains(["public", "private", "public-and-private"], var.provider_visibility) + error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'." + } +} + variable "prefix" { description = "A unique identifier for resources that is prepended to resources that are provisioned. Must begin with a lowercase letter and end with a lowercase letter or number. Must be 16 or fewer characters." type = string diff --git a/patterns/vsi/main.tf b/patterns/vsi/main.tf index 5d4c0ad03..c8c0c5768 100644 --- a/patterns/vsi/main.tf +++ b/patterns/vsi/main.tf @@ -6,6 +6,7 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region ibmcloud_timeout = 60 + visibility = var.provider_visibility } ############################################################################## diff --git a/patterns/vsi/variables.tf b/patterns/vsi/variables.tf index 9d585d6ff..81a0bf16c 100644 --- a/patterns/vsi/variables.tf +++ b/patterns/vsi/variables.tf @@ -8,6 +8,16 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "provider_visibility" { + description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." + type = string + default = "private" + validation { + condition = contains(["public", "private", "public-and-private"], var.provider_visibility) + error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'." + } +} + variable "prefix" { description = "A unique identifier for resources that is prepended to resources that are provisioned. Must begin with a lowercase letter and end with a lowercase letter or number. Must be 16 or fewer characters." type = string diff --git a/tests/other_test.go b/tests/other_test.go index 21a9078a6..577b17098 100644 --- a/tests/other_test.go +++ b/tests/other_test.go @@ -16,6 +16,7 @@ func TestRunRoksPatternWithHPCS(t *testing.T) { options.TerraformVars["hs_crypto_instance_name"] = permanentResources["hpcs_name_south"] options.TerraformVars["hs_crypto_resource_group"] = permanentResources["hpcs_rg_south"] options.TerraformVars["skip_kms_block_storage_s2s_auth_policy"] = true + options.TerraformVars["provider_visibility"] = "public" // If "jp-osa" was the best region selected, default to us-south instead. // "jp-osa" is currently not allowing hs-crypto be used for encrypting buckets in that region. currentRegion, ok := options.TerraformVars["region"] @@ -37,6 +38,7 @@ func TestRunVSIPatternWithHPCS(t *testing.T) { options.TerraformVars["hs_crypto_instance_name"] = permanentResources["hpcs_name_south"] options.TerraformVars["hs_crypto_resource_group"] = permanentResources["hpcs_rg_south"] options.TerraformVars["skip_kms_block_storage_s2s_auth_policy"] = true + options.TerraformVars["provider_visibility"] = "public" // If "jp-osa" was the best region selected, default to us-south instead. // "jp-osa" is currently not allowing hs-crypto be used for encrypting buckets in that region. currentRegion, ok := options.TerraformVars["region"] diff --git a/tests/pr_test.go b/tests/pr_test.go index 96cbd812d..7fae09228 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -102,7 +102,8 @@ func setupOptionsQuickStartPattern(t *testing.T, prefix string, dir string) *tes TerraformDir: dir, Prefix: prefix, TerraformVars: map[string]interface{}{ - "ssh_key": sshPublicKey, + "ssh_key": sshPublicKey, + "provider_visibility": "public", }, CloudInfoService: sharedInfoSvc, }) @@ -184,7 +185,8 @@ func setupOptionsROKSQuickStartPattern(t *testing.T, prefix string, dir string) Prefix: prefix, CloudInfoService: sharedInfoSvc, TerraformVars: map[string]interface{}{ - "entitlement": "cloud_pak", + "entitlement": "cloud_pak", + "provider_visibility": "public", }, }) @@ -235,6 +237,7 @@ func setupOptionsRoksPattern(t *testing.T, prefix string) *testhelper.TestOption "enable_transit_gateway": false, "use_ibm_cloud_private_api_endpoints": false, "verify_cluster_network_readiness": false, + "provider_visibility": "public", } return options @@ -284,6 +287,7 @@ func setupOptionsVsiPattern(t *testing.T, prefix string) *testhelper.TestOptions "region": options.Region, "add_atracker_route": add_atracker_route, "enable_transit_gateway": false, + "provider_visibility": "public", } return options @@ -330,6 +334,7 @@ func setupOptionsVpcPattern(t *testing.T, prefix string) *testhelper.TestOptions "region": options.Region, "add_atracker_route": add_atracker_route, "enable_transit_gateway": false, + "provider_visibility": "public", } return options @@ -479,6 +484,7 @@ func setupOptionsVsiExtention(t *testing.T, prefix string, region string, existi "boot_volume_encryption_key": keyID, "vpc_id": managementVpcID, "ssh_public_key": sshPublicKey, + "provider_visibility": "public", }, }) @@ -628,6 +634,7 @@ func TestRunVsiExtention(t *testing.T) { "region": region, "tags": tags, "enable_transit_gateway": false, + "provider_visibility": "public", }, // Set Upgrade to true to ensure latest version of providers and modules are used by terratest. // This is the same as setting the -upgrade=true flag with terraform. @@ -684,9 +691,10 @@ func TestRunUpgradeVsiExtention(t *testing.T) { existingTerraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ TerraformDir: vpcTerraformDir, Vars: map[string]interface{}{ - "prefix": prefix, - "region": region, - "tags": tags, + "prefix": prefix, + "region": region, + "provider_visibility": "public", + "tags": tags, }, // Set Upgrade to true to ensure latest version of providers and modules are used by terratest. // This is the same as setting the -upgrade=true flag with terraform. @@ -736,6 +744,7 @@ func TestRunOverrideExample(t *testing.T) { TerraformVars: map[string]interface{}{ "ssh_key": sshPublicKey, "override_json_string": string(overrideJsonString), + "provider_visibility": "public", }, CloudInfoService: sharedInfoSvc, }) From 01426e28f67fcb50ac37e9ef9457b85917654e37 Mon Sep 17 00:00:00 2001 From: Piyush Kumar Sahu Date: Tue, 5 Aug 2025 12:37:28 +0530 Subject: [PATCH 2/4] SKIP UPGRADE TEST From 84544f5dfac197ff93477bbc8f81c19521152f5f Mon Sep 17 00:00:00 2001 From: Piyush Kumar Sahu Date: Tue, 5 Aug 2025 12:37:49 +0530 Subject: [PATCH 3/4] SKIP UPGRADE TEST --- tests/pr_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/pr_test.go b/tests/pr_test.go index 7fae09228..52c4cbd4c 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -744,7 +744,6 @@ func TestRunOverrideExample(t *testing.T) { TerraformVars: map[string]interface{}{ "ssh_key": sshPublicKey, "override_json_string": string(overrideJsonString), - "provider_visibility": "public", }, CloudInfoService: sharedInfoSvc, }) From 8a67efe97afa783c8bf30a07f56408cc29dcc944 Mon Sep 17 00:00:00 2001 From: Piyush Kumar Sahu Date: Tue, 5 Aug 2025 21:48:30 +0530 Subject: [PATCH 4/4] SKIP UPGRADE TEST