From 05c8514eddcd96a06094bbdeb482ca2b98552a48 Mon Sep 17 00:00:00 2001 From: Samuel Matzek Date: Mon, 20 May 2024 10:43:34 -0500 Subject: [PATCH 1/9] VPN server certificate documentation (#1931) --- .docs/powervs-poc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.docs/powervs-poc.md b/.docs/powervs-poc.md index 7bf1d781..a8ddffe1 100644 --- a/.docs/powervs-poc.md +++ b/.docs/powervs-poc.md @@ -120,7 +120,7 @@ The VPC VPN Server used for client to site VPNs requires SSL/TLS certificates st 1. Create a Secrets Manager instance and either [order public certificates](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-public-certificates&interface=ui ), [create private certificates](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-private-certificates&interface=ui -), or [import certificates](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-certificates&interface=ui). +), or [import certificates](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-certificates&interface=ui). Consult the [VPC client-to-site server authentication documentation](https://cloud.ibm.com/docs/vpc?topic=vpc-client-to-site-authentication) to ensure the certificate authorities and certificates are created using values that are compatible with the VPN server. 2. Choose VPC Deployments from the menu and create a new security group for the VPN Server. Create the security group in the `transit-rg` resource group. Add the following rules to the group: From 5a4b2febc1dec1e67b38b8dea67da8f89b400a28 Mon Sep 17 00:00:00 2001 From: jvallexm Date: Mon, 20 May 2024 16:45:32 -0400 Subject: [PATCH 2/9] Issue 1928 (#1932) * bump * fix: sg import * fix: sg import * fix: sg import --- CHANGELOG.md | 6 + client/package-lock.json | 4 +- client/package.json | 2 +- client/src/lib/docs/release-notes.json | 8 + client/src/lib/json-to-iac/security-groups.js | 7 +- client/src/lib/json-to-iac/vpc.js | 21 ++- package-lock.json | 4 +- package.json | 2 +- unit-tests/api/craig-api.test.js | 6 +- .../modules-slz-network-files.json | 4 +- unit-tests/forms/wizard.test.js | 24 +-- .../json-to-iac/config-to-files-json.test.js | 5 + .../json-to-iac/security-groups.test.js | 10 +- unit-tests/json-to-iac/vpc.test.js | 154 +++++++++++++++++- 14 files changed, 221 insertions(+), 36 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7fed1809..0272a9d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to this project will be documented in this file. +## 1.15.6 + +### Fixes + +- Fixed an issue causing Resource Groups assigned to Security Groups to not be correctly imported into VPC modules + ## 1.15.5 ### Fixes diff --git a/client/package-lock.json b/client/package-lock.json index 5b06a8e7..bdc27b9b 100644 --- a/client/package-lock.json +++ b/client/package-lock.json @@ -1,12 +1,12 @@ { "name": "craig", - "version": "1.15.5", + "version": "1.15.6", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "craig", - "version": "1.15.5", + "version": "1.15.6", "license": "Apache-2.0", "dependencies": { "@apollo/client": "^3.4.10", diff --git a/client/package.json b/client/package.json index c3155b52..54cfc871 100644 --- a/client/package.json +++ b/client/package.json @@ -1,6 +1,6 @@ { "name": "craig", - "version": "1.15.5", + "version": "1.15.6", "private": true, "license": "Apache-2.0", "scripts": { diff --git a/client/src/lib/docs/release-notes.json b/client/src/lib/docs/release-notes.json index b1a502e2..a90f8df1 100644 --- a/client/src/lib/docs/release-notes.json +++ b/client/src/lib/docs/release-notes.json @@ -1,4 +1,12 @@ [ + { + "version": "1.15.6", + "features": [], + "fixes": [ + "Fixed an issue causing Resource Groups assigned to Security Groups to not be correctly imported into VPC modules" + ], + "upgrade_notes": [] + }, { "version": "1.15.5", "features": [], diff --git a/client/src/lib/json-to-iac/security-groups.js b/client/src/lib/json-to-iac/security-groups.js index c5c96e83..95cef681 100644 --- a/client/src/lib/json-to-iac/security-groups.js +++ b/client/src/lib/json-to-iac/security-groups.js @@ -35,7 +35,12 @@ function ibmIsSecurityGroup(sg, config) { } : { name: kebabName([sg.vpc, sg.name, "sg"]), - vpc: vpcRef(sg.vpc), + vpc: vpcRef(sg.vpc).replace( + "${", + getObjectFromArray(config.vpcs, "name", sg.vpc).use_data + ? "${data." + : "${" + ), resource_group: `\${var.${snakeCase(sg.resource_group)}_id}`, tags: getTags(config), }, diff --git a/client/src/lib/json-to-iac/vpc.js b/client/src/lib/json-to-iac/vpc.js index 7ca9245e..28dc481e 100644 --- a/client/src/lib/json-to-iac/vpc.js +++ b/client/src/lib/json-to-iac/vpc.js @@ -6,6 +6,7 @@ const { contains, revision, isEmpty, + distinct, } = require("lazy-z"); const { rgIdRef, @@ -524,10 +525,8 @@ function vpcModuleJson(vpc, rgs, config) { tags: config._options.tags, }; rgs.forEach((rg) => { - moduleObject[vpcModule][snakeCase(rg) + "_id"] = rgIdRef( - vpc.resource_group, - config - ); + if (rg) + moduleObject[vpcModule][snakeCase(rg) + "_id"] = rgIdRef(rg, config); }); return moduleObject; } @@ -621,12 +620,16 @@ function vpcModuleTf(files, config) { allRgs.push(subnet.resource_group); } }); + config.security_groups.forEach((sg) => { + allRgs.push(sg.resource_group); + }); - allRgs.forEach((rg) => { - variables[snakeCase(rg) + "_id"] = { - description: "ID for the resource group " + rg, - type: "${string}", - }; + distinct(allRgs).forEach((rg) => { + if (rg) + variables[snakeCase(rg) + "_id"] = { + description: "ID for the resource group " + rg, + type: "${string}", + }; }); files[vpcModule] = { diff --git a/package-lock.json b/package-lock.json index c68553fb..67a1136d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "craig", - "version": "1.15.5", + "version": "1.15.6", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "craig", - "version": "1.15.5", + "version": "1.15.6", "license": "ISC", "dependencies": { "axios": "^1.6.3", diff --git a/package.json b/package.json index b5e7839b..febcda56 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "craig", - "version": "1.15.5", + "version": "1.15.6", "description": "gui for generating ibm cloud infrastructure resources", "main": "index.js", "scripts": { diff --git a/unit-tests/api/craig-api.test.js b/unit-tests/api/craig-api.test.js index 4d3875ad..125b2796 100644 --- a/unit-tests/api/craig-api.test.js +++ b/unit-tests/api/craig-api.test.js @@ -39,7 +39,7 @@ describe("craig api", () => { { name: "craig", data: "" }, { name: "craig/main.tf", - data: '##############################################################################\n# IBM Cloud Provider\n##############################################################################\n\nprovider "ibm" {\n ibmcloud_api_key = var.ibmcloud_api_key\n region = var.region\n ibmcloud_timeout = 60\n}\n\n##############################################################################\n\n##############################################################################\n# Management VPC Module\n##############################################################################\n\nmodule "management_vpc" {\n source = "./management_vpc"\n region = var.region\n prefix = var.prefix\n management_rg_id = ibm_resource_group.management_rg.id\n tags = [\n "hello",\n "world"\n ]\n}\n\n##############################################################################\n\n##############################################################################\n# Workload VPC Module\n##############################################################################\n\nmodule "workload_vpc" {\n source = "./workload_vpc"\n region = var.region\n prefix = var.prefix\n workload_rg_id = ibm_resource_group.workload_rg.id\n tags = [\n "hello",\n "world"\n ]\n}\n\n##############################################################################\n', + data: '##############################################################################\n# IBM Cloud Provider\n##############################################################################\n\nprovider "ibm" {\n ibmcloud_api_key = var.ibmcloud_api_key\n region = var.region\n ibmcloud_timeout = 60\n}\n\n##############################################################################\n\n##############################################################################\n# Management VPC Module\n##############################################################################\n\nmodule "management_vpc" {\n source = "./management_vpc"\n region = var.region\n prefix = var.prefix\n management_rg_id = ibm_resource_group.management_rg.id\n workload_rg_id = ibm_resource_group.workload_rg.id\n tags = [\n "hello",\n "world"\n ]\n}\n\n##############################################################################\n\n##############################################################################\n# Workload VPC Module\n##############################################################################\n\nmodule "workload_vpc" {\n source = "./workload_vpc"\n region = var.region\n prefix = var.prefix\n workload_rg_id = ibm_resource_group.workload_rg.id\n management_rg_id = ibm_resource_group.management_rg.id\n tags = [\n "hello",\n "world"\n ]\n}\n\n##############################################################################\n', }, { name: "craig/flow_logs.tf", @@ -117,7 +117,7 @@ describe("craig api", () => { }, { name: "craig/management_vpc/variables.tf", - data: '##############################################################################\n# Management VPC Variables\n##############################################################################\n\nvariable "tags" {\n description = "List of tags"\n type = list(string)\n}\n\nvariable "region" {\n description = "IBM Cloud Region where resources will be provisioned"\n type = string\n}\n\nvariable "prefix" {\n description = "Name prefix that will be prepended to named resources"\n type = string\n}\n\nvariable "management_rg_id" {\n description = "ID for the resource group management-rg"\n type = string\n}\n\n##############################################################################\n', + data: '##############################################################################\n# Management VPC Variables\n##############################################################################\n\nvariable "tags" {\n description = "List of tags"\n type = list(string)\n}\n\nvariable "region" {\n description = "IBM Cloud Region where resources will be provisioned"\n type = string\n}\n\nvariable "prefix" {\n description = "Name prefix that will be prepended to named resources"\n type = string\n}\n\nvariable "management_rg_id" {\n description = "ID for the resource group management-rg"\n type = string\n}\n\nvariable "workload_rg_id" {\n description = "ID for the resource group workload-rg"\n type = string\n}\n\n##############################################################################\n', }, { name: "craig/management_vpc/acl_management_management.tf", @@ -147,7 +147,7 @@ describe("craig api", () => { }, { name: "craig/workload_vpc/variables.tf", - data: '##############################################################################\n# Workload VPC Variables\n##############################################################################\n\nvariable "tags" {\n description = "List of tags"\n type = list(string)\n}\n\nvariable "region" {\n description = "IBM Cloud Region where resources will be provisioned"\n type = string\n}\n\nvariable "prefix" {\n description = "Name prefix that will be prepended to named resources"\n type = string\n}\n\nvariable "workload_rg_id" {\n description = "ID for the resource group workload-rg"\n type = string\n}\n\n##############################################################################\n', + data: '##############################################################################\n# Workload VPC Variables\n##############################################################################\n\nvariable "tags" {\n description = "List of tags"\n type = list(string)\n}\n\nvariable "region" {\n description = "IBM Cloud Region where resources will be provisioned"\n type = string\n}\n\nvariable "prefix" {\n description = "Name prefix that will be prepended to named resources"\n type = string\n}\n\nvariable "workload_rg_id" {\n description = "ID for the resource group workload-rg"\n type = string\n}\n\nvariable "management_rg_id" {\n description = "ID for the resource group management-rg"\n type = string\n}\n\n##############################################################################\n', }, { name: "craig/workload_vpc/acl_workload_workload.tf", diff --git a/unit-tests/data-files/config-to-files/modules-slz-network-files.json b/unit-tests/data-files/config-to-files/modules-slz-network-files.json index 60aa9114..3ca7b4d2 100644 --- a/unit-tests/data-files/config-to-files/modules-slz-network-files.json +++ b/unit-tests/data-files/config-to-files/modules-slz-network-files.json @@ -5,10 +5,10 @@ "outputs.tf": "##############################################################################\n# Management VPC Outputs\n##############################################################################\n\noutput \"name\" {\n value = ibm_is_vpc.management_vpc.name\n}\n\noutput \"id\" {\n value = ibm_is_vpc.management_vpc.id\n}\n\noutput \"crn\" {\n value = ibm_is_vpc.management_vpc.crn\n}\n\noutput \"vsi_zone_1_name\" {\n value = ibm_is_subnet.management_vsi_zone_1.name\n}\n\noutput \"vsi_zone_1_id\" {\n value = ibm_is_subnet.management_vsi_zone_1.id\n}\n\noutput \"vsi_zone_1_crn\" {\n value = ibm_is_subnet.management_vsi_zone_1.crn\n}\n\noutput \"vpn_zone_1_name\" {\n value = ibm_is_subnet.management_vpn_zone_1.name\n}\n\noutput \"vpn_zone_1_id\" {\n value = ibm_is_subnet.management_vpn_zone_1.id\n}\n\noutput \"vpn_zone_1_crn\" {\n value = ibm_is_subnet.management_vpn_zone_1.crn\n}\n\noutput \"vsi_zone_2_name\" {\n value = ibm_is_subnet.management_vsi_zone_2.name\n}\n\noutput \"vsi_zone_2_id\" {\n value = ibm_is_subnet.management_vsi_zone_2.id\n}\n\noutput \"vsi_zone_2_crn\" {\n value = ibm_is_subnet.management_vsi_zone_2.crn\n}\n\noutput \"vsi_zone_3_name\" {\n value = ibm_is_subnet.management_vsi_zone_3.name\n}\n\noutput \"vsi_zone_3_id\" {\n value = ibm_is_subnet.management_vsi_zone_3.id\n}\n\noutput \"vsi_zone_3_crn\" {\n value = ibm_is_subnet.management_vsi_zone_3.crn\n}\n\noutput \"vpe_zone_1_name\" {\n value = ibm_is_subnet.management_vpe_zone_1.name\n}\n\noutput \"vpe_zone_1_id\" {\n value = ibm_is_subnet.management_vpe_zone_1.id\n}\n\noutput \"vpe_zone_1_crn\" {\n value = ibm_is_subnet.management_vpe_zone_1.crn\n}\n\noutput \"vpe_zone_2_name\" {\n value = ibm_is_subnet.management_vpe_zone_2.name\n}\n\noutput \"vpe_zone_2_id\" {\n value = ibm_is_subnet.management_vpe_zone_2.id\n}\n\noutput \"vpe_zone_2_crn\" {\n value = ibm_is_subnet.management_vpe_zone_2.crn\n}\n\noutput \"vpe_zone_3_name\" {\n value = ibm_is_subnet.management_vpe_zone_3.name\n}\n\noutput \"vpe_zone_3_id\" {\n value = ibm_is_subnet.management_vpe_zone_3.id\n}\n\noutput \"vpe_zone_3_crn\" {\n value = ibm_is_subnet.management_vpe_zone_3.crn\n}\n\noutput \"management_vpe_sg_name\" {\n value = ibm_is_security_group.management_vpc_management_vpe_sg_sg.name\n}\n\noutput \"management_vpe_sg_id\" {\n value = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n}\n\n##############################################################################\n", "rt_routing_table.tf": "##############################################################################\n# Routing Table Routing Table\n##############################################################################\n\nresource \"ibm_is_vpc_routing_table\" \"management_vpc_routing_table_table\" {\n name = \"${var.prefix}-management-vpc-routing-table-table\"\n vpc = ibm_is_vpc.management_vpc.id\n route_direct_link_ingress = true\n route_transit_gateway_ingress = true\n route_vpc_zone_ingress = true\n}\n\nresource \"ibm_is_vpc_routing_table_route\" \"management_vpc_routing_table_table_test_route_route\" {\n vpc = ibm_is_vpc.management_vpc.id\n routing_table = ibm_is_vpc_routing_table.management_vpc_routing_table_table.routing_table\n zone = \"${var.region}-1\"\n name = \"${var.prefix}-management-routing-table-test-route-route\"\n destination = \"1.2.3.4/5\"\n action = \"delegate\"\n next_hop = \"0.0.0.0\"\n}\n\n##############################################################################\n", "sg_management_vpe_sg.tf": "##############################################################################\n# Security Group Management VPE Sg\n##############################################################################\n\nresource \"ibm_is_security_group\" \"management_vpc_management_vpe_sg_sg\" {\n name = \"${var.prefix}-management-management-vpe-sg-sg\"\n vpc = ibm_is_vpc.management_vpc.id\n resource_group = var.slz_management_rg_id\n tags = [\n \"slz\",\n \"landing-zone\"\n ]\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_ibm_inbound\" {\n group = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n remote = \"161.26.0.0/16\"\n direction = \"inbound\"\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_vpc_inbound\" {\n group = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n remote = \"10.0.0.0/8\"\n direction = \"inbound\"\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_vpc_outbound\" {\n group = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n remote = \"10.0.0.0/8\"\n direction = \"outbound\"\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_ibm_tcp_53_outbound\" {\n group = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n remote = \"161.26.0.0/16\"\n direction = \"outbound\"\n tcp {\n port_min = 53\n port_max = 53\n }\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_ibm_tcp_80_outbound\" {\n group = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n remote = \"161.26.0.0/16\"\n direction = \"outbound\"\n tcp {\n port_min = 80\n port_max = 80\n }\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_ibm_tcp_443_outbound\" {\n group = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n remote = \"161.26.0.0/16\"\n direction = \"outbound\"\n tcp {\n port_min = 443\n port_max = 443\n }\n}\n\n##############################################################################\n", - "variables.tf": "##############################################################################\n# Management VPC Variables\n##############################################################################\n\nvariable \"tags\" {\n description = \"List of tags\"\n type = list(string)\n}\n\nvariable \"region\" {\n description = \"IBM Cloud Region where resources will be provisioned\"\n type = string\n}\n\nvariable \"prefix\" {\n description = \"Name prefix that will be prepended to named resources\"\n type = string\n}\n\nvariable \"slz_management_rg_id\" {\n description = \"ID for the resource group slz-management-rg\"\n type = string\n}\n\n##############################################################################\n", + "variables.tf": "##############################################################################\n# Management VPC Variables\n##############################################################################\n\nvariable \"tags\" {\n description = \"List of tags\"\n type = list(string)\n}\n\nvariable \"region\" {\n description = \"IBM Cloud Region where resources will be provisioned\"\n type = string\n}\n\nvariable \"prefix\" {\n description = \"Name prefix that will be prepended to named resources\"\n type = string\n}\n\nvariable \"slz_management_rg_id\" {\n description = \"ID for the resource group slz-management-rg\"\n type = string\n}\n\nvariable \"slz_workload_rg_id\" {\n description = \"ID for the resource group slz-workload-rg\"\n type = string\n}\n\n##############################################################################\n", "versions.tf": "##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n required_providers {\n ibm = {\n source = \"IBM-Cloud/ibm\"\n version = \"~>1.63.0\"\n }\n }\n required_version = \">=1.5\"\n}\n\n##############################################################################\n" }, - "main.tf": "##############################################################################\n# IBM Cloud Provider\n##############################################################################\n\nprovider \"ibm\" {\n ibmcloud_api_key = var.ibmcloud_api_key\n region = var.region\n ibmcloud_timeout = 60\n}\n\n##############################################################################\n\n##############################################################################\n# Management VPC Module\n##############################################################################\n\nmodule \"management_vpc\" {\n source = \"./management_vpc\"\n region = var.region\n prefix = var.prefix\n slz_management_rg_id = ibm_resource_group.slz_management_rg.id\n tags = [\n \"slz\",\n \"landing-zone\"\n ]\n}\n\n##############################################################################\n\n##############################################################################\n# Workload VPC Module\n##############################################################################\n\nmodule \"workload_vpc\" {\n source = \"./workload_vpc\"\n region = var.region\n prefix = var.prefix\n slz_workload_rg_id = ibm_resource_group.slz_workload_rg.id\n tags = [\n \"slz\",\n \"landing-zone\"\n ]\n}\n\n##############################################################################\n", + "main.tf": "##############################################################################\n# IBM Cloud Provider\n##############################################################################\n\nprovider \"ibm\" {\n ibmcloud_api_key = var.ibmcloud_api_key\n region = var.region\n ibmcloud_timeout = 60\n}\n\n##############################################################################\n\n##############################################################################\n# Management VPC Module\n##############################################################################\n\nmodule \"management_vpc\" {\n source = \"./management_vpc\"\n region = var.region\n prefix = var.prefix\n slz_management_rg_id = ibm_resource_group.slz_management_rg.id\n slz_workload_rg_id = ibm_resource_group.slz_workload_rg.id\n tags = [\n \"slz\",\n \"landing-zone\"\n ]\n}\n\n##############################################################################\n\n##############################################################################\n# Workload VPC Module\n##############################################################################\n\nmodule \"workload_vpc\" {\n source = \"./workload_vpc\"\n region = var.region\n prefix = var.prefix\n slz_workload_rg_id = ibm_resource_group.slz_workload_rg.id\n slz_management_rg_id = ibm_resource_group.slz_management_rg.id\n tags = [\n \"slz\",\n \"landing-zone\"\n ]\n}\n\n##############################################################################\n", "flow_logs.tf": "##############################################################################\n# Flow Logs Resources\n##############################################################################\n\nresource \"ibm_iam_authorization_policy\" \"flow_logs_to_cos_object_storage_policy\" {\n source_service_name = \"is\"\n source_resource_type = \"flow-log-collector\"\n description = \"Allow flow logs write access cloud object storage instance\"\n target_service_name = \"cloud-object-storage\"\n target_resource_instance_id = ibm_resource_instance.cos_object_storage.guid\n roles = [\n \"Writer\"\n ]\n}\n\nresource \"ibm_is_flow_log\" \"management_flow_log_collector\" {\n name = \"${var.prefix}-management-vpc-logs\"\n target = module.management_vpc.id\n active = true\n storage_bucket = ibm_cos_bucket.cos_object_storage_management_bucket_bucket.bucket_name\n resource_group = ibm_resource_group.slz_management_rg.id\n tags = [\n \"slz\",\n \"landing-zone\"\n ]\n depends_on = [\n ibm_iam_authorization_policy.flow_logs_to_cos_object_storage_policy\n ]\n}\n\nresource \"ibm_is_flow_log\" \"workload_flow_log_collector\" {\n name = \"${var.prefix}-workload-vpc-logs\"\n target = module.workload_vpc.id\n active = true\n storage_bucket = ibm_cos_bucket.cos_object_storage_management_bucket_bucket.bucket_name\n resource_group = ibm_resource_group.slz_workload_rg.id\n tags = [\n \"slz\",\n \"landing-zone\"\n ]\n depends_on = [\n ibm_iam_authorization_policy.flow_logs_to_cos_object_storage_policy\n ]\n}\n\n##############################################################################\n", "transit_gateways.tf": "##############################################################################\n# Transit Gateway Transit Gateway\n##############################################################################\n\nresource \"ibm_tg_gateway\" \"transit_gateway\" {\n name = \"${var.prefix}-transit-gateway\"\n location = var.region\n global = false\n resource_group = ibm_resource_group.slz_service_rg.id\n timeouts {\n create = \"30m\"\n delete = \"30m\"\n }\n}\n\nresource \"ibm_tg_connection\" \"transit_gateway_to_management_connection\" {\n gateway = ibm_tg_gateway.transit_gateway.id\n network_type = \"vpc\"\n name = \"${var.prefix}-transit-gateway-management-hub-connection\"\n network_id = module.management_vpc.crn\n timeouts {\n create = \"30m\"\n delete = \"30m\"\n }\n}\n\nresource \"ibm_tg_connection\" \"transit_gateway_to_workload_connection\" {\n gateway = ibm_tg_gateway.transit_gateway.id\n network_type = \"vpc\"\n name = \"${var.prefix}-transit-gateway-workload-hub-connection\"\n network_id = module.workload_vpc.crn\n timeouts {\n create = \"30m\"\n delete = \"30m\"\n }\n}\n\n##############################################################################\n", "virtual_private_endpoints.tf": "##############################################################################\n# Management VPE Resources\n##############################################################################\n\nresource \"ibm_is_subnet_reserved_ip\" \"management_vpc_vpe_zone_1_subnet_vpe_ip_cos_vpe_gw\" {\n subnet = module.management_vpc.vpe_zone_1_id\n}\n\nresource \"ibm_is_subnet_reserved_ip\" \"management_vpc_vpe_zone_2_subnet_vpe_ip_cos_vpe_gw\" {\n subnet = module.management_vpc.vpe_zone_2_id\n}\n\nresource \"ibm_is_subnet_reserved_ip\" \"management_vpc_vpe_zone_3_subnet_vpe_ip_cos_vpe_gw\" {\n subnet = module.management_vpc.vpe_zone_3_id\n}\n\nresource \"ibm_is_virtual_endpoint_gateway\" \"management_vpc_cos_vpe_gateway\" {\n name = \"${var.prefix}-management-cos-vpe-gw\"\n vpc = module.management_vpc.id\n resource_group = ibm_resource_group.slz_management_rg.id\n tags = [\n \"slz\",\n \"landing-zone\"\n ]\n security_groups = [\n module.management_vpc.management_vpe_sg_id\n ]\n target {\n crn = \"crn:v1:bluemix:public:cloud-object-storage:global:::endpoint:s3.direct.${var.region}.cloud-object-storage.appdomain.cloud\"\n resource_type = \"provider_cloud_service\"\n }\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"management_vpc_cos_gw_vpe_zone_1_gateway_ip\" {\n gateway = ibm_is_virtual_endpoint_gateway.management_vpc_cos_vpe_gateway.id\n reserved_ip = ibm_is_subnet_reserved_ip.management_vpc_vpe_zone_1_subnet_vpe_ip_cos_vpe_gw.reserved_ip\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"management_vpc_cos_gw_vpe_zone_2_gateway_ip\" {\n gateway = ibm_is_virtual_endpoint_gateway.management_vpc_cos_vpe_gateway.id\n reserved_ip = ibm_is_subnet_reserved_ip.management_vpc_vpe_zone_2_subnet_vpe_ip_cos_vpe_gw.reserved_ip\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"management_vpc_cos_gw_vpe_zone_3_gateway_ip\" {\n gateway = ibm_is_virtual_endpoint_gateway.management_vpc_cos_vpe_gateway.id\n reserved_ip = ibm_is_subnet_reserved_ip.management_vpc_vpe_zone_3_subnet_vpe_ip_cos_vpe_gw.reserved_ip\n}\n\n##############################################################################\n\n##############################################################################\n# Workload VPE Resources\n##############################################################################\n\nresource \"ibm_is_subnet_reserved_ip\" \"workload_vpc_vpe_zone_1_subnet_vpe_ip_cos_vpe_gw\" {\n subnet = module.workload_vpc.vpe_zone_1_id\n}\n\nresource \"ibm_is_subnet_reserved_ip\" \"workload_vpc_vpe_zone_2_subnet_vpe_ip_cos_vpe_gw\" {\n subnet = module.workload_vpc.vpe_zone_2_id\n}\n\nresource \"ibm_is_subnet_reserved_ip\" \"workload_vpc_vpe_zone_3_subnet_vpe_ip_cos_vpe_gw\" {\n subnet = module.workload_vpc.vpe_zone_3_id\n}\n\nresource \"ibm_is_virtual_endpoint_gateway\" \"workload_vpc_cos_vpe_gateway\" {\n name = \"${var.prefix}-workload-cos-vpe-gw\"\n vpc = module.workload_vpc.id\n resource_group = ibm_resource_group.slz_workload_rg.id\n tags = [\n \"slz\",\n \"landing-zone\"\n ]\n security_groups = [\n module.workload_vpc.workload_vpe_sg_id\n ]\n target {\n crn = \"crn:v1:bluemix:public:cloud-object-storage:global:::endpoint:s3.direct.${var.region}.cloud-object-storage.appdomain.cloud\"\n resource_type = \"provider_cloud_service\"\n }\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"workload_vpc_cos_gw_vpe_zone_1_gateway_ip\" {\n gateway = ibm_is_virtual_endpoint_gateway.workload_vpc_cos_vpe_gateway.id\n reserved_ip = ibm_is_subnet_reserved_ip.workload_vpc_vpe_zone_1_subnet_vpe_ip_cos_vpe_gw.reserved_ip\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"workload_vpc_cos_gw_vpe_zone_2_gateway_ip\" {\n gateway = ibm_is_virtual_endpoint_gateway.workload_vpc_cos_vpe_gateway.id\n reserved_ip = ibm_is_subnet_reserved_ip.workload_vpc_vpe_zone_2_subnet_vpe_ip_cos_vpe_gw.reserved_ip\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"workload_vpc_cos_gw_vpe_zone_3_gateway_ip\" {\n gateway = ibm_is_virtual_endpoint_gateway.workload_vpc_cos_vpe_gateway.id\n reserved_ip = ibm_is_subnet_reserved_ip.workload_vpc_vpe_zone_3_subnet_vpe_ip_cos_vpe_gw.reserved_ip\n}\n\n##############################################################################\n", diff --git a/unit-tests/forms/wizard.test.js b/unit-tests/forms/wizard.test.js index c96d4d6d..ed35d061 100644 --- a/unit-tests/forms/wizard.test.js +++ b/unit-tests/forms/wizard.test.js @@ -57,7 +57,7 @@ describe("setup wizard", () => { enable_power_vs: false, enable_classic: false, power_vs_zones: [], - craig_version: "1.15.5", + craig_version: "1.15.6", power_vs_high_availability: false, no_vpn_secrets_manager_auth: false, }, @@ -975,7 +975,7 @@ describe("setup wizard", () => { enable_power_vs: false, enable_classic: false, power_vs_zones: [], - craig_version: "1.15.5", + craig_version: "1.15.6", power_vs_high_availability: false, no_vpn_secrets_manager_auth: false, }, @@ -1892,7 +1892,7 @@ describe("setup wizard", () => { enable_power_vs: false, enable_classic: false, power_vs_zones: [], - craig_version: "1.15.5", + craig_version: "1.15.6", power_vs_high_availability: false, no_vpn_secrets_manager_auth: false, }, @@ -2403,7 +2403,7 @@ describe("setup wizard", () => { enable_power_vs: false, enable_classic: false, power_vs_zones: [], - craig_version: "1.15.5", + craig_version: "1.15.6", power_vs_high_availability: false, no_vpn_secrets_manager_auth: false, }, @@ -2905,7 +2905,7 @@ describe("setup wizard", () => { enable_power_vs: false, enable_classic: false, power_vs_zones: [], - craig_version: "1.15.5", + craig_version: "1.15.6", power_vs_high_availability: false, no_vpn_secrets_manager_auth: false, }, @@ -3484,7 +3484,7 @@ describe("setup wizard", () => { enable_power_vs: false, enable_classic: false, power_vs_zones: [], - craig_version: "1.15.5", + craig_version: "1.15.6", no_vpn_secrets_manager_auth: false, }, resource_groups: [ @@ -3654,7 +3654,7 @@ describe("setup wizard", () => { enable_power_vs: false, enable_classic: false, power_vs_zones: [], - craig_version: "1.15.5", + craig_version: "1.15.6", power_vs_high_availability: false, no_vpn_secrets_manager_auth: false, }, @@ -4225,7 +4225,7 @@ describe("setup wizard", () => { enable_power_vs: false, enable_classic: false, power_vs_zones: [], - craig_version: "1.15.5", + craig_version: "1.15.6", power_vs_high_availability: false, no_vpn_secrets_manager_auth: false, }, @@ -4770,7 +4770,7 @@ describe("setup wizard", () => { enable_power_vs: false, enable_classic: false, power_vs_zones: [], - craig_version: "1.15.5", + craig_version: "1.15.6", power_vs_high_availability: false, no_vpn_secrets_manager_auth: false, }, @@ -5320,7 +5320,7 @@ describe("setup wizard", () => { enable_classic: false, enable_classic: false, power_vs_zones: [], - craig_version: "1.15.5", + craig_version: "1.15.6", no_vpn_secrets_manager_auth: false, }, resource_groups: [ @@ -5812,7 +5812,7 @@ describe("setup wizard", () => { enable_power_vs: true, enable_classic: false, power_vs_zones: ["dal10"], - craig_version: "1.15.5", + craig_version: "1.15.6", power_vs_high_availability: false, no_vpn_secrets_manager_auth: false, }, @@ -6314,7 +6314,7 @@ describe("setup wizard", () => { enable_power_vs: true, enable_classic: false, power_vs_zones: ["dal10"], - craig_version: "1.15.5", + craig_version: "1.15.6", power_vs_high_availability: false, no_vpn_secrets_manager_auth: false, }, diff --git a/unit-tests/json-to-iac/config-to-files-json.test.js b/unit-tests/json-to-iac/config-to-files-json.test.js index e5a9f4ec..f033f84d 100644 --- a/unit-tests/json-to-iac/config-to-files-json.test.js +++ b/unit-tests/json-to-iac/config-to-files-json.test.js @@ -1120,6 +1120,11 @@ variable "edge_id" { type = string } +variable "slz_workload_rg_id" { + description = "ID for the resource group slz-workload-rg" + type = string +} + ############################################################################## `, "it should return correct data" diff --git a/unit-tests/json-to-iac/security-groups.test.js b/unit-tests/json-to-iac/security-groups.test.js index 5aa457d1..af726ab7 100644 --- a/unit-tests/json-to-iac/security-groups.test.js +++ b/unit-tests/json-to-iac/security-groups.test.js @@ -8,7 +8,7 @@ const slzNetwork = require("../data-files/slz-network.json"); describe("security groups", () => { describe("formatSecurityGroup", () => { - it("should format a security group", () => { + it("should format a security group with vpc from data", () => { let actualData = formatSecurityGroup( { vpc: "management", @@ -106,12 +106,18 @@ describe("security groups", () => { use_data: false, }, ], + vpcs: [ + { + name: "management", + use_data: true, + }, + ], } ); let expectedData = ` resource "ibm_is_security_group" "management_vpc_management_vpe_sg_sg" { name = "\${var.prefix}-management-management-vpe-sg-sg" - vpc = ibm_is_vpc.management_vpc.id + vpc = data.ibm_is_vpc.management_vpc.id resource_group = var.slz_management_rg_id tags = [ "hello", diff --git a/unit-tests/json-to-iac/vpc.test.js b/unit-tests/json-to-iac/vpc.test.js index e7d26a92..6a8212f6 100644 --- a/unit-tests/json-to-iac/vpc.test.js +++ b/unit-tests/json-to-iac/vpc.test.js @@ -4839,7 +4839,7 @@ resource "ibm_is_subnet" "customer_a_subnet_tier_zone_2" { "acl_customer_a_subnet_acl.tf": '##############################################################################\n# Customer A Subnet Acl ACL\n##############################################################################\n\nresource "ibm_is_network_acl" "customer_a_subnet_acl_acl" {\n name = "${var.prefix}-customer-a-subnet-acl-acl"\n vpc = data.ibm_is_vpc.customer_a_vpc.id\n resource_group = var.craig_rg_id\n tags = [\n "hello",\n "world"\n ]\n rules {\n source = "0.0.0.0"\n action = "allow"\n destination = "0.0.0.0"\n direction = "inbound"\n name = "allow-all-inbound"\n }\n rules {\n source = "0.0.0.0"\n action = "allow"\n destination = "0.0.0.0"\n direction = "outbound"\n name = "allow-all-outbound"\n }\n}\n\n##############################################################################\n', "sg_vsi_sg.tf": - '##############################################################################\n# Security Group VSI Sg\n##############################################################################\n\nresource "ibm_is_security_group" "customer_a_vpc_vsi_sg_sg" {\n name = "${var.prefix}-customer-a-vsi-sg-sg"\n vpc = ibm_is_vpc.customer_a_vpc.id\n resource_group = var.craig_rg_id\n tags = [\n "hello",\n "world"\n ]\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ssh" {\n group = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n remote = "0.0.0.0"\n direction = "inbound"\n tcp {\n port_min = 22\n port_max = 22\n }\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ping" {\n group = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n remote = "0.0.0.0"\n direction = "inbound"\n icmp {\n type = 8\n code = 8\n }\n}\n\n##############################################################################\n', + '##############################################################################\n# Security Group VSI Sg\n##############################################################################\n\nresource "ibm_is_security_group" "customer_a_vpc_vsi_sg_sg" {\n name = "${var.prefix}-customer-a-vsi-sg-sg"\n vpc = data.ibm_is_vpc.customer_a_vpc.id\n resource_group = var.craig_rg_id\n tags = [\n "hello",\n "world"\n ]\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ssh" {\n group = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n remote = "0.0.0.0"\n direction = "inbound"\n tcp {\n port_min = 22\n port_max = 22\n }\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ping" {\n group = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n remote = "0.0.0.0"\n direction = "inbound"\n icmp {\n type = 8\n code = 8\n }\n}\n\n##############################################################################\n', "outputs.tf": '##############################################################################\n# Customer AVPC Outputs\n##############################################################################\n\noutput "name" {\n value = data.ibm_is_vpc.customer_a_vpc.name\n}\n\noutput "id" {\n value = data.ibm_is_vpc.customer_a_vpc.id\n}\n\noutput "crn" {\n value = data.ibm_is_vpc.customer_a_vpc.crn\n}\n\noutput "subnet_tier_zone_1_name" {\n value = ibm_is_subnet.customer_a_subnet_tier_zone_1.name\n}\n\noutput "subnet_tier_zone_1_id" {\n value = ibm_is_subnet.customer_a_subnet_tier_zone_1.id\n}\n\noutput "subnet_tier_zone_1_crn" {\n value = ibm_is_subnet.customer_a_subnet_tier_zone_1.crn\n}\n\noutput "subnet_tier_zone_2_name" {\n value = ibm_is_subnet.customer_a_subnet_tier_zone_2.name\n}\n\noutput "subnet_tier_zone_2_id" {\n value = ibm_is_subnet.customer_a_subnet_tier_zone_2.id\n}\n\noutput "subnet_tier_zone_2_crn" {\n value = ibm_is_subnet.customer_a_subnet_tier_zone_2.crn\n}\n\noutput "vsi_sg_name" {\n value = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.name\n}\n\noutput "vsi_sg_id" {\n value = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n}\n\n##############################################################################\n', }, @@ -5652,6 +5652,127 @@ resource "ibm_is_subnet" "customer_a_subnet_tier_zone_2" { }; assert.deepEqual(actualData, expectedData, "should return correct data"); }); + it("should return craig terraform for one vpc with only one data subnet and vpc from data and data rg", () => { + let actualData = {}; + vpcModuleTf(actualData, { + _options: { + prefix: "iac", + region: "us-south", + tags: ["hello", "world"], + zones: 3, + endpoints: "private", + account_id: null, + fs_cloud: false, + enable_classic: false, + dynamic_subnets: true, + enable_power_vs: false, + craig_version: "1.15.6", + power_vs_zones: [], + power_vs_high_availability: false, + no_vpn_secrets_manager_auth: false, + power_vs_ha_zone_1: null, + power_vs_ha_zone_2: null, + manual_power_vsi_naming: false, + template: "Empty Project", + }, + resource_groups: [ + { + use_prefix: true, + name: "powervs-coe", + use_data: true, + }, + ], + routing_tables: [], + scc: { + credential_description: null, + id: null, + passphrase: null, + name: "", + location: "us", + collector_description: null, + is_public: false, + scope_description: null, + enable: false, + }, + secrets_manager: [], + security_groups: [ + { + resource_group: "powervs-coe", + rules: [], + vpc: "smatzek", + subnets: [], + ssh_keys: [], + use_data: false, + name: "vpn-server", + }, + ], + ssh_keys: [], + sysdig: { + enabled: false, + plan: "graduated-tier", + resource_group: null, + name: "sysdig", + platform_logs: false, + }, + teleport_vsi: [], + transit_gateways: [], + virtual_private_endpoints: [], + vpcs: [ + { + name: "smatzek", + resource_group: null, + classic_access: null, + manual_address_prefix_management: false, + default_network_acl_name: null, + default_security_group_name: null, + default_routing_table_name: null, + public_gateways: [], + acls: [], + subnetTiers: [], + use_data: true, + bucket: "$disabled", + publicGateways: [], + cos: null, + subnets: [], + address_prefixes: [], + }, + ], + vpn_gateways: [], + vsi: [], + vtl: [], + classic_gateways: [], + cis: [], + scc_v2: { + enable: false, + resource_group: null, + region: "", + account_id: "${var.account_id}", + profile_attachments: [], + }, + cis_glbs: [], + fortigate_vnf: [], + classic_security_groups: [], + classic_vsi: [], + classic_bare_metal: [], + }); + let expectedData = { + "main.tf": `############################################################################## +# Smatzek VPC Module +############################################################################## + +module "smatzek_vpc" { + source = "./smatzek_vpc" + region = var.region + prefix = var.prefix + powervs_coe_id = data.ibm_resource_group.powervs_coe.id\n tags = [\n "hello",\n "world"\n ]\n}\n\n############################################################################## +`, + }; + assert.deepEqual( + actualData["main.tf"], + expectedData["main.tf"], + "should return correct data" + ); + }); it("should return craig terraform for edge network in module", () => { let actualData = {}; vpcModuleTf(actualData, { @@ -8428,6 +8549,7 @@ resource "ibm_is_subnet" "edge_vpn_2_zone_3" { let actualData = vpcModuleJson( { name: "test-case", + resource_group: null, }, [], { @@ -8453,5 +8575,35 @@ resource "ibm_is_subnet" "edge_vpn_2_zone_3" { "it should return correctly formatted module" ); }); + it("should return correct module for imported vpc with no rg", () => { + let actualData = vpcModuleJson( + { + name: "test-case", + resource_group: null, + }, + [null], + { + _options: { + tags: [], + }, + } + ); + let expectedData = { + test_case_vpc: { + "//": { + metadata: { uniqueId: "test_case_vpc", path: "./test_case_vpc" }, + }, + source: "./test_case_vpc", + region: "${var.region}", + prefix: "${var.prefix}", + tags: [], + }, + }; + assert.deepEqual( + actualData, + expectedData, + "it should return correctly formatted module" + ); + }); }); }); From 5c9cc6004994b6c730a072edb60d43ea52776bb2 Mon Sep 17 00:00:00 2001 From: jvallexm Date: Tue, 21 May 2024 12:42:51 -0400 Subject: [PATCH 3/9] fix: validation (#1934) --- CHANGELOG.md | 1 + client/src/lib/docs/release-notes.json | 3 ++- client/src/lib/validate.js | 1 - 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0272a9d5..d22663c6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ All notable changes to this project will be documented in this file. ### Fixes - Fixed an issue causing Resource Groups assigned to Security Groups to not be correctly imported into VPC modules +- Fixed an issue preventing users from downloading Terraform code when using only existing VPCs and VPC Subnets ## 1.15.5 diff --git a/client/src/lib/docs/release-notes.json b/client/src/lib/docs/release-notes.json index a90f8df1..86222e75 100644 --- a/client/src/lib/docs/release-notes.json +++ b/client/src/lib/docs/release-notes.json @@ -3,7 +3,8 @@ "version": "1.15.6", "features": [], "fixes": [ - "Fixed an issue causing Resource Groups assigned to Security Groups to not be correctly imported into VPC modules" + "Fixed an issue causing Resource Groups assigned to Security Groups to not be correctly imported into VPC modules", + "Fixed an issue preventing users from downloading Terraform code when using only existing VPCs and VPC Subnets" ], "upgrade_notes": [] }, diff --git a/client/src/lib/validate.js b/client/src/lib/validate.js index 221424c9..4e8cc7be 100644 --- a/client/src/lib/validate.js +++ b/client/src/lib/validate.js @@ -375,7 +375,6 @@ const validate = function (json) { // for each address prefix network.address_prefixes.forEach((prefix) => { nullVpcNameTest("Address Prefix", prefix, "name", "name"); - validationTest("Address Prefix", prefix, "zone", "zone"); // mark zone required }); // for each acl network.acls.forEach((acl) => { From 10cd513d60158a694e94e909e30f616617b144a4 Mon Sep 17 00:00:00 2001 From: Samuel Matzek Date: Wed, 22 May 2024 14:35:29 -0500 Subject: [PATCH 4/9] Change logdna bucket (#1939) * Change logdna bucket * Changelog * Remove trailing period --- CHANGELOG.md | 1 + client/src/lib/docs/release-notes.json | 3 ++- client/src/lib/docs/templates/power-poc-quick-start.json | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d22663c6..ac7a72a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file. - Fixed an issue causing Resource Groups assigned to Security Groups to not be correctly imported into VPC modules - Fixed an issue preventing users from downloading Terraform code when using only existing VPCs and VPC Subnets +- Fixed an issue in the Power VS POC template where the LogDNA files were written to the AIX save files COS bucket ## 1.15.5 diff --git a/client/src/lib/docs/release-notes.json b/client/src/lib/docs/release-notes.json index 86222e75..b0597e1c 100644 --- a/client/src/lib/docs/release-notes.json +++ b/client/src/lib/docs/release-notes.json @@ -4,7 +4,8 @@ "features": [], "fixes": [ "Fixed an issue causing Resource Groups assigned to Security Groups to not be correctly imported into VPC modules", - "Fixed an issue preventing users from downloading Terraform code when using only existing VPCs and VPC Subnets" + "Fixed an issue preventing users from downloading Terraform code when using only existing VPCs and VPC Subnets", + "Fixed an issue in the Power VS POC template where the LogDNA files were written to the AIX save files COS bucket" ], "upgrade_notes": [] }, diff --git a/client/src/lib/docs/templates/power-poc-quick-start.json b/client/src/lib/docs/templates/power-poc-quick-start.json index ebceffa5..a6a80d71 100644 --- a/client/src/lib/docs/templates/power-poc-quick-start.json +++ b/client/src/lib/docs/templates/power-poc-quick-start.json @@ -99,8 +99,8 @@ "endpoints": "private", "platform_logs": false, "resource_group": "service-rg", - "cos": "savefiles", - "bucket": "aix", + "cos": "a-tracker", + "bucket": "a-tracker", "name": "logdna", "archive": false }, From 531b87aeb224ce1856168b8cca2843cb55a3797a Mon Sep 17 00:00:00 2001 From: jvallexm Date: Thu, 23 May 2024 12:24:20 -0400 Subject: [PATCH 5/9] 1936: vpn server username and certificate (#1937) * feat: vpn server cert and username * PowerVS PoC doc change for VPN Server --------- Co-authored-by: Samuel Matzek --- .docs/powervs-poc.md | 19 ++++++++- CHANGELOG.md | 4 ++ client/src/lib/docs/release-notes.json | 4 +- client/src/lib/json-to-iac/vpn-server.js | 12 +++++- client/src/lib/state/vpn-servers.js | 9 +++- unit-tests/json-to-iac/vpn-server.test.js | 52 +++++++++++++++++++++++ unit-tests/state/schema.test.js | 2 +- unit-tests/state/vpn-servers.test.js | 12 ++++++ 8 files changed, 107 insertions(+), 7 deletions(-) diff --git a/.docs/powervs-poc.md b/.docs/powervs-poc.md index a8ddffe1..bdba97b0 100644 --- a/.docs/powervs-poc.md +++ b/.docs/powervs-poc.md @@ -140,7 +140,7 @@ Set the VPN Server values using the following table as a guide. | VPC | transit | | Subnets | vpn-zone-1 | | Security group | security group created in step 3 | -| Authentication method | Certificate | +| Authentication method | Username and Certificate | | Certificate CRN | The CRN of the Secrets Manager secret containing the certificate for the VPN Server. | | Client CA CRN | The CRN of the Secrets Manager secret containing the certificate for the VPN client. | | Client CIDR Pool | Specify a network CIDR that does not conflict with any on-premises network, the VPC network, or the Power VS network. The CIDR should also be a subnet of 10.0.0.0/8 to avoid additional security group changes. | @@ -199,3 +199,20 @@ Here are the list of fields and values to be used to setup on-prem VPN gateway: * Preshared Key: Shared between both VPNs to establish connection. * Peer CIDR: IBM VPC CIDRs + IBM PowerVS CIDRs to allow communication into IBM cloud environment via VPN. * IKE policy: IKEv2 + +### Configuring VPC VPN Server - Client to Site VPN users + +If a VPC VPN Server was added to the configuration as documented with the `Username and Certificate` authentication mechanism, VPN users must have the correct access policies to log into the VPN. + +The following steps can be used to create an access group with the appropriate access policy and add VPN users: + +Create Access Group: + - Manage -> Access (IAM) -> Access Groups -> Create + + - Name the access group _(i.e. VPN Users)_ + - Add users and/or service IDs as needed + - Navigate to Access tab -> Assign access + + - Create an access policy with the following: + +| Service | Resources | Access | +|- |- |- | +| VPC Infrastructure Service | All | Users of the VPN server need this role to connect to the VPN server | diff --git a/CHANGELOG.md b/CHANGELOG.md index ac7a72a9..a142fbd6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file. ## 1.15.6 +### Features + +- When creating a VPN Server, users can now have both certificate and username authentication by selecting the `Username and Certificate` authentication method + ### Fixes - Fixed an issue causing Resource Groups assigned to Security Groups to not be correctly imported into VPC modules diff --git a/client/src/lib/docs/release-notes.json b/client/src/lib/docs/release-notes.json index b0597e1c..46e0e5dc 100644 --- a/client/src/lib/docs/release-notes.json +++ b/client/src/lib/docs/release-notes.json @@ -1,7 +1,9 @@ [ { "version": "1.15.6", - "features": [], + "features": [ + "When creating a VPN Server, users can now have both certificate and username authentication by selecting the `Username and Certificate` authentication method" + ], "fixes": [ "Fixed an issue causing Resource Groups assigned to Security Groups to not be correctly imported into VPC modules", "Fixed an issue preventing users from downloading Terraform code when using only existing VPCs and VPC Subnets", diff --git a/client/src/lib/json-to-iac/vpn-server.js b/client/src/lib/json-to-iac/vpn-server.js index 127891b1..36e9313d 100644 --- a/client/src/lib/json-to-iac/vpn-server.js +++ b/client/src/lib/json-to-iac/vpn-server.js @@ -51,7 +51,7 @@ function ibmIsVpnServer(server, craig) { certificate_crn: overrideCert || server.certificate_crn, client_authentication: [ { - method: contains(["byo", "INSECURE"], server.method) + method: contains(["byo", "INSECURE", "both"], server.method) ? "certificate" : server.method, }, @@ -83,7 +83,7 @@ function ibmIsVpnServer(server, craig) { }); if ( server.method === "certificate" || - contains(["byo", "INSECURE"], server.method) + contains(["byo", "INSECURE", "both"], server.method) ) { serverData.client_authentication[0].client_ca_crn = overrideCert && server.method === "certificate" @@ -94,6 +94,14 @@ function ibmIsVpnServer(server, craig) { } else { serverData.client_authentication[0].identity_provider = "iam"; } + + if (server.method === "both") { + serverData.client_authentication.push({ + method: "username", + identity_provider: "iam", + }); + } + return { name: snakeCase(`${server.vpc} vpn server ${server.name}`), data: serverData, diff --git a/client/src/lib/state/vpn-servers.js b/client/src/lib/state/vpn-servers.js index c1db135f..043aedb6 100644 --- a/client/src/lib/state/vpn-servers.js +++ b/client/src/lib/state/vpn-servers.js @@ -252,20 +252,25 @@ function initVpnState(store) { "Select an authentication method" ), groups: [ + "Username and Certificate", "Certificate", "Username", "Bring Your Own Certificate", "INSECURE - Developer Certificate", ], onRender(stateData) { - return stateData.method === "INSECURE" + return stateData.method === "both" + ? "Username and Certificate" + : stateData.method === "INSECURE" ? "INSECURE - Developer Certificate" : stateData.method === "byo" ? "Bring Your Own Certificate" : titleCase(stateData.method); }, onInputChange(stateData) { - return stateData.method === "INSECURE - Developer Certificate" + return stateData.method === "Username and Certificate" + ? "both" + : stateData.method === "INSECURE - Developer Certificate" ? "INSECURE" : stateData.method === "Bring Your Own Certificate" ? "byo" diff --git a/unit-tests/json-to-iac/vpn-server.test.js b/unit-tests/json-to-iac/vpn-server.test.js index 91345ed4..9d4d7bf8 100644 --- a/unit-tests/json-to-iac/vpn-server.test.js +++ b/unit-tests/json-to-iac/vpn-server.test.js @@ -244,6 +244,58 @@ resource "ibm_is_vpn_server" "management_vpn_server_abc" { module.management_vpc.management_vpe_sg_id ] } +`; + assert.deepEqual(actualData, expectedData, "should return correct data"); + }); + it("should return correct tf for vpn server using certificate and username password", () => { + let actualData = formatVpnServer( + { + name: "abc", + certificate_crn: "xyz", + method: "both", + client_ca_crn: "hij", + client_ip_pool: "xyz", + client_dns_server_ips: "optional", + client_idle_timeout: 2000, + enable_split_tunneling: true, + port: 255, + protocol: "udp", + resource_group: "slz-management-rg", + security_groups: ["management-vpe-sg"], + subnets: ["vsi-zone-1"], + vpc: "management", + routes: [], + }, + slzNetwork + ); + let expectedData = ` +resource "ibm_is_vpn_server" "management_vpn_server_abc" { + certificate_crn = "xyz" + client_idle_timeout = 2000 + client_ip_pool = "xyz" + enable_split_tunneling = true + name = "\${var.prefix}-management-abc-server" + port = 255 + protocol = "udp" + resource_group = ibm_resource_group.slz_management_rg.id + client_authentication { + method = "certificate" + client_ca_crn = "hij" + } + client_authentication { + method = "username" + identity_provider = "iam" + } + client_dns_server_ips = [ + "optional" + ] + subnets = [ + module.management_vpc.vsi_zone_1_id + ] + security_groups = [ + module.management_vpc.management_vpe_sg_id + ] +} `; assert.deepEqual(actualData, expectedData, "should return correct data"); }); diff --git a/unit-tests/state/schema.test.js b/unit-tests/state/schema.test.js index c2555cc6..366cc5cb 100644 --- a/unit-tests/state/schema.test.js +++ b/unit-tests/state/schema.test.js @@ -1926,7 +1926,7 @@ describe("automate schema generation", () => { method: { type: "string", default: null, - groups: ["certificate", "username", "byo", "INSECURE"], + groups: ["both", "certificate", "username", "byo", "INSECURE"], }, certificate_crn: { type: "string", default: null }, client_ca_crn: { type: "string", default: null }, diff --git a/unit-tests/state/vpn-servers.test.js b/unit-tests/state/vpn-servers.test.js index 4cd74502..b116c554 100644 --- a/unit-tests/state/vpn-servers.test.js +++ b/unit-tests/state/vpn-servers.test.js @@ -399,6 +399,11 @@ describe("vpn_servers", () => { "INSECURE - Developer Certificate", "it should return correct method" ); + assert.deepEqual( + craig.vpn_servers.method.onRender({ method: "both" }), + "Username and Certificate", + "it should return correct method" + ); assert.deepEqual( craig.vpn_servers.method.onRender({ method: "byo" }), "Bring Your Own Certificate", @@ -418,6 +423,13 @@ describe("vpn_servers", () => { "INSECURE", "it should return correct method" ); + assert.deepEqual( + craig.vpn_servers.method.onInputChange({ + method: "Username and Certificate", + }), + "both", + "it should return correct method" + ); assert.deepEqual( craig.vpn_servers.method.onInputChange({ method: "Bring Your Own Certificate", From 897623abda84876e7f8cbb7e40ae15a716f9d526 Mon Sep 17 00:00:00 2001 From: Samuel Matzek Date: Thu, 23 May 2024 11:28:31 -0500 Subject: [PATCH 6/9] Update the VPN as a service template (#1942) * Remove old json properties from VPN as a service * Change SM to trial, set vpn-server auth default to insecure * Change log * Update changelog * Update changelog --------- Co-authored-by: Jennifer Valle --- CHANGELOG.md | 4 ++++ client/src/lib/docs/release-notes.json | 4 +++- client/src/lib/docs/templates/vpn-as-a-service.json | 8 +++----- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a142fbd6..bc9a5b51 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file. ## 1.15.6 +### Upgrade Notes + +- Updated the VPN as a Service template's default authentication method and changed the Secrets Manager to the Trial plan + ### Features - When creating a VPN Server, users can now have both certificate and username authentication by selecting the `Username and Certificate` authentication method diff --git a/client/src/lib/docs/release-notes.json b/client/src/lib/docs/release-notes.json index 46e0e5dc..dca69921 100644 --- a/client/src/lib/docs/release-notes.json +++ b/client/src/lib/docs/release-notes.json @@ -9,7 +9,9 @@ "Fixed an issue preventing users from downloading Terraform code when using only existing VPCs and VPC Subnets", "Fixed an issue in the Power VS POC template where the LogDNA files were written to the AIX save files COS bucket" ], - "upgrade_notes": [] + "upgrade_notes": [ + "Updated the VPN as a Service template's default authentication method and changed the Secrets Manager to the Trial plan" + ] }, { "version": "1.15.5", diff --git a/client/src/lib/docs/templates/vpn-as-a-service.json b/client/src/lib/docs/templates/vpn-as-a-service.json index 39af4489..48e4f9c3 100644 --- a/client/src/lib/docs/templates/vpn-as-a-service.json +++ b/client/src/lib/docs/templates/vpn-as-a-service.json @@ -195,7 +195,7 @@ "kms": "kms", "secrets": [], "use_data": false, - "plan": "standard" + "plan": "trial" } ], "security_groups": [ @@ -509,8 +509,8 @@ "vpn_servers": [ { "name": "client-to-site", - "certificate_crn": "CHEATER", - "method": "certificate", + "certificate_crn": "", + "method": "INSECURE", "client_ca_crn": null, "client_ip_pool": "192.168.8.0/22", "enable_split_tunneling": false, @@ -531,8 +531,6 @@ "subnets": ["vpn-server-zone-1"], "additional_prefixes": ["192.168.8.0/22"], "zone": 1, - "bring_your_own_cert": false, - "DANGER_developer_certificate": true, "secrets_manager": "secrets-manager" } ], From 62a51bbef0f6c0e6ebfb1611c7c021bc480b4a6a Mon Sep 17 00:00:00 2001 From: jvallexm Date: Thu, 23 May 2024 13:15:30 -0400 Subject: [PATCH 7/9] 1933 disable save on v2 services (#1940) * fix: disable save on v2 services * fix: disable save on v2 services * fix: disable save on v2 services * sg fix * sg fix --- CHANGELOG.md | 3 + .../pages/cloud-services/CloudServices.js | 3 + .../pages/diagrams/ManageService.js | 10 +- .../components/pages/diagrams/RgServiceMap.js | 1 + client/src/lib/docs/release-notes.json | 5 +- .../docs/templates/power-poc-quick-start.json | 6 +- client/src/lib/forms/overview.js | 2 + client/src/lib/json-to-iac/security-groups.js | 5 - unit-tests/forms/overview.test.js | 589 +++++++++++++++++- .../json-to-iac/security-groups.test.js | 1 - unit-tests/json-to-iac/vpc.test.js | 4 +- 11 files changed, 612 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bc9a5b51..b30179f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,9 @@ All notable changes to this project will be documented in this file. - Fixed an issue causing Resource Groups assigned to Security Groups to not be correctly imported into VPC modules - Fixed an issue preventing users from downloading Terraform code when using only existing VPCs and VPC Subnets - Fixed an issue in the Power VS POC template where the LogDNA files were written to the AIX save files COS bucket +- Fixed an issue causing Cloud Services with missing values not to be highlighed red on the `/v2/services` page +- The Power VS POC Template Activity Tracker COS instance now correctly uses a random suffix to ensure unique resource naming +- Fixed an issue causing imported VPC Security Groups to fail on Terraform Plan ## 1.15.5 diff --git a/client/src/components/pages/cloud-services/CloudServices.js b/client/src/components/pages/cloud-services/CloudServices.js index 24f3e7e5..7bb431f2 100644 --- a/client/src/components/pages/cloud-services/CloudServices.js +++ b/client/src/components/pages/cloud-services/CloudServices.js @@ -587,7 +587,9 @@ class CloudServicesPage extends React.Component { service={{ type: "atracker", name: "atracker", + data: craig.store.json.atracker, }} + craig={craig} onClick={this.onServiceIconClick} isSelected={this.state.service === "atracker"} /> @@ -688,6 +690,7 @@ class CloudServicesPage extends React.Component { resourceGroup={rg} service={service} icon={serviceFormMap[service.type].icon} + craig={craig} onClick={this.onServiceIconClick} isSelected={ this.state.service === service.type && diff --git a/client/src/components/pages/diagrams/ManageService.js b/client/src/components/pages/diagrams/ManageService.js index b5a65845..c5413c0b 100644 --- a/client/src/components/pages/diagrams/ManageService.js +++ b/client/src/components/pages/diagrams/ManageService.js @@ -2,6 +2,7 @@ import { contains, titleCase } from "lazy-z"; import React from "react"; import PropTypes from "prop-types"; import { RenderForm } from "../../forms"; +import { disableSave } from "../../../lib"; export const ManageService = (props) => { return ( @@ -10,7 +11,14 @@ export const ManageService = (props) => { "manageService alignButtons" + (props.isSelected ? " serviceOpen" - : props.resourceGroup === "No Resource Group" + : disableSave( + props.service.overrideType || props.service.type, + props.service.data, + { + data: props.service.data, + craig: props.craig, + } + ) ? " noRgService" : "") + " " + diff --git a/client/src/components/pages/diagrams/RgServiceMap.js b/client/src/components/pages/diagrams/RgServiceMap.js index ad3f7bd0..ab24c443 100644 --- a/client/src/components/pages/diagrams/RgServiceMap.js +++ b/client/src/components/pages/diagrams/RgServiceMap.js @@ -110,6 +110,7 @@ export const RgServiceMap = (props) => { icon={serviceFormMap[service.type].icon} className="pointerEventsNone" small={props.small} + craig={props.craig} /> ); }) diff --git a/client/src/lib/docs/release-notes.json b/client/src/lib/docs/release-notes.json index dca69921..7e92ad1b 100644 --- a/client/src/lib/docs/release-notes.json +++ b/client/src/lib/docs/release-notes.json @@ -7,7 +7,10 @@ "fixes": [ "Fixed an issue causing Resource Groups assigned to Security Groups to not be correctly imported into VPC modules", "Fixed an issue preventing users from downloading Terraform code when using only existing VPCs and VPC Subnets", - "Fixed an issue in the Power VS POC template where the LogDNA files were written to the AIX save files COS bucket" + "Fixed an issue in the Power VS POC template where the LogDNA files were written to the AIX save files COS bucket", + "Fixed an issue causing Cloud Services with missing values not to be highlighed red on the `/v2/services` page", + "The Power VS POC Template Activity Tracker COS instance now correctly uses a random suffix to ensure unique resource naming", + "Fixed an issue causing imported VPC Security Groups to fail on Terraform Plan" ], "upgrade_notes": [ "Updated the VPN as a Service template's default authentication method and changed the Secrets Manager to the Trial plan" diff --git a/client/src/lib/docs/templates/power-poc-quick-start.json b/client/src/lib/docs/templates/power-poc-quick-start.json index a6a80d71..4d3d4edf 100644 --- a/client/src/lib/docs/templates/power-poc-quick-start.json +++ b/client/src/lib/docs/templates/power-poc-quick-start.json @@ -157,7 +157,7 @@ }, { "use_data": false, - "use_random_suffix": false, + "use_random_suffix": true, "name": "a-tracker", "resource_group": "service-rg", "plan": "standard", @@ -168,7 +168,7 @@ "storage_class": "standard", "kms_key": "atracker-key", "force_delete": false, - "use_random_suffix": false, + "use_random_suffix": true, "endpoint": null, "activity_tracking": false, "read_data_events": false, @@ -185,7 +185,7 @@ "name": "a-tracker-cos", "role": "Writer", "enable_hmac": false, - "use_random_suffix": false + "use_random_suffix": true } ] } diff --git a/client/src/lib/forms/overview.js b/client/src/lib/forms/overview.js index 510fa4f8..f64056d1 100644 --- a/client/src/lib/forms/overview.js +++ b/client/src/lib/forms/overview.js @@ -42,6 +42,7 @@ function getServices(craig, services) { serviceMap[rgName].push({ name: service.name, type: resourceType, + data: service, overrideType: resourceType === "icd" ? "cloud_databases" : undefined, }); @@ -65,6 +66,7 @@ function getServices(craig, services) { serviceMap[serviceRg].push({ name: observabilityService, type: observabilityService, + data: craig.store.json[observabilityService], }); } }); diff --git a/client/src/lib/json-to-iac/security-groups.js b/client/src/lib/json-to-iac/security-groups.js index 95cef681..2204bbf6 100644 --- a/client/src/lib/json-to-iac/security-groups.js +++ b/client/src/lib/json-to-iac/security-groups.js @@ -27,11 +27,6 @@ function ibmIsSecurityGroup(sg, config) { data: sg.use_data ? { name: sg.name, - vpc: vpcRef(sg.vpc).replace( - // if vpcs and use data replace opening with data. - "${", - "${data." - ), } : { name: kebabName([sg.vpc, sg.name, "sg"]), diff --git a/unit-tests/forms/overview.test.js b/unit-tests/forms/overview.test.js index 9dc6363e..a70691ca 100644 --- a/unit-tests/forms/overview.test.js +++ b/unit-tests/forms/overview.test.js @@ -35,16 +35,114 @@ describe("overview", () => { name: "kms", type: "key_management", overrideType: undefined, + data: { + name: "kms", + resource_group: "service-rg", + use_hs_crypto: false, + authorize_vpc_reader_role: true, + use_data: false, + keys: [ + { + key_ring: "ring", + name: "key", + root_key: true, + force_delete: true, + endpoint: "public", + rotation: 1, + dual_auth_delete: false, + }, + { + key_ring: "ring", + name: "atracker-key", + root_key: true, + force_delete: true, + endpoint: "public", + rotation: 1, + dual_auth_delete: false, + }, + { + key_ring: "ring", + name: "vsi-volume-key", + root_key: true, + force_delete: true, + endpoint: "public", + rotation: 1, + dual_auth_delete: false, + }, + { + key_ring: "ring", + name: "roks-key", + root_key: true, + force_delete: null, + endpoint: null, + rotation: 1, + dual_auth_delete: false, + }, + ], + }, }, { name: "atracker-cos", type: "object_storage", overrideType: undefined, + data: { + buckets: [ + { + endpoint: "public", + force_delete: true, + kms_key: "atracker-key", + name: "atracker-bucket", + storage_class: "standard", + use_random_suffix: true, + }, + ], + keys: [ + { + name: "cos-bind-key", + role: "Writer", + enable_hmac: false, + use_random_suffix: true, + }, + ], + name: "atracker-cos", + plan: "standard", + resource_group: "service-rg", + use_data: false, + use_random_suffix: true, + kms: "kms", + }, }, { name: "cos", type: "object_storage", overrideType: undefined, + data: { + buckets: [ + { + endpoint: "public", + force_delete: true, + kms_key: "key", + name: "management-bucket", + storage_class: "standard", + use_random_suffix: true, + }, + { + endpoint: "public", + force_delete: true, + kms_key: "key", + name: "workload-bucket", + storage_class: "standard", + use_random_suffix: true, + }, + ], + use_random_suffix: true, + keys: [], + name: "cos", + plan: "standard", + resource_group: "service-rg", + use_data: false, + kms: "kms", + }, }, ], "workload-rg": [], @@ -84,28 +182,141 @@ describe("overview", () => { name: "kms", type: "key_management", overrideType: undefined, + data: { + name: "kms", + resource_group: null, + use_hs_crypto: false, + authorize_vpc_reader_role: true, + use_data: false, + keys: [ + { + key_ring: "ring", + name: "key", + root_key: true, + force_delete: true, + endpoint: "public", + rotation: 1, + dual_auth_delete: false, + }, + { + key_ring: "ring", + name: "atracker-key", + root_key: true, + force_delete: true, + endpoint: "public", + rotation: 1, + dual_auth_delete: false, + }, + { + key_ring: "ring", + name: "vsi-volume-key", + root_key: true, + force_delete: true, + endpoint: "public", + rotation: 1, + dual_auth_delete: false, + }, + { + key_ring: "ring", + name: "roks-key", + root_key: true, + force_delete: null, + endpoint: null, + rotation: 1, + dual_auth_delete: false, + }, + ], + }, }, ], "management-rg": [], "service-rg": [ { name: "default", - overrideType: "cloud_databases", type: "icd", + data: { + name: "default", + resource_group: "service-rg", + kms: null, + encryption_key: null, + }, + overrideType: "cloud_databases", }, { name: "atracker-cos", type: "object_storage", overrideType: undefined, + data: { + buckets: [ + { + endpoint: "public", + force_delete: true, + kms_key: "atracker-key", + name: "atracker-bucket", + storage_class: "standard", + use_random_suffix: true, + }, + ], + keys: [ + { + name: "cos-bind-key", + role: "Writer", + enable_hmac: false, + use_random_suffix: true, + }, + ], + name: "atracker-cos", + plan: "standard", + resource_group: "service-rg", + use_data: false, + use_random_suffix: true, + kms: "kms", + }, }, { name: "cos", type: "object_storage", overrideType: undefined, + data: { + buckets: [ + { + endpoint: "public", + force_delete: true, + kms_key: "key", + name: "management-bucket", + storage_class: "standard", + use_random_suffix: true, + }, + { + endpoint: "public", + force_delete: true, + kms_key: "key", + name: "workload-bucket", + storage_class: "standard", + use_random_suffix: true, + }, + ], + use_random_suffix: true, + keys: [], + name: "cos", + plan: "standard", + resource_group: "service-rg", + use_data: false, + kms: "kms", + }, }, { name: "logdna", type: "logdna", + data: { + enabled: true, + plan: "lite", + endpoints: "private", + platform_logs: false, + resource_group: "service-rg", + cos: "atracker-cos", + bucket: "atracker-bucket", + }, }, ], "workload-rg": [], @@ -146,28 +357,141 @@ describe("overview", () => { name: "kms", type: "key_management", overrideType: undefined, + data: { + name: "kms", + resource_group: null, + use_hs_crypto: false, + authorize_vpc_reader_role: true, + use_data: false, + keys: [ + { + key_ring: "ring", + name: "key", + root_key: true, + force_delete: true, + endpoint: "public", + rotation: 1, + dual_auth_delete: false, + }, + { + key_ring: "ring", + name: "atracker-key", + root_key: true, + force_delete: true, + endpoint: "public", + rotation: 1, + dual_auth_delete: false, + }, + { + key_ring: "ring", + name: "vsi-volume-key", + root_key: true, + force_delete: true, + endpoint: "public", + rotation: 1, + dual_auth_delete: false, + }, + { + key_ring: "ring", + name: "roks-key", + root_key: true, + force_delete: null, + endpoint: null, + rotation: 1, + dual_auth_delete: false, + }, + ], + }, }, { name: "logdna", type: "logdna", + data: { + enabled: true, + plan: "lite", + endpoints: "private", + platform_logs: false, + resource_group: null, + cos: "atracker-cos", + bucket: "atracker-bucket", + }, }, ], "management-rg": [], "service-rg": [ { name: "default", - overrideType: "cloud_databases", type: "icd", + data: { + name: "default", + resource_group: "service-rg", + kms: null, + encryption_key: null, + }, + overrideType: "cloud_databases", }, { name: "atracker-cos", type: "object_storage", overrideType: undefined, + data: { + buckets: [ + { + endpoint: "public", + force_delete: true, + kms_key: "atracker-key", + name: "atracker-bucket", + storage_class: "standard", + use_random_suffix: true, + }, + ], + keys: [ + { + name: "cos-bind-key", + role: "Writer", + enable_hmac: false, + use_random_suffix: true, + }, + ], + name: "atracker-cos", + plan: "standard", + resource_group: "service-rg", + use_data: false, + use_random_suffix: true, + kms: "kms", + }, }, { name: "cos", type: "object_storage", overrideType: undefined, + data: { + buckets: [ + { + endpoint: "public", + force_delete: true, + kms_key: "key", + name: "management-bucket", + storage_class: "standard", + use_random_suffix: true, + }, + { + endpoint: "public", + force_delete: true, + kms_key: "key", + name: "workload-bucket", + storage_class: "standard", + use_random_suffix: true, + }, + ], + use_random_suffix: true, + keys: [], + name: "cos", + plan: "standard", + resource_group: "service-rg", + use_data: false, + kms: "kms", + }, }, ], "workload-rg": [], @@ -209,32 +533,156 @@ describe("overview", () => { name: "kms", type: "key_management", overrideType: undefined, + data: { + name: "kms", + resource_group: null, + use_hs_crypto: false, + authorize_vpc_reader_role: true, + use_data: false, + keys: [ + { + key_ring: "ring", + name: "key", + root_key: true, + force_delete: true, + endpoint: "public", + rotation: 1, + dual_auth_delete: false, + }, + { + key_ring: "ring", + name: "atracker-key", + root_key: true, + force_delete: true, + endpoint: "public", + rotation: 1, + dual_auth_delete: false, + }, + { + key_ring: "ring", + name: "vsi-volume-key", + root_key: true, + force_delete: true, + endpoint: "public", + rotation: 1, + dual_auth_delete: false, + }, + { + key_ring: "ring", + name: "roks-key", + root_key: true, + force_delete: null, + endpoint: null, + rotation: 1, + dual_auth_delete: false, + }, + ], + }, }, { name: "logdna", type: "logdna", + data: { + enabled: true, + plan: "lite", + endpoints: "private", + platform_logs: false, + resource_group: null, + cos: "atracker-cos", + bucket: "atracker-bucket", + }, }, { name: "atracker", type: "atracker", + data: { + enabled: true, + type: "cos", + name: "atracker", + target_name: "atracker-cos", + bucket: "atracker-bucket", + add_route: true, + cos_key: "cos-bind-key", + locations: ["global", "us-south"], + instance: true, + }, }, ], "management-rg": [], "service-rg": [ { name: "default", - overrideType: "cloud_databases", type: "icd", + data: { + name: "default", + resource_group: "service-rg", + kms: null, + encryption_key: null, + }, + overrideType: "cloud_databases", }, { name: "atracker-cos", type: "object_storage", overrideType: undefined, + data: { + buckets: [ + { + endpoint: "public", + force_delete: true, + kms_key: "atracker-key", + name: "atracker-bucket", + storage_class: "standard", + use_random_suffix: true, + }, + ], + keys: [ + { + name: "cos-bind-key", + role: "Writer", + enable_hmac: false, + use_random_suffix: true, + }, + ], + name: "atracker-cos", + plan: "standard", + resource_group: "service-rg", + use_data: false, + use_random_suffix: true, + kms: "kms", + }, }, { name: "cos", type: "object_storage", overrideType: undefined, + data: { + buckets: [ + { + endpoint: "public", + force_delete: true, + kms_key: "key", + name: "management-bucket", + storage_class: "standard", + use_random_suffix: true, + }, + { + endpoint: "public", + force_delete: true, + kms_key: "key", + name: "workload-bucket", + storage_class: "standard", + use_random_suffix: true, + }, + ], + use_random_suffix: true, + keys: [], + name: "cos", + plan: "standard", + resource_group: "service-rg", + use_data: false, + kms: "kms", + }, }, ], "workload-rg": [], @@ -277,41 +725,174 @@ describe("overview", () => { name: "kms", type: "key_management", overrideType: undefined, + data: { + name: "kms", + resource_group: null, + use_hs_crypto: false, + authorize_vpc_reader_role: true, + use_data: false, + keys: [ + { + key_ring: "ring", + name: "key", + root_key: true, + force_delete: true, + endpoint: "public", + rotation: 1, + dual_auth_delete: false, + }, + { + key_ring: "ring", + name: "atracker-key", + root_key: true, + force_delete: true, + endpoint: "public", + rotation: 1, + dual_auth_delete: false, + }, + { + key_ring: "ring", + name: "vsi-volume-key", + root_key: true, + force_delete: true, + endpoint: "public", + rotation: 1, + dual_auth_delete: false, + }, + { + key_ring: "ring", + name: "roks-key", + root_key: true, + force_delete: null, + endpoint: null, + rotation: 1, + dual_auth_delete: false, + }, + ], + }, }, { name: "logdna", type: "logdna", + data: { + enabled: true, + plan: "lite", + endpoints: "private", + platform_logs: false, + resource_group: null, + cos: "atracker-cos", + bucket: "atracker-bucket", + }, }, { name: "atracker", type: "atracker", + data: { + enabled: true, + type: "cos", + name: "atracker", + target_name: "atracker-cos", + bucket: "atracker-bucket", + add_route: true, + cos_key: "cos-bind-key", + locations: ["global", "us-south"], + instance: true, + }, }, { name: "scc_v2", type: "scc_v2", + data: { + enable: true, + resource_group: null, + region: "", + account_id: "${var.account_id}", + profile_attachments: [], + }, }, ], "management-rg": [], "service-rg": [ { name: "default", - overrideType: "cloud_databases", type: "icd", + overrideType: undefined, + data: { + name: "default", + resource_group: "service-rg", + kms: null, + encryption_key: null, + }, + overrideType: "cloud_databases", }, { name: "atracker-cos", type: "object_storage", overrideType: undefined, + data: { + buckets: [ + { + endpoint: "public", + force_delete: true, + kms_key: "atracker-key", + name: "atracker-bucket", + storage_class: "standard", + use_random_suffix: true, + }, + ], + keys: [ + { + name: "cos-bind-key", + role: "Writer", + enable_hmac: false, + use_random_suffix: true, + }, + ], + name: "atracker-cos", + plan: "standard", + resource_group: "service-rg", + use_data: false, + use_random_suffix: true, + kms: "kms", + }, }, { name: "cos", type: "object_storage", overrideType: undefined, + data: { + buckets: [ + { + endpoint: "public", + force_delete: true, + kms_key: "key", + name: "management-bucket", + storage_class: "standard", + use_random_suffix: true, + }, + { + endpoint: "public", + force_delete: true, + kms_key: "key", + name: "workload-bucket", + storage_class: "standard", + use_random_suffix: true, + }, + ], + use_random_suffix: true, + keys: [], + name: "cos", + plan: "standard", + resource_group: "service-rg", + use_data: false, + kms: "kms", + }, }, ], "workload-rg": [], }, }; + assert.deepEqual( actualData, expectedData, diff --git a/unit-tests/json-to-iac/security-groups.test.js b/unit-tests/json-to-iac/security-groups.test.js index af726ab7..ab837fa9 100644 --- a/unit-tests/json-to-iac/security-groups.test.js +++ b/unit-tests/json-to-iac/security-groups.test.js @@ -356,7 +356,6 @@ resource "ibm_is_security_group" "management_vpc_management_vpe_sg_sg" { let expectedData = ` data "ibm_is_security_group" "management_vpc_management_vpe_sg_sg" { name = "management-vpe-sg" - vpc = data.ibm_is_vpc.management_vpc.id } `; assert.deepEqual(actualData, expectedData, "it should return correct tf"); diff --git a/unit-tests/json-to-iac/vpc.test.js b/unit-tests/json-to-iac/vpc.test.js index 6a8212f6..18dbe04f 100644 --- a/unit-tests/json-to-iac/vpc.test.js +++ b/unit-tests/json-to-iac/vpc.test.js @@ -5259,7 +5259,7 @@ resource "ibm_is_subnet" "customer_a_subnet_tier_zone_2" { "acl_customer_a_subnet_acl.tf": '##############################################################################\n# Customer A Subnet Acl ACL\n##############################################################################\n\nresource "ibm_is_network_acl" "customer_a_subnet_acl_acl" {\n name = "${var.prefix}-customer-a-subnet-acl-acl"\n vpc = data.ibm_is_vpc.customer_a_vpc.id\n resource_group = var.craig_rg_id\n tags = [\n "hello",\n "world"\n ]\n rules {\n source = "0.0.0.0"\n action = "allow"\n destination = "0.0.0.0"\n direction = "inbound"\n name = "allow-all-inbound"\n }\n rules {\n source = "0.0.0.0"\n action = "allow"\n destination = "0.0.0.0"\n direction = "outbound"\n name = "allow-all-outbound"\n }\n}\n\n##############################################################################\n', "sg_vsi_sg.tf": - '##############################################################################\n# Security Group VSI Sg\n##############################################################################\n\ndata "ibm_is_security_group" "customer_a_vpc_vsi_sg_sg" {\n name = "vsi-sg"\n vpc = data.ibm_is_vpc.customer_a_vpc.id\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ssh" {\n group = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n remote = "0.0.0.0"\n direction = "inbound"\n tcp {\n port_min = 22\n port_max = 22\n }\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ping" {\n group = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n remote = "0.0.0.0"\n direction = "inbound"\n icmp {\n type = 8\n code = 8\n }\n}\n\n##############################################################################\n', + '##############################################################################\n# Security Group VSI Sg\n##############################################################################\n\ndata "ibm_is_security_group" "customer_a_vpc_vsi_sg_sg" {\n name = "vsi-sg"\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ssh" {\n group = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n remote = "0.0.0.0"\n direction = "inbound"\n tcp {\n port_min = 22\n port_max = 22\n }\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ping" {\n group = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n remote = "0.0.0.0"\n direction = "inbound"\n icmp {\n type = 8\n code = 8\n }\n}\n\n##############################################################################\n', "outputs.tf": '##############################################################################\n# Customer AVPC Outputs\n##############################################################################\n\noutput "name" {\n value = data.ibm_is_vpc.customer_a_vpc.name\n}\n\noutput "id" {\n value = data.ibm_is_vpc.customer_a_vpc.id\n}\n\noutput "crn" {\n value = data.ibm_is_vpc.customer_a_vpc.crn\n}\n\noutput "subnet_tier_zone_1_name" {\n value = ibm_is_subnet.customer_a_subnet_tier_zone_1.name\n}\n\noutput "subnet_tier_zone_1_id" {\n value = ibm_is_subnet.customer_a_subnet_tier_zone_1.id\n}\n\noutput "subnet_tier_zone_1_crn" {\n value = ibm_is_subnet.customer_a_subnet_tier_zone_1.crn\n}\n\noutput "subnet_tier_zone_2_name" {\n value = ibm_is_subnet.customer_a_subnet_tier_zone_2.name\n}\n\noutput "subnet_tier_zone_2_id" {\n value = ibm_is_subnet.customer_a_subnet_tier_zone_2.id\n}\n\noutput "subnet_tier_zone_2_crn" {\n value = ibm_is_subnet.customer_a_subnet_tier_zone_2.crn\n}\n\noutput "vsi_sg_name" {\n value = data.ibm_is_security_group.customer_a_vpc_vsi_sg_sg.name\n}\n\noutput "vsi_sg_id" {\n value = data.ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n}\n\n##############################################################################\n', }, @@ -5643,7 +5643,7 @@ resource "ibm_is_subnet" "customer_a_subnet_tier_zone_2" { "acl_customer_a_subnet_acl.tf": '##############################################################################\n# Customer A Subnet Acl ACL\n##############################################################################\n\nresource "ibm_is_network_acl" "customer_a_subnet_acl_acl" {\n name = "${var.prefix}-customer-a-subnet-acl-acl"\n vpc = data.ibm_is_vpc.customer_a_vpc.id\n resource_group = var.craig_rg_id\n tags = [\n "hello",\n "world"\n ]\n rules {\n source = "0.0.0.0"\n action = "allow"\n destination = "0.0.0.0"\n direction = "inbound"\n name = "allow-all-inbound"\n }\n rules {\n source = "0.0.0.0"\n action = "allow"\n destination = "0.0.0.0"\n direction = "outbound"\n name = "allow-all-outbound"\n }\n}\n\n##############################################################################\n', "sg_vsi_sg.tf": - '##############################################################################\n# Security Group VSI Sg\n##############################################################################\n\ndata "ibm_is_security_group" "customer_a_vpc_vsi_sg_sg" {\n name = "vsi-sg"\n vpc = data.ibm_is_vpc.customer_a_vpc.id\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ssh" {\n group = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n remote = "0.0.0.0"\n direction = "inbound"\n tcp {\n port_min = 22\n port_max = 22\n }\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ping" {\n group = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n remote = "0.0.0.0"\n direction = "inbound"\n icmp {\n type = 8\n code = 8\n }\n}\n\n##############################################################################\n', + '##############################################################################\n# Security Group VSI Sg\n##############################################################################\n\ndata "ibm_is_security_group" "customer_a_vpc_vsi_sg_sg" {\n name = "vsi-sg"\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ssh" {\n group = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n remote = "0.0.0.0"\n direction = "inbound"\n tcp {\n port_min = 22\n port_max = 22\n }\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ping" {\n group = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n remote = "0.0.0.0"\n direction = "inbound"\n icmp {\n type = 8\n code = 8\n }\n}\n\n##############################################################################\n', "outputs.tf": '##############################################################################\n# Customer AVPC Outputs\n##############################################################################\n\noutput "name" {\n value = data.ibm_is_vpc.customer_a_vpc.name\n}\n\noutput "id" {\n value = data.ibm_is_vpc.customer_a_vpc.id\n}\n\noutput "crn" {\n value = data.ibm_is_vpc.customer_a_vpc.crn\n}\n\noutput "subnet_tier_zone_1_name" {\n value = data.ibm_is_subnet.customer_a_subnet_tier_zone_1.name\n}\n\noutput "subnet_tier_zone_1_id" {\n value = data.ibm_is_subnet.customer_a_subnet_tier_zone_1.id\n}\n\noutput "subnet_tier_zone_1_crn" {\n value = data.ibm_is_subnet.customer_a_subnet_tier_zone_1.crn\n}\n\noutput "vsi_sg_name" {\n value = data.ibm_is_security_group.customer_a_vpc_vsi_sg_sg.name\n}\n\noutput "vsi_sg_id" {\n value = data.ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n}\n\n##############################################################################\n', }, From 5aff9f7e584d51fabca158405c203748cea18bcd Mon Sep 17 00:00:00 2001 From: Ay1man2 Date: Thu, 23 May 2024 13:53:52 -0700 Subject: [PATCH 8/9] Issue 1920: reset image selection when renaming existing power workspaces (#1921) * added logic to reset images when existing power workspace name changed * prettier formatting * removed unused import * removed craig from describe * remove disabled, clear images on name change * added componentdidupdate for name change * prettier formatting * updated changelog * moved changelog to latest version --- CHANGELOG.md | 1 + .../dynamic-form/DynamicFetchMultiSelect.js | 7 ++++-- client/src/lib/docs/release-notes.json | 3 ++- .../power-vs/power-vs-workspace-schema.js | 6 +++++ client/src/lib/state/reusable-fields.js | 1 + unit-tests/state/power-vs.test.js | 23 ++++++++++++++++++- 6 files changed, 37 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b30179f1..3aafcaf9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ All notable changes to this project will be documented in this file. - Fixed an issue causing Cloud Services with missing values not to be highlighed red on the `/v2/services` page - The Power VS POC Template Activity Tracker COS instance now correctly uses a random suffix to ensure unique resource naming - Fixed an issue causing imported VPC Security Groups to fail on Terraform Plan +- Power VS Images are now reset when changing zones or changing the name of an existing workspace ## 1.15.5 diff --git a/client/src/components/forms/dynamic-form/DynamicFetchMultiSelect.js b/client/src/components/forms/dynamic-form/DynamicFetchMultiSelect.js index 78a99731..8c5ac7d6 100644 --- a/client/src/components/forms/dynamic-form/DynamicFetchMultiSelect.js +++ b/client/src/components/forms/dynamic-form/DynamicFetchMultiSelect.js @@ -43,9 +43,12 @@ class DynamicFetchMultiSelect extends React.Component { this._isMounted = false; } - // Force re-fetch of images on zone change + // Force re-fetch of images on name or zone change componentDidUpdate(prevProps) { - if (prevProps.parentState.zone != this.props.parentState.zone) { + if ( + prevProps.parentState.zone != this.props.parentState.zone || + prevProps.parentState.name != this.props.parentState.name + ) { this._isMounted = false; this.setState({ data: ["Loading..."] }, () => { this.componentDidMount(); diff --git a/client/src/lib/docs/release-notes.json b/client/src/lib/docs/release-notes.json index 7e92ad1b..c3c2f38a 100644 --- a/client/src/lib/docs/release-notes.json +++ b/client/src/lib/docs/release-notes.json @@ -10,7 +10,8 @@ "Fixed an issue in the Power VS POC template where the LogDNA files were written to the AIX save files COS bucket", "Fixed an issue causing Cloud Services with missing values not to be highlighed red on the `/v2/services` page", "The Power VS POC Template Activity Tracker COS instance now correctly uses a random suffix to ensure unique resource naming", - "Fixed an issue causing imported VPC Security Groups to fail on Terraform Plan" + "Fixed an issue causing imported VPC Security Groups to fail on Terraform Plan", + "Power VS Images are now reset when changing zones or changing the name of an existing workspace" ], "upgrade_notes": [ "Updated the VPN as a Service template's default authentication method and changed the Secrets Manager to the Trial plan" diff --git a/client/src/lib/state/power-vs/power-vs-workspace-schema.js b/client/src/lib/state/power-vs/power-vs-workspace-schema.js index acdcc3c3..e73a95f0 100644 --- a/client/src/lib/state/power-vs/power-vs-workspace-schema.js +++ b/client/src/lib/state/power-vs/power-vs-workspace-schema.js @@ -28,6 +28,12 @@ function powerVsWorkspaceSchema() { ? stateData.name : `${componentProps.craig.store.json._options.prefix}-power-workspace-${stateData.name}`; }, + onStateChange: function (stateData) { + if (stateData.use_data) { + stateData.imageNames = []; + stateData.images = []; + } + }, }), resource_group: resourceGroupsField(), zone: { diff --git a/client/src/lib/state/reusable-fields.js b/client/src/lib/state/reusable-fields.js index 56f78ffc..c089bfa7 100644 --- a/client/src/lib/state/reusable-fields.js +++ b/client/src/lib/state/reusable-fields.js @@ -529,6 +529,7 @@ function nameField(jsonField, options) { readOnly: options?.readOnly, tooltip: options?.tooltip, disabledText: options?.invalidText, + onStateChange: options?.onStateChange, }; } diff --git a/unit-tests/state/power-vs.test.js b/unit-tests/state/power-vs.test.js index 553ff938..709bd56c 100644 --- a/unit-tests/state/power-vs.test.js +++ b/unit-tests/state/power-vs.test.js @@ -440,7 +440,7 @@ describe("power-vs", () => { }); }); describe("power.schema", () => { - describe("craig.power.name.helperText", () => { + describe("power.name.helperText", () => { it("should return correct helper text for name when use data", () => { assert.deepEqual( craig.power.name.helperText({ use_data: true, name: "name" }), @@ -469,6 +469,27 @@ describe("power-vs", () => { ); }); }); + describe("power.name.onStateChange", () => { + it("should clear images when changing name of imported workspace", () => { + let data = { use_data: true }; + let expectedData = { + use_data: true, + imageNames: [], + images: [], + }; + craig.power.name.onStateChange(data); + assert.deepEqual(data, expectedData, "it should clear images"); + }); + it("should not clear images when changing name of CRAIG created workspace", () => { + let data = { use_data: false, imageNames: ["testImage"] }; + let expectedData = { + use_data: false, + imageNames: ["testImage"], + }; + craig.power.name.onStateChange(data); + assert.deepEqual(data, expectedData, "it should not clear images"); + }); + }); describe("power.zone", () => { describe("power.zone.onStateChange", () => { it("should set images when changing zone", () => { From 39330e10ee263343df391345369d006dd19c94f4 Mon Sep 17 00:00:00 2001 From: Ay1man2 Date: Fri, 24 May 2024 11:11:59 -0700 Subject: [PATCH 9/9] Issue 1944: Updated deprecated AIX Stock Images in templates (#1945) * updated all templates to remove deprecated images, replaced depracted AIX images * update changelog + prettier formatting * added missing VSI images, removed depends on from networks for oracle-rac, updated AIX images to latest version --- CHANGELOG.md | 1 + client/src/lib/docs/release-notes.json | 3 +- client/src/lib/docs/templates/oracle-rac.json | 86 +++++++++++++------ client/src/lib/docs/templates/oracle-si.json | 51 ++++++++--- .../docs/templates/power-poc-quick-start.json | 20 ++--- .../lib/docs/templates/power-sap-hana.json | 67 ++------------- .../lib/docs/templates/quick-start-power.json | 36 ++++++-- .../lib/docs/templates/vpn-as-a-service.json | 34 ++++++-- 8 files changed, 174 insertions(+), 124 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3aafcaf9..fea4b1dd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ All notable changes to this project will be documented in this file. ### Upgrade Notes - Updated the VPN as a Service template's default authentication method and changed the Secrets Manager to the Trial plan +- Updated AIX stock images and removed deprecated images for all templates with invalid image references ### Features diff --git a/client/src/lib/docs/release-notes.json b/client/src/lib/docs/release-notes.json index c3c2f38a..ff4df754 100644 --- a/client/src/lib/docs/release-notes.json +++ b/client/src/lib/docs/release-notes.json @@ -14,7 +14,8 @@ "Power VS Images are now reset when changing zones or changing the name of an existing workspace" ], "upgrade_notes": [ - "Updated the VPN as a Service template's default authentication method and changed the Secrets Manager to the Trial plan" + "Updated the VPN as a Service template's default authentication method and changed the Secrets Manager to the Trial plan", + "Updated AIX stock images and removed deprecated images for all templates with invalid image references" ] }, { diff --git a/client/src/lib/docs/templates/oracle-rac.json b/client/src/lib/docs/templates/oracle-rac.json index 3f9e00dc..de55f397 100644 --- a/client/src/lib/docs/templates/oracle-rac.json +++ b/client/src/lib/docs/templates/oracle-rac.json @@ -11,12 +11,13 @@ "dynamic_subnets": false, "enable_power_vs": true, "power_vs_zones": ["dal12", "dal10", "us-south"], - "craig_version": "1.10.0", + "craig_version": "1.15.6", "power_vs_high_availability": false, "no_vpn_secrets_manager_auth": false, "power_vs_ha_zone_1": null, "power_vs_ha_zone_2": null, - "manual_power_vsi_naming": false + "manual_power_vsi_naming": false, + "template": "Power VS Oracle Ready" }, "access_groups": [], "appid": [], @@ -36,12 +37,19 @@ }, "cbr_rules": [], "cbr_zones": [], + "cis": [], + "cis_glbs": [], + "classic_bare_metal": [], + "classic_gateways": [], + "classic_security_groups": [], "classic_ssh_keys": [], "classic_vlans": [], + "classic_vsi": [], "clusters": [], "dns": [], "event_streams": [], "f5_vsi": [], + "fortigate_vnf": [], "iam_account_settings": { "enable": false, "mfa": null, @@ -250,15 +258,15 @@ "cloud_connections": [], "images": [ { - "name": "7300-00-01", + "name": "7300-02-01", "workspace": "oracle-template", "zone": "dal12", - "pi_image_id": "2cf98f53-433d-4c7a-bc46-1f2dfcc04066", + "pi_image_id": "dd13124c-1212-4b25-a2aa-17dabc040eaa", "workspace_use_data": false } ], "attachments": [], - "imageNames": ["7300-00-01"], + "imageNames": ["7300-02-01"], "use_data": false } ], @@ -266,7 +274,7 @@ { "name": "oracle-1", "workspace": "oracle-template", - "image": "7300-00-01", + "image": "7300-02-01", "network": [ { "name": "oracle-private-1", @@ -306,12 +314,13 @@ "pi_ibmi_rds_users": null, "pi_user_data": null, "pi_pin_policy": "none", - "pi_license_repository_capacity": null + "pi_license_repository_capacity": null, + "index": 0 }, { "name": "oracle-2", "workspace": "oracle-template", - "image": "7300-00-01", + "image": "7300-02-01", "network": [ { "name": "oracle-private-1", @@ -351,7 +360,8 @@ "pi_ibmi_rds_users": null, "pi_user_data": null, "pi_pin_policy": "none", - "pi_license_repository_capacity": null + "pi_license_repository_capacity": null, + "index": 1 } ], "power_volumes": [ @@ -373,7 +383,8 @@ "pi_affinity_instance": "oracle-1", "pi_volume_pool": null, "pi_affinity_volume": null, - "count": null + "count": null, + "index": 0 }, { "name": "oracle-1-db-2", @@ -393,7 +404,8 @@ "pi_affinity_instance": "oracle-1", "pi_volume_pool": null, "pi_affinity_volume": null, - "count": null + "count": null, + "index": 1 }, { "name": "oracle-2-db-1", @@ -413,7 +425,8 @@ "pi_affinity_instance": "oracle-2", "pi_volume_pool": null, "pi_affinity_volume": null, - "count": null + "count": null, + "index": 2 }, { "name": "oracle-2-db-2", @@ -433,7 +446,8 @@ "pi_affinity_instance": "oracle-2", "pi_volume_pool": null, "pi_affinity_volume": null, - "count": null + "count": null, + "index": 3 }, { "name": "redo-1", @@ -452,7 +466,8 @@ "pi_affinity_instance": null, "pi_anti_affinity_volume": null, "pi_anti_affinity_instance": null, - "count": null + "count": null, + "index": 4 }, { "name": "redo-2", @@ -471,7 +486,8 @@ "pi_affinity_instance": null, "pi_anti_affinity_volume": null, "pi_anti_affinity_instance": null, - "count": null + "count": null, + "index": 5 }, { "name": "asm-data-1", @@ -491,7 +507,8 @@ "pi_anti_affinity_volume": null, "pi_anti_affinity_instance": null, "pi_volume_pool": null, - "count": null + "count": null, + "index": 6 }, { "name": "asm-data-2", @@ -510,7 +527,8 @@ "pi_affinity_instance": null, "pi_anti_affinity_volume": null, "pi_anti_affinity_instance": null, - "count": null + "count": null, + "index": 7 }, { "name": "management", @@ -529,7 +547,8 @@ "pi_affinity_instance": null, "pi_anti_affinity_volume": null, "pi_anti_affinity_instance": null, - "count": null + "count": null, + "index": 8 }, { "name": "vote-1", @@ -549,7 +568,8 @@ "pi_affinity_instance": "oracle-1", "pi_volume_pool": null, "pi_affinity_volume": null, - "count": null + "count": null, + "index": 9 }, { "name": "vote-2", @@ -569,7 +589,8 @@ "pi_affinity_instance": "oracle-1", "pi_volume_pool": null, "pi_affinity_volume": null, - "count": null + "count": null, + "index": 10 }, { "name": "vote-3", @@ -589,7 +610,8 @@ "pi_affinity_instance": "oracle-1", "pi_volume_pool": null, "pi_affinity_volume": null, - "count": null + "count": null, + "index": 11 } ], "resource_groups": [ @@ -626,6 +648,17 @@ "scope_description": null, "enable": false }, + "scc_v2": { + "enable": false, + "resource_group": null, + "region": null, + "account_id": "${var.account_id}", + "profile_attachments": [], + "name": null, + "use_cos": false, + "cos": null, + "bucket": null + }, "secrets_manager": [], "security_groups": [ { @@ -1720,7 +1753,7 @@ { "kms": "kms", "encryption_key": "vsi-volume-key", - "image": "ibm-ubuntu-22-04-1-minimal-amd64-1", + "image": "ibm-ubuntu-22-04-4-minimal-amd64-1", "profile": "cx2-4x8", "name": "management-server", "security_groups": ["management-vsi"], @@ -1733,7 +1766,7 @@ "user_data": null, "network_interfaces": [], "volumes": [], - "image_name": null, + "image_name": "Ubuntu Linux 22.04 LTS Jammy Jellyfish Minimal Install (amd64) [ibm-ubuntu-22-04-4-minimal-amd64-1]", "enable_floating_ip": false, "primary_interface_ip_spoofing": false, "use_variable_names": false, @@ -1749,8 +1782,7 @@ { "kms": "kms", "encryption_key": "vsi-volume-key", - "image": "ibm-ubuntu-22-04-3-minimal-amd64-1", - "image_name": "Ubuntu Linux 22.04 LTS Jammy Jellyfish Minimal Install (amd64) [ibm-ubuntu-22-04-3-minimal-amd64-1]", + "image": "ibm-ubuntu-22-04-4-minimal-amd64-1", "profile": "bx2-2x8", "name": "workload-server", "security_groups": ["workload-vpe"], @@ -1763,6 +1795,7 @@ "network_interfaces": [], "subnets": ["vsi-zone-1", "vsi-zone-2", "vsi-zone-3"], "volumes": [], + "image_name": "Ubuntu Linux 22.04 LTS Jammy Jellyfish Minimal Install (amd64) [ibm-ubuntu-22-04-4-minimal-amd64-1]", "subnet": "", "enable_floating_ip": false, "primary_interface_ip_spoofing": false, @@ -1772,5 +1805,6 @@ "reserved_ips": [[""], [""], [""]], "enable_static_ips": false } - ] + ], + "vtl": [] } diff --git a/client/src/lib/docs/templates/oracle-si.json b/client/src/lib/docs/templates/oracle-si.json index 895e3e8a..5912f081 100644 --- a/client/src/lib/docs/templates/oracle-si.json +++ b/client/src/lib/docs/templates/oracle-si.json @@ -10,13 +10,14 @@ "dynamic_subnets": false, "enable_power_vs": true, "power_vs_zones": ["dal12", "dal10", "us-south"], - "craig_version": "1.12.0", + "craig_version": "1.15.6", "power_vs_high_availability": false, "no_vpn_secrets_manager_auth": false, "enable_classic": false, "power_vs_ha_zone_1": null, "power_vs_ha_zone_2": null, - "manual_power_vsi_naming": false + "manual_power_vsi_naming": false, + "template": "Power VS Oracle Single Instance" }, "access_groups": [], "appid": [], @@ -36,12 +37,19 @@ }, "cbr_rules": [], "cbr_zones": [], + "cis": [], + "cis_glbs": [], + "classic_bare_metal": [], + "classic_gateways": [], + "classic_security_groups": [], "classic_ssh_keys": [], "classic_vlans": [], + "classic_vsi": [], "clusters": [], "dns": [], "event_streams": [], "f5_vsi": [], + "fortigate_vnf": [], "iam_account_settings": { "enable": false, "mfa": null, @@ -226,15 +234,15 @@ "cloud_connections": [], "images": [ { - "name": "7300-00-01", + "name": "7300-02-01", "workspace": "oracle-template", "zone": "dal12", - "pi_image_id": "2cf98f53-433d-4c7a-bc46-1f2dfcc04066", + "pi_image_id": "dd13124c-1212-4b25-a2aa-17dabc040eaa", "workspace_use_data": false } ], "attachments": [], - "imageNames": ["7300-00-01"], + "imageNames": ["7300-02-01"], "use_data": false } ], @@ -242,7 +250,7 @@ { "name": "oracle", "workspace": "oracle-template", - "image": "7300-00-01", + "image": "7300-02-01", "network": [ { "name": "oracle-vlan", @@ -274,7 +282,8 @@ "pi_ibmi_rds_users": null, "pi_user_data": null, "pi_pin_policy": "none", - "pi_license_repository_capacity": null + "pi_license_repository_capacity": null, + "index": 0 } ], "power_volumes": [ @@ -296,7 +305,8 @@ "pi_affinity_instance": "oracle", "pi_volume_pool": null, "pi_affinity_volume": null, - "count": null + "count": null, + "index": 0 }, { "name": "oracle-db-2", @@ -316,7 +326,8 @@ "pi_affinity_instance": "oracle", "pi_volume_pool": null, "pi_affinity_volume": null, - "count": null + "count": null, + "index": 1 } ], "resource_groups": [ @@ -353,6 +364,17 @@ "scope_description": null, "enable": false }, + "scc_v2": { + "enable": false, + "resource_group": null, + "region": null, + "account_id": "${var.account_id}", + "profile_attachments": [], + "name": null, + "use_cos": false, + "cos": null, + "bucket": null + }, "secrets_manager": [], "security_groups": [ { @@ -1447,7 +1469,7 @@ { "kms": "kms", "encryption_key": "vsi-volume-key", - "image": "ibm-ubuntu-22-04-1-minimal-amd64-1", + "image": "ibm-ubuntu-22-04-4-minimal-amd64-1", "profile": "cx2-4x8", "name": "management-server", "security_groups": ["management-vsi"], @@ -1460,7 +1482,7 @@ "user_data": null, "network_interfaces": [], "volumes": [], - "image_name": null, + "image_name": "Ubuntu Linux 22.04 LTS Jammy Jellyfish Minimal Install (amd64) [ibm-ubuntu-22-04-4-minimal-amd64-1]", "enable_floating_ip": false, "primary_interface_ip_spoofing": false, "use_variable_names": false, @@ -1476,8 +1498,7 @@ { "kms": "kms", "encryption_key": "vsi-volume-key", - "image": "ibm-ubuntu-22-04-3-minimal-amd64-1", - "image_name": "Ubuntu Linux 22.04 LTS Jammy Jellyfish Minimal Install (amd64) [ibm-ubuntu-22-04-3-minimal-amd64-1]", + "image": "ibm-ubuntu-22-04-4-minimal-amd64-1", "profile": "bx2-2x8", "name": "workload-server", "security_groups": ["workload-vpe"], @@ -1490,6 +1511,7 @@ "network_interfaces": [], "subnets": ["vsi-zone-1", "vsi-zone-2", "vsi-zone-3"], "volumes": [], + "image_name": "Ubuntu Linux 22.04 LTS Jammy Jellyfish Minimal Install (amd64) [ibm-ubuntu-22-04-4-minimal-amd64-1]", "subnet": "", "enable_floating_ip": false, "primary_interface_ip_spoofing": false, @@ -1499,5 +1521,6 @@ "reserved_ips": [[""], [""], [""]], "enable_static_ips": false } - ] + ], + "vtl": [] } diff --git a/client/src/lib/docs/templates/power-poc-quick-start.json b/client/src/lib/docs/templates/power-poc-quick-start.json index 4d3d4edf..5aed9a8f 100644 --- a/client/src/lib/docs/templates/power-poc-quick-start.json +++ b/client/src/lib/docs/templates/power-poc-quick-start.json @@ -10,7 +10,7 @@ "enable_power_vs": true, "enable_classic": false, "power_vs_zones": ["dal10"], - "craig_version": "1.14.1", + "craig_version": "1.15.6", "power_vs_high_availability": false, "template": "Power VS POC", "fs_cloud": false, @@ -223,12 +223,12 @@ "cloud_connections": [], "images": [ { - "creationDate": "2023-03-07T11:21:01.000Z", + "creationDate": "2024-03-20T19:06:59.000Z", "description": "", - "href": "/pcloud/v1/cloud-instances/d839ff9f75e2465a81707aa69ee9a9b7/stock-images/142d55ca-d24c-4114-a2f9-4174e96ed96e", - "imageID": "142d55ca-d24c-4114-a2f9-4174e96ed96e", - "lastUpdateDate": "2023-03-14T16:27:52.000Z", - "name": "7300-01-01", + "href": "/pcloud/v1/cloud-instances/d839ff9f75e2465a81707aa69ee9a9b7/stock-images/f557c9a5-c5e4-4b96-9e30-4e9589e9fad8", + "imageID": "f557c9a5-c5e4-4b96-9e30-4e9589e9fad8", + "lastUpdateDate": "2024-03-20T19:50:48.000Z", + "name": "7300-02-01", "specifications": { "architecture": "ppc64", "containerFormat": "bare", @@ -239,7 +239,7 @@ "operatingSystem": "aix" }, "state": "active", - "storagePool": "Tier3-Flash-1", + "storagePool": "General-Flash-50", "storageType": "tier3", "workspace": "dal10", "zone": "dal10", @@ -267,11 +267,11 @@ "workspace": "dal10", "zone": "dal10", "workspace_use_data": false, - "depends_on": ["${ibm_pi_image.power_image_dal10_7300_01_01}"] + "depends_on": ["${ibm_pi_image.power_image_dal10_7300_02_01}"] } ], "attachments": [], - "imageNames": ["7300-01-01", "IBMi-75-03-2984-1"], + "imageNames": ["7300-02-01", "IBMi-75-03-2984-1"], "use_data": false } ], @@ -279,7 +279,7 @@ { "name": "aixtarget", "workspace": "dal10", - "image": "7300-01-01", + "image": "7300-02-01", "network": [ { "name": "pvm", diff --git a/client/src/lib/docs/templates/power-sap-hana.json b/client/src/lib/docs/templates/power-sap-hana.json index 4fe1b58a..45279e1f 100644 --- a/client/src/lib/docs/templates/power-sap-hana.json +++ b/client/src/lib/docs/templates/power-sap-hana.json @@ -11,7 +11,7 @@ "dynamic_subnets": false, "enable_power_vs": true, "power_vs_zones": ["dal10"], - "craig_version": "1.12.0", + "craig_version": "1.15.6", "power_vs_high_availability": false, "template": "Power VS SAP Hana", "no_vpn_secrets_manager_auth": false, @@ -52,9 +52,12 @@ "cbr_zones": [], "cis": [], "cis_glbs": [], + "classic_bare_metal": [], "classic_gateways": [], + "classic_security_groups": [], "classic_ssh_keys": [], "classic_vlans": [], + "classic_vsi": [], "clusters": [], "dns": [], "event_streams": [], @@ -280,53 +283,6 @@ ], "cloud_connections": [], "images": [ - { - "creationDate": "2023-02-14T18:39:48.000Z", - "description": "", - "href": "/pcloud/v1/cloud-instances/d839ff9f75e2465a81707aa69ee9a9b7/stock-images/a857bbbd-6fee-4bf7-816d-04fb4cdbf65e", - "imageID": "a857bbbd-6fee-4bf7-816d-04fb4cdbf65e", - "lastUpdateDate": "2023-02-14T22:29:20.000Z", - "name": "7100-05-09", - "specifications": { - "architecture": "ppc64", - "containerFormat": "bare", - "diskFormat": "raw", - "endianness": "big-endian", - "hypervisorType": "phyp", - "operatingSystem": "aix" - }, - "state": "active", - "storagePool": "Tier3-Flash-1", - "storageType": "tier3", - "workspace": "secure-powervs", - "zone": "dal10", - "workspace_use_data": false - }, - { - "creationDate": "2023-09-16T18:38:33.000Z", - "description": "", - "href": "/pcloud/v1/cloud-instances/d839ff9f75e2465a81707aa69ee9a9b7/stock-images/69866375-0cec-4db9-93e9-a55c63c13d6e", - "imageID": "69866375-0cec-4db9-93e9-a55c63c13d6e", - "lastUpdateDate": "2023-09-16T21:38:22.000Z", - "name": "IBMi-71-11-2924-8", - "specifications": { - "architecture": "ppc64", - "containerFormat": "bare", - "diskFormat": "raw", - "endianness": "big-endian", - "hypervisorType": "phyp", - "operatingSystem": "ibmi" - }, - "state": "active", - "storagePool": "Tier3-Flash-1", - "storageType": "tier3", - "workspace": "secure-powervs", - "zone": "dal10", - "workspace_use_data": false, - "depends_on": [ - "${ibm_pi_image.power_image_secure_powervs_7100_05_09}" - ] - }, { "creationDate": "2024-01-30T12:46:02.000Z", "description": "", @@ -348,10 +304,7 @@ "storageType": "tier3", "workspace": "secure-powervs", "zone": "dal10", - "workspace_use_data": false, - "depends_on": [ - "${ibm_pi_image.power_image_secure_powervs_ibmi_71_11_2924_8}" - ] + "workspace_use_data": false }, { "creationDate": "2024-01-30T14:31:23.000Z", @@ -926,8 +879,6 @@ ], "attachments": [], "imageNames": [ - "7100-05-09", - "IBMi-71-11-2924-8", "RHEL8-SP4-SAP-BYOL", "RHEL8-SP4-SAP-NETWEAVER-BYOL", "RHEL8-SP6", @@ -2776,8 +2727,8 @@ "code": null }, "tcp": { - "port_min": "22", - "port_max": "22", + "port_min": 22, + "port_max": 22, "source_port_min": null, "source_port_max": null }, @@ -2810,8 +2761,8 @@ "tcp": { "port_min": null, "port_max": null, - "source_port_min": "22", - "source_port_max": "22" + "source_port_min": 22, + "source_port_max": 22 }, "udp": { "port_min": null, diff --git a/client/src/lib/docs/templates/quick-start-power.json b/client/src/lib/docs/templates/quick-start-power.json index 4b6f3f55..82ab6511 100644 --- a/client/src/lib/docs/templates/quick-start-power.json +++ b/client/src/lib/docs/templates/quick-start-power.json @@ -10,13 +10,14 @@ "enable_power_vs": true, "enable_classic": false, "power_vs_zones": ["dal12"], - "craig_version": "1.12.0", + "craig_version": "1.15.6", "power_vs_high_availability": false, "fs_cloud": false, "no_vpn_secrets_manager_auth": false, "power_vs_ha_zone_1": null, "power_vs_ha_zone_2": null, - "manual_power_vsi_naming": false + "manual_power_vsi_naming": false, + "template": "Power VS Quick Start" }, "access_groups": [], "appid": [], @@ -36,12 +37,19 @@ }, "cbr_rules": [], "cbr_zones": [], + "cis": [], + "cis_glbs": [], + "classic_bare_metal": [], + "classic_gateways": [], + "classic_security_groups": [], "classic_ssh_keys": [], "classic_vlans": [], + "classic_vsi": [], "clusters": [], "dns": [], "event_streams": [], "f5_vsi": [], + "fortigate_vnf": [], "iam_account_settings": { "enable": false, "mfa": null, @@ -169,15 +177,15 @@ "cloud_connections": [], "images": [ { - "name": "7100-05-09", + "name": "7300-02-01", "workspace": "workspace", "zone": "dal12", - "pi_image_id": "35eca797-6599-4597-af1f-d2eb5e292dfc", + "pi_image_id": "dd13124c-1212-4b25-a2aa-17dabc040eaa", "workspace_use_data": false } ], "attachments": [], - "imageNames": ["7100-05-09"], + "imageNames": ["7300-02-01"], "use_data": false } ], @@ -207,6 +215,17 @@ "scope_description": null, "enable": false }, + "scc_v2": { + "enable": false, + "resource_group": null, + "region": null, + "account_id": "${var.account_id}", + "profile_attachments": [], + "name": null, + "use_cos": false, + "cos": null, + "bucket": null + }, "secrets_manager": [], "security_groups": [ { @@ -795,8 +814,8 @@ { "kms": "kms", "encryption_key": "key", - "image": "ibm-redhat-9-2-minimal-amd64-1", - "image_name": "Red Hat Enterprise Linux 9.x - Minimal Install (amd64) [ibm-redhat-9-2-minimal-amd64-1]", + "image": "ibm-redhat-9-4-minimal-amd64-1", + "image_name": "Red Hat Enterprise Linux 9.x - Minimal Install (amd64) [ibm-redhat-9-4-minimal-amd64-1]", "profile": "bx2-4x16", "name": "example-deployment", "security_groups": ["management-vsi"], @@ -818,5 +837,6 @@ "reserved_ips": [[""]], "enable_static_ips": false } - ] + ], + "vtl": [] } diff --git a/client/src/lib/docs/templates/vpn-as-a-service.json b/client/src/lib/docs/templates/vpn-as-a-service.json index 48e4f9c3..673f65c1 100644 --- a/client/src/lib/docs/templates/vpn-as-a-service.json +++ b/client/src/lib/docs/templates/vpn-as-a-service.json @@ -9,15 +9,16 @@ "fs_cloud": false, "dynamic_subnets": false, "enable_power_vs": true, - "craig_version": "1.12.0", "power_vs_zones": ["dal12", "dal10", "us-south"], + "craig_version": "1.15.6", "advanced_subnets": true, "power_vs_high_availability": false, "no_vpn_secrets_manager_auth": false, "enable_classic": false, "power_vs_ha_zone_1": null, "power_vs_ha_zone_2": null, - "manual_power_vsi_naming": false + "manual_power_vsi_naming": false, + "template": "VPN as a Service" }, "access_groups": [], "appid": [], @@ -37,12 +38,19 @@ }, "cbr_rules": [], "cbr_zones": [], + "cis": [], + "cis_glbs": [], + "classic_bare_metal": [], + "classic_gateways": [], + "classic_security_groups": [], "classic_ssh_keys": [], "classic_vlans": [], + "classic_vsi": [], "clusters": [], "dns": [], "event_streams": [], "f5_vsi": [], + "fortigate_vnf": [], "iam_account_settings": { "enable": false, "mfa": null, @@ -127,15 +135,15 @@ "cloud_connections": [], "images": [ { - "name": "7200-05-03", + "name": "7300-02-01", "workspace": "vpnaas", "zone": "dal12", - "pi_image_id": "ab5777c4-60ef-45a1-90aa-4a144dbe3104", + "pi_image_id": "dd13124c-1212-4b25-a2aa-17dabc040eaa", "workspace_use_data": false } ], "attachments": [], - "imageNames": ["7200-05-03"], + "imageNames": ["7300-02-01"], "use_data": false } ], @@ -187,6 +195,17 @@ "scope_description": null, "enable": false }, + "scc_v2": { + "enable": false, + "resource_group": null, + "region": null, + "account_id": "${var.account_id}", + "profile_attachments": [], + "name": null, + "use_cos": false, + "cos": null, + "bucket": null + }, "secrets_manager": [ { "name": "secrets-manager", @@ -509,7 +528,7 @@ "vpn_servers": [ { "name": "client-to-site", - "certificate_crn": "", + "certificate_crn": null, "method": "INSECURE", "client_ca_crn": null, "client_ip_pool": "192.168.8.0/22", @@ -534,5 +553,6 @@ "secrets_manager": "secrets-manager" } ], - "vsi": [] + "vsi": [], + "vtl": [] }