Add satellite features and add support to the user can direct which s…

…ecurity groups are added to their workers
IBM-Cloud · Dec 14, 2023 · 6ebdc51 · 6ebdc51
1 parent fb2917e
commit 6ebdc51
Show file tree

Hide file tree

Showing 12 changed files with 227 additions and 19 deletions.
diff --git a/go.mod b/go.mod
@@ -237,8 +237,12 @@ replace github.com/dgrijalva/jwt-go v3.2.0+incompatible => github.com/golang-jwt
 
 replace github.com/portworx/sched-ops v0.0.0-20200831185134-3e8010dc7056 => github.com/portworx/sched-ops v0.20.4-openstorage-rc3 // required by rook v1.7
 
+replace github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20231106114255-c50117860a3c => github.com/Blintmester/container-services-go-sdk v0.0.0-20231116135145-fae5e6201d4c // for development only
+
+replace github.com/IBM-Cloud/bluemix-go v0.0.0-20231123082353-50e8cc9c6959 => github.com/Blintmester/bluemix-go v0.0.0-20231123133420-fac51ebc7ce9 // for development only
+
 exclude (
 	github.com/kubernetes-incubator/external-storage v0.20.4-openstorage-rc2
 	k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible
 	k8s.io/client-go v12.0.0+incompatible
-)
+)
diff --git a/go.sum b/go.sum
@@ -103,8 +103,6 @@ github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3
 github.com/DataDog/zstd v1.4.4/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
 github.com/IBM-Cloud/bluemix-go v0.0.0-20231204080125-462fa9e436bc h1:AeooCa6UMWycgKJ9n0do9PEZaNlYZZHqspfwUzPvopc=
 github.com/IBM-Cloud/bluemix-go v0.0.0-20231204080125-462fa9e436bc/go.mod h1:jIGLnIfj+uBv2ALz3rVHzNbNwt0V/bEWNeJKECa8Q+k=
-github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20231106114255-c50117860a3c h1:tRS4VuOG3lHNG+yrsh3vZZQDVNLuFJB0oZbTJp9YXds=
-github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20231106114255-c50117860a3c/go.mod h1:xUQL9SGAjoZFd4GNjrjjtEpjpkgU7RFXRyHesbKTjiY=
 github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20231116055201-2a84da7b9bd6 h1:QXU1Atl/JSI3ZtYB9tHbWLhrFYE1E+5Iww1sjQ7mqdo=
 github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20231116055201-2a84da7b9bd6/go.mod h1:xUQL9SGAjoZFd4GNjrjjtEpjpkgU7RFXRyHesbKTjiY=
 github.com/IBM-Cloud/ibm-cloud-cli-sdk v0.5.3/go.mod h1:RiUvKuHKTBmBApDMUQzBL14pQUGKcx/IioKQPIcRQjs=
@@ -176,8 +174,6 @@ github.com/IBM/secrets-manager-go-sdk/v2 v2.0.2 h1:+Svh1OmoFxMBnZQSOUtp2UUzrOGFs
 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.2/go.mod h1:WII+LS4VkQYykmq65NWSuPb5xGNvsqkcK1aCWZoU2x4=
 github.com/IBM/vpc-beta-go-sdk v0.6.0 h1:wfM3AcW3zOM3xsRtZ+EA6+sESlGUjQ6Yf4n5QQyz4uc=
 github.com/IBM/vpc-beta-go-sdk v0.6.0/go.mod h1:fzHDAQIqH/5yJmYsKodKHLcqxMDT+yfH6vZjdiw8CQA=
-github.com/IBM/vpc-go-sdk v0.43.0 h1:uy/qWIqETCXraUG2cq5sjScr6pZ79ZteY1v5iLUVQ3Q=
-github.com/IBM/vpc-go-sdk v0.43.0/go.mod h1:kRz9tqPvpHoA/qGrC/qVjTbi4ICuTChpG76L89liGL4=
 github.com/IBM/vpc-go-sdk v0.45.0 h1:RFbUZH5vBRGAEW5+jRzbDlxB+a+GvG9EBhyYO52Tvrs=
 github.com/IBM/vpc-go-sdk v0.45.0/go.mod h1:4Hs5d/aClmsxAzwDQkwG+ri0vW2ykPJdpM6hDLRwKcA=
 github.com/Jeffail/gabs v1.1.1 h1:V0uzR08Hj22EX8+8QMhyI9sX2hwRu+/RJhJUmnwda/E=
@@ -1275,7 +1271,6 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl
 github.com/onsi/gomega v1.18.0/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
 github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
 github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
-github.com/onsi/gomega v1.20.0/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo=
 github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo=
 github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc=
 github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM=

diff --git a/ibm/flex/structures.go b/ibm/flex/structures.go
@@ -251,6 +251,14 @@ func FlattenUsersSet(userList *schema.Set) []string {
 	return users
 }
 
+func FlattenSet(set *schema.Set) []string {
+	elems := make([]string, 0)
+	for _, elem := range set.List() {
+		elems = append(elems, elem.(string))
+	}
+	return elems
+}
+
 func ExpandMembers(configured []interface{}) []datatypes.Network_LBaaS_LoadBalancerServerInstanceInfo {
 	members := make([]datatypes.Network_LBaaS_LoadBalancerServerInstanceInfo, 0, len(configured))
 	for _, lRaw := range configured {
@@ -3242,13 +3250,13 @@ func FlattenOpaqueSecret(fields containerv2.Fields) []map[string]interface{} {
 	return flattenedOpaqueSecret
 }
 
-// flattenHostLabels ..
-func FlattenHostLabels(hostLabels []interface{}) map[string]string {
+// flatten the provided key-value pairs
+func FlattenKeyValues(keyValues []interface{}) map[string]string {
 	labels := make(map[string]string)
-	for _, v := range hostLabels {
+	for _, v := range keyValues {
 		parts := strings.Split(v.(string), ":")
 		if len(parts) != 2 {
-			log.Fatal("Entered label " + v.(string) + "is in incorrect format.")
+			log.Fatal("Entered key-value " + v.(string) + "is in incorrect format.")
 		}
 		labels[parts[0]] = parts[1]
 	}

diff --git a/ibm/service/kubernetes/resource_ibm_container_vpc_cluster.go b/ibm/service/kubernetes/resource_ibm_container_vpc_cluster.go
@@ -322,6 +322,14 @@ func ResourceIBMContainerVpcCluster() *schema.Resource {
 				RequiredWith:     []string{"kms_instance_id", "crk"},
 			},
 
+			"cluster_security_groups": {
+				Type:        schema.TypeSet,
+				Optional:    true,
+				Description: "Allow user to set which security groups added to their workers",
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Set:         flex.ResourceIBMVPCHash,
+			},
+
 			//Get Cluster info Request
 			"state": {
 				Type:     schema.TypeString,
@@ -587,6 +595,11 @@ func resourceIBMContainerVpcClusterCreate(d *schema.ResourceData, meta interface
 		params.CosInstanceCRN = v.(string)
 	}
 
+	if v, ok := d.GetOk("cluster_security_groups"); ok {
+		securityGroups := flex.FlattenSet(v.(*schema.Set))
+		params.SecurityGroupIDs = securityGroups
+	}
+
 	targetEnv, err := getVpcClusterTargetHeader(d, meta)
 	if err != nil {
 		return err

diff --git a/ibm/service/kubernetes/resource_ibm_container_vpc_cluster_test.go b/ibm/service/kubernetes/resource_ibm_container_vpc_cluster_test.go
@@ -152,6 +152,34 @@ func TestAccIBMContainerVpcClusterDedicatedHost(t *testing.T) {
 	)
 }
 
+func TestAccIBMContainerVpcClusterSecurityGroups(t *testing.T) {
+	name := fmt.Sprintf("tf-vpc-cluster-%d", acctest.RandIntRange(10, 100))
+	var conf *v2.ClusterInfo
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { acc.TestAccPreCheck(t) },
+		Providers: acc.TestAccProviders,
+		// CheckDestroy: testAccCheckIBMContainerVpcClusterDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMContainerVpcClusterSecurityGroups(name),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIBMContainerVpcExists("ibm_container_vpc_cluster.cluster", conf),
+					resource.TestCheckResourceAttr(
+						"ibm_container_vpc_cluster.cluster", "name", name),
+				),
+			},
+			{
+				ResourceName:      "ibm_container_vpc_cluster.cluster",
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{
+					"wait_till", "update_all_workers", "kms_config", "force_delete_storage", "wait_for_worker_update"},
+			},
+		},
+	})
+}
+
 func testAccCheckIBMContainerVpcClusterDestroy(s *terraform.State) error {
 	csClient, err := acc.TestAccProvider.Meta().(conns.ClientSession).VpcContainerAPI()
 	if err != nil {
@@ -275,6 +303,71 @@ resource "ibm_container_vpc_cluster" "cluster" {
   }`, name)
 }
 
+// preveously you have to create securitygroups and use them instead
+func testAccCheckIBMContainerVpcClusterSecurityGroups(name string) string {
+	return fmt.Sprintf(`	
+	data "ibm_resource_group" "resource_group" {
+		is_default = "true"
+		//name = "Default"
+	}
+	resource "ibm_is_vpc" "vpc" {
+		name = "%[1]s"
+	}
+	resource "ibm_is_security_group" "security_group" {
+		name = "example-security-group"
+		vpc  = ibm_is_vpc.vpc.id
+	}
+	resource "ibm_is_subnet" "subnet" {
+		name                     = "%[1]s"
+		vpc                      = ibm_is_vpc.vpc.id
+		zone                     = "us-south-1"
+		total_ipv4_address_count = 256
+	}
+	resource "ibm_resource_instance" "kms_instance" {
+		name              = "%[1]s"
+		service           = "kms"
+		plan              = "tiered-pricing"
+		location          = "eu-de"
+	}
+	  
+	resource "ibm_kms_key" "test" {
+		instance_id = ibm_resource_instance.kms_instance.guid
+		key_name = "%[1]s"
+		standard_key =  false
+		force_delete = true
+	}
+	resource "ibm_container_vpc_cluster" "cluster" {
+		name              = "%[1]s"
+		vpc_id            = ibm_is_vpc.vpc.id
+		flavor            = "cx2.2x4"
+		worker_count      = 1
+		wait_till         = "OneWorkerNodeReady"
+		resource_group_id = data.ibm_resource_group.resource_group.id
+		zones {
+			 subnet_id = ibm_is_subnet.subnet.id
+			 name      = "us-south-1"
+		}
+		kms_config {
+			instance_id = ibm_resource_instance.kms_instance.guid
+			crk_id = ibm_kms_key.test.key_id
+			private_endpoint = false
+		}
+		worker_labels = {
+		"test"  = "test-default-pool"
+		"test1" = "test-default-pool1"
+		"test2" = "test-default-pool2"
+		}
+		
+		cluster_security_groups = [ 
+			// "r134-ee951766-31e7-4fdb-bde8-0f08315b0cc6", 
+			// "r134-dab9930e-cf2d-46d5-9808-9e52955f15f2", 
+			// "r134-4f29f2fb-979d-451b-bac7-1e6c773e63d7",
+			ibm_is_security_group.security_group.id,
+			"cluster",
+		]
+	}`, name)
+}
+
 func testAccCheckIBMContainerVpcClusterUpdate(name string) string {
 	return fmt.Sprintf(`
 provider "ibm" {

diff --git a/ibm/service/satellite/data_source_ibm_satellite_host_script.go b/ibm/service/satellite/data_source_ibm_satellite_host_script.go
@@ -125,7 +125,7 @@ func dataSourceIBMSatelliteAttachHostScriptRead(d *schema.ResourceData, meta int
 	labels := make(map[string]string)
 	if v, ok := d.GetOk("labels"); ok {
 		l := v.(*schema.Set)
-		labels = flex.FlattenHostLabels(l.List())
+		labels = flex.FlattenKeyValues(l.List())
 		d.Set("labels", l)
 	}
 

diff --git a/ibm/service/satellite/data_source_ibm_satellite_location.go b/ibm/service/satellite/data_source_ibm_satellite_location.go
@@ -138,6 +138,18 @@ func DataSourceIBMSatelliteLocation() *schema.Resource {
 					},
 				},
 			},
+			"service_subnet": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "Custom subnet CIDR to provide private IP addresses for services",
+			},
+			"pod_subnet": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "Custom subnet CIDR to provide private IP addresses for pods",
+			},
 		},
 	}
 }
@@ -215,5 +227,12 @@ func dataSourceIBMSatelliteLocationRead(d *schema.ResourceData, meta interface{}
 	}
 	d.Set("tags", tags)
 
+	if instance.PodSubnet != nil {
+		d.Set("pod_subnet", *instance.PodSubnet)
+	}
+	if instance.ServiceSubnet != nil {
+		d.Set("service_subnet", *instance.ServiceSubnet)
+	}
+
 	return nil
 }
diff --git a/ibm/service/satellite/resource_ibm_satellite_cluster.go b/ibm/service/satellite/resource_ibm_satellite_cluster.go
@@ -280,6 +280,12 @@ func ResourceIBMSatelliteCluster() *schema.Resource {
 				Sensitive:   true,
 				Description: "The IBM Cloud Identity and Access Management (IAM) service CRN token for the service that creates the cluster.",
 			},
+			"calico_ip_autodetection": {
+				Type:        schema.TypeMap,
+				Optional:    true,
+				Description: "Set IP autodetection to use correct interface for Calico",
+				Elem:        &schema.Schema{Type: schema.TypeString},
+			},
 		},
 	}
 }
@@ -392,7 +398,7 @@ func resourceIBMSatelliteClusterCreate(d *schema.ResourceData, meta interface{})
 	if v, ok := d.GetOk("host_labels"); ok {
 		hostLabels := make(map[string]string)
 		hl := v.(*schema.Set)
-		hostLabels = flex.FlattenHostLabels(hl.List())
+		hostLabels = flex.FlattenKeyValues(hl.List())
 		createClusterOptions.Labels = hostLabels
 	}
 
@@ -401,6 +407,14 @@ func resourceIBMSatelliteClusterCreate(d *schema.ResourceData, meta interface{})
 		createClusterOptions.DefaultWorkerPoolEntitlement = &entitlement
 	}
 
+	if m, ok := d.GetOk("calico_ip_autodetection"); ok {
+		methods := make(map[string]string)
+		for k, v := range m.(map[string]interface{}) {
+			methods[k] = v.(string)
+		}
+		createClusterOptions.SetCalicoIPAutodetectionMethods(methods)
+	}
+
 	if v, ok := d.GetOk("crn_token"); ok {
 		crnToken := v.(string)
 		createRemoteClusterOptions := &kubernetesserviceapiv1.CreateSatelliteClusterRemoteOptions{}

diff --git a/ibm/service/satellite/resource_ibm_satellite_cluster_worker_pool.go b/ibm/service/satellite/resource_ibm_satellite_cluster_worker_pool.go
@@ -232,7 +232,7 @@ func resourceIBMSatelliteClusterWorkerPoolCreate(d *schema.ResourceData, meta in
 	hostLabels := make(map[string]string)
 	if v, ok := d.GetOk("host_labels"); ok {
 		hl := v.(*schema.Set)
-		hostLabels = flex.FlattenHostLabels(hl.List())
+		hostLabels = flex.FlattenKeyValues(hl.List())
 		createWorkerPoolOptions.HostLabels = hostLabels
 	} else {
 		createWorkerPoolOptions.HostLabels = hostLabels

diff --git a/ibm/service/satellite/resource_ibm_satellite_host.go b/ibm/service/satellite/resource_ibm_satellite_host.go
@@ -149,7 +149,7 @@ func resourceIBMSatelliteHostCreate(d *schema.ResourceData, meta interface{}) er
 	labels := make(map[string]string)
 	if _, ok := d.GetOk(hostLabels); ok {
 		l := d.Get(hostLabels).(*schema.Set)
-		labels = flex.FlattenHostLabels(l.List())
+		labels = flex.FlattenKeyValues(l.List())
 		hostAssignOptions.Labels = labels
 	} else {
 		hostAssignOptions.Labels = labels
@@ -268,7 +268,7 @@ func resourceIBMSatelliteHostUpdate(d *schema.ResourceData, meta interface{}) er
 		labels := make(map[string]string)
 		if _, ok := d.GetOk(hostLabels); ok {
 			l := d.Get(hostLabels).(*schema.Set)
-			labels = flex.FlattenHostLabels(l.List())
+			labels = flex.FlattenKeyValues(l.List())
 			updateHostOptions.Labels = labels
 		}
 		response, err := satClient.UpdateSatelliteHost(updateHostOptions)

diff --git a/ibm/service/satellite/resource_ibm_satellite_location.go b/ibm/service/satellite/resource_ibm_satellite_location.go
@@ -209,6 +209,20 @@ func ResourceIBMSatelliteLocation() *schema.Resource {
 				Computed:  true,
 				Sensitive: true,
 			},
+			"service_subnet": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "Custom subnet CIDR to provide private IP addresses for services",
+				//Computed:    true,
+			},
+			"pod_subnet": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "Custom subnet CIDR to provide private IP addresses for pods",
+				//Computed:    true,
+			},
 		},
 	}
 }
@@ -275,6 +289,16 @@ func resourceIBMSatelliteLocationCreate(d *schema.ResourceData, meta interface{}
 		createSatLocOptions.Headers = pathParamsMap
 	}
 
+	if v, ok := d.GetOk("pod_subnet"); ok {
+		podSubnet := v.(string)
+		createSatLocOptions.PodSubnet = &podSubnet
+	}
+
+	if v, ok := d.GetOk("service_subnet"); ok {
+		serviceSubnet := v.(string)
+		createSatLocOptions.ServiceSubnet = &serviceSubnet
+	}
+
 	instance, response, err := satClient.CreateSatelliteLocation(createSatLocOptions)
 	if err != nil || instance == nil {
 		return fmt.Errorf("[ERROR] Error Creating Satellite Location: %s\n%s", err, response)
@@ -357,6 +381,14 @@ func resourceIBMSatelliteLocationRead(d *schema.ResourceData, meta interface{})
 		d.Set("ingress_secret", *instance.Ingress.SecretName)
 	}
 
+	if instance.PodSubnet != nil {
+		d.Set("pod_subnet", *instance.PodSubnet)
+	}
+
+	if instance.ServiceSubnet != nil {
+		d.Set("service_subnet", *instance.ServiceSubnet)
+	}
+
 	return nil
 }