From 195db6493c1bca0d7ab0b8b19b99cc519fca0212 Mon Sep 17 00:00:00 2001 From: toddgiguere <83610458+toddgiguere@users.noreply.github.com> Date: Fri, 3 Nov 2023 07:32:28 -0400 Subject: [PATCH] feat: list of available service endpoints expanded/fixed (#409) --- examples/every-mt-vpe/main.tf | 22 +++++++++++-- main.tf | 33 +++++--------------- module-metadata.json | 14 ++++----- service_endpoints.tf | 59 +++++++++++++++++++++++++++++++++++ tests/pr_test.go | 15 +++++++++ variables.tf | 14 +++++++++ 6 files changed, 122 insertions(+), 35 deletions(-) create mode 100644 service_endpoints.tf diff --git a/examples/every-mt-vpe/main.tf b/examples/every-mt-vpe/main.tf index a571b936..b949470c 100644 --- a/examples/every-mt-vpe/main.tf +++ b/examples/every-mt-vpe/main.tf @@ -34,25 +34,41 @@ module "vpes" { vpc_id = module.vpc.vpc_id #subnet_zone_list = module.vpc.subnet_zone_list resource_group_id = module.resource_group.resource_group_id - cloud_services = ["account-management", + cloud_services = [ + "account-management", "billing", "cloud-object-storage", + "cloud-object-storage-config", "codeengine", - #"container-registry", # to fix in https://github.com/terraform-ibm-modules/terraform-ibm-vpe-gateway/issues/390 + "container-registry", + "containers-kubernetes", + "context-based-restrictions", "directlink", "dns-svcs", "enterprise", "global-search-tagging", "globalcatalog", "hs-crypto", + "hs-crypto-cert-mgr", + "hs-crypto-ep11", + "hs-crypto-ep11-az1", + "hs-crypto-ep11-az2", + "hs-crypto-ep11-az3", + "hs-crypto-kmip", + "hs-crypto-tke", "hyperp-dbaas-mongodb", "hyperp-dbaas-postgresql", "iam-svcs", "is", "kms", + "messaging", "resource-controller", + "support-center", "transit", - "user-management"] + "user-management", + "vmware", + "ntp", + ] } diff --git a/main.tf b/main.tf index 6212f62b..a0583238 100644 --- a/main.tf +++ b/main.tf @@ -2,6 +2,8 @@ # VPE Locals ############################################################################## +# NOTE: VPE Service Endpoint configuration can be found in service_endpoints.tf + locals { # List of Gateways to create gateway_list = concat([ @@ -10,7 +12,7 @@ locals { { name = lookup(var.vpe_names, service, "${var.prefix}-${var.vpc_name}-${service}") service = service - crn = null + crn = local.service_to_endpoint_map[service] } ], [ @@ -51,28 +53,6 @@ locals { (gateway.name) => gateway } - # Map of Services to endpoints - service_to_endpoint_map = { - account-management = "crn:v1:bluemix:public:account-management:global:::endpoint:${var.service_endpoints}.accounts.cloud.ibm.com" - billing = "crn:v1:bluemix:public:billing:global:::endpoint:${var.service_endpoints}.billing.cloud.ibm.com" - cloud-object-storage = "crn:v1:bluemix:public:cloud-object-storage:global:::endpoint:s3.direct.${var.region}.cloud-object-storage.appdomain.cloud" - codeengine = "crn:v1:bluemix:public:codeengine:${var.region}:::endpoint:${var.service_endpoints}.${var.region}.codeengine.cloud.ibm.com" - container-registry = "crn:v1:bluemix:public:container-registry:${var.region}:::endpoint:${var.region}.icr.io" - directlink = "crn:v1:bluemix:public:directlink:global:::endpoint:${var.service_endpoints}.directlink.cloud.ibm.com" - dns-svcs = "crn:v1:bluemix:public:dns-svcs:global::::" - enterprise = "crn:v1:bluemix:public:enterprise:global:::endpoint:${var.service_endpoints}.enterprise.cloud.ibm.com" - global-search-tagging = "crn:v1:bluemix:public:global-search-tagging:global:::endpoint:api.${var.service_endpoints}.global-search-tagging.cloud.ibm.com" - globalcatalog = "crn:v1:bluemix:public:globalcatalog:global:::endpoint:${var.service_endpoints}.globalcatalog.cloud.ibm.com" - hs-crypto = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:api.${var.service_endpoints}.${var.region}.hs-crypto.cloud.ibm.com" - hyperp-dbaas-mongodb = "crn:v1:bluemix:public:hyperp-dbaas-mongodb:${var.region}:::endpoint:dbaas900-mongodb.${var.service_endpoints}.hyperp-dbaas.cloud.ibm.com" - hyperp-dbaas-postgresql = "crn:v1:bluemix:public:hyperp-dbaas-postgresql:${var.region}:::endpoint:dbaas900-postgresql.${var.service_endpoints}.hyperp-dbaas.cloud.ibm.com" - iam-svcs = "crn:v1:bluemix:public:iam-svcs:global:::endpoint:${var.service_endpoints}.iam.cloud.ibm.com" - is = "crn:v1:bluemix:public:is:${var.region}:::endpoint:${var.region}.${var.service_endpoints}.iaas.cloud.ibm.com" - kms = "crn:v1:bluemix:public:kms:${var.region}:::endpoint:${var.service_endpoints}.${var.region}.kms.cloud.ibm.com" - resource-controller = "crn:v1:bluemix:public:resource-controller:global:::endpoint:${var.service_endpoints}.resource-controller.cloud.ibm.com" - transit = "crn:v1:bluemix:public:transit:global:::endpoint:${var.service_endpoints}.transit.cloud.ibm.com" - user-management = "crn:v1:bluemix:public:user-management:global:::endpoint:${var.service_endpoints}.user-management.cloud.ibm.com" - } } ############################################################################## @@ -105,9 +85,12 @@ resource "ibm_is_virtual_endpoint_gateway" "vpe" { vpc = var.vpc_id resource_group = var.resource_group_id security_groups = var.security_group_ids + + # check if target is a CRN and handle accordingly target { - crn = each.value.service == null ? each.value.crn : local.service_to_endpoint_map[each.value.service] - resource_type = "provider_cloud_service" + name = length(regexall("crn:v1:([^:]*:){6}", each.value.crn)) > 0 ? null : each.value.crn + crn = length(regexall("crn:v1:([^:]*:){6}", each.value.crn)) > 0 ? each.value.crn : null + resource_type = length(regexall("crn:v1:([^:]*:){6}", each.value.crn)) > 0 ? "provider_cloud_service" : "provider_infrastructure_service" } } diff --git a/module-metadata.json b/module-metadata.json index 7aa5d702..02c5ed98 100644 --- a/module-metadata.json +++ b/module-metadata.json @@ -8,7 +8,7 @@ "default": [], "pos": { "filename": "variables.tf", - "line": 95 + "line": 109 } }, "cloud_services": { @@ -82,7 +82,7 @@ "default": "private", "pos": { "filename": "variables.tf", - "line": 106 + "line": 120 } }, "subnet_zone_list": { @@ -126,7 +126,7 @@ "default": {}, "pos": { "filename": "variables.tf", - "line": 117 + "line": 131 } } }, @@ -169,7 +169,7 @@ }, "pos": { "filename": "main.tf", - "line": 84 + "line": 64 } }, "ibm_is_virtual_endpoint_gateway.vpe": { @@ -186,7 +186,7 @@ }, "pos": { "filename": "main.tf", - "line": 99 + "line": 79 } }, "ibm_is_virtual_endpoint_gateway_ip.endpoint_gateway_ip": { @@ -198,7 +198,7 @@ }, "pos": { "filename": "main.tf", - "line": 120 + "line": 103 } } }, @@ -212,7 +212,7 @@ }, "pos": { "filename": "main.tf", - "line": 136 + "line": 119 } } }, diff --git a/service_endpoints.tf b/service_endpoints.tf new file mode 100644 index 00000000..e9aadbb3 --- /dev/null +++ b/service_endpoints.tf @@ -0,0 +1,59 @@ +############################################################################## +# MAPPING OF AVAILABLE MULTI-TENANT VPE SERVICE ENDPOINTS +############################################################################## + +locals { + + endpoint_prefix = var.service_endpoints == "private" ? "private." : "" + + service_to_endpoint_map = { + account-management = "crn:v1:bluemix:public:account-management:global:::endpoint:${local.endpoint_prefix}accounts.cloud.ibm.com" + billing = "crn:v1:bluemix:public:billing:global:::endpoint:${local.endpoint_prefix}billing.cloud.ibm.com" + cloud-object-storage = "crn:v1:bluemix:public:cloud-object-storage:global:::endpoint:s3.direct.${var.region}.cloud-object-storage.appdomain.cloud" + cloud-object-storage-config = "crn:v1:bluemix:public:cloud-object-storage:global:::endpoint:config.direct.cloud-object-storage.cloud.ibm.com" + codeengine = "crn:v1:bluemix:public:codeengine:${var.region}:::endpoint:${local.endpoint_prefix}${var.region}.codeengine.cloud.ibm.com" + container-registry = "crn:v1:bluemix:public:container-registry:${contains(keys(local.container_registry_region_domain_map), var.region) ? var.region : "us-east"}:::endpoint:${lookup(local.container_registry_region_domain_map, var.region, "icr.io")}" # default to global if not in mapping + containers-kubernetes = "crn:v1:bluemix:public:containers-kubernetes:${var.region}:::endpoint:api.${var.region}.containers.cloud.ibm.com" + context-based-restrictions = "crn:v1:bluemix:public:context-based-restrictions:global:::endpoint:${local.endpoint_prefix}cbr.cloud.ibm.com" + directlink = "crn:v1:bluemix:public:directlink:global:::endpoint:${local.endpoint_prefix}directlink.cloud.ibm.com" + dns-svcs = "crn:v1:bluemix:public:dns-svcs:global::::" + enterprise = "crn:v1:bluemix:public:enterprise:global:::endpoint:${local.endpoint_prefix}enterprise.cloud.ibm.com" + global-search-tagging = "crn:v1:bluemix:public:global-search-tagging:global:::endpoint:api.${local.endpoint_prefix}global-search-tagging.cloud.ibm.com" + globalcatalog = "crn:v1:bluemix:public:globalcatalog:global:::endpoint:${local.endpoint_prefix}globalcatalog.cloud.ibm.com" + hs-crypto = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:api.${local.endpoint_prefix}${var.region}.hs-crypto.cloud.ibm.com" + hs-crypto-cert-mgr = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:cert-mgr.${local.endpoint_prefix}${var.region}.hs-crypto.cloud.ibm.com" + hs-crypto-ep11 = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:ep11.${local.endpoint_prefix}${var.region}.hs-crypto.cloud.ibm.com" + hs-crypto-ep11-az1 = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:ep11-az1.${local.endpoint_prefix}${var.region}.hs-crypto.cloud.ibm.com" + hs-crypto-ep11-az2 = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:ep11-az2.${local.endpoint_prefix}${var.region}.hs-crypto.cloud.ibm.com" + hs-crypto-ep11-az3 = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:ep11-az3.${local.endpoint_prefix}${var.region}.hs-crypto.cloud.ibm.com" + hs-crypto-kmip = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:kmip.${local.endpoint_prefix}${var.region}.hs-crypto.cloud.ibm.com" + hs-crypto-tke = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:tke.${local.endpoint_prefix}${var.region}.hs-crypto.cloud.ibm.com" + hyperp-dbaas-mongodb = "crn:v1:bluemix:public:hyperp-dbaas-mongodb:${var.region}:::endpoint:dbaas900-mongodb.${local.endpoint_prefix}hyperp-dbaas.cloud.ibm.com" + hyperp-dbaas-postgresql = "crn:v1:bluemix:public:hyperp-dbaas-postgresql:${var.region}:::endpoint:dbaas900-postgresql.${local.endpoint_prefix}hyperp-dbaas.cloud.ibm.com" + iam-svcs = "crn:v1:bluemix:public:iam-svcs:global:::endpoint:${local.endpoint_prefix}iam.cloud.ibm.com" + is = "crn:v1:bluemix:public:is:${var.region}:::endpoint:${var.region}.${local.endpoint_prefix}iaas.cloud.ibm.com" + kms = "crn:v1:bluemix:public:kms:${var.region}:::endpoint:${local.endpoint_prefix}${var.region}.kms.cloud.ibm.com" + messaging = "crn:v1:bluemix:public:messaging:global:::endpoint:${local.endpoint_prefix}messaging.cloud.ibm.com" + resource-controller = "crn:v1:bluemix:public:resource-controller:global:::endpoint:${local.endpoint_prefix}resource-controller.cloud.ibm.com" + support-center = "crn:v1:bluemix:public:support:global:::endpoint:private.support-center.cloud.ibm.com" + transit = "crn:v1:bluemix:public:transit:global:::endpoint:${local.endpoint_prefix}transit.cloud.ibm.com" + user-management = "crn:v1:bluemix:public:user-management:global:::endpoint:${local.endpoint_prefix}user-management.cloud.ibm.com" + vmware = "crn:v1:bluemix:public:vmware:${var.region}:::endpoint:api.${local.endpoint_prefix}${var.region}.vmware.cloud.ibm.com" + ntp = "ibm-ntp-server" + } + + # CONTAINER-REGISTRY region-domain mappings + # this cannot be pulled dynamically at this time, so hard-coding the region to registry domain mapping + # Resource: https://cloud.ibm.com/docs/Registry?topic=Registry-registry_vpe&interface=ui#registry_vpe_endpoint_setup + container_registry_region_domain_map = { + "au-syd" = "au.icr.io" # ap-south + "jp-osa" = "jp2.icr.io" # jp-osa + "jp-tok" = "jp.icr.io" # ap-north + "eu-de" = "de.icr.io" # eu-central + "eu-gb" = "uk.icr.io" # uk-south + "ca-tor" = "ca.icr.io" # ca-tor + "br-sao" = "br.icr.io" # br-sao + "us-south" = "us.icr.io" # us + } + +} diff --git a/tests/pr_test.go b/tests/pr_test.go index 2e3c41ef..c619b640 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -22,21 +22,36 @@ func setupOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptio "account-management", "billing", "cloud-object-storage", + //"cloud-object-storage-config", "codeengine", + //"container-registry", + //"containers-kubernetes", + //"context-based-restrictions", "directlink", "dns-svcs", "enterprise", "global-search-tagging", "globalcatalog", "hs-crypto", + //"hs-crypto-cert-mgr", + //"hs-crypto-ep11", + //"hs-crypto-ep11-az1", + //"hs-crypto-ep11-az2", + //"hs-crypto-ep11-az3", + //"hs-crypto-kmip", + //"hs-crypto-tke", "hyperp-dbaas-mongodb", "hyperp-dbaas-postgresql", "iam-svcs", "is", "kms", + //"messaging", "resource-controller", + //"support-center", "transit", "user-management", + //"vmware", + //"ntp", } vpeNames := map[string]string{ diff --git a/variables.tf b/variables.tf index 4cb69be7..4a502193 100644 --- a/variables.tf +++ b/variables.tf @@ -71,22 +71,36 @@ variable "cloud_services" { "account-management", "billing", "cloud-object-storage", + "cloud-object-storage-config", "codeengine", "container-registry", + "containers-kubernetes", + "context-based-restrictions", "directlink", "dns-svcs", "enterprise", "global-search-tagging", "globalcatalog", "hs-crypto", + "hs-crypto-cert-mgr", + "hs-crypto-ep11", + "hs-crypto-ep11-az1", + "hs-crypto-ep11-az2", + "hs-crypto-ep11-az3", + "hs-crypto-kmip", + "hs-crypto-tke", "hyperp-dbaas-mongodb", "hyperp-dbaas-postgresql", "iam-svcs", "is", "kms", + "messaging", "resource-controller", + "support-center", "transit", "user-management", + "vmware", + "ntp" ], service) ]) == 0 }