search

terraform-ibm-modules / terraform-ibm-landing-zone

Creates a fully customizable VPC environment and compute resources (VSI, Red Hat OpenShift) with presets designed to meet strict compliance needs.
Apache License 2.0
8 stars 30 forks source link

vpc_data: output var in patterns vsi module does not give complete output on first apply #777

Closed surajsbharadwaj closed 3 months ago

surajsbharadwaj commented 4 months ago

https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/de10dd6d324812d90825c64929d71566028f2f0d/patterns/vsi/module/outputs.tf#L25

vpc_data does not give complete output on first terraform apply. on apply again, the output is extended and shown correctly.

on first terraform apply:

"vpc_data" = {
      "access_tags" = toset([])
      "address_prefix_management" = "manual"
      "classic_access" = false
      "crn" = "crn:v1:bluemix:public:is:br-sao:a/f45b53887765473bb366c7001d40c728::vpc:r042-4599faa5-fae0-40b6-8e7a-b3e61550ace9"
      "cse_source_addresses" = tolist([
        {
          "address" = "10.12.180.2"
          "zone_name" = "br-sao-1"
        },
        {
          "address" = "10.12.78.179"
          "zone_name" = "br-sao-2"
        },
        {
          "address" = "10.12.81.185"
          "zone_name" = "br-sao-3"
        },
      ])
      "default_network_acl" = "r042-7cd7bab9-f1e6-4a68-899c-0c8f3b059e65"
      "default_network_acl_crn" = "crn:v1:bluemix:public:is:br-sao:a/f45b53887765473bb366c7001d40c728::network-acl:r042-7cd7bab9-f1e6-4a68-899c-0c8f3b059e65"
      "default_network_acl_name" = "overeager-chowder-debunker-jeeps"
      "default_routing_table" = "r042-9619539c-908e-4b19-a631-cdb221584cfa"
      "default_routing_table_name" = "pauper-isolated-footbath-stride"
      "default_security_group" = "r042-c23ae8bf-1ff3-45d8-9142-613cf19f2248"
      "default_security_group_crn" = "crn:v1:bluemix:public:is:br-sao:a/f45b53887765473bb366c7001d40c728::security-group:r042-c23ae8bf-1ff3-45d8-9142-613cf19f2248"
      "default_security_group_name" = "marital-bunny-gills-deport"
      "dns" = tolist([
        {
          "enable_hub" = false
          "resolution_binding_count" = 0
          "resolver" = tolist([
            {
              "configuration" = "default"
              "dns_binding_id" = ""
              "dns_binding_name" = ""
              "manual_servers" = toset([])
              "servers" = tolist([
                {
                  "address" = "161.26.0.10"
                  "zone_affinity" = ""
                },
                {
                  "address" = "161.26.0.11"
                  "zone_affinity" = ""
                },
              ])
              "type" = "system"
              "vpc_crn" = ""
              "vpc_id" = ""
              "vpc_name" = ""
              "vpc_remote_account_id" = ""
              "vpc_remote_region" = ""
            },
          ])
        },
      ])
      "health_reasons" = tolist([])
      "health_state" = "ok"
      "id" = "r042-4599faa5-fae0-40b6-8e7a-b3e61550ace9"
      "name" = "val2-edge-vpc"
      "no_sg_acl_rules" = false
      "resource_controller_url" = "https://cloud.ibm.com/vpc-ext/network/vpcs"
      "resource_crn" = "crn:v1:bluemix:public:is:br-sao:a/f45b53887765473bb366c7001d40c728::vpc:r042-4599faa5-fae0-40b6-8e7a-b3e61550ace9"
      "resource_group" = "d05ea3c96ee8467a9c84e99ee8306c77"
      "resource_group_name" = "val2-slz-edge-rg"
      "resource_name" = "val2-edge-vpc"
      "resource_status" = "available"
      "security_group" = tolist([
        {
          "group_id" = "r042-c23ae8bf-1ff3-45d8-9142-613cf19f2248"
          "group_name" = "marital-bunny-gills-deport"
          "rules" = tolist([
            {
              "code" = 0
              "direction" = "outbound"
              "ip_version" = "ipv4"
              "port_max" = 0
              "port_min" = 0
              "protocol" = "all"
              "remote" = "0.0.0.0/0"
              "rule_id" = "r042-c7eb2cab-88c7-4847-ad0b-4820b49ee617"
              "type" = 0
            },
            {
              "code" = 0
              "direction" = "inbound"
              "ip_version" = "ipv4"
              "port_max" = 0
              "port_min" = 0
              "protocol" = "all"
              "remote" = "r042-c23ae8bf-1ff3-45d8-9142-613cf19f2248"
              "rule_id" = "r042-9fd1e096-cfc0-4288-8c58-ad08a81d9693"
              "type" = 0
            },
          ])
        },
      ])
      "status" = "available"
      "subnets" = tolist([])
      "tags" = toset([])
      "timeouts" = null /* object */
    }
    "vpc_flow_logs" = []
    "vpc_id" = "r042-4599faa5-fae0-40b6-8e7a-b3e61550ace9"
    "vpc_name" = "val2-edge-vpc"
  },
]

on second apply:

 ~ vpc_data                    = [
      ~ {
          ~ cidr_blocks                  = [
                # (3 unchanged elements hidden)
                "10.30.10.4/24",
              + "192.168.0.0/16",
            ]
          ~ vpc_data                     = {
              ~ dns                         = [
                  ~ {
                      ~ resolver                 = [
                          ~ {
                              ~ configuration         = "default" -> "private_resolver"
                              ~ servers               = [
                                  ~ {
                                      ~ address       = "161.26.0.10" -> "161.26.0.7"
                                        # (1 unchanged attribute hidden)
                                    },
                                  ~ {
                                      ~ address       = "161.26.0.11" -> "161.26.0.8"
                                        # (1 unchanged attribute hidden)
                                    },
                                ]
                                # (9 unchanged attributes hidden)
                            },
                        ]
                        # (2 unchanged attributes hidden)
                    },
                ]
                id                          = "r042-4599faa5-fae0-40b6-8e7a-b3e61550ace9"
                name                        = "val2-edge-vpc"
              ~ security_group              = [
                  ~ {
                      ~ group_id   = "r042-c23ae8bf-1ff3-45d8-9142-613cf19f2248" -> "r042-6d7e839c-f17d-457c-93de-68ba453bb4b6"
                      ~ group_name = "marital-bunny-gills-deport" -> "management-sg"
                      ~ rules      = [
                          ~ {
                              ~ direction  = "outbound" -> "inbound"
                              ~ port_max   = 0 -> 22
                              ~ port_min   = 0 -> 22
                              ~ protocol   = "all" -> "tcp"
                              ~ remote     = "0.0.0.0/0" -> "158.177.210.176/28"
                              ~ rule_id    = "r042-c7eb2cab-88c7-4847-ad0b-4820b49ee617" -> "r042-83cdeab8-d836-495d-bc8c-d97c425d1cf8"
                                # (3 unchanged attributes hidden)
                            },
                          ~ {
                              ~ port_max   = 0 -> 22
                              ~ port_min   = 0 -> 22
                              ~ protocol   = "all" -> "tcp"
                              ~ remote     = "r042-c23ae8bf-1ff3-45d8-9142-613cf19f2248" -> "158.177.216.144/28"
                              ~ rule_id    = "r042-9fd1e096-cfc0-4288-8c58-ad08a81d9693" -> "r042-4effc8df-f274-4a2c-a489-40d972380f4a"
                                # (4 unchanged attributes hidden)
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "158.175.138.176/28"
                              + rule_id    = "r042-464b9e11-c1db-4866-870d-43300d7ec7a4"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "169.45.235.176/28"
                              + rule_id    = "r042-fdfc96d0-69c2-42a4-bb8d-5a83c4ee1121"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "169.61.191.64/27"
                              + rule_id    = "r042-3cafad49-66fd-4c89-b01b-a73244e40e65"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "149.81.123.64/27"
                              + rule_id    = "r042-8584e140-dd81-464f-a457-ff62d0fae97d"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "169.60.115.32/27"
                              + rule_id    = "r042-43e3d1cb-53d8-4d6a-be48-801991ac97e3"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "outbound"
                              + ip_version = "ipv4"
                              + port_max   = 0
                              + port_min   = 0
                              + protocol   = "all"
                              + remote     = "0.0.0.0/0"
                              + rule_id    = "r042-ab042bf6-6f4c-4187-bc21-300c1cee2c59"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "150.238.230.128/27"
                              + rule_id    = "r042-b98f35a2-a203-46ba-b296-92f4ccdb9f02"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "169.62.53.64/27"
                              + rule_id    = "r042-56d19aff-92ab-4466-90be-fc79cf029a84"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "158.175.106.64/27"
                              + rule_id    = "r042-d56abe21-6039-451e-b4b1-8730dbd95713"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 0
                              + port_min   = 0
                              + protocol   = "all"
                              + remote     = "10.0.0.0/8"
                              + rule_id    = "r042-4be24ba3-b4e4-4289-a661-70d1f929b8bf"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 0
                              + port_min   = 0
                              + protocol   = "all"
                              + remote     = "172.16.0.0/12"
                              + rule_id    = "r042-50e7a5a1-0560-4200-9d9b-13df9157733c"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "169.47.104.160/28"
                              + rule_id    = "r042-d937bd50-eadf-4f9a-971f-b2a0ba948904"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "149.81.135.64/28"
                              + rule_id    = "r042-1bf59467-e310-4284-aa33-efa532ce8e53"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 0
                              + port_min   = 0
                              + protocol   = "all"
                              + remote     = "161.26.0.0/16"
                              + rule_id    = "r042-72c70595-05fb-4485-85c4-0cbe2719e561"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "161.156.138.80/28"
                              + rule_id    = "r042-1d220fc8-c35c-4648-967a-7f033c90d587"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "169.60.172.144/28"
                              + rule_id    = "r042-acc6e6d3-fe54-496f-90f6-029c939a9952"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "161.156.37.160/27"
                              + rule_id    = "r042-53920c63-17a7-4888-9015-509527bceef3"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "169.62.1.224/28"
                              + rule_id    = "r042-ed55e6f1-f2d3-473d-9a9f-dcfb17e4b586"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "158.176.111.64/27"
                              + rule_id    = "r042-c473af5a-e1c6-4e14-83bf-d8631682cf0b"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "169.63.254.64/28"
                              + rule_id    = "r042-cbdde1c0-e616-480d-8e9c-6901e776fe93"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "159.122.111.224/27"
                              + rule_id    = "r042-73e939ac-0a6e-43a5-9ca1-eec3e066b74a"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "169.62.204.32/27"
                              + rule_id    = "r042-d98a9966-f23e-479d-a796-d4616c7af144"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "169.63.150.144/28"
                              + rule_id    = "r042-565b6a36-c99d-43d3-8532-4666675447cf"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "169.55.82.128/27"
                              + rule_id    = "r042-5e405735-5d46-46f4-a8b1-a5466dbb18bb"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "141.125.79.160/28"
                              + rule_id    = "r042-04fdee8a-fc97-42d9-a42c-ee3d93fd0069"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "158.176.134.80/28"
                              + rule_id    = "r042-06f7fbe2-2bac-47f8-aa42-1ad210497940"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "141.125.142.96/27"
                              + rule_id    = "r042-2cecbdc9-5f1c-4b47-aa24-0ab2206fd45a"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 0
                              + port_min   = 0
                              + protocol   = "all"
                              + remote     = "192.168.0.0/16"
                              + rule_id    = "r042-7d02ff16-edcb-4894-9c39-52c1e7483cfc"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 22
                              + port_min   = 22
                              + protocol   = "tcp"
                              + remote     = "0.0.0.0/0"
                              + rule_id    = "r042-283567bd-b4ff-4a9e-8560-8bcb72429dd5"
                              + type       = 0
                            },
                        ]
                    },
                  + {
                      + group_id   = "r042-973ea2d5-7e86-45c9-b229-9775f3c39772"
                      + group_name = "workload-sg"
                      + rules      = [
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 0
                              + port_min   = 0
                              + protocol   = "all"
                              + remote     = "172.16.0.0/12"
                              + rule_id    = "r042-bca1141b-6ecb-4586-b512-6b6a8ee2c2c6"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 0
                              + port_min   = 0
                              + protocol   = "all"
                              + remote     = "161.26.0.0/16"
                              + rule_id    = "r042-e9ca6908-2276-4985-a61e-c65e6fa4ca24"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 0
                              + port_min   = 0
                              + protocol   = "all"
                              + remote     = "10.0.0.0/8"
                              + rule_id    = "r042-371c6352-58c5-4cb4-adca-ee5670c2bcf0"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "outbound"
                              + ip_version = "ipv4"
                              + port_max   = 0
                              + port_min   = 0
                              + protocol   = "all"
                              + remote     = "0.0.0.0/0"
                              + rule_id    = "r042-6ad26b8a-e628-43c9-b5c2-4fb81bfc772b"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 0
                              + port_min   = 0
                              + protocol   = "all"
                              + remote     = "192.168.0.0/16"
                              + rule_id    = "r042-043ede86-1a64-4c71-8d68-bc174975c15e"
                              + type       = 0
                            },
                        ]
                    },
                  + {
                      + group_id   = "r042-c23ae8bf-1ff3-45d8-9142-613cf19f2248"
                      + group_name = "marital-bunny-gills-deport"
                      + rules      = [
                          + {
                              + code       = 0
                              + direction  = "outbound"
                              + ip_version = "ipv4"
                              + port_max   = 0
                              + port_min   = 0
                              + protocol   = "all"
                              + remote     = "0.0.0.0/0"
                              + rule_id    = "r042-c7eb2cab-88c7-4847-ad0b-4820b49ee617"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 0
                              + port_min   = 0
                              + protocol   = "all"
                              + remote     = "r042-c23ae8bf-1ff3-45d8-9142-613cf19f2248"
                              + rule_id    = "r042-9fd1e096-cfc0-4288-8c58-ad08a81d9693"
                              + type       = 0
                            },
                          + {
                              + code       = 0
                              + direction  = "inbound"
                              + ip_version = "ipv4"
                              + port_max   = 0
                              + port_min   = 0
                              + protocol   = "all"
                              + remote     = "0.0.0.0/0"
                              + rule_id    = "r042-8e94c145-2784-4c6a-a2c1-9f64cb15a750"
                              + type       = 0
                            },
                        ]
                    },
                ]
              ~ subnets                     = [
                  + {
                      + available_ipv4_address_count = 250
                      + id                           = "02t7-4415efb4-b35d-4ea6-a79b-c10075949ae8"
                      + name                         = "val2-edge-vsi-management-zone-1"
                      + status                       = "available"
                      + total_ipv4_address_count     = 256
                      + zone                         = "br-sao-1"
                    },
                  + {
                      + available_ipv4_address_count = 249
                      + id                           = "02t7-a941310e-1926-45e7-8f3b-343bc8b0b174"
                      + name                         = "val2-edge-vsi-workload-zone-1"
                      + status                       = "available"
                      + total_ipv4_address_count     = 256
                      + zone                         = "br-sao-1"
                    },
                  + {
                      + available_ipv4_address_count = 250
                      + id                           = "02t7-04a21b0f-7a73-4547-b351-b3dfff4b2cbc"
                      + name                         = "val2-edge-vpn-zone-1"
                      + status                       = "available"
                      + total_ipv4_address_count     = 256
                      + zone                         = "br-sao-1"
                    },
                  + {
                      + available_ipv4_address_count = 250
                      + id                           = "02t7-1cb167f2-b245-45c5-9335-40212decdac3"
                      + name                         = "val2-edge-vpe-zone-1"
                      + status                       = "available"
                      + total_ipv4_address_count     = 256
                      + zone                         = "br-sao-1"
                    },
                ]
                tags                        = []
                # (24 unchanged attributes hidden)
            }
            # (13 unchanged attributes hidden)
        },
    ]
surajsbharadwaj commented 4 months ago

What is the target date for this fix ? @jor2 and @ocofaigh ?

jor2 commented 4 months ago

@surajsbharadwaj We have investigated the issue and the problem you are seeing is due to the way our modules are structured. The difference on reapply is actually expected as vpc_data is an output from the time we call the landing-zone-vpc module. But we then attach some security groups and other resources in this module to the vpc we just created which in turns creates the diff on reapply.

I plan to bring this up on one of our deep dives to see if we can untangle these dependencies, but until then is there a reason you need vpc_data to be the latest updated version on first apply?

surajsbharadwaj commented 4 months ago

Hello @jor2 That is really required for us. Otherwise it is not possible to add load balancers and nfs files share to the correct security groups which relies on output of landing_zone

What happens is on first apply, the application load balancer and file storage share are created in the VPC default security group. (as vpc_data wouldn't have populated the list at all), and because of this the code block: [for security_group in module.landing_zone.vpc_data[0].vpc_data.security_group : security_group.group_id if security_group.group_name == "network-services-sg"] returns empty and the default VPC security group gets assigned,

I even explicitly added depends_on block, and still no use...

module "landing_zone" {
  source    = "terraform-ibm-modules/landing-zone/ibm//patterns//vsi//module"
  version   = "5.21.1"
  providers = { ibm = ibm.ibm-is }

  ssh_public_key       = var.ssh_public_key
  region               = lookup(local.ibm_powervs_zone_cloud_region_map, var.powervs_zone, null)
  prefix               = var.prefix
  override_json_string = local.override_json_string
}

module "vpc_file_share_alb" {
  ... 
  ... 
  file_share_security_group_ids = [for security_group in module.landing_zone.vpc_data[0].vpc_data.security_group : security_group.group_id if security_group.group_name == "network-services-sg"]
  alb_security_group_ids        = [for security_group in module.landing_zone.vpc_data[0].vpc_data.security_group : security_group.group_id if security_group.group_name == "network-services-sg"]

}
surajsbharadwaj commented 4 months ago

Here is the override_json:

{
    "resource_groups": [
        {
            "name": "slz-service-rg",
            "create": true,
            "use_prefix": true
        },
        {
            "name": "slz-edge-rg",
            "create": true,
            "use_prefix": true
        }
    ],
    "key_management": {
        "name": "slz-kms",
        "resource_group": "slz-service-rg",
        "use_hs_crypto": false,
        "use_data": false,
        "keys": [
            {
                "name": "slz-key",
                "key_ring": "slz-slz-ring",
                "root_key": true,
                "payload": null,
                "force_delete": null,
                "endpoint": null,
                "iv_value": null,
                "encrypted_nonce": null,
                "policies": {
                    "rotation": {
                        "interval_month": 12
                    }
                }
            },
            {
                "name": "slz-atracker-key",
                "key_ring": "slz-slz-ring",
                "root_key": true,
                "payload": null,
                "force_delete": null,
                "endpoint": null,
                "iv_value": null,
                "encrypted_nonce": null,
                "policies": {
                    "rotation": {
                        "interval_month": 12
                    }
                }
            },
            {
                "name": "slz-vsi-volume-key",
                "key_ring": "slz-slz-ring",
                "root_key": true,
                "payload": null,
                "force_delete": null,
                "endpoint": null,
                "iv_value": null,
                "encrypted_nonce": null,
                "policies": {
                    "rotation": {
                        "interval_month": 12
                    }
                }
            }
        ]
    },
    "wait_till": "IngressReady",
    "service_endpoints": "private",
    "vpn_gateways": [],
    "cos": [
        {
            "name": "atracker-cos",
            "plan": "standard",
            "random_suffix": true,
            "resource_group": "slz-service-rg",
            "use_data": false,
            "buckets": [
                {
                    "name": "atracker-bucket",
                    "storage_class": "standard",
                    "endpoint_type": "public",
                    "force_delete": true,
                    "kms_key": "slz-atracker-key"
                }
            ],
            "keys": [
                {
                    "name": "cos-bind-key",
                    "role": "Writer",
                    "enable_HMAC": false
                }
            ]
        },
        {
            "name": "cos",
            "plan": "standard",
            "random_suffix": true,
            "resource_group": "slz-service-rg",
            "use_data": false,
            "buckets": [
                {
                    "name": "edge-bucket",
                    "storage_class": "standard",
                    "endpoint_type": "public",
                    "force_delete": true,
                    "kms_key": "slz-key"
                }
            ],
            "keys": []
        }
    ],
    "atracker": {
        "collector_bucket_name": "atracker-bucket",
        "receive_global_events": true,
        "resource_group": "slz-service-rg",
        "add_route": true
    },
    "enable_transit_gateway": true,
    "transit_gateway_resource_group": "slz-service-rg",
    "transit_gateway_connections": [
        "edge"
    ],
    "security_groups": [
        {
            "name": "vpe-sg",
            "vpc_name": "edge",
            "resource_group": "slz-edge-rg",
            "show": false,
            "rules": [
                {
                    "direction": "inbound",
                    "name": "allow-ibm-inbound",
                    "source": "161.26.0.0/16"
                },
                {
                    "direction": "inbound",
                    "name": "allow-private1-inbound",
                    "source": "10.0.0.0/8"
                },
                {
                    "direction": "inbound",
                    "name": "allow-private2-inbound",
                    "source": "172.16.0.0/12"
                },
                {
                    "direction": "inbound",
                    "name": "allow-private3-inbound",
                    "source": "192.168.0.0/16"
                },
                {
                    "direction": "outbound",
                    "name": "allow-all-outbound",
                    "source": "0.0.0.0/0"
                }
            ]
        }
    ],
    "network_cidr": "10.0.0.0/8",
    "vpcs": [
        {
            "prefix": "edge",
            "resource_group": "slz-edge-rg",
            "clean_default_sg_acl": false,
            "flow_logs_bucket_name": "atracker-bucket",
            "default_security_group_rules": [
                {
                    "name": "all-inbound",
                    "direction": "inbound",
                    "remote": "0.0.0.0/0"
                }
            ],
            "address_prefixes": {
                "zone-1": [
                    "10.30.10.4/24",
                    "10.30.20.0/24",
                    "10.30.30.0/24",
                    "10.30.40.0/24"
                ]
            },
            "network_acls": [
                {
                    "name": "acl",
                    "rules": [
                        {
                            "name": "allow-all-inbound",
                            "action": "allow",
                            "direction": "inbound",
                            "source": "0.0.0.0/0",
                            "destination": "0.0.0.0/0"
                        },
                        {
                            "name": "allow-all-outbound",
                            "action": "allow",
                            "direction": "outbound",
                            "source": "0.0.0.0/0",
                            "destination": "0.0.0.0/0"
                        }
                    ]
                }
            ],
            "subnets": {
                "zone-1": [
                    {
                        "name": "vpn-zone-1",
                        "cidr": "10.30.10.0/24",
                        "public_gateway": false,
                        "acl_name": "acl"
                    },
                    {
                        "name": "vsi-management-zone-1",
                        "cidr": "10.30.20.0/24",
                        "public_gateway": false,
                        "acl_name": "acl"
                    },
                    {
                        "name": "vpe-zone-1",
                        "cidr": "10.30.30.0/24",
                        "public_gateway": false,
                        "acl_name": "acl"
                    },
                    {
                        "name": "vsi-edge-zone-1",
                        "cidr": "10.30.40.0/24",
                        "public_gateway": true,
                        "acl_name": "acl"
                    }

                ],
                "zone-2": null,
                "zone-3": null
            },
            "use_public_gateways": {
                "zone-1": true,
                "zone-2": false,
                "zone-3": false
            }
        }
    ],
    "vsi": [
        {
            "name": "jump-box",
            "image_name": "${vsi_image}",
            "machine_type": "cx2-2x4",
            "vpc_name": "edge",
            "resource_group": "slz-edge-rg",
            "enable_floating_ip": true,
            "boot_volume_encryption_key_name": "slz-vsi-volume-key",
            "ssh_keys": ["ssh-key"],
            "vsi_per_subnet": 1,
            "subnet_names": ["vsi-management-zone-1"],
            "block_storage_volumes": [],
            "security_group": {
                "name": "management-sg",
                "vpc_name": "edge",
                "rules": [
                    {
                        "name": "allow-ibm-inbound",
                        "direction": "inbound",
                        "source": "161.26.0.0/16"
                    },
                    {
                        "name": "allow-private1-inbound",
                        "direction": "inbound",
                        "source": "10.0.0.0/8",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-private2-inbound",
                        "direction": "inbound",
                        "source": "172.16.0.0/12",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-private3-inbound",
                        "direction": "inbound",
                        "source": "192.168.0.0/16",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics1",
                        "direction": "inbound",
                        "source": "169.45.235.176/28",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics2",
                        "direction": "inbound",
                        "source": "169.55.82.128/27",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics3",
                        "direction": "inbound",
                        "source": "169.60.115.32/27",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics4",
                        "direction": "inbound",
                        "source": "169.63.150.144/28",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics5",
                        "direction": "inbound",
                        "source": "169.62.1.224/28",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics6",
                        "direction": "inbound",
                        "source": "169.62.53.64/27",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics7",
                        "direction": "inbound",
                        "source": "150.238.230.128/27",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics8",
                        "direction": "inbound",
                        "source": "169.63.254.64/28",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics9",
                        "direction": "inbound",
                        "source": "169.47.104.160/28",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics10",
                        "direction": "inbound",
                        "source": "169.61.191.64/27",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics11",
                        "direction": "inbound",
                        "source": "169.60.172.144/28",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics12",
                        "direction": "inbound",
                        "source": "169.62.204.32/27",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics13",
                        "direction": "inbound",
                        "source": "158.175.106.64/27",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics14",
                        "direction": "inbound",
                        "source": "158.175.138.176/28",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics15",
                        "direction": "inbound",
                        "source": "141.125.79.160/28",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics16",
                        "direction": "inbound",
                        "source": "141.125.142.96/27",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics17",
                        "direction": "inbound",
                        "source": "158.176.111.64/27",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics18",
                        "direction": "inbound",
                        "source": "158.176.134.80/28",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics19",
                        "direction": "inbound",
                        "source": "149.81.123.64/27",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics20",
                        "direction": "inbound",
                        "source": "149.81.135.64/28",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics21",
                        "direction": "inbound",
                        "source": "158.177.210.176/28",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics22",
                        "direction": "inbound",
                        "source": "158.177.216.144/28",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics23",
                        "direction": "inbound",
                        "source": "161.156.138.80/28",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics24",
                        "direction": "inbound",
                        "source": "159.122.111.224/27",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "name": "allow-ssh-inbound-schematics25",
                        "direction": "inbound",
                        "source": "161.156.37.160/27",
                        "tcp": {
                            "port_max": 22,
                            "port_min": 22
                        }
                    },
                    {
                        "direction": "outbound",
                        "name": "allow-all-outbound",
                        "source": "0.0.0.0/0"
                    }
                ]
            }
        },
        {
            "name": "network-services",
            "image_name": "${vsi_image}",
            "machine_type": "cx2-2x4",
            "vpc_name": "edge",
            "resource_group": "slz-edge-rg",
            "enable_floating_ip": false,
            "boot_volume_encryption_key_name": "slz-vsi-volume-key",
            "ssh_keys": ["ssh-key"],
            "vsi_per_subnet": 1,
            "subnet_names": ["vsi-edge-zone-1"],
            "block_storage_volumes": [],
            "security_group": {
                "name": "network-services-sg",
                "vpc_name": "egde",
                "rules": [
                    {
                        "direction": "inbound",
                        "name": "allow-ibm-inbound",
                        "source": "161.26.0.0/16"
                    },
                    {
                        "direction": "inbound",
                        "name": "allow-private1-inbound",
                        "source": "10.0.0.0/8"
                    },
                    {
                        "direction": "inbound",
                        "name": "allow-private2-inbound",
                        "source": "172.16.0.0/12"
                    },
                    {
                        "direction": "inbound",
                        "name": "allow-private3-inbound",
                        "source": "192.168.0.0/16"
                    },
                    {
                        "direction": "outbound",
                        "name": "allow-all-outbound",
                        "source": "0.0.0.0/0"
                    }
                ]
            }
        }
    ],
    "virtual_private_endpoints": [
        {
            "service_name": "cos",
            "service_type": "cloud-object-storage",
            "resource_group": "slz-edge-rg",
            "vpcs": [
                {
                    "name": "edge",
                    "security_group_name": "vpe-sg",
                    "subnets": [
                        "vpe-zone-1"
                    ]
                }
            ]
        }
    ]
}
ocofaigh commented 3 months ago

This is fixed