V2

.gitignore

@@ -8,4 +8,6 @@ provider.tf
 *.x
 *.yaml
 dev.sh
-*.sh
+*.sh
+node_modules/
+package-lock.json

README.md

@@ -1,4 +1,4 @@
-# Easy Multizone VPC Red Hat OpenShift Cluster
+# Easy Multizone VPC Red Hat OpenShift Cluster (Version 2)
 
 This template allows users to easily create a VPC with one subnet in each of three zones, with a Red Hat OpenShift Cluster distributed in each zone with very few inputs needed by the user to quickly start using IBM Cloud VPC .
 

acceptance_tests/acl_rules.json

@@ -0,0 +1,200 @@
+[
+  {
+    "action": "allow",
+    "destination": "0.0.0.0/0",
+    "direction": "inbound",
+    "icmp": [],
+    "name": "roks-create-worker-nodes-inbound",
+    "source": "161.26.0.0/16",
+    "tcp": [],
+    "udp": []
+  },
+  {
+    "action": "allow",
+    "destination": "161.26.0.0/16",
+    "direction": "outbound",
+    "icmp": [],
+    "name": "roks-create-worker-nodes-outbound",
+    "source": "0.0.0.0/0",
+    "tcp": [],
+    "udp": []
+  },
+  {
+    "action": "allow",
+    "destination": "0.0.0.0/0",
+    "direction": "inbound",
+    "icmp": [],
+    "name": "roks-nodes-to-service-inbound",
+    "source": "166.8.0.0/14",
+    "tcp": [],
+    "udp": []
+  },
+  {
+    "action": "allow",
+    "destination": "166.8.0.0/14",
+    "direction": "outbound",
+    "icmp": [],
+    "name": "roks-nodes-to-service-outbound",
+    "source": "0.0.0.0/0",
+    "tcp": [],
+    "udp": []
+  },
+  {
+    "action": "allow",
+    "destination": "0.0.0.0/0",
+    "direction": "inbound",
+    "icmp": [],
+    "name": "allow-app-incoming-traffic-requests",
+    "source": "0.0.0.0/0",
+    "tcp": [
+      {
+        "port_max": 65535,
+        "port_min": 1,
+        "source_port_max": 30000,
+        "source_port_min": 30000
+      }
+    ],
+    "udp": []
+  },
+  {
+    "action": "allow",
+    "destination": "0.0.0.0/0",
+    "direction": "outbound",
+    "icmp": [],
+    "name": "allow-app-outgoing-traffic-requests",
+    "source": "0.0.0.0/0",
+    "tcp": [
+      {
+        "port_max": 32767,
+        "port_min": 30000,
+        "source_port_max": 1,
+        "source_port_min": 1
+      }
+    ],
+    "udp": []
+  },
+  {
+    "action": "allow",
+    "destination": "0.0.0.0/0",
+    "direction": "inbound",
+    "icmp": [],
+    "name": "allow-lb-incoming-traffic-requests",
+    "source": "0.0.0.0/0",
+    "tcp": [
+      {
+        "port_max": 443,
+        "port_min": 443,
+        "source_port_max": 1,
+        "source_port_min": 1
+      }
+    ],
+    "udp": []
+  },
+  {
+    "action": "allow",
+    "destination": "0.0.0.0/0",
+    "direction": "outbound",
+    "icmp": [],
+    "name": "allow-lb-outgoing-traffic-requests",
+    "source": "0.0.0.0/0",
+    "tcp": [
+      {
+        "port_max": 65535,
+        "port_min": 1,
+        "source_port_max": 443,
+        "source_port_min": 443
+      }
+    ],
+    "udp": []
+  },
+  {
+    "action": "allow",
+    "destination": "0.0.0.0/0",
+    "direction": "inbound",
+    "icmp": [],
+    "name": "allow-inbound-ez-roks-test-allow-all",
+    "source": "0.0.0.0/0",
+    "tcp": [],
+    "udp": []
+  },
+  {
+    "action": "allow",
+    "destination": "0.0.0.0/0",
+    "direction": "outbound",
+    "icmp": [],
+    "name": "allow-outbound-ez-roks-test-allow-all",
+    "source": "0.0.0.0/0",
+    "tcp": [],
+    "udp": []
+  },
+  {
+    "action": "allow",
+    "destination": "0.0.0.0/0",
+    "direction": "inbound",
+    "icmp": [],
+    "name": "allow-inbound-ez-roks-test-subnet-zone-1",
+    "source": "10.10.10.0/24",
+    "tcp": [],
+    "udp": []
+  },
+  {
+    "action": "allow",
+    "destination": "10.10.10.0/24",
+    "direction": "outbound",
+    "icmp": [],
+    "name": "allow-outbound-ez-roks-test-subnet-zone-1",
+    "source": "0.0.0.0/0",
+    "tcp": [],
+    "udp": []
+  },
+  {
+    "action": "allow",
+    "destination": "0.0.0.0/0",
+    "direction": "inbound",
+    "icmp": [],
+    "name": "allow-inbound-ez-roks-test-subnet-zone-2",
+    "source": "10.20.10.0/24",
+    "tcp": [],
+    "udp": []
+  },
+  {
+    "action": "allow",
+    "destination": "10.20.10.0/24",
+    "direction": "outbound",
+    "icmp": [],
+    "name": "allow-outbound-ez-roks-test-subnet-zone-2",
+    "source": "0.0.0.0/0",
+    "tcp": [],
+    "udp": []
+  },
+  {
+    "action": "allow",
+    "destination": "0.0.0.0/0",
+    "direction": "inbound",
+    "icmp": [],
+    "name": "allow-inbound-ez-roks-test-subnet-zone-3",
+    "source": "10.30.10.0/24",
+    "tcp": [],
+    "udp": []
+  },
+  {
+    "action": "allow",
+    "destination": "10.30.10.0/24",
+    "direction": "outbound",
+    "icmp": [],
+    "name": "allow-outbound-ez-roks-test-subnet-zone-3",
+    "source": "0.0.0.0/0",
+    "tcp": [],
+    "udp": []
+  },
+  {
+    "action": "allow",
+    "destination": "0.0.0.0/0",
+    "direction": "outbound",
+    "icmp": [],
+    "name": "allow-all-outbound",
+    "source": "0.0.0.0/0",
+    "tcp": [],
+    "udp": []
+  }
+]

acceptance_tests/ez-mt-vpc.test.js

@@ -0,0 +1,144 @@
+const tfxjs = require("tfxjs");
+const tfx = new tfxjs("../", {
+  ibmcloud_api_key: process.env.API_KEY,
+  prefix: "ez-roks-test",
+  region: "us-south",
+});
+
+tfx.plan("Easy Multizone ROKS Network", () => {
+  tfx.module(
+    "Easy VPC",
+    "module.ez_vpc",
+    tfx.resource("OpenShift Cluster", "ibm_container_vpc_cluster.cluster", {
+      disable_public_service_endpoint: true,
+      entitlement: "cloud_pak",
+      flavor: "bx2.4x16",
+      kube_version: tfx.expect("should contain _openshift", (kube_version) => {
+        return kube_version.indexOf("_openshift") !== -1;
+      }),
+      name: "ez-roks-test-roks-cluster",
+      tags: ["ez-vpc", "multizone-vpc"],
+      wait_till: "IngressReady",
+      worker_count: 2,
+      zones: [
+        { name: "us-south-1" },
+        { name: "us-south-2" },
+        { name: "us-south-3" },
+      ],
+    }),
+    tfx.resource("Object Storage Instance", "ibm_resource_instance.cos[0]", {
+      location: "global",
+      name: "ez-cluster-vpc-cos",
+      plan: "standard",
+      service: "cloud-object-storage",
+      tags: ["ez-vpc", "multizone-vpc"],
+    })
+  );
+  tfx.module(
+    "VPC Module",
+    "module.ez_vpc.module.vpc",
+    tfx.resource("Development ACL", 'ibm_is_network_acl.network_acl["acl"]', {
+      name: "ez-roks-test-acl",
+      rules: require("./acl_rules.json"),
+    }),
+    tfx.resource(
+      "Public Gateway Zone 1",
+      'ibm_is_public_gateway.gateway["zone-1"]',
+      {
+        name: "ez-roks-test-public-gateway-zone-1",
+        zone: "us-south-1",
+      }
+    ),
+    tfx.resource(
+      "Public Gateway Zone 2",
+      'ibm_is_public_gateway.gateway["zone-2"]',
+      {
+        name: "ez-roks-test-public-gateway-zone-2",
+        zone: "us-south-2",
+      }
+    ),
+    tfx.resource(
+      "Public Gateway Zone 3",
+      'ibm_is_public_gateway.gateway["zone-3"]',
+      {
+        name: "ez-roks-test-public-gateway-zone-3",
+        zone: "us-south-3",
+      }
+    ),
+    tfx.resource(
+      "Allow All Inbound Default Rule",
+      'ibm_is_security_group_rule.default_vpc_rule["allow-all-inbound"]',
+      {
+        direction: "inbound",
+        icmp: [],
+        ip_version: "ipv4",
+        remote: "0.0.0.0/0",
+        tcp: [],
+        udp: [],
+      }
+    ),
+    tfx.resource(
+      "VPC Zone 1 Subnet",
+      'ibm_is_subnet.subnet["ez-roks-test-subnet-zone-1"]',
+      {
+        ip_version: "ipv4",
+        ipv4_cidr_block: "10.10.10.0/24",
+        name: "ez-roks-test-subnet-zone-1",
+        zone: "us-south-1",
+      }
+    ),
+    tfx.resource(
+      "VPC Zone 2 Subnet",
+      'ibm_is_subnet.subnet["ez-roks-test-subnet-zone-2"]',
+      {
+        ip_version: "ipv4",
+        ipv4_cidr_block: "10.20.10.0/24",
+        name: "ez-roks-test-subnet-zone-2",
+        zone: "us-south-2",
+      }
+    ),
+    tfx.resource(
+      "VPC Zone 3 Subnet",
+      'ibm_is_subnet.subnet["ez-roks-test-subnet-zone-3"]',
+      {
+        ip_version: "ipv4",
+        ipv4_cidr_block: "10.30.10.0/24",
+        name: "ez-roks-test-subnet-zone-3",
+        zone: "us-south-3",
+      }
+    ),
+    tfx.resource("VPC", "ibm_is_vpc.vpc", {
+      address_prefix_management: "manual",
+      classic_access: false,
+      name: "ez-roks-test-vpc",
+      tags: ["ez-vpc", "multizone-vpc"],
+    }),
+    tfx.resource(
+      "VPC Zone 1 Subnet Prefix",
+      'ibm_is_vpc_address_prefix.subnet_prefix["ez-roks-test-subnet-zone-1"]',
+      {
+        cidr: "10.10.10.0/24",
+        name: "ez-roks-test-subnet-zone-1",
+        zone: "us-south-1",
+      }
+    ),
+    tfx.resource(
+      "VPC Zone 2 Subnet Prefix",
+      'ibm_is_vpc_address_prefix.subnet_prefix["ez-roks-test-subnet-zone-2"]',
+      {
+        cidr: "10.20.10.0/24",
+        name: "ez-roks-test-subnet-zone-2",
+        zone: "us-south-2",
+      }
+    ),
+    tfx.resource(
+      "VPC Zone 3 Subnet Prefix",
+      'ibm_is_vpc_address_prefix.subnet_prefix["ez-roks-test-subnet-zone-3"]',
+      {
+        cidr: "10.30.10.0/24",
+        name: "ez-roks-test-subnet-zone-3",
+        zone: "us-south-3",
+      }
+    ),
+  );
+});

acceptance_tests/package.json

@@ -0,0 +1,14 @@
+{
+  "name": "acceptance_tests",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "tfx ez-mt-vpc.test.js"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "tfxjs": "^0.4.0"
+  }
+}

main.tf

@@ -3,7 +3,7 @@
 ##############################################################################
 
 provider "ibm" {
-  ibmcloud_api_key = var.ibmcloud_api_key
+  # ibmcloud_api_key = var.ibmcloud_api_key # comment out and remove variable for schematics runs
   region           = var.region
   ibmcloud_timeout = 60
 }