Skip to content

Commit

Permalink
OCM-6285 | feat: Day 1 SG support for HCP
Browse files Browse the repository at this point in the history
  • Loading branch information
hunterkepley authored and openshift-merge-bot[bot] committed Oct 16, 2024
1 parent cdbfff6 commit 6b69a69
Show file tree
Hide file tree
Showing 9 changed files with 138 additions and 14 deletions.
1 change: 1 addition & 0 deletions docs/data-sources/cluster_rosa_hcp.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ data "rhcs_cluster_rosa_hcp" "cluster" {
- `api_url` (String) URL of the API server.
- `availability_zones` (List of String) Availability zones. This attribute specifically applies to the Worker Machine Pool and becomes irrelevant once the resource is created. Any modifications to the initial Machine Pool should be made through the Terraform imported Machine Pool resource. For more details, refer to [Worker Machine Pool in ROSA Cluster](../guides/worker-machine-pool.md)
- `aws_account_id` (String) Identifier of the AWS account. After the creation of the resource, it is not possible to update the attribute value.
- `aws_additional_compute_security_group_ids` (List of String) AWS additional compute security group ids. After the creation of the resource, it is not possible to update the attribute value.
- `aws_billing_account_id` (String) Identifier of the AWS account for billing. After the creation of the resource, it is not possible to update the attribute value.
- `aws_subnet_ids` (List of String) AWS subnet IDs. After the creation of the resource, it is not possible to update the attribute value.
- `channel_group` (String) This attribute is not supported for cluster data source. Therefore, it will not be displayed as an output of the datasource
Expand Down
1 change: 1 addition & 0 deletions docs/resources/cluster_rosa_hcp.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ resource "rhcs_cluster_rosa_hcp" "rosa_sts_cluster" {
### Optional

- `admin_credentials` (Attributes) Admin user credentials. After the creation of the resource, it is not possible to update the attribute value. (see [below for nested schema](#nestedatt--admin_credentials))
- `aws_additional_compute_security_group_ids` (List of String) AWS additional compute security group ids.
- `channel_group` (String) Name of the channel group where you select the OpenShift cluster version, for example 'stable'. For ROSA, only 'stable' is supported. After the creation of the resource, it is not possible to update the attribute value.
- `compute_machine_type` (String) Identifies the machine type used by the initial worker nodes, for example `m5.xlarge`. Use the `rhcs_machine_types` data source to find the possible values. This attribute specifically applies to the Worker Machine Pool and becomes irrelevant once the resource is created. Any modifications to the initial Machine Pool should be made through the Terraform imported Machine Pool resource. For more details, refer to [Worker Machine Pool in ROSA Cluster](../guides/worker-machine-pool.md)
- `create_admin_user` (Boolean) Indicates if create cluster admin user. Set it true to create cluster admin user with default username `cluster-admin` and generated password. It will be ignored if `admin_credentials` is set.After the creation of the resource, it is not possible to update the attribute value.
Expand Down
5 changes: 5 additions & 0 deletions provider/clusterrosa/hcp/datasource.go
Original file line number Diff line number Diff line change
Expand Up @@ -260,6 +260,11 @@ func (r *ClusterRosaHcpDatasource) Schema(ctx context.Context, req datasource.Sc
Description: deprecatedMessage,
Computed: true,
},
"aws_additional_compute_security_group_ids": schema.ListAttribute{
Description: "AWS additional compute security group ids. " + common.ValueCannotBeChangedStringDescription,
ElementType: types.StringType,
Computed: true,
},
},
}
}
Expand Down
12 changes: 11 additions & 1 deletion provider/clusterrosa/hcp/resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -374,6 +374,11 @@ func (r *ClusterRosaHcpResource) Schema(ctx context.Context, req resource.Schema
Description: "Compute node root disk size, in GiB. " + rosaTypes.PoolMessage,
Optional: true,
},
"aws_additional_compute_security_group_ids": schema.ListAttribute{
Description: "AWS additional compute security group ids.",
ElementType: types.StringType,
Optional: true,
},
},
}
}
Expand Down Expand Up @@ -519,6 +524,10 @@ func createHcpClusterObject(ctx context.Context,
if err != nil {
return nil, err
}
awsAdditionalComputeSecurityGroupIds, err := common.StringListToArray(ctx, state.AWSAdditionalComputeSecurityGroupIds)
if err != nil {
return nil, err
}
var stsBuilder *cmv1.STSBuilder
if state.Sts != nil {
stsBuilder = ocmr.CreateSTS(state.Sts.RoleARN.ValueString(), state.Sts.SupportRoleArn.ValueString(),
Expand All @@ -533,7 +542,7 @@ func createHcpClusterObject(ctx context.Context,
if err := ocmClusterResource.CreateAWSBuilder(rosaTypes.Hcp, awsTags, ec2MetadataHttpTokens,
kmsKeyARN, etcdKmsKeyArn,
isPrivate, awsAccountID, awsBillingAccountId, stsBuilder, awsSubnetIDs, nil, nil,
nil, nil, nil); err != nil {
awsAdditionalComputeSecurityGroupIds, nil, nil); err != nil {
return nil, err
}

Expand Down Expand Up @@ -874,6 +883,7 @@ func validateNoImmutableAttChange(state, plan *ClusterRosaHcpState) diag.Diagnos
common.ValidateStateAndPlanEquals(state.Sts.InstanceIAMRoles.WorkerRoleARN, plan.Sts.InstanceIAMRoles.WorkerRoleARN, "sts.instance_iam_roles.worker_role_arn", &diags)
common.ValidateStateAndPlanEquals(state.Sts.OIDCConfigID, plan.Sts.OIDCConfigID, "sts.oidc_config_id", &diags)
common.ValidateStateAndPlanEquals(state.Sts.OperatorRolePrefix, plan.Sts.OperatorRolePrefix, "sts.operator_role_prefix", &diags)
common.ValidateStateAndPlanEquals(state.AWSAdditionalComputeSecurityGroupIds, plan.AWSAdditionalComputeSecurityGroupIds, "aws_additional_compute_security_group_ids", &diags)

// default node pool's attributes
//common.ValidateStateAndPlanEquals(state.AutoScalingEnabled, plan.AutoScalingEnabled, "autoscaling_enabled", &diags)
Expand Down
17 changes: 9 additions & 8 deletions provider/clusterrosa/hcp/state.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,14 +22,15 @@ type ClusterRosaHcpState struct {
State types.String `tfsdk:"state"`

// AWS fields
AWSAccountID types.String `tfsdk:"aws_account_id"`
AWSBillingAccountID types.String `tfsdk:"aws_billing_account_id"`
AWSSubnetIDs types.List `tfsdk:"aws_subnet_ids"`
Sts *sts.HcpSts `tfsdk:"sts"`
CloudRegion types.String `tfsdk:"cloud_region"`
KMSKeyArn types.String `tfsdk:"kms_key_arn"`
EtcdKmsKeyArn types.String `tfsdk:"etcd_kms_key_arn"`
Tags types.Map `tfsdk:"tags"`
AWSAccountID types.String `tfsdk:"aws_account_id"`
AWSBillingAccountID types.String `tfsdk:"aws_billing_account_id"`
AWSSubnetIDs types.List `tfsdk:"aws_subnet_ids"`
Sts *sts.HcpSts `tfsdk:"sts"`
CloudRegion types.String `tfsdk:"cloud_region"`
KMSKeyArn types.String `tfsdk:"kms_key_arn"`
EtcdKmsKeyArn types.String `tfsdk:"etcd_kms_key_arn"`
Tags types.Map `tfsdk:"tags"`
AWSAdditionalComputeSecurityGroupIds types.List `tfsdk:"aws_additional_compute_security_group_ids"`

// Network fields
Domain types.String `tfsdk:"domain"`
Expand Down
96 changes: 96 additions & 0 deletions subsystem/hcp/cluster_resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3564,6 +3564,102 @@ var _ = Describe("HCP Cluster", func() {
Expect(runOutput.ExitCode).To(BeZero())
})

It("Creates private cluster with aws subnet ids & additional security groups", func() {
// Prepare the server:
TestServer.AppendHandlers(
CombineHandlers(
VerifyRequest(http.MethodGet, "/api/clusters_mgmt/v1/versions"),
RespondWithJSON(http.StatusOK, versionListPage),
),
CombineHandlers(
VerifyRequest(http.MethodPost, "/api/clusters_mgmt/v1/clusters"),
VerifyJQ(`.name`, "my-cluster"),
VerifyJQ(`.cloud_provider.id`, "aws"),
VerifyJQ(`.region.id`, "us-west-1"),
VerifyJQ(`.product.id`, "rosa"),
VerifyJQ(`.aws.subnet_ids.[0]`, "id1"),
VerifyJQ(`.aws.private_link`, true),
VerifyJQ(`.nodes.availability_zones.[0]`, "us-west-1a"),
VerifyJQ(`.api.listening`, "internal"),
VerifyJQ(`.aws.additional_compute_security_group_ids.[0]`, "id1"),
RespondWithPatchedJSON(http.StatusOK, template, `[
{
"op": "add",
"path": "/aws",
"value": {
"private_link": true,
"subnet_ids": ["id1", "id2", "id3"],
"additional_compute_security_group_ids": ["id1"],
"sts" : {
"oidc_endpoint_url": "https://127.0.0.1",
"thumbprint": "111111",
"role_arn": "",
"support_role_arn": "",
"instance_iam_roles" : {
"worker_role_arn" : ""
},
"operator_role_prefix" : "test"
}
}
},
{
"op": "add",
"path": "/api",
"value": {
"listening": "internal"
}
},
{
"op": "replace",
"path": "/nodes",
"value": {
"availability_zones": [
"us-west-1a",
"us-west-1b",
"us-west-1c"
],
"compute_machine_type": {
"id": "r5.xlarge"
}
}
}]`),
),
)

// Run the apply command:
Terraform.Source(`
resource "rhcs_cluster_rosa_hcp" "my_cluster" {
name = "my-cluster"
cloud_region = "us-west-1"
aws_account_id = "123456789012"
aws_billing_account_id = "123456789012"
private = true
aws_subnet_ids = [
"id1", "id2", "id3"
]
aws_additional_compute_security_group_ids = [
"id1"
]
sts = {
operator_role_prefix = "test"
role_arn = "",
support_role_arn = "",
instance_iam_roles = {
worker_role_arn = "",
}
}
availability_zones = [
"us-west-1a",
"us-west-1b",
"us-west-1c",
]
}`)
runOutput := Terraform.Apply()
Expect(runOutput.ExitCode).To(BeZero())
resource := Terraform.Resource("rhcs_cluster_rosa_hcp", "my_cluster")
Expect(resource).To(MatchJQ(".attributes.aws_additional_compute_security_group_ids.[0]", "id1"))
})

It("Creates cluster when private link is false", func() {
// Prepare the server:
TestServer.AppendHandlers(
Expand Down
11 changes: 6 additions & 5 deletions tests/tf-manifests/rhcs/clusters/rosa-hcp/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -78,11 +78,12 @@ resource "rhcs_cluster_rosa_hcp" "rosa_hcp_cluster" {
lifecycle {
ignore_changes = [availability_zones]
}
wait_for_create_complete = var.wait_for_cluster
wait_for_std_compute_nodes_complete = var.wait_for_cluster
disable_waiting_in_destroy = var.disable_waiting_in_destroy
registry_config = var.registry_config
worker_disk_size = var.worker_disk_size
aws_additional_compute_security_group_ids = var.additional_compute_security_groups
wait_for_create_complete = var.wait_for_cluster
wait_for_std_compute_nodes_complete = var.wait_for_cluster
disable_waiting_in_destroy = var.disable_waiting_in_destroy
registry_config = var.registry_config
worker_disk_size = var.worker_disk_size
}

resource "rhcs_cluster_wait" "rosa_cluster" { # id: 71869
Expand Down
4 changes: 4 additions & 0 deletions tests/tf-manifests/rhcs/clusters/rosa-hcp/output.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,7 @@ output "properties" {
output "tags" {
value = rhcs_cluster_rosa_hcp.rosa_hcp_cluster.tags
}

output "additional_compute_security_groups" {
value = rhcs_cluster_rosa_hcp.rosa_hcp_cluster.aws_additional_compute_security_group_ids
}
5 changes: 5 additions & 0 deletions tests/tf-manifests/rhcs/clusters/rosa-hcp/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -220,3 +220,8 @@ variable "worker_disk_size" {
type = number
default = null
}

variable "additional_compute_security_groups" {
type = list(string)
default = null
}

0 comments on commit 6b69a69

Please sign in to comment.