Merge remote-tracking branch 'internal/main'

.docs/powervs-poc.md

@@ -47,12 +47,10 @@ To set the public SSH key value for the VPC VSI, click on the red `VPC Deploymen
 To set the public SSH key value for the Power VS VSIs, click on the red `Power VS` item on the left navigation bar, then click on the key icon. Click on the key icon, expand the SSH Keys section, fill in the public key value, and click the Save button.
 
 ### On-premises network CIDRS and Peer Address
-To set network CIDRs that are being used by the on-prem environment the VPN Gateway and a routing table must be updated.
+To set network CIDRs that are being used by the on-prem environment the VPN Gateway must be updated.
 
 To update the VPN Gateway, click on `VPC Deployments` on the left navigation bar. Scroll down and click on the gateway icon in the `vpn-zone-1` network. Expand the connection section and update the network CIDR in the `Additional Address Prefixes` and `Peer CIDRs` fields. Set VPN connection Peer Address, the address for the on-prem connection, in the `Peer Address` field. Click on both blue Save buttons when finished.
 
-To update the VPN Gateway, click on `VPC Deployments` on the left navigation bar then click on the `poweringress` routing table icon. Change the on-prem CIDR in the `Destination` field and click the blue Save button.
-
 #### On-premises network CIDR outside of 10.0.0.0/8
 If you are using an on-premises network CIDR outside of the `10.0.0.0/8` range in addition to the changes above you will need to add inbound and outbound rules to the `transit-vsi` and `transit-vpe` security groups. These security groups can be found by clicking on `VPC Deployments` on the left navigation bar and then clicking on each security group icon.
 
@@ -135,23 +133,6 @@ IBM Cloud Schematics provides a cost estimation for the project resources after
 
 ## Post-deployment configuration
 
-### Update Power VS route to VPN Gateway
-After deploying the PoC resources the routing table for traffic from Power VS to the VPN Gateway for on-premises must be updated.
-
-First, find the VPN Gateway for VPC's active private address.
-> * You can find this address from [IBM cloud console](https://cloud.ibm.com/).
-> * From left menu click on `VPC Infrastructures > VPNs`. 
-> * Select the region where VPN has been deployed and all VPNs in that region will be listed. 
-> * Select the VPN that was deployed.
-> * Copy or write down the Private IP of the active gateway member
-
-Update the routing table:
-> * From left menu click on `VPC Infrastructures > Routing Tables`. 
-> * Select the VPC that was deployed.
-> * Select the routing table with `poweringress` in its name.
-> Modify the route by clicking the 3 vertical dot icon and choosing Edit.
-> Set the Next hop IP address to the private IP address of the active VPN gateway member
-
 ### Virtual server configuration
 After deploying the PoC resources additional configuration in the VSI operating systems is usually required. IBM i VSIs deployed using the stock images have [required post-deployment configuration](https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-configuring-ibmi).
 

.gitignore

@@ -34,3 +34,4 @@ tfxjs.tfvars
 tf-test/
 dev/
 
+vars.yml

CHANGELOG.md

@@ -2,6 +2,30 @@
 
 All notable changes to this project will be documented in this file.
 
+## 1.12.2
+
+### Upgrade Notes
+
+- IBM Cloud Terraform provider version updated to `1.63.0` to add support for Power VS IBM i Licenses
+
+### Features
+
+- A new file `outputs.tf` is now added to each CRAIG Terraform template
+- VPC names, IDs, and CRNs are exported as outputs
+- Subnet names, IDs, and CRNS are exported as outputs
+- VPC Security Group names, and IDs are exported as outputs
+- VPC Virtual Server primary IPs and floating IPs are exported as outputs
+- When bringing your own certificate for VPN Servers, two separate certificates are now imported. Additional variables have been added to support the new imported certificate
+- Users can now create, update, and delete Classic Security Groups and their rules from the Classic Security Groups page `/forms/classicSecurityGroups`
+- Users can now add IBM i licenses to Power VS instances with IBM i images
+- Users can now import existing VPC security groups for existing VPCs
+
+### Fixes
+
+- Fixed an issue causing certificates imported into an existing Secrets Manager instance to have incorrect references within Terraform
+- Fixed an issue causing nested forms to not be shown by default when invalid
+- Fixed issues causing imported SLZ JSON files to crash the application on import
+
 ## 1.12.1
 
 ### Upgrade Notes

ansible/template-test/main.yml

@@ -0,0 +1,138 @@
+---
+# To setup this directory to run locally, copy /vars/vars.template.yml to /vars/vars.yml and fill in needed
+# values
+# To run the playbook locally, run `ansible-playbook main.yml` in this directory.
+# This playbook creates a schematics workspace, uploads a craig .tar file for a specific template to 
+# that workspace, generates a plan, applies the plan to create the resources in the template, and destroys 
+# the newly created resources.
+# If any step fails, the playbook will stop and print the error to the terminal.
+
+- name: Upload CRAIG template to schematics workspace
+  hosts: localhost
+  vars_files: ./vars/vars.yml
+- name: Get IAM token
+  hosts: localhost
+  vars_files: ./vars/vars.yml # variables declared in variables file are added to role automatically
+  roles:
+    - role: get_iam_token
+- name: "Download Template Tarball"
+  hosts: localhost
+  vars_files: ./vars/vars.yml
+  tasks:
+    - name: Download {{template}}.tar to current directory
+      get_url:
+        url: "{{craig_url}}/{{template}}"
+        dest: "{{playbook_dir}}/{{template}}.tar"
+      async: 120
+      retries: 10
+- name: Create Schematics Workspace
+  hosts: localhost
+  vars_files: ./vars/vars.yml # variables declared in variables file are added to role automatically
+  roles:
+    - role: create_schematics_workspace
+      vars:
+        description: Automated CRAIG Testing Workspace
+        tags: ["craig"]
+- name: TODO - convert to roles
+  hosts: localhost
+  vars_files: ./vars/vars.yml
+  tasks: 
+    - name: Upload {{template}}.tar to Schematics Workspace
+      command: "curl -s --request PUT \
+                --url 'https://schematics.cloud.ibm.com/v1/workspaces/{{ workspace.json.id }}/template_data/{{ workspace.json.template_data[0].id }}/template_repo_upload' \
+                -H 'Authorization: Bearer {{ token.json.access_token }}' \
+                -H 'Content-Type: multipart/form-data' \
+                --form 'file=@{{playbook_dir}}/{{template}}.tar'"
+      async: 120
+    - name: Wait until {{template}}.tar has been successfully uploaded
+      uri:
+        url: https://schematics.cloud.ibm.com/v1/workspaces/{{ workspace.json.id }}
+        method: GET
+        body_format: json
+        headers:
+          Authorization: Bearer {{token.json.access_token}}
+      register: workspace_status
+      until: workspace_status.json.status == "INACTIVE"
+      delay: 10
+      retries: 50
+    - name: Update variablestore
+      set_fact:
+        variablestore: "{{ variablestore +  [{'name': item, 'secure': true, 'use_default': false,  'value': ssh_key}] }}"
+      loop: "{{template_map[template]}}"
+    - name: Update vars in workspace
+      uri:
+        url: https://schematics.cloud.ibm.com/v1/workspaces/{{ workspace.json.id }}/template_data/{{ workspace.json.template_data[0].id }}/values
+        method: PUT
+        headers:
+          Authorization: Bearer {{token.json.access_token}}
+          Content-Type: application/json
+        body_format: json
+        body: 
+          variablestore: "{{ variablestore }}"
+    - name: Start generate plan action
+      uri:
+        url: https://schematics.cloud.ibm.com/v1/workspaces/{{ workspace.json.id }}/plan
+        method: POST
+        body_format: json
+        headers:
+          Authorization: Bearer {{token.json.access_token}}
+        status_code: 202
+      register: job
+    - name: Ensure generate plan finishes
+      uri:
+        url: https://schematics.cloud.ibm.com/v2/jobs/{{job.json.activityid}}
+        method: GET
+        body_format: json
+        headers:
+          Authorization: Bearer {{token.json.access_token}}
+      register: plan
+      until: plan.json.status.workspace_job_status.status_code == "job_finished" or plan.json.status.workspace_job_status.status_code == "job_failed"
+      failed_when: plan.json.status.workspace_job_status.status_code == "job_failed"
+      delay: 90
+      retries: 50
+    - name: Start apply plan action
+      uri:
+        url: https://schematics.cloud.ibm.com/v1/workspaces/{{workspace.json.id}}/apply
+        method: PUT
+        body_format: json
+        headers:
+          Authorization: Bearer {{token.json.access_token}}
+        status_code: 202
+      register: apply
+    - name: Ensure apply plan finishes
+      uri:
+        url: https://schematics.cloud.ibm.com/v2/jobs/{{apply.json.activityid}}
+        method: GET
+        body_format: json
+        headers:
+          Authorization: Bearer {{token.json.access_token}}
+      register: apply_plan
+      until: apply_plan.json.status.workspace_job_status.status_code == "job_finished" or apply_plan.json.status.workspace_job_status.status_code == "job_failed"
+      failed_when: apply_plan.json.status.workspace_job_status.status_code == "job_failed"
+      delay: 120
+      retries: 50
+    - name: Start destroy action
+      uri:
+        url: https://schematics.cloud.ibm.com/v1/workspaces/{{workspace.json.id}}/destroy
+        method: PUT
+        body_format: json
+        headers:
+          Authorization: Bearer {{token.json.access_token}}
+        status_code: 202
+      register: destroy
+    - name: Ensure destory finishes
+      uri:
+        url: https://schematics.cloud.ibm.com/v2/jobs/{{destroy.json.activityid}}
+        method: GET
+        body_format: json
+        headers:
+          Authorization: Bearer {{token.json.access_token}}
+      register: destroy_plan
+      until: destroy_plan.json.status.workspace_job_status.status_code == "job_finished" or destroy_plan.json.status.workspace_job_status.status_code == "job_failed"
+      failed_when: destroy_plan.json.status.workspace_job_status.status_code == "job_failed"
+      delay: 120
+      retries: 50
+    - name: Delete local {{template}}.tar file
+      file:
+        state: absent
+        path: /{{playbook_dir}}/{{template}}.tar

ansible/template-test/roles/create_schematics_workspace/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

ansible/template-test/roles/create_schematics_workspace/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for create_schematics_workspace

ansible/template-test/roles/create_schematics_workspace/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for create_schematics_workspace

ansible/template-test/roles/create_schematics_workspace/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

ansible/template-test/roles/create_schematics_workspace/tasks/main.yml

@@ -0,0 +1,19 @@
+---
+# tasks file for create_schematics_workspace 
+- name: Create Schematics Workspace
+  uri:
+    url: https://schematics.cloud.ibm.com/v1/workspaces
+    method: POST
+    headers:
+      Authorization: Bearer {{token.json.access_token}}
+    body_format: json
+    body:
+      "name": "{{ workspace_name }}"
+      "resource_group": "{{ resource_group }}"
+      "type": ["terraform_v1.5"]
+      "location": "{{ region }}"
+      "description": "{{ description }}"
+      "tags": "{{ tags }}"
+      "template_data": [{ "type": "terraform_v1.5"}]
+    status_code: 201
+  register: workspace

ansible/template-test/roles/create_schematics_workspace/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

ansible/template-test/roles/create_schematics_workspace/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - create_schematics_workspace

ansible/template-test/roles/create_schematics_workspace/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for create_schematics_workspace

ansible/template-test/roles/get_iam_token/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

ansible/template-test/roles/get_iam_token/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for get_iam_token

ansible/template-test/roles/get_iam_token/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for get_iam_token