From 8ff4d7f19a151d2f0005003fbe0114f272578577 Mon Sep 17 00:00:00 2001
From: Aashiq-J <122446118+Aashiq-J@users.noreply.github.com>
Date: Tue, 28 Nov 2023 15:02:26 +0530
Subject: [PATCH] fix: update `landing-zone-vsi` module to v3.0.0 (#638)
BREAKING CHANGE: If your SLZ solution provisions a VSI and you have enabled a floating IP for it, when upgrading to this version floating IPs are going to be deleted and recreated upon apply. This is due to a bug where the floating IPs were being created incorrectly in the Default resource group. Upon re-creation, the floating IPs will be created in the same resource group as the VSI.
Please plan accordingly before upgrading incase this change will cause disruption for whatever is using the floating IPs.
NOTE: By default, the only deployable architecture impacted here is the VSI quickstart flavor, as it provisions a floating IP for use as a jumpbox. If however you have customised any of the other deployable architectures to provision any floating IPs, they will also be impacted.
---
README.md | 8 ++++----
bastion_host.tf | 2 +-
f5_vsi.tf | 2 +-
main.tf | 2 +-
patterns/vsi-extension/main.tf | 2 +-
patterns/vsi-extension/variables.tf | 4 ++--
virtual_servers.tf | 2 +-
7 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/README.md b/README.md
index c674ccfbc..0650738a2 100644
--- a/README.md
+++ b/README.md
@@ -838,15 +838,15 @@ module "cluster_pattern" {
| Name | Source | Version |
|------|--------|---------|
-| [bastion\_host](#module\_bastion\_host) | terraform-ibm-modules/landing-zone-vsi/ibm | 2.12.1 |
+| [bastion\_host](#module\_bastion\_host) | terraform-ibm-modules/landing-zone-vsi/ibm | 3.0.0 |
| [dynamic\_values](#module\_dynamic\_values) | ./dynamic_values | n/a |
-| [f5\_vsi](#module\_f5\_vsi) | terraform-ibm-modules/landing-zone-vsi/ibm | 2.12.1 |
+| [f5\_vsi](#module\_f5\_vsi) | terraform-ibm-modules/landing-zone-vsi/ibm | 3.0.0 |
| [key\_management](#module\_key\_management) | ./kms | n/a |
| [placement\_group\_map](#module\_placement\_group\_map) | ./dynamic_values/config_modules/list_to_map | n/a |
| [ssh\_keys](#module\_ssh\_keys) | ./ssh_key | n/a |
| [teleport\_config](#module\_teleport\_config) | ./teleport_config | n/a |
-| [vpc](#module\_vpc) | terraform-ibm-modules/landing-zone-vpc/ibm | 7.7.0 |
-| [vsi](#module\_vsi) | terraform-ibm-modules/landing-zone-vsi/ibm | 2.12.1 |
+| [vpc](#module\_vpc) | terraform-ibm-modules/landing-zone-vpc/ibm | 7.10.0 |
+| [vsi](#module\_vsi) | terraform-ibm-modules/landing-zone-vsi/ibm | 3.0.0 |
### Resources
diff --git a/bastion_host.tf b/bastion_host.tf
index db5b32105..5303f8c15 100644
--- a/bastion_host.tf
+++ b/bastion_host.tf
@@ -42,7 +42,7 @@ module "teleport_config" {
module "bastion_host" {
source = "terraform-ibm-modules/landing-zone-vsi/ibm"
- version = "2.12.1"
+ version = "3.0.0"
for_each = local.bastion_vsi_map
resource_group_id = each.value.resource_group == null ? null : local.resource_groups[each.value.resource_group]
create_security_group = each.value.security_group == null ? false : true
diff --git a/f5_vsi.tf b/f5_vsi.tf
index 6b44d4558..b4c30e750 100644
--- a/f5_vsi.tf
+++ b/f5_vsi.tf
@@ -117,7 +117,7 @@ locals {
module "f5_vsi" {
source = "terraform-ibm-modules/landing-zone-vsi/ibm"
- version = "2.12.1"
+ version = "3.0.0"
for_each = local.f5_vsi_map
resource_group_id = each.value.resource_group == null ? null : local.resource_groups[each.value.resource_group]
create_security_group = each.value.security_group == null ? false : true
diff --git a/main.tf b/main.tf
index 7bc74ccc0..d962e2788 100644
--- a/main.tf
+++ b/main.tf
@@ -8,7 +8,7 @@ locals {
module "vpc" {
source = "terraform-ibm-modules/landing-zone-vpc/ibm"
- version = "7.7.0"
+ version = "7.10.0"
for_each = local.vpc_map
depends_on = [ibm_iam_authorization_policy.policy]
name = each.value.prefix
diff --git a/patterns/vsi-extension/main.tf b/patterns/vsi-extension/main.tf
index 04348b0c3..eac0dc8e2 100644
--- a/patterns/vsi-extension/main.tf
+++ b/patterns/vsi-extension/main.tf
@@ -70,7 +70,7 @@ locals {
module "vsi" {
source = "terraform-ibm-modules/landing-zone-vsi/ibm"
- version = "2.8.2"
+ version = "3.0.0"
resource_group_id = data.ibm_is_vpc.vpc_by_id.resource_group
create_security_group = true
prefix = "${var.prefix}-vsi"
diff --git a/patterns/vsi-extension/variables.tf b/patterns/vsi-extension/variables.tf
index 6e69eabed..d2284578c 100644
--- a/patterns/vsi-extension/variables.tf
+++ b/patterns/vsi-extension/variables.tf
@@ -80,8 +80,8 @@ variable "existing_kms_instance_guid" {
variable "skip_iam_authorization_policy" {
type = bool
- description = "Set to `true` to skip the creation of an IAM authorization policy that permits all storage blocks to read the encryption key from the KMS instance. If set to `false` (and creating a policy), specify the GUID of the KMS instance in the `existing_kms_instance_guid` variable."
- default = false
+ description = "By default (true), the Landing Zone VPC creates an IAM authorization policy that permits all storage blocks to read the encryption key from the KMS instance. Set to false to create the authorization policy in a different KMS instance, and specify the GUID of the KMS instance in the existing_kms_instance_guid variable."
+ default = true
}
variable "vsi_per_subnet" {
diff --git a/virtual_servers.tf b/virtual_servers.tf
index af73d8859..8d4fe56ad 100644
--- a/virtual_servers.tf
+++ b/virtual_servers.tf
@@ -41,7 +41,7 @@ data "ibm_is_image" "image" {
module "vsi" {
source = "terraform-ibm-modules/landing-zone-vsi/ibm"
- version = "2.12.1"
+ version = "3.0.0"
for_each = local.vsi_map
resource_group_id = each.value.resource_group == null ? null : local.resource_groups[each.value.resource_group]
create_security_group = each.value.security_group == null ? false : true