CDPCP-11472 - Add support for compute cluster enabled environments

docs/resources/environments_aws_environment.md

@@ -31,26 +31,34 @@ resource "cdp_environments_aws_credential" "example" {
 resource "cdp_environments_aws_environment" "example" {
   environment_name = "example-environment"
   credential_name  = cdp_environments_aws_credential.example.credential_name
-  region           = "us-west"
+  region           = "<your-region>"
   security_access = {
     cidr = "0.0.0.0/0"
   }
-  network_cidr = "10.10.0.0/16"
   authentication = {
     public_key_id = "my-key"
   }
   log_storage = {
     storage_location_base = "s3a://storage-bucket/location"
     instance_profile      = "arn:aws:iam::11111111111:instance-profile/storage-instance-profile"
   }
+  vpc_id = "vpc-1"
+  subnet_ids = [ "<env-subnet-1>", "<env-subnet-2>", "<env-subnet-3>" ]
+  compute_cluster = {
+    enabled = false
+    configuration = {
+      kube_api_authorized_ip_ranges = ["0.0.0.0/0"]
+      worker_node_subnets = [ "<env-subnet-1>", "<env-subnet-2>", "<env-subnet-3>" ]
+    }
+  }
 }
 
-output "environment_name" {
-  value = cdp_environments_aws_environment.example.environment_name
+output "credential" {
+  value = cdp_environments_aws_credential.example
 }
 
-output "crn" {
-  value = cdp_environments_aws_environment.example.crn
+output "environment" {
+  value = cdp_environments_aws_environment.example
 }
 ```
 
@@ -71,6 +79,7 @@ output "crn" {
 ### Optional
 
 - `cascading_delete` (Boolean)
+- `compute_cluster` (Attributes) Option to set up Externalized compute cluster for the environment. (see [below for nested schema](#nestedatt--compute_cluster))
 - `create_private_subnets` (Boolean)
 - `create_service_endpoints` (Boolean)
 - `description` (String)
@@ -129,6 +138,28 @@ Optional:
 - `security_group_ids_for_knox` (Set of String)
 
 
+<a id="nestedatt--compute_cluster"></a>
+### Nested Schema for `compute_cluster`
+
+Required:
+
+- `enabled` (Boolean)
+
+Optional:
+
+- `configuration` (Attributes) The Externalized k8s configuration for the environment. (see [below for nested schema](#nestedatt--compute_cluster--configuration))
+
+<a id="nestedatt--compute_cluster--configuration"></a>
+### Nested Schema for `compute_cluster.configuration`
+
+Optional:
+
+- `kube_api_authorized_ip_ranges` (Set of String) Kubernetes API authorized IP ranges in CIDR notation. Mutually exclusive with privateCluster.
+- `private_cluster` (Boolean) If true, creates private cluster. False, if not specified
+- `worker_node_subnets` (Set of String) Specify subnets for Kubernetes Worker Nodes. If not specified, then the environment's subnet(s) will be used.
+
+
+
 <a id="nestedatt--freeipa"></a>
 ### Nested Schema for `freeipa`
 

docs/resources/environments_azure_environment.md

@@ -36,14 +36,14 @@ resource "cdp_environments_azure_credential" "example-cred" {
 resource "cdp_environments_azure_environment" "example-env" {
   environment_name = "example-cdp-azure-environment"
   credential_name  = cdp_environments_azure_credential.example-cred.credential_name
-  region           = "us-west"
+  region           = "<your-region>"
   security_access = {
     cidr = "0.0.0.0/0"
   }
   existing_network_params = {
     network_id          = "network-name"
     resource_group_name = "rg-name"
-    subnet_ids          = ["subnet.id"]
+    subnet_ids = ["<env-subnet-1>", "<env-subnet-2>", "<env-subnet-3>"]
   }
   public_key = "my-key"
   log_storage = {
@@ -53,14 +53,23 @@ resource "cdp_environments_azure_environment" "example-env" {
   resource_group_name              = "rg-name"
   encryption_user_managed_identity = "some-identity"
   use_public_ip                    = true
+  compute_cluster = {
+    enabled = false
+    configuration = {
+      private_cluster = false
+      outbound_type   = "udr"
+      kube_api_authorized_ip_ranges = ["0.0.0.0/0"]
+      worker_node_subnets = ["<env-subnet-1>", "<env-subnet-2>", "<env-subnet-3>"]
+    }
+  }
 }
 
-output "environment_name" {
-  value = cdp_environments_azure_environment.example-env.environment_name
+output "credential" {
+  value = cdp_environments_azure_credential.example-cred
 }
 
-output "crn" {
-  value = cdp_environments_azure_environment.example-env.crn
+output "environment" {
+  value = cdp_environments_azure_environment.example-env
 }
 ```
 
@@ -81,6 +90,7 @@ output "crn" {
 ### Optional
 
 - `cascading_delete` (Boolean)
+- `compute_cluster` (Attributes) Option to set up Externalized compute cluster for the environment. (see [below for nested schema](#nestedatt--compute_cluster))
 - `create_private_endpoints` (Boolean)
 - `description` (String)
 - `enable_outbound_load_balancer` (Boolean)
@@ -148,6 +158,29 @@ Optional:
 - `security_group_ids_for_knox` (Set of String)
 
 
+<a id="nestedatt--compute_cluster"></a>
+### Nested Schema for `compute_cluster`
+
+Required:
+
+- `enabled` (Boolean)
+
+Optional:
+
+- `configuration` (Attributes) The Externalized k8s configuration for the environment. (see [below for nested schema](#nestedatt--compute_cluster--configuration))
+
+<a id="nestedatt--compute_cluster--configuration"></a>
+### Nested Schema for `compute_cluster.configuration`
+
+Optional:
+
+- `kube_api_authorized_ip_ranges` (Set of String) Kubernetes API authorized IP ranges in CIDR notation. Mutually exclusive with privateCluster.
+- `outbound_type` (String) Customize cluster egress with defined outbound type in Azure Kubernetes Service. Possible value(s): udr
+- `private_cluster` (Boolean) If true, creates private cluster. False, if not specified
+- `worker_node_subnets` (Set of String) Specify subnets for Kubernetes Worker Nodes. If not specified, then the environment's subnet(s) will be used.
+
+
+
 <a id="nestedatt--freeipa"></a>
 ### Nested Schema for `freeipa`
 

examples/resources/cdp_environments_aws_environment/resource.tf

@@ -17,24 +17,32 @@ resource "cdp_environments_aws_credential" "example" {
 resource "cdp_environments_aws_environment" "example" {
   environment_name = "example-environment"
   credential_name  = cdp_environments_aws_credential.example.credential_name
-  region           = "us-west"
+  region           = "<your-region>"
   security_access = {
     cidr = "0.0.0.0/0"
   }
-  network_cidr = "10.10.0.0/16"
   authentication = {
     public_key_id = "my-key"
   }
   log_storage = {
     storage_location_base = "s3a://storage-bucket/location"
     instance_profile      = "arn:aws:iam::11111111111:instance-profile/storage-instance-profile"
   }
+  vpc_id = "vpc-1"
+  subnet_ids = [ "<env-subnet-1>", "<env-subnet-2>", "<env-subnet-3>" ]
+  compute_cluster = {
+    enabled = false
+    configuration = {
+      kube_api_authorized_ip_ranges = ["0.0.0.0/0"]
+      worker_node_subnets = [ "<env-subnet-1>", "<env-subnet-2>", "<env-subnet-3>" ]
+    }
+  }
 }
 
-output "environment_name" {
-  value = cdp_environments_aws_environment.example.environment_name
+output "credential" {
+  value = cdp_environments_aws_credential.example
 }
 
-output "crn" {
-  value = cdp_environments_aws_environment.example.crn
-}
+output "environment" {
+  value = cdp_environments_aws_environment.example
+}

examples/resources/cdp_environments_azure_environment/resource.tf

@@ -22,14 +22,14 @@ resource "cdp_environments_azure_credential" "example-cred" {
 resource "cdp_environments_azure_environment" "example-env" {
   environment_name = "example-cdp-azure-environment"
   credential_name  = cdp_environments_azure_credential.example-cred.credential_name
-  region           = "us-west"
+  region           = "<your-region>"
   security_access = {
     cidr = "0.0.0.0/0"
   }
   existing_network_params = {
     network_id          = "network-name"
     resource_group_name = "rg-name"
-    subnet_ids          = ["subnet.id"]
+    subnet_ids = ["<env-subnet-1>", "<env-subnet-2>", "<env-subnet-3>"]
   }
   public_key = "my-key"
   log_storage = {
@@ -39,12 +39,21 @@ resource "cdp_environments_azure_environment" "example-env" {
   resource_group_name              = "rg-name"
   encryption_user_managed_identity = "some-identity"
   use_public_ip                    = true
+  compute_cluster = {
+    enabled = false
+    configuration = {
+      private_cluster = false
+      outbound_type   = "udr"
+      kube_api_authorized_ip_ranges = ["0.0.0.0/0"]
+      worker_node_subnets = ["<env-subnet-1>", "<env-subnet-2>", "<env-subnet-3>"]
+    }
+  }
 }
 
-output "environment_name" {
-  value = cdp_environments_azure_environment.example-env.environment_name
+output "credential" {
+  value = cdp_environments_azure_credential.example-cred
 }
 
-output "crn" {
-  value = cdp_environments_azure_environment.example-env.crn
+output "environment" {
+  value = cdp_environments_azure_environment.example-env
 }

resources/environments/model_aws_environment.go

@@ -74,6 +74,8 @@ type awsEnvironmentResourceModel struct {
 	VpcID types.String `tfsdk:"vpc_id"`
 
 	WorkloadAnalytics types.Bool `tfsdk:"workload_analytics"`
+
+	ComputeCluster *AwsComputeCluster `tfsdk:"compute_cluster"`
 }
 
 type Authentication struct {
@@ -101,3 +103,14 @@ type SecurityAccess struct {
 
 	SecurityGroupIDsForKnox types.Set `tfsdk:"security_group_ids_for_knox"`
 }
+
+type AwsComputeCluster struct {
+	Enabled       types.Bool                      `tfsdk:"enabled"`
+	Configuration *AwsComputeClusterConfiguration `tfsdk:"configuration"`
+}
+
+type AwsComputeClusterConfiguration struct {
+	PrivateCluster            types.Bool `tfsdk:"private_cluster"`
+	KubeApiAuthorizedIpRanges types.Set  `tfsdk:"kube_api_authorized_ip_ranges"`
+	WorkerNodeSubnets         types.Set  `tfsdk:"worker_node_subnets"`
+}

resources/environments/model_azure_environment.go

@@ -78,6 +78,8 @@ type azureEnvironmentResourceModel struct {
 	EndpointAccessGatewaySubnetIds types.Set `tfsdk:"endpoint_access_gateway_subnet_ids"`
 
 	EncryptionUserManagedIdentity types.String `tfsdk:"encryption_user_managed_identity"`
+
+	ComputeCluster *AzureComputeCluster `tfsdk:"compute_cluster"`
 }
 
 type existingAzureNetwork struct {
@@ -105,3 +107,15 @@ type azureLogStorage struct {
 type newNetworkParams struct {
 	NetworkCidr types.String `tfsdk:"network_cidr"`
 }
+
+type AzureComputeCluster struct {
+	Enabled       types.Bool                        `tfsdk:"enabled"`
+	Configuration *AzureComputeClusterConfiguration `tfsdk:"configuration"`
+}
+
+type AzureComputeClusterConfiguration struct {
+	PrivateCluster            types.Bool   `tfsdk:"private_cluster"`
+	KubeApiAuthorizedIpRanges types.Set    `tfsdk:"kube_api_authorized_ip_ranges"`
+	OutboundType              types.String `tfsdk:"outbound_type"`
+	WorkerNodeSubnets         types.Set    `tfsdk:"worker_node_subnets"`
+}

resources/environments/polling.go

@@ -113,6 +113,7 @@ func waitForEnvironmentToBeAvailable(environmentName string, fallbackTimeout tim
 			"ENVIRONMENT_RESOURCE_ENCRYPTION_INITIALIZATION_IN_PROGRESS",
 			"ENVIRONMENT_VALIDATION_IN_PROGRESS",
 			"ENVIRONMENT_INITIALIZATION_IN_PROGRESS",
+			"COMPUTE_CLUSTER_CREATION_IN_PROGRESS",
 			"FREEIPA_CREATION_IN_PROGRESS"},
 		Target:       []string{"AVAILABLE"},
 		Delay:        5 * time.Second,

resources/environments/resource_aws_environment.go

@@ -100,6 +100,8 @@ func (r *awsEnvironmentResource) Create(ctx context.Context, req resource.Create
 	}
 
 	toAwsEnvironmentResource(ctx, utils.LogEnvironmentSilently(ctx, descEnvResp, describeLogPrefix), &data, data.PollingOptions, &resp.Diagnostics)
+	diags = initiateComputeClustersForAwsAfterEnvCreationAndWait(ctx, data, r, resp, diags, client)
+
 	diags = resp.State.Set(ctx, data)
 	resp.Diagnostics.Append(diags...)
 	if resp.Diagnostics.HasError() {
@@ -132,7 +134,26 @@ func (r *awsEnvironmentResource) Read(ctx context.Context, req resource.ReadRequ
 	}
 }
 
-func (r *awsEnvironmentResource) Update(_ context.Context, _ resource.UpdateRequest, _ *resource.UpdateResponse) {
+func (r *awsEnvironmentResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+	var plan awsEnvironmentResourceModel
+	var state awsEnvironmentResourceModel
+	planDiags := req.Plan.Get(ctx, &plan)
+	var stateDiags = req.State.Get(ctx, &state)
+	resp.Diagnostics.Append(planDiags...)
+	resp.Diagnostics.Append(stateDiags...)
+	if resp.Diagnostics.HasError() {
+		tflog.Error(ctx, "Got Error while trying to set plan")
+		return
+	}
+
+	updateAwsEnvironment(ctx, &plan, &state, r.client.Environments, resp)
+
+	stateDiags = resp.State.Set(ctx, state)
+	resp.Diagnostics.Append(stateDiags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	resp.State.Set(ctx, state)
 }
 
 func (r *awsEnvironmentResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {

resources/environments/resource_azure_environment.go

@@ -101,6 +101,8 @@ func (r *azureEnvironmentResource) Create(ctx context.Context, req resource.Crea
 	}
 
 	toAzureEnvironmentResource(ctx, descEnvResp, &data, data.PollingOptions, &resp.Diagnostics)
+	diags = initiateComputeClustersForAzureAfterEnvCreationAndWait(ctx, data, r, resp, diags, client)
+
 	diags = resp.State.Set(ctx, data)
 	resp.Diagnostics.Append(diags...)
 	if resp.Diagnostics.HasError() {
@@ -238,8 +240,26 @@ func toAzureEnvironmentResource(ctx context.Context, env *environmentsmodels.Env
 	model.WorkloadAnalytics = types.BoolValue(env.WorkloadAnalytics)
 }
 
-func (r *azureEnvironmentResource) Update(_ context.Context, _ resource.UpdateRequest, _ *resource.UpdateResponse) {
+func (r *azureEnvironmentResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+	var plan azureEnvironmentResourceModel
+	var state azureEnvironmentResourceModel
+	planDiags := req.Plan.Get(ctx, &plan)
+	var stateDiags = req.State.Get(ctx, &state)
+	resp.Diagnostics.Append(planDiags...)
+	resp.Diagnostics.Append(stateDiags...)
+	if resp.Diagnostics.HasError() {
+		tflog.Error(ctx, "Got Error while trying to set plan")
+		return
+	}
+
+	updateAzureEnvironment(ctx, &plan, &state, r.client.Environments, resp)
 
+	stateDiags = resp.State.Set(ctx, state)
+	resp.Diagnostics.Append(stateDiags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	resp.State.Set(ctx, state)
 }
 
 func (r *azureEnvironmentResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {