fix: available service endpoints added/fixed

examples/every-mt-vpe/main.tf

@@ -34,25 +34,41 @@ module "vpes" {
   vpc_id   = module.vpc.vpc_id
   #subnet_zone_list  = module.vpc.subnet_zone_list
   resource_group_id = module.resource_group.resource_group_id
-  cloud_services = ["account-management",
+  cloud_services = [
+    "account-management",
     "billing",
     "cloud-object-storage",
+    "cloud-object-storage-config",
     "codeengine",
-    #"container-registry", # to fix in https://github.com/terraform-ibm-modules/terraform-ibm-vpe-gateway/issues/390
+    "container-registry",
+    "containers-kubernetes",
+    "context-based-restrictions",
     "directlink",
     "dns-svcs",
     "enterprise",
     "global-search-tagging",
     "globalcatalog",
     "hs-crypto",
+    "hs-crypto-cert-mgr",
+    "hs-crypto-ep11",
+    "hs-crypto-ep11-az1",
+    "hs-crypto-ep11-az2",
+    "hs-crypto-ep11-az3",
+    "hs-crypto-kmip",
+    "hs-crypto-tke",
     "hyperp-dbaas-mongodb",
     "hyperp-dbaas-postgresql",
     "iam-svcs",
     "is",
     "kms",
+    "messaging",
     "resource-controller",
+    "support-center",
     "transit",
-  "user-management"]
+    "user-management",
+    "vmware",
+    "ntp",
+  ]
 }
 
 

main.tf

@@ -2,6 +2,8 @@
 # VPE Locals
 ##############################################################################
 
+# NOTE: VPE Service Endpoint configuration can be found in service_endpoints.tf
+
 locals {
   # List of Gateways to create
   gateway_list = concat([
@@ -10,7 +12,7 @@ locals {
     {
       name    = lookup(var.vpe_names, service, "${var.prefix}-${var.vpc_name}-${service}")
       service = service
-      crn     = null
+      crn     = local.service_to_endpoint_map[service]
     }
     ],
     [
@@ -51,28 +53,6 @@ locals {
     (gateway.name) => gateway
   }
 
-  # Map of Services to endpoints
-  service_to_endpoint_map = {
-    account-management      = "crn:v1:bluemix:public:account-management:global:::endpoint:${var.service_endpoints}.accounts.cloud.ibm.com"
-    billing                 = "crn:v1:bluemix:public:billing:global:::endpoint:${var.service_endpoints}.billing.cloud.ibm.com"
-    cloud-object-storage    = "crn:v1:bluemix:public:cloud-object-storage:global:::endpoint:s3.direct.${var.region}.cloud-object-storage.appdomain.cloud"
-    codeengine              = "crn:v1:bluemix:public:codeengine:${var.region}:::endpoint:${var.service_endpoints}.${var.region}.codeengine.cloud.ibm.com"
-    container-registry      = "crn:v1:bluemix:public:container-registry:${var.region}:::endpoint:${var.region}.icr.io"
-    directlink              = "crn:v1:bluemix:public:directlink:global:::endpoint:${var.service_endpoints}.directlink.cloud.ibm.com"
-    dns-svcs                = "crn:v1:bluemix:public:dns-svcs:global::::"
-    enterprise              = "crn:v1:bluemix:public:enterprise:global:::endpoint:${var.service_endpoints}.enterprise.cloud.ibm.com"
-    global-search-tagging   = "crn:v1:bluemix:public:global-search-tagging:global:::endpoint:api.${var.service_endpoints}.global-search-tagging.cloud.ibm.com"
-    globalcatalog           = "crn:v1:bluemix:public:globalcatalog:global:::endpoint:${var.service_endpoints}.globalcatalog.cloud.ibm.com"
-    hs-crypto               = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:api.${var.service_endpoints}.${var.region}.hs-crypto.cloud.ibm.com"
-    hyperp-dbaas-mongodb    = "crn:v1:bluemix:public:hyperp-dbaas-mongodb:${var.region}:::endpoint:dbaas900-mongodb.${var.service_endpoints}.hyperp-dbaas.cloud.ibm.com"
-    hyperp-dbaas-postgresql = "crn:v1:bluemix:public:hyperp-dbaas-postgresql:${var.region}:::endpoint:dbaas900-postgresql.${var.service_endpoints}.hyperp-dbaas.cloud.ibm.com"
-    iam-svcs                = "crn:v1:bluemix:public:iam-svcs:global:::endpoint:${var.service_endpoints}.iam.cloud.ibm.com"
-    is                      = "crn:v1:bluemix:public:is:${var.region}:::endpoint:${var.region}.${var.service_endpoints}.iaas.cloud.ibm.com"
-    kms                     = "crn:v1:bluemix:public:kms:${var.region}:::endpoint:${var.service_endpoints}.${var.region}.kms.cloud.ibm.com"
-    resource-controller     = "crn:v1:bluemix:public:resource-controller:global:::endpoint:${var.service_endpoints}.resource-controller.cloud.ibm.com"
-    transit                 = "crn:v1:bluemix:public:transit:global:::endpoint:${var.service_endpoints}.transit.cloud.ibm.com"
-    user-management         = "crn:v1:bluemix:public:user-management:global:::endpoint:${var.service_endpoints}.user-management.cloud.ibm.com"
-  }
 }
 
 ##############################################################################
@@ -105,9 +85,12 @@ resource "ibm_is_virtual_endpoint_gateway" "vpe" {
   vpc             = var.vpc_id
   resource_group  = var.resource_group_id
   security_groups = var.security_group_ids
+
+  # check if target is a CRN and handle accordingly
   target {
-    crn           = each.value.service == null ? each.value.crn : local.service_to_endpoint_map[each.value.service]
-    resource_type = "provider_cloud_service"
+    name          = length(regexall("crn:v1:([^:]*:){6}", each.value.crn)) > 0 ? null : each.value.crn
+    crn           = length(regexall("crn:v1:([^:]*:){6}", each.value.crn)) > 0 ? each.value.crn : null
+    resource_type = length(regexall("crn:v1:([^:]*:){6}", each.value.crn)) > 0 ? "provider_cloud_service" : "provider_infrastructure_service"
   }
 }
 

module-metadata.json

@@ -8,7 +8,7 @@
       "default": [],
       "pos": {
         "filename": "variables.tf",
-        "line": 95
+        "line": 109
       }
     },
     "cloud_services": {
@@ -82,7 +82,7 @@
       "default": "private",
       "pos": {
         "filename": "variables.tf",
-        "line": 106
+        "line": 120
       }
     },
     "subnet_zone_list": {
@@ -126,7 +126,7 @@
       "default": {},
       "pos": {
         "filename": "variables.tf",
-        "line": 117
+        "line": 131
       }
     }
   },
@@ -169,7 +169,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 84
+        "line": 64
       }
     },
     "ibm_is_virtual_endpoint_gateway.vpe": {
@@ -186,7 +186,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 99
+        "line": 79
       }
     },
     "ibm_is_virtual_endpoint_gateway_ip.endpoint_gateway_ip": {
@@ -198,7 +198,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 120
+        "line": 103
       }
     }
   },
@@ -212,7 +212,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 136
+        "line": 119
       }
     }
   },

service_endpoints.tf

@@ -0,0 +1,59 @@
+##############################################################################
+# MAPPING OF AVAILABLE MULTI-TENANT VPE SERVICE ENDPOINTS
+##############################################################################
+
+locals {
+
+  endpoint_prefix = var.service_endpoints == "private" ? "private." : ""
+
+  service_to_endpoint_map = {
+    account-management          = "crn:v1:bluemix:public:account-management:global:::endpoint:${local.endpoint_prefix}accounts.cloud.ibm.com"
+    billing                     = "crn:v1:bluemix:public:billing:global:::endpoint:${local.endpoint_prefix}billing.cloud.ibm.com"
+    cloud-object-storage        = "crn:v1:bluemix:public:cloud-object-storage:global:::endpoint:s3.direct.${var.region}.cloud-object-storage.appdomain.cloud"
+    cloud-object-storage-config = "crn:v1:bluemix:public:cloud-object-storage:global:::endpoint:config.direct.cloud-object-storage.cloud.ibm.com"
+    codeengine                  = "crn:v1:bluemix:public:codeengine:${var.region}:::endpoint:${local.endpoint_prefix}${var.region}.codeengine.cloud.ibm.com"
+    container-registry          = "crn:v1:bluemix:public:container-registry:${contains(keys(local.container_registry_region_domain_map), var.region) ? var.region : "us-east"}:::endpoint:${lookup(local.container_registry_region_domain_map, var.region, "icr.io")}" # default to global if not in mapping
+    containers-kubernetes       = "crn:v1:bluemix:public:containers-kubernetes:${var.region}:::endpoint:api.${var.region}.containers.cloud.ibm.com"
+    context-based-restrictions  = "crn:v1:bluemix:public:context-based-restrictions:global:::endpoint:${local.endpoint_prefix}cbr.cloud.ibm.com"
+    directlink                  = "crn:v1:bluemix:public:directlink:global:::endpoint:${local.endpoint_prefix}directlink.cloud.ibm.com"
+    dns-svcs                    = "crn:v1:bluemix:public:dns-svcs:global::::"
+    enterprise                  = "crn:v1:bluemix:public:enterprise:global:::endpoint:${local.endpoint_prefix}enterprise.cloud.ibm.com"
+    global-search-tagging       = "crn:v1:bluemix:public:global-search-tagging:global:::endpoint:api.${local.endpoint_prefix}global-search-tagging.cloud.ibm.com"
+    globalcatalog               = "crn:v1:bluemix:public:globalcatalog:global:::endpoint:${local.endpoint_prefix}globalcatalog.cloud.ibm.com"
+    hs-crypto                   = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:api.${local.endpoint_prefix}${var.region}.hs-crypto.cloud.ibm.com"
+    hs-crypto-cert-mgr          = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:cert-mgr.${local.endpoint_prefix}${var.region}.hs-crypto.cloud.ibm.com"
+    hs-crypto-ep11              = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:ep11.${local.endpoint_prefix}${var.region}.hs-crypto.cloud.ibm.com"
+    hs-crypto-ep11-az1          = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:ep11-az1.${local.endpoint_prefix}${var.region}.hs-crypto.cloud.ibm.com"
+    hs-crypto-ep11-az2          = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:ep11-az2.${local.endpoint_prefix}${var.region}.hs-crypto.cloud.ibm.com"
+    hs-crypto-ep11-az3          = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:ep11-az3.${local.endpoint_prefix}${var.region}.hs-crypto.cloud.ibm.com"
+    hs-crypto-kmip              = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:kmip.${local.endpoint_prefix}${var.region}.hs-crypto.cloud.ibm.com"
+    hs-crypto-tke               = "crn:v1:bluemix:public:hs-crypto:${var.region}:::endpoint:tke.${local.endpoint_prefix}${var.region}.hs-crypto.cloud.ibm.com"
+    hyperp-dbaas-mongodb        = "crn:v1:bluemix:public:hyperp-dbaas-mongodb:${var.region}:::endpoint:dbaas900-mongodb.${local.endpoint_prefix}hyperp-dbaas.cloud.ibm.com"
+    hyperp-dbaas-postgresql     = "crn:v1:bluemix:public:hyperp-dbaas-postgresql:${var.region}:::endpoint:dbaas900-postgresql.${local.endpoint_prefix}hyperp-dbaas.cloud.ibm.com"
+    iam-svcs                    = "crn:v1:bluemix:public:iam-svcs:global:::endpoint:${local.endpoint_prefix}iam.cloud.ibm.com"
+    is                          = "crn:v1:bluemix:public:is:${var.region}:::endpoint:${var.region}.${local.endpoint_prefix}iaas.cloud.ibm.com"
+    kms                         = "crn:v1:bluemix:public:kms:${var.region}:::endpoint:${local.endpoint_prefix}${var.region}.kms.cloud.ibm.com"
+    messaging                   = "crn:v1:bluemix:public:messaging:global:::endpoint:${local.endpoint_prefix}messaging.cloud.ibm.com"
+    resource-controller         = "crn:v1:bluemix:public:resource-controller:global:::endpoint:${local.endpoint_prefix}resource-controller.cloud.ibm.com"
+    support-center              = "crn:v1:bluemix:public:support:global:::endpoint:private.support-center.cloud.ibm.com"
+    transit                     = "crn:v1:bluemix:public:transit:global:::endpoint:${local.endpoint_prefix}transit.cloud.ibm.com"
+    user-management             = "crn:v1:bluemix:public:user-management:global:::endpoint:${local.endpoint_prefix}user-management.cloud.ibm.com"
+    vmware                      = "crn:v1:bluemix:public:vmware:${var.region}:::endpoint:api.${local.endpoint_prefix}${var.region}.vmware.cloud.ibm.com"
+    ntp                         = "ibm-ntp-server"
+  }
+
+  # CONTAINER-REGISTRY region-domain mappings
+  # this cannot be pulled dynamically at this time, so hard-coding the region to registry domain mapping
+  # Resource: https://cloud.ibm.com/docs/Registry?topic=Registry-registry_vpe&interface=ui#registry_vpe_endpoint_setup
+  container_registry_region_domain_map = {
+    "au-syd"   = "au.icr.io"  # ap-south
+    "jp-osa"   = "jp2.icr.io" # jp-osa
+    "jp-tok"   = "jp.icr.io"  # ap-north
+    "eu-de"    = "de.icr.io"  # eu-central
+    "eu-gb"    = "uk.icr.io"  # uk-south
+    "ca-tor"   = "ca.icr.io"  # ca-tor
+    "br-sao"   = "br.icr.io"  # br-sao
+    "us-south" = "us.icr.io"  # us
+  }
+
+}

tests/pr_test.go

@@ -22,21 +22,36 @@ func setupOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptio
 		"account-management",
 		"billing",
 		"cloud-object-storage",
+		//"cloud-object-storage-config",
 		"codeengine",
+		//"container-registry",
+		//"containers-kubernetes",
+		//"context-based-restrictions",
 		"directlink",
 		"dns-svcs",
 		"enterprise",
 		"global-search-tagging",
 		"globalcatalog",
 		"hs-crypto",
+		//"hs-crypto-cert-mgr",
+		//"hs-crypto-ep11",
+		//"hs-crypto-ep11-az1",
+		//"hs-crypto-ep11-az2",
+		//"hs-crypto-ep11-az3",
+		//"hs-crypto-kmip",
+		//"hs-crypto-tke",
 		"hyperp-dbaas-mongodb",
 		"hyperp-dbaas-postgresql",
 		"iam-svcs",
 		"is",
 		"kms",
+		//"messaging",
 		"resource-controller",
+		//"support-center",
 		"transit",
 		"user-management",
+		//"vmware",
+		//"ntp",
 	}
 
 	vpeNames := map[string]string{

variables.tf

@@ -71,22 +71,36 @@ variable "cloud_services" {
         "account-management",
         "billing",
         "cloud-object-storage",
+        "cloud-object-storage-config",
         "codeengine",
         "container-registry",
+        "containers-kubernetes",
+        "context-based-restrictions",
         "directlink",
         "dns-svcs",
         "enterprise",
         "global-search-tagging",
         "globalcatalog",
         "hs-crypto",
+        "hs-crypto-cert-mgr",
+        "hs-crypto-ep11",
+        "hs-crypto-ep11-az1",
+        "hs-crypto-ep11-az2",
+        "hs-crypto-ep11-az3",
+        "hs-crypto-kmip",
+        "hs-crypto-tke",
         "hyperp-dbaas-mongodb",
         "hyperp-dbaas-postgresql",
         "iam-svcs",
         "is",
         "kms",
+        "messaging",
         "resource-controller",
+        "support-center",
         "transit",
         "user-management",
+        "vmware",
+        "ntp"
       ], service)
     ]) == 0
   }