CORS-2280: IBMCloud: Add TF support for private DNS

[cjschaef]

Add support for creating, configuring, and destroying Terraform
resources for private (Internal) IPI clusters on IBM Cloud, using
DNS Services, rather than CIS (public/External).

Partial: https://issues.redhat.com/browse/CORS-2255

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[cjschaef]

e2e-ibmcloud failed due to known issue of e2e-ibmcloud-ipi-ibmcloud-gather-resources, which is unrelated to installer code. So that should be acceptable, given it's a set of IBM Cloud CLI commands for debugging purposes.

[jeffnowicki]

/retitle CORS-2280: IBMCloud: Add TF support for private DNS

[cjschaef]

/retest

[rvanderp3]

/lgtm

[rvanderp3]

/assign @patrickdillon

[barbacbd]

I don't see any other instance of this variable changed. Is this missing id or did the type change?

[cjschaef]

This is actually a bug fix, for a bug that was never noticed until we started testing Internal, which hasn't been supported until this and the previous CORS-2280 PR for Golang changes.

For instance, using this PR with a revert of the line above, Terraform fails since the control_plane_security_group_id_list is a list of Id's (strings) already, not SecurityGroup data sources.

# go/src/github.com/openshift/installer/bin/openshift-install version
go/src/github.com/openshift/installer/bin/openshift-install unreleased-master-6395-g75c6ab06c034cfc841b672b936a6a750930606d7
built from commit 75c6ab06c034cfc841b672b936a6a750930606d7
release image registry.ci.openshift.org/origin/release:4.12
release architecture amd64

# git -C go/src/github.com/openshift/installer/ diff cjschaef/ibmcloud_private_terraform..75c6ab06c034cfc841b672b936a6a750930606d7
diff --git a/data/data/ibmcloud/bootstrap/main.tf b/data/data/ibmcloud/bootstrap/main.tf
index 4471b3325..2f0aaea6a 100644
--- a/data/data/ibmcloud/bootstrap/main.tf
+++ b/data/data/ibmcloud/bootstrap/main.tf
@@ -67,7 +67,7 @@ resource "ibm_is_security_group" "bootstrap" {
 resource "ibm_is_security_group_rule" "bootstrap_ssh_inbound" {
   group     = ibm_is_security_group.bootstrap.id
   direction = "inbound"
-  remote    = local.public_endpoints ? "0.0.0.0/0" : var.control_plane_security_group_id_list[0]
+  remote    = local.public_endpoints ? "0.0.0.0/0" : var.control_plane_security_group_id_list.0.id
   tcp {
     port_min = 22
     port_max = 22


# go/src/github.com/openshift/installer/bin/openshift-install create cluster --dir clusters/private-sg-id-list-1/
WARNING Found override for release image. Please be warned, this is not advised 
INFO Consuming Worker Machines from target directory 
INFO Consuming OpenShift Install (Manifests) from target directory 
INFO Consuming Master Machines from target directory 
INFO Consuming Common Manifests from target directory 
INFO Consuming Openshift Manifests from target directory 
INFO Obtaining RHCOS image file from 'https://rhcos.mirror.openshift.com/art/storage/releases/rhcos-4.12/412.86.202208101039-0/x86_64/rhcos-412.86.202208101039-0-ibmcloud.x86_64.qcow2.gz?sha256=09b599849b945bdd405b18765225160f50e07ca205fe9787f70f188c8a96f293' 
INFO The file was found in cache: /root/.cache/openshift-installer/image_cache/rhcos-412.86.202208101039-0-ibmcloud.x86_64.qcow2. Reusing... 
INFO Creating infrastructure resources...         
ERROR                                              
ERROR Error: Unsupported attribute                 
ERROR                                              
ERROR   on main.tf line 70, in resource "ibm_is_security_group_rule" "bootstrap_ssh_inbound": 
ERROR   70:   remote    = local.public_endpoints ? "0.0.0.0/0" : var.control_plane_security_group_id_list.0.id 
ERROR     ├────────────────                        
ERROR     │ var.control_plane_security_group_id_list[0] is "r018-a45f4ff4-b452-44a7-bc12-72bc0e424644" 
ERROR                                              
ERROR Can't access attributes on a primitive-typed value (string). 
ERROR failed to fetch Cluster: failed to generate asset "Cluster": failure applying terraform for "bootstrap" stage: failed to create cluster: failed to apply Terraform: exit status 1 
ERROR                                              
ERROR Error: Unsupported attribute                 
ERROR                                              
ERROR   on main.tf line 70, in resource "ibm_is_security_group_rule" "bootstrap_ssh_inbound": 
ERROR   70:   remote    = local.public_endpoints ? "0.0.0.0/0" : var.control_plane_security_group_id_list.0.id 
ERROR     ├────────────────                        
ERROR     │ var.control_plane_security_group_id_list[0] is "r018-a45f4ff4-b452-44a7-bc12-72bc0e424644" 
ERROR                                              
ERROR Can't access attributes on a primitive-typed value (string).

[barbacbd]

consider making is_external more descriptive.

[cjschaef]

Okay, I'll see about following up this PR with some more descriptive

[barbacbd]

consider passing this in as a boolean to the ibm-variables where the logic is moved to tfvars in the installer.

[cjschaef]

The boolean is based on PublishStrategy currently, and just passed around after that.
If it makes sense to add boolean version of the PublishStrategy (basically) to tfvars that gets used in place of that Internel/External string, I can do that in a follow up PR.

[patrickdillon]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: patrickdillon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [patrickdillon]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jeffnowicki]

/retest

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD b8714c6 and 2 for PR HEAD 9d7a9bc in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 02354a2 and 1 for PR HEAD 9d7a9bc in total

[openshift-ci]

@cjschaef: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-libvirt	9d7a9bc	link	false	/test e2e-libvirt
ci/prow/e2e-ibmcloud	9d7a9bc	link	false	/test e2e-ibmcloud

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.