feat: new bare vpc pattern (#378)

* feat: added standard pattern

Author: Soaib024

.docs/images/patterns/vpc-pattern.png

@@ -0,0 +1,27 @@
+# IBM Secure Landing Zone for the vpc pattern
+
+## Architecture diagram
+
+![VPC pattern architecture diagram](../images/patterns/vpc-pattern.png)
+
+## Configured components and services
+
+The following common services are created:
+
+- Resource groups
+- Access groups
+- Transit gateway
+
+The following components are configured through automation.
+
+| Multi-Zone Region (MZR) management | Multi-Zone Region (MZR) workload |
+|---|---|
+| Management access group | Workload access group |
+| Management KMS key | Workload KMS key |
+| Management Cloud Object Storage Instance and Cloud Object Storage buckets | Workload Cloud Object Storage instance and Cloud Object Storage buckets |
+| Management Cloud Object Storage Authorization for Hyper Protect Crypto Services and KeyProtect | Workload Cloud Object Storage Authorization for Hyper Protect Crypto Services and KeyProtect |
+| Management Flow Log, Flow log Cloud Object Storage buckets and authorization | Workload flow log, Flow log Cloud Object Storage buckets and authorization |
+| Management VPC | Workload VPC |
+| Management subnets for VPE and VPN resources | Workload VPE gateway (for Cloud Object Storage) |
+| Management VPE gateway (for Cloud Object Storage) | Workload VPE gateway (for Container Registry) |
+| Management VPE gateway (for Container Registry) |  |

.docs/images/vpc.png

@@ -28,15 +28,16 @@ Each of these patterns creates the following infrastructure:
 
 Each pattern creates the following infrastructure on the VPC:
 
+- The VPC pattern deploys a simple IBM Cloud VPC infrastructure without any compute resources like VSIs or Red Hat OpenShift clusters
 - The virtual server (VSI) pattern deploys identical virtual servers across the VSI subnet tier in each VPC
 - The Red Hat OpenShift Kubernetes (ROKS) pattern deploys identical clusters across the VSI subnet tier in each VPC
 - The mixed pattern provisions both of these elements
 
 For more information about the default configuration, see [Default Secure Landing Zone configuration](.docs/pattern-defaults.md).
 
-| Virtual server pattern           | Red Hat OpenShift pattern        | Mixed pattern                      |
-| -------------------------------- | -------------------------------- | ---------------------------------- |
-| ![VSI](./.docs/images/vsi.png)   | ![ROKS](./.docs/images/roks.png) | ![Mixed](./.docs/images/mixed.png) |
+|  VPC pattern                   |  Virtual server pattern        |  Red Hat OpenShift pattern       | Mixed pattern                      |
+| ------------------------------ | ------------------------------ | -------------------------------- | ---------------------------------- |
+| ![VPC](./.docs/images/vpc.png) | ![VSI](./.docs/images/vsi.png) | ![ROKS](./.docs/images/roks.png) | ![Mixed](./.docs/images/mixed.png) |
 
 ## Before you begin
 
@@ -90,6 +91,7 @@ In the first method, you set a couple of required input variables of your respec
 
 You can find the list of input variables in the `variables.tf` file of the pattern directory:
 
+- [VPC pattern input variables](./patterns/vpc/variables.tf)
 - [VSI pattern input variables](./patterns/vsi/variables.tf)
 - [ROKS pattern input variables](./patterns/roks/variables.tf)
 - [Mixed pattern input variables](./patterns/mixed/variables.tf)
@@ -415,7 +417,9 @@ Users can add a name and optionally a public key. If `public_key` is not provide
   )
 ```
 
-#### vis variable
+#### vsi variable
+
+Note - You can't make changes to the VSI image with this module. That restriction is in place so that you don't inadvertently create an outage or lose data.
 
 The following example shows the `vsi` virtual server variable type.
 
@@ -905,7 +909,7 @@ statement instead the previous block.
 | <a name="module_ssh_keys"></a> [ssh\_keys](#module\_ssh\_keys) | ./ssh_key | n/a |
 | <a name="module_teleport_config"></a> [teleport\_config](#module\_teleport\_config) | ./teleport_config | n/a |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc.git | v5.0.1 |
-| <a name="module_vsi"></a> [vsi](#module\_vsi) | git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vsi.git | v2.0.0 |
+| <a name="module_vsi"></a> [vsi](#module\_vsi) | git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vsi.git | v2.0.1 |
 
 ## Resources
 

.docs/patterns/vpc-pattern.md

@@ -1,6 +1,6 @@
 # VPC landing zone (No compute example)
 
-![Architecture diagram for the Standard variation of VPC landing zone](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vpc.drawio.svg)
+![Architecture diagram for the standard variation of VPC landing zone](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vpc.drawio.svg)
 
 You can use the VPC landing zone example to deploy a simple IBM Cloud VPC infrastructure without any compute resources like Virtual Server Instances (VSIs) or Red Hat OpenShift clusters.
 

README.md

@@ -3,11 +3,13 @@
 ##############################################################################
 
 module "landing_zone" {
-  source           = "../../patterns/mixed"
-  prefix           = var.prefix
-  region           = var.region
-  ibmcloud_api_key = var.ibmcloud_api_key
-  ssh_public_key   = var.ssh_key
-  override         = true
-  tags             = var.resource_tags
+  source                 = "../../patterns/vpc"
+  prefix                 = var.prefix
+  region                 = var.region
+  ibmcloud_api_key       = var.ibmcloud_api_key
+  tags                   = var.resource_tags
+  network_cidr           = var.network_cidr
+  vpcs                   = var.vpcs
+  enable_transit_gateway = var.enable_transit_gateway
+  add_atracker_route     = var.add_atracker_route
 }

examples/no-compute-example/README.md

@@ -25,13 +25,44 @@ variable "region" {
   default     = "us-south"
 }
 
-variable "ssh_key" {
-  description = "Public SSH Key for VSI creation. Must be a valid SSH key that does not already exist in the deployment region."
-  type        = string
-}
-
 variable "resource_tags" {
   type        = list(string)
   description = "Optional list of tags to be added to created resources"
   default     = []
 }
+
+##############################################################################
+# VPC Variables
+##############################################################################
+
+variable "network_cidr" {
+  description = "Network CIDR for the VPC. This is used to manage network ACL rules for cluster provisioning."
+  type        = string
+  default     = "10.0.0.0/8"
+}
+
+variable "vpcs" {
+  description = "List of VPCs to create. The first VPC in this list will always be considered the `management` VPC, and will be where the VPN Gateway is connected. VPCs names can only be a maximum of 16 characters and can only contain lowercase letters, numbers, and - characters. VPC names must begin with a lowercase letter and end with a lowercase letter or number."
+  type        = list(string)
+  default     = ["management", "workload"]
+
+  validation {
+    error_message = "VPCs names can only be a maximum of 16 characters and can only contain lowercase letters, numbers, and - characters. Names must also begin with a lowercase letter and end with a lowercase letter or number."
+    condition = length([
+      for name in var.vpcs :
+      name if length(name) > 16 || !can(regex("^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$", name))
+    ]) == 0
+  }
+}
+
+variable "enable_transit_gateway" {
+  description = "Create transit gateway"
+  type        = bool
+  default     = true
+}
+
+variable "add_atracker_route" {
+  description = "Atracker can only have one route per zone. use this value to disable or enable the creation of atracker route"
+  type        = bool
+  default     = true
+}

examples/no-compute-example/main.tf

@@ -2805,7 +2805,7 @@
     },
     "vsi": {
       "name": "vsi",
-      "source": "git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vsi.git?ref=v2.0.0",
+      "source": "git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vsi.git?ref=v2.0.1",
       "attributes": {
         "prefix": "prefix",
         "tags": "tags"
@@ -2824,7 +2824,7 @@
           },
           "pos": {
             "filename": ".terraform/modules/vsi/main.tf",
-            "line": 127
+            "line": 132
           }
         },
         "ibm_is_floating_ip.vsi_fip": {
@@ -2840,7 +2840,7 @@
           },
           "pos": {
             "filename": ".terraform/modules/vsi/main.tf",
-            "line": 120
+            "line": 125
           }
         },
         "ibm_is_instance.vsi": {

examples/no-compute-example/override.json

@@ -380,7 +380,7 @@ data "external" "format_output" {
 
 locals {
   # Prevent users from inputting conflicting variables by checking regex
-  # causeing plan to fail when true.
+  # causing plan to fail when true.
   # > if both are false will pass
   # > if only one is true will pass
   # tflint-ignore: terraform_unused_declarations