Skip to content

Commit

Permalink
Merge remote-tracking branch 'internal/main'
Browse files Browse the repository at this point in the history
  • Loading branch information
@jvallexm
jvallexm committed Apr 26, 2024
2 parents 48f259d + e7e7dc5 commit e9d3afd
Show file tree
Hide file tree
Showing 13 changed files with 120 additions and 34 deletions.
1 change: 1 addition & 0 deletions .docs/access-policies.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@ The following steps list how to create an access group with these required acces

| Service | Resources | Access |
|- |- |- |
| All Account Management services | All | Viewer |
| Code Engine | All | Writer, Editor |
| Container Registry | All | Manager |
| Resource Group Only | All resource groups in the account | Viewer, Editor |
Expand Down
43 changes: 43 additions & 0 deletions .docs/powervs-poc.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,49 @@ There are multiple ways to manage volumes in Power Virtual Server:
* To add volumes that will not be attached to a virtual server, click the "Add Resource" (plus) button on the Power VS workspace, choose "Power Volume", fill in the attributes and click Submit.
* To remove volumes that are not attached to a virtual server, click on the volume's icon and click the delete button in the right panel.

### VPC VPN Server - Client to Site VPN
The VPC VPN Server used for client to site VPNs requires SSL/TLS certificates stored in a Secrets Manager instance. The Secrets Manager should be created outside of CRAIG and populated with the certificates before creating the VPN Server deployment in CRAIG.

1. Create a Secrets Manager instance and either [order public certificates](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-public-certificates&interface=ui
), [create private certificates](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-private-certificates&interface=ui
), or [import certificates](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-certificates&interface=ui).
2. Choose VPC Deployments from the menu and create a new security group for the VPN Server.
Create the security group in the `transit-rg` resource group.
Add the following rules to the group:

| Name | Direction | CIDR | Protocol | Port |
| --------------- | --------- | --------- | -------- | ---- |
| vpn-inbound-udp | inbound | 0.0.0.0/0 | UDP | 443 |
| vpn-inbound-tcp | inbound | 0.0.0.0/0 | TCP | 443 |
| vpn-outbound | outbound | 0.0.0.0/0 | ALL | ALL |

3. Create a VPN Server deployment
Set the VPN Server values using the following table as a guide.

| Field | Value |
| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Resource group | transit-rg |
| VPC | transit |
| Subnets | vpn-zone-1 |
| Security group | security group created in step 3 |
| Authentication method | Certificate |
| Certificate CRN | The CRN of the Secrets Manager secret containing the certificate for the VPN Server. |
| Client CA CRN | The CRN of the Secrets Manager secret containing the certificate for the VPN client. |
| Client CIDR Pool | Specify a network CIDR that does not conflict with any on-premises network, the VPC network, or the Power VS network. The CIDR should also be a subnet of 10.0.0.0/8 to avoid additional security group changes. |
| Port | 443 |
| Protocol | UDP |
| Enable split tunneling | True is recommended |
| Client idle timeout | 600 |
| Client DNS Server IPs | Leave empty |
| Additional VPC Prefixes | Zone 1, add the CIDR specified in `Client CIDR Pool` |

4. After the VPN server is created, click on the VPN server icon to add routes. Routes are added by clicking the plus icon at the bottom of the VPN Server settings. Add two routes:

| Name | Destination | Action |
| ------- | ----------------------------------------------------------------------- | --------- |
| vpn-vsi | the VSI network CIDR (`10.10.0.0/28` by default in the template) | Deliver |
| powervs | the Power VS network CIDR (`192.168.0.0/24` by default in the template) | Translate |

## Saving the configuration and deploying the resources

The configuration can be downloaded by clicking the download button in the top right of the screen. This downloads a zip of a file named craig.json and Terraform artifacts. The craig.json can be imported back into CRAIG for continued editing.
Expand Down
15 changes: 15 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,21 @@

All notable changes to this project will be documented in this file.

## 1.15.2

### Upgrade Notes

- Existing Secrets Manager instances now require a Resource Group. Add your existing Resource Group to ensure Terraform has access to your Secrets Manager instance
- When creating a VPN Server using the Certificate or Username and Password method, a Secrets Manager instance is no longer required

### Fixes

- Fixed an issue causing incorrect spacing for the titles of VPCs on downloaded `craig.png` images

### Features

- Added documentation for adding a VPN Server to the Power VS PoC template

## 1.15.1

### Upgrade Notes
Expand Down
4 changes: 2 additions & 2 deletions client/package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion client/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "craig",
"version": "1.15.1",
"version": "1.15.2",
"private": true,
"license": "Apache-2.0",
"scripts": {
Expand Down
17 changes: 15 additions & 2 deletions client/src/components/pages/diagrams/VpcMap.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ import { SubnetServiceMap } from "./SubnetServiceMap";
export const VpcMap = (props) => {
let craig = props.craig;
let nullVpcResources = false;

// check items for null vpc
[
"fortigate_vnf",
"vsi",
Expand All @@ -41,13 +43,17 @@ export const VpcMap = (props) => {
nullVpcResources = true;
}
});

// if there are no vpcs, no vpcs are null, and the map is not static, show empty
// resource tile
return craig.store.json.vpcs.length === 0 &&
!nullVpcResources &&
!props.static ? (
<CraigEmptyResourceTile
name="VPCs"
className="width580 marginTopHalfRem"
customClick={
// add custom click for the V2 page
window.location.pathname !== "/v2/vpc" ? (
<>
Add one from the{" "}
Expand All @@ -60,15 +66,18 @@ export const VpcMap = (props) => {
}
/>
) : (
// init array with name / pgw for null resources
(nullVpcResources && !props.noDeployments
? [{ name: null, public_gateways: [] }]
: []
)
.concat(craig.store.json.vpcs)
.concat(craig.store.json.vpcs) // add vpcs
.map((vpc, calcVpcIndex) => {
let vpcBoxClassName =
"subForm marginBottomSmall marginRight1Rem " +
(props.small ? " width300" : " width580");
// is invalid when no rg and not using data, no bucket options selected
// or the vpc has no name
let isRed =
(isNullOrEmptyString(vpc.resource_group, true) && !vpc.use_data) ||
isNullOrEmptyString(vpc.bucket, true) ||
Expand All @@ -93,7 +102,11 @@ export const VpcMap = (props) => {
static={props.static}
>
<div
className={props.static || !props.onTitleClick ? "" : "clicky"}
className={
(props.static || !props.onTitleClick ? "" : "clicky") +
// add margin to add spacing between vpc and child items
(props.static ? " marginBottomSmall" : "")
}
>
<CraigFormHeading
isRed={isRed}
Expand Down
3 changes: 0 additions & 3 deletions client/src/components/pages/vpc/VpcDeployments.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -353,9 +353,6 @@ class VpcDeploymentsDiagramPage extends React.Component {
) : this.state.selectedItem === "load_balancers" &&
craig.store.json.vsi.length === 0 ? (
<NoVpcVsiTile />
) : this.state.selectedItem === "vpn_servers" &&
craig.store.json.secrets_manager.length === 0 ? (
<NoSecretsManagerTile />
) : contains(["fortigate_vnf", "vsi"], this.state.selectedItem) &&
craig.store.json.ssh_keys.length === 0 ? (
<CraigEmptyResourceTile
Expand Down
13 changes: 13 additions & 0 deletions client/src/lib/docs/release-notes.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,17 @@
[
{
"version": "1.15.2",
"features": [
"Added documentation for adding a VPN Server to the Power VS PoC template"
],
"fixes": [
"Fixed an issue causing incorrect spacing for the titles of VPCs on downloaded `craig.png` images"
],
"upgrade_notes": [
"Existing Secrets Manager instances now require a Resource Group. Add your existing Resource Group to ensure Terraform has access to your Secrets Manager instance",
"When creating a VPN Server using the Certificate or Username and Password method, a Secrets Manager instance is no longer required"
]
},
{
"version": "1.15.1",
"features": [
Expand Down
4 changes: 3 additions & 1 deletion client/src/lib/state/secrets-manager.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,9 @@ function initSecretsManagerStore(store) {
labelText: "Use Existing Instance",
},
name: nameField("secrets_manager"),
resource_group: resourceGroupsField(),
resource_group: resourceGroupsField(false, {
noHideWhen: true,
}),
plan: {
type: "select",
default: "standard",
Expand Down
4 changes: 2 additions & 2 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "craig",
"version": "1.15.1",
"version": "1.15.2",
"description": "gui for generating ibm cloud infrastructure resources",
"main": "index.js",
"scripts": {
Expand Down
22 changes: 12 additions & 10 deletions unit-tests/forms/diagrams/filters.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,16 +22,18 @@ describe("filter functions", () => {
let craig;
beforeEach(() => {
craig = newState();
craig.store.json.classic_vlans[0] = {
name: "classic-priv-vlan",
datacenter: "dal10",
type: "PRIVATE",
};
craig.store.json.classic_vlans[1] = {
name: "classic-pub-vlan",
datacenter: "dal10",
type: "PUBLIC",
};
craig.store.json.classic_vlans = [
{
name: "classic-priv-vlan",
datacenter: "dal10",
type: "PRIVATE",
},
{
name: "classic-pub-vlan",
datacenter: "dal10",
type: "PUBLIC",
},
];
});
it("should return a list of filtered classic gateways for a non-HADR gateway with a private vlan only", () => {
craig.store.json.classic_gateways[0] = {
Expand Down
24 changes: 12 additions & 12 deletions unit-tests/forms/wizard.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ describe("setup wizard", () => {
enable_power_vs: false,
enable_classic: false,
power_vs_zones: [],
craig_version: "1.15.1",
craig_version: "1.15.2",
power_vs_high_availability: false,
no_vpn_secrets_manager_auth: false,
},
Expand Down Expand Up @@ -975,7 +975,7 @@ describe("setup wizard", () => {
enable_power_vs: false,
enable_classic: false,
power_vs_zones: [],
craig_version: "1.15.1",
craig_version: "1.15.2",
power_vs_high_availability: false,
no_vpn_secrets_manager_auth: false,
},
Expand Down Expand Up @@ -1892,7 +1892,7 @@ describe("setup wizard", () => {
enable_power_vs: false,
enable_classic: false,
power_vs_zones: [],
craig_version: "1.15.1",
craig_version: "1.15.2",
power_vs_high_availability: false,
no_vpn_secrets_manager_auth: false,
},
Expand Down Expand Up @@ -2403,7 +2403,7 @@ describe("setup wizard", () => {
enable_power_vs: false,
enable_classic: false,
power_vs_zones: [],
craig_version: "1.15.1",
craig_version: "1.15.2",
power_vs_high_availability: false,
no_vpn_secrets_manager_auth: false,
},
Expand Down Expand Up @@ -2905,7 +2905,7 @@ describe("setup wizard", () => {
enable_power_vs: false,
enable_classic: false,
power_vs_zones: [],
craig_version: "1.15.1",
craig_version: "1.15.2",
power_vs_high_availability: false,
no_vpn_secrets_manager_auth: false,
},
Expand Down Expand Up @@ -3484,7 +3484,7 @@ describe("setup wizard", () => {
enable_power_vs: false,
enable_classic: false,
power_vs_zones: [],
craig_version: "1.15.1",
craig_version: "1.15.2",
no_vpn_secrets_manager_auth: false,
},
resource_groups: [
Expand Down Expand Up @@ -3654,7 +3654,7 @@ describe("setup wizard", () => {
enable_power_vs: false,
enable_classic: false,
power_vs_zones: [],
craig_version: "1.15.1",
craig_version: "1.15.2",
power_vs_high_availability: false,
no_vpn_secrets_manager_auth: false,
},
Expand Down Expand Up @@ -4225,7 +4225,7 @@ describe("setup wizard", () => {
enable_power_vs: false,
enable_classic: false,
power_vs_zones: [],
craig_version: "1.15.1",
craig_version: "1.15.2",
power_vs_high_availability: false,
no_vpn_secrets_manager_auth: false,
},
Expand Down Expand Up @@ -4770,7 +4770,7 @@ describe("setup wizard", () => {
enable_power_vs: false,
enable_classic: false,
power_vs_zones: [],
craig_version: "1.15.1",
craig_version: "1.15.2",
power_vs_high_availability: false,
no_vpn_secrets_manager_auth: false,
},
Expand Down Expand Up @@ -5320,7 +5320,7 @@ describe("setup wizard", () => {
enable_classic: false,
enable_classic: false,
power_vs_zones: [],
craig_version: "1.15.1",
craig_version: "1.15.2",
no_vpn_secrets_manager_auth: false,
},
resource_groups: [
Expand Down Expand Up @@ -5812,7 +5812,7 @@ describe("setup wizard", () => {
enable_power_vs: true,
enable_classic: false,
power_vs_zones: ["dal10"],
craig_version: "1.15.1",
craig_version: "1.15.2",
power_vs_high_availability: false,
no_vpn_secrets_manager_auth: false,
},
Expand Down Expand Up @@ -6314,7 +6314,7 @@ describe("setup wizard", () => {
enable_power_vs: true,
enable_classic: false,
power_vs_zones: ["dal10"],
craig_version: "1.15.1",
craig_version: "1.15.2",
power_vs_high_availability: false,
no_vpn_secrets_manager_auth: false,
},
Expand Down

0 comments on commit e9d3afd

Please sign in to comment.