Merge remote-tracking branch 'internal/main'

.docs/powervs-poc.md

@@ -120,7 +120,7 @@ The VPC VPN Server used for client to site VPNs requires SSL/TLS certificates st
 
 1. Create a Secrets Manager instance and either [order public certificates](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-public-certificates&interface=ui
 ), [create private certificates](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-private-certificates&interface=ui
-), or [import certificates](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-certificates&interface=ui).
+), or [import certificates](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-certificates&interface=ui). Consult the [VPC client-to-site server authentication documentation](https://cloud.ibm.com/docs/vpc?topic=vpc-client-to-site-authentication) to ensure the certificate authorities and certificates are created using values that are compatible with the VPN server.
 2. Choose VPC Deployments from the menu and create a new security group for the VPN Server.
 Create the security group in the `transit-rg` resource group.
 Add the following rules to the group:
@@ -140,7 +140,7 @@ Set the VPN Server values using the following table as a guide.
 | VPC                     | transit                                                                                                                                                                                                          |
 | Subnets                 | vpn-zone-1                                                                                                                                                                                                       |
 | Security group          | security group created in step 3                                                                                                                                                                                 |
-| Authentication method   | Certificate                                                                                                                                                                                                      |
+| Authentication method   | Username and Certificate                                                                                                                                                                                         |
 | Certificate CRN         | The CRN of the Secrets Manager secret containing the certificate for the VPN Server.                                                                                                                             |
 | Client CA CRN           | The CRN of the Secrets Manager secret containing the certificate for the VPN client.                                                                                                                             |
 | Client CIDR Pool        | Specify a network CIDR that does not conflict with any on-premises network, the VPC network, or the Power VS network. The CIDR should also be a subnet of 10.0.0.0/8 to avoid additional security group changes. |
@@ -199,3 +199,20 @@ Here are the list of fields and values to be used to setup on-prem VPN gateway:
 * Preshared Key: Shared between both VPNs to establish connection.
 * Peer CIDR: IBM VPC CIDRs + IBM PowerVS CIDRs to allow communication into IBM cloud environment via VPN.
 * IKE policy: IKEv2
+
+### Configuring VPC VPN Server - Client to Site VPN users
+
+If a VPC VPN Server was added to the configuration as documented with the `Username and Certificate` authentication mechanism, VPN users must have the correct access policies to log into the VPN.
+
+The following steps can be used to create an access group with the appropriate access policy and add VPN users:
+
+Create Access Group:
+  - Manage -> Access (IAM) -> Access Groups -> Create +
+  - Name the access group  _(i.e. VPN Users)_
+  - Add users and/or service IDs as needed
+  - Navigate to Access tab -> Assign access +
+  - Create an access policy with the following:
+
+| Service                            | Resources                          | Access          |
+|-                                   |-                                   |-                |
+| VPC Infrastructure Service   | All                                | Users of the VPN server need this role to connect to the VPN server          |

CHANGELOG.md

@@ -2,6 +2,27 @@
 
 All notable changes to this project will be documented in this file.
 
+## 1.15.6
+
+### Upgrade Notes
+
+- Updated the VPN as a Service template's default authentication method and changed the Secrets Manager to the Trial plan
+- Updated AIX stock images and removed deprecated images for all templates with invalid image references
+
+### Features
+
+- When creating a VPN Server, users can now have both certificate and username authentication by selecting the `Username and Certificate` authentication method
+
+### Fixes
+
+- Fixed an issue causing Resource Groups assigned to Security Groups to not be correctly imported into VPC modules
+- Fixed an issue preventing users from downloading Terraform code when using only existing VPCs and VPC Subnets
+- Fixed an issue in the Power VS POC template where the LogDNA files were written to the AIX save files COS bucket
+- Fixed an issue causing Cloud Services with missing values not to be highlighed red on the `/v2/services` page
+- The Power VS POC Template Activity Tracker COS instance now correctly uses a random suffix to ensure unique resource naming
+- Fixed an issue causing imported VPC Security Groups to fail on Terraform Plan
+- Power VS Images are now reset when changing zones or changing the name of an existing workspace
+
 ## 1.15.5
 
 ### Fixes

client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "craig",
-  "version": "1.15.5",
+  "version": "1.15.6",
   "private": true,
   "license": "Apache-2.0",
   "scripts": {

client/src/components/forms/dynamic-form/DynamicFetchMultiSelect.js

@@ -43,9 +43,12 @@ class DynamicFetchMultiSelect extends React.Component {
     this._isMounted = false;
   }
 
-  // Force re-fetch of images on zone change
+  // Force re-fetch of images on name or zone change
   componentDidUpdate(prevProps) {
-    if (prevProps.parentState.zone != this.props.parentState.zone) {
+    if (
+      prevProps.parentState.zone != this.props.parentState.zone ||
+      prevProps.parentState.name != this.props.parentState.name
+    ) {
       this._isMounted = false;
       this.setState({ data: ["Loading..."] }, () => {
         this.componentDidMount();

client/src/components/pages/cloud-services/CloudServices.js

@@ -587,7 +587,9 @@ class CloudServicesPage extends React.Component {
                           service={{
                             type: "atracker",
                             name: "atracker",
+                            data: craig.store.json.atracker,
                           }}
+                          craig={craig}
                           onClick={this.onServiceIconClick}
                           isSelected={this.state.service === "atracker"}
                         />
@@ -688,6 +690,7 @@ class CloudServicesPage extends React.Component {
                                     resourceGroup={rg}
                                     service={service}
                                     icon={serviceFormMap[service.type].icon}
+                                    craig={craig}
                                     onClick={this.onServiceIconClick}
                                     isSelected={
                                       this.state.service === service.type &&

client/src/components/pages/diagrams/ManageService.js

@@ -2,6 +2,7 @@ import { contains, titleCase } from "lazy-z";
 import React from "react";
 import PropTypes from "prop-types";
 import { RenderForm } from "../../forms";
+import { disableSave } from "../../../lib";
 
 export const ManageService = (props) => {
   return (
@@ -10,7 +11,14 @@ export const ManageService = (props) => {
         "manageService alignButtons" +
         (props.isSelected
           ? " serviceOpen"
-          : props.resourceGroup === "No Resource Group"
+          : disableSave(
+              props.service.overrideType || props.service.type,
+              props.service.data,
+              {
+                data: props.service.data,
+                craig: props.craig,
+              }
+            )
           ? " noRgService"
           : "") +
         " " +

client/src/components/pages/diagrams/RgServiceMap.js

@@ -110,6 +110,7 @@ export const RgServiceMap = (props) => {
                     icon={serviceFormMap[service.type].icon}
                     className="pointerEventsNone"
                     small={props.small}
+                    craig={props.craig}
                   />
                 );
               })

client/src/lib/docs/release-notes.json

@@ -1,4 +1,23 @@
 [
+  {
+    "version": "1.15.6",
+    "features": [
+      "When creating a VPN Server, users can now have both certificate and username authentication by selecting the `Username and Certificate` authentication method"
+    ],
+    "fixes": [
+      "Fixed an issue causing Resource Groups assigned to Security Groups to not be correctly imported into VPC modules",
+      "Fixed an issue preventing users from downloading Terraform code when using only existing VPCs and VPC Subnets",
+      "Fixed an issue in the Power VS POC template where the LogDNA files were written to the AIX save files COS bucket",
+      "Fixed an issue causing Cloud Services with missing values not to be highlighed red on the `/v2/services` page",
+      "The Power VS POC Template Activity Tracker COS instance now correctly uses a random suffix to ensure unique resource naming",
+      "Fixed an issue causing imported VPC Security Groups to fail on Terraform Plan",
+      "Power VS Images are now reset when changing zones or changing the name of an existing workspace"
+    ],
+    "upgrade_notes": [
+      "Updated the VPN as a Service template's default authentication method and changed the Secrets Manager to the Trial plan",
+      "Updated AIX stock images and removed deprecated images for all templates with invalid image references"
+    ]
+  },
   {
     "version": "1.15.5",
     "features": [],