OCM-13503 | feat: ROSA GovCloud Support

docs/data-sources/policies.md

@@ -41,6 +41,7 @@ Read-Only:
 
 Read-Only:
 
+- `openshift_aws_vpce_operator_avo_aws_creds_policy` (String)
 - `openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy` (String)
 - `openshift_cloud_network_config_controller_cloud_credentials_policy` (String)
 - `openshift_cluster_csi_drivers_ebs_cloud_credentials_policy` (String)

provider/autoscaler/classic/resource.go

@@ -198,16 +198,16 @@ func (r *ClusterAutoscalerResource) Configure(ctx context.Context, req resource.
 		return
 	}
 
-	collection, ok := req.ProviderData.(*sdk.Connection)
+	connection, ok := req.ProviderData.(*sdk.Connection)
 	if !ok {
 		resp.Diagnostics.AddError("Unexpected Resource Configure Type",
 			fmt.Sprintf("Expected *sdk.Connaction, got: %T. Please report this issue to the provider developers.", req.ProviderData),
 		)
 		return
 	}
 
-	r.collection = collection.ClustersMgmt().V1().Clusters()
-	r.clusterWait = common.NewClusterWait(r.collection)
+	r.collection = connection.ClustersMgmt().V1().Clusters()
+	r.clusterWait = common.NewClusterWait(r.collection, connection)
 }
 
 func (r *ClusterAutoscalerResource) Create(ctx context.Context, request resource.CreateRequest, response *resource.CreateResponse) {

provider/autoscaler/hcp/resource.go

@@ -101,16 +101,16 @@ func (r *ClusterAutoscalerResource) Configure(ctx context.Context, req resource.
 		return
 	}
 
-	collection, ok := req.ProviderData.(*sdk.Connection)
+	connection, ok := req.ProviderData.(*sdk.Connection)
 	if !ok {
 		resp.Diagnostics.AddError("Unexpected Resource Configure Type",
 			fmt.Sprintf("Expected *sdk.Connaction, got: %T. Please report this issue to the provider developers.", req.ProviderData),
 		)
 		return
 	}
 
-	r.collection = collection.ClustersMgmt().V1().Clusters()
-	r.clusterWait = common.NewClusterWait(r.collection)
+	r.collection = connection.ClustersMgmt().V1().Clusters()
+	r.clusterWait = common.NewClusterWait(r.collection, connection)
 }
 
 func (r *ClusterAutoscalerResource) Create(ctx context.Context, request resource.CreateRequest, response *resource.CreateResponse) {

provider/clusterrosa/classic/cluster_rosa_classic_datasource.go

@@ -345,7 +345,7 @@ func (r *ClusterRosaClassicDatasource) Configure(ctx context.Context, req dataso
 
 	r.clusterCollection = connection.ClustersMgmt().V1().Clusters()
 	r.versionCollection = connection.ClustersMgmt().V1().Versions()
-	r.clusterWait = common.NewClusterWait(r.clusterCollection)
+	r.clusterWait = common.NewClusterWait(r.clusterCollection, connection)
 }
 
 func (r *ClusterRosaClassicDatasource) Read(ctx context.Context, request datasource.ReadRequest,

provider/clusterrosa/classic/cluster_rosa_classic_resource.go

@@ -482,7 +482,7 @@ func (r *ClusterRosaClassicResource) Configure(ctx context.Context, req resource
 
 	r.ClusterCollection = connection.ClustersMgmt().V1().Clusters()
 	r.VersionCollection = connection.ClustersMgmt().V1().Versions()
-	r.ClusterWait = common.NewClusterWait(r.ClusterCollection)
+	r.ClusterWait = common.NewClusterWait(r.ClusterCollection, connection)
 }
 
 const (

provider/clusterrosa/hcp/datasource.go

@@ -310,7 +310,7 @@ func (r *ClusterRosaHcpDatasource) Configure(ctx context.Context, req datasource
 
 	r.clusterCollection = connection.ClustersMgmt().V1().Clusters()
 	r.versionCollection = connection.ClustersMgmt().V1().Versions()
-	r.clusterWait = common.NewClusterWait(r.clusterCollection)
+	r.clusterWait = common.NewClusterWait(r.clusterCollection, connection)
 }
 
 func (r *ClusterRosaHcpDatasource) Read(ctx context.Context, request datasource.ReadRequest,

provider/clusterrosa/hcp/resource.go

@@ -433,7 +433,7 @@ func (r *ClusterRosaHcpResource) Configure(ctx context.Context, req resource.Con
 
 	r.ClusterCollection = connection.ClustersMgmt().V1().Clusters()
 	r.VersionCollection = connection.ClustersMgmt().V1().Versions()
-	r.ClusterWait = common.NewClusterWait(r.ClusterCollection)
+	r.ClusterWait = common.NewClusterWait(r.ClusterCollection, connection)
 }
 
 const (

provider/clusterwaiter/cluster_waiter_resource.go

@@ -79,7 +79,7 @@ func (r *ClusterWaiterResource) Configure(ctx context.Context, req resource.Conf
 	}
 
 	r.collection = connection.ClustersMgmt().V1().Clusters()
-	r.clusterWait = common.NewClusterWait(r.collection)
+	r.clusterWait = common.NewClusterWait(r.collection, connection)
 }
 
 func (r *ClusterWaiterResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {

provider/common/cluster_waiter.go

@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/hashicorp/terraform-plugin-log/tflog"
+	sdk "github.com/openshift-online/ocm-sdk-go"
 	cmv1 "github.com/openshift-online/ocm-sdk-go/clustersmgmt/v1"
 )
 
@@ -20,10 +21,14 @@ type ClusterWait interface {
 
 type DefaultClusterWait struct {
 	collection *cmv1.ClustersClient
+	connection *sdk.Connection
 }
 
-func NewClusterWait(collection *cmv1.ClustersClient) ClusterWait {
-	return &DefaultClusterWait{collection: collection}
+func NewClusterWait(collection *cmv1.ClustersClient, connection *sdk.Connection) ClusterWait {
+	return &DefaultClusterWait{
+		collection: collection,
+		connection: connection,
+	}
 }
 
 func (dw *DefaultClusterWait) WaitForStdComputeNodesToBeReady(ctx context.Context, clusterId string, waitTimeoutMin int64) (*cmv1.Cluster, error) {
@@ -49,6 +54,8 @@ func (dw *DefaultClusterWait) WaitForStdComputeNodesToBeReady(ctx context.Contex
 	backoffSleep := 30 * time.Second
 	var cluster *cmv1.Cluster
 	for cluster == nil {
+		tflog.Debug(ctx, fmt.Sprintf("Updating tokens for cluster %s", clusterId))
+		dw.connection.Tokens()
 		cluster, err = pollClusterCurrentCompute(clusterId, ctx, waitTimeoutMin, dw.collection)
 		if err != nil {
 			backoffAttempts--
@@ -98,6 +105,8 @@ func (dw *DefaultClusterWait) WaitForClusterToBeReady(ctx context.Context, clust
 	backoffSleep := 30 * time.Second
 	var cluster *cmv1.Cluster
 	for cluster == nil {
+		tflog.Debug(ctx, fmt.Sprintf("Updating tokens for cluster %s", clusterId))
+		dw.connection.Tokens()
 		cluster, err = pollClusterState(clusterId, ctx, waitTimeoutMin, dw.collection)
 		if err != nil {
 			backoffAttempts--

provider/defaultingress/classic/resource.go

@@ -141,16 +141,16 @@ func (r *DefaultIngressResource) Configure(ctx context.Context, req resource.Con
 		return
 	}
 
-	collection, ok := req.ProviderData.(*sdk.Connection)
+	connection, ok := req.ProviderData.(*sdk.Connection)
 	if !ok {
 		resp.Diagnostics.AddError("Unexpected Resource Configure Type",
-			fmt.Sprintf("Expected *sdk.Connaction, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+			fmt.Sprintf("Expected *sdk.Connection, got: %T. Please report this issue to the provider developers.", req.ProviderData),
 		)
 		return
 	}
 
-	r.collection = collection.ClustersMgmt().V1().Clusters()
-	r.clusterWait = common.NewClusterWait(r.collection)
+	r.collection = connection.ClustersMgmt().V1().Clusters()
+	r.clusterWait = common.NewClusterWait(r.collection, connection)
 }
 
 func (r *DefaultIngressResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {

provider/defaultingress/hcp/resource.go

@@ -78,16 +78,16 @@ func (r *DefaultIngressResource) Configure(ctx context.Context, req resource.Con
 		return
 	}
 
-	collection, ok := req.ProviderData.(*sdk.Connection)
+	connection, ok := req.ProviderData.(*sdk.Connection)
 	if !ok {
 		resp.Diagnostics.AddError("Unexpected Resource Configure Type",
 			fmt.Sprintf("Expected *sdk.Connaction, got: %T. Please report this issue to the provider developers.", req.ProviderData),
 		)
 		return
 	}
 
-	r.collection = collection.ClustersMgmt().V1().Clusters()
-	r.clusterWait = common.NewClusterWait(r.collection)
+	r.collection = connection.ClustersMgmt().V1().Clusters()
+	r.clusterWait = common.NewClusterWait(r.collection, connection)
 }
 
 func (r *DefaultIngressResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {

provider/groupmembership/group_membership_resource.go

@@ -95,7 +95,7 @@ func (g *GroupMembershipResource) Configure(ctx context.Context, req resource.Co
 	}
 
 	g.collection = connection.ClustersMgmt().V1().Clusters()
-	g.clusterWait = common.NewClusterWait(g.collection)
+	g.clusterWait = common.NewClusterWait(g.collection, connection)
 }
 
 func (g *GroupMembershipResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {

provider/info/consts.go

@@ -18,13 +18,19 @@ package info
 type ocmEnv string
 
 const (
-	ocmEnvProd  ocmEnv = "production"
-	ocmEnvStage ocmEnv = "stage"
-	ocmEnvInt   ocmEnv = "integration"
+	ocmEnvProd         ocmEnv = "production"
+	ocmEnvStage        ocmEnv = "stage"
+	ocmEnvInt          ocmEnv = "integration"
+	ocmEnvFedRAMPProd  ocmEnv = "fedramp-production"
+	ocmEnvFedRAMPStage ocmEnv = "fedramp-stage"
+	ocmEnvFedRAMPInt   ocmEnv = "fedramp-int"
 )
 
 var ocmAWSAccounts = map[ocmEnv]string{
-	ocmEnvProd:  "710019948333",
-	ocmEnvStage: "644306948063",
-	ocmEnvInt:   "896164604406",
+	ocmEnvProd:         "710019948333",
+	ocmEnvStage:        "644306948063",
+	ocmEnvInt:          "896164604406",
+	ocmEnvFedRAMPProd:  "448648337690",
+	ocmEnvFedRAMPStage: "448870092490",
+	ocmEnvFedRAMPInt:   "449053620653",
 }

provider/info/info_data_source.go

@@ -140,12 +140,21 @@ func (d *OCMInfoDataSource) Read(ctx context.Context, req datasource.ReadRequest
 }
 
 func extractOCMAWSAccount(url string) string {
-	env := ocmEnvProd
-	if strings.Contains(url, "stage") {
-		env = ocmEnvStage
-	} else if strings.Contains(url, "integration") {
-		env = ocmEnvInt
+	if strings.Contains(url, "openshiftusgov.com") {
+		if strings.Contains(url, "stage") {
+			return ocmAWSAccounts[ocmEnvFedRAMPStage]
+		} else if strings.Contains(url, "int") {
+			return ocmAWSAccounts[ocmEnvFedRAMPInt]
+		} else {
+			return ocmAWSAccounts[ocmEnvFedRAMPProd]
+		}
+	} else {
+		if strings.Contains(url, "stage") {
+			return ocmAWSAccounts[ocmEnvStage]
+		} else if strings.Contains(url, "integration") {
+			return ocmAWSAccounts[ocmEnvInt]
+		} else {
+			return ocmAWSAccounts[ocmEnvProd]
+		}
 	}
-
-	return ocmAWSAccounts[env]
 }

provider/kubeletconfig/kubeletconfig_resource.go

@@ -338,7 +338,7 @@ func (k *KubeletConfigResource) Configure(_ context.Context, req resource.Config
 	clusterCollection := connection.ClustersMgmt().V1().Clusters()
 	k.clusterClient = common.NewClusterClient(clusterCollection)
 	k.configsClient = client.NewKubeletConfigsClient(clusterCollection)
-	k.clusterWait = common.NewClusterWait(clusterCollection)
+	k.clusterWait = common.NewClusterWait(clusterCollection, connection)
 }
 
 func isHCP(ctx context.Context, clusterId string, clusterClient common.ClusterClient) (bool, error) {

provider/machinepool/classic/machine_pool_resource.go

@@ -254,7 +254,7 @@ func (r *MachinePoolResource) Configure(ctx context.Context, req resource.Config
 	}
 
 	r.clusterCollection = connection.ClustersMgmt().V1().Clusters()
-	r.clusterWait = common.NewClusterWait(r.clusterCollection)
+	r.clusterWait = common.NewClusterWait(r.clusterCollection, connection)
 }
 
 func (r *MachinePoolResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {

provider/machinepool/hcp/machine_pool_resource.go

@@ -245,7 +245,7 @@ func (r *HcpMachinePoolResource) Configure(ctx context.Context, req resource.Con
 
 	r.clusterCollection = connection.ClustersMgmt().V1().Clusters()
 	r.versionCollection = connection.ClustersMgmt().V1().Versions()
-	r.clusterWait = common.NewClusterWait(r.clusterCollection)
+	r.clusterWait = common.NewClusterWait(r.clusterCollection, connection)
 }
 
 func (r *HcpMachinePoolResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {

provider/ocm_policies/classic/ocm_policies_data_source.go

@@ -38,6 +38,7 @@ const (
 	IngressOperator          = "openshift_ingress_operator_cloud_credentials_policy"
 	SharedVpcIngressOperator = "shared_vpc_openshift_ingress_operator_cloud_credentials_policy"
 	MachineAPI               = "openshift_machine_api_aws_cloud_credentials_policy"
+	AvoCredentials           = "openshift_aws_vpce_operator_avo_aws_creds_policy"
 
 	// Policy IDs from type account roles
 	Installer            = "sts_installer_permission_policy"
@@ -90,6 +91,9 @@ func (s *OcmPoliciesDataSource) Schema(ctx context.Context, req datasource.Schem
 					MachineAPI: schema.StringAttribute{
 						Computed: true,
 					},
+					AvoCredentials: schema.StringAttribute{
+						Computed: true,
+					},
 				},
 				Computed: true,
 			},
@@ -166,6 +170,8 @@ func (s *OcmPoliciesDataSource) Read(ctx context.Context, req datasource.ReadReq
 			operatorRolePolicies.SharedVpcIngressOperator = types.StringValue(awsPolicy.Details())
 		case MachineAPI:
 			operatorRolePolicies.MachineAPI = types.StringValue(awsPolicy.Details())
+		case AvoCredentials:
+			operatorRolePolicies.AvoCredentials = types.StringValue(awsPolicy.Details())
 		// account roles
 		case Installer:
 			accountRolePolicies.Installer = types.StringValue(awsPolicy.Details())

provider/ocm_policies/classic/ocm_policies_state.go

@@ -31,6 +31,7 @@ type OperatorRolePolicies struct {
 	IngressOperator          types.String `tfsdk:"openshift_ingress_operator_cloud_credentials_policy"`
 	SharedVpcIngressOperator types.String `tfsdk:"shared_vpc_openshift_ingress_operator_cloud_credentials_policy"`
 	MachineAPI               types.String `tfsdk:"openshift_machine_api_aws_cloud_credentials_policy"`
+	AvoCredentials           types.String `tfsdk:"openshift_aws_vpce_operator_avo_aws_creds_policy"`
 }
 
 type AccountRolePolicies struct {

provider/tuningconfigs/resource.go

@@ -80,16 +80,16 @@ func (r *TuningConfigResource) Configure(ctx context.Context, req resource.Confi
 		return
 	}
 
-	collection, ok := req.ProviderData.(*sdk.Connection)
+	connection, ok := req.ProviderData.(*sdk.Connection)
 	if !ok {
 		resp.Diagnostics.AddError("Unexpected Resource Configure Type",
 			fmt.Sprintf("Expected *sdk.Connaction, got: %T. Please report this issue to the provider developers.", req.ProviderData),
 		)
 		return
 	}
 
-	r.collection = collection.ClustersMgmt().V1().Clusters()
-	r.clusterWait = common.NewClusterWait(r.collection)
+	r.collection = connection.ClustersMgmt().V1().Clusters()
+	r.clusterWait = common.NewClusterWait(r.collection, connection)
 }
 
 func (r *TuningConfigResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {

subsystem/classic/rosa_ocm_policies_data_source_test.go

@@ -230,6 +230,7 @@ var _ = Describe("OCM policies data source", func() {
 					"openshift_ingress_operator_cloud_credentials_policy":                               "{}",
 					"shared_vpc_openshift_ingress_operator_cloud_credentials_policy":                    "{}",
 					"openshift_machine_api_aws_cloud_credentials_policy":                                "{}",
+					"openshift_aws_vpce_operator_avo_aws_creds_policy":                                  nil,
 				},
 				"account_role_policies": map[string]interface{}{
 					"sts_installer_permission_policy":             "{}",