chore: preparation for ocp variation, twg and vpc resources can be created in same rg (#1121)

Author: ludwig-mueller

modules/powervs-vpc-landing-zone/client2sitevpn.tf

@@ -64,7 +64,7 @@ resource "ibm_resource_instance" "secrets_manager" {
   service           = "secrets-manager"
   plan              = var.sm_service_plan
   location          = local.sm_region
-  resource_group_id = module.landing_zone.resource_group_data["${var.prefix}-slz-edge-rg"]
+  resource_group_id = module.landing_zone.resource_group_data["${var.prefix}-${local.second_rg_name}"]
   tags              = var.tags
   parameters = {
     "allowed_network" : "public-and-private"
@@ -132,7 +132,7 @@ module "client_to_site_vpn" {
   count     = var.client_to_site_vpn.enable ? 1 : 0
 
   vpn_gateway_name              = "${var.prefix}-vpc-pvs-vpn"
-  resource_group_id             = module.landing_zone.resource_group_data["${var.prefix}-slz-edge-rg"]
+  resource_group_id             = module.landing_zone.resource_group_data["${var.prefix}-${local.second_rg_name}"]
   access_group_name             = "${var.prefix}-client-to-site-vpn-access-group"
   subnet_ids                    = [for subnet in module.landing_zone.subnet_data : subnet.id if subnet.name == "${var.prefix}-edge-vpn-zone-1"]
   client_ip_pool                = var.client_to_site_vpn.client_ip_pool

modules/powervs-vpc-landing-zone/main.tf

@@ -4,14 +4,19 @@
 locals {
 
   external_access_ip = var.external_access_ip != null && var.external_access_ip != "" ? length(regexall("/", var.external_access_ip)) > 0 ? var.external_access_ip : "${var.external_access_ip}/32" : ""
+  # Openshift IPI requires VPC resources, PowerVS resources, and TGW to be in the same resource group
+  second_rg_name = var.powervs_resource_group_name != null ? "slz-edge-rg" : "ocp-rg"
+  tgw_rg_name    = var.powervs_resource_group_name != null ? "slz-service-rg" : "ocp-rg"
   override_json_string = templatefile("${path.module}/presets/slz-preset.json.tftpl",
     {
       external_access_ip           = local.external_access_ip,
       rhel_image                   = var.vpc_intel_images.rhel_image,
       network_services_vsi_profile = var.network_services_vsi_profile,
       transit_gateway_global       = var.transit_gateway_global,
       enable_monitoring            = var.enable_monitoring,
-      sles_image                   = var.vpc_intel_images.sles_image
+      sles_image                   = var.vpc_intel_images.sles_image,
+      second_rg_name               = local.second_rg_name,
+      tgw_rg_name                  = local.tgw_rg_name
     }
   )
 }
@@ -110,7 +115,7 @@ module "vpc_file_share_alb" {
   count     = var.configure_nfs_server ? 1 : 0
 
   vpc_zone                      = "${lookup(local.ibm_powervs_zone_cloud_region_map, var.powervs_zone, null)}-1"
-  resource_group_id             = module.landing_zone.resource_group_data["${var.prefix}-slz-edge-rg"]
+  resource_group_id             = module.landing_zone.resource_group_data["${var.prefix}-${local.second_rg_name}"]
   file_share_name               = "${var.prefix}-file-share-nfs"
   file_share_size               = var.nfs_server_config.size
   file_share_iops               = var.nfs_server_config.iops

modules/powervs-vpc-landing-zone/presets/slz-preset.json.tftpl

@@ -6,7 +6,7 @@
             "use_prefix": true
         },
         {
-            "name": "slz-edge-rg",
+            "name": "${second_rg_name}",
             "create": true,
             "use_prefix": true
         }
@@ -116,7 +116,7 @@
         "add_route": true
     },
     "enable_transit_gateway": true,
-    "transit_gateway_resource_group": "slz-service-rg",
+    "transit_gateway_resource_group": "${tgw_rg_name}",
     "transit_gateway_global": ${transit_gateway_global},
     "transit_gateway_connections": ["edge"],
     "security_groups": [
@@ -433,7 +433,7 @@
         {
             "name": "vpe-sg",
             "vpc_name": "edge",
-            "resource_group": "slz-edge-rg",
+            "resource_group": "${second_rg_name}",
             "show": false,
             "rules": [
                 {
@@ -468,7 +468,7 @@
     "vpcs": [
         {
             "prefix": "edge",
-            "resource_group": "slz-edge-rg",
+            "resource_group": "${second_rg_name}",
             "clean_default_sg_acl": false,
             "flow_logs_bucket_name": "atracker-bucket",
             "default_security_group_rules": [
@@ -550,7 +550,7 @@
             "image_name": "${rhel_image}",
             "machine_type": "cx2-2x4",
             "vpc_name": "edge",
-            "resource_group": "slz-edge-rg",
+            "resource_group": "${second_rg_name}",
             "enable_floating_ip": true,
             "boot_volume_encryption_key_name": "slz-vsi-volume-key",
             "ssh_keys": ["ssh-key"],
@@ -564,7 +564,7 @@
             "image_name": "${rhel_image}",
             "machine_type": "${network_services_vsi_profile}",
             "vpc_name": "edge",
-            "resource_group": "slz-edge-rg",
+            "resource_group": "${second_rg_name}",
             "enable_floating_ip": false,
             "boot_volume_encryption_key_name": "slz-vsi-volume-key",
             "ssh_keys": ["ssh-key"],
@@ -580,7 +580,7 @@
             "image_name": "${sles_image}",
             "machine_type": "bx2-2x8",
             "vpc_name": "edge",
-            "resource_group": "slz-edge-rg",
+            "resource_group": "${second_rg_name}",
             "enable_floating_ip": false,
             "boot_volume_encryption_key_name": "slz-vsi-volume-key",
             "ssh_keys": ["ssh-key"],
@@ -595,7 +595,7 @@
         {
             "service_name": "cos",
             "service_type": "cloud-object-storage",
-            "resource_group": "slz-edge-rg",
+            "resource_group": "${second_rg_name}",
             "vpcs": [
                 {
                     "name": "edge",