vmware-tanzu-labs
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 5 additions & 7 deletions b/‎CONTRIBUTING.md‎
Lines changed: 5 additions & 7 deletions
diff --git a/‎MAINTAINERS.md‎
Lines changed: 5 additions & 0 deletions b/‎MAINTAINERS.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎NOTICE‎
Lines changed: 12 additions & 4 deletions b/‎NOTICE‎
Lines changed: 12 additions & 4 deletions
diff --git a/‎README.md‎
Lines changed: 86 additions & 67 deletions b/‎README.md‎
Lines changed: 86 additions & 67 deletions
diff --git a/‎concourse/combinations/README.md‎
Lines changed: 1 addition & 1 deletion b/‎concourse/combinations/README.md‎
Lines changed: 1 addition & 1 deletion
@@ -1,17 +1,15 @@
 # Contributing to terraform-provider-namespace-management
 
-TODO replace with CLA (As it's Apache 2.0)
-
 The terraform-provider-namespace-management project team welcomes contributions from the community. Before you start working with terraform-provider-namespace-management, please
-read our [Developer Certificate of Origin](https://cla.vmware.com/dco). All contributions to this repository must be
+Read our [Contributor License Agreement](https://cla.vmware.com/cla/1/preview). All contributions to this repository must be
 signed as described on that page. Your signature certifies that you wrote the patch or have the right to pass it on
 as an open-source patch.
 
 ## Contribution Flow
 
 This is a rough outline of what a contributor's workflow looks like:
 
-- Create a topic branch from where you want to base your work
+- Create a topic branch from where you want to base your work using the naming convention feature-GITHUBISSUENUM as per GitFlow
 - Make commits of logical units
 - Make sure your commit messages are in the proper format (see below)
 - Push your changes to a topic branch in your fork of the repository
@@ -21,19 +19,19 @@ Example:
 
 ``` shell
 git remote add upstream https://github.com/vmware-tanzu-labs/terraform-provider-namespace-management.git
-git checkout -b my-new-feature main
+git checkout -b my-new-feature develop
 git commit -a
 git push origin my-new-feature
 ```
 
 ### Staying In Sync With Upstream
 
-When your branch gets out of sync with the vmware-tanzu-labs/main branch, use the following to update:
+When your branch gets out of sync with the vmware-tanzu-labs/develop branch, use the following to update:
 
 ``` shell
 git checkout my-new-feature
 git fetch -a
-git pull --rebase upstream main
+git pull --rebase upstream develop
 git push --force-with-lease origin my-new-feature
 ```
 
 
@@ -0,0 +1,5 @@
+# Maintainers
+
+The project maintainers are listed below:-
+
+Adam Fowler, VMware Inc. - Project Lead - adamf at vmware dot com or adam at adamfowler dot org.
@@ -1,5 +1,13 @@
-Copyright 2022 VMware, Inc.
+Copyright 2022 VMware, Inc. 
 
-This product is licensed to you under the Apache License, V2.0 (the "License"). You may not use this product except in compliance with the License.
-
-This product may include a number of subcomponents with separate copyright notices and license terms. Your use of these subcomponents is subject to the terms and conditions of the subcomponent's license, as noted in the LICENSE file.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+ 
+http://www.apache.org/licenses/LICENSE-2.0
+ 
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
@@ -16,76 +16,112 @@ vSphere namespace. There is no internal vSphere REST API for this by design.
 Likewise, creating the underlying infrastructure in vSphere can be 
 accomplished by using the 
 [HashiCorp vSphere provider](https://registry.terraform.io/providers/hashicorp/vsphere)
-and the [Avi Terraform Provider]().
-An example of these being used alongside our Workload Management 
+and the [Avi Terraform Provider](https://registry.terraform.io/providers/vmware/avi).
+An end to end example of these being used alongside our Workload Management 
 Terraform provider is provided in the 
 examples/full_esxi_tanzu_cluster sample.
 
-## Pre initial release sprints
+## Planned feature sprints
 
-- Alpha 1
-   - Single Avi controller instance, Avi Essentials configuration only, v21.1.2
-   - vDS networking 7.0u2 and 7.0u3 support for vCenter
+- Alpha 1 (Completed Friday 15 Jul 2022)
+   - Module: Single Avi controller instance, Avi Essentials configuration only, v21.1.2
+   - Module: vDS networking 7.0u2 and 7.0u3 support for vCenter
    - Works with latest photon build for TKGS (see concourse/combinations/README.md)
    - Tested against h2o.vmware.com and my own homelab nested esxi environment
    - No automated CI/CD testing
-   - Manual uploading of OVAs and manual Content Library creation
+   - Module: Manual uploading of OVAs and manual Content Library creation
    - Add all necessary repo files (Update CLA from DCO, CONTRIBUTING changes for this too)
    - Support manual build only (Provider not yet added to Terraform registry)
-   - Govmomi bug fixes and enhancements contributed back to project
+   - Add develop branch
    - REQUEST REPO BE MADE PUBLIC
 - Alpha 2
-   - Functional validation tests post cluster creation (Node up, node reachable)
-   - Overarching Concourse tests for develop branch
-   - Concourse loads environment combinations and runs multiple env pipelines in order using Terraform
-     - Support n-2 photon versions
-     - Automate testing on h20 (7.0u2) and homelab (7.0u3) using Concourse remote workers
-     - This is a total of 6 combinations
-   - Include initial vDS creation
-   - Include file upload from staging to datastore
-   - Include content library creation and uploading of TKR releases
-   - Produce test report summary files for develop branch
+   - Provider: Govmomi bug fixes and enhancements contributed back to project as PRs
+   - Provider: Basic CI testing of Terraform Provider in isolation (In Go, via GitHub CI) for develop branch
+   - Provider: Functional validation tests post cluster creation (Node up, node reachable)
+   - Provider: Produce test report summary files for develop branch
+   - Provider: Delete, create and status work as Terraform requires
+   - Module: Include initial vDS creation
+   - Module: Include file upload from staging to datastore
+   - Module: Include content library creation and uploading of TKR releases
+     - Offline 'local' support (Airgapped)
+     - Online subscribed support (non Airgapped)
    - Project introduction video
    - Support manual build only (Provider not yet added to Terraform registry)
 - Beta 1
    - Beta builds submitted automatically to Terraform registry on tag and release (main branch)
    - Full sample documentation
-   - Include support for TkgServiceConfiguration customisation
-   - Include support for Custom ingress and egress CIDR ranges, CA certs
-   - Include restriction of Certs used for EC P-256
-   - Multi-node Avi controller support
-   - Avi Enterprise support (including license key upload)
-   - Add more version combinations
-     - n-2 Avi version support
-     - This is a total of 12 combinations
-   - Bootstrap Harbor VM support
-   - Helm Harbor services cluster support and sample
-   - Node/pod communication check tests (VMs, Pods)
-   - More detailed Concourse build success reports
+   - Provider: Custom CA cert support for Supervisor Cluster
+   - Module: Multi-node Avi controller support
+   - Module: Avi Enterprise support (including license key upload)
+   - Module: More detailed build success reports
+- Announcement email internal to VMware Tanzu SE community to try and test out
 - Beta 2
-   - Add more version and environment combinations
+   - Provider: NSX-T networking configuration support
+   - Provider: Enable the built in Harbor on Supervisor Cluster
+   - Module: Add more version and environment combinations
      - Include basic Workload Cluster creation for photon and ubuntu TKR at n-2 (Only 2 supported currently)
      - Latest NSX-T support with own load balancer
      - This is 48 combinations in total
+   - Module: Support for shared and standalone prometheus, grafana
+   - Release Testing: A Tagged branch results in an end to end test, and test results being added to a (Beta) release
    - NSX-T support intro video
-   - Built in Harbor support
-   - Support for shared and standalone prometheus, grafana
-- Initial full release
+- Beta 3
+   - Provider: Create/delete namespace (With network, storage policy, resource limits, t-shirt sizes allowed)
+   - Provider: Add/delete workload network
+   - Provider: Assign/remove vSphere SSO group access to namespace
+   - Provider: Apply license (and check license as per: https://developer.vmware.com/apis/vsphere-automation/latest/vcenter/namespace_management/hosts_config/)
+   - Module: (Kubernetes Provider) Include support for TkgServiceConfiguration injection (and customisation) to Supervisor Cluster
+   - Module: (Kubernetes Provider) Create workload cluster config and submit it
+- Determine releasing version number convention (Recommend v1 until terraform config incompatability)
+- v1.0 useable product at this point for end to end creation by customers
+   - Provider: Add supported vSphere version check to enablement call
+   - Pre-release documentation
+     - Provider: Document supported vSphere versions
+   - Pre-release videos
+   - Work with OSPO and Tanzu teams for announcement
+- v1.1 Day 2 operations focused
+   - Module: Add new TKR release to Content Library
+   - Provider: Add fail-fast checks (compatible networks, hosts, versions (TKR, vSphere, Avi, NSX-T, vDS Switch))
+- v1.2 Security lockdown configuration simplification
+   - Module: Include support for Custom ingress and egress CIDR ranges in TkgServiceConfiguration
+   - Module: CA certs for all components
+   - Module: Tests to verify ca cert changes
+   - Module: Include restriction of Certs used for EC P-256
+- v1.3 Workload cluster common patterns
+   - Module: Bootstrap Harbor VM support (Requires a Harbor OVA)
+   - Module: Helm Harbor services cluster support and sample (Requires a bootstrap harbor)
+   - Module: Node/pod communication check tests (VMs, Pods)
+- v1.4 End to End regression testing against our other products
+   - Regression CD testing, via tag rather than commit
+   - Provider: Overarching tests for develop branch
+   - Provider: Concourse loads environment combinations and runs multiple env pipelines in order using Terraform
+     - Support n-2 photon versions
+     - Automate testing on h20 (7.0u2) and homelab (7.0u3) using remote workers
+     - This is a total of 6 combinations
+   - Module: Add more version combinations
+     - n-2 Avi version support
+     - This is a total of 12 combinations
+- v1.5 Full testing suite for CD (No changes to Provider)
    - Add new environment and versions
      - NSX-T n-2 version support
      - NSX-T support with Avi load balancer
      - Latest ESXi/vSphere version tested (currently 7.0u3d)
      - n-2 tests for Avi Load Balancer, Avi Terraform Plugin (Matched to Avi), NSX-T and NSX-T Terraform Plugin (Matched to NSX-T)
      - This is 576 combinations
-   - Full suite of tests (main and develop branches) with all latest minor releases of k8s TKRs
-   - Tanzu Standard on top of vSphere for Tanzu, with restricted psp/opa
+   - Full suite of tests (using tags on the main and develop branches) with all latest minor releases of k8s TKRs
+   - Module: Tanzu Standard on top of vSphere for Tanzu, with restricted psp/opa
    - Istio with ingress, egress, istio-cni, minimum extra permissions (just the CNI pod)
    - Kiali support for istio configuration validation/manual checking
    - Full release documentation
-   - Launch video
-
+   - Video
+   - TODO Discuss with Automation team on additional features for their tool
+- v? Other namespace-management API endpoints not discussed above
+   - Based on customer feedback only
+   - No other endpoints known used today
+   - For a full list: https://developer.vmware.com/apis/vsphere-automation/latest/vcenter/namespace_management/
+   - E.g. changing password rotation settings as per https://developer.vmware.com/apis/vsphere-automation/latest/vcenter/api/vcenter/namespace-management/clusters/clusteractionrotate_password/post/
 
-## Status (PRIOR TO INITIAL PUBLIC RELEASE ONLY, THEN REMOVED FROM HERE)
+## Namespace Management API support status
 
 - data_source_clusters 
   - clustersRead()
@@ -104,33 +140,34 @@ examples/full_esxi_tanzu_cluster sample.
   - clusterCreate()
     - Given a vSphere cluster ID (NOT name) like 'domain-c1005', enables workload management
     - Uses POST /api/vcenter/namespace-management/clusters/{cluster}?action=enable
-    - Implemented, untested, see examples/01_basic_create/clusters/main.tf
-    - Uses hardcoded cluster enable spec data today
-    - Limited to NSX-T today rather than full information due to missing govmomi features: https://github.com/vmware/govmomi/issues/2860
-    - Warning: Due to the above, the workload cluster NTP source(s) will not be set, which will cause your workload clusters to not spin up successfully until you manually add this configuration element via vCenter
+    - Implemented, tested, see examples/01_basic_create/clusters/main.tf and examples/full_esxi_tanzu_cluster/main.tf
+    - Only tested on vSphere networking (not NSX-T) today
   - clusterRead()
     - Given a cluster NAME (NOT id) like 'Cluster01' returns the cluster's Tanzu Supervisor Cluster summary
     - Uses List method as data_clusters clusterRead today
     - Working, see see examples/02_basic_read/clusters/main.tf
     - Limited to cluster summary today rather than full information due to missing govmomi feature: https://github.com/vmware/govmomi/issues/2860
+      - Implies that we cannot implement clusterUpdate() too until this issue is resolved upstream
   - clusterUpdate()
     - Given a vSphere cluster ID (NOT name) like 'domain-c1005', replaces the current cluster enable spec with a new full spec
-    - Not implemented today
+    - Not yet implemented
   - clusterDelete()
     - Given a vSphere cluster ID (NOT name) like 'domain-c1005', disables workload management
     - Doesn't actually delete the vSphere cluster, just the Tanzu Supervisor Cluster
-    - Not implemented
+    - Not yet implemented
 
 ## Try it out
 
 ### Prerequisites
 
 * You must have Terraform installed on your system
 * You must have a Go runtime installed with corresponding build tools
-* You must have a vSphere 7.0 update 2 (7.0.2) system configured with a vCenter and at least two hosts (ideally 3 or more)
+* You must have a vSphere 7.0 update 2 (7.0.2) or above system configured with a vCenter and at least ESXi two hosts (ideally 3 or more)
 
 ## Building the provider
 
+Note that in the current version a patched release of Govmomi is required. You can fetch, build and install this from this URL: https://github.com/adamfowleruk/govmomi/tree/issue-2860 . We will remove this before the first major release once the fixes are applied in Govmomi.
+
 Run the following command to build the provider
 
 ```shell
@@ -145,39 +182,21 @@ First, build and install the provider.
 make install
 ```
 
-Download the simulator from here: 
-
-TODO REWORK THIS SECTION TO NOT USE THE SIMULATOR
-
-Now unpack and run the VMware simulator
-```shell
-cat ~/Downloads/vcsim_PLATFORM_ARCH.tar.gz | sudo tar -C /usr/local/bin -xzvf - vcsim
-vcsim &
-```
-
-This will report `export GOVC_URL=https://user:pass@127.0.0.1:8989/sdk GOVC_SIM_PID=69867` when running
+Edit the sample file to customise it to your vSphere environment. You can find this in examples/02-basic-create/main.tf
 
 Then, run the following command to initialize the workspace and apply the sample configuration.
 
 ```shell
-cd examples/SOME_EXAMPLE
+cd examples/02-basic-create
 terraform init && terraform apply
 ```
 
-### Build & Run
-
-1. Step 1
-2. Step 2
-3. Step 3
-
 ## Documentation
 
 ## Contributing
 
-TODO REPLACE WITH CLA (As it's Apache 2)
-
 The terraform-provider-namespace-management project team welcomes contributions from the community. Before you start working with terraform-provider-namespace-management, please
-read our [Developer Certificate of Origin](https://cla.vmware.com/dco). All contributions to this repository must be
+Read our [Contributor License Agreement](https://cla.vmware.com/cla/1/preview). All contributions to this repository must be
 signed as described on that page. Your signature certifies that you wrote the patch or have the right to pass it on
 as an open-source patch. For more detailed information, refer to [CONTRIBUTING.md](CONTRIBUTING.md).
 
 
@@ -4,7 +4,7 @@ We only test currently supported versions, and upcoming versions.
 We presume upcoming versions are backward compatible with the latest
 previous minor version unless told otherwise.
 
-Note: Currently (June 2022) this project supports its modules and providers for
+Note: Currently (July 2022) this project supports its modules and providers for
 Terraform on a best efforts, open source basis. This is a Tanzu Labs project rather
 than a fully VMware supported product offering at this time. If you'd like this to
 change please provide regular feedback to your VMware Tanzu Sales Engineer.