equinix · d-bhola · Nov 3, 2025 · Jul 14, 2025 · Jul 14, 2025 · Jul 14, 2025
diff --git a/.github/workflows/terratests-uat-suite.yaml b/.github/workflows/terratests-uat-suite.yaml
@@ -56,6 +56,61 @@ jobs:
       - name: Check if Tests are passed
         run: sh scripts/check_tests.sh output.log
 
+  test-STS-PFCR:
+    name: Setup UAT PFCR Tests - STS
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      actions: write
+      contents: read
+    env:
+      EQUINIX_API_ENDPOINT: "https://uatapi.equinix.com"
+      EQUINIX_STS_ENDPOINT: "https://sts.uat.equinix.com"
+      TEST_DATA_UAT_PORT_2_PORT_CONNECTION_STS: ${{ secrets.TEST_DATA_UAT_PORT_2_PORT_CONNECTION_STS }}
+
+    steps:
+      - id: get_id_token
+        name: Get GitHub OIDC Token for PFCR
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            try {
+              const response = await github.request('PUT /repos/{owner}/{repo}/actions/oidc/customization/sub', {
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                use_default: false,
+                include_claim_keys: ['workflow'],
+                headers: {
+                  'X-GitHub-Api-Version': '2022-11-28'
+                }
+              });
+
+              const idToken = await core.getIDToken('gha-fcr-client');
+              core.setOutput('id_token', idToken);
+            } catch (error) {
+              console.error('Error updating OIDC template:', error.message);
+              core.setFailed(`Failed to update OIDC template: ${error.message}`);
+            }
+          result-encoding: string
+
+      - name: Checkout current repository
+        uses: actions/checkout@v4
+
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: ${{ matrix.terraform }}
+          terraform_wrapper: false
+
+      - name: UAT PFCR tests STS creds
+        timeout-minutes: 100
+        env:
+          TF_VAR_sts_source_token: ${{ steps.get_id_token.outputs.id_token }}
+          TF_VAR_sts_auth_scope: ${{secrets.TEST_DATA_UAT_STS_AUTH_SCOPE}}
+        run: |
+          echo $TEST_DATA_UAT_PORT_2_PORT_CONNECTION_STS >> "./examples/port-2-port-connection-sts-token/terraform.tfvars.json"
+          go test ./tests/uat/uat_sanity_suite_test.go -v -run ^TestPort2PortCreateConnection_STS_PFCR$   
+
   test-PFCR:
     name: Setup UAT PFCR Tests
     runs-on: ubuntu-latest

diff --git a/examples/cloud-router-2-service-profile-connection-sts-token/README.md b/examples/cloud-router-2-service-profile-connection-sts-token/README.md
@@ -0,0 +1,13 @@
+# Fabric Cloud Router to Fabric Service Profile Connection
+
+This example shows how to leverage the [Fabric Cloud Router Connection Module](https://registry.terraform.io/modules/equinix/fabric/equinix/latest/submodules/cloud-router-connection)
+to create a Fabric Connection from a Fabric Cloud Router to Fabric Service Profile.
+
+It leverages the Equinix Terraform Provider for STS token, and the Fabric Cloud Router Connection
+Module to setup the connection based on the parameters you have provided to this example; or based on the pattern
+you see used in this example it will allow you to create a more specific use case for your own needs.
+
+See example usage below for details on how to use this example.
+
+<!-- BEGIN_TF_DOCS -->
+<!-- END_TF_DOCS -->
diff --git a/examples/cloud-router-2-service-profile-connection-sts-token/main.tf b/examples/cloud-router-2-service-profile-connection-sts-token/main.tf
@@ -0,0 +1,24 @@
+provider "equinix" {
+  sts_source_token = var.sts_source_token
+  sts_auth_scope = var.sts_auth_scope
+}
+
+module "cloud_router_sp_connection" {
+  source = "../../modules/cloud-router-connection"
+
+  connection_name       = var.connection_name
+  connection_type       = var.connection_type
+  notifications_type    = var.notifications_type
+  notifications_emails  = var.notifications_emails
+  bandwidth             = var.bandwidth
+  purchase_order_number = var.purchase_order_number
+
+  #Aside
+  aside_fcr_uuid = var.aside_fcr_uuid
+
+  #Zside
+  zside_ap_type         = var.zside_ap_type
+  zside_ap_profile_type = var.zside_ap_profile_type
+  zside_location        = var.zside_location
+  zside_fabric_sp_name  = var.zside_fabric_sp_name
+}
diff --git a/examples/cloud-router-2-service-profile-connection-sts-token/outputs.tf b/examples/cloud-router-2-service-profile-connection-sts-token/outputs.tf
@@ -0,0 +1,8 @@
+output "service_profile_connection" {
+  value = module.cloud_router_sp_connection.primary_connection
+  sensitive = true
+}
+
+output "service_profile_connection_id" {
+  value = module.cloud_router_sp_connection.primary_connection_id
+}
diff --git a/examples/cloud-router-2-service-profile-connection-sts-token/terraform.tfvars.example b/examples/cloud-router-2-service-profile-connection-sts-token/terraform.tfvars.example
@@ -0,0 +1,14 @@
+sts_source_token                = "<STSSourceToken>"
+sts_auth_scope                  = "<STSAuthScope>"
+
+connection_name                 = "fcr_2_sp"
+connection_type                 = "IP_VC"
+notifications_type              = "ALL"
+notifications_emails            = ["[email protected]","[email protected]"]
+purchase_order_number           = "1-323292"
+bandwidth                       = 50
+aside_fcr_uuid                  = "<Primary Fabric Cloud router UUID>"
+zside_ap_type                   = "SP"
+zside_ap_profile_type           = "L2_PROFILE"
+zside_location                  = "SV"
+zside_fabric_sp_name            = "Ajith Ops User QnQ"
diff --git a/examples/cloud-router-2-service-profile-connection-sts-token/variables.tf b/examples/cloud-router-2-service-profile-connection-sts-token/variables.tf
@@ -0,0 +1,62 @@
+
+variable "connection_name" {
+  description = "Connection name. An alpha-numeric 24 characters string which can include only hyphens and underscores"
+  type        = string
+}
+variable "connection_type" {
+  description = "Defines the connection type like VG_VC, EVPL_VC, EPL_VC, EC_VC, IP_VC, ACCESS_EPL_VC"
+  type        = string
+  default     = ""
+}
+variable "notifications_type" {
+  description = "Notification Type - ALL is the only type currently supported"
+  type        = string
+  default     = "ALL"
+}
+variable "notifications_emails" {
+  description = "Array of contact emails"
+  type        = list(string)
+}
+variable "bandwidth" {
+  description = "Connection bandwidth in Mbps"
+  type        = number
+}
+variable "purchase_order_number" {
+  description = "Purchase order number"
+  type        = string
+  default     = ""
+}
+variable "aside_fcr_uuid" {
+  description = "Equinix-assigned Fabric Cloud Router identifier"
+  type        = string
+}
+variable "zside_ap_type" {
+  description = "Access point type - COLO, VD, VG, SP, IGW, SUBNET, GW"
+  type        = string
+  default     = "SP"
+}
+variable "zside_ap_profile_type" {
+  description = "Service profile type - L2_PROFILE, L3_PROFILE, ECIA_PROFILE, ECMC_PROFILE"
+  type        = string
+  default     = "L2_PROFILE"
+}
+variable "zside_location" {
+  description = "Access point metro code"
+  type        = string
+  default     = "SP"
+}
+variable "zside_fabric_sp_name" {
+  description = "Equinix Service Profile Name"
+  type        = string
+  default     = ""
+}
+variable "sts_source_token" {
+  description = "Equinix STS Source Token, the ID token generated using: python -m oidcsim idtoken --sub {username}"
+  type        = string
+  sensitive   = true
+}
+variable "sts_auth_scope" {
+  description = "Equinix STS Source Token Authentication Scope in the format: roleassignments:{rootOrg}"
+  type        = string
+  sensitive   = true
+}
diff --git a/examples/cloud-router-2-service-profile-connection-sts-token/versions.tf b/examples/cloud-router-2-service-profile-connection-sts-token/versions.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_version = ">= 1.5.4"
+  required_providers {
+    equinix = {
+      source  = "equinix/equinix"
+      version = ">= 4.7.0"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}
diff --git a/examples/port-2-port-connection-sts-token/README.md b/examples/port-2-port-connection-sts-token/README.md
@@ -0,0 +1,13 @@
+# Fabric Port to Fabric Port Connection
+
+This example shows how to leverage the [Fabric Port Connection Module](https://registry.terraform.io/modules/equinix/fabric/equinix/latest/submodules/port-connection)
+to create a Fabric Connection from a Fabric Port to Fabric Port.
+
+It leverages the Equinix Terraform Provider for STS token, and the Fabric Port Connection
+Module to setup the connection based on the parameters you have provided to this example; or based on the pattern
+you see used in this example it will allow you to create a more specific use case for your own needs.
+
+See example usage below for details on how to use this example.
+
+<!-- BEGIN_TF_DOCS -->
+<!-- END_TF_DOCS -->
diff --git a/examples/port-2-port-connection-sts-token/main.tf b/examples/port-2-port-connection-sts-token/main.tf
@@ -0,0 +1,25 @@
+provider "equinix" {
+  sts_source_token = var.sts_source_token
+  sts_auth_scope = var.sts_auth_scope
+}
+
+module "create_port_2_port_connection" {
+  source = "../../modules/port-connection"
+
+  connection_name       = var.connection_name
+  connection_type       = var.connection_type
+  notifications_type    = var.notifications_type
+  notifications_emails  = var.notifications_emails
+  bandwidth             = var.bandwidth
+  purchase_order_number = var.purchase_order_number
+
+  # A-side
+  aside_port_name = var.aside_port_name
+  aside_vlan_tag  = var.aside_vlan_tag
+
+  # Z-side
+  zside_ap_type   = var.zside_ap_type
+  zside_port_name = var.zside_port_name
+  zside_vlan_tag  = var.zside_vlan_tag
+  zside_location  = var.zside_location
+}
diff --git a/examples/port-2-port-connection-sts-token/outputs.tf b/examples/port-2-port-connection-sts-token/outputs.tf
@@ -0,0 +1,8 @@
+output "port_connection" {
+  value = module.create_port_2_port_connection.primary_connection
+  sensitive = true
+}
+
+output "port_connection_id" {
+  value = module.create_port_2_port_connection.primary_connection_id
+}
diff --git a/examples/port-2-port-connection-sts-token/terraform.tfvars.example b/examples/port-2-port-connection-sts-token/terraform.tfvars.example
@@ -0,0 +1,15 @@
+sts_source_token      = "<STSSourceToken>"
+sts_auth_scope        = "<STSAuthScope>"
+
+connection_name       = "Port2Port"
+connection_type       = "EVPL_VC"
+notifications_type    = "ALL"
+notifications_emails  = ["[email protected]", "[email protected]"]
+bandwidth             = 50
+purchase_order_number = "1-226892"
+aside_port_name       = "test-port-1"
+aside_vlan_tag        = "1976"
+zside_ap_type         = "COLO"
+zside_port_name       = "test-port-2"
+zside_vlan_tag        = "3711"
+zside_location        = "SV"
diff --git a/examples/port-2-port-connection-sts-token/variables.tf b/examples/port-2-port-connection-sts-token/variables.tf
@@ -0,0 +1,65 @@
+variable "sts_source_token" {
+  description = "Equinix STS Source Token, the ID token generated using: python -m oidcsim idtoken --sub {username}"
+  type        = string
+  sensitive   = true
+}
+variable "sts_auth_scope" {
+  description = "Equinix STS Source Token Authentication Scope in the format: roleassignments:{rootOrg}"
+  type        = string
+  sensitive   = true
+}
+variable "connection_name" {
+  description = "Connection name. An alpha-numeric 24 characters string which can include only hyphens and underscores"
+  type        = string
+}
+variable "connection_type" {
+  description = "Defines the connection type like VG_VC, EVPL_VC, EPL_VC, EC_VC, IP_VC, ACCESS_EPL_VC"
+  type        = string
+}
+variable "notifications_type" {
+  description = "Notification Type - ALL is the only type currently supported"
+  type        = string
+  default     = "ALL"
+}
+variable "notifications_emails" {
+  description = "Array of contact emails"
+  type        = list(string)
+}
+variable "bandwidth" {
+  description = "Connection bandwidth in Mbps"
+  type        = number
+}
+variable "purchase_order_number" {
+  description = "Purchase order number"
+  type        = string
+  default     = ""
+}
+variable "aside_port_name" {
+  description = "Equinix A-Side Port Name"
+  type        = string
+}
+variable "aside_vlan_tag" {
+  description = "Vlan Tag information, outer vlanSTag for QINQ connections"
+  type        = string
+}
+variable "aside_vlan_inner_tag" {
+  description = "Vlan Inner Tag information, inner vlanCTag for QINQ connections"
+  type        = string
+  default     = ""
+}
+variable "zside_ap_type" {
+  description = "Access point type - COLO, VD, VG, SP, IGW, SUBNET, GW"
+  type        = string
+}
+variable "zside_location" {
+  description = "Access point metro code"
+  type        = string
+}
+variable "zside_port_name" {
+  description = "Equinix Port Name"
+  type        = string
+}
+variable "zside_vlan_tag" {
+  description = "Vlan Tag information, outer vlanSTag for QINQ connections"
+  type        = string
+}
diff --git a/examples/port-2-port-connection-sts-token/versions.tf b/examples/port-2-port-connection-sts-token/versions.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    equinix = {
+      source  = "equinix/equinix"
+      version = ">= 4.7.0"
+    }
+  }
+}
diff --git a/examples/service-token-for-aside-port-sts-token/README.md b/examples/service-token-for-aside-port-sts-token/README.md
@@ -0,0 +1,11 @@
+# Fabric Service Token for Aside Port Creation Example
+
+This example shows how to create Fabric Aside Port based Service Token.
+
+It leverages the Equinix Terraform Provider to setup the service token based on the parameters you have provided to this example; or based on the pattern
+you see used in this example it will allow you to create a more specific use case for your own needs.
+
+See example usage below for details on how to use this example.
+
+<!-- BEGIN_TF_DOCS -->
+<!-- END_TF_DOCS -->
diff --git a/examples/service-token-for-aside-port-sts-token/main.tf b/examples/service-token-for-aside-port-sts-token/main.tf
@@ -0,0 +1,37 @@
+provider "equinix" {
+  sts_source_token = var.sts_source_token
+  sts_auth_scope = var.sts_auth_scope
+}
+data "equinix_fabric_ports" "aside_port" {
+  filters {
+    name = var.aside_port_name
+  }
+}
+
+resource "equinix_fabric_service_token" "service-token" {
+  type                 = var.service_token_type
+  name                 = var.service_token_name
+  description          = var.service_token_description
+  expiration_date_time = var.service_token_expiration_date_time
+  notifications {
+    type   = var.notifications_type
+    emails = var.notifications_emails
+  }
+
+  service_token_connection {
+    type                 = var.connection_type
+    bandwidth_limit      = var.bandwidth_limit
+    a_side {
+      access_point_selectors {
+        type = var.aside_ap_type
+        port {
+          uuid = data.equinix_fabric_ports.aside_port.data.0.uuid
+        }
+        link_protocol {
+          type     = var.aside_vlan_tag_type
+          vlan_tag = var.aside_vlan_tag
+        }
+      }
+    }
+  }
+}
diff --git a/examples/service-token-for-aside-port-sts-token/outputs.tf b/examples/service-token-for-aside-port-sts-token/outputs.tf
@@ -0,0 +1,6 @@
+output "service_token_id" {
+  value = equinix_fabric_service_token.service-token.id
+}
+output "service-token" {
+  value = equinix_fabric_service_token.service-token
+}