Skip to content
This repository was archived by the owner on Mar 19, 2025. It is now read-only.

refactor: best input practices for da #250

Merged
merged 25 commits into from
Mar 4, 2025
Merged

refactor: best input practices for da #250

Show file tree
Hide file tree
Changes from 13 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
864f7f6
refactor: best input practices for da
Feb 20, 2025
c283bb3
Merge branch 'main' into da_best_practices
Vipin654 Feb 24, 2025
dba943b
ordered input variables in catalog
Feb 24, 2025
a296cdb
resolved merge conflicts
Feb 24, 2025
bfaa8d3
added custom config for tags
Feb 24, 2025
ff4cc1a
catalog json change
Feb 24, 2025
d4e9570
catalog json change
Feb 24, 2025
ead70ed
catalog json change
Feb 24, 2025
5cb9c72
Update pr_test.go
Vipin654 Feb 26, 2025
1e4f294
addressed review comments
Feb 26, 2025
6d857ba
Merge branch 'da_best_practices' of github.com:terraform-ibm-modules/…
Feb 26, 2025
b57d024
cos_bucket_region not required
Feb 26, 2025
9bf01ef
renamed variable cos_bucket_region
Feb 26, 2025
35995dd
addressed review comments
Feb 26, 2025
93cc056
consistent variable description
Feb 26, 2025
e3cb166
pre-commit fix
Feb 26, 2025
b616d9f
Update ibm_catalog.json
Vipin654 Feb 26, 2025
ed49974
addressed review comments
Feb 26, 2025
8045d47
added all regions for bucket support
Feb 28, 2025
711683d
addressed review comments
Mar 3, 2025
67b9b5c
addressed review comments
Mar 3, 2025
7ea78d0
Merge branch 'main' into da_best_practices
Vipin654 Mar 3, 2025
212d39c
fixed test cases
Mar 4, 2025
46d059d
Merge branch 'da_best_practices' of github.com:terraform-ibm-modules/…
Mar 4, 2025
8380271
fixed test case
Mar 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
227 changes: 139 additions & 88 deletions ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,45 @@
{
"key": "ibmcloud_api_key"
},
{
"key": "prefix",
"required": true,
"description": "The prefix to add to all resources that this solution creates. To not use any prefix value, you can enter the string `__NULL__`."
},
{
"key": "use_existing_resource_group",
"required": true
},
{
"key": "resource_group_name",
"required": true
},
{
"key": "scc_region",
"required": true,
"options": [
{
"displayname": "Dallas (us-south)",
"value": "us-south"
},
{
"displayname": "Frankfurt (eu-de)",
"value": "eu-de"
},
{
"displayname": "Madrid (eu-es)",
"value": "eu-es"
},
{
"displayname": "Toronto (ca-tor)",
"value": "ca-tor"
}
]
},
{
"key": "existing_kms_instance_crn",
"required": true
},
{
"key": "provider_visibility",
"options": [
Expand All @@ -78,78 +117,87 @@
]
},
{
"key": "use_existing_resource_group"
},
{
"key": "resource_group_name"
},
{
"key": "prefix",
"required": true,
"description": "The prefix to add to all resources that this solution creates. To not use any prefix value, you can enter the string `__NULL__`."
},
{
"key": "existing_monitoring_crn"
},
{
"key": "existing_kms_instance_crn",
"required": true
"key": "existing_scc_instance_crn"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would priortise putting inputs that are related to new instance creation first (since that is the default). So suggest to place this further down

},
{
"key": "existing_scc_instance_crn"
"key": "scc_instance_name"
},
{
"key": "existing_scc_cos_kms_key_crn"
"key": "scc_instance_tags",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"config_constraints": {
"type": "string"
}
}
},
{
"key": "kms_endpoint_type",
"key": "scc_service_plan",
"options": [
{
"displayname": "Public",
"value": "public"
"displayname": "Standard",
"value": "security-compliance-center-standard-plan"
},
{
"displayname": "Private",
"value": "private"
"displayname": "Trial",
"value": "security-compliance-center-trial-plan"
}
]
},
{
"key": "scc_cos_key_ring_name"
"key": "existing_cos_instance_crn"
},
{
"key": "scc_cos_key_name"
"key": "cos_instance_name"
},
{
"key": "cos_instance_tags",
"custom_config": {
"config_constraints": {
"generationType": "2"
},
"grouping": "deployment",
"original_grouping": "deployment",
"type": "region"
},
"key": "cos_region",
"required": true,
"type": "string"
},
{
"key": "cos_instance_name"
"config_constraints": {
"type": "string"
}
}
},
{
"key": "cos_instance_tags"
"key": "cos_instance_access_tags",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"config_constraints": {
"type": "string"
}
}
},
{
"key": "cos_instance_access_tags"
"key": "scc_cos_bucket_name"
},
{
"key": "scc_cos_bucket_name"
"key": "scc_cos_bucket_region",
"type": "string",
"custom_config": {
"config_constraints": {
"generationType": "2"
},
"grouping": "deployment",
"original_grouping": "deployment",
"type": "region"
}
},
{
"key": "add_bucket_name_suffix"
},
{
"key": "scc_cos_bucket_access_tags"
"key": "scc_cos_bucket_access_tags",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"config_constraints": {
"type": "string"
}
}
},
{
"key": "scc_cos_bucket_class",
Expand All @@ -176,15 +224,9 @@
}
]
},
{
"key": "existing_cos_instance_crn"
},
{
"key": "existing_scc_cos_bucket_name"
},
{
"key": "skip_cos_kms_auth_policy"
},
{
"key": "management_endpoint_type_for_bucket",
"options": [
Expand All @@ -203,59 +245,38 @@
]
},
{
"key": "scc_instance_name"
"key": "existing_monitoring_crn"
},
{
"key": "scc_region",
"options": [
{
"displayname": "Dallas (us-south)",
"value": "us-south"
},
{
"displayname": "Frankfurt (eu-de)",
"value": "eu-de"
},
{
"displayname": "Madrid (eu-es)",
"value": "eu-es"
},
{
"displayname": "Toronto (ca-tor)",
"value": "ca-tor"
}
]
"key": "skip_scc_cos_auth_policy"
},
{
"key": "skip_scc_cos_auth_policy"
"key": "existing_scc_cos_kms_key_crn"
},
{
"key": "scc_service_plan",
"key": "ibmcloud_kms_api_key"
},
{
"key": "kms_endpoint_type",
"options": [
{
"displayname": "Standard",
"value": "security-compliance-center-standard-plan"
"displayname": "Public",
"value": "public"
},
{
"displayname": "Trial",
"value": "security-compliance-center-trial-plan"
"displayname": "Private",
"value": "private"
}
]
},
{
"key": "existing_en_crn"
},
{
"key": "en_source_name"
},
{
"key": "en_source_description"
"key": "skip_cos_kms_auth_policy"
},
{
"key": "scc_instance_tags"
"key": "scc_cos_key_ring_name"
},
{
"key": "skip_scc_workload_protection_auth_policy"
"key": "scc_cos_key_name"
},
{
"key": "profile_attachments"
Expand Down Expand Up @@ -304,25 +325,55 @@
]
},
{
"key": "scc_workload_protection_instance_tags"
"key": "scc_workload_protection_instance_tags",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"config_constraints": {
"type": "string"
}
}
},
{
"key": "scc_workload_protection_resource_key_tags",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"config_constraints": {
"type": "string"
}
}
},
{
"key": "scc_workload_protection_resource_key_tags"
"key": "scc_workload_protection_access_tags",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"config_constraints": {
"type": "string"
}
}
},
{
"key": "scc_workload_protection_access_tags"
"key": "skip_scc_workload_protection_auth_policy"
},
{
"key": "ibmcloud_kms_api_key"
"key": "existing_event_notifications_crn"
},
{
"key": "event_notifications_source_name"
},
{
"key": "event_notifications_source_description"
},
{
"key": "scc_en_email_list"
"key": "scc_event_notifications_email_list"
},
{
"key": "scc_en_from_email"
"key": "scc_event_notifications_from_email"
},
{
"key": "scc_en_reply_to_email"
"key": "scc_event_notifications_reply_to_email"
},
{
"key": "cbr_rules"
Expand Down
14 changes: 7 additions & 7 deletions solutions/instances/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,11 +61,10 @@ This solution supports provisioning and configuring the following infrastructure
| <a name="input_cos_instance_access_tags"></a> [cos\_instance\_access\_tags](#input\_cos\_instance\_access\_tags) | A list of access tags to apply to the Object Storage instance. Applies only if not specifying an existing instance. | `list(string)` | `[]` | no |
| <a name="input_cos_instance_name"></a> [cos\_instance\_name](#input\_cos\_instance\_name) | The name for the Object Storage instance. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"base-security-services-cos"` | no |
| <a name="input_cos_instance_tags"></a> [cos\_instance\_tags](#input\_cos\_instance\_tags) | The list of tags to add to the Object Storage instance. Applies only if not specifying an existing instance. | `list(string)` | `[]` | no |
| <a name="input_cos_region"></a> [cos\_region](#input\_cos\_region) | The region for the Object Storage instance. | `string` | `"us-south"` | no |
| <a name="input_en_source_description"></a> [en\_source\_description](#input\_en\_source\_description) | Optional description to give for the Event Notifications integration source. Only used if a value is passed for `en_instance_crn`. | `string` | `null` | no |
| <a name="input_en_source_name"></a> [en\_source\_name](#input\_en\_source\_name) | The source name to use for the Event Notifications integration. Required if a value is passed for `en_instance_crn`. This name must be unique per SCC instance that is integrated with the Event Notifications instance. | `string` | `"compliance"` | no |
| <a name="input_event_notifications_source_description"></a> [event\_notifications\_source\_description](#input\_event\_notifications\_source\_description) | Optional description to give for the Event Notifications integration source. Only used if a value is passed for `event_notifications_instance_crn`. | `string` | `null` | no |
| <a name="input_event_notifications_source_name"></a> [event\_notifications\_source\_name](#input\_event\_notifications\_source\_name) | The source name to use for the Event Notifications integration. Required if a value is passed for `event_notifications_instance_crn`. This name must be unique per SCC instance that is integrated with the Event Notifications instance. | `string` | `"compliance"` | no |
| <a name="input_existing_cos_instance_crn"></a> [existing\_cos\_instance\_crn](#input\_existing\_cos\_instance\_crn) | The CRN of an existing Object Storage instance. If not specified, an instance is created. | `string` | `null` | no |
| <a name="input_existing_en_crn"></a> [existing\_en\_crn](#input\_existing\_en\_crn) | The CRN of an Event Notification instance. Used to integrate with Security and Compliance Center. | `string` | `null` | no |
| <a name="input_existing_event_notifications_crn"></a> [existing\_event\_notifications\_crn](#input\_existing\_event\_notifications\_crn) | The CRN of an Event Notification instance. Used to integrate with Security and Compliance Center. | `string` | `null` | no |
| <a name="input_existing_kms_instance_crn"></a> [existing\_kms\_instance\_crn](#input\_existing\_kms\_instance\_crn) | The CRN of the existing KMS instance (Hyper Protect Crypto Services or Key Protect). If the KMS instance is in different account you must also provide a value for `ibmcloud_kms_api_key`. | `string` | `null` | no |
| <a name="input_existing_monitoring_crn"></a> [existing\_monitoring\_crn](#input\_existing\_monitoring\_crn) | The CRN of an IBM Cloud Monitoring instance to to send Security and Compliance Object Storage bucket metrics to, as well as Workload Protection data. If no value passed, metrics are sent to the instance associated to the container's location unless otherwise specified in the Metrics Router service configuration. Ignored if using existing Object Storage bucket and not provisioning Workload Protection. | `string` | `null` | no |
| <a name="input_existing_scc_cos_bucket_name"></a> [existing\_scc\_cos\_bucket\_name](#input\_existing\_scc\_cos\_bucket\_name) | The name of an existing bucket inside the existing Object Storage instance to use for Security and Compliance Center. If not specified, a bucket is created. | `string` | `null` | no |
Expand All @@ -84,11 +83,12 @@ This solution supports provisioning and configuring the following infrastructure
| <a name="input_scc_cos_bucket_access_tags"></a> [scc\_cos\_bucket\_access\_tags](#input\_scc\_cos\_bucket\_access\_tags) | The list of access tags to add to the Security and Compliance Center Object Storage bucket. | `list(string)` | `[]` | no |
| <a name="input_scc_cos_bucket_class"></a> [scc\_cos\_bucket\_class](#input\_scc\_cos\_bucket\_class) | The storage class of the newly provisioned Security and Compliance Center Object Storage bucket. Possible values: `standard`, `vault`, `cold`, `smart`, `onerate_active`. [Learn more](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-classes). | `string` | `"smart"` | no |
| <a name="input_scc_cos_bucket_name"></a> [scc\_cos\_bucket\_name](#input\_scc\_cos\_bucket\_name) | The name for the Security and Compliance Center Object Storage bucket. Bucket names must globally unique. If `add_bucket_name_suffix` is true, a 4-character string is added to this name to ensure it's globally unique. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"base-security-services-bucket"` | no |
| <a name="input_scc_cos_bucket_region"></a> [scc\_cos\_bucket\_region](#input\_scc\_cos\_bucket\_region) | The region to create the cos bucket.If not provided, scc\_region will be used | `string` | `null` | no |
| <a name="input_scc_cos_key_name"></a> [scc\_cos\_key\_name](#input\_scc\_cos\_key\_name) | The name for the key created for the Security and Compliance Center Object Storage bucket. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"scc-cos-key"` | no |
| <a name="input_scc_cos_key_ring_name"></a> [scc\_cos\_key\_ring\_name](#input\_scc\_cos\_key\_ring\_name) | The name for the key ring created for the Security and Compliance Center Object Storage bucket key. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"scc-cos-key-ring"` | no |
| <a name="input_scc_en_email_list"></a> [scc\_en\_email\_list](#input\_scc\_en\_email\_list) | The list of email addresses to notify when Security and Compliance Center triggers an event. | `list(string)` | `[]` | no |
| <a name="input_scc_en_from_email"></a> [scc\_en\_from\_email](#input\_scc\_en\_from\_email) | The `from` email address used in any Security and Compliance Center events from Event Notifications. | `string` | `"compliancealert@ibm.com"` | no |
| <a name="input_scc_en_reply_to_email"></a> [scc\_en\_reply\_to\_email](#input\_scc\_en\_reply\_to\_email) | The `reply_to` email address used in any Security and Compliance Center events from Event Notifications. | `string` | `"no-reply@ibm.com"` | no |
| <a name="input_scc_event_notifications_email_list"></a> [scc\_event\_notifications\_email\_list](#input\_scc\_event\_notifications\_email\_list) | The list of email addresses to notify when Security and Compliance Center triggers an event. | `list(string)` | `[]` | no |
| <a name="input_scc_event_notifications_from_email"></a> [scc\_event\_notifications\_from\_email](#input\_scc\_event\_notifications\_from\_email) | The `from` email address used in any Security and Compliance Center events coming via Event Notifications. | `string` | `"compliancealert@ibm.com"` | no |
| <a name="input_scc_event_notifications_reply_to_email"></a> [scc\_event\_notifications\_reply\_to\_email](#input\_scc\_event\_notifications\_reply\_to\_email) | The `reply_to` email address used in any Security and Compliance Center events coming via Event Notifications. | `string` | `"no-reply@ibm.com"` | no |
| <a name="input_scc_instance_name"></a> [scc\_instance\_name](#input\_scc\_instance\_name) | The name for the Security and Compliance Center instance provisioned by this solution. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"base-security-services-scc"` | no |
| <a name="input_scc_instance_tags"></a> [scc\_instance\_tags](#input\_scc\_instance\_tags) | The list of tags to add to the Security and Compliance Center instance. | `list(string)` | `[]` | no |
| <a name="input_scc_region"></a> [scc\_region](#input\_scc\_region) | The region to provision Security and Compliance Center resources in. | `string` | `"us-south"` | no |
Expand Down
Loading