feat: Added Secrets Manager DA to IBM catalog (#54)

Author: tyao117

.catalog-onboard-pipeline.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+offerings:
+  - name: deploy-arch-ibm-secrets-manager
+    kind: solution
+    catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd
+    offering_id: 6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944
+    variations:
+      - name: standard
+        mark_ready: true
+        install_type: fullstack

.releaserc

@@ -10,6 +10,9 @@
     }],
     ["@semantic-release/exec", {
       "successCmd": "echo \"SEMVER_VERSION=${nextRelease.version}\" >> $GITHUB_ENV"
+    }],
+    ["@semantic-release/exec",{
+      "publishCmd": "./ci/trigger-catalog-onboarding-pipeline.sh --version=v${nextRelease.version}"
     }]
   ]
 }

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-12-11T14:47:09Z",
+  "generated_at": "2024-03-11T11:41:39Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -82,7 +82,7 @@
         "hashed_secret": "33da8d0e8af2efc260f01d8e5edfcc5c5aba44ad",
         "is_secret": true,
         "is_verified": false,
-        "line_number": 32,
+        "line_number": 34,
         "type": "Secret Keyword",
         "verified_result": null
       }

README.md

@@ -22,6 +22,8 @@ This module is used to provision and configure an IBM Cloud [Secrets Manager](ht
 * [Contributing](#contributing)
 <!-- END OVERVIEW HOOK -->
 
+## Reference architectures
+- [Secrets Manager - Standard variation](https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager/tree/main/solutions/standard)
 
 ## terraform-ibm-secrets-manager
 
@@ -106,7 +108,10 @@ You need the following permissions to run this module.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_secrets_manager_guid"></a> [secrets\_manager\_guid](#output\_secrets\_manager\_guid) | GUID of Secrets-Manager instance |
+| <a name="output_secrets_manager_crn"></a> [secrets\_manager\_crn](#output\_secrets\_manager\_crn) | CRN of the Secrets Manager instance |
+| <a name="output_secrets_manager_guid"></a> [secrets\_manager\_guid](#output\_secrets\_manager\_guid) | GUID of Secrets Manager instance |
+| <a name="output_secrets_manager_id"></a> [secrets\_manager\_id](#output\_secrets\_manager\_id) | ID of the Secrets Manager instance |
+| <a name="output_secrets_manager_name"></a> [secrets\_manager\_name](#output\_secrets\_manager\_name) | Name of the Secrets Manager instance |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 <!-- Leave this section as is so that your module has a link to local development environment set up steps for contributors to follow -->

ibm_catalog.json

@@ -0,0 +1,87 @@
+{
+  "products": [
+    {
+      "name": "deploy-arch-ibm-secrets-manager",
+      "label": "Secrets Manager",
+      "product_kind": "solution",
+      "tags": [
+        "ibm_created",
+        "target_terraform",
+        "terraform",
+        "solution",
+        "security"
+      ],
+      "keywords": [
+        "Secrets",
+        "Secrets Manager",
+        "IaC",
+        "infrastructure as code",
+        "terraform",
+        "solution"
+      ],
+      "short_description": "Creates and configures a Secrets Manager instance.",
+      "long_description": "This solution is used to provision and configure an IBM Cloud Secrets Manager instance.",
+      "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager/blob/main/solutions/standard/README.md",
+      "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-secrets-manager/main/images/secrets_manager.svg",
+      "provider_name": "IBM",
+      "features": [
+        {
+          "title": "Creates a Secrets Manager instance.",
+          "description": "Creates an IBM Secrets Manager instance."
+        },
+        {
+          "title": "Sets up authorization policy.",
+          "description": "Sets up IBM IAM authorization policy between IBM Secrets Manager instance and IBM Key Management Service (KMS) instance. It also supports Event Notification authorization policy."
+        },
+        {
+          "title": "Configures lifecycle notifications for the Secrets Manager instance.",
+          "description": "Configures lifecycle notifications for the IBM Secrets Manager instance by connecting an IBM Event Notifications service. The DA supports optionally creating a KMS key ring and key, or using an already existing one to encrypt data."
+        }
+      ],
+      "flavors": [
+        {
+          "label": "Standard",
+          "name": "standard",
+          "install_type": "fullstack",
+          "working_directory": "solutions/standard",
+          "compliance": {
+            "authority": "scc-v3",
+            "profiles": [
+              {
+                "profile_name": "IBM Cloud Framework for Financial Services",
+                "profile_version": "1.5.0"
+              }
+            ]
+          },
+          "architecture": {
+            "descriptions": "This architecture supports creating and configuring a Secrets Manager instance.",
+            "features": [
+              {
+                "title": "Creates a Secrets Manager instance.",
+                "description": "Creates and configures an IBM Secrets Manager instance."
+              },
+              {
+                "title": "Sets up authorization policy.",
+                "description": "Sets up IBM IAM authorization policy between IBM Secrets Manager instance and IBM Key Management Service (KMS) instance. It also supports Event Notification authorization policy."
+              },
+              {
+                "title": "Configures lifecycle notifications for the Secrets Manager instance.",
+                "description": "Configures lifecycle notifications for the IBM Secrets Manager instance by connecting an IBM Event Notifications service. The DA supports optionally creating a KMS key ring and key, or using an already existing one to encrypt data."
+              }
+            ],
+            "diagrams": [
+              {
+                "diagram": {
+                  "caption": "Secrets Manager",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-secrets-manager/main/reference-architecture/secrets_manager.svg",
+                  "type": "image/svg+xml"
+                },
+                "description": "This architecture supports creating and configuring IBM Secrets Manager instance."
+              }
+            ]
+          }
+        }
+      ]
+    }
+  ]
+}

images/secrets_manager.svg

@@ -4,7 +4,22 @@
 
 output "secrets_manager_guid" {
   value       = local.secrets_manager_guid
-  description = "GUID of Secrets-Manager instance"
+  description = "GUID of Secrets Manager instance"
+}
+
+output "secrets_manager_id" {
+  value       = ibm_resource_instance.secrets_manager_instance.id
+  description = "ID of the Secrets Manager instance"
+}
+
+output "secrets_manager_name" {
+  value       = ibm_resource_instance.secrets_manager_instance.name
+  description = "Name of the Secrets Manager instance"
+}
+
+output "secrets_manager_crn" {
+  value       = ibm_resource_instance.secrets_manager_instance.crn
+  description = "CRN of the Secrets Manager instance"
 }
 
 ##############################################################################

outputs.tf

@@ -1,4 +1,18 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["github>terraform-ibm-modules/common-dev-assets:commonRenovateConfig"]
+  "extends": ["github>terraform-ibm-modules/common-dev-assets:commonRenovateConfig"],
+  "packageRules": [
+    {
+      "description": "Allow the locked in provider version to be updated to the latest for deployable architectures",
+      "enabled": true,
+      "matchFileNames": ["solutions/**"],
+      "matchManagers": ["terraform"],
+      "matchDepTypes": ["required_provider"],
+      "rangeStrategy": "bump",
+      "semanticCommitType": "fix",
+      "group": true,
+      "groupName": "required_provider",
+      "commitMessageExtra": "to latest for the deployable architecture solution"
+    }
+  ]
 }

reference-architecture/secrets_manager.svg

@@ -0,0 +1,8 @@
+# Secrets Manager solution
+
+This solution supports the following:
+- Creating a new resource group, or taking in an existing one.
+- Provisioning and configuring of a Secrets Manager instance.
+- Configuring KMS encryption using a newly created key, or passing an existing key.
+
+**NB:** This solution is not intended to be called by one or more other modules since it contains a provider configurations, meaning it is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers)