fix tests and expose the ability to create secrets groups

Author: ocofaigh

ibm_catalog.json

@@ -233,7 +233,6 @@
               "type": "string",
               "default_value": "Default",
               "description": "The name of an existing resource group to provision the resources.",
-              "required": true,
               "custom_config": {
                 "type": "resource_group",
                 "grouping": "deployment",
@@ -365,6 +364,17 @@
               "description": "Whether to skip the creation of the IAM authorization policies required to enable the Secrets Manager IAM credentials engine. If set to false, policies will be created that grants the Secrets Manager instance 'Operator' access to the IAM identity service, and 'Groups Service Member Manage' access to the IAM groups service.",
               "required": false
             },
+            {
+              "key": "secrets_manager_secret_groups",
+              "type": "array",
+              "default_value": "[\n    {\n      secret_group_name        = \"General\"\n      secret_group_description = \"A general purpose secrets group with an associated access group which has a secrets reader role\"\n      create_access_group      = true\n      access_group_name        = \"general-secrets-group-access-group\"\n      access_group_roles       = [\"SecretsReader\"]\n    }\n  ]",
+              "description": "Secret Manager secret group and access group configurations. If a prefix input variable is specified, it is added to the `access_group_name` value in the `<prefix>-value` format. If you do not wish to create any groups, set the value to `[]`. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager/tree/main/solutions/fully-configurable/provisioning_secrets_groups.md).",
+              "custom_config": {
+                "type": "code_editor",
+                "grouping": "deployment",
+                "original_grouping": "deployment"
+              }
+            },
             {
               "key": "app_config_plan",
               "type": "string",

stack_definition.json

@@ -69,6 +69,13 @@
       "hidden": false,
       "custom_config": {}
     },
+    {
+      "name": "secrets_manager_secret_groups",
+      "required": false,
+      "type": "array",
+      "hidden": false,
+      "custom_config": {}
+    },
     {
       "name": "app_config_plan",
       "required": false,
@@ -449,6 +456,10 @@
         {
           "name": "skip_secrets_manager_iam_auth_policy",
           "value": "ref:../../inputs/skip_secrets_manager_iam_auth_policy"
+        },
+        {
+          "name": "secret_groups",
+          "value": "ref:../../inputs/secrets_manager_secret_groups"
         }
       ],
       "name": "3d - Secrets Manager",

tests/pr_test.go

@@ -52,13 +52,13 @@ func TestProjectsFullTest(t *testing.T) {
 	})
 
 	options.StackInputs = map[string]interface{}{
-		"prefix":                       options.Prefix,
-		"region":                       validRegions[rand.Intn(len(validRegions))],
-		"existing_resource_group_name": resourceGroup,
-		"sm_service_plan":              "trial",
-		"ibmcloud_api_key":             options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack
-		"enable_platform_metrics":      false,
-		"en_email_list":                []string{"[email protected]"},
+		"prefix":                         options.Prefix,
+		"region":                         validRegions[rand.Intn(len(validRegions))],
+		"existing_resource_group_name":   resourceGroup,
+		"secrets_manager_service_plan":   "trial",
+		"ibmcloud_api_key":               options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack
+		"enable_platform_metrics":        false,
+		"event_notifications_email_list": []string{"[email protected]"},
 	}
 
 	err := options.RunProjectsTest()
@@ -114,15 +114,16 @@ func TestProjectsExistingResourcesTest(t *testing.T) {
 		})
 
 		options.StackInputs = map[string]interface{}{
-			"prefix":                        terraform.Output(t, existingTerraformOptions, "prefix"),
-			"region":                        terraform.Output(t, existingTerraformOptions, "region"),
-			"existing_resource_group_name":  terraform.Output(t, existingTerraformOptions, "resource_group_name"),
-			"ibmcloud_api_key":              options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack
-			"enable_platform_metrics":       false,
-			"existing_secrets_manager_crn":  terraform.Output(t, existingTerraformOptions, "secrets_manager_instance_crn"),
-			"skip_iam_authorization_policy": true, // skip as s2s auth policy was already created for existing instance
-			"existing_kms_instance_crn":     terraform.Output(t, existingTerraformOptions, "key_project_instance_crn"),
-			"en_email_list":                 []string{"[email protected]"},
+			"prefix":                               terraform.Output(t, existingTerraformOptions, "prefix"),
+			"region":                               terraform.Output(t, existingTerraformOptions, "region"),
+			"existing_resource_group_name":         terraform.Output(t, existingTerraformOptions, "resource_group_name"),
+			"ibmcloud_api_key":                     options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack
+			"enable_platform_metrics":              false,
+			"existing_secrets_manager_crn":         terraform.Output(t, existingTerraformOptions, "secrets_manager_instance_crn"),
+			"skip_secrets_manager_iam_auth_policy": true, // skip as s2s auth policy was already created for existing instance
+			"existing_kms_instance_crn":            terraform.Output(t, existingTerraformOptions, "key_project_instance_crn"),
+			"event_notifications_email_list":       []string{"[email protected]"},
+			"secrets_manager_secret_groups":        []string{}, // Don't create any secret groups in existing instance (The default 'General' group already exists)
 		}
 
 		err := options.RunProjectsTest()