feat: added support to enable the secrets manager IAM engine using new boolean input secret_manager_iam_engine_enabled (default value is false) (#70)

Author: iamar7

.github/workflows/ci.yml

@@ -7,5 +7,5 @@ on:
       - created
 jobs:
   call-terraform-ci-pipeline:
-    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/[email protected].3
+    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/[email protected].4
     secrets: inherit

.github/workflows/release.yml

@@ -8,5 +8,5 @@ on:
 
 jobs:
   call-terraform-release-pipeline:
-    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/[email protected].3
+    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/[email protected].4
     secrets: inherit

ibm_catalog.json

@@ -127,6 +127,10 @@
 								"title": "Creates an IBM Secrets Manager instance ",
 								"description": "Creates and configures an IBM Secrets Manager instance."
 							},
+							{
+								"title": "Optionally configure an IBM Secrets Manager IAM credentials engine to an IBM Secrets Manager instance.",
+								"description": "Optionally configure an IBM Secrets Manager IAM credentials engine to an IBM Secrets Manager instance."
+							  },
 							{
 								"title": "Creates an IBM Security and Compliance Center instance",
 								"description": "Creates and configures an IBM Security Compliance Center instance."
@@ -242,6 +246,13 @@
 								}
 							]
 						},
+						{
+							"key": "secret_manager_iam_engine_enabled",
+							"type": "boolean",
+							"default_value": false,
+							"description": "Set this to true to to configure a Secrets Manager IAM credentials engine. If set to false, no IAM engine will be configured for your instance.",
+							"required": false
+						},
 						{
 							"key": "scc_service_plan",
 							"type": "string",

reference-architectures/core-security-services-architecture.svg

@@ -71,7 +71,14 @@
       "hidden": false,
       "default": "security-compliance-center-standard-plan",
       "custom_config": {}
-    }
+    },
+	{
+		"name": "secret_manager_iam_engine_enabled",
+		"required": false,
+		"type": "boolean",
+		"hidden": false,
+		"default": false
+	}
   ],
   "members": [
     {
@@ -303,7 +310,11 @@
         {
           "name": "service_plan",
           "value": "ref:../../inputs/sm_service_plan"
-        }
+        },
+		{
+			"name": "iam_engine_enabled",
+			"value": "ref:../../inputs/secret_manager_iam_engine_enabled"
+		}
       ],
       "name": "4b - Secrets Manager",
       "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.c93ef740-6249-47d0-b91a-c8e0fbd0ed99-global"

stack_definition.json

@@ -2,7 +2,7 @@ module github.com/terraform-ibm-modules/stack-ibm-core-security-services
 
 go 1.21
 
-toolchain go1.22.4
+toolchain go1.22.5
 
 require (
 	github.com/stretchr/testify v1.9.0

tests/go.mod

@@ -38,12 +38,13 @@ func TestProjectsFullTest(t *testing.T) {
 	})
 
 	options.StackInputs = map[string]interface{}{
-		"prefix":                       options.Prefix,
-		"existing_resource_group_name": resourceGroup,
-		"sm_service_plan":              "trial",
-		"ibmcloud_api_key":             options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack
-		"enable_platform_logs_metrics": false,
-		"en_email_list":                []string{"[email protected]"},
+		"prefix":                            options.Prefix,
+		"existing_resource_group_name":      resourceGroup,
+		"sm_service_plan":                   "trial",
+		"secret_manager_iam_engine_enabled": true,
+		"ibmcloud_api_key":                  options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack
+		"enable_platform_logs_metrics":      false,
+		"en_email_list":                     []string{"[email protected]"},
 	}
 
 	err := options.RunProjectsTest()