feat: existing scc instance for DA

ibm_catalog.json

@@ -243,6 +243,13 @@
 							"description": "The CRN of an existing IBM Cloud Secrets Manager instance to use in this solution. If not set, a new Secrets Manager instance is provisioned.",
 							"required": false
 						},
+						{
+							"key": "existing_scc_instance_crn",
+							"type": "string",
+							"default_value": "__NULL__",
+							"description": "The CRN of an existing Security and Compliance Center instance. If not supplied, a new instance will be created.",
+							"required": false
+						},
 						{
 							"key": "sm_service_plan",
 							"type": "string",

stack_definition.json

@@ -48,6 +48,14 @@
       "default": "__NULL__",
       "custom_config": {}
     },
+    {
+      "name": "existing_scc_instance_crn",
+      "required": false,
+      "type": "string",
+      "hidden": false,
+      "default": "__NULL__",
+      "custom_config": {}
+    },
     {
       "name": "en_email_list",
       "required": false,
@@ -258,6 +266,14 @@
           "name": "scc_region",
           "value": "ref:../../inputs/region"
         },
+        {
+          "name": "existing_scc_instance_crn",
+          "value": "ref:../../inputs/existing_scc_instance_crn"
+        },
+        {
+          "name": "provision_scc_workload_protection",
+          "value": true
+        },
         {
           "name": "prefix",
           "value": "ref:../../inputs/prefix"

tests/pr_test.go

@@ -118,11 +118,14 @@ func TestProjectsExistingResourcesTest(t *testing.T) {
 			"region":                        terraform.Output(t, existingTerraformOptions, "region"),
 			"existing_resource_group_name":  terraform.Output(t, existingTerraformOptions, "resource_group_name"),
 			"ibmcloud_api_key":              options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack
-			"enable_platform_metrics":       false,
+			"enable_platform_logs_metrics":  false,
 			"existing_secrets_manager_crn":  terraform.Output(t, existingTerraformOptions, "secrets_manager_instance_crn"),
 			"skip_iam_authorization_policy": true, // skip as s2s auth policy was already created for existing instance
 			"existing_kms_instance_crn":     permanentResources["hpcs_south_crn"],
-			"en_email_list":                 []string{"[email protected]"},
+			"existing_scc_instance_crn":     terraform.Output(t, existingTerraformOptions, "existing_scc_instance_crn"),
+			"existing_cos_instance_crn":     terraform.Output(t, existingTerraformOptions, "existing_cos_instance_crn"),
+			// "existing_scc_cos_bucket_name":      terraform.Output(t, existingTerraformOptions, "existing_scc_cos_bucket_name"),
+			"en_email_list": []string{"[email protected]"},
 		}
 
 		err := options.RunProjectsTest()

tests/resources/main.tf

@@ -38,3 +38,35 @@ module "secrets_manager" {
   sm_service_plan      = "trial"
   sm_tags              = var.resource_tags
 }
+
+#############################################################################
+# Provision cloud object storage and bucket
+#############################################################################
+
+module "cos" {
+  source                 = "terraform-ibm-modules/cos/ibm"
+  version                = "8.11.3"
+  resource_group_id      = module.resource_group.resource_group_id
+  cos_instance_name      = "${var.prefix}-cos"
+  kms_encryption_enabled = false
+  retention_enabled      = false
+  bucket_name            = "${var.prefix}-cb"
+}
+
+##############################################################################
+# SCC
+##############################################################################
+
+module "scc_instance" {
+  source                            = "terraform-ibm-modules/scc/ibm"
+  version                           = "1.7.2"
+  instance_name                     = "${var.prefix}-scc-instance"
+  region                            = var.region
+  resource_group_id                 = module.resource_group.resource_group_id
+  resource_tags                     = var.resource_tags
+  access_tags                       = []
+  cos_bucket                        = module.cos.bucket_name
+  cos_instance_crn                  = module.cos.cos_instance_id
+  attach_wp_to_scc_instance         = false
+  skip_cos_iam_authorization_policy = false
+}

tests/resources/outputs.tf

@@ -27,3 +27,18 @@ output "secrets_manager_instance_crn" {
   value       = module.secrets_manager.secrets_manager_crn
   description = "CRN of created secret manager instance"
 }
+
+output "existing_scc_instance_crn" {
+  value       = module.scc_instance.crn
+  description = "CRN of created scc instance"
+}
+
+output "existing_cos_instance_crn" {
+  value       = module.cos.cos_instance_crn
+  description = "CRN of cos instance"
+}
+
+output "existing_scc_cos_bucket_name" {
+  value       = module.cos.bucket_name
+  description = "Bucket name of created bucket in cos instance"
+}