consume fully configurable #227
Conversation
rajatagarwal-ibm
requested review from
daniel-butler-irl and
ocofaigh
as code owners
…stack-ibm-core-security-services into full-configurable
There was a problem hiding this comment.
I think we should wait until App config has KMS and Event Notification support (Mukul is working on adding this now). After that, the dependency tree would look like this:
1a - Key management
1b - Object storage
1c - Cloud Monitoring
2 - Event Notifications
3a - Cloud Logs for logging
3b - Cloud Logs for activity tracking
3c - App Config
3d - Secrets Manager
4a - Security and Compliance Center Workload Protection
4b - Activity Tracker Event Routing
Renaming stack members is currently a breaking change, however since this whole update is a breaking change anyway, we can use this opportunity to rename. We don't have the ability to order stack members either, so using numbers is the only way currently (I'l follow up with projects to see if we can get this ability any time soon).
I'm also wondering whether it makes sense to actually rename the variation programmatic name to prevent users from being able to upgrade, but that will all depend on what upgrade experience is - lets jump on a call to go through that before we decide.
|
Update the diagram |
There was a problem hiding this comment.
Rajat can you please do a full review of all the inputs you are using for the DAs. Some of the inputs are not even valid inputs for the new variations.
Also some of the inputs can be removed, or updated. Things like secrets_manager_instance_name where we hard coded to "base-security-services-sm" to prevent a breaking change. We can reset all these now as this is a major version release with no upgrade path anyway
| copyright: | ||
| years: 2024 | ||
| lastupdated: "2024-12-05" | ||
| years: 2025 |
There was a problem hiding this comment.
I think you are supposed to keep 2024
| years: 2025 | |
| years: 2024, 2025 |
stack_definition.json
Outdated
| "value": "ref:../../inputs/existing_resource_group_name" | ||
| }, | ||
| { | ||
| "name": "use_existing_resource_group", |
There was a problem hiding this comment.
This is not a valid input for the fully configurable variation?? Neither is resource_group_name - are you using the correct variation? The input is called existing_resource_group_name
There was a problem hiding this comment.
hmm, you have this same issue in KMS, COS and Secrets Manager
|
Lets review the output names too. For example |
|
Thanks @ocofaigh for the review, I will go thru all the inputs and outpus for all the variations and mapping too. |
|
@ocofaigh Reviewed all the mappings, input and output for all the members and updated the PR |
There was a problem hiding this comment.
The new lines you added in the diagram are not straight?
You also have the AT buckets wrong...
- AT has a route that sends directly to a COS bucket
- AT also has a route that sends to Cloud Logs. And that Cloud Logs instance will have 2 buckets associated with it. And its a different instance to the Cloud Logs instance for logging, so please add a second Cloud Logs icon to the diagram and fix the buckets up
…e-security-services into full-configurable
…stack-ibm-core-security-services into full-configurable
|
@ocofaigh, I have updated the diagram and fixed crooked lines and added a bucket for AT. However, I don't fully understand the second cloud logs bucket requirement. Perhaps we can have a quick discussion on Monday AM. |
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
|
It says |
|
/run pipeline |
|
🎉 This PR is included in version 4.0.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
|
🎉 This PR is included in version 4.0.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
1 similar comment
|
🎉 This PR is included in version 4.0.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
Description
fixes https://github.ibm.com/GoldenEye/issues/issues/15042
Release required?
x.x.X)x.X.x)X.x.x)Release notes content
Run the pipeline
If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.
Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:
Checklist for reviewers
For mergers