diff --git a/ibm_catalog.json b/ibm_catalog.json index 63038a4..a1f6855 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -233,7 +233,6 @@ "type": "string", "default_value": "Default", "description": "The name of an existing resource group to provision the resources.", - "required": true, "custom_config": { "type": "resource_group", "grouping": "deployment", @@ -365,6 +364,17 @@ "description": "Whether to skip the creation of the IAM authorization policies required to enable the Secrets Manager IAM credentials engine. If set to false, policies will be created that grants the Secrets Manager instance 'Operator' access to the IAM identity service, and 'Groups Service Member Manage' access to the IAM groups service.", "required": false }, + { + "key": "secrets_manager_secret_groups", + "type": "array", + "default_value": "[\n {\n secret_group_name = \"General\"\n secret_group_description = \"A general purpose secrets group with an associated access group which has a secrets reader role\"\n create_access_group = true\n access_group_name = \"general-secrets-group-access-group\"\n access_group_roles = [\"SecretsReader\"]\n }\n ]", + "description": "Secret Manager secret group and access group configurations. If a prefix input variable is specified, it is added to the `access_group_name` value in the `-value` format. If you do not wish to create any groups, set the value to `[]`. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager/tree/main/solutions/fully-configurable/provisioning_secrets_groups.md).", + "custom_config": { + "type": "code_editor", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, { "key": "app_config_plan", "type": "string", diff --git a/stack_definition.json b/stack_definition.json index 747b71a..603cf0b 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -69,6 +69,13 @@ "hidden": false, "custom_config": {} }, + { + "name": "secrets_manager_secret_groups", + "required": false, + "type": "array", + "hidden": false, + "custom_config": {} + }, { "name": "app_config_plan", "required": false, @@ -410,7 +417,7 @@ } ], "name": "3c - App Configuration", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.b61bd179-3aa9-4763-9f0b-02815398b76e-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.430291dd-8a78-46c2-8d02-e951da977582-global" }, { "inputs": [ @@ -449,10 +456,14 @@ { "name": "skip_secrets_manager_iam_auth_policy", "value": "ref:../../inputs/skip_secrets_manager_iam_auth_policy" + }, + { + "name": "secret_groups", + "value": "ref:../../inputs/secrets_manager_secret_groups" } ], "name": "3d - Secrets Manager", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.ceff0818-e9de-45e6-b785-4c8ad786e6bb-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.3d0da0a9-0327-44fc-8796-edf8e0017e25-global" }, { "inputs": [ diff --git a/tests/pr_test.go b/tests/pr_test.go index f76e813..c9a8c39 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -52,13 +52,13 @@ func TestProjectsFullTest(t *testing.T) { }) options.StackInputs = map[string]interface{}{ - "prefix": options.Prefix, - "region": validRegions[rand.Intn(len(validRegions))], - "existing_resource_group_name": resourceGroup, - "sm_service_plan": "trial", - "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack - "enable_platform_metrics": false, - "en_email_list": []string{"GoldenEye.Operations@ibm.com"}, + "prefix": options.Prefix, + "region": validRegions[rand.Intn(len(validRegions))], + "existing_resource_group_name": resourceGroup, + "secrets_manager_service_plan": "trial", + "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack + "enable_platform_metrics": false, + "event_notifications_email_list": []string{"GoldenEye.Operations@ibm.com"}, } err := options.RunProjectsTest() @@ -114,15 +114,16 @@ func TestProjectsExistingResourcesTest(t *testing.T) { }) options.StackInputs = map[string]interface{}{ - "prefix": terraform.Output(t, existingTerraformOptions, "prefix"), - "region": terraform.Output(t, existingTerraformOptions, "region"), - "existing_resource_group_name": terraform.Output(t, existingTerraformOptions, "resource_group_name"), - "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack - "enable_platform_metrics": false, - "existing_secrets_manager_crn": terraform.Output(t, existingTerraformOptions, "secrets_manager_instance_crn"), - "skip_iam_authorization_policy": true, // skip as s2s auth policy was already created for existing instance - "existing_kms_instance_crn": terraform.Output(t, existingTerraformOptions, "key_project_instance_crn"), - "en_email_list": []string{"GoldenEye.Operations@ibm.com"}, + "prefix": terraform.Output(t, existingTerraformOptions, "prefix"), + "region": terraform.Output(t, existingTerraformOptions, "region"), + "existing_resource_group_name": terraform.Output(t, existingTerraformOptions, "resource_group_name"), + "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack + "enable_platform_metrics": false, + "existing_secrets_manager_crn": terraform.Output(t, existingTerraformOptions, "secrets_manager_instance_crn"), + "skip_secrets_manager_iam_auth_policy": true, // skip as s2s auth policy was already created for existing instance + "existing_kms_instance_crn": terraform.Output(t, existingTerraformOptions, "key_project_instance_crn"), + "event_notifications_email_list": []string{"GoldenEye.Operations@ibm.com"}, + "secrets_manager_secret_groups": []string{}, // Don't create any secret groups in existing instance (The default 'General' group already exists) } err := options.RunProjectsTest()