From 78ae0d74a3c74cdc7eb7ed5194c148399d22778e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Conall=20=C3=93=20Cofaigh?= Date: Sun, 28 Sep 2025 21:29:41 +0100 Subject: [PATCH 1/3] Update stack_definition.json --- stack_definition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack_definition.json b/stack_definition.json index 747b71a..930e686 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -410,7 +410,7 @@ } ], "name": "3c - App Configuration", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.b61bd179-3aa9-4763-9f0b-02815398b76e-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.430291dd-8a78-46c2-8d02-e951da977582-global" }, { "inputs": [ From aa10bdff3894f090c2fcbcf0295a156c0d392445 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Conall=20=C3=93=20Cofaigh?= Date: Mon, 29 Sep 2025 11:53:41 +0100 Subject: [PATCH 2/3] Update stack_definition.json --- stack_definition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack_definition.json b/stack_definition.json index 930e686..06d6324 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -452,7 +452,7 @@ } ], "name": "3d - Secrets Manager", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.ceff0818-e9de-45e6-b785-4c8ad786e6bb-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.3d0da0a9-0327-44fc-8796-edf8e0017e25-global" }, { "inputs": [ From 29f4ed8b1560458deabf1bf3f4a91cc0df73dd54 Mon Sep 17 00:00:00 2001 From: ocofaigh Date: Mon, 29 Sep 2025 13:02:53 +0100 Subject: [PATCH 3/3] fix tests and expose the ability to create secrets groups --- ibm_catalog.json | 12 +++++++++++- stack_definition.json | 11 +++++++++++ tests/pr_test.go | 33 +++++++++++++++++---------------- 3 files changed, 39 insertions(+), 17 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 63038a4..a1f6855 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -233,7 +233,6 @@ "type": "string", "default_value": "Default", "description": "The name of an existing resource group to provision the resources.", - "required": true, "custom_config": { "type": "resource_group", "grouping": "deployment", @@ -365,6 +364,17 @@ "description": "Whether to skip the creation of the IAM authorization policies required to enable the Secrets Manager IAM credentials engine. If set to false, policies will be created that grants the Secrets Manager instance 'Operator' access to the IAM identity service, and 'Groups Service Member Manage' access to the IAM groups service.", "required": false }, + { + "key": "secrets_manager_secret_groups", + "type": "array", + "default_value": "[\n {\n secret_group_name = \"General\"\n secret_group_description = \"A general purpose secrets group with an associated access group which has a secrets reader role\"\n create_access_group = true\n access_group_name = \"general-secrets-group-access-group\"\n access_group_roles = [\"SecretsReader\"]\n }\n ]", + "description": "Secret Manager secret group and access group configurations. If a prefix input variable is specified, it is added to the `access_group_name` value in the `-value` format. If you do not wish to create any groups, set the value to `[]`. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager/tree/main/solutions/fully-configurable/provisioning_secrets_groups.md).", + "custom_config": { + "type": "code_editor", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, { "key": "app_config_plan", "type": "string", diff --git a/stack_definition.json b/stack_definition.json index 06d6324..603cf0b 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -69,6 +69,13 @@ "hidden": false, "custom_config": {} }, + { + "name": "secrets_manager_secret_groups", + "required": false, + "type": "array", + "hidden": false, + "custom_config": {} + }, { "name": "app_config_plan", "required": false, @@ -449,6 +456,10 @@ { "name": "skip_secrets_manager_iam_auth_policy", "value": "ref:../../inputs/skip_secrets_manager_iam_auth_policy" + }, + { + "name": "secret_groups", + "value": "ref:../../inputs/secrets_manager_secret_groups" } ], "name": "3d - Secrets Manager", diff --git a/tests/pr_test.go b/tests/pr_test.go index f76e813..c9a8c39 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -52,13 +52,13 @@ func TestProjectsFullTest(t *testing.T) { }) options.StackInputs = map[string]interface{}{ - "prefix": options.Prefix, - "region": validRegions[rand.Intn(len(validRegions))], - "existing_resource_group_name": resourceGroup, - "sm_service_plan": "trial", - "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack - "enable_platform_metrics": false, - "en_email_list": []string{"GoldenEye.Operations@ibm.com"}, + "prefix": options.Prefix, + "region": validRegions[rand.Intn(len(validRegions))], + "existing_resource_group_name": resourceGroup, + "secrets_manager_service_plan": "trial", + "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack + "enable_platform_metrics": false, + "event_notifications_email_list": []string{"GoldenEye.Operations@ibm.com"}, } err := options.RunProjectsTest() @@ -114,15 +114,16 @@ func TestProjectsExistingResourcesTest(t *testing.T) { }) options.StackInputs = map[string]interface{}{ - "prefix": terraform.Output(t, existingTerraformOptions, "prefix"), - "region": terraform.Output(t, existingTerraformOptions, "region"), - "existing_resource_group_name": terraform.Output(t, existingTerraformOptions, "resource_group_name"), - "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack - "enable_platform_metrics": false, - "existing_secrets_manager_crn": terraform.Output(t, existingTerraformOptions, "secrets_manager_instance_crn"), - "skip_iam_authorization_policy": true, // skip as s2s auth policy was already created for existing instance - "existing_kms_instance_crn": terraform.Output(t, existingTerraformOptions, "key_project_instance_crn"), - "en_email_list": []string{"GoldenEye.Operations@ibm.com"}, + "prefix": terraform.Output(t, existingTerraformOptions, "prefix"), + "region": terraform.Output(t, existingTerraformOptions, "region"), + "existing_resource_group_name": terraform.Output(t, existingTerraformOptions, "resource_group_name"), + "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack + "enable_platform_metrics": false, + "existing_secrets_manager_crn": terraform.Output(t, existingTerraformOptions, "secrets_manager_instance_crn"), + "skip_secrets_manager_iam_auth_policy": true, // skip as s2s auth policy was already created for existing instance + "existing_kms_instance_crn": terraform.Output(t, existingTerraformOptions, "key_project_instance_crn"), + "event_notifications_email_list": []string{"GoldenEye.Operations@ibm.com"}, + "secrets_manager_secret_groups": []string{}, // Don't create any secret groups in existing instance (The default 'General' group already exists) } err := options.RunProjectsTest()