From 485f66c718579e3c09add80bc414673cc40e3292 Mon Sep 17 00:00:00 2001 From: "akocbek@ie.ibm.com" Date: Wed, 10 Jul 2024 12:58:12 +0100 Subject: [PATCH 1/7] feat: add Elasticsearch DA --- stack_definition.json | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/stack_definition.json b/stack_definition.json index c38603f..49cecad 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -416,6 +416,44 @@ ], "name": "6 - WatsonX SaaS services", "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.a8504fac-eb37-4aa0-a284-f26e876b5750-global" + }, + { + "inputs": [ + { + "name": "use_existing_resource_group", + "value": true + }, + { + "name": "resource_group_name", + "value": "ref:../../members/1%20-%20Account%20Infrastructure%20Base/outputs/observability_resource_group_name" + }, + { + "name": "region", + "value": "ref:../../inputs/region" + }, + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "plan", + "value": "platinum" + }, + { + "name": "elasticsearch_version", + "value": "8.12" + }, + { + "name": "existing_kms_instance_crn", + "value": "ref:../../members/2a%20-%20Security%20Service%20-%20Key%20Management/outputs/kms_instance_crn" + }, + { + "name": "kms_endpoint_type", + "value": "private" + } + ], + "name": "7 - Databases for Elasticsearch", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.c5ea982b-011a-46c8-a49d-0de273f40b46-global" } ] } From 3162c5ff22ac094f47983c02937c36c65273d694 Mon Sep 17 00:00:00 2001 From: "akocbek@ie.ibm.com" Date: Wed, 10 Jul 2024 16:36:26 +0100 Subject: [PATCH 2/7] feat: add Elasticsearch DA --- ibm_catalog.json | 8 +++++++- stack_definition.json | 6 +++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 62f5f01..e31c010 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -136,7 +136,13 @@ "role_crns": [ "crn:v1:bluemix:public:iam::::role:Editor" ] - } + }, + { + "service_name": "databases-for-elasticsearch", + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ] + } ], "architecture": { "features": [ diff --git a/stack_definition.json b/stack_definition.json index 49cecad..205a585 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -425,7 +425,7 @@ }, { "name": "resource_group_name", - "value": "ref:../../members/1%20-%20Account%20Infrastructure%20Base/outputs/observability_resource_group_name" + "value": "ref:../../members/1%20-%20Account%20Infrastructure%20Base/outputs/workload_resource_group_name" }, { "name": "region", @@ -450,6 +450,10 @@ { "name": "kms_endpoint_type", "value": "private" + }, + { + "name": "member_host_flavor", + "value": "b3c.4x16.encrypted" } ], "name": "7 - Databases for Elasticsearch", From 4456870d8275aa6221424c22cd89f0070bf4a79f Mon Sep 17 00:00:00 2001 From: "akocbek@ie.ibm.com" Date: Thu, 11 Jul 2024 11:30:40 +0100 Subject: [PATCH 3/7] increase Saas DA version 1.3.6 --- stack_definition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack_definition.json b/stack_definition.json index 205a585..73012c8 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -415,7 +415,7 @@ } ], "name": "6 - WatsonX SaaS services", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.a8504fac-eb37-4aa0-a284-f26e876b5750-global" + "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.9932d3b1-369e-4b5c-ad39-9e10149b83b0-global" }, { "inputs": [ From f6edff102ff132f2d03826409ecb7fbeb3613044 Mon Sep 17 00:00:00 2001 From: "akocbek@ie.ibm.com" Date: Thu, 11 Jul 2024 16:52:16 +0100 Subject: [PATCH 4/7] increase Saas DA version 1.3.6 --- stack_definition.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/stack_definition.json b/stack_definition.json index 73012c8..c5bfc6b 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -459,5 +459,23 @@ "name": "7 - Databases for Elasticsearch", "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.c5ea982b-011a-46c8-a49d-0de273f40b46-global" } + ], + "outputs": [ + { + "name": "es_hostname", + "value": "ref:./members/7 - Databases for Elasticsearch/outputs/hostname" + }, + { + "name": "es_port", + "value": "ref:./members/7 - Databases for Elasticsearch/outputs/port" + }, + { + "name": "es_certificate_base64", + "value": "ref:./members/7 - Databases for Elasticsearch/outputs/certificate_base64" + }, + { + "name": "es_service_credentials_json", + "value": "ref:./members/7 - Databases for Elasticsearch/outputs/service_credentials_json" + } ] } From a4ab125428e16c2095338e356ea7a1ec87956fa0 Mon Sep 17 00:00:00 2001 From: "akocbek@ie.ibm.com" Date: Fri, 12 Jul 2024 10:23:19 +0100 Subject: [PATCH 5/7] remove URL encoding --- stack_definition.json | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/stack_definition.json b/stack_definition.json index c5bfc6b..20eb861 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -139,7 +139,7 @@ "inputs": [ { "name": "resource_group_name", - "value": "ref:../../members/1%20-%20Account%20Infrastructure%20Base/outputs/security_resource_group_name" + "value": "ref:../../members/1 - Account Infrastructure Base/outputs/security_resource_group_name" }, { "name": "use_existing_resource_group", @@ -165,7 +165,7 @@ "inputs": [ { "name": "resource_group_name", - "value": "ref:../../members/1%20-%20Account%20Infrastructure%20Base/outputs/security_resource_group_name" + "value": "ref:../../members/1 - Account Infrastructure Base/outputs/security_resource_group_name" }, { "name": "existing_resource_group", @@ -187,7 +187,7 @@ "inputs": [ { "name": "resource_group_name", - "value": "ref:../../members/1%20-%20Account%20Infrastructure%20Base/outputs/observability_resource_group_name" + "value": "ref:../../members/1 - Account Infrastructure Base/outputs/observability_resource_group_name" }, { "name": "use_existing_resource_group", @@ -203,7 +203,7 @@ }, { "name": "existing_kms_instance_crn", - "value": "ref:../../members/2a%20-%20Security%20Service%20-%20Key%20Management/outputs/kms_instance_crn" + "value": "ref:../../members/2a - Security Service - Key Management/outputs/kms_instance_crn" }, { "name": "kms_endpoint_type", @@ -211,7 +211,7 @@ }, { "name": "existing_cos_instance_crn", - "value": "ref:../../members/2b%20-%20Security%20Service%20-%20Object%20storage/outputs/cos_instance_id" + "value": "ref:../../members/2b - Security Service - Object storage/outputs/cos_instance_id" }, { "name": "enable_platform_logs", @@ -229,7 +229,7 @@ "inputs": [ { "name": "existing_cos_instance_crn", - "value": "ref:../../members/2b%20-%20Security%20Service%20-%20Object%20storage/outputs/cos_instance_id" + "value": "ref:../../members/2b - Security Service - Object storage/outputs/cos_instance_id" }, { "name": "skip_cos_kms_auth_policy", @@ -237,11 +237,11 @@ }, { "name": "kms_endpoint_url", - "value": "ref:../../members/2a%20-%20Security%20Service%20-%20Key%20Management/outputs/kp_private_endpoint" + "value": "ref:../../members/2a - Security Service - Key Management/outputs/kp_private_endpoint" }, { "name": "existing_kms_instance_crn", - "value": "ref:../../members/2a%20-%20Security%20Service%20-%20Key%20Management/outputs/kms_instance_crn" + "value": "ref:../../members/2a - Security Service - Key Management/outputs/kms_instance_crn" }, { "name": "kms_endpoint_type", @@ -249,7 +249,7 @@ }, { "name": "resource_group_name", - "value": "ref:../../members/1%20-%20Account%20Infrastructure%20Base/outputs/audit_resource_group_name" + "value": "ref:../../members/1 - Account Infrastructure Base/outputs/audit_resource_group_name" }, { "name": "use_existing_resource_group", @@ -265,7 +265,7 @@ }, { "name": "existing_monitoring_crn", - "value": "ref:../../members/3%20-%20Security%20Service%20-%20Observability/outputs/cloud_monitoring_crn" + "value": "ref:../../members/3 - Security Service - Observability/outputs/cloud_monitoring_crn" } ], "name": "4 - Security Service - Event Notifications", @@ -275,7 +275,7 @@ "inputs": [ { "name": "resource_group_name", - "value": "ref:../../members/1%20-%20Account%20Infrastructure%20Base/outputs/security_resource_group_name" + "value": "ref:../../members/1 - Account Infrastructure Base/outputs/security_resource_group_name" }, { "name": "use_existing_resource_group", @@ -291,7 +291,7 @@ }, { "name": "existing_kms_instance_crn", - "value": "ref:../../members/2a%20-%20Security%20Service%20-%20Key%20Management/outputs/kms_instance_crn" + "value": "ref:../../members/2a - Security Service - Key Management/outputs/kms_instance_crn" }, { "name": "kms_endpoint_type", @@ -299,11 +299,11 @@ }, { "name": "existing_monitoring_crn", - "value": "ref:../../members/3%20-%20Security%20Service%20-%20Observability/outputs/cloud_monitoring_crn" + "value": "ref:../../members/3 - Security Service - Observability/outputs/cloud_monitoring_crn" }, { "name": "existing_cos_instance_crn", - "value": "ref:../../members/2b%20-%20Security%20Service%20-%20Object%20storage/outputs/cos_instance_id" + "value": "ref:../../members/2b - Security Service - Object storage/outputs/cos_instance_id" }, { "name": "skip_cos_kms_auth_policy", @@ -311,7 +311,7 @@ }, { "name": "existing_en_crn", - "value": "ref:../../members/4%20-%20Security%20Service%20-%20Event%20Notifications/outputs/crn" + "value": "ref:../../members/4 - Security Service - Event Notifications/outputs/crn" }, { "name": "scc_service_plan", @@ -333,7 +333,7 @@ "inputs": [ { "name": "resource_group_name", - "value": "ref:../../members/1%20-%20Account%20Infrastructure%20Base/outputs/security_resource_group_name" + "value": "ref:../../members/1 - Account Infrastructure Base/outputs/security_resource_group_name" }, { "name": "use_existing_resource_group", @@ -349,11 +349,11 @@ }, { "name": "existing_kms_instance_crn", - "value": "ref:../../members/2a%20-%20Security%20Service%20-%20Key%20Management/outputs/kms_instance_crn" + "value": "ref:../../members/2a - Security Service - Key Management/outputs/kms_instance_crn" }, { "name": "existing_event_notification_instance_crn", - "value": "ref:../../members/4%20-%20Security%20Service%20-%20Event%20Notifications/outputs/crn" + "value": "ref:../../members/4 - Security Service - Event Notifications/outputs/crn" }, { "name": "existing_secrets_manager_crn", @@ -375,7 +375,7 @@ }, { "name": "resource_group_name", - "value": "ref:../../members/1%20-%20Account%20Infrastructure%20Base/outputs/workload_resource_group_name" + "value": "ref:../../members/1 - Account Infrastructure Base/outputs/workload_resource_group_name" }, { "name": "location", @@ -425,7 +425,7 @@ }, { "name": "resource_group_name", - "value": "ref:../../members/1%20-%20Account%20Infrastructure%20Base/outputs/workload_resource_group_name" + "value": "ref:../../members/1 - Account Infrastructure Base/outputs/workload_resource_group_name" }, { "name": "region", @@ -445,7 +445,7 @@ }, { "name": "existing_kms_instance_crn", - "value": "ref:../../members/2a%20-%20Security%20Service%20-%20Key%20Management/outputs/kms_instance_crn" + "value": "ref:../../members/2a - Security Service - Key Management/outputs/kms_instance_crn" }, { "name": "kms_endpoint_type", From f53e4b24ba797c52c3311fbe64b41872730725be Mon Sep 17 00:00:00 2001 From: "akocbek@ie.ibm.com" Date: Fri, 12 Jul 2024 16:34:19 +0100 Subject: [PATCH 6/7] address PR comments --- ibm_catalog.json | 30 ++++++++++++++++++++++++++++-- stack_definition.json | 21 ++++++++++++++------- 2 files changed, 42 insertions(+), 9 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index e31c010..2897485 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -264,16 +264,42 @@ "key": "en_email_list", "type": "array", "default_value": [], + "description": "List of emails to configure event notifications.", "required": false }, { "key": "scc_service_plan", "type": "string", "default_value": "security-compliance-center-standard-plan", - "required": false + "description": "The pricing plan to use for the IBM Cloud Security and Compliance Center.", + "required": false, + "options": [ + { + "displayname": "standard", + "value": "security-compliance-center-standard-plan" + }, + { + "displayname": "trial", + "value": "security-compliance-center-trial-plan" + } + ] } ], - "install_type": "fullstack" + "install_type": "fullstack", + "outputs": [ + { + "key": "elasticsearch_hostname", + "description": "Elasticsearch instance hostname." + }, + { + "key": "elasticsearch_port", + "description": "Elasticsearch instance port." + }, + { + "key": "elasticsearch_service_credentials_json", + "description": "Elasticsearch instance service credentials json map." + } + ] } ] } diff --git a/stack_definition.json b/stack_definition.json index 20eb861..1c0117d 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -77,6 +77,7 @@ "type": "array", "hidden": false, "default": [], + "description": "List of emails to configure event notifications.", "custom_config": {} }, { @@ -85,6 +86,7 @@ "type": "string", "hidden": false, "default": "security-compliance-center-standard-plan", + "description": "The pricing plan to use for the IBM Cloud Security and Compliance Center.", "custom_config": {} } ], @@ -454,6 +456,15 @@ { "name": "member_host_flavor", "value": "b3c.4x16.encrypted" + }, + { + "name": "service_credential_names", + "value": { + "elasticsearch_admin" : "Administrator", + "elasticsearch_reader" : "Operator", + "elasticsearch_viewer" : "Viewer", + "elasticsearch_editor" : "Editor" + } } ], "name": "7 - Databases for Elasticsearch", @@ -462,19 +473,15 @@ ], "outputs": [ { - "name": "es_hostname", + "name": "elasticsearch_hostname", "value": "ref:./members/7 - Databases for Elasticsearch/outputs/hostname" }, { - "name": "es_port", + "name": "elasticsearch_port", "value": "ref:./members/7 - Databases for Elasticsearch/outputs/port" }, { - "name": "es_certificate_base64", - "value": "ref:./members/7 - Databases for Elasticsearch/outputs/certificate_base64" - }, - { - "name": "es_service_credentials_json", + "name": "elasticsearch_service_credentials_json", "value": "ref:./members/7 - Databases for Elasticsearch/outputs/service_credentials_json" } ] From f190a98afe51a30b6fc220dd8e6b9f2580ad5197 Mon Sep 17 00:00:00 2001 From: "akocbek@ie.ibm.com" Date: Mon, 15 Jul 2024 09:50:46 +0100 Subject: [PATCH 7/7] add service credential names --- stack_definition.json | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/stack_definition.json b/stack_definition.json index 1c0117d..32bd10d 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -460,10 +460,9 @@ { "name": "service_credential_names", "value": { - "elasticsearch_admin" : "Administrator", - "elasticsearch_reader" : "Operator", - "elasticsearch_viewer" : "Viewer", - "elasticsearch_editor" : "Editor" + "elastic_db_admin" : "Administrator", + "wxasst_db_user" : "Editor", + "toolchain_db_user" : "Editor" } } ],