diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fded5f67..0aca2050 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,5 +7,5 @@ on: - created jobs: call-terraform-ci-pipeline: - uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-terraform-module-ci-v2.yml@v1.22.5 + uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-terraform-module-ci-v2.yml@v1.23.2 secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 13edc440..a6421eb1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,5 +8,5 @@ on: jobs: call-terraform-release-pipeline: - uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-release.yml@v1.22.5 + uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-release.yml@v1.23.2 secrets: inherit diff --git a/.gitignore b/.gitignore index 1d33c03d..97d93660 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,5 @@ .terraform *.tfstate *.lock.hcl +.DS_Store +.idea diff --git a/.secrets.baseline b/.secrets.baseline index 0016d172..4e8ba946 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -77,7 +77,7 @@ } ], "results": {}, - "version": "0.13.1+ibm.62.dss", + "version": "0.13.1+ibm.64.dss", "word_list": { "file": null, "hash": null diff --git a/README.md b/README.md index 2e3ec253..7db3228a 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Retrieval augmented generation (RAG) for watsonx on IBM Cloud +# Cloud-native AI The following [deployable architecture](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understand-module-da#what-is-da) automates the deployment of a sample gen AI Pattern on IBM Cloud, including all underlying IBM Cloud and WatsonX infrastructure. This architecture implements the best practices for watsonx gen AI Pattern deployment on IBM Cloud, as described in the [reference architecture](https://cloud.ibm.com/docs/pattern-genai-rag?topic=pattern-genai-rag-genai-pattern). @@ -198,17 +198,6 @@ For example, by editing the member configuration, you can accomplish these thing To edit the member configuration, select **Edit** from the Options icon ![Options icon](/images/action-menu-icon.svg "Options") in the member configuration row. -### Removing configurations from the stack - -You can remove a member configuration from the stack that other configurations don't depend on. - -You can remove the following configurations in this architecture: - -- Security and Control Center -- Sample RAG App Configuration - -To remove a member configuration, select **Remove from Stack** from the Options icon ![Options icon](/images/action-menu-icon.svg "Options") in the member configuration row. - ### Managing input and output variables You can add or remove input and output variables at the stack level by following these steps: @@ -219,25 +208,6 @@ You can add or remove input and output variables at the stack level by following 1. Select a member configuration. 1. From the deployed details window, you can promote any of the configuration inputs or outputs. -### Selective provisioning of observability resources - -You can selectively provision observability resources such as Activity Tracker routes and targets, and Cloud Monitoring instances by following these steps: - -1. In the IBM Cloud console, click the **Navigation menu** icon ![Navigation menu icon](/images/icon_hamburger.svg "Menu") > **Projects**. -1. Click the project with the stacked deployable architecture that you want to update. -1. Click the **Configurations** tab. -1. **Navigate to the Configurations**: Access the "Essential Security - Logging Monitoring Activity Tracker" configuration by clicking on it. -1. **Edit Member Configuration**: On the top right side click on 3 dots, then select Edit option to access the member configuration page. -1. **Locate Optional Variables**: Under the Optional tab, you’ll find the specific variable settings. -1. From the deployed details window, you can enable or disable the provisioning of specific observability resources. For example: - - **IBM Cloud Logs instance** (`cloud_logs_provision`): Set this to provision or skip provisioning an IBM Cloud Logs instance. - - **IBM Cloud Monitoring instance** (`cloud_monitoring_provision`): Set this to provision or skip provisioning an IBM cloud monitoring instance. - - **Event routing from Activity Tracker to Object Storage** (`enable_at_event_routing_to_cos_bucket`): Set this to enable or disable event routing from Activity Tracker to the Object Storage bucket. - - **Event routing from Activity Tracker to Cloud Logs** (`enable_at_event_routing_to_cloud_logs`): Set this to enable or disable event routing from Activity Tracker to Cloud Logs. -1. After making the necessary changes, click Save, validate the settings, and deploy to apply the updated configuration. - - - ### Sharing modified stacks through a private IBM Cloud catalog After you modify your deployable architecture in projects, you can share it with others through a private IBM Cloud catalog. To share your deployable architecture, follow the steps in [Sharing your deployable architecture to your enterprise](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-share-custom). @@ -246,7 +216,7 @@ After you modify your deployable architecture in projects, you can share it with You can use the code of this sample automation as a guide to customize the sample app to meet your requirements. The code is available at [https://github.com/terraform-ibm-modules/terraform-ibm-rag-sample-da](https://github.com/terraform-ibm-modules/terraform-ibm-rag-sample-da). -To use your own app, remove the `Workload - Sample RAG App Configuration` member configuration from the stack. This member configuration is specific to the default sample app. +To use your own app, remove the `Workload - Sample RAG Application` member configuration from the stack. This member configuration is specific to the default sample app. ## Undeploying the stack and infrastructure @@ -264,7 +234,7 @@ To use your own app, remove the `Workload - Sample RAG App Configuration` member - Code Engine Project - Delete the code engine project created for the sample application. - Container Registry Namespace - - Delete the container registry namespace created by the CI tookchain. + - Delete the container registry namespace created by the CI toolchain. 1. Delete the project. diff --git a/common-dev-assets b/common-dev-assets index 6e39f79e..bb642791 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 6e39f79e1389a1ec3bbe57215573e7d4e6dd98f1 +Subproject commit bb64279162cdd0eecd962220d538fd8f41e922e7 diff --git a/ibm_catalog.json b/ibm_catalog.json index 8696e25c..d58d9b3a 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -1,1025 +1,1365 @@ { - "products": [ - { - "label": "Retrieval Augmented Generation (RAG) Pattern", - "name": "Retrieval_Augmented_Generation_Pattern", - "product_kind": "solution", - "tags": [ - "solution", - "watson", - "security", - "banking", - "ibm_created" - ], - "keywords": [ - "rag", - "watson", - "ai", - "compliance", - "fscloud", - "genai", - "sample", - "ibmcloud", - "financial services", - "watsonx", - "llm", - "retrieval augmented generation", - "secure", - "secret manager", - "key protect", - "security and compliance center workload protection", - "cspm", - "config aggregator", - "app config" - ], - "short_description": "Automate RAG deployment with supporting IBM Cloud and watsonx services, embed your enterprise data in generative AI solutions.", - "long_description": "Utilize data from your enterprise to achieve productivity gains in activities related to question/answer conversations, content search, summarization and generation. RAG can be deployed in multiple configurations and is applicable to various industry use cases and solutions.\n\nThis deployable architecture provides a comprehensive foundation for trust, observability, security, and regulatory compliance by configuring and deploying various services and a sample application for a [RAG pattern](https://cloud.ibm.com/docs/pattern-genai-rag?topic=pattern-genai-rag-genai-pattern), including:\n- Configuring IBM Cloud Account with best practices from [IBM Cloud Framework for Financial Services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-about)\n- Deploying key and secrets management services for storage and management of encryption keys and secrets\n- Deploying controls for continuous compliance\n- Deploying observability services for application and platform logging and monitoring\n- Deploying a suite of watsonx services to provide generative AI RAG capabilities\n- Deploying content databases for storing vector embeddings of the documents and content search/retrieval\n- Deploying a sample application in a variety of run times including CI/CD/CC pipelines for secure application lifecycle management\n\nThe above configured and deployed services enable a secure and trustworthy deployment of generative AI applications on IBM Cloud.\n\nThe configurations are flexible and be changed to meet the needs for several types of RAG patterns depending on the chosen combination of technologies and services.\n\nThe generative AI RAG pattern services include:\n- [watsonx.ai](https://dataplatform.cloud.ibm.com/docs/content/wsj/getting-started/welcome-main.html?context=wx)\n- [watsonx.data](https://cloud.ibm.com/docs/watsonxdata) (with Milvus)\n- [watsonx.governance](https://dataplatform.cloud.ibm.com/docs/content/svc-welcome/aiopenscale.html?context=wx)\n- [watsonx Assistant](https://cloud.ibm.com/docs/watson-assistant?topic=watson-assistant-welcome-new-assistant)\n- [watsonx Orchestrate](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/current)\n- [Watson Discovery](https://cloud.ibm.com/docs/discovery-data)\n- [Elasticsearch](https://cloud.ibm.com/docs/databases-for-elasticsearch) Enterprise and Platinum edition\n\nThe supporting services include:\n- [Secrets Manager](https://cloud.ibm.com/docs/secrets-manager)\n- [Key Protect](https://cloud.ibm.com/docs/key-protect)\n- [Security and Compliance Center](https://cloud.ibm.com/docs/security-compliance)\n- [Event Notifications](https://cloud.ibm.com/docs/event-notifications?topic=event-notifications-getting-started)\n- [Logs](https://cloud.ibm.com/docs/cloud-logs)\n- [Monitoring](https://cloud.ibm.com/docs/monitoring?topic=monitoring-getting-started)\n- [Object Storage](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-getting-started-cloud-object-storage)\n- [Continuous Delivery](https://cloud.ibm.com/docs/ContinuousDelivery) toolchains\n- [Container Registry](https://cloud.ibm.com/docs/Registry)\n\nA [sample RAG application](https://github.com/IBM/gen-ai-rag-watsonx-sample-application) is deployed to [Code Engine](https://cloud.ibm.com/docs/codeengine) or [Red Hat OpenShift](https://cloud.ibm.com/docs/openshift) cluster.\n\nBy leveraging this architecture, you can accelerate your deployment and tailor it to meet your unique business needs and enterprise goals.", - "offering_docs_url": "https://github.com/terraform-ibm-modules/stack-retrieval-augmented-generation/blob/main/README.md", - "offering_icon_url": "https://globalcatalog.cloud.ibm.com/api/v1/1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc/artifacts/solution.svg", - "provider_name": "IBM", - "features": [ - { - "title": "RAG Pattern", - "description": "Deploy a RAG pattern with supporting IBM Cloud and watsonx services, and a sample application to Code Engine or Red Hat OpenShift using Continuous Delivery." - }, - { - "title": "Implement Security", - "description": "The architecture ensures security by deploying Key Protect and Secrets Manager." - }, - { - "title": "Achieve Regulatory Compliance", - "description": "Ensures regulatory compliance by implementing CI/CD/CC pipelines, along with Security and Compliance Center Workload Protection for continuous compliance." - }, - { - "title": "Ensure Observability", - "description": "Provides observability by deploying services such as Logs and Monitoring for log analysis and tracking activity." - }, - { - "title": "Establish Trust", - "description": "Ensures trust by configuring the IBM Cloud account to align with compliance settings as defined in the Financial Services framework." - } - ], - "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in that repository [https://github.com/terraform-ibm-modules/stack-retrieval-augmented-generation/issues](https://github.com/terraform-ibm-modules/stack-retrieval-augmented-generation/issues). Please note this product is not supported via the IBM Cloud Support Center.", - "flavors": [ - { - "label": "Basic (Deploy on Code Engine)", - "name": "basic", - "working_directory": "solutions/basic", - "compliance": { - "authority": "scc-v3", - "profiles": [ - { - "profile_name": "AI Security Guardrails 2.0", - "profile_version": "1.1.0" - } - ] - }, - "iam_permissions": [ - { - "service_name": "iam-groups", - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator" - ] - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "cloud-object-storage" - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator" - ], - "service_name": "iam-identity" - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Writer", - "crn:v1:bluemix:public:iam::::role:Administrator" - ], - "service_name": "atracker" - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "kms" - }, - { - "service_name": "sysdig-secure", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ] - }, - { - "service_name": "apprapp", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ] - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "pm-20" - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "data-science-experience" - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "aiopenscale" - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "conversation" - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "discovery" - }, - { - "service_name": "databases-for-elasticsearch", - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Editor" - ] - }, - { - "service_name": "event-notifications", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ] - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Writer", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "codeengine" - } - ], - "architecture": { - "features": [ - { - "title": " ", - "description": "Enables:" - }, - { - "title": "1. Code Engine for containerized and serverless workloads", - "description": " " - }, - { - "title": "2. Elasticsearch Enterprise for building and storing dense vector indexes or keyword search indexes", - "description": " " - }, - { - "title": "3. watsonx.ai in-memory vector store for RAG trial and exploration", - "description": " " - }, - { - "title": "4. watsonx.ai UI to upload documents", - "description": " " - }, - { - "title": "5. watsonx.ai Prompt Lab for inferencing and Prompt Templates", - "description": " " - }, - { - "title": "6. watsonx Assistant Conversational Search with embedded LLM", - "description": " " - }, - { - "title": "7. Build your own data processing, ingestion pipeline and indexes", - "description": " " - } - ], - "diagrams": [ - { - "diagram": { - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/rag-pattern.svg", - "caption": "Reference architecture", - "type": "image/svg+xml", - "thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/rag-pattern.svg" - }, - "description": "Reference architecture" - }, - { - "diagram": { - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/rag-stack.svg", - "caption": "Solution components", - "type": "image/svg+xml", - "thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/rag-stack.svg" - }, - "description": "Solution components" - } - ] - }, - "configuration": [ - { - "key": "prefix", - "type": "string", - "description": "A prefix added to the name of all resources created by this solution. Used to avoid name clashes in the target account when deploying this solution multiple times.", - "default_value": "rag", - "required": true - }, - { - "key": "ibmcloud_api_key", - "type": "password", - "description": "The API Key used to provision all resources created in this solution.", - "required": true - }, - { - "key": "signing_key", - "type": "password", - "description": "The key used to sign the application image built by the CI pipeline deployed in this solution; please refer to the documentation at https://github.com/terraform-ibm-modules/stack-retrieval-augmented-generation/blob/main/README.md for generating the key; if not set, all resources will deploy successfully, but the initial CI pipeline execution will fail at the signing step.", - "default_value": "replace", - "required": false, - "custom_config": { - "type": "multiline_secure_value", - "grouping": "deployment", - "original_grouping": "deployment" - } - }, - { - "key": "region", - "type": "string", - "default_value": "us-south", - "description": "The region in which all resources are deployed.", - "required": false, - "options": [ - { - "displayname": "us-south", - "value": "us-south" - }, - { - "displayname": "eu-de", - "value": "eu-de" - } - ] - }, - { - "key": "resource_group_name", - "type": "string", - "default_value": "rag-services", - "description": "The name of the resource group that is created by this solution. The actual name is prefixed with the value of the input 'prefix'. All resources created by this solution are deployed in this resource group.", - "required": false - }, - { - "key": "existing_resource_group_name", - "type": "string", - "default_value": "__NULL__", - "description": "The name of an existing resource group that is used by this solution, takes precedence over resource_group_name. Prefix is NOT used for existing resource group. All resources created by this solution are deployed in this resource group.", - "required": false - }, - { - "key": "watsonx_admin_api_key", - "type": "password", - "description": "The API key used to provision the watson project resources. If not set, the API key used to deploy the solution is used.", - "required": false - }, - { - "key": "secret_manager_service_plan", - "type": "string", - "default_value": "trial", - "description": "The service/pricing plan to use when provisioning a new Secrets Manager instance. Only one trial instance is allowed per account.", - "required": false, - "options": [ - { - "displayname": "Trial", - "value": "trial" - }, - { - "displayname": "Standard", - "value": "standard" - } - ] - }, - { - "key": "existing_secrets_manager_crn", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing secret manager instance to use in this solution. If not set, a new secret manager instance is provisioned.", - "required": false - }, - { - "key": "skip_iam_authorization_policy", - "display_name": "disable_secrets_manager_iam_credentials_engine", - "type": "boolean", - "default_value": false, - "description": "Whether to skip the creation of the IAM authorization policies required to enable the Secrets Manager IAM credentials engine. If set to false, policies will be created that grants the Secrets Manager instance 'Operator' access to the IAM identity service, and 'Groups Service Member Manage' access to the IAM groups service.", - "required": false - }, - { - "key": "enable_platform_metrics", - "type": "boolean", - "default_value": false, - "description": "Setting this to true will enable platform metrics for the Cloud Monitoring instance. NOTE: You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location.", - "required": false - }, - { - "key": "logs_routing_tenant_regions", - "type": "array", - "default_value": [], - "description": "Pass a list of regions to create a tenant that is targeted to the Cloud Logs instance created by this solution. To manage platform logs that are generated by IBM Cloud® services in a region of IBM Cloud, you must create a tenant in each region that you operate. Leave the list empty if you don't want to create any tenants.", - "required": false - }, - { - "key": "app_config_service_plan", - "type": "string", - "default_value": "basic", - "description": "The pricing plan to use for the IBM Cloud App Configuration instance.", - "required": false, - "options": [ - { - "displayname": "Basic", - "value": "basic" - }, - { - "displayname": "Standard", - "value": "standardv2" - }, - { - "displayname": "Enterprise", - "value": "enterprise" - } - ] - }, - { - "key": "scc_workload_protection_service_plan", - "type": "string", - "default_value": "graduated-tier", - "description": "The pricing plan to use for the IBM Cloud Security and Compliance Center Workload Protection instance.", - "required": false, - "options": [ - { - "displayname": "Graduated Tier", - "value": "graduated-tier" - }, - { - "displayname": "Free Trial", - "value": "free-trial" - } - ] - }, - { - "key": "enterprise_id", - "type": "string", - "default_value": "__NULL__", - "description": "If the account is an enterprise account and you want to scan sub-accounts for compliance, this value should be set to the enterprise ID (this is different to the account ID).", - "required": false - }, - { - "key": "enterprise_account_group_ids_to_assign", - "type": "array", - "default_value": [ - "all" - ], - "description": "A list of enterprise account group IDs to assign the trusted profile template to in order for the accounts to be scanned for compliance. Supports passing the string 'all' in the list to assign to all account groups. Only applies if a value is being passed for `enterprise_id`.", - "required": false - }, - { - "key": "enterprise_account_ids_to_assign", - "type": "array", - "default_value": [ - "all" - ], - "description": "A list of enterprise account IDs to assign the trusted profile template to in order for the accounts to be scanned. Supports passing the string 'all' in the list to assign to all accounts. Only applies if a value is being passed for `enterprise_id`.", - "required": false - }, - { - "key": "sample_app_git_url", - "type": "string", - "default_value": "https://github.com/IBM/gen-ai-rag-watsonx-sample-application", - "description": "The URL to the public git repository containing the sample rag application code.", - "required": false - }, - { - "key": "existing_kms_instance_crn", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing KMS instance to use in this solution. If not set, a new KP instance is provisioned.", - "required": false - }, - { - "key": "existing_event_notification_instance_crn", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing event notification instance to use in this solution. If not set, a new event notification instance is provisioned.", - "required": false - }, - { - "key": "existing_discovery_instance", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing WatsonX SaaS discovery instance to use in this solution. If not set, a new discovery instance is provisioned depending on which plan is selected.", - "required": false - }, - { - "key": "existing_assistant_instance_crn", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing WatsonX SaaS assistant instance to use in this solution. If not set, a new assistant instance is provisioned depending on which plan is selected.", - "required": false - }, - { - "key": "existing_governance_instance", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing WatsonX SaaS governance instance to use in this solution. If not set, a new governance instance is provisioned depending on which plan is selected.", - "required": false - }, - { - "key": "existing_studio_instance", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing WatsonX SaaS studio instance to use in this solution. If not set, a new studio instance is provisioned depending on which plan is selected.", - "required": false - }, - { - "key": "existing_machine_learning_instance", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing WatsonX SaaS machine learning instance to use in this solution. If not set, a new machine learning instance is provisioned depending on which plan is selected.", - "required": false - }, - { - "key": "existing_elasticsearch_instance_crn", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing elasticsearch instance to use in this solution. If not set, a new elasticsearch instance is provisioned.", - "required": false - } - ], - "outputs": [ - { - "key": "elasticsearch_hostname", - "description": "The hostname of the Elasticsearch instance." - }, - { - "key": "elasticsearch_port", - "description": "The port of the Elasticsearch instance." - }, - { - "key": "elasticsearch_service_credentials_json", - "description": "The service credentials of the Elasticsearch instance." - }, - { - "key": "elasticsearch_crn", - "description": "The CRN of the Elasticsearch instance." - }, - { - "key": "watsonx_project_url", - "description": "The URL to the WatsonX project for the sample RAG application." - }, - { - "key": "watsonx_project_id", - "description": "The ID for the WatsonX project for the sample RAG application." - }, - { - "key": "watson_discovery_api_url", - "description": "The URL to the Watson Discovery API endpoint." - }, - { - "key": "watson_discovery_project_id", - "description": "The ID for the Watson Discovery project for the sample RAG application." - } - ], - "install_type": "fullstack" - }, - { - "label": "Standard (Deploy on Red Hat OpenShift)", - "name": "standard", - "working_directory": "solutions/standard", - "compliance": { - "authority": "scc-v3", - "profiles": [ - { - "profile_name": "AI Security Guardrails 2.0", - "profile_version": "1.1.0" - } - ] - }, - "iam_permissions": [ - { - "service_name": "iam-groups", - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator" - ] - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "cloud-object-storage" - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator", - "crn:v1:bluemix:public:iam-identity::::serviceRole:UserApiKeyCreator" - ], - "service_name": "iam-identity" - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Writer", - "crn:v1:bluemix:public:iam::::role:Administrator" - ], - "service_name": "atracker" - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "kms" - }, - { - "service_name": "sysdig-secure", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ] - }, - { - "service_name": "apprapp", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ] - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "pm-20" - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "data-science-experience" - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "aiopenscale" - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "conversation" - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "discovery" - }, - { - "service_name": "databases-for-elasticsearch", - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Editor" - ] - }, - { - "service_name": "event-notifications", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ] - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator" - ], - "service_name": "containers-kubernetes" - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator" - ], - "service_name": "is.vpc" - } - ], - "architecture": { - "features": [ - { - "title": " ", - "description": "Enables:" - }, - { - "title": "1. Red Hat OpenShift cluster for microservices workloads", - "description": " " - }, - { - "title": "2. Elasticsearch Platinum for building and storing sparse vectors, dense vector indexes or keyword search indexes", - "description": " " - }, - { - "title": "i. watsonx.ai use of Elasticsearch ELSER2 vector index for RAG", - "description": " " - }, - { - "title": "ii. watsonx Assistant Conversational Search with UI feature for uploading documents to create or use Elasticsearch ELSER2 vector index for RAG", - "description": " " - }, - { - "title": "3. watsonx.ai in-memory vector store for RAG trial and exploration", - "description": " " - }, - { - "title": "4. watsonx.ai UI to upload documents", - "description": " " - }, - { - "title": "5. watsonx.ai Prompt Lab for inferencing and Prompt Templates", - "description": " " - }, - { - "title": "6. watsonx Assistant Conversational Search with embedded LLM", - "description": " " - }, - { - "title": "7. Build your own data processing, ingestion pipeline and indexes", - "description": " " - } - ], - "diagrams": [ - { - "diagram": { - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/rag-pattern.svg", - "caption": "Reference architecture", - "type": "image/svg+xml", - "thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/rag-pattern.svg" - }, - "description": "Reference architecture" - }, - { - "diagram": { - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/rag-stack.svg", - "caption": "Solution components", - "type": "image/svg+xml", - "thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/rag-stack.svg" - }, - "description": "Solution components" - } - ] - }, - "configuration": [ - { - "key": "prefix", - "type": "string", - "description": "A prefix added to the name of all resources created by this solution. Must start with a letter, contain only lowercase letters, numbers, or dashes, and be 13 characters or less. Used to avoid name clashes in the target account when deploying this solution multiple times.", - "default_value": "rag", - "required": true - }, - { - "key": "ibmcloud_api_key", - "type": "password", - "description": "The API Key used to provision all resources created in this solution.", - "required": true - }, - { - "key": "signing_key", - "type": "password", - "description": "The key used to sign the application image built by the CI pipeline deployed in this solution; please refer to the documentation at https://github.com/terraform-ibm-modules/stack-retrieval-augmented-generation/blob/main/README.md for generating the key; if not set, all resources will deploy successfully, but the initial CI pipeline execution will fail at the signing step.", - "default_value": "replace", - "required": false, - "custom_config": { - "type": "multiline_secure_value", - "grouping": "deployment", - "original_grouping": "deployment" - } - }, - { - "key": "region", - "type": "string", - "default_value": "us-south", - "description": "The region in which all resources are deployed.", - "required": false, - "options": [ - { - "displayname": "us-south", - "value": "us-south" - }, - { - "displayname": "eu-de", - "value": "eu-de" - } - ] - }, - { - "key": "resource_group_name", - "type": "string", - "default_value": "rag-services", - "description": "The name of the resource group that is created by this solution. The actual name is prefixed with the value of the input 'prefix'. All resources created by this solution are deployed in this resource group.", - "required": false - }, - { - "key": "existing_resource_group_name", - "type": "string", - "default_value": "__NULL__", - "description": "The name of an existing resource group that is used by this solution, takes precedence over resource_group_name. Prefix is NOT used for existing resource group. All resources created by this solution are deployed in this resource group.", - "required": false - }, - { - "key": "watsonx_admin_api_key", - "type": "password", - "description": "The API key used to provision the watson project resources. If not set, the API key used to deploy the solution is used.", - "required": false - }, - { - "key": "secret_manager_service_plan", - "type": "string", - "default_value": "trial", - "description": "The service/pricing plan to use when provisioning a new Secrets Manager instance. Only one trial instance is allowed per account.", - "required": false, - "options": [ - { - "displayname": "Trial", - "value": "trial" - }, - { - "displayname": "Standard", - "value": "standard" - } - ] - }, - { - "key": "existing_secrets_manager_crn", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing secret manager instance to use in this solution. If not set, a new secret manager instance is provisioned.", - "required": false - }, - { - "key": "skip_iam_authorization_policy", - "display_name": "disable_secrets_manager_iam_credentials_engine", - "type": "boolean", - "default_value": false, - "description": "Whether to skip the creation of the IAM authorization policies required to enable the Secrets Manager IAM credentials engine. If set to false, policies will be created that grants the Secrets Manager instance 'Operator' access to the IAM identity service, and 'Groups Service Member Manage' access to the IAM groups service.", - "required": false - }, - { - "key": "enable_platform_metrics", - "type": "boolean", - "default_value": false, - "description": "Setting this to true will enable platform metrics for the Cloud Monitoring instance. NOTE: You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location.", - "required": false - }, - { - "key": "logs_routing_tenant_regions", - "type": "array", - "default_value": [], - "description": "Pass a list of regions to create a tenant that is targeted to the Cloud Logs instance created by this solution. To manage platform logs that are generated by IBM Cloud® services in a region of IBM Cloud, you must create a tenant in each region that you operate. Leave the list empty if you don't want to create any tenants.", - "required": false - }, - { - "key": "app_config_service_plan", - "type": "string", - "default_value": "basic", - "description": "The pricing plan to use for the IBM Cloud App Configuration instance.", - "required": false, - "options": [ - { - "displayname": "Basic", - "value": "basic" - }, - { - "displayname": "Standard", - "value": "standardv2" - }, - { - "displayname": "Enterprise", - "value": "enterprise" - } - ] - }, - { - "key": "scc_workload_protection_service_plan", - "type": "string", - "default_value": "graduated-tier", - "description": "The pricing plan to use for the IBM Cloud Security and Compliance Center Workload Protection instance.", - "required": false, - "options": [ - { - "displayname": "Graduated Tier", - "value": "graduated-tier" - }, - { - "displayname": "Free Trial", - "value": "free-trial" - } - ] - }, - { - "key": "enterprise_id", - "type": "string", - "default_value": "__NULL__", - "description": "If the account is an enterprise account and you want to scan sub-accounts for compliance, this value should be set to the enterprise ID (this is different to the account ID).", - "required": false - }, - { - "key": "enterprise_account_group_ids_to_assign", - "type": "array", - "default_value": [ - "all" - ], - "description": "A list of enterprise account group IDs to assign the trusted profile template to in order for the accounts to be scanned for compliance. Supports passing the string 'all' in the list to assign to all account groups. Only applies if a value is being passed for `enterprise_id`.", - "required": false - }, - { - "key": "enterprise_account_ids_to_assign", - "type": "array", - "default_value": [ - "all" - ], - "description": "A list of enterprise account IDs to assign the trusted profile template to in order for the accounts to be scanned. Supports passing the string 'all' in the list to assign to all accounts. Only applies if a value is being passed for `enterprise_id`.", - "required": false - }, - { - - "key": "app_config_service_plan", - "type": "string", - "default_value": "basic", - "description": "The pricing plan to use for the IBM Cloud App Configuration instance.", - "required": false, - "options": [ - { - "displayname": "Basic", - "value": "basic" - }, - { - "displayname": "Standard", - "value": "standardv2" - }, - { - "displayname": "Enterprise", - "value": "enterprise" - } - ] - }, - { - "key": "scc_workload_protection_service_plan", - "type": "string", - "default_value": "graduated-tier", - "description": "The pricing plan to use for the IBM Cloud Security and Compliance Center Workload Protection instance.", - "required": false, - "options": [ - { - "displayname": "Graduated Tier", - "value": "graduated-tier" - }, - { - "displayname": "Free Trial", - "value": "free-trial" - } - ] - }, - { - "key": "enterprise_id", - "type": "string", - "default_value": "__NULL__", - "description": "If the account is an enterprise account and you want to scan sub-accounts for compliance, this value should be set to the enterprise ID (this is different to the account ID).", - "required": false - }, - { - "key": "enterprise_account_group_ids_to_assign", - "type": "array", - "default_value": [ - "all" - ], - "description": "A list of enterprise account group IDs to assign the trusted profile template to in order for the accounts to be scanned for compliance. Supports passing the string 'all' in the list to assign to all account groups. Only applies if a value is being passed for `enterprise_id`.", - "required": false - }, - { - "key": "enterprise_account_ids_to_assign", - "type": "array", - "default_value": [ - "all" - ], - "description": "A list of enterprise account IDs to assign the trusted profile template to in order for the accounts to be scanned. Supports passing the string 'all' in the list to assign to all accounts. Only applies if a value is being passed for `enterprise_id`.", - "required": false - }, - { - "key": "sample_app_git_url", - "type": "string", - "default_value": "https://github.com/IBM/gen-ai-rag-watsonx-sample-application", - "description": "The URL to the public git repository containing the sample rag application code.", - "required": false - }, - { - "key": "existing_kms_instance_crn", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing KMS instance to use in this solution. If not set, a new KP instance is provisioned.", - "required": false - }, - { - "key": "existing_event_notification_instance_crn", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing event notification instance to use in this solution. If not set, a new event notification instance is provisioned.", - "required": false - }, - { - "key": "existing_discovery_instance", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing WatsonX SaaS discovery instance to use in this solution. If not set, a new discovery instance is provisioned depending on which plan is selected.", - "required": false - }, - { - "key": "existing_assistant_instance_crn", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing WatsonX SaaS assistant instance to use in this solution. If not set, a new assistant instance is provisioned depending on which plan is selected.", - "required": false - }, - { - "key": "existing_governance_instance", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing WatsonX SaaS governance instance to use in this solution. If not set, a new governance instance is provisioned depending on which plan is selected.", - "required": false - }, - { - "key": "existing_studio_instance", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing WatsonX SaaS studio instance to use in this solution. If not set, a new studio instance is provisioned depending on which plan is selected.", - "required": false - }, - { - "key": "existing_machine_learning_instance", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing WatsonX SaaS machine learning instance to use in this solution. If not set, a new machine learning instance is provisioned depending on which plan is selected.", - "required": false - }, - { - "key": "existing_elasticsearch_instance_crn", - "type": "string", - "default_value": "__NULL__", - "description": "The CRN of an existing elasticsearch instance to use in this solution. If not set, a new elasticsearch instance is provisioned.", - "required": false - } - ], - "outputs": [ - { - "key": "elasticsearch_hostname", - "description": "The hostname of the Elasticsearch instance." - }, - { - "key": "elasticsearch_port", - "description": "The port of the Elasticsearch instance." - }, - { - "key": "elasticsearch_service_credentials_json", - "description": "The service credentials of the Elasticsearch instance." - }, - { - "key": "elasticsearch_crn", - "description": "The CRN of the Elasticsearch instance." - }, - { - "key": "watsonx_project_url", - "description": "The URL to the WatsonX project for the sample RAG application." - }, - { - "key": "watsonx_project_id", - "description": "The ID for the WatsonX project for the sample RAG application." - }, - { - "key": "watson_discovery_api_url", - "description": "The URL to the Watson Discovery API endpoint." - }, - { - "key": "watson_discovery_project_id", - "description": "The ID for the Watson Discovery project for the sample RAG application." - } - ], - "install_type": "fullstack" - } - ] - } - ] + "products": [ + { + "label": "Cloud-native AI", + "name": "Retrieval_Augmented_Generation_Pattern", + "product_kind": "solution", + "tags": [ + "solution", + "watson", + "security", + "banking", + "ibm_created" + ], + "keywords": [ + "cloud-native", + "rag", + "watson", + "ai", + "compliance", + "fscloud", + "genai", + "sample", + "ibmcloud", + "financial services", + "watsonx", + "llm", + "retrieval augmented generation", + "secure", + "secret manager", + "key protect", + "security and compliance center workload protection", + "cspm", + "config aggregator", + "app config" + ], + "short_description": "Automate a cloud-native AI deployment with supporting IBM Cloud and watsonx services, embed your enterprise data in generative AI solutions.", + "long_description": "Utilize data from your enterprise to achieve productivity gains in activities related to question/answer conversations, content search, summarization and generation. Cloud-native AI can be deployed in multiple configurations and is applicable to various industry use cases and solutions.\n\nThis deployable architecture provides a comprehensive foundation for trust, observability, security, and regulatory compliance by configuring and deploying various services and a sample application for a [RAG pattern](https://cloud.ibm.com/docs/pattern-genai-rag?topic=pattern-genai-rag-genai-pattern), including:\n- Configuring IBM Cloud Account with best practices from [IBM Cloud Framework for Financial Services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-about)\n- Deploying key and secrets management services for storage and management of encryption keys and secrets\n- Deploying controls for continuous compliance\n- Deploying observability services for application and platform logging and monitoring\n- Deploying a suite of watsonx services to provide generative AI RAG capabilities\n- Deploying content databases for storing vector embeddings of the documents and content search/retrieval\n- Deploying a sample application in a variety of run times including CI/CD/CC pipelines for secure application lifecycle management\n\nThe above configured and deployed services enable a secure and trustworthy deployment of generative AI applications on IBM Cloud.\n\nThe configurations are flexible and be changed to meet the needs for several types of RAG patterns depending on the chosen combination of technologies and services.\n\nThe generative AI RAG pattern services include:\n- [watsonx.ai](https://dataplatform.cloud.ibm.com/docs/content/wsj/getting-started/welcome-main.html?context=wx)\n- [watsonx.data](https://cloud.ibm.com/docs/watsonxdata) (with Milvus)\n- [watsonx.governance](https://dataplatform.cloud.ibm.com/docs/content/svc-welcome/aiopenscale.html?context=wx)\n- [watsonx Assistant](https://cloud.ibm.com/docs/watson-assistant?topic=watson-assistant-welcome-new-assistant)\n- [watsonx Orchestrate](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/current)\n- [Watson Discovery](https://cloud.ibm.com/docs/discovery-data)\n- [Elasticsearch](https://cloud.ibm.com/docs/databases-for-elasticsearch) Enterprise and Platinum edition\n\nThe supporting services include:\n- [Secrets Manager](https://cloud.ibm.com/docs/secrets-manager)\n- [Key Protect](https://cloud.ibm.com/docs/key-protect)\n- [Security and Compliance Center](https://cloud.ibm.com/docs/security-compliance)\n- [Event Notifications](https://cloud.ibm.com/docs/event-notifications?topic=event-notifications-getting-started)\n- [Logs](https://cloud.ibm.com/docs/cloud-logs)\n- [Monitoring](https://cloud.ibm.com/docs/monitoring?topic=monitoring-getting-started)\n- [Object Storage](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-getting-started-cloud-object-storage)\n- [Continuous Delivery](https://cloud.ibm.com/docs/ContinuousDelivery) toolchains\n- [Container Registry](https://cloud.ibm.com/docs/Registry)\n\nA [sample RAG application](https://github.com/IBM/gen-ai-rag-watsonx-sample-application) is deployed to [Code Engine](https://cloud.ibm.com/docs/codeengine) or [Red Hat OpenShift](https://cloud.ibm.com/docs/openshift) cluster.\n\nBy leveraging this architecture, you can accelerate your deployment and tailor it to meet your unique business needs and enterprise goals.", + "offering_docs_url": "https://github.com/terraform-ibm-modules/stack-retrieval-augmented-generation/blob/main/README.md", + "offering_icon_url": "https://globalcatalog.cloud.ibm.com/api/v1/1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc/artifacts/solution.svg", + "provider_name": "IBM", + "features": [ + { + "title": "RAG Pattern", + "description": "Deploy a RAG pattern with supporting IBM Cloud and watsonx services, and a sample application to Code Engine or Red Hat OpenShift using Continuous Delivery." + }, + { + "title": "Implement Security", + "description": "The architecture ensures security by deploying Key Protect and Secrets Manager." + }, + { + "title": "Achieve Regulatory Compliance", + "description": "Ensures regulatory compliance by implementing CI/CD/CC pipelines, along with Security and Compliance Center Workload Protection for continuous compliance." + }, + { + "title": "Ensure Observability", + "description": "Provides observability by deploying services such as Logs and Monitoring for log analysis and tracking activity." + }, + { + "title": "Establish Trust", + "description": "Ensures trust by configuring the IBM Cloud account to align with compliance settings as defined in the Financial Services framework." + } + ], + "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in that repository [https://github.com/terraform-ibm-modules/stack-retrieval-augmented-generation/issues](https://github.com/terraform-ibm-modules/stack-retrieval-augmented-generation/issues). Please note this product is not supported via the IBM Cloud Support Center.", + "flavors": [ + { + "label": "Basic with sample application (Deploy on Code Engine)", + "name": "basic", + "index": 1, + "working_directory": "solutions/basic", + "ignore_readme": true, + "compliance": { + "authority": "scc-v3", + "profiles": [ + { + "profile_name": "AI Security Guardrails 2.0", + "profile_version": "1.1.0" + } + ] + }, + "iam_permissions": [ + { + "service_name": "iam-groups", + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator" + ] + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "cloud-object-storage" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "service_name": "iam-identity" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Writer", + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "service_name": "atracker" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "kms" + }, + { + "service_name": "sysdig-secure", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ] + }, + { + "service_name": "apprapp", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ] + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "pm-20" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "data-science-experience" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "aiopenscale" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "conversation" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "discovery" + }, + { + "service_name": "databases-for-elasticsearch", + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ] + }, + { + "service_name": "event-notifications", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ] + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Writer", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "codeengine" + } + ], + "architecture": { + "features": [ + { + "title": " ", + "description": "Enables:" + }, + { + "title": "1. Code Engine for containerized and serverless workloads", + "description": " " + }, + { + "title": "2. Elasticsearch Enterprise for building and storing dense vector indexes or keyword search indexes", + "description": " " + }, + { + "title": "3. watsonx.ai in-memory vector store for RAG trial and exploration", + "description": " " + }, + { + "title": "4. watsonx.ai UI to upload documents", + "description": " " + }, + { + "title": "5. watsonx.ai Prompt Lab for inferencing and Prompt Templates", + "description": " " + }, + { + "title": "6. watsonx Assistant Conversational Search with embedded LLM", + "description": " " + }, + { + "title": "7. Build your own data processing, ingestion pipeline and indexes", + "description": " " + } + ], + "diagrams": [ + { + "diagram": { + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architectures/rag-pattern.svg", + "caption": "Reference architecture", + "type": "image/svg+xml", + "thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architectures/rag-pattern.svg" + }, + "description": "Reference architecture" + }, + { + "diagram": { + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architectures/rag-stack.svg", + "caption": "Solution components", + "type": "image/svg+xml", + "thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architectures/rag-stack.svg" + }, + "description": "Solution components" + } + ] + }, + "configuration": [ + { + "key": "prefix", + "type": "string", + "default_value": "dev", + "random_string" : { + "length": 4 + }, + "description": "The prefix to add to all resources that this solution creates (e.g `prod`, `test`, `dev`). Used to avoid name clashes in the target account when deploying this solution multiple times.", + "required": true, + "value_constraints": [ + { + "type": "regex", + "description": "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--'). It should not exceed 16 characters", + "value": "^$|^__NULL__$|^[a-z](?!.*--)(?:[a-z0-9-]{0,14}[a-z0-9])?$" + } + ] + }, + { + "key": "ibmcloud_api_key", + "type": "password", + "description": "The API Key used to provision all resources created in this solution.", + "required": true + }, + { + "key": "signing_key", + "type": "password", + "description": "The key used to sign the application image built by the CI pipeline deployed in this solution; please refer to the documentation at https://github.com/terraform-ibm-modules/stack-retrieval-augmented-generation/blob/main/README.md for generating the key; if not set, all resources will deploy successfully, but the initial CI pipeline execution will fail at the signing step.", + "default_value": "replace", + "required": false, + "custom_config": { + "type": "multiline_secure_value", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "region", + "type": "string", + "default_value": "us-south", + "description": "The region in which all resources are deployed.", + "required": false, + "options": [ + { + "displayname": "Dallas (us-south)", + "value": "us-south" + }, + { + "displayname": "Frankfurt (eu-de)", + "value": "eu-de" + }, + { + "displayname": "London (eu-gb)", + "value": "eu-gb" + }, + { + "displayname": "Sydney (au-syd)", + "value": "au-syd" + }, + { + "displayname": "Tokyo (jp-tok)", + "value": "jp-tok" + }, + { + "displayname": "Toronto (ca-tor)", + "value": "ca-tor" + } + ] + }, + { + "key": "resource_group_name", + "type": "string", + "default_value": "rag-services", + "description": "The name of the resource group that is created by this solution. The actual name is prefixed with the value of the input 'prefix'. All resources created by this solution are deployed in this resource group.", + "required": false + }, + { + "key": "existing_resource_group_name", + "type": "string", + "default_value": "__NULL__", + "description": "The name of an existing resource group that is used by this solution, takes precedence over `resource_group_name`. Prefix is NOT used for existing resource group. All resources created by this solution are deployed in this resource group.", + "required": false, + "custom_config": { + "type": "resource_group", + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "identifier": "rg_name" + } + } + }, + { + "key": "watsonx_admin_api_key", + "type": "password", + "description": "The API key used to provision the watson project resources. If not set, the API key used to deploy the solution is used.", + "required": false + }, + { + "key": "secrets_manager_service_plan", + "type": "string", + "default_value": "trial", + "description": "The service/pricing plan to use when provisioning a new Secrets Manager instance. Only one trial instance is allowed per account.", + "required": false, + "options": [ + { + "displayname": "Trial", + "value": "trial" + }, + { + "displayname": "Standard", + "value": "standard" + } + ] + }, + { + "key": "key_protect_plan", + "type": "string", + "default_value": "tiered-pricing", + "description": "The service plan of the Key Protect instance that will be provisioned by this solution. Only used if not supplying `existing_kms_instance_crn`. [Learn more](https://cloud.ibm.com/docs/key-protect?topic=key-protect-pricing-plan).", + "required": false, + "options": [ + { + "displayname": "Standard", + "value": "tiered-pricing" + }, + { + "displayname": "Cross-region Resiliency", + "value": "cross-region-resiliency" + } + ] + }, + { + "key": "cloud_monitoring_plan", + "type": "string", + "default_value": "graduated-tier", + "description": "The IBM Cloud Monitoring plan to provision. Available values are `lite` and `graduated-tier`. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-service_plans)", + "required": false, + "options": [ + { + "displayname": "Lite", + "value": "lite" + }, + { + "displayname": "Graduated Tier", + "value": "graduated-tier" + } + ] + }, + { + "key": "scc_workload_protection_service_plan", + "type": "string", + "default_value": "graduated-tier", + "description": "The pricing plan to use for the IBM Cloud Security and Compliance Center Workload Protection instance.", + "required": false, + "options": [ + { + "displayname": "Graduated Tier", + "value": "graduated-tier" + }, + { + "displayname": "Free Trial", + "value": "free-trial" + } + ] + }, + { + "key": "secrets_manager_secret_groups", + "type": "array", + "default_value": "[\n {\n secret_group_name = \"General\"\n secret_group_description = \"A general purpose secrets group with an associated access group which has a secrets reader role\"\n create_access_group = true\n access_group_name = \"general-secrets-group-access-group\"\n access_group_roles = [\"SecretsReader\"]\n }\n ]", + "description": "Secret Manager secret group and access group configurations. If a prefix input variable is specified, it is added to the `access_group_name` value in the `-value` format. If you do not wish to create any groups, set the value to `[]`. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager/tree/main/solutions/fully-configurable/provisioning_secrets_groups.md).", + "required": false, + "custom_config": { + "type": "code_editor", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "skip_secrets_manager_iam_auth_policy", + "display_name": "disable_secrets_manager_iam_credentials_engine", + "type": "boolean", + "default_value": false, + "description": "Whether to skip the creation of the IAM authorization policies required to enable the Secrets Manager IAM credentials engine. If set to false, policies will be created that grants the Secrets Manager instance 'Operator' access to the IAM identity service, and 'Groups Service Member Manage' access to the IAM groups service.", + "required": false + }, + { + "key": "enable_platform_metrics", + "type": "boolean", + "default_value": false, + "description": "Setting this to true will enable platform metrics for the Cloud Monitoring instance, including setting up a metrics routing route to the Cloud Monitoring instance. NOTE: You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location.", + "required": false + }, + { + "key": "logs_routing_tenant_regions", + "type": "array", + "default_value": [], + "description": "Pass a list of regions to create a tenant that is targeted to the Cloud Logs instance created by this solution. To manage platform logs that are generated by IBM Cloud® services in a region of IBM Cloud, you must create a tenant in each region that you operate. Leave the list empty if you don't want to create any tenants.", + "required": false, + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "event_notifications_email_list", + "type": "array", + "default_value": [], + "description": "List of emails to configure event notifications.", + "required": false, + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "enterprise_id", + "type": "string", + "default_value": "__NULL__", + "description": "If the account is an enterprise account and you want to scan sub-accounts for compliance, this value should be set to the enterprise ID (this is different to the account ID).", + "required": false + }, + { + "key": "enterprise_account_group_ids_to_assign", + "type": "array", + "default_value": [ + "all" + ], + "description": "A list of enterprise account group IDs to assign the trusted profile template to in order for the accounts to be scanned for compliance. Supports passing the string 'all' in the list to assign to all account groups. Only applies if a value is being passed for `enterprise_id`.", + "required": false, + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "enterprise_account_ids_to_assign", + "type": "array", + "default_value": [ + "all" + ], + "description": "A list of enterprise account IDs to assign the trusted profile template to in order for the accounts to be scanned. Supports passing the string 'all' in the list to assign to all accounts. Only applies if a value is being passed for `enterprise_id`.", + "required": false, + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "sample_app_git_url", + "type": "string", + "default_value": "https://github.com/IBM/gen-ai-rag-watsonx-sample-application", + "description": "The URL to the public git repository containing the sample RAG application code.", + "required": false + }, + { + "key": "existing_secrets_manager_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing secret manager instance to use in this solution. If not set, a new secret manager instance is provisioned.", + "required": false + }, + { + "key": "existing_kms_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing KMS instance to use in this solution. If not set, a new KP instance is provisioned.", + "required": false + }, + { + "key": "existing_event_notifications_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing event notification instance to use in this solution. If not set, a new event notification instance is provisioned.", + "required": false + }, + { + "key": "existing_discovery_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing WatsonX SaaS discovery instance to use in this solution. If not set, a new discovery instance is provisioned depending on which plan is selected.", + "required": false + }, + { + "key": "existing_assistant_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing WatsonX SaaS assistant instance to use in this solution. If not set, a new assistant instance is provisioned depending on which plan is selected.", + "required": false + }, + { + "key": "existing_governance_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing WatsonX SaaS governance instance to use in this solution. If not set, a new governance instance is provisioned depending on which plan is selected.", + "required": false + }, + { + "key": "existing_studio_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing WatsonX SaaS studio instance to use in this solution. If not set, a new studio instance is provisioned depending on which plan is selected.", + "required": false + }, + { + "key": "existing_machine_learning_instance", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing WatsonX SaaS machine learning instance to use in this solution. If not set, a new machine learning instance is provisioned depending on which plan is selected.", + "required": false + }, + { + "key": "existing_elasticsearch_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing elasticsearch instance to use in this solution. If not set, a new elasticsearch instance is provisioned.", + "required": false + } + ], + "outputs": [ + { + "name": "cos_instance_crn", + "description": "Cloud Object Storage instance CRN" + }, + { + "name": "cos_instance_guid", + "description": "Cloud Object Storage instance GUID" + }, + { + "name": "cos_instance_name", + "description": "Cloud Object Storage instance name" + }, + { + "key": "elasticsearch_hostname", + "description": "The hostname of the Elasticsearch instance." + }, + { + "key": "elasticsearch_port", + "description": "The port of the Elasticsearch instance." + }, + { + "key": "elasticsearch_service_credentials_json", + "description": "The service credentials of the Elasticsearch instance." + }, + { + "key": "elasticsearch_crn", + "description": "The CRN of the Elasticsearch instance." + }, + { + "key": "watsonx_project_url", + "description": "The URL to the WatsonX project for the sample RAG application." + }, + { + "key": "watsonx_project_id", + "description": "The ID for the WatsonX project for the sample RAG application." + }, + { + "key": "watson_discovery_api_url", + "description": "The URL to the Watson Discovery API endpoint." + }, + { + "key": "watson_discovery_project_id", + "description": "The ID for the Watson Discovery project for the sample RAG application." + } + ], + "install_type": "fullstack" + }, + { + "label": "Standard with sample application (Deploy on Red Hat OpenShift)", + "name": "standard", + "index": 2, + "working_directory": "solutions/standard", + "ignore_readme": true, + "compliance": { + "authority": "scc-v3", + "profiles": [ + { + "profile_name": "AI Security Guardrails 2.0", + "profile_version": "1.1.0" + } + ] + }, + "iam_permissions": [ + { + "service_name": "iam-groups", + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator" + ] + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "cloud-object-storage" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator", + "crn:v1:bluemix:public:iam-identity::::serviceRole:UserApiKeyCreator" + ], + "service_name": "iam-identity" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Writer", + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "service_name": "atracker" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "kms" + }, + { + "service_name": "sysdig-secure", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ] + }, + { + "service_name": "apprapp", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ] + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "pm-20" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "data-science-experience" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "aiopenscale" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "conversation" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "discovery" + }, + { + "service_name": "databases-for-elasticsearch", + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ] + }, + { + "service_name": "event-notifications", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ] + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "service_name": "containers-kubernetes" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "service_name": "is.vpc" + } + ], + "architecture": { + "features": [ + { + "title": " ", + "description": "Enables:" + }, + { + "title": "1. Red Hat OpenShift cluster for microservices workloads", + "description": " " + }, + { + "title": "2. Elasticsearch Platinum for building and storing sparse vectors, dense vector indexes or keyword search indexes", + "description": " " + }, + { + "title": "i. watsonx.ai use of Elasticsearch ELSER2 vector index for RAG", + "description": " " + }, + { + "title": "ii. watsonx Assistant Conversational Search with UI feature for uploading documents to create or use Elasticsearch ELSER2 vector index for RAG", + "description": " " + }, + { + "title": "3. watsonx.ai in-memory vector store for RAG trial and exploration", + "description": " " + }, + { + "title": "4. watsonx.ai UI to upload documents", + "description": " " + }, + { + "title": "5. watsonx.ai Prompt Lab for inferencing and Prompt Templates", + "description": " " + }, + { + "title": "6. watsonx Assistant Conversational Search with embedded LLM", + "description": " " + }, + { + "title": "7. Build your own data processing, ingestion pipeline and indexes", + "description": " " + } + ], + "diagrams": [ + { + "diagram": { + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architectures/rag-pattern.svg", + "caption": "Reference architecture", + "type": "image/svg+xml", + "thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architectures/rag-pattern.svg" + }, + "description": "Reference architecture" + }, + { + "diagram": { + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architectures/rag-stack.svg", + "caption": "Solution components", + "type": "image/svg+xml", + "thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architectures/rag-stack.svg" + }, + "description": "Solution components" + } + ] + }, + "configuration": [ + { + "key": "prefix", + "type": "string", + "default_value": "dev", + "random_string" : { + "length": 4 + }, + "description": "The prefix to add to all resources that this solution creates (e.g `prod`, `test`, `dev`). Used to avoid name clashes in the target account when deploying this solution multiple times.", + "required": true, + "value_constraints": [ + { + "type": "regex", + "description": "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--'). It should not exceed 16 characters", + "value": "^$|^__NULL__$|^[a-z](?!.*--)(?:[a-z0-9-]{0,14}[a-z0-9])?$" + } + ] + }, + { + "key": "ibmcloud_api_key", + "type": "password", + "description": "The API Key used to provision all resources created in this solution.", + "required": true + }, + { + "key": "signing_key", + "type": "password", + "description": "The key used to sign the application image built by the CI pipeline deployed in this solution; please refer to the documentation at https://github.com/terraform-ibm-modules/stack-retrieval-augmented-generation/blob/main/README.md for generating the key; if not set, all resources will deploy successfully, but the initial CI pipeline execution will fail at the signing step.", + "default_value": "replace", + "required": false, + "custom_config": { + "type": "multiline_secure_value", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "region", + "type": "string", + "default_value": "us-south", + "description": "The region in which all resources are deployed.", + "required": false, + "options": [ + { + "displayname": "Dallas (us-south)", + "value": "us-south" + }, + { + "displayname": "Frankfurt (eu-de)", + "value": "eu-de" + }, + { + "displayname": "London (eu-gb)", + "value": "eu-gb" + }, + { + "displayname": "Sydney (au-syd)", + "value": "au-syd" + }, + { + "displayname": "Tokyo (jp-tok)", + "value": "jp-tok" + }, + { + "displayname": "Toronto (ca-tor)", + "value": "ca-tor" + } + ] + }, + { + "key": "resource_group_name", + "type": "string", + "default_value": "rag-services", + "description": "The name of the resource group that is created by this solution. The actual name is prefixed with the value of the input 'prefix'. All resources created by this solution are deployed in this resource group.", + "required": false + }, + { + "key": "existing_resource_group_name", + "type": "string", + "default_value": "__NULL__", + "description": "The name of an existing resource group that is used by this solution, takes precedence over resource_group_name. Prefix is NOT used for existing resource group. All resources created by this solution are deployed in this resource group.", + "required": false, + "custom_config": { + "type": "resource_group", + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "identifier": "rg_name" + } + } + }, + { + "key": "watsonx_admin_api_key", + "type": "password", + "description": "The API key used to provision the watson project resources. If not set, the API key used to deploy the solution is used.", + "required": false + }, + { + "key": "secrets_manager_service_plan", + "type": "string", + "default_value": "standard", + "description": "The service/pricing plan to use when provisioning a new Secrets Manager instance. Only one trial instance is allowed per account.", + "required": false, + "options": [ + { + "displayname": "Trial", + "value": "trial" + }, + { + "displayname": "Standard", + "value": "standard" + } + ] + }, + { + "key": "key_protect_plan", + "type": "string", + "default_value": "tiered-pricing", + "description": "The service plan of the Key Protect instance that will be provisioned by this solution. Only used if not supplying `existing_kms_instance_crn`. [Learn more](https://cloud.ibm.com/docs/key-protect?topic=key-protect-pricing-plan).", + "required": false, + "options": [ + { + "displayname": "Standard", + "value": "tiered-pricing" + }, + { + "displayname": "Cross-region Resiliency", + "value": "cross-region-resiliency" + } + ] + }, + { + "key": "cloud_monitoring_plan", + "type": "string", + "default_value": "graduated-tier", + "description": "The IBM Cloud Monitoring plan to provision. Available values are `lite` and `graduated-tier`. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-service_plans)", + "required": false, + "options": [ + { + "displayname": "Lite", + "value": "lite" + }, + { + "displayname": "Graduated Tier", + "value": "graduated-tier" + } + ] + }, + { + "key": "scc_workload_protection_service_plan", + "type": "string", + "default_value": "graduated-tier", + "description": "The pricing plan to use for the IBM Cloud Security and Compliance Center Workload Protection instance.", + "required": false, + "options": [ + { + "displayname": "Graduated Tier", + "value": "graduated-tier" + }, + { + "displayname": "Free Trial", + "value": "free-trial" + } + ] + }, + { + "key": "secrets_manager_secret_groups", + "type": "array", + "default_value": "[\n {\n secret_group_name = \"General\"\n secret_group_description = \"A general purpose secrets group with an associated access group which has a secrets reader role\"\n create_access_group = true\n access_group_name = \"general-secrets-group-access-group\"\n access_group_roles = [\"SecretsReader\"]\n }\n ]", + "description": "Secret Manager secret group and access group configurations. If a prefix input variable is specified, it is added to the `access_group_name` value in the `-value` format. If you do not wish to create any groups, set the value to `[]`. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager/tree/main/solutions/fully-configurable/provisioning_secrets_groups.md).", + "required": false, + "custom_config": { + "type": "code_editor", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "skip_secrets_manager_iam_auth_policy", + "display_name": "disable_secrets_manager_iam_credentials_engine", + "type": "boolean", + "default_value": false, + "description": "Whether to skip the creation of the IAM authorization policies required to enable the Secrets Manager IAM credentials engine. If set to false, policies will be created that grants the Secrets Manager instance 'Operator' access to the IAM identity service, and 'Groups Service Member Manage' access to the IAM groups service.", + "required": false + }, + { + "key": "enable_platform_metrics", + "type": "boolean", + "default_value": false, + "description": "Setting this to true will enable platform metrics for the Cloud Monitoring instance, including setting up a metrics routing route to the Cloud Monitoring instance. NOTE: You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location.", + "required": false + }, + { + "key": "logs_routing_tenant_regions", + "type": "array", + "default_value": [], + "description": "Pass a list of regions to create a tenant that is targeted to the Cloud Logs instance created by this solution. To manage platform logs that are generated by IBM Cloud® services in a region of IBM Cloud, you must create a tenant in each region that you operate. Leave the list empty if you don't want to create any tenants.", + "required": false, + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "event_notifications_email_list", + "type": "array", + "default_value": [], + "description": "List of emails to configure event notifications.", + "required": false, + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "enterprise_id", + "type": "string", + "default_value": "__NULL__", + "description": "If the account is an enterprise account and you want to scan sub-accounts for compliance, this value should be set to the enterprise ID (this is different to the account ID).", + "required": false + }, + { + "key": "enterprise_account_group_ids_to_assign", + "type": "array", + "default_value": [ + "all" + ], + "description": "A list of enterprise account group IDs to assign the trusted profile template to in order for the accounts to be scanned for compliance. Supports passing the string 'all' in the list to assign to all account groups. Only applies if a value is being passed for `enterprise_id`.", + "required": false, + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "enterprise_account_ids_to_assign", + "type": "array", + "default_value": [ + "all" + ], + "description": "A list of enterprise account IDs to assign the trusted profile template to in order for the accounts to be scanned. Supports passing the string 'all' in the list to assign to all accounts. Only applies if a value is being passed for `enterprise_id`.", + "required": false, + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "enterprise_id", + "type": "string", + "default_value": "__NULL__", + "description": "If the account is an enterprise account and you want to scan sub-accounts for compliance, this value should be set to the enterprise ID (this is different to the account ID).", + "required": false + }, + { + "key": "enterprise_account_group_ids_to_assign", + "type": "array", + "default_value": [ + "all" + ], + "description": "A list of enterprise account group IDs to assign the trusted profile template to in order for the accounts to be scanned for compliance. Supports passing the string 'all' in the list to assign to all account groups. Only applies if a value is being passed for `enterprise_id`.", + "required": false, + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "enterprise_account_ids_to_assign", + "type": "array", + "default_value": [ + "all" + ], + "description": "A list of enterprise account IDs to assign the trusted profile template to in order for the accounts to be scanned. Supports passing the string 'all' in the list to assign to all accounts. Only applies if a value is being passed for `enterprise_id`.", + "required": false, + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "sample_app_git_url", + "type": "string", + "default_value": "https://github.com/IBM/gen-ai-rag-watsonx-sample-application", + "description": "The URL to the public git repository containing the sample RAG application code.", + "required": false + }, + { + "key": "existing_secrets_manager_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing secret manager instance to use in this solution. If not set, a new secret manager instance is provisioned.", + "required": false + }, + { + "key": "existing_kms_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing KMS instance to use in this solution. If not set, a new KP instance is provisioned.", + "required": false + }, + { + "key": "existing_event_notifications_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing event notification instance to use in this solution. If not set, a new event notification instance is provisioned.", + "required": false + }, + { + "key": "existing_discovery_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing WatsonX SaaS discovery instance to use in this solution. If not set, a new discovery instance is provisioned depending on which plan is selected.", + "required": false + }, + { + "key": "existing_assistant_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing WatsonX SaaS assistant instance to use in this solution. If not set, a new assistant instance is provisioned depending on which plan is selected.", + "required": false + }, + { + "key": "existing_governance_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing WatsonX SaaS governance instance to use in this solution. If not set, a new governance instance is provisioned depending on which plan is selected.", + "required": false + }, + { + "key": "existing_studio_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing WatsonX SaaS studio instance to use in this solution. If not set, a new studio instance is provisioned depending on which plan is selected.", + "required": false + }, + { + "key": "existing_machine_learning_instance", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing WatsonX SaaS machine learning instance to use in this solution. If not set, a new machine learning instance is provisioned depending on which plan is selected.", + "required": false + }, + { + "key": "existing_elasticsearch_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing elasticsearch instance to use in this solution. If not set, a new elasticsearch instance is provisioned.", + "required": false + } + ], + "outputs": [ + { + "name": "cos_instance_crn", + "description": "Cloud Object Storage instance CRN" + }, + { + "name": "cos_instance_guid", + "description": "Cloud Object Storage instance GUID" + }, + { + "name": "cos_instance_name", + "description": "Cloud Object Storage instance name" + }, + { + "key": "elasticsearch_hostname", + "description": "The hostname of the Elasticsearch instance." + }, + { + "key": "elasticsearch_port", + "description": "The port of the Elasticsearch instance." + }, + { + "key": "elasticsearch_service_credentials_json", + "description": "The service credentials of the Elasticsearch instance." + }, + { + "key": "elasticsearch_crn", + "description": "The CRN of the Elasticsearch instance." + }, + { + "key": "watsonx_project_url", + "description": "The URL to the WatsonX project for the sample RAG application." + }, + { + "key": "watsonx_project_id", + "description": "The ID for the WatsonX project for the sample RAG application." + }, + { + "key": "watson_discovery_api_url", + "description": "The URL to the Watson Discovery API endpoint." + }, + { + "key": "watson_discovery_project_id", + "description": "The ID for the Watson Discovery project for the sample RAG application." + }, + { + "key": "kms_instance_crn", + "description": "The CRN of the Hyper Protect Crypto Service instance or Key Protect instance" + }, + { + "key": "kms_private_endpoint", + "description": "Key Management Service instance private endpoint URL." + }, + { + "key": "kms_public_endpoint", + "description": "Key Management Service instance public endpoint URL." + }, + { + "key": "event_notifications_instance_crn", + "description": "Event Notifications crn" + }, + { + "key": "event_notifications_instance_name", + "description": "Event Notifications name" + }, + { + "key": "event_notifications_instance_guid", + "description": "Event Notifications guid" + }, + { + "key": "cloud_logs_for_logging_crn", + "description": "The id of the provisioned IBM Cloud Logs for logging instance." + }, + { + "key": "cloud_logs_for_logging_guid", + "description": "The guid of the provisioned IBM Cloud Logs for logging instance." + }, + { + "key": "cloud_logs_for_activity_tracking_crn", + "description": "The id of the provisioned IBM Cloud Logs for activity tracking instance." + }, + { + "key": "cloud_logs_for_activity_tracking_guid", + "description": "The guid of the provisioned IBM Cloud Logs for activity tracking instance." + }, + { + "key": "cloud_monitoring_crn", + "description": "The id of the provisioned IBM cloud monitoring instance." + }, + { + "key": "cloud_monitoring_guid", + "description": "The guid of the provisioned IBM cloud monitoring instance." + }, + { + "key": "secrets_manager_crn", + "description": "CRN of the Secrets Manager instance" + }, + { + "key": "secrets_manager_guid", + "description": "GUID of Secrets Manager instance" + }, + { + "key": "secrets_manager_name", + "description": "Name of the Secrets Manager instance" + }, + { + "key": "app_config_crn", + "description": "CRN of the App Configuration instance" + }, + { + "key": "app_config_guid", + "description": "GUID of the App Configuration instance" + }, + { + "key": "scc_workload_protection_crn", + "description": "SCC Workload Protection instance CRN" + }, + { + "key": "scc_workload_protection_guid", + "description": "SCC Workload Protection instance ID" + }, + { + "key": "watson_discovery_crn", + "description": "The CRN of the Watson Discovery instance." + }, + { + "key": "watson_discovery_dashboard_url", + "description": "The dashboard URL of the Watson Discovery instance." + }, + { + "key": "watson_machine_learning_crn", + "description": "The CRN of the Watson Machine Learning instance." + }, + { + "key": "watson_machine_learning_dashboard_url", + "description": "The dashboard URL of the Watson Machine Learning instance." + }, + { + "key": "watson_machine_learning_guid", + "description": "The GUID of the Watson Machine Learning instance." + }, + { + "key": "watson_studio_crn", + "description": "The CRN of the Watson Studio instance." + }, + { + "key": "watson_studio_dashboard_url", + "description": "The dashboard URL of the Watson Studio instance." + }, + { + "key": "watson_studio_guid", + "description": "The GUID of the Watson Studio instance." + }, + { + "key": "watsonx_assistant_crn", + "description": "The CRN of the watsonx Assistant instance." + }, + { + "key": "watsonx_assistant_dashboard_url", + "description": "The dashboard URL of the watsonx Assistant instance." + }, + { + "key": "watsonx_data_crn", + "description": "The CRN of the watsonx.data instance." + }, + { + "key": "watsonx_data_dashboard_url", + "description": "The dashboard URL of the watsonx.data instance." + }, + { + "key": "watsonx_data_guid", + "description": "The GUID of the watsonx.data instance." + }, + { + "key": "watson_discovery_guid", + "description": "The GUID of the Watson Discovery instance." + }, + { + "key": "workload_cluster_name", + "description": "The name of the workload cluster. If the cluster name does not exactly match the prefix-workload-cluster pattern it will be null." + }, + { + "key": "workload_cluster_id", + "description": "The id of the workload cluster. If the cluster name does not exactly match the prefix-workload-cluster pattern it will be null." + }, + { + "key": "workload_cluster_private_service_endpoint_url", + "description": "The private service endpoint URL of the Workload cluster, if not then null." + }, + { + "key": "workload_cluster_public_service_endpoint_url", + "description": "The public service endpoint URL of the Workload cluster, if not then null." + } + ], + "install_type": "fullstack" + } + ] + } + ] } diff --git a/reference-architecture/rag-pattern.svg b/reference-architectures/rag-pattern.svg similarity index 100% rename from reference-architecture/rag-pattern.svg rename to reference-architectures/rag-pattern.svg diff --git a/reference-architecture/rag-stack.svg b/reference-architectures/rag-stack.svg similarity index 100% rename from reference-architecture/rag-stack.svg rename to reference-architectures/rag-stack.svg diff --git a/solutions/basic/stack_definition.json b/solutions/basic/stack_definition.json index 1cca3e57..c896e62c 100644 --- a/solutions/basic/stack_definition.json +++ b/solutions/basic/stack_definition.json @@ -7,13 +7,34 @@ "hidden": false }, { - "name": "secret_manager_service_plan", + "name": "secrets_manager_service_plan", "required": false, "type": "string", "hidden": false }, { - "name": "skip_iam_authorization_policy", + "name": "key_protect_plan", + "required": false, + "type": "string", + "hidden": false, + "custom_config": {} + }, + { + "name": "cloud_monitoring_plan", + "required": false, + "type": "string", + "hidden": false, + "custom_config": {} + }, + { + "name": "secrets_manager_secret_groups", + "required": false, + "type": "array", + "hidden": false, + "custom_config": {} + }, + { + "name": "skip_secrets_manager_iam_auth_policy", "required": false, "type": "boolean", "hidden": false @@ -60,6 +81,13 @@ "type": "string", "hidden": false }, + { + "name": "event_notifications_email_list", + "required": false, + "type": "array", + "hidden": false, + "custom_config": {} + }, { "name": "existing_kms_instance_crn", "required": false, @@ -67,7 +95,7 @@ "hidden": false }, { - "name": "existing_event_notification_instance_crn", + "name": "existing_event_notifications_instance_crn", "required": false, "type": "string", "hidden": false @@ -84,13 +112,6 @@ "type": "array", "hidden": false }, - { - "name": "app_config_service_plan", - "required": false, - "type": "string", - "hidden": false, - "custom_config": {} - }, { "name": "scc_workload_protection_service_plan", "required": false, @@ -120,7 +141,7 @@ "custom_config": {} }, { - "name": "existing_discovery_instance", + "name": "existing_discovery_instance_crn", "required": false, "type": "string", "hidden": false @@ -132,13 +153,13 @@ "hidden": false }, { - "name": "existing_governance_instance", + "name": "existing_governance_instance_crn", "required": false, "type": "string", "hidden": false }, { - "name": "existing_studio_instance", + "name": "existing_studio_instance_crn", "required": false, "type": "string", "hidden": false @@ -158,20 +179,16 @@ ], "members": [ { - "name": "Account Infrastructure Base", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.24459be4-397b-4dce-b2d1-555ccd576c14-global", + "name": "1 - Account Configuration", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.0e456e60-9ca9-4e9e-8f28-6265f8a12f97-global", "inputs": [ { "name": "prefix", "value": "ref:../../inputs/prefix" }, { - "name": "ibmcloud_api_key", - "value": "" - }, - { - "name": "region", - "value": "ref:../../inputs/region" + "name": "single_resource_group_name", + "value": "ref:../../inputs/existing_resource_group_name" }, { "name": "security_resource_group_name", @@ -202,464 +219,569 @@ "value": "ref:../../inputs/resource_group_name" }, { - "name": "existing_security_resource_group_name", - "value": "ref:../../inputs/existing_resource_group_name" - }, + "name": "provision_trusted_profile_projects", + "value": false + } + ] + }, + { + "name": "2a - Essential Security - Encryption Key Management", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.fbb4dc92-6318-4f20-afc9-65cc586ac241-global", + "inputs": [ { - "name": "existing_audit_resource_group_name", - "value": "ref:../../inputs/existing_resource_group_name" + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/security_resource_group_name" }, { - "name": "existing_observability_resource_group_name", - "value": "ref:../../inputs/existing_resource_group_name" + "name": "region", + "value": "ref:../../inputs/region" }, { - "name": "existing_management_resource_group_name", - "value": "ref:../../inputs/existing_resource_group_name" + "name": "existing_kms_instance_crn", + "value": "ref:../../inputs/existing_kms_instance_crn" }, { - "name": "existing_workload_resource_group_name", - "value": "ref:../../inputs/existing_resource_group_name" + "name": "prefix", + "value": "ref:../../inputs/prefix" }, { - "name": "existing_edge_resource_group_name", - "value": "ref:../../inputs/existing_resource_group_name" - }, + "name": "key_protect_plan", + "value": "ref:../../inputs/key_protect_plan" + } + ] + }, + { + "name": "2b - Essential Security - Cloud Object Storage", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.6433c58f-9e1b-4520-ae52-5ab4f4559cf9-global", + "inputs": [ { - "name": "existing_devops_resource_group_name", - "value": "ref:../../inputs/existing_resource_group_name" + "name": "prefix", + "value": "ref:../../inputs/prefix" }, { - "name": "provision_trusted_profile_projects", - "value": false + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/observability_resource_group_name" } ] }, { - "name": "Essential Security - App Configuration", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.c160fa36-fd40-42de-8553-1233e0c5e971-global", + "name": "2c - Essential Security - Cloud Monitoring", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.4c21c293-3f7d-454b-97bc-9808aee58bfe-global", "inputs": [ - { - "name": "existing_resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/audit_resource_group_name" - }, { "name": "region", "value": "ref:../../inputs/region" }, + { + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/observability_resource_group_name" + }, { "name": "prefix", "value": "ref:../../inputs/prefix" }, { - "name": "app_config_plan", - "value": "ref:../../inputs/app_config_service_plan" + "name": "enable_platform_metrics", + "value": "ref:../../inputs/enable_platform_metrics" }, { - "name": "enable_config_aggregator", - "value": true + "name": "enable_metrics_routing_to_cloud_monitoring", + "value": "ref:../../inputs/enable_platform_metrics" }, { - "name": "config_aggregator_enterprise_id", - "value": "ref:../../inputs/enterprise_id" + "name": "cloud_monitoring_plan", + "value": "ref:../../inputs/cloud_monitoring_plan" + } + ] + }, + { + "name": "2d - Workload - Code Engine Project for CI", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.879ff223-c2d9-486c-b7b6-62dbc3083a0d-global", + "inputs": [ + { + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/workload_resource_group_name" }, { - "name": "config_aggregator_enterprise_account_group_ids_to_assign", - "value": "ref:../../inputs/enterprise_account_group_ids_to_assign" + "name": "prefix", + "value": "ref:../../inputs/prefix" }, { - "name": "config_aggregator_enterprise_account_ids_to_assign", - "value": "ref:../../inputs/enterprise_account_ids_to_assign" + "name": "project_name", + "value": "Generative_AI_Sample_App_CI_Project" + }, + { + "name": "region", + "value": "ref:../../inputs/region" } ] }, { - "name": "Essential Security - Encryption Key Management", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.93bf5d12-a435-4510-8888-1c32db20b82b-global", + "name": "2e - Workload - Code Engine Project for CD", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.879ff223-c2d9-486c-b7b6-62dbc3083a0d-global", "inputs": [ { - "name": "resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/security_resource_group_name" + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/workload_resource_group_name" }, { - "name": "use_existing_resource_group", - "value": true + "name": "prefix", + "value": "ref:../../inputs/prefix" }, { - "name": "ibmcloud_api_key", - "value": "" + "name": "project_name", + "value": "Generative_AI_Sample_App_CD_Project" }, { "name": "region", "value": "ref:../../inputs/region" + } + ] + }, + { + "name": "3a - Essential Security - Event Notifications", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.29f017cd-7a6f-45cc-a4ed-5f23505380bf-global", + "inputs": [ + { + "name": "existing_cos_instance_crn", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_id" + }, + { + "name": "enable_collecting_failed_events", + "value": true + }, + { + "name": "kms_encryption_enabled", + "value": true + }, + { + "name": "kms_endpoint_url", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_private_endpoint" }, { "name": "existing_kms_instance_crn", - "value": "ref:../../inputs/existing_kms_instance_crn" + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" + }, + { + "name": "kms_endpoint_type", + "value": "private" + }, + { + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/observability_resource_group_name" + }, + { + "name": "region", + "value": "ref:../../inputs/region" }, { "name": "prefix", "value": "ref:../../inputs/prefix" }, { - "name": "key_protect_instance_name", - "value": "base-security-services-kms" + "name": "existing_event_notifications_instance_crn", + "value": "ref:../../inputs/existing_event_notifications_instance_crn" + }, + { + "name": "existing_monitoring_crn", + "value": "ref:../2c - Essential Security - Cloud Monitoring/outputs/cloud_monitoring_crn" } ] }, { - "name": "Essential Security - Logging Monitoring Activity Tracker", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.39562a8a-1b92-4342-b990-1944ae583df9-global", + "name": "3b - Gen AI - WatsonX SaaS services", + "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.63f85fe2-082f-44fa-add2-6a0f93d130e8-global", "inputs": [ { - "name": "ibmcloud_api_key", - "value": "" + "name": "watsonx_admin_api_key", + "value": "ref:../../inputs/watsonx_admin_api_key" + }, + { + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/workload_resource_group_name" }, { "name": "region", "value": "ref:../../inputs/region" }, { - "name": "existing_kms_instance_crn", - "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" + "name": "prefix", + "value": "ref:../../inputs/prefix" }, { - "name": "resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/observability_resource_group_name" + "name": "watson_machine_learning_plan", + "value": "v2-standard" }, { - "name": "prefix", - "value": "ref:../../inputs/prefix" + "name": "existing_machine_learning_instance", + "value": "ref:../../inputs/existing_machine_learning_instance" }, { - "name": "use_existing_resource_group", - "value": true + "name": "watson_studio_plan", + "value": "professional-v1" }, { - "name": "existing_en_instance_crn", - "value": "ref:../Essential Security - Event Notifications/outputs/crn" + "name": "existing_studio_instance", + "value": "ref:../../inputs/existing_studio_instance_crn" }, { - "name": "enable_platform_metrics", - "value": "ref:../../inputs/enable_platform_metrics" + "name": "watson_discovery_plan", + "value": "do not install" }, { - "name": "logs_routing_tenant_regions", - "value": "ref:../../inputs/logs_routing_tenant_regions" + "name": "existing_discovery_instance", + "value": "ref:../../inputs/existing_discovery_instance_crn" + }, + { + "name": "watsonx_assistant_plan", + "value": "plus" + }, + { + "name": "existing_assistant_instance", + "value": "ref:../../inputs/existing_assistant_instance_crn" + }, + { + "name": "watsonx_governance_plan", + "value": "do not install" + }, + { + "name": "existing_governance_instance", + "value": "ref:../../inputs/existing_governance_instance_crn" + }, + { + "name": "existing_cos_instance_crn", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_crn" + }, + { + "name": "cos_kms_crn", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" + }, + { + "name": "enable_cos_kms_encryption", + "value": true } ] }, { - "name": "Essential Security - Event Notifications", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.b02f9aa4-b40f-41d5-8039-8e87742d756e-global", + "name": "4a - Essential Security - Cloud Logs for logging", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.b6bf9a7b-6ac3-4821-b3e4-f274293603f3-global", "inputs": [ { - "name": "kms_endpoint_url", - "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_private_endpoint" + "name": "region", + "value": "ref:../../inputs/region" }, { "name": "existing_kms_instance_crn", - "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" + }, + { + "name": "kms_encryption_enabled_buckets", + "value": true }, { "name": "kms_endpoint_type", "value": "private" }, { - "name": "resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/observability_resource_group_name" + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/observability_resource_group_name" }, { - "name": "use_existing_resource_group", - "value": true + "name": "existing_cos_instance_crn", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_crn" }, { - "name": "region", - "value": "ref:../../inputs/region" + "name": "existing_monitoring_crn", + "value": "ref:../2c - Essential Security - Cloud Monitoring/outputs/cloud_monitoring_crn" }, { "name": "prefix", "value": "ref:../../inputs/prefix" }, { - "name": "existing_en_instance_crn", - "value": "ref:../../inputs/existing_event_notification_instance_crn" + "name": "existing_event_notifications_instances", + "value": "ref:../3a - Essential Security - Event Notifications/outputs/crn_list_object" + }, + { + "name": "logs_routing_tenant_regions", + "value": "ref:../../inputs/logs_routing_tenant_regions" } ] }, { - "name": "Essential Security - Secrets Manager", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.db823650-3010-4482-b807-45145f273553-global", + "name": "4b - Essential Security - App Configuration", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.bff2dc4d-9e19-4b2c-8890-4cda020ce39e-global", "inputs": [ { - "name": "prefix", - "value": "ref:../../inputs/prefix" + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/audit_resource_group_name" }, { - "name": "resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/security_resource_group_name" + "name": "region", + "value": "ref:../../inputs/region" }, { - "name": "ibmcloud_api_key", - "value": "" + "name": "prefix", + "value": "ref:../../inputs/prefix" }, { - "name": "region", - "value": "ref:../../inputs/region" + "name": "app_config_service_plan", + "value": "enterprise" }, { - "name": "existing_kms_instance_crn", - "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" + "name": "enable_config_aggregator", + "value": true }, { - "name": "use_existing_resource_group", - "value": true + "name": "config_aggregator_enterprise_id", + "value": "ref:../../inputs/enterprise_id" }, { - "name": "existing_secrets_manager_crn", - "value": "ref:../../inputs/existing_secrets_manager_crn" + "name": "config_aggregator_enterprise_account_group_ids_to_assign", + "value": "ref:../../inputs/enterprise_account_group_ids_to_assign" }, { - "name": "skip_iam_authorization_policy", - "value": "ref:../../inputs/skip_iam_authorization_policy" + "name": "config_aggregator_enterprise_account_ids_to_assign", + "value": "ref:../../inputs/enterprise_account_ids_to_assign" }, { - "name": "service_plan", - "value": "ref:../../inputs/secret_manager_service_plan" + "name": "kms_encryption_enabled", + "value": true }, { - "name": "existing_event_notifications_instance_crn", - "value": "ref:../Essential Security - Event Notifications/outputs/crn" + "name": "existing_kms_instance_crn", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" + }, + { + "name": "kms_endpoint_url", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_private_endpoint" }, { "name": "enable_event_notifications", "value": true }, { - "name": "kms_key_ring_name", - "value": "sm-cos-key-ring" + "name": "existing_event_notifications_instance_crn", + "value": "ref:../3a - Essential Security - Event Notifications/outputs/crn" }, { - "name": "kms_key_name", - "value": "sm-cos-key" + "name": "event_notifications_endpoint_url", + "value": "ref:../3a - Essential Security - Event Notifications/outputs/event_notifications_private_endpoint" }, { - "name": "secrets_manager_instance_name", - "value": "base-security-services-sm" + "name": "event_notifications_email_list", + "value": "ref:../../inputs/event_notifications_email_list" } ] }, { - "name": "Essential Security - Security and Compliance Center Workload Protection", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.e436bb10-8b6c-4b3b-b4c5-523929d13686-global", + "name": "4c - Essential Security - Secrets Manager", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.c7ba4599-f65a-4a9b-bd6b-120e52947652-global", "inputs": [ + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, { "name": "existing_resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/audit_resource_group_name" + "value": "ref:../1 - Account Configuration/outputs/security_resource_group_name" }, { "name": "region", "value": "ref:../../inputs/region" }, { - "name": "prefix", - "value": "ref:../../inputs/prefix" + "name": "existing_kms_instance_crn", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" }, { - "name": "scc_workload_protection_service_plan", - "value": "ref:../../inputs/scc_workload_protection_service_plan" + "name": "kms_encryption_enabled", + "value": true }, { - "name": "cspm_enabled", - "value": true + "name": "existing_secrets_manager_crn", + "value": "ref:../../inputs/existing_secrets_manager_crn" }, { - "name": "app_config_crn", - "value": "ref:../../members/Essential Security - App Configuration/outputs/app_config_crn" + "name": "skip_secrets_manager_iam_auth_policy", + "value": "ref:../../inputs/skip_secrets_manager_iam_auth_policy" }, { - "name": "existing_monitoring_crn", - "value": "ref:../../members/Essential Security - Logging Monitoring Activity Tracker/outputs/cloud_monitoring_crn" + "name": "secret_groups", + "value": "ref:../../inputs/secrets_manager_secret_groups" + }, + { + "name": "service_plan", + "value": "ref:../../inputs/secrets_manager_service_plan" + }, + { + "name": "existing_event_notifications_instance_crn", + "value": "ref:../3a - Essential Security - Event Notifications/outputs/crn" } ] }, { - "name": "Gen AI - Databases for Elasticsearch", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.68a66140-e2e8-40ef-be86-c46e6f3442a3-global", + "name": "4d - Essential Security - Cloud Logs for activity tracking", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.b6bf9a7b-6ac3-4821-b3e4-f274293603f3-global", "inputs": [ { - "name": "use_existing_resource_group", - "value": true + "name": "region", + "value": "ref:../../inputs/region" }, { - "name": "resource_group_name", - "value": "ref:../../members/Account Infrastructure Base/outputs/workload_resource_group_name" + "name": "existing_kms_instance_crn", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" }, { - "name": "region", - "value": "ref:../../inputs/region" + "name": "kms_encryption_enabled_buckets", + "value": true }, { - "name": "prefix", - "value": "ref:../../inputs/prefix" + "name": "kms_endpoint_type", + "value": "private" }, { - "name": "plan", - "value": "enterprise" + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/observability_resource_group_name" }, { - "name": "elasticsearch_version", - "value": "8.12" + "name": "existing_cos_instance_crn", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_crn" }, { - "name": "existing_kms_instance_crn", - "value": "ref:../../members/Essential Security - Encryption Key Management/outputs/kms_instance_crn" + "name": "existing_monitoring_crn", + "value": "ref:../2c - Essential Security - Cloud Monitoring/outputs/cloud_monitoring_crn" }, { - "name": "kms_endpoint_type", - "value": "private" + "name": "prefix", + "value": "ref:../../inputs/prefix" }, { - "name": "member_host_flavor", - "value": "multitenant" + "name": "existing_event_notifications_instances", + "value": "ref:../3a - Essential Security - Event Notifications/outputs/crn_list_object" }, { - "name": "member_cpu_count", - "value": 0 + "name": "logs_routing_tenant_regions", + "value": "ref:../../inputs/logs_routing_tenant_regions" }, { - "name": "service_credential_names", - "value": { - "elastic_db_admin": "Administrator", - "wxasst_db_user": "Editor", - "toolchain_db_user": "Editor" - } + "name": "cloud_logs_data_cos_bucket_name", + "value": "at-cloud-logs-logs-bucket" }, { - "name": "existing_db_instance_crn", - "value": "ref:../../inputs/existing_elasticsearch_instance_crn" + "name": "cloud_logs_metrics_cos_bucket_name", + "value": "at-cloud-logs-metrics-bucket" + }, + { + "name": "cloud_logs_instance_name", + "value": "at-cloud-logs" } ] }, { - "name": "Gen AI - WatsonX SaaS services", - "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.c784a77d-cf67-4287-9284-a126e4a053a7-global", + "name": "5a - Essential Security - Security and Compliance Center Workload Protection", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.e543e47d-1b78-4415-963c-3c59fcf5ef2b-global", "inputs": [ { - "name": "ibmcloud_api_key", - "value": "" - }, - { - "name": "watsonx_admin_api_key", - "value": "ref:../../inputs/watsonx_admin_api_key" - }, - { - "name": "resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/workload_resource_group_name" + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/audit_resource_group_name" }, { - "name": "location", + "name": "region", "value": "ref:../../inputs/region" }, { - "name": "resource_prefix", + "name": "prefix", "value": "ref:../../inputs/prefix" }, { - "name": "use_existing_resource_group", - "value": true + "name": "scc_workload_protection_service_plan", + "value": "ref:../../inputs/scc_workload_protection_service_plan" }, { - "name": "watson_machine_learning_plan", - "value": "v2-standard" + "name": "cspm_enabled", + "value": true }, { - "name": "existing_machine_learning_instance", - "value": "ref:../../inputs/existing_machine_learning_instance" + "name": "app_config_crn", + "value": "ref:../4b - Essential Security - App Configuration/outputs/app_config_crn" }, { - "name": "watson_studio_plan", - "value": "professional-v1" - }, + "name": "existing_monitoring_crn", + "value": "ref:../2c - Essential Security - Cloud Monitoring/outputs/cloud_monitoring_crn" + } + ] + }, + { + "name": "5b - Gen AI - Databases for Elasticsearch", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.2a25caea-0f63-4911-a5fb-c1ef792edea0-global", + "inputs": [ { - "name": "existing_studio_instance", - "value": "ref:../../inputs/existing_studio_instance" + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/workload_resource_group_name" }, { - "name": "watson_discovery_plan", - "value": "do not install" + "name": "region", + "value": "ref:../../inputs/region" }, { - "name": "existing_discovery_instance", - "value": "ref:../../inputs/existing_discovery_instance" + "name": "deletion_protection", + "value": false }, { - "name": "watsonx_assistant_plan", - "value": "plus" + "name": "prefix", + "value": "ref:../../inputs/prefix" }, { - "name": "existing_assistant_instance", - "value": "ref:../../inputs/existing_assistant_instance_crn" + "name": "plan", + "value": "enterprise" }, { - "name": "watsonx_governance_plan", - "value": "do not install" + "name": "elasticsearch_version", + "value": "8.15" }, { - "name": "existing_governance_instance", - "value": "ref:../../inputs/existing_governance_instance" + "name": "kms_encryption_enabled", + "value": true }, { - "name": "cos_kms_crn", - "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" + "name": "existing_kms_instance_crn", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" }, { - "name": "enable_cos_kms_encryption", - "value": true - } - ] - }, - { - "name": "Workload - Code Engine Projects", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.c27eeec3-a83c-4ca0-9b26-c16a6a883fd7-global", - "inputs": [ - { - "name": "ibmcloud_api_key", - "value": "" + "name": "kms_endpoint_type", + "value": "private" }, { - "name": "resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/workload_resource_group_name" + "name": "member_host_flavor", + "value": "multitenant" }, { - "name": "existing_resource_group", - "value": true + "name": "member_cpu_count", + "value": 0 }, { - "name": "prefix", - "value": "ref:../../inputs/prefix" + "name": "service_credential_names", + "value": { + "elastic_db_admin": "Administrator", + "wxasst_db_user": "Editor", + "toolchain_db_user": "Editor" + } }, { - "name": "project_names", - "value": [ - "Generative_AI_Sample_App_CI_Project", - "Generative_AI_Sample_App_CD_Project" - ] + "name": "existing_elasticsearch_instance_crn", + "value": "ref:../../inputs/existing_elasticsearch_instance_crn" }, { - "name": "region", - "value": "ref:../../inputs/region" + "name": "existing_secrets_manager_instance_crn", + "value": "ref:../4c - Essential Security - Secrets Manager/outputs/secrets_manager_crn" } ] }, { - "name": "Workload - DevSecOps Application Lifecycle Management", - "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.3bf38800-70e9-40db-aeca-016c9911364f-global", + "name": "5c - Workload - DevSecOps Application Lifecycle Management", + "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.844034e5-4ccc-4fb7-af46-e43c20d00a72-global", "inputs": [ - { - "name": "ibmcloud_api_key", - "value": "" - }, { "name": "toolchain_name", "value": "rag-sample-app" @@ -670,27 +792,31 @@ }, { "name": "toolchain_resource_group", - "value": "ref:../Account Infrastructure Base/outputs/devops_resource_group_name" + "value": "ref:../1 - Account Configuration/outputs/devops_resource_group_name" }, { "name": "sm_resource_group", - "value": "ref:../Essential Security - Secrets Manager/outputs/resource_group_name" + "value": "ref:../4c - Essential Security - Secrets Manager/outputs/resource_group_name" }, { "name": "sm_name", - "value": "ref:../Essential Security - Secrets Manager/outputs/secrets_manager_name" + "value": "ref:../4c - Essential Security - Secrets Manager/outputs/secrets_manager_name" }, { "name": "sm_location", - "value": "ref:../Essential Security - Secrets Manager/outputs/secrets_manager_region" + "value": "ref:../4c - Essential Security - Secrets Manager/outputs/secrets_manager_region" }, { "name": "ci_code_engine_project", - "value": "ref:../Workload - Code Engine Projects/outputs/project_1_name" + "value": "ref:../2d - Workload - Code Engine Project for CI/outputs/project_name" + }, + { + "name": "use_legacy_ref", + "value": false }, { "name": "cd_code_engine_project", - "value": "ref:../Workload - Code Engine Projects/outputs/project_2_name" + "value": "ref:../2e - Workload - Code Engine Project for CD/outputs/project_name" }, { "name": "registry_namespace", @@ -747,16 +873,50 @@ ] }, { - "name": "Workload - Sample RAG App Configuration", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.b1bf8a3d-3d51-4362-a13b-eb528a38c6f3-global", + "name": "5d - Essential Security - Activity Tracker Event Routing", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.1d61413e-c149-4a3a-bd6d-9207e0c60385-global", "inputs": [ { - "name": "toolchain_region", + "name": "region", "value": "ref:../../inputs/region" }, { - "name": "ibmcloud_api_key", - "value": "" + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "existing_kms_instance_crn", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" + }, + { + "name": "kms_encryption_enabled_buckets", + "value": true + }, + { + "name": "kms_endpoint_type", + "value": "private" + }, + { + "name": "existing_cos_instance_crn", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_crn" + }, + { + "name": "existing_cloud_logs_instance_crn", + "value": "ref:../4d - Essential Security - Cloud Logs for activity tracking/outputs/cloud_logs_crn" + }, + { + "name": "enable_activity_tracker_event_routing_to_cos_bucket", + "value": true + } + ] + }, + { + "name": "6 - Workload - Sample RAG Application", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.e7af3542-6a4a-44fe-b646-2598bb925719-global", + "inputs": [ + { + "name": "toolchain_region", + "value": "ref:../../inputs/region" }, { "name": "watson_discovery_region", @@ -772,31 +932,31 @@ }, { "name": "watson_assistant_instance_id", - "value": "ref:../Gen AI - WatsonX SaaS services/outputs/watsonx_assistant_guid" + "value": "ref:../3b - Gen AI - WatsonX SaaS services/outputs/watsonx_assistant_guid" }, { "name": "cd_pipeline_id", - "value": "ref:../Workload - DevSecOps Application Lifecycle Management/outputs/cd_pipeline_id" + "value": "ref:../5c - Workload - DevSecOps Application Lifecycle Management/outputs/cd_pipeline_id" }, { "name": "ci_pipeline_id", - "value": "ref:../Workload - DevSecOps Application Lifecycle Management/outputs/ci_pipeline_id" + "value": "ref:../5c - Workload - DevSecOps Application Lifecycle Management/outputs/ci_pipeline_id" }, { "name": "watson_machine_learning_instance_guid", - "value": "ref:../Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_guid" + "value": "ref:../3b - Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_guid" }, { "name": "watson_machine_learning_instance_resource_name", - "value": "ref:../Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_name" + "value": "ref:../3b - Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_name" }, { "name": "watson_machine_learning_instance_crn", - "value": "ref:../Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_crn" + "value": "ref:../3b - Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_crn" }, { "name": "toolchain_resource_group", - "value": "ref:../Account Infrastructure Base/outputs/devops_resource_group_name" + "value": "ref:../1 - Account Configuration/outputs/devops_resource_group_name" }, { "name": "prefix", @@ -804,7 +964,7 @@ }, { "name": "resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/devops_resource_group_name" + "value": "ref:../1 - Account Configuration/outputs/devops_resource_group_name" }, { "name": "use_existing_resource_group", @@ -816,179 +976,199 @@ }, { "name": "secrets_manager_guid", - "value": "ref:../Essential Security - Secrets Manager/outputs/secrets_manager_guid" + "value": "ref:../4c - Essential Security - Secrets Manager/outputs/secrets_manager_guid" }, { "name": "secrets_manager_region", - "value": "ref:../Essential Security - Secrets Manager/outputs/secrets_manager_region" + "value": "ref:../4c - Essential Security - Secrets Manager/outputs/secrets_manager_region" }, { "name": "elastic_instance_crn", - "value": "ref:../Gen AI - Databases for Elasticsearch/outputs/crn" + "value": "ref:../5b - Gen AI - Databases for Elasticsearch/outputs/crn" }, { "name": "cos_kms_crn", - "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" } ] } ], "outputs": [ + { + "name": "cos_instance_crn", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_crn" + }, + { + "name": "cos_instance_guid", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_guid" + }, + { + "name": "cos_instance_name", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_name" + }, { "name": "elasticsearch_hostname", - "value": "ref:./members/Gen AI - Databases for Elasticsearch/outputs/hostname" + "value": "ref:./members/5b - Gen AI - Databases for Elasticsearch/outputs/hostname" }, { "name": "elasticsearch_port", - "value": "ref:./members/Gen AI - Databases for Elasticsearch/outputs/port" + "value": "ref:./members/5b - Gen AI - Databases for Elasticsearch/outputs/port" }, { "name": "elasticsearch_service_credentials_json", - "value": "ref:./members/Gen AI - Databases for Elasticsearch/outputs/service_credentials_json" + "value": "ref:./members/5b - Gen AI - Databases for Elasticsearch/outputs/service_credentials_json" }, { "name": "elasticsearch_crn", - "value": "ref:./members/Gen AI - Databases for Elasticsearch/outputs/crn" + "value": "ref:./members/5b - Gen AI - Databases for Elasticsearch/outputs/crn" }, { "name": "watsonx_project_url", - "value": "ref:./members/Workload - Sample RAG App Configuration/outputs/watsonx_project_url" + "value": "ref:./members/6 - Workload - Sample RAG Application/outputs/watsonx_project_url" }, { "name": "watsonx_project_id", - "value": "ref:./members/Workload - Sample RAG App Configuration/outputs/watsonx_project_id" + "value": "ref:./members/6 - Workload - Sample RAG Application/outputs/watsonx_project_id" }, { "name": "watson_discovery_api_url", - "value": "ref:./members/Workload - Sample RAG App Configuration/outputs/watson_discovery_api_url" + "value": "ref:./members/6 - Workload - Sample RAG Application/outputs/watson_discovery_api_url" }, { "name": "watson_discovery_project_id", - "value": "ref:./members/Workload - Sample RAG App Configuration/outputs/watson_discovery_project_id" + "value": "ref:./members/6 - Workload - Sample RAG Application/outputs/watson_discovery_project_id" }, { "name": "kms_instance_crn", - "value": "ref:./members/Essential Security - Encryption Key Management/outputs/kms_instance_crn" + "value": "ref:./members/2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" }, { "name": "kms_private_endpoint", - "value": "ref:./members/Essential Security - Encryption Key Management/outputs/kms_private_endpoint" + "value": "ref:./members/2a - Essential Security - Encryption Key Management/outputs/kms_private_endpoint" }, { "name": "kms_public_endpoint", - "value": "ref:./members/Essential Security - Encryption Key Management/outputs/kms_public_endpoint" + "value": "ref:./members/2a - Essential Security - Encryption Key Management/outputs/kms_public_endpoint" + }, + { + "name": "event_notifications_instance_crn", + "value": "ref:./members/3a - Essential Security - Event Notifications/outputs/crn" + }, + { + "name": "event_notifications_instance_name", + "value": "ref:./members/3a - Essential Security - Event Notifications/outputs/event_notification_instance_name" }, { - "name": "event_notification_instance_crn", - "value": "ref:./members/Essential Security - Event Notifications/outputs/crn" + "name": "event_notifications_instance_guid", + "value": "ref:./members/3a - Essential Security - Event Notifications/outputs/guid" }, { - "name": "event_notification_instance_name", - "value": "ref:./members/Essential Security - Event Notifications/outputs/event_notification_instance_name" + "name": "cloud_logs_for_logging_crn", + "value": "ref:./members/4a - Essential Security - Cloud Logs for logging/outputs/cloud_logs_crn" }, { - "name": "event_notification_instance_guid", - "value": "ref:./members/Essential Security - Event Notifications/outputs/guid" + "name": "cloud_logs_for_logging_guid", + "value": "ref:./members/4a - Essential Security - Cloud Logs for logging/outputs/cloud_logs_guid" }, { - "name": "cloud_logs_crn", - "value": "ref:./members/Essential Security - Logging Monitoring Activity Tracker/outputs/cloud_logs_crn" + "name": "cloud_logs_for_activity_tracking_crn", + "value": "ref:./members/4d - Essential Security - Cloud Logs for activity tracking/outputs/cloud_logs_crn" }, { - "name": "cloud_logs_guid", - "value": "ref:./members/Essential Security - Logging Monitoring Activity Tracker/outputs/cloud_logs_guid" + "name": "cloud_logs_for_activity_tracking_guid", + "value": "ref:./members/4d - Essential Security - Cloud Logs for activity tracking/outputs/cloud_logs_guid" }, { "name": "cloud_monitoring_crn", - "value": "ref:./members/Essential Security - Logging Monitoring Activity Tracker/outputs/cloud_monitoring_crn" + "value": "ref:./members/2c - Essential Security - Cloud Monitoring/outputs/cloud_monitoring_crn" }, { "name": "cloud_monitoring_guid", - "value": "ref:./members/Essential Security - Logging Monitoring Activity Tracker/outputs/cloud_monitoring_guid" + "value": "ref:./members/2c - Essential Security - Cloud Monitoring/outputs/cloud_monitoring_guid" }, { "name": "secrets_manager_crn", - "value": "ref:./members/Essential Security - Secrets Manager/outputs/secrets_manager_crn" + "value": "ref:./members/4c - Essential Security - Secrets Manager/outputs/secrets_manager_crn" }, { "name": "secrets_manager_guid", - "value": "ref:./members/Essential Security - Secrets Manager/outputs/secrets_manager_guid" + "value": "ref:./members/4c - Essential Security - Secrets Manager/outputs/secrets_manager_guid" }, { "name": "secrets_manager_name", - "value": "ref:./members/Essential Security - Secrets Manager/outputs/secrets_manager_name" + "value": "ref:./members/4c - Essential Security - Secrets Manager/outputs/secrets_manager_name" }, { "name": "app_config_crn", - "value": "ref:./members/Essential Security - App Configuration/outputs/app_config_crn" + "value": "ref:./members/4b - Essential Security - App Configuration/outputs/app_config_crn" }, { "name": "app_config_guid", - "value": "ref:./members/Essential Security - App Configuration/outputs/app_config_guid" + "value": "ref:./members/4b - Essential Security - App Configuration/outputs/app_config_guid" }, { "name": "scc_workload_protection_crn", - "value": "ref:./members/Essential Security - Security and Compliance Center Workload Protection/outputs/crn" + "value": "ref:./members/5a - Essential Security - Security and Compliance Center Workload Protection/outputs/scc_workload_protection_crn" }, { - "name": "scc_workload_protection_guid", - "value": "ref:./members/Essential Security - Security and Compliance Center Workload Protection/outputs/guid" + "name": "scc_workload_protection_id", + "value": "ref:./members/5a - Essential Security - Security and Compliance Center Workload Protection/outputs/scc_workload_protection_id" }, { "name": "watson_discovery_crn", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_discovery_crn" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_discovery_crn" }, { "name": "watson_discovery_dashboard_url", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_discovery_dashboard_url" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_discovery_dashboard_url" }, { "name": "watson_machine_learning_crn", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_crn" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_crn" }, { "name": "watson_machine_learning_dashboard_url", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_dashboard_url" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_dashboard_url" }, { "name": "watson_machine_learning_guid", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_guid" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_guid" }, { "name": "watson_studio_crn", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_studio_crn" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_studio_crn" }, { "name": "watson_studio_dashboard_url", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_studio_dashboard_url" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_studio_dashboard_url" }, { "name": "watson_studio_guid", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_studio_guid" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_studio_guid" }, { "name": "watsonx_assistant_crn", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watsonx_assistant_crn" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watsonx_assistant_crn" }, { "name": "watsonx_assistant_dashboard_url", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watsonx_assistant_dashboard_url" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watsonx_assistant_dashboard_url" }, { "name": "watsonx_data_crn", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watsonx_data_crn" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watsonx_data_crn" }, { "name": "watsonx_data_dashboard_url", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watsonx_data_dashboard_url" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watsonx_data_dashboard_url" }, { "name": "watsonx_data_guid", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watsonx_data_guid" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watsonx_data_guid" }, { "name": "watson_discovery_guid", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_discovery_guid" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_discovery_guid" } ] } diff --git a/solutions/standard/stack_definition.json b/solutions/standard/stack_definition.json index c4022de2..e8d5df8d 100644 --- a/solutions/standard/stack_definition.json +++ b/solutions/standard/stack_definition.json @@ -7,13 +7,27 @@ "hidden": false }, { - "name": "secret_manager_service_plan", + "name": "secrets_manager_service_plan", "required": false, "type": "string", "hidden": false }, { - "name": "skip_iam_authorization_policy", + "name": "key_protect_plan", + "required": false, + "type": "string", + "hidden": false, + "custom_config": {} + }, + { + "name": "cloud_monitoring_plan", + "required": false, + "type": "string", + "hidden": false, + "custom_config": {} + }, + { + "name": "skip_secrets_manager_iam_auth_policy", "required": false, "type": "boolean", "hidden": false @@ -48,6 +62,13 @@ "type": "string", "hidden": false }, + { + "name": "secrets_manager_secret_groups", + "required": false, + "type": "array", + "hidden": false, + "custom_config": {} + }, { "name": "signing_key", "required": false, @@ -60,6 +81,13 @@ "type": "string", "hidden": false }, + { + "name": "event_notifications_email_list", + "required": false, + "type": "array", + "hidden": false, + "custom_config": {} + }, { "name": "existing_kms_instance_crn", "required": false, @@ -67,7 +95,7 @@ "hidden": false }, { - "name": "existing_event_notification_instance_crn", + "name": "existing_event_notifications_instance_crn", "required": false, "type": "string", "hidden": false @@ -84,13 +112,6 @@ "type": "array", "hidden": false }, - { - "name": "app_config_service_plan", - "required": false, - "type": "string", - "hidden": false, - "custom_config": {} - }, { "name": "scc_workload_protection_service_plan", "required": false, @@ -120,7 +141,7 @@ "custom_config": {} }, { - "name": "existing_discovery_instance", + "name": "existing_discovery_instance_crn", "required": false, "type": "string", "hidden": false @@ -132,13 +153,13 @@ "hidden": false }, { - "name": "existing_governance_instance", + "name": "existing_governance_instance_crn", "required": false, "type": "string", "hidden": false }, { - "name": "existing_studio_instance", + "name": "existing_studio_instance_crn", "required": false, "type": "string", "hidden": false @@ -158,20 +179,16 @@ ], "members": [ { - "name": "Account Infrastructure Base", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.24459be4-397b-4dce-b2d1-555ccd576c14-global", + "name": "1 - Account Configuration", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.0e456e60-9ca9-4e9e-8f28-6265f8a12f97-global", "inputs": [ { "name": "prefix", "value": "ref:../../inputs/prefix" }, { - "name": "ibmcloud_api_key", - "value": "" - }, - { - "name": "region", - "value": "ref:../../inputs/region" + "name": "single_resource_group_name", + "value": "ref:../../inputs/existing_resource_group_name" }, { "name": "security_resource_group_name", @@ -202,298 +219,329 @@ "value": "ref:../../inputs/resource_group_name" }, { - "name": "existing_security_resource_group_name", - "value": "ref:../../inputs/existing_resource_group_name" - }, + "name": "provision_trusted_profile_projects", + "value": false + } + ] + }, + { + "name": "2a - Essential Security - Encryption Key Management", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.fbb4dc92-6318-4f20-afc9-65cc586ac241-global", + "inputs": [ { - "name": "existing_audit_resource_group_name", - "value": "ref:../../inputs/existing_resource_group_name" + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/security_resource_group_name" }, { - "name": "existing_observability_resource_group_name", - "value": "ref:../../inputs/existing_resource_group_name" + "name": "region", + "value": "ref:../../inputs/region" }, { - "name": "existing_management_resource_group_name", - "value": "ref:../../inputs/existing_resource_group_name" + "name": "existing_kms_instance_crn", + "value": "ref:../../inputs/existing_kms_instance_crn" }, { - "name": "existing_workload_resource_group_name", - "value": "ref:../../inputs/existing_resource_group_name" + "name": "prefix", + "value": "ref:../../inputs/prefix" }, { - "name": "existing_edge_resource_group_name", - "value": "ref:../../inputs/existing_resource_group_name" - }, + "name": "key_protect_plan", + "value": "ref:../../inputs/key_protect_plan" + } + ] + }, + { + "name": "2b - Essential Security - Cloud Object Storage", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.6433c58f-9e1b-4520-ae52-5ab4f4559cf9-global", + "inputs": [ { - "name": "existing_devops_resource_group_name", - "value": "ref:../../inputs/existing_resource_group_name" + "name": "prefix", + "value": "ref:../../inputs/prefix" }, { - "name": "provision_trusted_profile_projects", - "value": false + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/observability_resource_group_name" } ] }, { - "name": "Essential Security - App Configuration", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.c160fa36-fd40-42de-8553-1233e0c5e971-global", + "name": "2c - Essential Security - Cloud Monitoring", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.4c21c293-3f7d-454b-97bc-9808aee58bfe-global", "inputs": [ - { - "name": "existing_resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/audit_resource_group_name" - }, { "name": "region", "value": "ref:../../inputs/region" }, { - "name": "prefix", - "value": "ref:../../inputs/prefix" - }, - { - "name": "app_config_plan", - "value": "ref:../../inputs/app_config_service_plan" + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/observability_resource_group_name" }, { - "name": "enable_config_aggregator", - "value": true + "name": "prefix", + "value": "ref:../../inputs/prefix" }, { - "name": "config_aggregator_enterprise_id", - "value": "ref:../../inputs/enterprise_id" + "name": "enable_platform_metrics", + "value": "ref:../../inputs/enable_platform_metrics" }, { - "name": "config_aggregator_enterprise_account_group_ids_to_assign", - "value": "ref:../../inputs/enterprise_account_group_ids_to_assign" + "name": "enable_metrics_routing_to_cloud_monitoring", + "value": "ref:../../inputs/enable_platform_metrics" }, { - "name": "config_aggregator_enterprise_account_ids_to_assign", - "value": "ref:../../inputs/enterprise_account_ids_to_assign" + "name": "cloud_monitoring_plan", + "value": "ref:../../inputs/cloud_monitoring_plan" } ] }, { - "name": "Essential Security - Encryption Key Management", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.93bf5d12-a435-4510-8888-1c32db20b82b-global", + "name": "3a - Essential Security - Event Notifications", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.29f017cd-7a6f-45cc-a4ed-5f23505380bf-global", "inputs": [ { - "name": "resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/security_resource_group_name" + "name": "existing_cos_instance_crn", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_crn" }, { - "name": "use_existing_resource_group", + "name": "enable_collecting_failed_events", "value": true }, { - "name": "ibmcloud_api_key", - "value": "" + "name": "kms_encryption_enabled", + "value": true }, { - "name": "region", - "value": "ref:../../inputs/region" + "name": "kms_endpoint_url", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_private_endpoint" }, { "name": "existing_kms_instance_crn", - "value": "ref:../../inputs/existing_kms_instance_crn" + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" + }, + { + "name": "kms_endpoint_type", + "value": "private" + }, + { + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/observability_resource_group_name" + }, + { + "name": "region", + "value": "ref:../../inputs/region" }, { "name": "prefix", "value": "ref:../../inputs/prefix" }, { - "name": "key_protect_instance_name", - "value": "base-security-services-kms" + "name": "existing_event_notifications_instance_crn", + "value": "ref:../../inputs/existing_event_notifications_instance_crn" + }, + { + "name": "existing_monitoring_crn", + "value": "ref:../2c - Essential Security - Cloud Monitoring/outputs/cloud_monitoring_crn" } ] }, { - "name": "Essential Security - Logging Monitoring Activity Tracker", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.39562a8a-1b92-4342-b990-1944ae583df9-global", + "name": "3b - Gen AI - WatsonX SaaS services", + "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.63f85fe2-082f-44fa-add2-6a0f93d130e8-global", "inputs": [ { - "name": "ibmcloud_api_key", - "value": "" + "name": "watsonx_admin_api_key", + "value": "ref:../../inputs/watsonx_admin_api_key" + }, + { + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/workload_resource_group_name" }, { "name": "region", "value": "ref:../../inputs/region" }, { - "name": "existing_kms_instance_crn", - "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" + "name": "prefix", + "value": "ref:../../inputs/prefix" }, { - "name": "resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/observability_resource_group_name" + "name": "watson_machine_learning_plan", + "value": "v2-standard" }, { - "name": "prefix", - "value": "ref:../../inputs/prefix" + "name": "existing_machine_learning_instance", + "value": "ref:../../inputs/existing_machine_learning_instance" }, { - "name": "use_existing_resource_group", - "value": true + "name": "watson_studio_plan", + "value": "professional-v1" }, { - "name": "existing_en_instance_crn", - "value": "ref:../Essential Security - Event Notifications/outputs/crn" + "name": "existing_studio_instance", + "value": "ref:../../inputs/existing_studio_instance_crn" }, { - "name": "enable_platform_metrics", - "value": "ref:../../inputs/enable_platform_metrics" + "name": "watson_discovery_plan", + "value": "do not install" }, { - "name": "logs_routing_tenant_regions", - "value": "ref:../../inputs/logs_routing_tenant_regions" - } - ] - }, - { - "name": "Essential Security - Event Notifications", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.b02f9aa4-b40f-41d5-8039-8e87742d756e-global", - "inputs": [ - { - "name": "kms_endpoint_url", - "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_private_endpoint" + "name": "existing_discovery_instance", + "value": "ref:../../inputs/existing_discovery_instance_crn" }, { - "name": "existing_kms_instance_crn", - "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" + "name": "watsonx_assistant_plan", + "value": "plus" }, { - "name": "kms_endpoint_type", - "value": "private" + "name": "existing_assistant_instance", + "value": "ref:../../inputs/existing_assistant_instance_crn" }, { - "name": "resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/observability_resource_group_name" + "name": "watsonx_governance_plan", + "value": "do not install" }, { - "name": "use_existing_resource_group", - "value": true + "name": "existing_governance_instance", + "value": "ref:../../inputs/existing_governance_instance_crn" }, { - "name": "region", - "value": "ref:../../inputs/region" + "name": "existing_cos_instance_crn", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_crn" }, { - "name": "prefix", - "value": "ref:../../inputs/prefix" + "name": "cos_kms_crn", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" }, { - "name": "existing_en_instance_crn", - "value": "ref:../../inputs/existing_event_notification_instance_crn" + "name": "enable_cos_kms_encryption", + "value": true } ] }, { - "name": "Essential Security - Secrets Manager", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.db823650-3010-4482-b807-45145f273553-global", + "name": "3c - Workload - Compute Red Hat OpenShift Container Platform on VPC", + "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.cb341280-efa5-4bdf-8976-cea6ea62c3a4-global", "inputs": [ { "name": "prefix", "value": "ref:../../inputs/prefix" }, { - "name": "resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/security_resource_group_name" + "name": "region", + "value": "ref:../../inputs/region" }, { - "name": "ibmcloud_api_key", - "value": "" + "name": "vpcs", + "value": [ + "management", + "workload" + ] }, { - "name": "region", - "value": "ref:../../inputs/region" + "name": "ignore_vpcs_for_cluster_deployment", + "value": [ + "management" + ] }, { - "name": "existing_kms_instance_crn", - "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" + "name": "enable_transit_gateway", + "value": false }, { - "name": "use_existing_resource_group", - "value": true + "name": "add_atracker_route", + "value": false }, { - "name": "existing_secrets_manager_crn", - "value": "ref:../../inputs/existing_secrets_manager_crn" + "name": "existing_kms_instance_name", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/key_protect_name" }, { - "name": "skip_iam_authorization_policy", - "value": "ref:../../inputs/skip_iam_authorization_policy" + "name": "existing_kms_resource_group", + "value": "ref:../1 - Account Configuration/outputs/security_resource_group_name" }, { - "name": "service_plan", - "value": "ref:../../inputs/secret_manager_service_plan" + "name": "existing_kms_endpoint_type", + "value": "private" }, { - "name": "existing_event_notifications_instance_crn", - "value": "ref:../Essential Security - Event Notifications/outputs/crn" + "name": "existing_cos_instance_name", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_name" }, { - "name": "enable_event_notifications", + "name": "existing_cos_resource_group", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/resource_group_name" + }, + { + "name": "use_existing_cos_for_vpc_flowlogs", "value": true }, { - "name": "kms_key_ring_name", - "value": "sm-cos-key-ring" + "name": "cluster_zones", + "value": "2" }, { - "name": "kms_key_name", - "value": "sm-cos-key" + "name": "flavor", + "value": "bx2.4x16" }, { - "name": "secrets_manager_instance_name", - "value": "base-security-services-sm" + "name": "workers_per_zone", + "value": 1 } ] }, { - "name": "Essential Security - Security and Compliance Center Workload Protection", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.e436bb10-8b6c-4b3b-b4c5-523929d13686-global", + "name": "4a - Essential Security - Cloud Logs for logging", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.b6bf9a7b-6ac3-4821-b3e4-f274293603f3-global", "inputs": [ - { - "name": "existing_resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/audit_resource_group_name" - }, { "name": "region", "value": "ref:../../inputs/region" }, { - "name": "prefix", - "value": "ref:../../inputs/prefix" + "name": "existing_kms_instance_crn", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" }, { - "name": "scc_workload_protection_service_plan", - "value": "ref:../../inputs/scc_workload_protection_service_plan" + "name": "kms_encryption_enabled_buckets", + "value": true }, { - "name": "cspm_enabled", - "value": true + "name": "kms_endpoint_type", + "value": "private" }, { - "name": "app_config_crn", - "value": "ref:../../members/Essential Security - App Configuration/outputs/app_config_crn" + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/observability_resource_group_name" + }, + { + "name": "existing_cos_instance_crn", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_crn" }, { "name": "existing_monitoring_crn", - "value": "ref:../../members/Essential Security - Logging Monitoring Activity Tracker/outputs/cloud_monitoring_crn" + "value": "ref:../2c - Essential Security - Cloud Monitoring/outputs/cloud_monitoring_crn" + }, + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "existing_event_notifications_instances", + "value": "ref:../3a - Essential Security - Event Notifications/outputs/crn_list_object" + }, + { + "name": "logs_routing_tenant_regions", + "value": "ref:../../inputs/logs_routing_tenant_regions" } ] }, { - "name": "Gen AI - Databases for Elasticsearch", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.68a66140-e2e8-40ef-be86-c46e6f3442a3-global", + "name": "4b - Essential Security - App Configuration", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.bff2dc4d-9e19-4b2c-8890-4cda020ce39e-global", "inputs": [ { - "name": "use_existing_resource_group", - "value": true - }, - { - "name": "resource_group_name", - "value": "ref:../../members/Account Infrastructure Base/outputs/workload_resource_group_name" + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/audit_resource_group_name" }, { "name": "region", @@ -504,216 +552,263 @@ "value": "ref:../../inputs/prefix" }, { - "name": "plan", - "value": "platinum" + "name": "app_config_service_plan", + "value": "enterprise" }, { - "name": "elasticsearch_version", - "value": "8.12" + "name": "enable_config_aggregator", + "value": true }, { - "name": "existing_kms_instance_crn", - "value": "ref:../../members/Essential Security - Encryption Key Management/outputs/kms_instance_crn" + "name": "config_aggregator_enterprise_id", + "value": "ref:../../inputs/enterprise_id" }, { - "name": "kms_endpoint_type", - "value": "private" + "name": "config_aggregator_enterprise_account_group_ids_to_assign", + "value": "ref:../../inputs/enterprise_account_group_ids_to_assign" }, { - "name": "member_host_flavor", - "value": "b3c.4x16.encrypted" + "name": "config_aggregator_enterprise_account_ids_to_assign", + "value": "ref:../../inputs/enterprise_account_ids_to_assign" }, { - "name": "member_cpu_count", - "value": 3 + "name": "kms_encryption_enabled", + "value": true }, { - "name": "enable_elser_model", + "name": "existing_kms_instance_crn", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" + }, + { + "name": "kms_endpoint_url", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_private_endpoint" + }, + { + "name": "enable_event_notifications", "value": true }, { - "name": "elser_model_type", - "value": ".elser_model_2_linux-x86_64" + "name": "existing_event_notifications_instance_crn", + "value": "ref:../3a - Essential Security - Event Notifications/outputs/crn" }, { - "name": "service_credential_names", - "value": { - "elastic_db_admin": "Administrator", - "wxasst_db_user": "Editor", - "toolchain_db_user": "Editor" - } + "name": "event_notifications_endpoint_url", + "value": "ref:../3a - Essential Security - Event Notifications/outputs/event_notifications_private_endpoint" }, { - "name": "existing_db_instance_crn", - "value": "ref:../../inputs/existing_elasticsearch_instance_crn" + "name": "event_notifications_email_list", + "value": "ref:../../inputs/event_notifications_email_list" } ] }, { - "name": "Gen AI - WatsonX SaaS services", - "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.c784a77d-cf67-4287-9284-a126e4a053a7-global", + "name": "4c - Essential Security - Secrets Manager", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.c7ba4599-f65a-4a9b-bd6b-120e52947652-global", "inputs": [ { - "name": "ibmcloud_api_key", - "value": "" - }, - { - "name": "watsonx_admin_api_key", - "value": "ref:../../inputs/watsonx_admin_api_key" + "name": "prefix", + "value": "ref:../../inputs/prefix" }, { - "name": "resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/workload_resource_group_name" + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/security_resource_group_name" }, { - "name": "location", + "name": "region", "value": "ref:../../inputs/region" }, { - "name": "resource_prefix", - "value": "ref:../../inputs/prefix" + "name": "existing_kms_instance_crn", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" }, { - "name": "use_existing_resource_group", + "name": "kms_encryption_enabled", "value": true }, { - "name": "watson_machine_learning_plan", - "value": "v2-standard" + "name": "existing_secrets_manager_crn", + "value": "ref:../../inputs/existing_secrets_manager_crn" }, { - "name": "existing_machine_learning_instance", - "value": "ref:../../inputs/existing_machine_learning_instance" + "name": "skip_secrets_manager_iam_auth_policy", + "value": "ref:../../inputs/skip_secrets_manager_iam_auth_policy" }, { - "name": "watson_studio_plan", - "value": "professional-v1" + "name": "service_plan", + "value": "ref:../../inputs/secrets_manager_service_plan" }, { - "name": "existing_studio_instance", - "value": "ref:../../inputs/existing_studio_instance" + "name": "secret_groups", + "value": "ref:../../inputs/secrets_manager_secret_groups" }, { - "name": "watson_discovery_plan", - "value": "do not install" + "name": "existing_event_notifications_instance_crn", + "value": "ref:../3a - Essential Security - Event Notifications/outputs/crn" + } + ] + }, + { + "name": "4d - Essential Security - Cloud Logs for activity tracking", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.b6bf9a7b-6ac3-4821-b3e4-f274293603f3-global", + "inputs": [ + { + "name": "region", + "value": "ref:../../inputs/region" }, { - "name": "existing_discovery_instance", - "value": "ref:../../inputs/existing_discovery_instance" + "name": "existing_kms_instance_crn", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" }, { - "name": "watsonx_assistant_plan", - "value": "plus" + "name": "kms_encryption_enabled_buckets", + "value": true }, { - "name": "existing_assistant_instance", - "value": "ref:../../inputs/existing_assistant_instance_crn" + "name": "kms_endpoint_type", + "value": "private" }, { - "name": "watsonx_governance_plan", - "value": "do not install" + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/observability_resource_group_name" }, { - "name": "existing_governance_instance", - "value": "ref:../../inputs/existing_governance_instance" + "name": "existing_cos_instance_crn", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_crn" }, { - "name": "cos_kms_crn", - "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" + "name": "existing_monitoring_crn", + "value": "ref:../2c - Essential Security - Cloud Monitoring/outputs/cloud_monitoring_crn" }, { - "name": "enable_cos_kms_encryption", - "value": true + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "existing_event_notifications_instances", + "value": "ref:../3a - Essential Security - Event Notifications/outputs/crn_list_object" + }, + { + "name": "logs_routing_tenant_regions", + "value": "ref:../../inputs/logs_routing_tenant_regions" + }, + { + "name": "cloud_logs_data_cos_bucket_name", + "value": "at-cloud-logs-logs-bucket" + }, + { + "name": "cloud_logs_metrics_cos_bucket_name", + "value": "at-cloud-logs-metrics-bucket" + }, + { + "name": "cloud_logs_instance_name", + "value": "at-cloud-logs" } ] }, { - "name": "Workload - Compute Red Hat OpenShift Container Platform on VPC", - "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.c15a99be-f334-4dfe-b1d2-b650ae01c9ca-global", + "name": "5a - Essential Security - Security and Compliance Center Workload Protection", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.e543e47d-1b78-4415-963c-3c59fcf5ef2b-global", "inputs": [ { - "name": "ibmcloud_api_key", - "value": "" + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/audit_resource_group_name" + }, + { + "name": "region", + "value": "ref:../../inputs/region" }, { "name": "prefix", "value": "ref:../../inputs/prefix" }, { - "name": "region", - "value": "ref:../../inputs/region" + "name": "scc_workload_protection_service_plan", + "value": "ref:../../inputs/scc_workload_protection_service_plan" }, { - "name": "vpcs", - "value": [ - "management", - "workload" - ] + "name": "cspm_enabled", + "value": true }, { - "name": "ignore_vpcs_for_cluster_deployment", - "value": [ - "management" - ] + "name": "app_config_crn", + "value": "ref:../4b - Essential Security - App Configuration/outputs/app_config_crn" }, { - "name": "enable_transit_gateway", - "value": false + "name": "existing_monitoring_crn", + "value": "ref:../2c - Essential Security - Cloud Monitoring/outputs/cloud_monitoring_crn" + } + ] + }, + { + "name": "5b - Gen AI - Databases for Elasticsearch", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.2a25caea-0f63-4911-a5fb-c1ef792edea0-global", + "inputs": [ + { + "name": "existing_resource_group_name", + "value": "ref:../1 - Account Configuration/outputs/workload_resource_group_name" }, { - "name": "add_atracker_route", + "name": "region", + "value": "ref:../../inputs/region" + }, + { + "name": "deletion_protection", "value": false }, { - "name": "existing_kms_instance_name", - "value": "ref:../../members/Essential Security - Encryption Key Management/outputs/key_protect_name" + "name": "prefix", + "value": "ref:../../inputs/prefix" }, { - "name": "existing_kms_resource_group", - "value": "ref:../Account Infrastructure Base/outputs/security_resource_group_name" + "name": "plan", + "value": "enterprise" }, { - "name": "existing_kms_endpoint_type", - "value": "private" + "name": "elasticsearch_version", + "value": "8.15" }, { - "name": "existing_cos_instance_name", - "value": "ref:../Essential Security - Logging Monitoring Activity Tracker/outputs/cos_instance_name" + "name": "kms_encryption_enabled", + "value": true }, { - "name": "existing_cos_resource_group", - "value": "ref:../Account Infrastructure Base/outputs/observability_resource_group_name" + "name": "existing_kms_instance_crn", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" }, { - "name": "existing_cos_endpoint_type", + "name": "kms_endpoint_type", "value": "private" }, { - "name": "use_existing_cos_for_vpc_flowlogs", - "value": true + "name": "member_host_flavor", + "value": "multitenant" }, { - "name": "cluster_zones", - "value": "2" + "name": "member_cpu_count", + "value": 0 }, { - "name": "flavor", - "value": "bx2.4x16" + "name": "service_credential_names", + "value": { + "elastic_db_admin": "Administrator", + "wxasst_db_user": "Editor", + "toolchain_db_user": "Editor" + } }, { - "name": "workers_per_zone", - "value": 1 + "name": "existing_elasticsearch_instance_crn", + "value": "ref:../../inputs/existing_elasticsearch_instance_crn" + }, + { + "name": "existing_secrets_manager_instance_crn", + "value": "ref:../4c - Essential Security - Secrets Manager/outputs/secrets_manager_crn" } ] }, { - "name": "Workload - DevSecOps Application Lifecycle Management", - "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.40c697e5-a339-4bf2-90ed-c598f103c16b-global", + "name": "5c - Workload - DevSecOps Application Lifecycle Management", + "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.64e4c450-7e38-427e-856b-7d158f146c8d-global", "inputs": [ - { - "name": "ibmcloud_api_key", - "value": "" - }, { "name": "toolchain_name", "value": "rag-sample-app" @@ -724,23 +819,23 @@ }, { "name": "toolchain_resource_group", - "value": "ref:../Account Infrastructure Base/outputs/devops_resource_group_name" + "value": "ref:../1 - Account Configuration/outputs/devops_resource_group_name" }, { "name": "sm_resource_group", - "value": "ref:../Essential Security - Secrets Manager/outputs/resource_group_name" + "value": "ref:../4c - Essential Security - Secrets Manager/outputs/resource_group_name" }, { "name": "sm_name", - "value": "ref:../Essential Security - Secrets Manager/outputs/secrets_manager_name" + "value": "ref:../4c - Essential Security - Secrets Manager/outputs/secrets_manager_name" }, { "name": "sm_location", - "value": "ref:../Essential Security - Secrets Manager/outputs/secrets_manager_region" + "value": "ref:../4c - Essential Security - Secrets Manager/outputs/secrets_manager_region" }, { "name": "cluster_name", - "value": "ref:../Workload - Compute Red Hat OpenShift Container Platform on VPC/outputs/workload_cluster_name" + "value": "ref:../3c - Workload - Compute Red Hat OpenShift Container Platform on VPC/outputs/workload_cluster_name" }, { "name": "registry_namespace", @@ -770,6 +865,10 @@ "name": "pipeline_ibmcloud_api_key_secret_name", "value": "ibmcloud-api-key" }, + { + "name": "use_legacy_ref", + "value": false + }, { "name": "prefix", "value": "ref:../../inputs/prefix" @@ -797,16 +896,50 @@ ] }, { - "name": "Workload - Sample RAG App Configuration", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.b1bf8a3d-3d51-4362-a13b-eb528a38c6f3-global", + "name": "5d - Essential Security - Activity Tracker Event Routing", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.1d61413e-c149-4a3a-bd6d-9207e0c60385-global", "inputs": [ { - "name": "toolchain_region", + "name": "region", "value": "ref:../../inputs/region" }, { - "name": "ibmcloud_api_key", - "value": "" + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "existing_kms_instance_crn", + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" + }, + { + "name": "kms_encryption_enabled_buckets", + "value": true + }, + { + "name": "kms_endpoint_type", + "value": "private" + }, + { + "name": "existing_cos_instance_crn", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_crn" + }, + { + "name": "existing_cloud_logs_instance_crn", + "value": "ref:../4d - Essential Security - Cloud Logs for activity tracking/outputs/cloud_logs_crn" + }, + { + "name": "enable_activity_tracker_event_routing_to_cos_bucket", + "value": true + } + ] + }, + { + "name": "6 - Workload - Sample RAG Application", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.e7af3542-6a4a-44fe-b646-2598bb925719-global", + "inputs": [ + { + "name": "toolchain_region", + "value": "ref:../../inputs/region" }, { "name": "watson_discovery_region", @@ -822,31 +955,31 @@ }, { "name": "watson_assistant_instance_id", - "value": "ref:../Gen AI - WatsonX SaaS services/outputs/watsonx_assistant_guid" + "value": "ref:../3b - Gen AI - WatsonX SaaS services/outputs/watsonx_assistant_guid" }, { "name": "cd_pipeline_id", - "value": "ref:../Workload - DevSecOps Application Lifecycle Management/outputs/cd_pipeline_id" + "value": "ref:../5c - Workload - DevSecOps Application Lifecycle Management/outputs/cd_pipeline_id" }, { "name": "ci_pipeline_id", - "value": "ref:../Workload - DevSecOps Application Lifecycle Management/outputs/ci_pipeline_id" + "value": "ref:../5c - Workload - DevSecOps Application Lifecycle Management/outputs/ci_pipeline_id" }, { "name": "watson_machine_learning_instance_guid", - "value": "ref:../Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_guid" + "value": "ref:../3b - Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_guid" }, { "name": "watson_machine_learning_instance_resource_name", - "value": "ref:../Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_name" + "value": "ref:../3b - Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_name" }, { "name": "watson_machine_learning_instance_crn", - "value": "ref:../Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_crn" + "value": "ref:../3b - Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_crn" }, { "name": "toolchain_resource_group", - "value": "ref:../Account Infrastructure Base/outputs/devops_resource_group_name" + "value": "ref:../1 - Account Configuration/outputs/devops_resource_group_name" }, { "name": "prefix", @@ -854,7 +987,7 @@ }, { "name": "resource_group_name", - "value": "ref:../Account Infrastructure Base/outputs/devops_resource_group_name" + "value": "ref:../1 - Account Configuration/outputs/devops_resource_group_name" }, { "name": "use_existing_resource_group", @@ -866,203 +999,215 @@ }, { "name": "secrets_manager_guid", - "value": "ref:../Essential Security - Secrets Manager/outputs/secrets_manager_guid" + "value": "ref:../4c - Essential Security - Secrets Manager/outputs/secrets_manager_guid" }, { "name": "secrets_manager_region", - "value": "ref:../Essential Security - Secrets Manager/outputs/secrets_manager_region" + "value": "ref:../4c - Essential Security - Secrets Manager/outputs/secrets_manager_region" }, { "name": "elastic_instance_crn", - "value": "ref:../Gen AI - Databases for Elasticsearch/outputs/crn" + "value": "ref:../5b - Gen AI - Databases for Elasticsearch/outputs/crn" }, { "name": "cos_kms_crn", - "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" - }, - { - "name": "cluster_name", - "value": "ref:../Workload - Compute Red Hat OpenShift Container Platform on VPC/outputs/workload_cluster_name" - }, - { - "name": "cluster_zone_count", - "value": "ref:../Workload - Compute Red Hat OpenShift Container Platform on VPC/inputs/cluster_zones" + "value": "ref:../2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" } ] } ], "outputs": [ + { + "name": "cos_instance_crn", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_crn" + }, + { + "name": "cos_instance_guid", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_guid" + }, + { + "name": "cos_instance_name", + "value": "ref:../2b - Essential Security - Cloud Object Storage/outputs/cos_instance_name" + }, { "name": "elasticsearch_hostname", - "value": "ref:./members/Gen AI - Databases for Elasticsearch/outputs/hostname" + "value": "ref:./members/5b - Gen AI - Databases for Elasticsearch/outputs/hostname" }, { "name": "elasticsearch_port", - "value": "ref:./members/Gen AI - Databases for Elasticsearch/outputs/port" + "value": "ref:./members/5b - Gen AI - Databases for Elasticsearch/outputs/port" }, { "name": "elasticsearch_service_credentials_json", - "value": "ref:./members/Gen AI - Databases for Elasticsearch/outputs/service_credentials_json" + "value": "ref:./members/5b - Gen AI - Databases for Elasticsearch/outputs/service_credentials_json" }, { "name": "elasticsearch_crn", - "value": "ref:./members/Gen AI - Databases for Elasticsearch/outputs/crn" + "value": "ref:./members/5b - Gen AI - Databases for Elasticsearch/outputs/crn" }, { "name": "watsonx_project_url", - "value": "ref:./members/Workload - Sample RAG App Configuration/outputs/watsonx_project_url" + "value": "ref:./members/6 - Workload - Sample RAG Application/outputs/watsonx_project_url" }, { "name": "watsonx_project_id", - "value": "ref:./members/Workload - Sample RAG App Configuration/outputs/watsonx_project_id" + "value": "ref:./members/6 - Workload - Sample RAG Application/outputs/watsonx_project_id" }, { "name": "watson_discovery_api_url", - "value": "ref:./members/Workload - Sample RAG App Configuration/outputs/watson_discovery_api_url" + "value": "ref:./members/6 - Workload - Sample RAG Application/outputs/watson_discovery_api_url" }, { "name": "watson_discovery_project_id", - "value": "ref:./members/Workload - Sample RAG App Configuration/outputs/watson_discovery_project_id" + "value": "ref:./members/6 - Workload - Sample RAG Application/outputs/watson_discovery_project_id" }, { "name": "kms_instance_crn", - "value": "ref:./members/Essential Security - Encryption Key Management/outputs/kms_instance_crn" + "value": "ref:./members/2a - Essential Security - Encryption Key Management/outputs/kms_instance_crn" }, { "name": "kms_private_endpoint", - "value": "ref:./members/Essential Security - Encryption Key Management/outputs/kms_private_endpoint" + "value": "ref:./members/2a - Essential Security - Encryption Key Management/outputs/kms_private_endpoint" }, { "name": "kms_public_endpoint", - "value": "ref:./members/Essential Security - Encryption Key Management/outputs/kms_public_endpoint" + "value": "ref:./members/2a - Essential Security - Encryption Key Management/outputs/kms_public_endpoint" + }, + { + "name": "event_notifications_instance_crn", + "value": "ref:./members/3a - Essential Security - Event Notifications/outputs/crn" + }, + { + "name": "event_notifications_instance_name", + "value": "ref:./members/3a - Essential Security - Event Notifications/outputs/event_notification_instance_name" }, { - "name": "event_notification_instance_crn", - "value": "ref:./members/Essential Security - Event Notifications/outputs/crn" + "name": "event_notifications_instance_guid", + "value": "ref:./members/3a - Essential Security - Event Notifications/outputs/guid" }, { - "name": "event_notification_instance_name", - "value": "ref:./members/Essential Security - Event Notifications/outputs/event_notification_instance_name" + "name": "cloud_logs_for_logging_crn", + "value": "ref:./members/4a - Essential Security - Cloud Logs for logging/outputs/cloud_logs_crn" }, { - "name": "event_notification_instance_guid", - "value": "ref:./members/Essential Security - Event Notifications/outputs/guid" + "name": "cloud_logs_for_logging_guid", + "value": "ref:./members/4a - Essential Security - Cloud Logs for logging/outputs/cloud_logs_guid" }, { - "name": "cloud_logs_crn", - "value": "ref:./members/Essential Security - Logging Monitoring Activity Tracker/outputs/cloud_logs_crn" + "name": "cloud_logs_for_activity_tracking_crn", + "value": "ref:./members/4d - Essential Security - Cloud Logs for activity tracking/outputs/cloud_logs_crn" }, { - "name": "cloud_logs_guid", - "value": "ref:./members/Essential Security - Logging Monitoring Activity Tracker/outputs/cloud_logs_guid" + "name": "cloud_logs_for_activity_tracking_guid", + "value": "ref:./members/4d - Essential Security - Cloud Logs for activity tracking/outputs/cloud_logs_guid" }, { "name": "cloud_monitoring_crn", - "value": "ref:./members/Essential Security - Logging Monitoring Activity Tracker/outputs/cloud_monitoring_crn" + "value": "ref:./members/2c - Essential Security - Cloud Monitoring/outputs/cloud_monitoring_crn" }, { "name": "cloud_monitoring_guid", - "value": "ref:./members/Essential Security - Logging Monitoring Activity Tracker/outputs/cloud_monitoring_guid" + "value": "ref:./members/2c - Essential Security - Cloud Monitoring/outputs/cloud_monitoring_guid" }, { "name": "secrets_manager_crn", - "value": "ref:./members/Essential Security - Secrets Manager/outputs/secrets_manager_crn" + "value": "ref:./members/4c - Essential Security - Secrets Manager/outputs/secrets_manager_crn" }, { "name": "secrets_manager_guid", - "value": "ref:./members/Essential Security - Secrets Manager/outputs/secrets_manager_guid" + "value": "ref:./members/4c - Essential Security - Secrets Manager/outputs/secrets_manager_guid" }, { "name": "secrets_manager_name", - "value": "ref:./members/Essential Security - Secrets Manager/outputs/secrets_manager_name" + "value": "ref:./members/4c - Essential Security - Secrets Manager/outputs/secrets_manager_name" }, { "name": "app_config_crn", - "value": "ref:./members/Essential Security - App Configuration/outputs/app_config_crn" + "value": "ref:./members/4b - Essential Security - App Configuration/outputs/app_config_crn" }, { "name": "app_config_guid", - "value": "ref:./members/Essential Security - App Configuration/outputs/app_config_guid" + "value": "ref:./members/4b - Essential Security - App Configuration/outputs/app_config_guid" }, { "name": "scc_workload_protection_crn", - "value": "ref:./members/Essential Security - Security and Compliance Center Workload Protection/outputs/crn" + "value": "ref:./members/5a - Essential Security - Security and Compliance Center Workload Protection/outputs/scc_workload_protection_crn" }, { "name": "scc_workload_protection_guid", - "value": "ref:./members/Essential Security - Security and Compliance Center Workload Protection/outputs/guid" + "value": "ref:./members/5a - Essential Security - Security and Compliance Center Workload Protection/outputs/scc_workload_protection_id" }, { "name": "watson_discovery_crn", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_discovery_crn" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_discovery_crn" }, { "name": "watson_discovery_dashboard_url", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_discovery_dashboard_url" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_discovery_dashboard_url" }, { "name": "watson_machine_learning_crn", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_crn" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_crn" }, { "name": "watson_machine_learning_dashboard_url", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_dashboard_url" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_dashboard_url" }, { "name": "watson_machine_learning_guid", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_guid" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_guid" }, { "name": "watson_studio_crn", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_studio_crn" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_studio_crn" }, { "name": "watson_studio_dashboard_url", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_studio_dashboard_url" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_studio_dashboard_url" }, { "name": "watson_studio_guid", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_studio_guid" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_studio_guid" }, { "name": "watsonx_assistant_crn", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watsonx_assistant_crn" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watsonx_assistant_crn" }, { "name": "watsonx_assistant_dashboard_url", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watsonx_assistant_dashboard_url" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watsonx_assistant_dashboard_url" }, { "name": "watsonx_data_crn", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watsonx_data_crn" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watsonx_data_crn" }, { "name": "watsonx_data_dashboard_url", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watsonx_data_dashboard_url" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watsonx_data_dashboard_url" }, { "name": "watsonx_data_guid", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watsonx_data_guid" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watsonx_data_guid" }, { "name": "watson_discovery_guid", - "value": "ref:./members/Gen AI - WatsonX SaaS services/outputs/watson_discovery_guid" + "value": "ref:./members/3b - Gen AI - WatsonX SaaS services/outputs/watson_discovery_guid" }, { "name": "workload_cluster_name", - "value": "ref:./members/Workload - Compute Red Hat OpenShift Container Platform on VPC/outputs/workload_cluster_name" + "value": "ref:./members/3c - Workload - Compute Red Hat OpenShift Container Platform on VPC/outputs/workload_cluster_name" }, { "name": "workload_cluster_id", - "value": "ref:./members/Workload - Compute Red Hat OpenShift Container Platform on VPC/outputs/workload_cluster_id" + "value": "ref:./members/3c - Workload - Compute Red Hat OpenShift Container Platform on VPC/outputs/workload_cluster_id" }, { "name": "workload_cluster_private_service_endpoint_url", - "value": "ref:./members/Workload - Compute Red Hat OpenShift Container Platform on VPC/outputs/workload_cluster_private_service_endpoint_url" + "value": "ref:./members/3c - Workload - Compute Red Hat OpenShift Container Platform on VPC/outputs/workload_cluster_private_service_endpoint_url" }, { "name": "workload_cluster_public_service_endpoint_url", - "value": "ref:./members/Workload - Compute Red Hat OpenShift Container Platform on VPC/outputs/workload_cluster_public_service_endpoint_url" + "value": "ref:./members/3c - Workload - Compute Red Hat OpenShift Container Platform on VPC/outputs/workload_cluster_public_service_endpoint_url" } ] } diff --git a/tests/go.mod b/tests/go.mod index f1a792a1..e0d1d1b9 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -1,55 +1,56 @@ module github.com/terraform-ibm-modules/stack-retrieval-augmented-generation -go 1.23.0 +go 1.24.0 -toolchain go1.24.1 +toolchain go1.25.3 require ( - github.com/gruntwork-io/terratest v0.48.2 - github.com/stretchr/testify v1.10.0 - github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.47.1 + github.com/gruntwork-io/terratest v0.51.0 + github.com/stretchr/testify v1.11.1 + github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.60.17 ) require ( dario.cat/mergo v1.0.0 // indirect github.com/IBM-Cloud/bluemix-go v0.0.0-20240719075425-078fcb3a55be // indirect - github.com/IBM-Cloud/power-go-client v1.11.0 // indirect - github.com/IBM/cloud-databases-go-sdk v0.7.1 // indirect - github.com/IBM/go-sdk-core/v5 v5.19.0 // indirect - github.com/IBM/platform-services-go-sdk v0.79.0 // indirect - github.com/IBM/project-go-sdk v0.3.6 // indirect + github.com/IBM-Cloud/power-go-client v1.13.0 // indirect + github.com/IBM/cloud-databases-go-sdk v0.8.1 // indirect + github.com/IBM/go-sdk-core/v5 v5.21.0 // indirect + github.com/IBM/platform-services-go-sdk v0.89.0 // indirect + github.com/IBM/project-go-sdk v0.3.9 // indirect github.com/IBM/schematics-go-sdk v0.4.0 // indirect - github.com/IBM/vpc-go-sdk v0.65.0 // indirect + github.com/IBM/vpc-go-sdk v1.0.2 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect - github.com/ProtonMail/go-crypto v1.1.5 // indirect + github.com/ProtonMail/go-crypto v1.1.6 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect - github.com/cloudflare/circl v1.6.0 // indirect + github.com/cloudflare/circl v1.6.1 // indirect github.com/cyphar/filepath-securejoin v0.4.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/emirpasic/gods v1.18.1 // indirect - github.com/gabriel-vasile/mimetype v1.4.8 // indirect + github.com/gabriel-vasile/mimetype v1.4.9 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.6.2 // indirect - github.com/go-git/go-git/v5 v5.14.0 // indirect + github.com/go-git/go-git/v5 v5.16.3 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-openapi/analysis v0.21.5 // indirect - github.com/go-openapi/errors v0.22.1 // indirect - github.com/go-openapi/jsonpointer v0.20.1 // indirect - github.com/go-openapi/jsonreference v0.20.3 // indirect - github.com/go-openapi/loads v0.21.3 // indirect - github.com/go-openapi/runtime v0.26.0 // indirect - github.com/go-openapi/spec v0.20.12 // indirect - github.com/go-openapi/strfmt v0.23.0 // indirect - github.com/go-openapi/swag v0.22.5 // indirect - github.com/go-openapi/validate v0.22.4 // indirect + github.com/go-openapi/analysis v0.23.0 // indirect + github.com/go-openapi/errors v0.22.3 // indirect + github.com/go-openapi/jsonpointer v0.21.1 // indirect + github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/loads v0.22.0 // indirect + github.com/go-openapi/runtime v0.28.0 // indirect + github.com/go-openapi/spec v0.21.0 // indirect + github.com/go-openapi/strfmt v0.24.0 // indirect + github.com/go-openapi/swag v0.23.1 // indirect + github.com/go-openapi/validate v0.24.0 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/go-playground/validator/v10 v10.24.0 // indirect + github.com/go-playground/validator/v10 v10.26.0 // indirect + github.com/go-viper/mapstructure/v2 v2.4.0 // indirect github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/google/go-cmp v0.7.0 // indirect github.com/google/uuid v1.6.0 // indirect @@ -61,41 +62,44 @@ require ( github.com/hashicorp/go-safetemp v1.0.0 // indirect github.com/hashicorp/go-version v1.7.0 // indirect github.com/hashicorp/hcl/v2 v2.22.0 // indirect - github.com/hashicorp/terraform-json v0.24.0 // indirect + github.com/hashicorp/terraform-json v0.27.2 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jinzhu/copier v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/klauspost/compress v1.16.7 // indirect github.com/leodido/go-urn v1.4.0 // indirect - github.com/mailru/easyjson v0.7.7 // indirect + github.com/mailru/easyjson v0.9.0 // indirect github.com/mattn/go-zglob v0.0.4 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-testing-interface v1.14.1 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect - github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/pjbgf/sha1cd v0.3.2 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect github.com/skeema/knownhosts v1.3.1 // indirect + github.com/stretchr/objx v0.5.2 // indirect github.com/tmccombs/hcl2json v0.6.4 // indirect github.com/ulikunitz/xz v0.5.11 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect - github.com/zclconf/go-cty v1.15.1 // indirect - go.mongodb.org/mongo-driver v1.17.2 // indirect - go.opentelemetry.io/otel v1.29.0 // indirect - go.opentelemetry.io/otel/metric v1.29.0 // indirect - go.opentelemetry.io/otel/trace v1.29.0 // indirect - golang.org/x/crypto v0.36.0 // indirect - golang.org/x/mod v0.18.0 // indirect - golang.org/x/net v0.37.0 // indirect - golang.org/x/sync v0.12.0 // indirect - golang.org/x/sys v0.31.0 // indirect - golang.org/x/text v0.23.0 // indirect - golang.org/x/tools v0.22.0 // indirect + github.com/zclconf/go-cty v1.16.4 // indirect + go.mongodb.org/mongo-driver v1.17.4 // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/otel v1.35.0 // indirect + go.opentelemetry.io/otel/metric v1.35.0 // indirect + go.opentelemetry.io/otel/trace v1.35.0 // indirect + go.yaml.in/yaml/v2 v2.4.2 // indirect + golang.org/x/crypto v0.43.0 // indirect + golang.org/x/mod v0.28.0 // indirect + golang.org/x/net v0.45.0 // indirect + golang.org/x/sync v0.17.0 // indirect + golang.org/x/sys v0.37.0 // indirect + golang.org/x/text v0.30.0 // indirect + golang.org/x/tools v0.37.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect + sigs.k8s.io/yaml v1.6.0 // indirect ) diff --git a/tests/go.sum b/tests/go.sum index bce79c1f..40652bf9 100644 --- a/tests/go.sum +++ b/tests/go.sum @@ -2,25 +2,26 @@ dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/IBM-Cloud/bluemix-go v0.0.0-20240719075425-078fcb3a55be h1:USOcBHkYQ4o/ccoEvoHinrba8NQthLJpFXnAoBY+MI4= github.com/IBM-Cloud/bluemix-go v0.0.0-20240719075425-078fcb3a55be/go.mod h1:/7hMjdZA6fEpd/dQAOEABxKEwN0t72P3PlpEDu0Y7bE= -github.com/IBM-Cloud/power-go-client v1.11.0 h1:4xlYXF2+S3s6Crb0D2+d5c1kb6gUE7eowMXLB7Q6cWY= -github.com/IBM-Cloud/power-go-client v1.11.0/go.mod h1:UDyXeIKEp6r7yWUXYu3r0ZnFSlNZ2YeQTHwM2Tmlgv0= -github.com/IBM/cloud-databases-go-sdk v0.7.1 h1:5kK4/3NUsGxZzmuUe+1ftajpOQbeDVh5VeemrPgROP4= -github.com/IBM/cloud-databases-go-sdk v0.7.1/go.mod h1:JYucI1PdwqbAd8XGdDAchxzxRP7bxOh1zUnseovHKsc= -github.com/IBM/go-sdk-core/v5 v5.19.0 h1:YN2S5JUvq/EwYulmcNFwgyYBxZhVWl9nkY22H7Hpghw= -github.com/IBM/go-sdk-core/v5 v5.19.0/go.mod h1:deZO1J5TSlU69bCnl/YV7nPxFZA2UEaup7cq/7ZTOgw= -github.com/IBM/platform-services-go-sdk v0.79.0 h1:qCNheB3390holPcpDxdgNyi11JS6ZfsL39YgnJEOsTo= -github.com/IBM/platform-services-go-sdk v0.79.0/go.mod h1:FzCPOfbNAt0s9RwtIrbJbfDwA7mKIObtZ/18KnviKr0= -github.com/IBM/project-go-sdk v0.3.6 h1:DRiANKnAePevFsIKSvR89SUaMa2xsd7YKK71Ka1eqKI= -github.com/IBM/project-go-sdk v0.3.6/go.mod h1:FOJM9ihQV3EEAY6YigcWiTNfVCThtdY8bLC/nhQHFvo= +github.com/IBM-Cloud/power-go-client v1.13.0 h1:TqxPlkJe0VkNdV9hYOD5NRepxEFhhyKXWXfg22x2zhU= +github.com/IBM-Cloud/power-go-client v1.13.0/go.mod h1:SpTK1ttW8bfMNUVQS8qOEuWn2KOkzaCLyzfze8MG1JE= +github.com/IBM/cloud-databases-go-sdk v0.8.1 h1:ULQ5L8V/9z79/qS185LqbIK2LD4kMtk3Hdhp4lFMVcw= +github.com/IBM/cloud-databases-go-sdk v0.8.1/go.mod h1:JYucI1PdwqbAd8XGdDAchxzxRP7bxOh1zUnseovHKsc= +github.com/IBM/go-sdk-core/v5 v5.9.2/go.mod h1:YlOwV9LeuclmT/qi/LAK2AsobbAP42veV0j68/rlZsE= +github.com/IBM/go-sdk-core/v5 v5.21.0 h1:DUnYhvC4SoC8T84rx5omnhY3+xcQg/Whyoa3mDPIMkk= +github.com/IBM/go-sdk-core/v5 v5.21.0/go.mod h1:Q3BYO6iDA2zweQPDGbNTtqft5tDcEpm6RTuqMlPcvbw= +github.com/IBM/platform-services-go-sdk v0.89.0 h1:fIvKR1bQchPoMUXQf69gaRKak/giVAkRDISiAX8TlE8= +github.com/IBM/platform-services-go-sdk v0.89.0/go.mod h1:aGD045m6I8pfcB77wft8w2cHqWOJjcM3YSSV55BX0Js= +github.com/IBM/project-go-sdk v0.3.9 h1:D/UfMMn+vMQyvYf9EfocV6HrD3HcVpeIVoUSjNKuROo= +github.com/IBM/project-go-sdk v0.3.9/go.mod h1:FOJM9ihQV3EEAY6YigcWiTNfVCThtdY8bLC/nhQHFvo= github.com/IBM/schematics-go-sdk v0.4.0 h1:x01f/tPquYJYLQzJLGuxWfCbV/EdSMXRikOceNy/JLM= github.com/IBM/schematics-go-sdk v0.4.0/go.mod h1:Xe7R7xgwmXBHu09w2CbBe8lkWZaYxNQo19bS4dpLrUA= -github.com/IBM/vpc-go-sdk v0.65.0 h1:wCOm4pPdrsPnnHlpLHrqntLdzEmyjafK5BfZdke/ntI= -github.com/IBM/vpc-go-sdk v0.65.0/go.mod h1:VL7sy61ybg6tvA60SepoQx7TFe20m7JyNUt+se2tHP4= +github.com/IBM/vpc-go-sdk v1.0.2 h1:WhI1Cb8atA8glUdFg0SEUh9u8afjnKHxZAj9onQBi04= +github.com/IBM/vpc-go-sdk v1.0.2/go.mod h1:42NO/XCXsyrYqpvtxoX5xwSEv/jBU1MKEoyaYkIUico= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= -github.com/ProtonMail/go-crypto v1.1.5 h1:eoAQfK2dwL+tFSFpr7TbOaPNUbPiJj4fLYwwGE1FQO4= -github.com/ProtonMail/go-crypto v1.1.5/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNxpLfdw= +github.com/ProtonMail/go-crypto v1.1.6/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= @@ -31,6 +32,7 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -38,8 +40,8 @@ github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/cloudflare/circl v1.6.0 h1:cr5JKic4HI+LkINy2lg3W2jF8sHCVTBncJr5gIIq7qk= -github.com/cloudflare/circl v1.6.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= +github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= +github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= @@ -56,8 +58,8 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM= -github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8= +github.com/gabriel-vasile/mimetype v1.4.9 h1:5k+WDwEsD9eTLL8Tz3L0VnmVh9QxGjRmjBvAG7U/oYY= +github.com/gabriel-vasile/mimetype v1.4.9/go.mod h1:WnSQhFKJuBlRyLiKohA/2DtIlPFAbguNaG7QCHcyGok= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c= @@ -68,8 +70,8 @@ github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UN github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.14.0 h1:/MD3lCrGjCen5WfEAzKg00MJJffKhC8gzS80ycmCi60= -github.com/go-git/go-git/v5 v5.14.0/go.mod h1:Z5Xhoia5PcWA3NF8vRLURn9E5FRhSl7dGj9ItW3Wk5k= +github.com/go-git/go-git/v5 v5.16.3 h1:Z8BtvxZ09bYm/yYNgPKCzgWtaRqDTgIKRgIRHBfU6Z8= +github.com/go-git/go-git/v5 v5.16.3/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -78,40 +80,47 @@ github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-openapi/analysis v0.21.5 h1:3tHfEBh6Ia8eKc4M7khOGjPOAlWKJ10d877Cr9teujI= -github.com/go-openapi/analysis v0.21.5/go.mod h1:25YcZosX9Lwz2wBsrFrrsL8bmjjXdlyP6zsr2AMy29M= +github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU= +github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo= +github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk= -github.com/go-openapi/errors v0.22.1 h1:kslMRRnK7NCb/CvR1q1VWuEQCEIsBGn5GgKD9e+HYhU= -github.com/go-openapi/errors v0.22.1/go.mod h1:+n/5UdIqdVnLIJ6Q9Se8HNGUXYaY6CN8ImWzfi/Gzp0= -github.com/go-openapi/jsonpointer v0.20.1 h1:MkK4VEIEZMj4wT9PmjaUmGflVBr9nvud4Q4UVFbDoBE= -github.com/go-openapi/jsonpointer v0.20.1/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= -github.com/go-openapi/jsonreference v0.20.3 h1:EjGcjTW8pD1mRis6+w/gmoBdqv5+RbE9B85D1NgDOVQ= -github.com/go-openapi/jsonreference v0.20.3/go.mod h1:FviDZ46i9ivh810gqzFLl5NttD5q3tSlMLqLr6okedM= -github.com/go-openapi/loads v0.21.3 h1:8sSH2FIm/SnbDUGv572md4YqVMFne/a9Eubvcd3anew= -github.com/go-openapi/loads v0.21.3/go.mod h1:Y3aMR24iHbKHppOj91nQ/SHc0cuPbAr4ndY4a02xydc= -github.com/go-openapi/runtime v0.26.0 h1:HYOFtG00FM1UvqrcxbEJg/SwvDRvYLQKGhw2zaQjTcc= -github.com/go-openapi/runtime v0.26.0/go.mod h1:QgRGeZwrUcSHdeh4Ka9Glvo0ug1LC5WyE+EV88plZrQ= -github.com/go-openapi/spec v0.20.12 h1:cgSLbrsmziAP2iais+Vz7kSazwZ8rsUZd6TUzdDgkVI= -github.com/go-openapi/spec v0.20.12/go.mod h1:iSCgnBcwbMW9SfzJb8iYynXvcY6C/QFrI7otzF7xGM4= +github.com/go-openapi/errors v0.22.3 h1:k6Hxa5Jg1TUyZnOwV2Lh81j8ayNw5VVYLvKrp4zFKFs= +github.com/go-openapi/errors v0.22.3/go.mod h1:+WvbaBBULWCOna//9B9TbLNGSFOfF8lY9dw4hGiEiKQ= +github.com/go-openapi/jsonpointer v0.21.1 h1:whnzv/pNXtK2FbX/W9yJfRmE2gsmkfahjMKB0fZvcic= +github.com/go-openapi/jsonpointer v0.21.1/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= +github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco= +github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs= +github.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ= +github.com/go-openapi/runtime v0.28.0/go.mod h1:QN7OzcS+XuYmkQLw05akXk0jRH/eZ3kb18+1KwW9gyc= +github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY= +github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk= +github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= github.com/go-openapi/strfmt v0.21.7/go.mod h1:adeGTkxE44sPyLk0JV235VQAO/ZXUr8KAzYjclFs3ew= -github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c= -github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4= -github.com/go-openapi/swag v0.22.5 h1:fVS63IE3M0lsuWRzuom3RLwUMVI2peDH01s6M70ugys= -github.com/go-openapi/swag v0.22.5/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0= -github.com/go-openapi/validate v0.22.4 h1:5v3jmMyIPKTR8Lv9syBAIRxG6lY0RqeBPB1LKEijzk8= -github.com/go-openapi/validate v0.22.4/go.mod h1:qm6O8ZIcPVdSY5219468Jv7kBdGvkiZLPOmqnqTUZ2A= +github.com/go-openapi/strfmt v0.24.0 h1:dDsopqbI3wrrlIzeXRbqMihRNnjzGC+ez4NQaAAJLuc= +github.com/go-openapi/strfmt v0.24.0/go.mod h1:Lnn1Bk9rZjXxU9VMADbEEOo7D7CDyKGLsSKekhFr7s4= +github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU= +github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0= +github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58= +github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ= github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= +github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs= github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= +github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.24.0 h1:KHQckvo8G6hlWnrPX4NJJ+aBfWNAE/HH+qdL2cBpCmg= -github.com/go-playground/validator/v10 v10.24.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus= +github.com/go-playground/validator/v10 v10.26.0 h1:SP05Nqhjcvz81uJaRfEV0YBSSSGMc/iMaVtFbr3Sw2k= +github.com/go-playground/validator/v10 v10.26.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M= github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8= +github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs= +github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM= github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ= github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -136,22 +145,26 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/gruntwork-io/terratest v0.48.2 h1:+VwfODchq8jxZZWD+s8gBlhD1z6/C4bFLNrhpm9ONrs= -github.com/gruntwork-io/terratest v0.48.2/go.mod h1:Y5ETyD4ZQ2MZhasPno272fWuCpKwvTPYDi8Y0tIMqTE= +github.com/gruntwork-io/terratest v0.51.0 h1:RCXlCwWlHqhUoxgF6n3hvywvbvrsTXqoqt34BrnLekw= +github.com/gruntwork-io/terratest v0.51.0/go.mod h1:evZHXb8VWDgv5O5zEEwfkwMhkx9I53QR/RB11cISrpg= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-getter/v2 v2.2.3 h1:6CVzhT0KJQHqd9b0pK3xSP0CM/Cv+bVhk+jcaRJ2pGk= github.com/hashicorp/go-getter/v2 v2.2.3/go.mod h1:hp5Yy0GMQvwWVUmwLs3ygivz1JSLI323hdIE9J9m7TY= +github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/hashicorp/go-retryablehttp v0.7.0/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo= @@ -160,8 +173,8 @@ github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKe github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/hcl/v2 v2.22.0 h1:hkZ3nCtqeJsDhPRFz5EA9iwcG1hNWGePOTw6oyul12M= github.com/hashicorp/hcl/v2 v2.22.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= -github.com/hashicorp/terraform-json v0.24.0 h1:rUiyF+x1kYawXeRth6fKFm/MdfBS6+lW4NbeATsYz8Q= -github.com/hashicorp/terraform-json v0.24.0/go.mod h1:Nfj5ubo9xbu9uiAoZVBsNOjvNKB66Oyrvtit74kC7ow= +github.com/hashicorp/terraform-json v0.27.2 h1:BwGuzM6iUPqf9JYM/Z4AF1OJ5VVJEEzoKST/tRDBJKU= +github.com/hashicorp/terraform-json v0.27.2/go.mod h1:GzPLJ1PLdUG5xL6xn1OXWIjteQRT2CNT9o/6A9mi9hE= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= @@ -182,10 +195,11 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY= github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= +github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= @@ -198,7 +212,7 @@ github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJ github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= -github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= @@ -209,6 +223,7 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= +github.com/onsi/ginkgo v1.14.2/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= @@ -230,6 +245,7 @@ github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xl github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= +github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7mt48= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo= @@ -247,8 +263,8 @@ github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJK github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= -github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= -github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y= +github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4= @@ -274,13 +290,14 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.47.1 h1:tNFE95ARyd8tTjP0zSmIJIFKBf7Kdl8Cuwp5NZ1xqUo= -github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.47.1/go.mod h1:be/us5lpuIvNmni1CXR0nJcAiFJkvluQDM0iFe960s8= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= +github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.60.17 h1:unGRxvM9OJBTsfDQg/AZCYOeJZ5TqrCsPphjWJ2wI94= +github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.60.17/go.mod h1:g0kmBhFk6pVoTmse42tMNCSNktiOYJHAda/pAzOIxco= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tmccombs/hcl2json v0.6.4 h1:/FWnzS9JCuyZ4MNwrG4vMrFrzRgsWEOVi+1AyYUVLGw= github.com/tmccombs/hcl2json v0.6.4/go.mod h1:+ppKlIW3H5nsAsZddXPy2iMyvld3SHxyjswOZhavRDk= @@ -289,29 +306,37 @@ github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0o github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= +github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g= +github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8= github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/zclconf/go-cty v1.15.1 h1:RgQYm4j2EvoBRXOPxhUvxPzRrGDo1eCOhHXuGfrj5S0= -github.com/zclconf/go-cty v1.15.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty v1.16.4 h1:QGXaag7/7dCzb+odlGrgr+YmYZFaOCMW6DEpS+UD1eE= +github.com/zclconf/go-cty v1.16.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= +go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng= go.mongodb.org/mongo-driver v1.11.3/go.mod h1:PTSz5yu21bkT/wXpkS7WR5f0ddqw5quethTUn9WM+2g= -go.mongodb.org/mongo-driver v1.17.2 h1:gvZyk8352qSfzyZ2UMWcpDpMSGEr1eqE4T793SqyhzM= -go.mongodb.org/mongo-driver v1.17.2/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ= -go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= -go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= -go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc= -go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= +go.mongodb.org/mongo-driver v1.17.4 h1:jUorfmVzljjr0FLzYQsGP8cgN/qzzxlY9Vh0C9KFXVw= +go.mongodb.org/mongo-driver v1.17.4/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ= +go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y= +go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M= +go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE= go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= -go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= -go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= +go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs= +go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc= +go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI= +go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= @@ -321,8 +346,8 @@ golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98y golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= -golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= +golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04= +golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= @@ -333,13 +358,15 @@ golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= -golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U= +golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -360,10 +387,11 @@ golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c= -golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/net v0.45.0 h1:RLBg5JKixCy82FtLJpeNlVM0nrSqpCRYzVU1n8kj0tM= +golang.org/x/net v0.45.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -371,8 +399,8 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= -golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= +golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -382,6 +410,7 @@ golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -408,8 +437,8 @@ golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= -golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= +golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -424,10 +453,12 @@ golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y= -golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= +golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q= +golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= @@ -440,9 +471,10 @@ golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= -golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= +golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k= +golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= @@ -456,8 +488,8 @@ golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= -golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= -golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= +golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE= +golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -471,8 +503,8 @@ google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= -google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= +google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -480,6 +512,8 @@ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= +gopkg.in/go-playground/validator.v9 v9.31.0/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= @@ -490,5 +524,8 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= +sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/tests/pr_test.go b/tests/pr_test.go index 6a95df02..458bbc3c 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -58,12 +58,12 @@ func TestProjectsBasicFullTest(t *testing.T) { t.Fatal(kerr) } options.StackInputs = map[string]interface{}{ - "resource_group_name": options.ResourceGroup, - "region": validRegions[rand.Intn(len(validRegions))], - "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], - "prefix": options.Prefix, - "signing_key": privateKey, - "secret_manager_service_plan": "trial", + "resource_group_name": options.ResourceGroup, + "region": validRegions[rand.Intn(len(validRegions))], + "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], + "prefix": options.Prefix, + "signing_key": privateKey, + "secrets_manager_service_plan": "trial", } err := options.RunProjectsTest() @@ -78,7 +78,7 @@ func TestProjectsBasicExistingResourcesTest(t *testing.T) { t.Parallel() // ------------------------------------------------------------------------------------ - // Provision RG, EN and SM + // Provision RG, EN, SM and KMS // ------------------------------------------------------------------------------------ prefix := fmt.Sprintf("ragext-%s", strings.ToLower(random.UniqueId())) @@ -124,17 +124,18 @@ func TestProjectsBasicExistingResourcesTest(t *testing.T) { } options.StackInputs = map[string]interface{}{ - "prefix": terraform.Output(t, existingTerraformOptions, "prefix"), - "region": terraform.Output(t, existingTerraformOptions, "region"), - "existing_resource_group_name": terraform.Output(t, existingTerraformOptions, "resource_group_name"), - "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack - "enable_platform_metrics": false, - "existing_secrets_manager_crn": terraform.Output(t, existingTerraformOptions, "secrets_manager_instance_crn"), - "skip_iam_authorization_policy": true, // skip as s2s auth policy was already created for existing instance - "signing_key": privateKey, - "existing_kms_instance_crn": terraform.Output(t, existingTerraformOptions, "kms_instance_crn"), - "existing_event_notification_instance_crn": terraform.Output(t, existingTerraformOptions, "event_notification_instance_crn"), - "en_email_list": []string{"GoldenEye.Operations@ibm.com"}, + "prefix": terraform.Output(t, existingTerraformOptions, "prefix"), + "region": terraform.Output(t, existingTerraformOptions, "region"), + "existing_resource_group_name": terraform.Output(t, existingTerraformOptions, "resource_group_name"), + "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack + "enable_platform_metrics": false, + "existing_secrets_manager_crn": terraform.Output(t, existingTerraformOptions, "secrets_manager_instance_crn"), + "skip_secrets_manager_iam_auth_policy": true, // skip as s2s auth policy was already created for existing instance + "signing_key": privateKey, + "existing_kms_instance_crn": terraform.Output(t, existingTerraformOptions, "kms_instance_crn"), + "existing_event_notifications_instance_crn": terraform.Output(t, existingTerraformOptions, "event_notifications_instance_crn"), + "event_notifications_email_list": []string{"GoldenEye.Operations@ibm.com"}, + "secrets_manager_secret_groups": []string{}, // Don't create any secret groups in existing instance (The default 'General' group already exists) } err := options.RunProjectsTest() @@ -174,12 +175,12 @@ func TestProjectsStandardFullTest(t *testing.T) { t.Fatal(kerr) } options.StackInputs = map[string]interface{}{ - "resource_group_name": options.ResourceGroup, - "region": validRegions[rand.Intn(len(validRegions))], - "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], - "prefix": options.Prefix, - "signing_key": privateKey, - "secret_manager_service_plan": "trial", + "resource_group_name": options.ResourceGroup, + "region": validRegions[rand.Intn(len(validRegions))], + "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], + "prefix": options.Prefix, + "signing_key": privateKey, + "secrets_manager_service_plan": "trial", } err := options.RunProjectsTest() diff --git a/tests/resources/main.tf b/tests/resources/main.tf index ff7aa5c6..8ede1846 100644 --- a/tests/resources/main.tf +++ b/tests/resources/main.tf @@ -4,7 +4,7 @@ module "resource_group" { source = "terraform-ibm-modules/resource-group/ibm" - version = "1.1.6" + version = "1.4.0" # if an existing resource group is not set (null) create a new one using prefix resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null existing_resource_group_name = var.resource_group @@ -16,7 +16,7 @@ module "resource_group" { module "event_notifications" { source = "terraform-ibm-modules/event-notifications/ibm" - version = "1.19.8" + version = "2.10.7" resource_group_id = module.resource_group.resource_group_id name = "${var.prefix}-en" tags = var.resource_tags @@ -30,7 +30,7 @@ module "event_notifications" { module "secrets_manager" { source = "terraform-ibm-modules/secrets-manager/ibm" - version = "2.0.0" + version = "2.11.3" resource_group_id = module.resource_group.resource_group_id region = var.region secrets_manager_name = "${var.prefix}-secrets-manager" #tfsec:ignore:general-secrets-no-plaintext-exposure @@ -44,7 +44,7 @@ module "secrets_manager" { module "key_protect_all_inclusive" { source = "terraform-ibm-modules/kms-all-inclusive/ibm" - version = "4.21.4" + version = "5.4.5" resource_group_id = module.resource_group.resource_group_id key_protect_instance_name = "${var.prefix}-kms" region = var.region diff --git a/tests/resources/outputs.tf b/tests/resources/outputs.tf index 7e7a5229..0a07359a 100644 --- a/tests/resources/outputs.tf +++ b/tests/resources/outputs.tf @@ -18,9 +18,9 @@ output "resource_group_id" { description = "Resource group ID" } -output "event_notification_instance_crn" { +output "event_notifications_instance_crn" { value = module.event_notifications.crn - description = "CRN of created event notification" + description = "CRN of created event notifications" } output "secrets_manager_instance_crn" {