feat: Added Event Routing account settings variation to the DA (#48)

Author: arya-girish-k

.catalog-onboard-pipeline.yaml

@@ -12,3 +12,6 @@ offerings:
         scc:
           instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
           region: us-south
+      - name: event-routing-account-settings
+        mark_ready: true
+        install_type: fullstack

ibm_catalog.json

@@ -493,7 +493,7 @@
             "features": [
               {
                 "title": " ",
-                "description": "Configured to use IBM secure by default standards, but can be edited to fit your use case."
+                "description": "Configures the Activity Tracker Event Routing service to route auditing events to an Object Storage bucket and Cloud Logs target"
               }
             ],
             "diagrams": [
@@ -507,6 +507,97 @@
               }
             ]
           }
+        },
+        {
+          "label": "Event Routing account settings",
+          "name": "event-routing-account-settings",
+          "index": 2,
+          "install_type": "fullstack",
+          "working_directory": "solutions/event-routing-account-settings",
+          "configuration": [
+            {
+              "key": "ibmcloud_api_key"
+            },
+            {
+              "key": "default_targets",
+              "custom_config": {
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "config_constraints": {
+                  "type": "string"
+                }
+              }
+            },
+            {
+              "key": "primary_metadata_region"
+            },
+            {
+              "key": "backup_metadata_region"
+            },
+            {
+              "key": "permitted_target_regions",
+              "custom_config": {
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "config_constraints": {
+                  "type": "string"
+                }
+              }
+            },
+            {
+              "key": "private_api_endpoint_only"
+            },
+            {
+              "key": "provider_visibility",
+              "hidden": true,
+              "options": [
+                {
+                  "displayname": "private",
+                  "value": "private"
+                },
+                {
+                  "displayname": "public",
+                  "value": "public"
+                },
+                {
+                  "displayname": "public-and-private",
+                  "value": "public-and-private"
+                }
+              ]
+            }
+          ],
+          "iam_permissions": [
+            {
+              "service_name": "All account management services",
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Administrator"
+              ]
+            },
+            {
+              "service_name": "atracker",
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Administrator"
+              ]
+            }
+          ],
+          "architecture": {
+            "features": [
+              {
+                "title": " ",
+                "description": "Configures account settings for Activity Tracker Event Routing."
+              }
+            ],
+            "diagrams": [
+              {
+                "diagram": {
+                  "caption": "Event Routing Account Settings",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-activity-tracker/main/reference-architecture/deployable-architecture-account-settings.svg",
+                  "type": "image/svg+xml"
+                },
+                "description": "This architecture supports configuring the Activity Tracker Event Routing Account Settings."
+              }
+            ]
+          }
         }
       ]
     }

reference-architecture/deployable-architecture-account-settings.svg

@@ -0,0 +1,3 @@
+# Cloud automation for Cloud Monitoring (Event Routing Account Settings)
+
+:exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).

solutions/event-routing-account-settings/README.md

@@ -0,0 +1,3 @@
+{
+  "ibmcloud_api_key": $VALIDATION_APIKEY"
+}

solutions/event-routing-account-settings/catalogValidationValues.json.template

@@ -0,0 +1,15 @@
+#######################################################################################################################
+# IBM Cloud Activity Tracker Event Routing
+#######################################################################################################################
+
+module "account_routing_settings" {
+  source = "../.."
+
+  global_event_routing_settings = {
+    default_targets           = var.default_targets
+    metadata_region_primary   = var.primary_metadata_region
+    metadata_region_backup    = var.backup_metadata_region
+    permitted_target_regions  = var.permitted_target_regions
+    private_api_endpoint_only = var.private_api_endpoint_only
+  }
+}

solutions/event-routing-account-settings/main.tf

@@ -0,0 +1,3 @@
+##############################################################################
+# Outputs
+##############################################################################

solutions/event-routing-account-settings/outputs.tf

@@ -0,0 +1,4 @@
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+  visibility       = var.provider_visibility
+}

solutions/event-routing-account-settings/provider.tf

@@ -0,0 +1,57 @@
+########################################################################################################################
+# Common variables
+########################################################################################################################
+
+variable "ibmcloud_api_key" {
+  type        = string
+  description = "The IBM Cloud API key with access to configure Activity Tracker Event Routing account settings."
+  sensitive   = true
+}
+
+variable "provider_visibility" {
+  description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)."
+  type        = string
+  default     = "public"
+
+  validation {
+    condition     = contains(["public", "private", "public-and-private"], var.provider_visibility)
+    error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'."
+  }
+}
+########################################################################################################################
+# IBM Cloud Activity Tracker Event Routing
+########################################################################################################################
+
+variable "default_targets" {
+  description = "Where activity events that are not explicitly managed in the account's routing rules are routed. You can define up to 2 default targets per account. Consider defining a second default target when you want to collect the data in a backup location."
+  type        = list(string)
+  default     = []
+}
+
+variable "primary_metadata_region" {
+  description = "Storage location for target, route, and settings metadata in your IBM Cloud account. To store all configuration metadata in a single region, set this value explicitly."
+  type        = string
+  default     = "us-south"
+}
+
+variable "backup_metadata_region" {
+  description = "You can also configure a backup location where the metadata is stored for recovery purposes. The `backup_metadata_region` can't be the same as `primary_metadata_region`."
+  type        = string
+  default     = null
+  validation {
+    error_message = "`metadata_region_backup` cannot be the same as `metadata_region_primary`."
+    condition     = var.backup_metadata_region == null || var.primary_metadata_region != var.backup_metadata_region
+  }
+}
+
+variable "permitted_target_regions" {
+  description = "Control where targets collecting audit events can be located.  To allow targets in any region (i.e., No restrictions), configure this field as an empty list `[]`."
+  type        = list(string)
+  default     = []
+}
+
+variable "private_api_endpoint_only" {
+  description = "Public endpoints can be disabled for managing Activity Tracker Event Routing configuration via the CLI or REST API. When public endpoints are disabled, the Activity Tracker Event Routing UI will be inaccessible."
+  type        = bool
+  default     = false
+}

solutions/event-routing-account-settings/variables.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.9.0"
+  required_providers {
+    # Lock DA into an exact provider version - renovate automation will keep it updated
+    ibm = {
+      source  = "ibm-cloud/ibm"
+      version = "1.80.4"
+    }
+  }
+}