Add Event routing account settings variation

ibm_catalog.json

@@ -506,6 +506,88 @@
               }
             ]
           }
+        },
+        {
+          "label": "Event Routing Account Settings",
+          "name": "event-routing-account-settings",
+          "index": 2,
+          "install_type": "fullstack",
+          "working_directory": "solutions/event-routing-account-settings",
+          "configuration": [
+            {
+              "key": "ibmcloud_api_key"
+            },
+            {
+              "key": "region"
+            },
+            {
+              "key": "default_targets"
+            },
+            {
+              "key": "metadata_region_primary"
+            },
+            {
+              "key": "metadata_region_backup"
+            },
+            {
+              "key": "permitted_target_regions"
+            },
+            {
+              "key": "private_api_endpoint_only"
+            },
+            {
+              "key": "provider_visibility",
+              "hidden": true,
+              "options": [
+                {
+                  "displayname": "private",
+                  "value": "private"
+                },
+                {
+                  "displayname": "public",
+                  "value": "public"
+                },
+                {
+                  "displayname": "public-and-private",
+                  "value": "public-and-private"
+                }
+              ]
+            }
+          ],
+          "iam_permissions": [
+            {
+              "service_name": "All account management services",
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Administrator"
+              ],
+              "notes": "Required for setting up foundational IBM Cloud account components such as IAM settings, trusted profiles, access groups, and resource groups."
+            },
+            {
+              "service_name": "atracker",
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Administrator"
+              ],
+              "notes": "Required for manage event routing account settings."
+            }
+          ],
+          "architecture": {
+            "features": [
+              {
+                "title": " ",
+                "description": "Configured to use IBM secure by default standards, but can be edited to fit your use case."
+              }
+            ],
+            "diagrams": [
+              {
+                "diagram": {
+                  "caption": "Event Routing Account Settings",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-activity-tracker/main/reference-architecture/deployable-architecture-account-settings.svg",
+                  "type": "image/svg+xml"
+                },
+                "description": "This architecture supports configuring the Activity Tracker Event Routing Account Settings."
+              }
+            ]
+          }
         }
       ]
     }

solutions/event-routing-account-settings/README.md

@@ -0,0 +1,3 @@
+# Cloud automation for Cloud Monitoring (Event Routing Account Settings)
+
+:exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).

solutions/event-routing-account-settings/main.tf

@@ -0,0 +1,15 @@
+#######################################################################################################################
+# IBM Cloud Activity Tracker Event Routing
+#######################################################################################################################
+
+module "account_routing_settings" {
+  source = "../.."
+
+  global_event_routing_settings = {
+    default_targets           = var.default_targets
+    metadata_region_primary   = var.metadata_region_primary
+    metadata_region_backup    = var.metadata_region_backup
+    permitted_target_regions  = var.permitted_target_regions
+    private_api_endpoint_only = var.private_api_endpoint_only
+  }
+}

solutions/event-routing-account-settings/outputs.tf

@@ -0,0 +1,3 @@
+##############################################################################
+# Outputs
+##############################################################################

solutions/event-routing-account-settings/provider.tf

@@ -0,0 +1,6 @@
+provider "ibm" {
+  ibmcloud_api_key      = var.ibmcloud_api_key
+  region                = var.region
+  visibility            = var.provider_visibility
+  private_endpoint_type = (var.provider_visibility == "private" && var.region == "ca-mon") ? "vpe" : null
+}

solutions/event-routing-account-settings/variables.tf

@@ -0,0 +1,60 @@
+########################################################################################################################
+# Common variables
+########################################################################################################################
+
+variable "ibmcloud_api_key" {
+  type        = string
+  description = "The IBM Cloud API key to deploy resources."
+  sensitive   = true
+}
+
+variable "provider_visibility" {
+  description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)."
+  type        = string
+  default     = "private"
+
+  validation {
+    condition     = contains(["public", "private", "public-and-private"], var.provider_visibility)
+    error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'."
+  }
+}
+
+variable "region" {
+  description = "The region to provision all resources in. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/region) about how to select different regions for different services."
+  type        = string
+  default     = "us-south"
+}
+
+########################################################################################################################
+# IBM Cloud Activity Tracker Event Routing
+########################################################################################################################
+
+variable "default_targets" {
+  description = "The default target per account to configure where auditing events that are not explicitly managed in the accounts routing rules are routed."
+  type        = list(string)
+  default     = []
+}
+
+variable "metadata_region_primary" {
+  description = "The location in your IBM Cloud account where the Activity Tracker Event Routing account configuration metadata is stored. If you do not configure a metadata location before you create a target, the location where the first target is created is automatically configured as the metadata location."
+  type        = string
+  default     = null
+}
+
+variable "metadata_region_backup" {
+  description = "You can also configure a backup location where the metadata is stored for recovery purposes."
+  type        = string
+  default     = null
+}
+
+variable "permitted_target_regions" {
+  description = "The locations where an account administrator can configure targets to collect auditing events. You can choose any of the supported locations where Activity Tracker Event Routing is available - https://cloud.ibm.com/docs/atracker?topic=atracker-regions&interface=cli."
+  type        = list(string)
+  default     = []
+}
+
+variable "private_api_endpoint_only" {
+  description = "The type of endpoints that are allowed to manage the Activity Tracker Event Routing account configuration in the account. If you set this true then you cannot access api through public network."
+  type        = bool
+  default     = false
+}

solutions/event-routing-account-settings/version.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.9.0"
+  required_providers {
+    # Lock DA into an exact provider version - renovate automation will keep it updated
+    ibm = {
+      source  = "ibm-cloud/ibm"
+      version = "1.79.2"
+    }
+  }
+}

tests/pr_test.go

@@ -23,8 +23,10 @@ import (
 const resourceGroup = "geretain-test-resources"
 const yamlLocation = "../common-dev-assets/common-go-assets/common-permanent-resources.yaml"
 const fullyConfigurableTerraformDir = "solutions/fully-configurable"
+const AccountSettingsDADir = "solutions/event-routing-account-settings"
 
 var validRegions = []string{
+	"in-che",
 	"au-syd",
 	"br-sao",
 	"ca-tor",
@@ -199,3 +201,44 @@ func TestFullyConfigurableUpgradeInSchematics(t *testing.T) {
 		assert.Nil(t, err, "This should not have errored")
 	}
 }
+
+func TestRunAccountSettings(t *testing.T) {
+	t.Parallel()
+
+	region := validRegions[rand.Intn(len(validRegions))]
+	prefix := "er"
+
+	// Verify ibmcloud_api_key variable is set
+	checkVariable := "TF_VAR_ibmcloud_api_key"
+	val, present := os.LookupEnv(checkVariable)
+	require.True(t, present, checkVariable+" environment variable not set")
+	require.NotEqual(t, "", val, checkVariable+" environment variable is empty")
+
+	permitted_target_regions := []string{"in-che", "us-south", "eu-de", "us-east", "eu-es", "eu-gb", "au-syd", "br-sao", "ca-tor", "jp-tok", "jp-osa"}
+
+	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
+		Testing: t,
+		Region:  region,
+		Prefix:  prefix,
+		TarIncludePatterns: []string{
+			"*.tf",
+			"modules/metrics_routing" + "/*.tf",
+			AccountSettingsDADir + "/*.tf",
+		},
+		TemplateFolder:         AccountSettingsDADir,
+		Tags:                   []string{"er-da-test"},
+		DeleteWorkspaceOnFail:  false,
+		WaitJobCompleteMinutes: 60,
+	})
+
+	options.TerraformVars = []testschematic.TestSchematicTerraformVar{
+		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
+		{Name: "region", Value: region, DataType: "string"},
+		{Name: "metadata_region_primary", Value: "eu-de", DataType: "string"},
+		{Name: "metadata_region_backup", Value: "us-east", DataType: "string"}, // The `backup_metadata_region` should not be same as `primary_metadata_region` so hard-coded the region here
+		{Name: "permitted_target_regions", Value: permitted_target_regions, DataType: "list(string)"},
+	}
+
+	err := options.RunSchematicTest()
+	assert.Nil(t, err, "This should not have errored")
+}