Skip to content

Add Event routing account settings variation #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 19 commits into from
Jul 25, 2025
Merged

Add Event routing account settings variation #48

Show file tree
Hide file tree
Changes from 15 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
aa0a7aa
Add Event routing account settings DA
Jul 7, 2025
c035e88
update variables.tf
Jul 7, 2025
75749be
Updated permissions,description,diagram
Jul 9, 2025
0de1b3a
Merge branch 'main' into account-routing
arya-girish-k Jul 20, 2025
bdbd83d
Addressed Review Comments
Jul 21, 2025
80534db
fix: Update name
Jul 21, 2025
a64925b
fix: Update provider version
Jul 21, 2025
b852656
Added some files
Jul 22, 2025
043c06a
Addressed review comments
Jul 23, 2025
fe20a45
update catalog
Jul 23, 2025
3168e77
Merge branch 'main' into account-routing
arya-girish-k Jul 23, 2025
8ddb8a8
update catalog
Jul 23, 2025
767b2a1
Merge branch 'main' into account-routing
arya-girish-k Jul 23, 2025
a46ff55
Merge branch 'main' into account-routing
arya-girish-k Jul 24, 2025
c4d711f
Hardcoded region
Jul 24, 2025
cee2482
Update ibm_catalog.json
arya-girish-k Jul 24, 2025
398d97c
Addressed Review Comments
Jul 24, 2025
812cb3c
Updated catalog
Jul 24, 2025
b11f762
update test
Jul 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .catalog-onboard-pipeline.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,6 @@ offerings:
scc:
instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
region: us-south
- name: event-routing-account-settings
mark_ready: true
install_type: fullstack
93 changes: 92 additions & 1 deletion ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -493,7 +493,7 @@
"features": [
{
"title": " ",
"description": "Configured to use IBM secure by default standards, but can be edited to fit your use case."
"description": "Configuring IBM Cloud Activity Tracker Event Routing target to an object storage bucket and cloud logs instance."
}
],
"diagrams": [
Expand All @@ -507,6 +507,97 @@
}
]
}
},
{
"label": "Event Routing account settings",
"name": "event-routing-account-settings",
"index": 2,
"install_type": "fullstack",
"working_directory": "solutions/event-routing-account-settings",
"configuration": [
{
"key": "ibmcloud_api_key"
},
{
"key": "default_targets",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"config_constraints": {
"type": "string"
}
}
},
{
"key": "metadata_region_primary"
},
{
"key": "metadata_region_backup"
},
{
"key": "permitted_target_regions",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"config_constraints": {
"type": "string"
}
}
},
{
"key": "private_api_endpoint_only"
},
{
"key": "provider_visibility",
"hidden": true,
"options": [
{
"displayname": "private",
"value": "private"
},
{
"displayname": "public",
"value": "public"
},
{
"displayname": "public-and-private",
"value": "public-and-private"
}
]
}
],
"iam_permissions": [
{
"service_name": "All account management services",
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Administrator"
]
},
{
"service_name": "atracker",
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Administrator"
]
}
],
"architecture": {
"features": [
{
"title": " ",
"description": "Configures account settings for Activity Tracker Event Routing."
}
],
"diagrams": [
{
"diagram": {
"caption": "Event Routing Account Settings",
"url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-activity-tracker/main/reference-architecture/deployable-architecture-account-settings.svg",
"type": "image/svg+xml"
},
"description": "This architecture supports configuring the Activity Tracker Event Routing Account Settings."
}
]
}
}
]
}
Expand Down
4 changes: 4 additions & 0 deletions reference-architecture/deployable-architecture-account-settings.svg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
3 changes: 3 additions & 0 deletions solutions/event-routing-account-settings/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Cloud automation for Cloud Monitoring (Event Routing Account Settings)

:exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).
3 changes: 3 additions & 0 deletions solutions/event-routing-account-settings/catalogValidationValues.json.template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"ibmcloud_api_key": $VALIDATION_APIKEY"
Copy link
Contributor

@ocofaigh ocofaigh Jul 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missed this typo - fixed in #60

}
15 changes: 15 additions & 0 deletions solutions/event-routing-account-settings/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
#######################################################################################################################
# IBM Cloud Activity Tracker Event Routing
#######################################################################################################################

module "account_routing_settings" {
source = "../.."

global_event_routing_settings = {
default_targets = var.default_targets
metadata_region_primary = var.metadata_region_primary
metadata_region_backup = var.metadata_region_backup
permitted_target_regions = var.permitted_target_regions
private_api_endpoint_only = var.private_api_endpoint_only
}
}
3 changes: 3 additions & 0 deletions solutions/event-routing-account-settings/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
##############################################################################
# Outputs
##############################################################################
4 changes: 4 additions & 0 deletions solutions/event-routing-account-settings/provider.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
visibility = var.provider_visibility
}
57 changes: 57 additions & 0 deletions solutions/event-routing-account-settings/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
########################################################################################################################
# Common variables
########################################################################################################################

variable "ibmcloud_api_key" {
type = string
description = "The IBM Cloud API key with access to configure Activity Tracker Event Routing account settings."
sensitive = true
}

variable "provider_visibility" {
description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)."
type = string
default = "private"

validation {
condition = contains(["public", "private", "public-and-private"], var.provider_visibility)
error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'."
}
}
########################################################################################################################
# IBM Cloud Activity Tracker Event Routing
########################################################################################################################

variable "default_targets" {
description = "Where activity events that are not explicitly managed in the account's routing rules are routed.You can define up to 2 default targets per account. Consider defining a second default target when you want to collect the data in a backup location."
type = list(string)
default = []
}

variable "metadata_region_primary" {
description = "Storage location for target, route, and settings metadata in your IBM Cloud account. To store all configuration metadata in a single region, set this value explicitly."
type = string
default = "us-south"
}

variable "metadata_region_backup" {
description = "You can also configure a backup location where the metadata is stored for recovery purposes. The `metadata_region_backup` can't be the same as `metadata_region_primary`."
type = string
default = null
validation {
error_message = "`metadata_region_backup` cannot be the same as `metadata_region_primary`."
condition = var.metadata_region_backup == null || var.metadata_region_primary != var.metadata_region_backup
}
}

variable "permitted_target_regions" {
description = "Control where targets collecting audit events can be located. To allow targets in any region (i.e., No restrictions), configure this field as an empty list `[]`."
type = list(string)
default = []
}

variable "private_api_endpoint_only" {
description = "Public endpoints can be disabled for managing Activity Tracker Event Routing configuration via the CLI or REST API. When public endpoints are disabled, the Activity Tracker Event Routing UI will be inaccessible."
type = bool
default = false
}
10 changes: 10 additions & 0 deletions solutions/event-routing-account-settings/version.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
terraform {
required_version = ">= 1.9.0"
required_providers {
# Lock DA into an exact provider version - renovate automation will keep it updated
ibm = {
source = "ibm-cloud/ibm"
version = "1.80.4"
}
}
}
44 changes: 42 additions & 2 deletions tests/pr_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,10 @@ import (
const resourceGroup = "geretain-test-resources"
const yamlLocation = "../common-dev-assets/common-go-assets/common-permanent-resources.yaml"
const fullyConfigurableTerraformDir = "solutions/fully-configurable"
const AccountSettingsDADir = "solutions/event-routing-account-settings"

var validRegions = []string{
"in-che",
"au-syd",
"br-sao",
"ca-tor",
Expand Down Expand Up @@ -91,6 +93,7 @@ func TestFullyConfigurableInSchematics(t *testing.T) {
options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
Testing: t,
Prefix: "at-fc",
Region: "eu-de", // Hardcoding region to avoid jp-osa, as jp-osa does not support COS association with HPCS.
TarIncludePatterns: []string{
"*.tf",
fullyConfigurableTerraformDir + "/*.tf",
Expand Down Expand Up @@ -134,7 +137,7 @@ func TestFullyConfigurableInSchematics(t *testing.T) {
{Name: "existing_cloud_logs_instance_crn", Value: terraform.Output(t, existingTerraformOptions, "icl_crn"), DataType: "string"},
{Name: "kms_encryption_enabled_buckets", Value: true, DataType: "bool"},
{Name: "prefix", Value: options.Prefix, DataType: "string"},
{Name: "region", Value: validRegions[rand.Intn(len(validRegions))], DataType: "string"},
{Name: "region", Value: options.Region, DataType: "string"},
}

err = options.RunSchematicTest()
Expand All @@ -147,6 +150,7 @@ func TestFullyConfigurableUpgradeInSchematics(t *testing.T) {
options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
Testing: t,
Prefix: "at-fc-upg",
Region: "eu-de", // Hardcoding region to avoid jp-osa, as jp-osa does not support COS association with HPCS.
TarIncludePatterns: []string{
"*.tf",
fullyConfigurableTerraformDir + "/*.tf",
Expand Down Expand Up @@ -191,11 +195,47 @@ func TestFullyConfigurableUpgradeInSchematics(t *testing.T) {
{Name: "existing_cloud_logs_instance_crn", Value: terraform.Output(t, existingTerraformOptions, "icl_crn"), DataType: "string"},
{Name: "kms_encryption_enabled_buckets", Value: true, DataType: "bool"},
{Name: "prefix", Value: options.Prefix, DataType: "string"},
{Name: "region", Value: validRegions[rand.Intn(len(validRegions))], DataType: "string"},
{Name: "region", Value: options.Region, DataType: "string"},
}

err = options.RunSchematicUpgradeTest()
if !options.UpgradeTestSkipped {
assert.Nil(t, err, "This should not have errored")
}
}

func TestRunAccountSettings(t *testing.T) {
t.Parallel()

region := validRegions[rand.Intn(len(validRegions))]
prefix := "er"

// Verify ibmcloud_api_key variable is set
checkVariable := "TF_VAR_ibmcloud_api_key"
val, present := os.LookupEnv(checkVariable)
require.True(t, present, checkVariable+" environment variable not set")
require.NotEqual(t, "", val, checkVariable+" environment variable is empty")

options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
Testing: t,
Region: region,
Prefix: prefix,
TarIncludePatterns: []string{
"*.tf",
"modules/metrics_routing" + "/*.tf",
AccountSettingsDADir + "/*.tf",
},
TemplateFolder: AccountSettingsDADir,
Tags: []string{"er-da-test"},
DeleteWorkspaceOnFail: false,
WaitJobCompleteMinutes: 60,
})

options.TerraformVars = []testschematic.TestSchematicTerraformVar{
{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
{Name: "metadata_region_primary", Value: "eu-de", DataType: "string"},
}

err := options.RunSchematicTest()
assert.Nil(t, err, "This should not have errored")
}