diff --git a/ibm_catalog.json b/ibm_catalog.json index e25a56d7..c8ea6e67 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -111,7 +111,11 @@ "required": true }, { - "key": "existing_resource_group_name" + "key": "existing_resource_group_name", + "type": "string", + "description": "The name of an existing resource group to provision the resources. If not provided the default resource group will be used.", + "virtual": true, + "default_value": "__NULL__" }, { "key": "region", @@ -155,14 +159,6 @@ } ] }, - { - "key": "cloud_logs_instance_name", - "required": true, - "type": "string", - "description": "Name of the cloud logs instance to be created.", - "virtual": true, - "default_value": "__NOT_SET__" - }, { "key": "existing_cloud_logs_instance_crn" }, @@ -319,10 +315,8 @@ "name": "deploy-arch-ibm-cos", "description": "Enable this to create an IBM Cloud Object Storage(COS) instance. The buckets to store events will be created by the Activity Tracker Event Routing deployable architecture.", "id": "68921490-2778-4930-ac6d-bae7be6cd958-global", - "version": "v9.0.2", - "flavors": [ - "instance" - ], + "version": "v10.2.1", + "flavors": ["instance"], "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "optional": true, "on_by_default": true, @@ -340,6 +334,10 @@ "dependency_input": "prefix", "version_input": "prefix", "reference_version": true + }, + { + "version_input": "enable_activity_tracker_event_routing_to_cos_bucket", + "value": true } ] }, @@ -347,10 +345,8 @@ "name": "deploy-arch-ibm-kms", "description": "Enable when you want to create your own managed keys to encrypt the buckets. Select only if existing KMS instance or Key is not provided. ", "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", - "version": "v5.1.4", - "flavors": [ - "fully-configurable" - ], + "version": "v5.1.19", + "flavors": ["fully-configurable"], "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "optional": true, "on_by_default": true, @@ -375,73 +371,16 @@ } ] }, - { - "name": "deploy-arch-ibm-account-infra-base", - "description": "Enable to create a resource groups by default where all the resources will be provisioned and, when you enable the “with Account Settings” option, it also applies baseline security and governance settings. When disabled, provide an existing resource group as input.", - "id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global", - "version": "v3.0.7", - "flavors": [ - "resource-group-only", - "resource-groups-with-account-settings" - ], - "default_flavor": "resource-group-only", - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "optional": true, - "on_by_default": false, - "input_mapping": [ - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_output": "observability_resource_group_name", - "version_input": "existing_resource_group_name" - } - ] - }, { "name": "deploy-arch-ibm-cloud-logs", "description": "Enable this to create an IBM Cloud Logs (ICL) Instance which can be used for storage and analysis of events ingested by Activity Tracker. ", "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "flavors": [ - "fully-configurable" - ], + "flavors": ["fully-configurable"], "id": "63d8ae58-fbf3-41ce-b844-0fb5b85882ab-global", - "version": "v1.5.6", + "version": "v1.6.11", "optional": true, "on_by_default": true, "input_mapping": [ - { - "dependency_input": "cloud_logs_instance_name", - "version_input": "cloud_logs_instance_name", - "reference_version": true - }, - { - "dependency_input": "existing_cos_instance_crn", - "version_input": "existing_cos_instance_crn", - "reference_version": true - }, - { - "dependency_input": "existing_monitoring_crn", - "version_input": "existing_monitoring_crn", - "reference_version": true - }, - { - "dependency_input": "existing_kms_instance_crn", - "version_input": "existing_kms_instance_crn", - "reference_version": true - }, - { - "dependency_input": "kms_encryption_enabled_buckets", - "version_input": "kms_encryption_enabled_buckets", - "reference_version": true - }, - { - "dependency_input": "existing_kms_key_crn", - "version_input": "existing_cos_kms_key_crn", - "reference_version": true - }, { "dependency_input": "prefix", "version_input": "prefix", @@ -455,6 +394,10 @@ { "dependency_output": "cloud_logs_crn", "version_input": "existing_cloud_logs_instance_crn" + }, + { + "version_input": "enable_activity_tracker_event_routing_to_cloud_logs", + "value": true } ] }, @@ -462,10 +405,8 @@ "name": "deploy-arch-ibm-cloud-monitoring", "description": "Enable IBM Cloud Monitoring to gain operational visibility into your cloud storage buckets. ", "id": "73debdbf-894f-4c14-81c7-5ece3a70b67d-global", - "version": "v1.3.0", - "flavors": [ - "fully-configurable" - ], + "version": "v1.6.4", + "flavors": ["fully-configurable"], "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "optional": true, "on_by_default": true, @@ -569,15 +510,11 @@ "iam_permissions": [ { "service_name": "All account management services", - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator" - ] + "role_crns": ["crn:v1:bluemix:public:iam::::role:Administrator"] }, { "service_name": "atracker", - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator" - ] + "role_crns": ["crn:v1:bluemix:public:iam::::role:Administrator"] } ], "architecture": { diff --git a/solutions/fully-configurable/catalogValidationValues.json.template b/solutions/fully-configurable/catalogValidationValues.json.template index 67ee17ba..abfa62e7 100644 --- a/solutions/fully-configurable/catalogValidationValues.json.template +++ b/solutions/fully-configurable/catalogValidationValues.json.template @@ -5,5 +5,6 @@ "region": "us-south", "prefix": $PREFIX, "existing_cos_instance_crn": $COS_INSTANCE_CRN, - "existing_resource_group_name": "geretain-test-resources" + "enable_activity_tracker_event_routing_to_cloud_logs": true, + "enable_activity_tracker_event_routing_to_cos_bucket": true } diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index ba7e3012..04a14db8 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -76,17 +76,6 @@ locals { } -####################################################################################################################### -# Resource Group -####################################################################################################################### - -module "resource_group" { - source = "terraform-ibm-modules/resource-group/ibm" - version = "1.3.0" - existing_resource_group_name = var.existing_resource_group_name -} - - ####################################################################################################################### # Activity Tracker ####################################################################################################################### diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index c1e18572..ce04a551 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -22,14 +22,6 @@ variable "ibmcloud_kms_api_key" { default = null } - -variable "existing_resource_group_name" { - type = string - description = "The name of an existing resource group to provision the resources. If not provided the default resource group will be used." - default = null -} - - variable "region" { type = string description = "The region to provision all resources in. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/region) about how to select different regions for different services." @@ -84,7 +76,7 @@ variable "existing_cloud_logs_instance_crn" { type = string nullable = true default = null - description = "The CRN of an existing Cloud logs instance." + description = "The CRN of an existing Cloud Logs instance. This value is required and cannot be null if `enable_activity_tracker_event_routing_to_cloud_logs` is set to true." } @@ -94,14 +86,30 @@ variable "existing_cloud_logs_instance_crn" { variable "enable_activity_tracker_event_routing_to_cos_bucket" { type = bool - description = "Whether to enable event routing from Activity Tracker to the Object Storage bucket." - default = true + description = "When set to `true`, you must provide a value for `existing_cos_instance_crn` to enable event routing from Activity Tracker to a Object Storage bucket." + default = false + + validation { + condition = var.enable_activity_tracker_event_routing_to_cos_bucket ? var.existing_cos_instance_crn != null : true + error_message = "If 'enable_activity_tracker_event_routing_to_cos_bucket' is set to true, you must provide a value for 'existing_cos_instance_crn'." + } + + validation { + condition = var.enable_activity_tracker_event_routing_to_cos_bucket || var.enable_activity_tracker_event_routing_to_cloud_logs + error_message = "At least one of 'enable_activity_tracker_event_routing_to_cos_bucket' or 'enable_activity_tracker_event_routing_to_cloud_logs' must be true to route audit events to COS bucket or Cloud Logs instance." + } + } variable "enable_activity_tracker_event_routing_to_cloud_logs" { type = bool - description = "Whether to enable event routing from Activity Tracker to Cloud Logs instance." - default = true + description = "When set to `true`, you must provide a value for `existing_cloud_logs_instance_crn` to enable event routing from Activity Tracker to a Cloud Logs instance." + default = false + + validation { + condition = var.enable_activity_tracker_event_routing_to_cloud_logs ? var.existing_cloud_logs_instance_crn != null : true + error_message = "If 'enable_activity_tracker_event_routing_to_cloud_logs' is set to true, you must provide a value for 'existing_cloud_logs_instance_crn'." + } } variable "cos_target_name" { @@ -182,11 +190,11 @@ variable "activity_tracker_cos_target_bucket_class" { } } - variable "existing_cos_instance_crn" { type = string - description = "The CRN of an existing Cloud Object Storage instance." - nullable = false + nullable = true + default = null + description = "The CRN of an existing Cloud Object Storage instance. This value is required and cannot be null if `enable_activity_tracker_event_routing_to_cos_bucket` is set to true." } diff --git a/tests/pr_test.go b/tests/pr_test.go index 51963948..b8645102 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -135,10 +135,11 @@ func TestFullyConfigurableInSchematics(t *testing.T) { }() options.TerraformVars = []testschematic.TestSchematicTerraformVar{ {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, - {Name: "existing_resource_group_name", Value: "Default", DataType: "string"}, {Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"}, {Name: "existing_cos_instance_crn", Value: permanentResources["general_test_storage_cos_instance_crn"], DataType: "string"}, {Name: "existing_cloud_logs_instance_crn", Value: terraform.Output(t, existingTerraformOptions, "icl_crn"), DataType: "string"}, + {Name: "enable_activity_tracker_event_routing_to_cloud_logs", Value: true, DataType: "bool"}, + {Name: "enable_activity_tracker_event_routing_to_cos_bucket", Value: true, DataType: "bool"}, {Name: "kms_encryption_enabled_buckets", Value: true, DataType: "bool"}, {Name: "prefix", Value: options.Prefix, DataType: "string"}, {Name: "region", Value: options.Region, DataType: "string"}, @@ -193,10 +194,11 @@ func TestFullyConfigurableUpgradeInSchematics(t *testing.T) { options.TerraformVars = []testschematic.TestSchematicTerraformVar{ {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, - {Name: "existing_resource_group_name", Value: "Default", DataType: "string"}, {Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"}, {Name: "existing_cos_instance_crn", Value: permanentResources["general_test_storage_cos_instance_crn"], DataType: "string"}, {Name: "existing_cloud_logs_instance_crn", Value: terraform.Output(t, existingTerraformOptions, "icl_crn"), DataType: "string"}, + {Name: "enable_activity_tracker_event_routing_to_cloud_logs", Value: true, DataType: "bool"}, + {Name: "enable_activity_tracker_event_routing_to_cos_bucket", Value: true, DataType: "bool"}, {Name: "kms_encryption_enabled_buckets", Value: true, DataType: "bool"}, {Name: "prefix", Value: options.Prefix, DataType: "string"}, {Name: "region", Value: options.Region, DataType: "string"},