Skip to content

fix: updated cloud log mapping #69

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 14 commits into from
Aug 13, 2025
Merged

fix: updated cloud log mapping #69

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
2c2f836
fix: updated cloud log mapping
Aug 7, 2025
eba81ff
Merge branch 'main' into issue_15457
Khuzaima05 Aug 8, 2025
f8b7cac
Merge branch 'main' into issue_15457
Khuzaima05 Aug 10, 2025
bee3e96
Merge branch 'main' into issue_15457
Khuzaima05 Aug 12, 2025
c0ed4e3
update version
Aug 12, 2025
5e6b0db
updated description
Aug 12, 2025
a57eadc
updated default value
Aug 12, 2025
b9c11d1
Merge branch 'main' into issue_15457
Khuzaima05 Aug 12, 2025
6709f2b
updated pr test
Aug 12, 2025
50f4817
remove account infra
Aug 13, 2025
50ec866
resolve review comments
Aug 13, 2025
bd4de4f
resolve review comments
Aug 13, 2025
54d079d
minor fixes
Aug 13, 2025
3dd4af9
resolve review comments
Aug 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
109 changes: 23 additions & 86 deletions ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,11 @@
"required": true
},
{
"key": "existing_resource_group_name"
"key": "existing_resource_group_name",
"type": "string",
"description": "The name of an existing resource group to provision the resources. If not provided the default resource group will be used.",
"virtual": true,
"default_value": "__NULL__"
},
{
"key": "region",
Expand Down Expand Up @@ -155,14 +159,6 @@
}
]
},
{
"key": "cloud_logs_instance_name",
"required": true,
"type": "string",
"description": "Name of the cloud logs instance to be created.",
"virtual": true,
"default_value": "__NOT_SET__"
},
{
"key": "existing_cloud_logs_instance_crn"
},
Expand Down Expand Up @@ -319,10 +315,8 @@
"name": "deploy-arch-ibm-cos",
"description": "Enable this to create an IBM Cloud Object Storage(COS) instance. The buckets to store events will be created by the Activity Tracker Event Routing deployable architecture.",
"id": "68921490-2778-4930-ac6d-bae7be6cd958-global",
"version": "v9.0.2",
"flavors": [
"instance"
],
"version": "v10.2.1",
"flavors": ["instance"],
"catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
"optional": true,
"on_by_default": true,
Expand All @@ -340,17 +334,19 @@
"dependency_input": "prefix",
"version_input": "prefix",
"reference_version": true
},
{
"version_input": "enable_activity_tracker_event_routing_to_cos_bucket",
"value": true
}
]
},
{
"name": "deploy-arch-ibm-kms",
"description": "Enable when you want to create your own managed keys to encrypt the buckets. Select only if existing KMS instance or Key is not provided. ",
"id": "2cad4789-fa90-4886-9c9e-857081c273ee-global",
"version": "v5.1.4",
"flavors": [
"fully-configurable"
],
"version": "v5.1.19",
"flavors": ["fully-configurable"],
"catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
"optional": true,
"on_by_default": true,
Expand All @@ -375,73 +371,16 @@
}
]
},
{
"name": "deploy-arch-ibm-account-infra-base",
"description": "Enable to create a resource groups by default where all the resources will be provisioned and, when you enable the “with Account Settings” option, it also applies baseline security and governance settings. When disabled, provide an existing resource group as input.",
"id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global",
"version": "v3.0.7",
"flavors": [
"resource-group-only",
"resource-groups-with-account-settings"
],
"default_flavor": "resource-group-only",
"catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
"optional": true,
"on_by_default": false,
"input_mapping": [
{
"dependency_input": "prefix",
"version_input": "prefix",
"reference_version": true
},
{
"dependency_output": "observability_resource_group_name",
"version_input": "existing_resource_group_name"
}
]
},
{
"name": "deploy-arch-ibm-cloud-logs",
"description": "Enable this to create an IBM Cloud Logs (ICL) Instance which can be used for storage and analysis of events ingested by Activity Tracker. ",
"catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
"flavors": [
"fully-configurable"
],
"flavors": ["fully-configurable"],
"id": "63d8ae58-fbf3-41ce-b844-0fb5b85882ab-global",
"version": "v1.5.6",
"version": "v1.6.11",
"optional": true,
"on_by_default": true,
"input_mapping": [
{
"dependency_input": "cloud_logs_instance_name",
"version_input": "cloud_logs_instance_name",
"reference_version": true
},
{
"dependency_input": "existing_cos_instance_crn",
"version_input": "existing_cos_instance_crn",
"reference_version": true
},
{
"dependency_input": "existing_monitoring_crn",
"version_input": "existing_monitoring_crn",
"reference_version": true
},
{
"dependency_input": "existing_kms_instance_crn",
"version_input": "existing_kms_instance_crn",
"reference_version": true
},
{
"dependency_input": "kms_encryption_enabled_buckets",
"version_input": "kms_encryption_enabled_buckets",
"reference_version": true
},
{
"dependency_input": "existing_kms_key_crn",
"version_input": "existing_cos_kms_key_crn",
"reference_version": true
},
{
"dependency_input": "prefix",
"version_input": "prefix",
Expand All @@ -455,17 +394,19 @@
{
"dependency_output": "cloud_logs_crn",
"version_input": "existing_cloud_logs_instance_crn"
},
{
"version_input": "enable_activity_tracker_event_routing_to_cloud_logs",
"value": true
}
]
},
{
"name": "deploy-arch-ibm-cloud-monitoring",
"description": "Enable IBM Cloud Monitoring to gain operational visibility into your cloud storage buckets. ",
"id": "73debdbf-894f-4c14-81c7-5ece3a70b67d-global",
"version": "v1.3.0",
"flavors": [
"fully-configurable"
],
"version": "v1.6.4",
"flavors": ["fully-configurable"],
"catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
"optional": true,
"on_by_default": true,
Expand Down Expand Up @@ -569,15 +510,11 @@
"iam_permissions": [
{
"service_name": "All account management services",
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Administrator"
]
"role_crns": ["crn:v1:bluemix:public:iam::::role:Administrator"]
},
{
"service_name": "atracker",
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Administrator"
]
"role_crns": ["crn:v1:bluemix:public:iam::::role:Administrator"]
}
],
"architecture": {
Expand Down
3 changes: 2 additions & 1 deletion solutions/fully-configurable/catalogValidationValues.json.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,6 @@
"region": "us-south",
"prefix": $PREFIX,
"existing_cos_instance_crn": $COS_INSTANCE_CRN,
"existing_resource_group_name": "geretain-test-resources"
"enable_activity_tracker_event_routing_to_cloud_logs": true,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ocofaigh If we have enabled it to true, wouldn't the catalog validation while publishing the tile will fail based on the validation we just added?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No we are creating ICL and COS in tests/resources/main.tf

"enable_activity_tracker_event_routing_to_cos_bucket": true
}
11 changes: 0 additions & 11 deletions solutions/fully-configurable/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,17 +76,6 @@ locals {

}

#######################################################################################################################
# Resource Group
#######################################################################################################################

module "resource_group" {
source = "terraform-ibm-modules/resource-group/ibm"
version = "1.3.0"
existing_resource_group_name = var.existing_resource_group_name
}


#######################################################################################################################
# Activity Tracker
#######################################################################################################################
Expand Down
40 changes: 24 additions & 16 deletions solutions/fully-configurable/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,14 +22,6 @@ variable "ibmcloud_kms_api_key" {
default = null
}


variable "existing_resource_group_name" {
type = string
description = "The name of an existing resource group to provision the resources. If not provided the default resource group will be used."
default = null
}


variable "region" {
type = string
description = "The region to provision all resources in. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/region) about how to select different regions for different services."
Expand Down Expand Up @@ -84,7 +76,7 @@ variable "existing_cloud_logs_instance_crn" {
type = string
nullable = true
default = null
description = "The CRN of an existing Cloud logs instance."
description = "The CRN of an existing Cloud Logs instance. This value is required and cannot be null if `enable_activity_tracker_event_routing_to_cloud_logs` is set to true."
}


Expand All @@ -94,14 +86,30 @@ variable "existing_cloud_logs_instance_crn" {

variable "enable_activity_tracker_event_routing_to_cos_bucket" {
type = bool
description = "Whether to enable event routing from Activity Tracker to the Object Storage bucket."
default = true
description = "When set to `true`, you must provide a value for `existing_cos_instance_crn` to enable event routing from Activity Tracker to a Object Storage bucket."
default = false

validation {
condition = var.enable_activity_tracker_event_routing_to_cos_bucket ? var.existing_cos_instance_crn != null : true
error_message = "If 'enable_activity_tracker_event_routing_to_cos_bucket' is set to true, you must provide a value for 'existing_cos_instance_crn'."
}

validation {
condition = var.enable_activity_tracker_event_routing_to_cos_bucket || var.enable_activity_tracker_event_routing_to_cloud_logs
error_message = "At least one of 'enable_activity_tracker_event_routing_to_cos_bucket' or 'enable_activity_tracker_event_routing_to_cloud_logs' must be true to route audit events to COS bucket or Cloud Logs instance."
}

}

variable "enable_activity_tracker_event_routing_to_cloud_logs" {
type = bool
description = "Whether to enable event routing from Activity Tracker to Cloud Logs instance."
default = true
description = "When set to `true`, you must provide a value for `existing_cloud_logs_instance_crn` to enable event routing from Activity Tracker to a Cloud Logs instance."
default = false

validation {
condition = var.enable_activity_tracker_event_routing_to_cloud_logs ? var.existing_cloud_logs_instance_crn != null : true
error_message = "If 'enable_activity_tracker_event_routing_to_cloud_logs' is set to true, you must provide a value for 'existing_cloud_logs_instance_crn'."
}
}

variable "cos_target_name" {
Expand Down Expand Up @@ -182,11 +190,11 @@ variable "activity_tracker_cos_target_bucket_class" {
}
}


variable "existing_cos_instance_crn" {
type = string
description = "The CRN of an existing Cloud Object Storage instance."
nullable = false
nullable = true
default = null
description = "The CRN of an existing Cloud Object Storage instance. This value is required and cannot be null if `enable_activity_tracker_event_routing_to_cos_bucket` is set to true."
}


Expand Down
6 changes: 4 additions & 2 deletions tests/pr_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,10 +135,11 @@ func TestFullyConfigurableInSchematics(t *testing.T) {
}()
options.TerraformVars = []testschematic.TestSchematicTerraformVar{
{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
{Name: "existing_resource_group_name", Value: "Default", DataType: "string"},
{Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"},
{Name: "existing_cos_instance_crn", Value: permanentResources["general_test_storage_cos_instance_crn"], DataType: "string"},
{Name: "existing_cloud_logs_instance_crn", Value: terraform.Output(t, existingTerraformOptions, "icl_crn"), DataType: "string"},
{Name: "enable_activity_tracker_event_routing_to_cloud_logs", Value: true, DataType: "bool"},
{Name: "enable_activity_tracker_event_routing_to_cos_bucket", Value: true, DataType: "bool"},
{Name: "kms_encryption_enabled_buckets", Value: true, DataType: "bool"},
{Name: "prefix", Value: options.Prefix, DataType: "string"},
{Name: "region", Value: options.Region, DataType: "string"},
Expand Down Expand Up @@ -193,10 +194,11 @@ func TestFullyConfigurableUpgradeInSchematics(t *testing.T) {

options.TerraformVars = []testschematic.TestSchematicTerraformVar{
{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
{Name: "existing_resource_group_name", Value: "Default", DataType: "string"},
{Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"},
{Name: "existing_cos_instance_crn", Value: permanentResources["general_test_storage_cos_instance_crn"], DataType: "string"},
{Name: "existing_cloud_logs_instance_crn", Value: terraform.Output(t, existingTerraformOptions, "icl_crn"), DataType: "string"},
{Name: "enable_activity_tracker_event_routing_to_cloud_logs", Value: true, DataType: "bool"},
{Name: "enable_activity_tracker_event_routing_to_cos_bucket", Value: true, DataType: "bool"},
{Name: "kms_encryption_enabled_buckets", Value: true, DataType: "bool"},
{Name: "prefix", Value: options.Prefix, DataType: "string"},
{Name: "region", Value: options.Region, DataType: "string"},
Expand Down