feat: Enable addons for DA and improve DA User experience<br>- update reference architecture diagram to include Observability as its surroundings<br>- update catalog content and the required IAM permissions<br>- update input variable descriptions and some supporting doc updates<br>* added support of region ca-mon and update tests<br>* Renamed input varaible app_config_cbr_rules -> cbr_rules (#254)

* refactor: Improve User experience

* update iam permissions

* update iam permissions

* PR changes

* Update notes for catalog

* Update depends on

* Update virtual variables

* update description

* update description

* restore workaround

* restore Observability

* restore Observability

* PR changes

* new region

* PR changes

* PR changes

Author: mukulpalit-ibm

README.md

@@ -117,7 +117,7 @@ For more information on access and permissions, see <https://cloud.ibm.com/docs/
 | <a name="input_config_aggregator_resource_collection_regions"></a> [config\_aggregator\_resource\_collection\_regions](#input\_config\_aggregator\_resource\_collection\_regions) | From which region do you want to collect configuration data? Only applies if `enable_config_aggregator` is set to true. | `list(string)` | <pre>[<br/>  "all"<br/>]</pre> | no |
 | <a name="input_config_aggregator_trusted_profile_name"></a> [config\_aggregator\_trusted\_profile\_name](#input\_config\_aggregator\_trusted\_profile\_name) | The name to give the trusted profile that will be created if `enable_config_aggregator` is set to `true`. | `string` | `"config-aggregator-trusted-profile"` | no |
 | <a name="input_enable_config_aggregator"></a> [enable\_config\_aggregator](#input\_enable\_config\_aggregator) | Set to true to enable configuration aggregator. By setting to true a trusted profile will be created with the required access to record configuration data from all resources across regions in your account. [Learn more](https://cloud.ibm.com/docs/app-configuration?topic=app-configuration-ac-configuration-aggregator). | `bool` | `false` | no |
-| <a name="input_region"></a> [region](#input\_region) | The region to provision the App Configuration service, valid regions are au-syd, jp-osa, jp-tok, eu-de, eu-gb, eu-es, us-east, us-south, ca-tor, br-sao, eu-fr2. | `string` | `"us-south"` | no |
+| <a name="input_region"></a> [region](#input\_region) | The region to provision the App Configuration service, valid regions are au-syd, jp-osa, jp-tok, eu-de, eu-gb, eu-es, us-east, us-south, ca-tor, br-sao, eu-fr2, ca-mon. | `string` | `"us-south"` | no |
 | <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where resources will be provisioned. | `string` | n/a | yes |
 
 ### Outputs

ibm_catalog.json

@@ -1,12 +1,12 @@
 # Configuring context-based restrictions (CBRs)
 
-The `app_config_cbr_rules` input variable allows you to provide a rule for the target service to enforce access restrictions for the service based on the context of access requests. Contexts are criteria that include the network location of access requests, the endpoint type from where the request is sent, etc.
+The `cbr_rules` input variable allows you to provide a rule for the target service to enforce access restrictions for the service based on the context of access requests. Contexts are criteria that include the network location of access requests, the endpoint type from where the request is sent, etc.
 
-- Variable name: `app_config_cbr_rules`.
+- Variable name: `cbr_rules`.
 - Type: A list of objects. Allows only one object representing a rule for the target service
 - Default value: An empty list (`[]`).
 
-### Options for app_config_cbr_rules
+### Options for cbr_rules
 
   - `description` (required): The description of the rule to create.
   - `account_id` (required): The IBM Cloud Account ID
@@ -28,8 +28,8 @@ The `app_config_cbr_rules` input variable allows you to provide a rule for the t
 [
   {
     description      = "Restrict access to App Config from trusted network"
-    account_id       = "<AccountID>"
-    enforcement_mode = "enabled"
+    account_id       = "<REPLACE ME>"
+    enforcement_mode = "report"
     tags = [
       {
         name  = "env"
@@ -41,7 +41,7 @@ The `app_config_cbr_rules` input variable allows you to provide a rule for the t
         attributes = [
           {
             name  = "networkZoneId"
-            value = "<NetworkZoneID>"
+            value = "<REPLACE ME>"
           },
           {
             "name" : "endpointType",

reference-architecture/app_configuration.svg

@@ -1,11 +1,3 @@
-# Cloud automation for App Configuration
-
-[![Catalog release](https://img.shields.io/badge/release-IBM%20Cloud%20Catalog-3662FF?logo=ibm)](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-apprapp-045c1169-d15a-4046-ae81-aa3d3348421f-global)
-
-This solution supports provisioning and configuring the following infrastructure:
-
-- App Config instance and collections
-- Optional context-based restrictions (CBR)
-- Configuration aggregator
+# Cloud automation for App Configuration (Fully configurable)
 
 :exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).

solutions/fully-configurable/DA-cbr_rules.md

@@ -31,5 +31,5 @@ module "app_config" {
   config_aggregator_enterprise_trusted_profile_template_name = "${local.prefix}${var.config_aggregator_enterprise_trusted_profile_template_name}"
   config_aggregator_enterprise_account_group_ids_to_assign   = var.config_aggregator_enterprise_account_group_ids_to_assign
   config_aggregator_enterprise_account_ids_to_assign         = var.config_aggregator_enterprise_account_ids_to_assign
-  cbr_rules                                                  = var.app_config_cbr_rules
+  cbr_rules                                                  = var.cbr_rules
 }

solutions/fully-configurable/DA-prefix.md

@@ -1,5 +1,6 @@
 provider "ibm" {
-  ibmcloud_api_key = var.ibmcloud_api_key
-  region           = var.region
-  visibility       = var.provider_visibility
+  ibmcloud_api_key      = var.ibmcloud_api_key
+  region                = var.region
+  visibility            = var.provider_visibility
+  private_endpoint_type = (var.provider_visibility == "private" && var.region == "ca-mon") ? "vpe" : null
 }

solutions/fully-configurable/README.md

@@ -29,7 +29,7 @@ variable "existing_resource_group_name" {
 variable "prefix" {
   type        = string
   nullable    = true
-  description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-us-south. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/tree/main/solutions/fully-configurable/DA-prefix.md)."
+  description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-us-south. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."
 
   validation {
     # - null and empty string is allowed
@@ -49,7 +49,7 @@ variable "prefix" {
 
 variable "region" {
   type        = string
-  description = "The region to provision resources to."
+  description = "The region to provision all resources in. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/region) about how to select different regions for different services."
   default     = "us-south"
   nullable    = false
 }
@@ -61,14 +61,14 @@ variable "region" {
 
 variable "app_config_name" {
   type        = string
-  description = "Name for the App Configuration service instance"
+  description = "Name for the App Configuration service instance."
   default     = "app-config"
   nullable    = false
 }
 
 variable "app_config_plan" {
   type        = string
-  description = "Plan for the App Configuration service instance"
+  description = "Plan for the App Configuration service instance."
   default     = "standardv2"
   nullable    = false
 }
@@ -196,7 +196,7 @@ variable "config_aggregator_enterprise_account_ids_to_assign" {
 # Context-based restriction (CBR)
 ##############################################################
 
-variable "app_config_cbr_rules" {
+variable "cbr_rules" {
   type = list(object({
     description = string
     account_id  = string

solutions/fully-configurable/main.tf

@@ -30,6 +30,8 @@ var validRegions = []string{
 	"us-south",
 	"ca-tor",
 	"br-sao",
+	"eu-fr2",
+	"ca-mon",
 }
 
 func setupOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptions {