From ce25f517d472cbcf6b7151406f9c1ed21f5c296d Mon Sep 17 00:00:00 2001
From: Aayush-Abhyarthi <Aayush.Abhyarthi@ibm.com>
Date: Fri, 20 Sep 2024 15:40:03 +0530
Subject: [PATCH 1/6] add: cbr support

---
 README.md                 |  5 +++-
 examples/basic/version.tf |  2 +-
 examples/complete/main.tf | 55 +++++++++++++++++++++++++++++++++++++++
 main.tf                   | 32 +++++++++++++++++++++++
 variables.tf              | 24 +++++++++++++++++
 5 files changed, 116 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index e896dd2..82ad52e 100644
--- a/README.md
+++ b/README.md
@@ -83,7 +83,9 @@ For more information on access and permissions, see <https://cloud.ibm.com/docs/
 
 ### Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_cbr_rule"></a> [cbr\_rule](#module\_cbr\_rule) | terraform-ibm-modules/cbr/ibm//modules/cbr-rule-module | 1.24.0 |
 
 ### Resources
 
@@ -101,6 +103,7 @@ No modules.
 | <a name="input_app_config_plan"></a> [app\_config\_plan](#input\_app\_config\_plan) | Plan for the App Configuration service instance, valid plans are lite, standardv2, and enterprise. | `string` | `"lite"` | no |
 | <a name="input_app_config_service_endpoints"></a> [app\_config\_service\_endpoints](#input\_app\_config\_service\_endpoints) | Service Endpoints for the App Configuration service instance, valid endpoints are public or public-and-private. | `string` | `"public-and-private"` | no |
 | <a name="input_app_config_tags"></a> [app\_config\_tags](#input\_app\_config\_tags) | Optional list of tags to be added to the App Config instance. | `list(string)` | `[]` | no |
+| <a name="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules) | The list of context-based restriction rules to create. | <pre>list(object({<br>    description = string<br>    account_id  = string<br>    tags = optional(list(object({<br>      name  = string<br>      value = string<br>    })), [])<br>    rule_contexts = list(object({<br>      attributes = optional(list(object({<br>        name  = string<br>        value = string<br>    }))) }))<br>    enforcement_mode = string<br>  }))</pre> | `[]` | no |
 | <a name="input_region"></a> [region](#input\_region) | The region to provision the App Configuration service, valid regions are us-south, us-east, eu-gb, and au-syd. | `string` | `"us-south"` | no |
 | <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where resources will be provisioned. | `string` | n/a | yes |
 
diff --git a/examples/basic/version.tf b/examples/basic/version.tf
index 2b99b89..696ad48 100644
--- a/examples/basic/version.tf
+++ b/examples/basic/version.tf
@@ -6,7 +6,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.49.0"
+      version = "1.65.0"
     }
   }
 }
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 9f24124..7a2cdf7 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -14,6 +14,36 @@ module "resource_group" {
   existing_resource_group_name = var.resource_group
 }
 
+##############################################################################
+# Get Cloud Account ID
+##############################################################################
+
+data "ibm_iam_account_settings" "iam_account_settings" {
+}
+
+##############################################################################
+# VPC
+##############################################################################
+resource "ibm_is_vpc" "example_vpc" {
+  name           = "${var.prefix}-vpc"
+  resource_group = module.resource_group.resource_group_id
+  tags           = var.resource_tags
+}
+
+##############################################################################
+# Create CBR Zone
+##############################################################################
+module "cbr_zone" {
+  source           = "git::https://github.com/terraform-ibm-modules/terraform-ibm-cbr//cbr-zone-module?ref=v1.2.0"
+  name             = "${var.prefix}-VPC-network-zone"
+  zone_description = "CBR Network zone representing VPC"
+  account_id       = data.ibm_iam_account_settings.iam_account_settings.account_id
+  addresses = [{
+    type  = "vpc", # to bind a specific vpc to the zone
+    value = ibm_is_vpc.example_vpc.crn,
+  }]
+}
+
 ########################################################################################################################
 # App Config
 ########################################################################################################################
@@ -32,4 +62,29 @@ module "app_config" {
       description   = "Collection for ${var.prefix}"
     }
   ]
+
+  cbr_rules = [
+    {
+      description      = "${var.prefix}-APP-CONF access only from vpc"
+      enforcement_mode = "enabled"
+      account_id       = data.ibm_iam_account_settings.iam_account_settings.account_id
+      tags = [
+        {
+          name  = "test-name"
+          value = "test-value"
+        }
+      ]
+      rule_contexts = [{
+        attributes = [
+          {
+            "name" : "endpointType",
+            "value" : "private"
+          },
+          {
+            name  = "networkZoneId"
+            value = module.cbr_zone.zone_id
+        }]
+      }]
+    }
+  ]
 }
diff --git a/main.tf b/main.tf
index 582a196..d54ae7c 100644
--- a/main.tf
+++ b/main.tf
@@ -27,3 +27,35 @@ resource "ibm_app_config_collection" "collections" {
   description   = each.value.description
   tags          = each.value.tags
 }
+
+##############################################################################
+# Context Based Restrictions
+##############################################################################
+module "cbr_rule" {
+  count            = length(var.cbr_rules) > 0 ? length(var.cbr_rules) : 0
+  source           = "terraform-ibm-modules/cbr/ibm//modules/cbr-rule-module"
+  version          = "1.24.0"
+  rule_description = var.cbr_rules[count.index].description
+  enforcement_mode = var.cbr_rules[count.index].enforcement_mode
+  rule_contexts    = var.cbr_rules[count.index].rule_contexts
+  resources = [{
+    attributes = [
+      {
+        name     = "accountId"
+        value    = var.cbr_rules[count.index].account_id
+        operator = "stringEquals"
+      },
+      {
+        name     = "serviceInstance"
+        value    = ibm_resource_instance.app_config.guid
+        operator = "stringEquals"
+      },
+      {
+        name     = "serviceName"
+        value    = "App Configuration"
+        operator = "stringEquals"
+      }
+    ],
+    tags = var.cbr_rules[count.index].tags
+  }]
+}
diff --git a/variables.tf b/variables.tf
index 45ebc30..421f2e5 100644
--- a/variables.tf
+++ b/variables.tf
@@ -65,3 +65,27 @@ variable "app_config_collections" {
   }))
   default = []
 }
+
+##############################################################
+# Context-based restriction (CBR)
+##############################################################
+
+variable "cbr_rules" {
+  type = list(object({
+    description = string
+    account_id  = string
+    tags = optional(list(object({
+      name  = string
+      value = string
+    })), [])
+    rule_contexts = list(object({
+      attributes = optional(list(object({
+        name  = string
+        value = string
+    }))) }))
+    enforcement_mode = string
+  }))
+  description = "The list of context-based restriction rules to create."
+  default     = []
+  # Validation happens in the rule module
+}

From 5c33b0c16d6c97f730275428411b889e899d55c7 Mon Sep 17 00:00:00 2001
From: Aayush-Abhyarthi <Aayush.Abhyarthi@ibm.com>
Date: Mon, 23 Sep 2024 01:38:13 +0530
Subject: [PATCH 2/6] resolve pre-commit

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index fcb0349..82ad52e 100644
--- a/README.md
+++ b/README.md
@@ -98,7 +98,7 @@ For more information on access and permissions, see <https://cloud.ibm.com/docs/
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_app_config_collections"></a> [app\_config\_collections](#input\_app\_config\_collections) | A list of collections to be added to the App Configuration instance | <pre>list(object({<br/>    name          = string<br/>    collection_id = string<br/>    description   = optional(string, null)<br/>    tags          = optional(string, null)<br/>  }))</pre> | `[]` | no |
+| <a name="input_app_config_collections"></a> [app\_config\_collections](#input\_app\_config\_collections) | A list of collections to be added to the App Configuration instance | <pre>list(object({<br>    name          = string<br>    collection_id = string<br>    description   = optional(string, null)<br>    tags          = optional(string, null)<br>  }))</pre> | `[]` | no |
 | <a name="input_app_config_name"></a> [app\_config\_name](#input\_app\_config\_name) | Name for the App Configuration service instance | `string` | n/a | yes |
 | <a name="input_app_config_plan"></a> [app\_config\_plan](#input\_app\_config\_plan) | Plan for the App Configuration service instance, valid plans are lite, standardv2, and enterprise. | `string` | `"lite"` | no |
 | <a name="input_app_config_service_endpoints"></a> [app\_config\_service\_endpoints](#input\_app\_config\_service\_endpoints) | Service Endpoints for the App Configuration service instance, valid endpoints are public or public-and-private. | `string` | `"public-and-private"` | no |

From eaca34fbcade73309fbfd6c00c3088c658717019 Mon Sep 17 00:00:00 2001
From: Aayush-Abhyarthi <Aayush.Abhyarthi@ibm.com>
Date: Mon, 23 Sep 2024 12:06:34 +0530
Subject: [PATCH 3/6] fix:bug


From 82ac0b7d90f955543b1dfb56d1cd2c960b098224 Mon Sep 17 00:00:00 2001
From: Aayush-Abhyarthi <Aayush.Abhyarthi@ibm.com>
Date: Mon, 23 Sep 2024 12:53:43 +0530
Subject: [PATCH 4/6] fix:pre-commit

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 82ad52e..11f7cfb 100644
--- a/README.md
+++ b/README.md
@@ -98,12 +98,12 @@ For more information on access and permissions, see <https://cloud.ibm.com/docs/
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_app_config_collections"></a> [app\_config\_collections](#input\_app\_config\_collections) | A list of collections to be added to the App Configuration instance | <pre>list(object({<br>    name          = string<br>    collection_id = string<br>    description   = optional(string, null)<br>    tags          = optional(string, null)<br>  }))</pre> | `[]` | no |
+| <a name="input_app_config_collections"></a> [app\_config\_collections](#input\_app\_config\_collections) | A list of collections to be added to the App Configuration instance | <pre>list(object({<br/>    name          = string<br/>    collection_id = string<br/>    description   = optional(string, null)<br/>    tags          = optional(string, null)<br/>  }))</pre> | `[]` | no |
 | <a name="input_app_config_name"></a> [app\_config\_name](#input\_app\_config\_name) | Name for the App Configuration service instance | `string` | n/a | yes |
 | <a name="input_app_config_plan"></a> [app\_config\_plan](#input\_app\_config\_plan) | Plan for the App Configuration service instance, valid plans are lite, standardv2, and enterprise. | `string` | `"lite"` | no |
 | <a name="input_app_config_service_endpoints"></a> [app\_config\_service\_endpoints](#input\_app\_config\_service\_endpoints) | Service Endpoints for the App Configuration service instance, valid endpoints are public or public-and-private. | `string` | `"public-and-private"` | no |
 | <a name="input_app_config_tags"></a> [app\_config\_tags](#input\_app\_config\_tags) | Optional list of tags to be added to the App Config instance. | `list(string)` | `[]` | no |
-| <a name="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules) | The list of context-based restriction rules to create. | <pre>list(object({<br>    description = string<br>    account_id  = string<br>    tags = optional(list(object({<br>      name  = string<br>      value = string<br>    })), [])<br>    rule_contexts = list(object({<br>      attributes = optional(list(object({<br>        name  = string<br>        value = string<br>    }))) }))<br>    enforcement_mode = string<br>  }))</pre> | `[]` | no |
+| <a name="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules) | The list of context-based restriction rules to create. | <pre>list(object({<br/>    description = string<br/>    account_id  = string<br/>    tags = optional(list(object({<br/>      name  = string<br/>      value = string<br/>    })), [])<br/>    rule_contexts = list(object({<br/>      attributes = optional(list(object({<br/>        name  = string<br/>        value = string<br/>    }))) }))<br/>    enforcement_mode = string<br/>  }))</pre> | `[]` | no |
 | <a name="input_region"></a> [region](#input\_region) | The region to provision the App Configuration service, valid regions are us-south, us-east, eu-gb, and au-syd. | `string` | `"us-south"` | no |
 | <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where resources will be provisioned. | `string` | n/a | yes |
 

From 4d06924cf452079cd1efa11d6bb987d6c2490f86 Mon Sep 17 00:00:00 2001
From: Aayush-Abhyarthi <Aayush.Abhyarthi@ibm.com>
Date: Mon, 23 Sep 2024 13:11:19 +0530
Subject: [PATCH 5/6] fix:pre-commit

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index d54ae7c..020efaa 100644
--- a/main.tf
+++ b/main.tf
@@ -52,7 +52,7 @@ module "cbr_rule" {
       },
       {
         name     = "serviceName"
-        value    = "App Configuration"
+        value    = "apprapp"
         operator = "stringEquals"
       }
     ],

From 8d453f24aa9a12491b14afd33416906b6f302ccf Mon Sep 17 00:00:00 2001
From: Aayush-Abhyarthi <Aayush.Abhyarthi@ibm.com>
Date: Wed, 25 Sep 2024 12:40:52 +0530
Subject: [PATCH 6/6] address comments

---
 README.md                    | 2 +-
 examples/complete/main.tf    | 3 ++-
 examples/complete/version.tf | 2 +-
 version.tf                   | 2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 11f7cfb..fddbda0 100644
--- a/README.md
+++ b/README.md
@@ -79,7 +79,7 @@ For more information on access and permissions, see <https://cloud.ibm.com/docs/
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.49.0, < 2.0.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.65.0, < 2.0.0 |
 
 ### Modules
 
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 7a2cdf7..32e47a7 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -34,7 +34,8 @@ resource "ibm_is_vpc" "example_vpc" {
 # Create CBR Zone
 ##############################################################################
 module "cbr_zone" {
-  source           = "git::https://github.com/terraform-ibm-modules/terraform-ibm-cbr//cbr-zone-module?ref=v1.2.0"
+  source           = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module"
+  version          = "1.27.0"
   name             = "${var.prefix}-VPC-network-zone"
   zone_description = "CBR Network zone representing VPC"
   account_id       = data.ibm_iam_account_settings.iam_account_settings.account_id
diff --git a/examples/complete/version.tf b/examples/complete/version.tf
index 398bd44..e9804d3 100644
--- a/examples/complete/version.tf
+++ b/examples/complete/version.tf
@@ -6,7 +6,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">= 1.49.0, < 2.0.0"
+      version = ">= 1.65.0, < 2.0.0"
     }
   }
 }
diff --git a/version.tf b/version.tf
index a95845b..ba51a40 100644
--- a/version.tf
+++ b/version.tf
@@ -6,7 +6,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">= 1.49.0, < 2.0.0"
+      version = ">= 1.65.0, < 2.0.0"
     }
   }
 }