App config Gaps fixed - Config aggregator module added

examples/appconfig/main.tf

@@ -0,0 +1,93 @@
+##############################################################################
+# App Config Only Example
+##############################################################################
+
+########################################################################################################################
+# Resource group
+########################################################################################################################
+
+module "resource_group" {
+  source  = "terraform-ibm-modules/resource-group/ibm"
+  version = "1.1.6"
+  resource_group_name          = var.resource_group == null ? "${var.prefix}-resource-group" : null
+  existing_resource_group_name = var.resource_group
+}
+
+##############################################################################
+# Get Cloud Account ID
+##############################################################################
+
+data "ibm_iam_account_settings" "iam_account_settings" {}
+
+##############################################################################
+# VPC
+##############################################################################
+
+resource "ibm_is_vpc" "example_vpc" {
+  name           = "${var.prefix}-vpc"
+  resource_group = module.resource_group.resource_group_id
+  tags           = var.resource_tags
+}
+
+##############################################################################
+# Create CBR Zone
+##############################################################################
+
+module "cbr_zone" {
+  source           = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module"
+  version          = "1.28.0"
+  name             = "${var.prefix}-VPC-network-zone"
+  zone_description = "CBR Network zone representing VPC"
+  account_id       = data.ibm_iam_account_settings.iam_account_settings.account_id
+  addresses = [{
+    type  = "vpc",
+    value = ibm_is_vpc.example_vpc.crn,
+  }]
+}
+
+##############################################################################
+# App Config
+##############################################################################
+
+module "app_config" {
+  source            = "../.."
+  resource_group_id = module.resource_group.resource_group_id
+  region            = var.region
+  app_config_name   = "${var.prefix}-app-config"
+  app_config_tags   = var.resource_tags
+
+  app_config_collections = [
+    {
+      name          = "${var.prefix}-collection",
+      collection_id = "${var.prefix}-collection"
+      description   = "Collection for ${var.prefix}"
+    }
+  ]
+
+  cbr_rules = [
+    {
+      description      = "${var.prefix}-APP-CONF access only from vpc"
+      enforcement_mode = "enabled"
+      account_id       = data.ibm_iam_account_settings.iam_account_settings.account_id
+      tags = [
+        {
+          name  = "test-name"
+          value = "test-value"
+        }
+      ]
+      rule_contexts = [{
+        attributes = [
+          {
+            name  = "endpointType"
+            value = "private"
+          },
+          {
+            name  = "networkZoneId"
+            value = module.cbr_zone.zone_id
+          }
+        ]
+      }]
+    }
+  ]
+}
+

examples/appconfig/outputs.tf

@@ -0,0 +1,24 @@
+output "app_config_crn" {
+  value = ibm_resource_instance.app_config.crn
+}
+
+output "app_config_guid" {
+  description = "GUID of the App Configuration instance"
+  value       = module.app_config.app_config_guid
+}
+
+output "app_config_collection_ids" {
+  description = "List of IDs for the collections in the App Configuration instance"
+  value       = module.app_config.app_config_collection_ids
+}
+
+output "resource_group_name" {
+  description = "Name of the resource group used"
+  value       = var.resource_group
+}
+
+output "vpc_id" {
+  description = "ID of the created VPC"
+  value       = ibm_is_vpc.example_vpc.id
+}
+

examples/appconfig/variables.tf

@@ -0,0 +1,23 @@
+variable "prefix" {
+  description = "Prefix for naming all resources"
+  type        = string
+}
+
+variable "region" {
+  description = "Region where resources will be deployed"
+  type        = string
+  default     = "us-south"
+}
+
+variable "resource_group" {
+  description = "Name of existing resource group (if any)"
+  type        = string
+  default     = null
+}
+
+variable "resource_tags" {
+  description = "Tags to assign to resources"
+  type        = list(string)
+  default     = []
+}
+

examples/complete/main.tf

@@ -89,3 +89,14 @@ module "app_config" {
     }
   ]
 }
+module "scc_wp_config_aggregator" {
+  source = "../../modules/scc_wp_config_aggregator"
+
+  app_config_instance_guid        = module.app_config.app_config_guid
+  region                          = var.region
+  enterprise_id                   = var.enterprise_id
+  template_id                     = var.template_id
+  enterprise_trusted_profile_id  = var.enterprise_trusted_profile_id
+
+  depends_on = [module.app_config]
+}

examples/complete/outputs.tf

@@ -1,6 +1,10 @@
 ##############################################################################
 # Outputs
 ##############################################################################
+output "scc_wp_config_aggregator_id" {
+  description = "ID of the SCC-WP Config Aggregator"
+  value       = module.scc_wp_config_aggregator.scc_wp_config_aggregator_id
+}
 
 output "region" {
   description = "The region all resources were provisioned in"

examples/complete/variables.tf

@@ -1,3 +1,7 @@
+variable "enterprise_trusted_profile_id" {
+  type        = string
+  description = "Trusted profile ID for the Enterprise App Config aggregator"
+}
 variable "ibmcloud_api_key" {
   type        = string
   description = "The IBM Cloud API Key"
@@ -27,3 +31,13 @@ variable "resource_tags" {
   description = "Optional list of tags to be added to created resources"
   default     = []
 }
+variable "enterprise_id" {
+  description = "Enterprise ID for App Configuration aggregator"
+  type        = string
+}
+
+variable "template_id" {
+  description = "Trusted Profile Template ID for App Configuration aggregator"
+  type        = string
+}
+

modules/scc_wp_config_aggregator/main.tf

@@ -0,0 +1,28 @@
+resource "null_resource" "debug_vars" {
+  provisioner "local-exec" {
+    command = <<EOT
+echo "📦 Template ID: ${var.template_id}"
+echo "🏢 Enterprise ID: ${var.enterprise_id}"
+echo "🔐 Trusted Profile ID: ${var.enterprise_trusted_profile_id}"
+EOT
+  }
+}
+
+resource "ibm_config_aggregator_settings" "scc_wp_aggregator" {
+  instance_id                 = var.app_config_instance_guid
+  region                      = var.region
+  resource_collection_enabled = true
+  resource_collection_regions = ["all"]
+  trusted_profile_id          = var.general_trusted_profile_id
+
+  additional_scope {
+    type          = "Enterprise"
+    enterprise_id = var.enterprise_id
+
+    profile_template {
+      id                 = var.template_id
+      trusted_profile_id = var.enterprise_trusted_profile_id
+    }
+  }
+}
+

modules/scc_wp_config_aggregator/main.tfOLD

@@ -0,0 +1,18 @@
+resource "ibm_config_aggregator_settings" "scc_wp_aggregator" {
+  instance_id                 = var.app_config_instance_guid
+  region                      = var.region
+  resource_collection_enabled = true
+  resource_collection_regions = ["all"]
+  trusted_profile_id          = var.enterprise_trusted_profile_id
+
+  additional_scope {
+    type          = "Enterprise"
+    enterprise_id = var.enterprise_id
+
+    profile_template {
+      id                 = var.template_id
+      trusted_profile_id = var.enterprise_trusted_profile_id
+    }
+  }
+}
+

modules/scc_wp_config_aggregator/outputs.tf

@@ -0,0 +1,9 @@
+output "config_aggregator_instance_id" {
+  description = "App Config instance ID used for aggregation"
+  value       = var.app_config_instance_guid
+}
+output "scc_wp_config_aggregator_id" {
+  description = "ID of the SCC-WP Config Aggregator"
+  value       = ibm_config_aggregator_settings.scc_wp_aggregator.id
+}
+

modules/scc_wp_config_aggregator/variables.tf

@@ -0,0 +1,28 @@
+variable "app_config_instance_guid" {
+  type        = string
+  description = "GUID of the App Configuration instance"
+}
+
+variable "region" {
+  type        = string
+  description = "Region where the Config Aggregator will be deployed"
+}
+
+variable "enterprise_id" {
+  type        = string
+  description = "Enterprise ID to scope the Config Aggregator"
+}
+
+variable "template_id" {
+  type        = string
+  description = "Trusted Profile Template ID used for additional scope"
+}
+
+variable "enterprise_trusted_profile_id" {
+  type        = string
+  description = "Trusted Profile ID used to authorize resource collection scoping"
+}
+variable "general_trusted_profile_id" {
+  type        = string
+  description = "Trusted Profile ID used to authorize resource collection"
+}

modules/scc_wp_config_aggregator/version.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    ibm = {
+      source  = "ibm-cloud/ibm"
+      version = ">= 1.65.0, < 2.0.0"
+    }
+  }
+}
+

outputs.tf

@@ -1,6 +1,9 @@
 ########################################################################################################################
 # Outputs
 ########################################################################################################################
+output "app_config_crn" {
+  value = ibm_resource_instance.app_config.crn
+}
 
 output "app_config_guid" {
   description = "GUID of the App Configuration instance"