feat: fully configurable app config da

.catalog-onboard-pipeline.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+offerings:
+  - name: deploy-arch-ibm-apprapp
+    kind: solution
+    catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd
+    offering_id: 045c1169-d15a-4046-ae81-aa3d3348421f
+    variations:
+      - name: fully-configurable
+        mark_ready: true
+        install_type: fullstack
+        scc:
+          instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
+          region: us-south
+          scope_resource_group_var_name: existing_resource_group_name

.releaserc

@@ -10,6 +10,9 @@
     }],
     ["@semantic-release/exec", {
       "successCmd": "echo \"SEMVER_VERSION=${nextRelease.version}\" >> $GITHUB_ENV"
+    }],
+    ["@semantic-release/exec",{
+      "publishCmd": "./ci/trigger-catalog-onboarding-pipeline.sh --version=v${nextRelease.version}"
     }]
   ]
 }

README.md

@@ -105,7 +105,7 @@ For more information on access and permissions, see <https://cloud.ibm.com/docs/
 |------|-------------|------|---------|:--------:|
 | <a name="input_app_config_collections"></a> [app\_config\_collections](#input\_app\_config\_collections) | A list of collections to be added to the App Configuration instance | <pre>list(object({<br/>    name          = string<br/>    collection_id = string<br/>    description   = optional(string, null)<br/>    tags          = optional(string, null)<br/>  }))</pre> | `[]` | no |
 | <a name="input_app_config_name"></a> [app\_config\_name](#input\_app\_config\_name) | Name for the App Configuration service instance | `string` | n/a | yes |
-| <a name="input_app_config_plan"></a> [app\_config\_plan](#input\_app\_config\_plan) | Plan for the App Configuration service instance, valid plans are lite, standardv2, and enterprise. | `string` | `"lite"` | no |
+| <a name="input_app_config_plan"></a> [app\_config\_plan](#input\_app\_config\_plan) | Plan for the App Configuration service instance, valid plans are lite, basic, standardv2, and enterprise. | `string` | `"lite"` | no |
 | <a name="input_app_config_service_endpoints"></a> [app\_config\_service\_endpoints](#input\_app\_config\_service\_endpoints) | Service Endpoints for the App Configuration service instance, valid endpoints are public or public-and-private. | `string` | `"public-and-private"` | no |
 | <a name="input_app_config_tags"></a> [app\_config\_tags](#input\_app\_config\_tags) | Optional list of tags to be added to the App Config instance. | `list(string)` | `[]` | no |
 | <a name="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules) | The list of context-based restriction rules to create. | <pre>list(object({<br/>    description = string<br/>    account_id  = string<br/>    tags = optional(list(object({<br/>      name  = string<br/>      value = string<br/>    })), [])<br/>    rule_contexts = list(object({<br/>      attributes = optional(list(object({<br/>        name  = string<br/>        value = string<br/>    }))) }))<br/>    enforcement_mode = string<br/>  }))</pre> | `[]` | no |
@@ -116,7 +116,7 @@ For more information on access and permissions, see <https://cloud.ibm.com/docs/
 | <a name="input_config_aggregator_resource_collection_regions"></a> [config\_aggregator\_resource\_collection\_regions](#input\_config\_aggregator\_resource\_collection\_regions) | From which region do you want to collect configuration data? Only applies if `enable_config_aggregator` is set to true. | `list(string)` | <pre>[<br/>  "all"<br/>]</pre> | no |
 | <a name="input_config_aggregator_trusted_profile_name"></a> [config\_aggregator\_trusted\_profile\_name](#input\_config\_aggregator\_trusted\_profile\_name) | The name to give the trusted profile that will be created if `enable_config_aggregator` is set to `true`. | `string` | `"config-aggregator-trusted-profile"` | no |
 | <a name="input_enable_config_aggregator"></a> [enable\_config\_aggregator](#input\_enable\_config\_aggregator) | Set to true to enable configuration aggregator. By setting to true a trusted profile will be created with the required access to record configuration data from all resources across regions in your account. [Learn more](https://cloud.ibm.com/docs/app-configuration?topic=app-configuration-ac-configuration-aggregator). | `bool` | `false` | no |
-| <a name="input_region"></a> [region](#input\_region) | The region to provision the App Configuration service, valid regions are us-south, us-east, eu-gb, and au-syd. | `string` | `"us-south"` | no |
+| <a name="input_region"></a> [region](#input\_region) | The region to provision the App Configuration service, valid regions are au-syd, jp-osa, jp-tok, eu-de, eu-gb, eu-es, us-east, us-south, ca-tor, br-sao. | `string` | `"us-south"` | no |
 | <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where resources will be provisioned. | `string` | n/a | yes |
 
 ### Outputs

examples/advanced/main.tf

@@ -53,6 +53,7 @@ module "app_config" {
   app_config_name          = "${var.prefix}-app-config"
   app_config_tags          = var.resource_tags
   enable_config_aggregator = true # See https://cloud.ibm.com/docs/app-configuration?topic=app-configuration-ac-configuration-aggregator
+  app_config_plan          = "standardv2"
   app_config_collections = [
     {
       name          = "${var.prefix}-collection",

ibm_catalog.json

@@ -0,0 +1,252 @@
+{
+    "products": [
+      {
+        "name": "deploy-arch-ibm-apprapp",
+        "label": "Cloud automation for App Configuration",
+        "product_kind": "solution",
+        "tags": [
+            "dev_ops",
+            "ibm_created",
+            "terraform",
+            "solution",
+            "support_ibm"
+        ],
+        "keywords": [
+          "terraform",
+          "appconfig",
+          "app configuration",
+          "solution",
+          "IaC",
+          "infrastructure as code"
+        ],
+        "short_description": "Creates and configures an App Configuration service on IBM Cloud",
+        "long_description": "This deployable architecture automates the provisioning of IBM Cloud App Configuration along with initial collection to help you manage feature flags and dynamic properties at scale. It also includes support for configuration aggregators, enabling centralized monitoring and management of configurations across multiple App Configuration instances. It simplifies onboarding by preconfiguring key resources and provides support for defining context-based restrictions (CBR) to enhance security and control access based on network policies. Ideal for teams adopting feature flagging, experimentation, or remote configuration strategies in cloud-native applications, this solution accelerates setup while following IBM Cloud best practices. Refer [this](https://cloud.ibm.com/docs/app-configuration) for more information.",
+        "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/blob/main/README.md",
+        "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-app-configuration/main/images/app_config-icon.png",
+        "provider_name": "IBM",
+        "features": [
+          {
+            "title": "Provision Collection",
+            "description": "Supports creation of collection to help manage feature flags and dynamic properties at scale."
+          },
+          {
+            "title": "CBR Enhanced Security",
+            "description": "Provides support for defining context-based restrictions (CBR) to enhance security and control access based on network policies."
+          },
+          {
+            "title": "Configuration Aggregator",
+            "description": "Supports creation and management of configuration aggregator to manage configurations across multiple App Configuration instances."
+          }
+        ],
+        "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in that repository [https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/issues](https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/issues). Please note this product is not supported via the IBM Cloud Support Center.",
+        "flavors": [
+          {
+            "label": "Fully configurable",
+            "name": "fully-configurable",
+            "install_type": "fullstack",
+            "working_directory": "solutions/fully-configurable",
+            "compliance": {
+              "authority": "scc-v3",
+              "profiles": [
+                {
+                  "profile_name": "IBM Cloud Framework for Financial Services",
+                  "profile_version": "1.7.0"
+                }
+              ]
+            },
+            "configuration": [
+              {
+                "key": "ibmcloud_api_key"
+              },
+              {
+                "key": "prefix",
+                "required": true
+              },
+              {
+                "key": "existing_resource_group_name",
+                "required": true,
+                "custom_config": {
+                  "type": "resource_group",
+                  "grouping": "deployment",
+                  "original_grouping": "deployment",
+                  "config_constraints": {
+                    "identifier": "rg_name"
+                  }
+                }
+              },
+              {
+                "key": "region",
+                "required": true,
+                "options": [
+                  {
+                    "displayname": "Osaka (jp-osa)",
+                    "value": "jp-osa"
+                  },
+                  {
+                    "displayname": "Sydney (au-syd)",
+                    "value": "au-syd"
+                  },
+                  {
+                    "displayname": "Tokyo (jp-tok)",
+                    "value": "jp-tok"
+                  },
+                  {
+                    "displayname": "Frankfurt (eu-de)",
+                    "value": "eu-de"
+                  },
+                  {
+                    "displayname": "London (eu-gb)",
+                    "value": "eu-gb"
+                  },
+                  {
+                    "displayname": "Madrid (eu-es)",
+                    "value": "eu-es"
+                  },
+                  {
+                    "displayname": "Dallas (us-south)",
+                    "value": "us-south"
+                  },
+                  {
+                    "displayname": "Toronto (ca-tor)",
+                    "value": "ca-tor"
+                  },
+                  {
+                    "displayname": "Washington DC (us-east)",
+                    "value": "us-east"
+                  },
+                  {
+                    "displayname": "Sao Paulo (br-sao)",
+                    "value": "br-sao"
+                  }
+                ]
+              },
+              {
+                "key": "app_config_name"
+              },
+              {
+                "key": "app_config_plan",
+                "required": true,
+                "options": [
+                  {
+                    "displayname": "lite",
+                    "value": "lite"
+                  },
+                  {
+                    "displayname": "basic",
+                    "value": "basic"
+                  },
+                  {
+                    "displayname": "standard",
+                    "value": "standardv2"
+                  },
+                  {
+                    "displayname": "enterprise",
+                    "value": "enterprise"
+                  }
+                ]
+              },
+              {
+                "key": "app_config_service_endpoints",
+                "options": [
+                  {
+                    "displayname": "public",
+                    "value": "public"
+                  },
+                  {
+                    "displayname": "public-and-private",
+                    "value": "public-and-private"
+                  }
+                ]
+              },
+              {
+                "key": "app_config_collections"
+              },
+              {
+                "key": "app_config_tags",
+                "custom_config": {
+                  "grouping": "deployment",
+                  "original_grouping": "deployment",
+                  "config_constraints": {
+                    "type": "string"
+                  }
+                }
+              },
+              {
+                "key": "enable_config_aggregator"
+              },
+              {
+                "key": "config_aggregator_trusted_profile_name"
+              },
+              {
+                "key": "config_aggregator_resource_collection_regions"
+              },
+              {
+                "key": "config_aggregator_enterprise_id"
+              },
+              {
+                "key": "config_aggregator_enterprise_trusted_profile_name"
+              },
+              {
+                "key": "config_aggregator_enterprise_trusted_profile_template_name"
+              },
+              {
+                "key": "config_aggregator_enterprise_account_group_ids_to_assign"
+              },
+              {
+                "key": "app_config_cbr_rules"
+              },
+              {
+                "key": "provider_visibility",
+                "hidden": true,
+                "options": [
+                  {
+                    "displayname": "private",
+                    "value": "private"
+                  },
+                  {
+                    "displayname": "public",
+                    "value": "public"
+                  },
+                  {
+                    "displayname": "public-and-private",
+                    "value": "public-and-private"
+                  }
+                ]
+              }
+            ],
+            "architecture": {
+              "descriptions": "This architecture supports creating and configuring an IBM Cloud App Configuration",
+              "features": [
+                {
+                  "title": "App Configuration instance with Collections",
+                  "description": "Creates App Configuration instance. Collections can be created and configured for the instance"
+                },
+                {
+                  "title": "Use existing resource group",
+                  "description": "Supports deployment into an existing IBM Cloud resource group."
+                },
+                {
+                  "title": "CBR Enhanced Security",
+                  "description": "Enforces network-based access control through context-based restrictions (CBR) rules."
+                },
+                {
+                  "title": "Configuration Aggregator",
+                  "description": "Enables the creation and management of configuration aggregator to consolidate and monitor configurations across multiple App Configuration instances."
+                }
+              ],
+              "diagrams": [
+                {
+                  "diagram": {
+                    "caption": "App Configuration",
+                    "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-app-configuration/main/reference-architecture/app_configuration.svg",
+                    "type": "image/svg+xml"
+                  },
+                  "description": "**App Configuration on IBM Cloud** <br/> <br/> <b>Description</b> <br/> This architecture automates the setup of IBM Cloud App Configuration. The modular design includes the creation of a collection to streamline the management of feature flags and properties, consolidation of multiple App Cpnfiguration instances via configuration aggregator and optionally integrates context-based restrictions (CBR) to improve access control and align with your network security policies."
+                }
+              ]
+            }
+          }
+        ]
+      }
+    ]
+}

solutions/fully-configurable/DA-cbr_rules.md

@@ -0,0 +1,55 @@
+# Configuring context-based restrictions (CBRs)
+
+The `app_config_cbr_rules` input variable allows you to provide a rule for the target service to enforce access restrictions for the service based on the context of access requests. Contexts are criteria that include the network location of access requests, the endpoint type from where the request is sent, etc.
+
+- Variable name: `app_config_cbr_rules`.
+- Type: A list of objects. Allows only one object representing a rule for the target service
+- Default value: An empty list (`[]`).
+
+### Options for app_config_cbr_rules
+
+  - `description` (required): The description of the rule to create.
+  - `account_id` (required): The IBM Cloud Account ID
+  - `tag` (optional): (List) The tags related to CBR rules
+  - `rule_contexts` (required): (List) The contexts the rule applies to
+      - `attributes` (optional): (List) Individual context attributes
+        - `name` (required): The attribute name.
+        - `value`(required): The attribute value.
+
+  - `enforcement_mode` (required): The rule enforcement mode can have the following values:
+      - `enabled` - The restrictions are enforced and reported. This is the default.
+      - `disabled` - The restrictions are disabled. Nothing is enforced or reported.
+      - `report` - The restrictions are evaluated and reported, but not enforced.
+
+
+### Example Rule For context-based restrictions configuration
+
+```hcl
+[
+  {
+    description      = "Restrict access to App Config from trusted network"
+    account_id       = "<AccountID>"
+    enforcement_mode = "enabled"
+    tags = [
+      {
+        name  = "env"
+        value = "dev"
+      }
+    ]
+    rule_contexts = [
+      {
+        attributes = [
+          {
+            name  = "networkZoneId"
+            value = "<NetworkZoneID>"
+          },
+          {
+            "name" : "endpointType",
+            "value" : "private"
+          }
+        ]
+      }
+    ]
+  }
+]
+```

solutions/fully-configurable/DA-collections.md

@@ -0,0 +1,36 @@
+# Configuring collections
+
+The `app_config_collections` input variable allows you to define collections to be added to your IBM Cloud App Configuration instance. Collections are logical groupings of configuration items such as feature flags and properties. You can use collections to organize your configuration items based on environments, services, teams, or other criteria.
+
+- Variable name: `app_config_collections`.
+- Type: A list of objects. One object per collection item.
+- Default value: An empty list (`[]`).
+
+### Options for app_config_collections
+
+  - `name` (required): The name of the collection. This should be a unique, descriptive name identifying the purpose or usage of the collection.
+  - `collection_id` (required): The unique ID for the collection. This must be unique within the App Configuration instance.
+  - `description` (optional): A brief description of the collection's purpose or contents.
+  - `tags` (optional): A string of comma-separated tags that can be used for categorization or filtering.
+
+
+### Example Collection Configuration
+
+```hcl
+[
+  {
+    name          = "feature-flags"
+    collection_id = "ff-collection-001"
+    description   = "Feature flags for development environment"
+    tags          = "env:dev,team:backend"
+  },
+  {
+    name          = "config-settings-ui"
+    collection_id = "cfg-ui-001"
+    description   = "Configuration settings for UI components"
+    tags          = "env:all,team:frontend"
+  }
+]
+```
+
+* NOTE: When using the `lite` plan, you can define at most 1 App Configuration collection.