Skip to content

feat: fully configurable app config da #212

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 20 commits into from
May 8, 2025
Merged

feat: fully configurable app config da #212

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
9e50017
feat: #13296 Fully Configurable DA
mukulpalit-ibm Apr 21, 2025
0ffb7b1
SKIP UPGRADE TEST
mukulpalit-ibm Apr 22, 2025
9eca92f
Update catalog.json and SKIP UPGRADE TEST
mukulpalit-ibm Apr 22, 2025
a85734e
Update variables.tf and SKIP UPGRADE TEST
mukulpalit-ibm Apr 22, 2025
0d1cf8e
Update readme
mukulpalit-ibm Apr 22, 2025
037ac17
PR changes
mukulpalit-ibm Apr 28, 2025
c96421d
Update App config Icon
mukulpalit-ibm Apr 28, 2025
03f1198
update offering name
mukulpalit-ibm Apr 28, 2025
41996c4
testing tile
mukulpalit-ibm Apr 28, 2025
e2bfaee
Restore Image URL
mukulpalit-ibm Apr 28, 2025
b953419
PR changes
mukulpalit-ibm May 2, 2025
4b971d6
update architecture features
mukulpalit-ibm May 2, 2025
6d6d0db
Merge main
mukulpalit-ibm May 6, 2025
2cd92b5
Added Configuration Aggregator feature to DA
mukulpalit-ibm May 7, 2025
1b3595f
generate test tile
mukulpalit-ibm May 7, 2025
ead5b8a
restore URL
mukulpalit-ibm May 7, 2025
c6bdcde
update prefix validation
mukulpalit-ibm May 7, 2025
b26fcb7
update README
mukulpalit-ibm May 7, 2025
a9bab71
PR changes
mukulpalit-ibm May 8, 2025
9dc4576
making advanced examples to standard plan
mukulpalit-ibm May 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .catalog-onboard-pipeline.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
apiVersion: v1
offerings:
- name: deploy-arch-ibm-apprapp
kind: solution
catalog_id: # to be updated
offering_id: # to be updated
variations:
- name: fully-configurable
mark_ready: true
install_type: fullstack
scc:
instance_id:
region: us-south
scope_resource_group_var_name: existing_resource_group_name
3 changes: 3 additions & 0 deletions .releaserc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@
}],
["@semantic-release/exec", {
"successCmd": "echo \"SEMVER_VERSION=${nextRelease.version}\" >> $GITHUB_ENV"
}],
["@semantic-release/exec",{
"publishCmd": "./ci/trigger-catalog-onboarding-pipeline.sh --version=v${nextRelease.version}"
}]
]
}
4 changes: 2 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,11 +100,11 @@ For more information on access and permissions, see <https://cloud.ibm.com/docs/
|------|-------------|------|---------|:--------:|
| <a name="input_app_config_collections"></a> [app\_config\_collections](#input\_app\_config\_collections) | A list of collections to be added to the App Configuration instance | <pre>list(object({<br/> name = string<br/> collection_id = string<br/> description = optional(string, null)<br/> tags = optional(string, null)<br/> }))</pre> | `[]` | no |
| <a name="input_app_config_name"></a> [app\_config\_name](#input\_app\_config\_name) | Name for the App Configuration service instance | `string` | n/a | yes |
| <a name="input_app_config_plan"></a> [app\_config\_plan](#input\_app\_config\_plan) | Plan for the App Configuration service instance, valid plans are lite, standardv2, and enterprise. | `string` | `"lite"` | no |
| <a name="input_app_config_plan"></a> [app\_config\_plan](#input\_app\_config\_plan) | Plan for the App Configuration service instance, valid plans are lite, basic, standardv2, and enterprise. | `string` | `"lite"` | no |
| <a name="input_app_config_service_endpoints"></a> [app\_config\_service\_endpoints](#input\_app\_config\_service\_endpoints) | Service Endpoints for the App Configuration service instance, valid endpoints are public or public-and-private. | `string` | `"public-and-private"` | no |
| <a name="input_app_config_tags"></a> [app\_config\_tags](#input\_app\_config\_tags) | Optional list of tags to be added to the App Config instance. | `list(string)` | `[]` | no |
| <a name="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules) | The list of context-based restriction rules to create. | <pre>list(object({<br/> description = string<br/> account_id = string<br/> tags = optional(list(object({<br/> name = string<br/> value = string<br/> })), [])<br/> rule_contexts = list(object({<br/> attributes = optional(list(object({<br/> name = string<br/> value = string<br/> }))) }))<br/> enforcement_mode = string<br/> }))</pre> | `[]` | no |
| <a name="input_region"></a> [region](#input\_region) | The region to provision the App Configuration service, valid regions are us-south, us-east, eu-gb, and au-syd. | `string` | `"us-south"` | no |
| <a name="input_region"></a> [region](#input\_region) | The region to provision the App Configuration service, valid regions are au-syd, jp-osa, jp-tok, eu-de, eu-gb, eu-es, us-east, us-south, ca-tor. | `string` | `"us-south"` | no |
| <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where resources will be provisioned. | `string` | n/a | yes |

### Outputs
Expand Down
223 changes: 223 additions & 0 deletions ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,223 @@
{
"products": [
{
"name": "deploy-arch-ibm-apprapp",
"label": "Cloud automation for App Configuration",
"product_kind": "solution",
"tags": [
"devops",
"integration",
"ibm_created",
"terraform",
"solution",
"support_ibm",
"ibmCloudCatalog"
],
"keywords": [
"terraform",
"appconfig",
"app configuration",
"solution",
"IaC",
"infrastructure as code"
],
"short_description": "Provisions an App configuration service on IBM Cloud",
"long_description": "This deployable architecture automates the provisioning of IBM Cloud App Configuration along with initial collection to help you manage feature flags and dynamic properties at scale. It simplifies onboarding by preconfiguring key resources and provides optional support for defining context-based restrictions (CBR) to enhance security and control access based on network policies. Ideal for teams adopting feature flagging, experimentation, or remote configuration strategies in cloud-native applications, this solution accelerates setup while following IBM Cloud best practices. For more information refer to the App Configuration Cloud doc [here](https://cloud.ibm.com/docs/app-configuration)",
"offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/blob/main/README.md",
"offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-app-configuration/main/images/app_config-icon.png",
"provider_name": "IBM",
"features": [
{
"title": "App Configuration Instance",
"description": "Creates and configures an App Configuration instance."
},
{
"title": "Provision Collection",
"description": "Supports creation of collection to help manage feature flags and dynamic properties at scale."
},
{
"title": "CBR Enhanced Security",
"description": "Provides optional support for defining context-based restrictions (CBR) to enhance security and control access based on network policies."
}
],
"support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in that repository [https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/issues](https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/issues). Please note this product is not supported via the IBM Cloud Support Center.",
"flavors": [
{
"label": "Fully configurable",
"name": "fully-configurable",
"install_type": "fullstack",
"working_directory": "solutions/fully-configurable",
"compliance": {
"authority": "scc-v3",
"profiles": [
{
"profile_name": "IBM Cloud Framework for Financial Services",
"profile_version": "1.7.0"
}
]
},
"configuration": [
{
"key": "ibmcloud_api_key"
},
{
"key": "existing_resource_group_name",
"required": true,
"custom_config": {
"type": "resource_group",
"grouping": "deployment",
"original_grouping": "deployment",
"config_constraints": {
"identifier": "rg_name"
}
}
},
{
"key": "region",
"required": true,
"options": [
{
"displayname": "Osaka (jp-osa)",
"value": "jp-osa"
},
{
"displayname": "Sydney (au-syd)",
"value": "au-syd"
},
{
"displayname": "Tokyo (jp-tok)",
"value": "jp-tok"
},
{
"displayname": "Frankfurt (eu-de)",
"value": "eu-de"
},
{
"displayname": "London (eu-gb)",
"value": "eu-gb"
},
{
"displayname": "Madrid (eu-es)",
"value": "eu-es"
},
{
"displayname": "Dallas (us-south)",
"value": "us-south"
},
{
"displayname": "Toronto (ca-tor)",
"value": "ca-tor"
},
{
"displayname": "Washington DC (us-east)",
"value": "us-east"
}
]
},
{
"key": "app_config_name",
"required": true
},
{
"key": "app_config_plan",
"required": true,
"options": [
{
"displayname": "lite",
"value": "lite"
},
{
"displayname": "basic",
"value": "basic"
},
{
"displayname": "standard",
"value": "standardv2"
},
{
"displayname": "enterprise",
"value": "enterprise"
}
]
},
{
"key": "app_config_service_endpoints",
"required": true,
"options": [
{
"displayname": "public",
"value": "public"
},
{
"displayname": "public-and-private",
"value": "public-and-private"
}
]
},
{
"key": "app_config_collections"
},
{
"key": "app_config_tags"
},
{
"key": "app_config_cbr_rules"
},
{
"key": "provider_visibility",
"options": [
{
"displayname": "private",
"value": "private"
},
{
"displayname": "public",
"value": "public"
},
{
"displayname": "public-and-private",
"value": "public-and-private"
}
]
}
],
"architecture": {
"descriptions": "This architecture supports creating and configuring an IBM Cloud App Configuration",
"features": [
{
"title": "App Configuration instance creation",
"description": "Yes"
},
{
"title": "New resource group creation",
"description": "No"
},
{
"title": "Use existing resource group",
"description": "Yes"
},
{
"title": "App Config Collection creation",
"description": "Yes"
},
{
"title": "CBR Enhanced Security",
"description": "Yes"
}
],
"diagrams": [
{
"diagram": {
"caption": "App Configuration instance",
"url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-app-configuration/main/reference-architecture/app_config.svg",
"type": "image/svg+xml"
},
"description": "**App Configuration on IBM Cloud** <br/> <br/> <b>Description</b> <br/> This deployable architecture automates the provisioning of IBM Cloud App Configuration along with initial collection to help you manage feature flags and dynamic properties at scale. It simplifies onboarding by preconfiguring key resources and provides optional support for defining context-based restrictions (CBR) to enhance security and control access based on network policies."
}
]
}
}
]
}
]
}
Binary file added images/app_config-icon.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
4 changes: 4 additions & 0 deletions reference-architecture/app_config.svg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
55 changes: 55 additions & 0 deletions solutions/fully-configurable/DA-cbr_names.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
# Configuring context-based restrictions (CBRs)

The `app_config_cbr_rules` input variable allows you to provide a rule for the target service to enforce access restrictions for the service based on the context of access requests. Contexts are criteria that include the network location of access requests, the endpoint type from where the request is sent, etc.

- Variable name: `app_config_cbr_rules`.
- Type: A list of objects. Allows only one object representing a rule for the target service
- Default value: An empty list (`[]`).

### Options for app_config_cbr_rules

- `description` (required): The description of the rule to create.
- `account_id` (required): The IBM Cloud Account ID
- `tag` (optional): (List) The tags related to CBR rules
- `rule_contexts` (required): (List) The contexts the rule applies to
- `attributes` (optional): (List) Individual context attributes
- `name` (required): The attribute name.
- `value`(required): The attribute value.

- `enforcement_mode` (required): The rule enforcement mode can have the following values:
- `enabled` - The restrictions are enforced and reported. This is the default.
- `disabled` - The restrictions are disabled. Nothing is enforced or reported.
- `report` - The restrictions are evaluated and reported, but not enforced.


### Example Rule For context-based restrictions Configuration

```hcl
[
{
description = "Restrict access to App Config from trusted network"
account_id = "<AccountID>"
enforcement_mode = "enabled"
tags = [
{
name = "env"
value = "dev"
}
]
rule_contexts = [
{
attributes = [
{
name = "networkZoneId"
value = "<NetworkZoneID>"
},
{
"name" : "endpointType",
"value" : "private"
}
]
}
]
}
]
```
6 changes: 6 additions & 0 deletions solutions/fully-configurable/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# Cloud automation of App Configuration

This solution supports provisioning and configuring the following infrastructure:

- App Config instance and collections
- Optional context-based restrictions (CBR)
5 changes: 5 additions & 0 deletions solutions/fully-configurable/catalogValidationValues.json.template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
{
"ibmcloud_api_key": $VALIDATION_APIKEY,
"app_config_tags": $TAGS,
"existing_resource_group_name": "geretain-test-app-config"
}
23 changes: 23 additions & 0 deletions solutions/fully-configurable/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
#######################################################################################################################
# Resource Group
#######################################################################################################################
module "resource_group" {
source = "terraform-ibm-modules/resource-group/ibm"
version = "1.2.0"
existing_resource_group_name = var.existing_resource_group_name
}

########################################################################################################################
# App Config
########################################################################################################################
module "app_config" {
source = "../.."
resource_group_id = module.resource_group.resource_group_id
region = var.region
app_config_name = var.app_config_name
app_config_plan = var.app_config_plan
app_config_service_endpoints = var.app_config_service_endpoints
app_config_tags = var.app_config_tags
app_config_collections = var.app_config_collections
cbr_rules = var.app_config_cbr_rules
}
28 changes: 28 additions & 0 deletions solutions/fully-configurable/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
########################################################################################################################
# Outputs
########################################################################################################################

output "app_config_crn" {
description = "CRN of the App Configuration instance"
value = module.app_config.app_config_crn
}

output "app_config_id" {
description = "ID of the App Configuration instance"
value = module.app_config.app_config_id
}

output "app_config_guid" {
description = "GUID of the App Configuration instance"
value = module.app_config.app_config_guid
}

output "app_config_account_id" {
description = "Account ID of the App Configuration instance"
value = module.app_config.app_config_id
}

output "app_config_collection_ids" {
description = "List of IDs for the collections in the App Configuration instance"
value = module.app_config.app_config_collection_ids
}
5 changes: 5 additions & 0 deletions solutions/fully-configurable/provider.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
region = var.region
visibility = var.provider_visibility
}
Loading