refactor: Improve User experience

README.md

@@ -117,7 +117,7 @@ For more information on access and permissions, see <https://cloud.ibm.com/docs/
 | <a name="input_config_aggregator_resource_collection_regions"></a> [config\_aggregator\_resource\_collection\_regions](#input\_config\_aggregator\_resource\_collection\_regions) | From which region do you want to collect configuration data? Only applies if `enable_config_aggregator` is set to true. | `list(string)` | <pre>[<br/>  "all"<br/>]</pre> | no |
 | <a name="input_config_aggregator_trusted_profile_name"></a> [config\_aggregator\_trusted\_profile\_name](#input\_config\_aggregator\_trusted\_profile\_name) | The name to give the trusted profile that will be created if `enable_config_aggregator` is set to `true`. | `string` | `"config-aggregator-trusted-profile"` | no |
 | <a name="input_enable_config_aggregator"></a> [enable\_config\_aggregator](#input\_enable\_config\_aggregator) | Set to true to enable configuration aggregator. By setting to true a trusted profile will be created with the required access to record configuration data from all resources across regions in your account. [Learn more](https://cloud.ibm.com/docs/app-configuration?topic=app-configuration-ac-configuration-aggregator). | `bool` | `false` | no |
-| <a name="input_region"></a> [region](#input\_region) | The region to provision the App Configuration service, valid regions are au-syd, jp-osa, jp-tok, eu-de, eu-gb, eu-es, us-east, us-south, ca-tor, br-sao, eu-fr2. | `string` | `"us-south"` | no |
+| <a name="input_region"></a> [region](#input\_region) | The region to provision the App Configuration service, valid regions are au-syd, jp-osa, jp-tok, eu-de, eu-gb, eu-es, us-east, us-south, ca-tor, br-sao, eu-fr2, ca-mon. | `string` | `"us-south"` | no |
 | <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where resources will be provisioned. | `string` | n/a | yes |
 
 ### Outputs

ibm_catalog.json

@@ -9,7 +9,8 @@
             "ibm_created",
             "terraform",
             "solution",
-            "support_ibm"
+            "target_terraform",
+            "converged_infra"
         ],
         "keywords": [
           "terraform",
@@ -26,23 +27,28 @@
         "provider_name": "IBM",
         "features": [
           {
-            "title": "Provision Collection",
-            "description": "Supports creation of collection to help manage feature flags and dynamic properties at scale."
+            "title": "Collections",
+            "description": "Supports creation of one or more collections depending on the plan to help manage feature flags and dynamic properties at scale."
           },
           {
             "title": "CBR Enhanced Security",
             "description": "Provides support for defining context-based restrictions (CBR) to enhance security and control access based on network policies."
           },
+          {
+            "title": "Trusted Profile",
+            "description": "Creates trusted profile needed with required access for configuration aggregator."
+          },
           {
             "title": "Configuration Aggregator",
             "description": "Supports creation and management of configuration aggregator to manage configurations across multiple App Configuration instances."
           }
         ],
-        "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in that repository [https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/issues](https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/issues). Please note this product is not supported via the IBM Cloud Support Center.",
+        "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in that repository [here](https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/issues). Please note this product is not supported via the IBM Cloud Support Center.",
         "flavors": [
           {
             "label": "Fully configurable",
             "name": "fully-configurable",
+            "index": 1,
             "install_type": "fullstack",
             "working_directory": "solutions/fully-configurable",
             "compliance": {
@@ -105,6 +111,14 @@
                   {
                     "displayname": "Sao Paulo (br-sao)",
                     "value": "br-sao"
+                  },
+                  {
+                    "displayname": "BNPP_EU",
+                    "value": "eu-fr2"
+                  },
+                  {
+                    "displayname": "Montreal (ca-mon)",
+                    "value": "ca-mon"
                   }
                 ]
               },
@@ -192,7 +206,13 @@
                 ]
               },
               {
-                "key": "app_config_collections"
+                "key": "app_config_collections",
+                "type": "array",
+                "custom_config": {
+                  "type": "textarea",
+                  "grouping": "deployment",
+                  "original_grouping": "deployment"
+                }
               },
               {
                 "key": "app_config_tags",
@@ -229,7 +249,13 @@
                 "key": "config_aggregator_enterprise_account_ids_to_assign"
               },
               {
-                "key": "app_config_cbr_rules"
+                "key": "cbr_rules",
+                "type": "array",
+                "custom_config": {
+                  "type": "textarea",
+                  "grouping": "deployment",
+                  "original_grouping": "deployment"
+                }
               },
               {
                 "key": "provider_visibility",
@@ -252,10 +278,11 @@
             ],
             "iam_permissions": [
               {
-                "service_name": "resource-group",
                 "role_crns": [
                   "crn:v1:bluemix:public:iam::::role:Viewer"
-                ]
+                ],
+                "service_name": "Resource group only",
+                "notes": "Viewer access is required in the resource group you want to provision in."
               },
               {
                 "role_crns": [
@@ -264,27 +291,77 @@
                 ],
                 "service_name": "apprapp",
                 "notes": "Required for provisioning the App Configuration instance."
+              },
+              {
+                "role_crns": [
+                  "crn:v1:bluemix:public:iam::::role:Administrator"
+                ],
+                "service_name": "All Account Management services",
+                "notes": "[Optional] Required for consuming Account Configuration deployable architecture which creates resource group or creating trusted profile for app configuration aggregator."
+              },
+              {
+                "role_crns": [
+                  "crn:v1:bluemix:public:iam::::role:Administrator"
+                ],
+                "service_name": "All Identity and Access enabled services",
+                "notes": "[Optional] Required for consuming Account Configuration deployable architecture which creates resource group with account setting or creating trusted profile for app configuration aggregator."
+              },
+              {
+                "role_crns": [
+                  "crn:v1:bluemix:public:iam::::serviceRole:Writer",
+                  "crn:v1:bluemix:public:iam::::role:Editor"
+                ],
+                "service_name": "atracker",
+                "notes": "[Optional] Required for consuming Observability deployable architecture which sets up Activity Tracker Event Routing."
+              },
+              {
+                "role_crns": [
+                  "crn:v1:bluemix:public:iam::::serviceRole:Manager",
+                  "crn:v1:bluemix:public:iam::::role:Editor"
+                ],
+                "service_name": "sysdig-monitor",
+                "notes": "[Optional] Required for consuming Observability deployable architecture which sets up Cloud monitoring."
+              },
+              {
+                "role_crns": [
+                  "crn:v1:bluemix:public:iam::::serviceRole:Manager",
+                  "crn:v1:bluemix:public:iam::::role:Editor"
+                ],
+                "service_name": "logs",
+                "notes": "[Optional] Required for consuming Observability deployable architecture which sets up Cloud logs."
+              },
+              {
+                "role_crns": [
+                  "crn:v1:bluemix:public:iam::::serviceRole:Manager",
+                  "crn:v1:bluemix:public:iam::::role:Editor"
+                ],
+                "service_name": "hs-crypto",
+                "notes": "[Optional] Required for creating/configuring keys in an existing Hyper Protect Crypto Services (HPCS) instance for encryption."
+              },
+              {
+                "role_crns": [
+                  "crn:v1:bluemix:public:iam::::serviceRole:Manager",
+                  "crn:v1:bluemix:public:iam::::role:Editor"
+                ],
+                "service_name": "kms",
+                "notes": "[Optional] Required if KMS encryption is enabled to encrypt the Object Storage bucket used for storing flow logs."
+              },
+              {
+                "role_crns": [
+                  "crn:v1:bluemix:public:iam::::serviceRole:Manager",
+                  "crn:v1:bluemix:public:iam::::role:Editor"
+                ],
+                "service_name": "cloud-object-storage",
+                "notes": "[Optional] Required for enabling and storing App Configuration flow logs."
               }
             ],
             "architecture": {
               "descriptions": "This architecture supports creating and configuring an IBM Cloud App Configuration",
               "features": [
                 {
-                  "title": "App Configuration instance with Collections",
-                  "description": "Creates App Configuration instance. Collections can be created and configured for the instance"
-                },
-                {
-                  "title": "Use existing resource group",
-                  "description": "Supports deployment into an existing IBM Cloud resource group."
-                },
-                {
-                  "title": "CBR Enhanced Security",
-                  "description": "Enforces network-based access control through context-based restrictions (CBR) rules."
-                },
-                {
-                  "title": "Configuration Aggregator",
-                  "description": "Enables the creation and management of configuration aggregator to consolidate and monitor configurations across multiple App Configuration instances."
-                }
+                  "title": " ",
+                  "description": "Configured to use IBM secure by default standards, but can be edited to fit your use case."
+  }
               ],
               "diagrams": [
                 {
@@ -293,7 +370,7 @@
                     "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-app-configuration/main/reference-architecture/app_configuration.svg",
                     "type": "image/svg+xml"
                   },
-                  "description": "**App Configuration on IBM Cloud** <br/> <br/> <b>Description</b> <br/> This architecture automates the setup of IBM Cloud App Configuration. The modular design includes the creation of a collection to streamline the management of feature flags and properties, consolidation of multiple App Cpnfiguration instances via configuration aggregator and optionally integrates context-based restrictions (CBR) to improve access control and align with your network security policies."
+                  "description": "This architecture automates the setup of IBM Cloud App Configuration. The modular design includes the creation of a collection to streamline the management of feature flags and properties, consolidation of multiple App Cpnfiguration instances via configuration aggregator and optionally integrates context-based restrictions (CBR) to improve access control and align with your network security policies."
                 }
               ]
             },
@@ -330,7 +407,7 @@
             },
             {
               "name": "deploy-arch-ibm-observability",
-              "description": "Enable to provision and configure IBM Cloud Logs, Cloud Monitoring, Metrics routing and Activity Tracker event routing for analysing logs and metrics generated by the App Configuration instance.",
+              "description": "Configures IBM Cloud Logs, Cloud Monitoring, Metrics routing and Activity Tracker event routing for analysing logs and metrics generated by the App Configuration instance.",
               "flavors": [
                 "instances"
               ],

solutions/fully-configurable/DA-cbr_rules.md

@@ -1,12 +1,12 @@
 # Configuring context-based restrictions (CBRs)
 
-The `app_config_cbr_rules` input variable allows you to provide a rule for the target service to enforce access restrictions for the service based on the context of access requests. Contexts are criteria that include the network location of access requests, the endpoint type from where the request is sent, etc.
+The `cbr_rules` input variable allows you to provide a rule for the target service to enforce access restrictions for the service based on the context of access requests. Contexts are criteria that include the network location of access requests, the endpoint type from where the request is sent, etc.
 
-- Variable name: `app_config_cbr_rules`.
+- Variable name: `cbr_rules`.
 - Type: A list of objects. Allows only one object representing a rule for the target service
 - Default value: An empty list (`[]`).
 
-### Options for app_config_cbr_rules
+### Options for cbr_rules
 
   - `description` (required): The description of the rule to create.
   - `account_id` (required): The IBM Cloud Account ID

solutions/fully-configurable/README.md

@@ -1,11 +1,3 @@
-# Cloud automation for App Configuration
-
-[![Catalog release](https://img.shields.io/badge/release-IBM%20Cloud%20Catalog-3662FF?logo=ibm)](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-apprapp-045c1169-d15a-4046-ae81-aa3d3348421f-global)
-
-This solution supports provisioning and configuring the following infrastructure:
-
-- App Config instance and collections
-- Optional context-based restrictions (CBR)
-- Configuration aggregator
+# Cloud automation for App Configuration (Fully configurable)
 
 :exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).

solutions/fully-configurable/main.tf

@@ -31,5 +31,5 @@ module "app_config" {
   config_aggregator_enterprise_trusted_profile_template_name = "${local.prefix}${var.config_aggregator_enterprise_trusted_profile_template_name}"
   config_aggregator_enterprise_account_group_ids_to_assign   = var.config_aggregator_enterprise_account_group_ids_to_assign
   config_aggregator_enterprise_account_ids_to_assign         = var.config_aggregator_enterprise_account_ids_to_assign
-  cbr_rules                                                  = var.app_config_cbr_rules
+  cbr_rules                                                  = var.cbr_rules
 }

solutions/fully-configurable/variables.tf

@@ -30,7 +30,7 @@ variable "existing_resource_group_name" {
 variable "prefix" {
   type        = string
   nullable    = true
-  description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-us-south. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/tree/main/solutions/fully-configurable/DA-prefix.md)."
+  description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-us-south. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."
 
   validation {
     # - null and empty string is allowed
@@ -50,7 +50,7 @@ variable "prefix" {
 
 variable "region" {
   type        = string
-  description = "The region to provision resources to."
+  description = "The region to provision all resources in. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/region) about how to select different regions for different services."
   default     = "us-south"
   nullable    = false
 }
@@ -197,7 +197,7 @@ variable "config_aggregator_enterprise_account_ids_to_assign" {
 # Context-based restriction (CBR)
 ##############################################################
 
-variable "app_config_cbr_rules" {
+variable "cbr_rules" {
   type = list(object({
     description = string
     account_id  = string

tests/pr_test.go

@@ -30,6 +30,8 @@ var validRegions = []string{
 	"us-south",
 	"ca-tor",
 	"br-sao",
+	"eu-fr2",
+	"ca-mon",
 }
 
 func setupOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptions {