Skip to content

refactor: Improve User experience #254

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 20 commits into from
Aug 12, 2025
Merged

refactor: Improve User experience #254

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
873f34d
refactor: Improve User experience
mukulpalit-ibm Jul 14, 2025
bbb518a
update iam permissions
mukulpalit-ibm Jul 15, 2025
59d2ff2
update iam permissions
mukulpalit-ibm Jul 15, 2025
9026d09
PR changes
mukulpalit-ibm Jul 16, 2025
80d71e4
Update notes for catalog
mukulpalit-ibm Jul 16, 2025
6d1ebdf
Update depends on
mukulpalit-ibm Jul 17, 2025
32d72a4
Update virtual variables
mukulpalit-ibm Jul 17, 2025
20ad5d0
update description
mukulpalit-ibm Jul 24, 2025
08f828b
Merge branch 'main' into 14186-improve-user-experience
mukulpalit-ibm Jul 24, 2025
f4dc54d
update description
mukulpalit-ibm Jul 24, 2025
02a31e5
restore workaround
mukulpalit-ibm Jul 25, 2025
b775722
Merge branch 'main' into 14186-improve-user-experience
mukulpalit-ibm Jul 28, 2025
3de4261
Merge branch 'main' into 14186-improve-user-experience
mukulpalit-ibm Aug 4, 2025
1bb12c2
restore Observability
mukulpalit-ibm Aug 4, 2025
369aab9
restore Observability
mukulpalit-ibm Aug 4, 2025
7c27820
PR changes
mukulpalit-ibm Aug 5, 2025
40a77ba
new region
mukulpalit-ibm Aug 5, 2025
8364462
PR changes
mukulpalit-ibm Aug 7, 2025
fb3ede5
Merge branch 'main' into 14186-improve-user-experience
mukulpalit-ibm Aug 11, 2025
2264a49
PR changes
mukulpalit-ibm Aug 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
110 changes: 89 additions & 21 deletions ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
"ibm_created",
"terraform",
"solution",
"support_ibm"
"target_terraform"
],
"keywords": [
"terraform",
Expand All @@ -26,13 +26,17 @@
"provider_name": "IBM",
"features": [
{
"title": "Provision Collection",
"title": "Collection",
"description": "Supports creation of collection to help manage feature flags and dynamic properties at scale."
},
{
"title": "CBR Enhanced Security",
"description": "Provides support for defining context-based restrictions (CBR) to enhance security and control access based on network policies."
},
{
"title": "Trusted Profile",
"description": "Creates trusted profile needed with required access for configuration aggregator."
},
{
"title": "Configuration Aggregator",
"description": "Supports creation and management of configuration aggregator to manage configurations across multiple App Configuration instances."
Expand All @@ -43,6 +47,7 @@
{
"label": "Fully configurable",
"name": "fully-configurable",
"index": 1,
"install_type": "fullstack",
"working_directory": "solutions/fully-configurable",
"compliance": {
Expand Down Expand Up @@ -192,7 +197,13 @@
]
},
{
"key": "app_config_collections"
"key": "app_config_collections",
"type": "array",
"custom_config": {
"type": "textarea",
"grouping": "deployment",
"original_grouping": "deployment"
}
},
{
"key": "app_config_tags",
Expand Down Expand Up @@ -229,7 +240,13 @@
"key": "config_aggregator_enterprise_account_ids_to_assign"
},
{
"key": "app_config_cbr_rules"
"key": "cbr_rules",
"type": "array",
"custom_config": {
"type": "textarea",
"grouping": "deployment",
"original_grouping": "deployment"
}
},
{
"key": "provider_visibility",
Expand All @@ -252,10 +269,11 @@
],
"iam_permissions": [
{
"service_name": "resource-group",
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Viewer"
]
],
"service_name": "Resource group only",
"notes": "Viewer access is required in the resource group you want to provision in."
},
{
"role_crns": [
Expand All @@ -264,27 +282,77 @@
],
"service_name": "apprapp",
"notes": "Required for provisioning the App Configuration instance."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Administrator"
],
"service_name": "All Account Management services",
"notes": "[Optional] Only required if you are consuming Account Configuration deployable architecture which creates resource group or have enabled `enable_config_aggregator` flag."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Administrator"
],
"service_name": "All Identity and Access enabled services",
"notes": "[Optional] Only required if you are consuming Account Configuration deployable architecture which creates resource group with account setting or have enabled `enable_config_aggregator` flag that creates trusted profile for authentication."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Writer",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "atracker",
"notes": "[Optional] Only required if you are consuming Observability deployable architecture which sets up Activity Tracker Event Routing."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "sysdig-monitor",
"notes": "[Optional] Only required if you are consuming the Observability deployable architecture which sets up Cloud Monitoring."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "logs",
"notes": "[Optional] Only required if you are consuming the Observability deployable architecture which sets up Cloud Logs."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "hs-crypto",
"notes": "[Optional] Only required if you are enabling Observability deployable architecture for Hyper Protect Crypto Services."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "kms",
"notes": "[Optional] Only required if you are enabling Observability deployable architecture for KMS encryption."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "cloud-object-storage",
"notes": "[Optional] Only required if you are enabling Observability deployable architecture for COS."
}
],
"architecture": {
"descriptions": "This architecture supports creating and configuring an IBM Cloud App Configuration",
"features": [
{
"title": "App Configuration instance with Collections",
"description": "Creates App Configuration instance. Collections can be created and configured for the instance"
},
{
"title": "Use existing resource group",
"description": "Supports deployment into an existing IBM Cloud resource group."
},
{
"title": "CBR Enhanced Security",
"description": "Enforces network-based access control through context-based restrictions (CBR) rules."
},
{
"title": "Configuration Aggregator",
"description": "Enables the creation and management of configuration aggregator to consolidate and monitor configurations across multiple App Configuration instances."
}
"title": " ",
"description": "Configured to use IBM secure by default standards, but can be edited to fit your use case."
}
],
"diagrams": [
{
Expand Down
6 changes: 3 additions & 3 deletions solutions/fully-configurable/DA-cbr_rules.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# Configuring context-based restrictions (CBRs)

The `app_config_cbr_rules` input variable allows you to provide a rule for the target service to enforce access restrictions for the service based on the context of access requests. Contexts are criteria that include the network location of access requests, the endpoint type from where the request is sent, etc.
The `cbr_rules` input variable allows you to provide a rule for the target service to enforce access restrictions for the service based on the context of access requests. Contexts are criteria that include the network location of access requests, the endpoint type from where the request is sent, etc.

- Variable name: `app_config_cbr_rules`.
- Variable name: `cbr_rules`.
- Type: A list of objects. Allows only one object representing a rule for the target service
- Default value: An empty list (`[]`).

### Options for app_config_cbr_rules
### Options for cbr_rules

- `description` (required): The description of the rule to create.
- `account_id` (required): The IBM Cloud Account ID
Expand Down
38 changes: 0 additions & 38 deletions solutions/fully-configurable/DA-prefix.md
View file
Open in desktop

This file was deleted.

10 changes: 1 addition & 9 deletions solutions/fully-configurable/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,3 @@
# Cloud automation for App Configuration

[![Catalog release](https://img.shields.io/badge/release-IBM%20Cloud%20Catalog-3662FF?logo=ibm)](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-apprapp-045c1169-d15a-4046-ae81-aa3d3348421f-global)

This solution supports provisioning and configuring the following infrastructure:

- App Config instance and collections
- Optional context-based restrictions (CBR)
- Configuration aggregator
# Cloud automation for App Configuration (Fully configurable)

:exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).
2 changes: 1 addition & 1 deletion solutions/fully-configurable/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,5 +31,5 @@ module "app_config" {
config_aggregator_enterprise_trusted_profile_template_name = "${local.prefix}${var.config_aggregator_enterprise_trusted_profile_template_name}"
config_aggregator_enterprise_account_group_ids_to_assign = var.config_aggregator_enterprise_account_group_ids_to_assign
config_aggregator_enterprise_account_ids_to_assign = var.config_aggregator_enterprise_account_ids_to_assign
cbr_rules = var.app_config_cbr_rules
cbr_rules = var.cbr_rules
}
7 changes: 4 additions & 3 deletions solutions/fully-configurable/provider.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
region = var.region
visibility = var.provider_visibility
ibmcloud_api_key = var.ibmcloud_api_key
region = var.region
visibility = var.provider_visibility
private_endpoint_type = (var.provider_visibility == "private" && var.region == "ca-mon") ? "vpe" : null
}
6 changes: 3 additions & 3 deletions solutions/fully-configurable/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ variable "existing_resource_group_name" {
variable "prefix" {
type = string
nullable = true
description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-us-south. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/tree/main/solutions/fully-configurable/DA-prefix.md)."
description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-us-south. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."

validation {
# - null and empty string is allowed
Expand All @@ -50,7 +50,7 @@ variable "prefix" {

variable "region" {
type = string
description = "The region to provision resources to."
description = "The region to provision all resources in. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/region) about how to select different regions for different services."
default = "us-south"
nullable = false
}
Expand Down Expand Up @@ -197,7 +197,7 @@ variable "config_aggregator_enterprise_account_ids_to_assign" {
# Context-based restriction (CBR)
##############################################################

variable "app_config_cbr_rules" {
variable "cbr_rules" {
type = list(object({
description = string
account_id = string
Expand Down