diff --git a/common-dev-assets b/common-dev-assets index 7179ae4..325cfd0 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 7179ae4f3446b3816fa2d72c873f8f8e86797836 +Subproject commit 325cfd0d91902e08079644092bbf298c4872f388 diff --git a/examples/advanced/README.md b/examples/advanced/README.md index ccd1a30..fee8e04 100644 --- a/examples/advanced/README.md +++ b/examples/advanced/README.md @@ -8,12 +8,11 @@ An end-to-end example that will provision the following: - A new resource group if one is not passed in. - A new Key Management Service instance with Key Protect encryption. - A root key inside the key ring for the above KMS instance. -- A new Event Notification instance. +- A new Event Notifications instance. - A new App Configuration instance. - A new collection within the App Configuration instance. - Configuration aggregator ([learn more](https://cloud.ibm.com/docs/app-configuration?topic=app-configuration-ac-configuration-aggregator)) - Integration between App Configuration and Key Management Service instance. - Integration between App Configuration and Event Notification instance. -- A simple VPC -- A CBR zone for the VPC -- A CBR rule to only allow the App Configuration instance to be accessed from within the VPC zone over private endpoint +- A CBR zone for the Schematics service +- A CBR rule to only allow the App Configuration instance to be accessed from Schematics over private endpoint diff --git a/examples/advanced/main.tf b/examples/advanced/main.tf index c43249f..93247ad 100644 --- a/examples/advanced/main.tf +++ b/examples/advanced/main.tf @@ -18,27 +18,21 @@ data "ibm_iam_account_settings" "iam_account_settings" { } ############################################################################## -# VPC -############################################################################## -resource "ibm_is_vpc" "example_vpc" { - name = "${var.prefix}-vpc" - resource_group = module.resource_group.resource_group_id - tags = var.resource_tags -} - -############################################################################## -# Create CBR Zone +# Create CBR Zone for Schematics service ############################################################################## module "cbr_zone" { source = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module" - version = "1.33.0" - name = "${var.prefix}-VPC-network-zone" - zone_description = "CBR Network zone representing VPC" + version = "1.33.2" + name = "${var.prefix}-schematics-zone" + zone_description = "CBR Network zone containing Schematics" account_id = data.ibm_iam_account_settings.iam_account_settings.account_id addresses = [{ - type = "vpc", # to bind a specific vpc to the zone - value = ibm_is_vpc.example_vpc.crn, + type = "serviceRef", + ref = { + account_id = data.ibm_iam_account_settings.iam_account_settings.account_id + service_name = "schematics" + } }] } @@ -77,7 +71,7 @@ module "key_protect_all_inclusive" { # Create EN Instance ############################################################################## -module "event_notification" { +module "event_notifications" { source = "terraform-ibm-modules/event-notifications/ibm" version = "2.7.0" resource_group_id = module.resource_group.resource_group_id @@ -111,7 +105,7 @@ module "app_config" { ] cbr_rules = [ { - description = "${var.prefix}-APP-CONF access only from vpc" + description = "${var.prefix}-APP-CONF access only from Schematics" enforcement_mode = "enabled" account_id = data.ibm_iam_account_settings.iam_account_settings.account_id tags = [ @@ -138,6 +132,6 @@ module "app_config" { root_key_id = module.key_protect_all_inclusive.keys["${local.key_ring_name}.${local.key_name}"].key_id kms_endpoint_url = module.key_protect_all_inclusive.kms_public_endpoint enable_event_notifications = true - existing_event_notifications_instance_crn = module.event_notification.crn - event_notifications_endpoint_url = module.event_notification.event_notifications_public_endpoint + existing_event_notifications_instance_crn = module.event_notifications.crn + event_notifications_endpoint_url = module.event_notifications.event_notifications_public_endpoint } diff --git a/ibm_catalog.json b/ibm_catalog.json index 965b13e..a3303df 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -1,451 +1,451 @@ { - "products": [ - { - "name": "deploy-arch-ibm-apprapp", - "label": "Cloud automation for App Configuration", - "product_kind": "solution", - "tags": [ - "dev_ops", - "ibm_created", - "terraform", - "solution", - "target_terraform", - "converged_infra" - ], - "keywords": [ - "terraform", - "appconfig", - "app configuration", - "solution", - "IaC", - "infrastructure as code" - ], - "short_description": "Creates and configures an App Configuration service with optional integration of Cloud Logs, Monitoring and Activity Tracker Event Routing", - "long_description": "This deployable architecture automates the provisioning of IBM Cloud App Configuration along with initial collection to help you manage feature flags and dynamic properties at scale. It also includes support for configuration aggregators, enabling centralized monitoring and management of configurations across multiple App Configuration instances. It simplifies onboarding by preconfiguring key resources and provides support for defining context-based restrictions (CBR) to enhance security and control access based on network policies. Ideal for teams adopting feature flagging, experimentation, or remote configuration strategies in cloud-native applications, this solution accelerates setup while following IBM Cloud best practices. Refer [this](https://cloud.ibm.com/docs/app-configuration) for more information.\n\nℹ️ This Terraform-based automation is part of a broader suite of IBM-maintained Infrastructure as Code (IaC) assets, each following the naming pattern \"Cloud automation for *servicename*\" and focusing on single IBM Cloud service. These single-service deployable architectures can be used on their own to streamline and automate service deployments through an [IaC approach](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understanding-projects), or assembled together into a broader [automated IaC stack](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-config-stack) to automate the deployment of an end-to-end solution architecture.", - "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/blob/main/README.md", - "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-app-configuration/main/images/app_config-icon.png", - "provider_name": "IBM", - "features": [ - { - "title": "Collections", - "description": "Supports creation of one or more [collections](https://cloud.ibm.com/docs/app-configuration?topic=app-configuration-ac-collections) depending on the plan to help manage feature flags and dynamic properties at scale." - }, - { - "title": "CBR Enhanced Security", - "description": "Provides support for defining context-based restrictions ([CBR](https://cloud.ibm.com/docs/app-configuration?topic=app-configuration-ac-restrict-access-cbr)) to enhance security and control access based on network policies." - }, - { - "title": "Trusted Profile", - "description": "Creates [trusted profile](https://cloud.ibm.com/docs/app-configuration?topic=app-configuration-ac-configuration-aggregator#ac-enable-configuration-aggregator-single-account) needed with required access for configuration aggregator." + "products": [ + { + "name": "deploy-arch-ibm-apprapp", + "label": "Cloud automation for App Configuration", + "product_kind": "solution", + "tags": [ + "dev_ops", + "ibm_created", + "terraform", + "solution", + "target_terraform", + "converged_infra" + ], + "keywords": [ + "terraform", + "appconfig", + "app configuration", + "solution", + "IaC", + "infrastructure as code" + ], + "short_description": "Creates and configures an App Configuration service with optional integration of Cloud Logs, Monitoring and Activity Tracker Event Routing", + "long_description": "This deployable architecture automates the provisioning of IBM Cloud App Configuration along with initial collection to help you manage feature flags and dynamic properties at scale. It also includes support for configuration aggregators, enabling centralized monitoring and management of configurations across multiple App Configuration instances. It simplifies onboarding by preconfiguring key resources and provides support for defining context-based restrictions (CBR) to enhance security and control access based on network policies. Ideal for teams adopting feature flagging, experimentation, or remote configuration strategies in cloud-native applications, this solution accelerates setup while following IBM Cloud best practices. Refer [this](https://cloud.ibm.com/docs/app-configuration) for more information.\n\nℹ️ This Terraform-based automation is part of a broader suite of IBM-maintained Infrastructure as Code (IaC) assets, each following the naming pattern \"Cloud automation for *servicename*\" and focusing on single IBM Cloud service. These single-service deployable architectures can be used on their own to streamline and automate service deployments through an [IaC approach](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understanding-projects), or assembled together into a broader [automated IaC stack](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-config-stack) to automate the deployment of an end-to-end solution architecture.", + "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/blob/main/README.md", + "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-app-configuration/main/images/app_config-icon.png", + "provider_name": "IBM", + "features": [ + { + "title": "Collections", + "description": "Supports creation of one or more [collections](https://cloud.ibm.com/docs/app-configuration?topic=app-configuration-ac-collections) depending on the plan to help manage feature flags and dynamic properties at scale." + }, + { + "title": "CBR Enhanced Security", + "description": "Provides support for defining context-based restrictions ([CBR](https://cloud.ibm.com/docs/app-configuration?topic=app-configuration-ac-restrict-access-cbr)) to enhance security and control access based on network policies." + }, + { + "title": "Trusted Profile", + "description": "Creates [trusted profile](https://cloud.ibm.com/docs/app-configuration?topic=app-configuration-ac-configuration-aggregator#ac-enable-configuration-aggregator-single-account) needed with required access for configuration aggregator." + }, + { + "title": "Configuration Aggregator", + "description": "Supports creation and management of configuration [aggregator](https://cloud.ibm.com/docs/app-configuration?topic=app-configuration-ac-configuration-aggregator) to manage configurations across multiple App Configuration instances." + } + ], + "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in that repository [here](https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/issues). Please note this product is not supported via the IBM Cloud Support Center.", + "flavors": [ + { + "label": "Fully configurable", + "name": "fully-configurable", + "index": 1, + "install_type": "fullstack", + "working_directory": "solutions/fully-configurable", + "compliance": { + "authority": "scc-v3", + "profiles": [ + { + "profile_name": "IBM Cloud Framework for Financial Services", + "profile_version": "1.7.0" + } + ] }, - { - "title": "Configuration Aggregator", - "description": "Supports creation and management of configuration [aggregator](https://cloud.ibm.com/docs/app-configuration?topic=app-configuration-ac-configuration-aggregator) to manage configurations across multiple App Configuration instances." - } - ], - "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in that repository [here](https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/issues). Please note this product is not supported via the IBM Cloud Support Center.", - "flavors": [ - { - "label": "Fully configurable", - "name": "fully-configurable", - "index": 1, - "install_type": "fullstack", - "working_directory": "solutions/fully-configurable", - "compliance": { - "authority": "scc-v3", - "profiles": [ - { - "profile_name": "IBM Cloud Framework for Financial Services", - "profile_version": "1.7.0" + "configuration": [ + { + "key": "ibmcloud_api_key" + }, + { + "key": "prefix", + "required": true + }, + { + "key": "region", + "required": true, + "options": [ + { + "displayname": "Osaka (jp-osa)", + "value": "jp-osa" + }, + { + "displayname": "Sydney (au-syd)", + "value": "au-syd" + }, + { + "displayname": "Tokyo (jp-tok)", + "value": "jp-tok" + }, + { + "displayname": "Frankfurt (eu-de)", + "value": "eu-de" + }, + { + "displayname": "London (eu-gb)", + "value": "eu-gb" + }, + { + "displayname": "Madrid (eu-es)", + "value": "eu-es" + }, + { + "displayname": "Dallas (us-south)", + "value": "us-south" + }, + { + "displayname": "Toronto (ca-tor)", + "value": "ca-tor" + }, + { + "displayname": "Washington DC (us-east)", + "value": "us-east" + }, + { + "displayname": "Sao Paulo (br-sao)", + "value": "br-sao" + }, + { + "displayname": "BNPP_EU", + "value": "eu-fr2" + }, + { + "displayname": "Montreal (ca-mon)", + "value": "ca-mon" } ] }, - "configuration": [ - { - "key": "ibmcloud_api_key" - }, - { - "key": "prefix", - "required": true - }, - { - "key": "region", - "required": true, - "options": [ - { - "displayname": "Osaka (jp-osa)", - "value": "jp-osa" - }, - { - "displayname": "Sydney (au-syd)", - "value": "au-syd" - }, - { - "displayname": "Tokyo (jp-tok)", - "value": "jp-tok" - }, - { - "displayname": "Frankfurt (eu-de)", - "value": "eu-de" - }, - { - "displayname": "London (eu-gb)", - "value": "eu-gb" - }, - { - "displayname": "Madrid (eu-es)", - "value": "eu-es" - }, - { - "displayname": "Dallas (us-south)", - "value": "us-south" - }, - { - "displayname": "Toronto (ca-tor)", - "value": "ca-tor" - }, - { - "displayname": "Washington DC (us-east)", - "value": "us-east" - }, - { - "displayname": "Sao Paulo (br-sao)", - "value": "br-sao" - }, - { - "displayname": "BNPP_EU", - "value": "eu-fr2" - }, - { - "displayname": "Montreal (ca-mon)", - "value": "ca-mon" - } - ] - }, - { - "key": "app_config_plan", - "required": true, - "options": [ - { - "displayname": "lite", - "value": "lite" - }, - { - "displayname": "basic", - "value": "basic" - }, - { - "displayname": "standard", - "value": "standardv2" - }, - { - "displayname": "enterprise", - "value": "enterprise" - } - ] - }, - { - "key": "enable_platform_metrics", - "type": "boolean", - "default_value": false, - "description": "When set to `true`, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-platform_metrics_enabling).", - "required": true, - "virtual": true, - "options": [ - { - "displayname": "true", - "value": true - }, - { - "displayname": "false", - "value": false - } - ] - }, - { - "key": "logs_routing_tenant_regions", - "type": "array", - "default_value": [], - "description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in. [Learn more](https://cloud.ibm.com/docs/logs-router?topic=logs-router-about-platform-logs).", - "required": true, - "custom_config": { - "type": "array", - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } + { + "key": "app_config_plan", + "required": true, + "options": [ + { + "displayname": "lite", + "value": "lite" }, - "virtual": true - }, - { - "key": "existing_resource_group_name", - "display_name": "resource_group", - "custom_config": { - "type": "resource_group", - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "identifier": "rg_name" - } + { + "displayname": "basic", + "value": "basic" + }, + { + "displayname": "standard", + "value": "standardv2" + }, + { + "displayname": "enterprise", + "value": "enterprise" } - }, - { - "key": "app_config_name" - }, - { - "key": "app_config_service_endpoints", - "options": [ - { - "displayname": "public", - "value": "public" - }, - { - "displayname": "public-and-private", - "value": "public-and-private" - } - ] - }, - { - "key": "app_config_collections", + ] + }, + { + "key": "enable_platform_metrics", + "type": "boolean", + "default_value": false, + "description": "When set to `true`, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-platform_metrics_enabling).", + "required": true, + "virtual": true, + "options": [ + { + "displayname": "true", + "value": true + }, + { + "displayname": "false", + "value": false + } + ] + }, + { + "key": "logs_routing_tenant_regions", + "type": "array", + "default_value": [], + "description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in. [Learn more](https://cloud.ibm.com/docs/logs-router?topic=logs-router-about-platform-logs).", + "required": true, + "custom_config": { "type": "array", - "custom_config": { - "type": "code_editor", - "grouping": "deployment", - "original_grouping": "deployment" + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" } }, - { - "key": "app_config_tags", - "custom_config": { - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } + "virtual": true + }, + { + "key": "existing_resource_group_name", + "display_name": "resource_group", + "custom_config": { + "type": "resource_group", + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "identifier": "rg_name" } - }, - { - "key": "enable_config_aggregator" - }, - { - "key": "config_aggregator_trusted_profile_name" - }, - { - "key": "config_aggregator_resource_collection_regions" - }, - { - "key": "config_aggregator_enterprise_id" - }, - { - "key": "config_aggregator_enterprise_trusted_profile_name" - }, - { - "key": "config_aggregator_enterprise_trusted_profile_template_name" - }, - { - "key": "config_aggregator_enterprise_account_group_ids_to_assign" - }, - { - "key": "config_aggregator_enterprise_account_ids_to_assign" - }, - { - "key": "cbr_rules", - "type": "array", - "custom_config": { - "type": "code_editor", - "grouping": "deployment", - "original_grouping": "deployment" + } + }, + { + "key": "app_config_name" + }, + { + "key": "app_config_service_endpoints", + "options": [ + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" } - }, - { - "key": "kms_encryption_enabled" - }, - { - "key": "skip_app_config_kms_auth_policy" - }, - { - "key": "ibmcloud_kms_api_key" - }, - { - "key": "existing_kms_instance_crn" - }, - { - "key": "existing_kms_key_crn" - }, - { - "key": "kms_endpoint_type", - "hidden": true, - "options": [ - { - "displayname": "Public", - "value": "public" - }, - { - "displayname": "Private", - "value": "private" - } - ] - }, - { - "key": "kms_endpoint_url" - }, - { - "key": "app_config_key_ring_name" - }, - { - "key": "app_config_key_name" - }, - { - "key": "enable_event_notifications" - }, - { - "key": "skip_app_config_event_notifications_auth_policy" - }, - { - "key": "existing_event_notifications_instance_crn" - }, - { - "key": "event_notifications_endpoint_url" - }, - { - "key": "app_config_event_notifications_source_name" - }, - { - "key": "event_notifications_email_list" - }, - { - "key": "event_notifications_from_email" - }, - { - "key": "event_notifications_reply_to_email" - }, - { - "key": "provider_visibility", - "hidden": true, - "options": [ - { - "displayname": "private", - "value": "private" - }, - { - "displayname": "public", - "value": "public" - }, - { - "displayname": "public-and-private", - "value": "public-and-private" - } - ] + ] + }, + { + "key": "app_config_collections", + "type": "array", + "custom_config": { + "type": "code_editor", + "grouping": "deployment", + "original_grouping": "deployment" } - ], - "iam_permissions": [ - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Viewer" - ], - "service_name": "Resource group only", - "notes": "Viewer access is required in the resource group you want to provision in." - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator", - "crn:v1:bluemix:public:iam::::serviceRole:Manager" - ], - "service_name": "apprapp", - "notes": "Required for provisioning the App Configuration instance." - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator" - ], - "service_name": "All Account Management services", - "notes": "[Optional] Required to deploy Cloud automation for account configuration which creates resource group and to create trusted profile for App Configuration aggregator." - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator" - ], - "service_name": "All Identity and Access enabled services", - "notes": "[Optional] Required to deploy Cloud automation for account configuration which creates foundational IBM Cloud account resources, like resource group with account settings and to create trusted profile for App Configuration aggregator." - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Writer", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "atracker", - "notes": "[Optional] Required when enabling the Activity Tracker Event Routing." - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "sysdig-monitor", - "notes": "[Optional] Required to create an instance of Cloud Monitoring." - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "logs", - "notes": "[Optional] Required to create an instance of Cloud Logs." - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "hs-crypto", - "notes": "[Optional] Required if Hyper Protect Crypto Services is used for encryption." - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "kms", - "notes": "[Optional] Required to deploy Cloud automation for Key Protect, so you can use your own managed encryption keys." - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "cloud-object-storage", - "notes": "[Optional] Required to deploy Cloud automation for Object Storage." - }, - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "event-notifications", - "notes": "[Optional] Required if you are configuring an Event Notifications instance." + }, + { + "key": "app_config_tags", + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } } - ], - "architecture": { - "descriptions": "This architecture supports creating and configuring an IBM Cloud App Configuration", - "features": [ + }, + { + "key": "enable_config_aggregator" + }, + { + "key": "config_aggregator_trusted_profile_name" + }, + { + "key": "config_aggregator_resource_collection_regions" + }, + { + "key": "config_aggregator_enterprise_id" + }, + { + "key": "config_aggregator_enterprise_trusted_profile_name" + }, + { + "key": "config_aggregator_enterprise_trusted_profile_template_name" + }, + { + "key": "config_aggregator_enterprise_account_group_ids_to_assign" + }, + { + "key": "config_aggregator_enterprise_account_ids_to_assign" + }, + { + "key": "cbr_rules", + "type": "array", + "custom_config": { + "type": "code_editor", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "kms_encryption_enabled" + }, + { + "key": "skip_app_config_kms_auth_policy" + }, + { + "key": "ibmcloud_kms_api_key" + }, + { + "key": "existing_kms_instance_crn" + }, + { + "key": "existing_kms_key_crn" + }, + { + "key": "kms_endpoint_type", + "hidden": true, + "options": [ { - "title": " ", - "description": "Configured to use IBM secure-by-default standards, but can be edited to fit your use case." + "displayname": "Public", + "value": "public" + }, + { + "displayname": "Private", + "value": "private" } - ], - "diagrams": [ - { - "diagram": { - "caption": "App Configuration", - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-app-configuration/main/reference-architecture/app_configuration.svg", - "type": "image/svg+xml" - }, - "description": "This architecture automates the setup of IBM Cloud App Configuration. The modular design includes the creation of a collection to streamline the management of feature flags and properties, consolidation of multiple App Cpnfiguration instances via configuration aggregator and optionally integrates context-based restrictions (CBR) to improve access control and align with your network security policies." + ] + }, + { + "key": "kms_endpoint_url" + }, + { + "key": "app_config_key_ring_name" + }, + { + "key": "app_config_key_name" + }, + { + "key": "enable_event_notifications" + }, + { + "key": "skip_app_config_event_notifications_auth_policy" + }, + { + "key": "existing_event_notifications_instance_crn" + }, + { + "key": "event_notifications_endpoint_url" + }, + { + "key": "app_config_event_notifications_source_name" + }, + { + "key": "event_notifications_email_list" + }, + { + "key": "event_notifications_from_email" + }, + { + "key": "event_notifications_reply_to_email" + }, + { + "key": "provider_visibility", + "hidden": true, + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" } ] + } + ], + "iam_permissions": [ + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Viewer" + ], + "service_name": "Resource group only", + "notes": "Viewer access is required in the resource group you want to provision in." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator", + "crn:v1:bluemix:public:iam::::serviceRole:Manager" + ], + "service_name": "apprapp", + "notes": "Required for provisioning the App Configuration instance." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "service_name": "All Account Management services", + "notes": "[Optional] Required to deploy Cloud automation for account configuration which creates resource group and to create trusted profile for App Configuration aggregator." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "service_name": "All Identity and Access enabled services", + "notes": "[Optional] Required to deploy Cloud automation for account configuration which creates foundational IBM Cloud account resources, like resource group with account settings and to create trusted profile for App Configuration aggregator." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Writer", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "atracker", + "notes": "[Optional] Required when enabling the Activity Tracker Event Routing." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "sysdig-monitor", + "notes": "[Optional] Required to create an instance of Cloud Monitoring." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "logs", + "notes": "[Optional] Required to create an instance of Cloud Logs." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "hs-crypto", + "notes": "[Optional] Required if Hyper Protect Crypto Services is used for encryption." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "kms", + "notes": "[Optional] Required to deploy Cloud automation for Key Protect, so you can use your own managed encryption keys." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "cloud-object-storage", + "notes": "[Optional] Required to deploy Cloud automation for Object Storage." }, - "dependencies": [ + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "event-notifications", + "notes": "[Optional] Required if you are configuring an Event Notifications instance." + } + ], + "architecture": { + "descriptions": "This architecture supports creating and configuring an IBM Cloud App Configuration", + "features": [ + { + "title": " ", + "description": "Configured to use IBM secure-by-default standards, but can be edited to fit your use case." + } + ], + "diagrams": [ + { + "diagram": { + "caption": "App Configuration", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-app-configuration/main/reference-architecture/app_configuration.svg", + "type": "image/svg+xml" + }, + "description": "This architecture automates the setup of IBM Cloud App Configuration. The modular design includes the creation of a collection to streamline the management of feature flags and properties, consolidation of multiple App Cpnfiguration instances via configuration aggregator and optionally integrates context-based restrictions (CBR) to improve access control and align with your network security policies." + } + ] + }, + "dependencies": [ { "name": "deploy-arch-ibm-account-infra-base", "description": "Cloud automation for Account Configuration organizes your IBM Cloud account with a ready-made set of resource groups by default. When you enable the \"with Account Settings\" option, it also applies baseline security and governance settings.", @@ -474,7 +474,7 @@ ], "optional": true, "on_by_default": false, - "version": "v3.0.7" + "version": "v3.0.23" }, { "name": "deploy-arch-ibm-cloud-logs", @@ -484,7 +484,7 @@ "fully-configurable" ], "id": "63d8ae58-fbf3-41ce-b844-0fb5b85882ab-global", - "version": "v1.6.11", + "version": "v1.6.28", "optional": true, "on_by_default": true, "input_mapping": [ @@ -509,7 +509,7 @@ "name": "deploy-arch-ibm-cloud-monitoring", "description": "Configure IBM Cloud Monitoring to collect the platform metrics.", "id": "73debdbf-894f-4c14-81c7-5ece3a70b67d-global", - "version": "v1.6.4", + "version": "v1.7.2", "flavors": [ "fully-configurable" ], @@ -538,7 +538,7 @@ "name": "deploy-arch-ibm-activity-tracker", "description": "Configure Activity Tracker Event Routing to route the auditing events.", "id": "918453c3-4f97-4583-8c4a-83ef12fc7916-global", - "version": "v1.2.25", + "version": "v1.2.34", "flavors": [ "fully-configurable" ], @@ -562,7 +562,7 @@ "name": "deploy-arch-ibm-kms", "description": "Configure KMS to encrypt the data from app configuration instance stored in database.", "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", - "version": "v5.1.19", + "version": "v5.1.27", "flavors": [ "fully-configurable" ], @@ -603,8 +603,8 @@ "name": "deploy-arch-ibm-event-notifications", "description": "Configure Event Notifications to notify any configuration change events.", "id": "c7ac3ee6-4f48-4236-b974-b0cd8c624a46-global", - "version": "v2.7.0", - "flavors": [ + "version": "v2.7.2", + "flavors": [ "fully-configurable" ], "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", diff --git a/tests/go.mod b/tests/go.mod index b28888a..1acf1f6 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -5,6 +5,7 @@ go 1.24.0 toolchain go1.25.0 require ( + github.com/IBM/go-sdk-core v1.1.0 github.com/gruntwork-io/terratest v0.50.0 github.com/stretchr/testify v1.11.1 github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.60.5 @@ -29,6 +30,7 @@ require ( github.com/cloudflare/circl v1.6.1 // indirect github.com/cyphar/filepath-securejoin v0.4.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect + github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/gabriel-vasile/mimetype v1.4.9 // indirect github.com/ghodss/yaml v1.0.0 // indirect @@ -97,6 +99,7 @@ require ( golang.org/x/sys v0.35.0 // indirect golang.org/x/text v0.28.0 // indirect golang.org/x/tools v0.35.0 // indirect + gopkg.in/go-playground/validator.v9 v9.31.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/tests/go.sum b/tests/go.sum index 0277ba1..7c41109 100644 --- a/tests/go.sum +++ b/tests/go.sum @@ -6,6 +6,8 @@ github.com/IBM-Cloud/power-go-client v1.12.0 h1:tF9Mq5GLYHebpzQT6IYB89lIxEST1E9t github.com/IBM-Cloud/power-go-client v1.12.0/go.mod h1:SpTK1ttW8bfMNUVQS8qOEuWn2KOkzaCLyzfze8MG1JE= github.com/IBM/cloud-databases-go-sdk v0.8.0 h1:uMFqhnc/roVTzfCaUsJ23eaHKjChhGpM1F7Mpxik0bo= github.com/IBM/cloud-databases-go-sdk v0.8.0/go.mod h1:JYucI1PdwqbAd8XGdDAchxzxRP7bxOh1zUnseovHKsc= +github.com/IBM/go-sdk-core v1.1.0 h1:pV73lZqr9r1xKb3h08c1uNG3AphwoV5KzUzhS+pfEqY= +github.com/IBM/go-sdk-core v1.1.0/go.mod h1:2pcx9YWsIsZ3I7kH+1amiAkXvLTZtAq9kbxsfXilSoY= github.com/IBM/go-sdk-core/v5 v5.9.2/go.mod h1:YlOwV9LeuclmT/qi/LAK2AsobbAP42veV0j68/rlZsE= github.com/IBM/go-sdk-core/v5 v5.21.0 h1:DUnYhvC4SoC8T84rx5omnhY3+xcQg/Whyoa3mDPIMkk= github.com/IBM/go-sdk-core/v5 v5.21.0/go.mod h1:Q3BYO6iDA2zweQPDGbNTtqft5tDcEpm6RTuqMlPcvbw= @@ -48,6 +50,8 @@ github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGL github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o= github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= @@ -106,9 +110,11 @@ github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3Bum github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ= github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= +github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs= github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= +github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= @@ -193,6 +199,7 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY= github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= @@ -509,7 +516,10 @@ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/go-playground/assert.v1 v1.2.1 h1:xoYuJVE7KT85PYWrN730RguIQO0ePzVRfFMXadIrXTM= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= +gopkg.in/go-playground/validator.v9 v9.30.0/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= +gopkg.in/go-playground/validator.v9 v9.31.0 h1:bmXmP2RSNtFES+bn4uYuHT7iJFJv7Vj+an+ZQdDaD1M= gopkg.in/go-playground/validator.v9 v9.31.0/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= diff --git a/tests/other_test.go b/tests/other_test.go index 119b99d..5bb27d6 100644 --- a/tests/other_test.go +++ b/tests/other_test.go @@ -2,15 +2,22 @@ package test import ( + "math/rand" "testing" "github.com/stretchr/testify/assert" + "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testhelper" ) func TestRunBasicExample(t *testing.T) { t.Parallel() - options := setupOptions(t, "app-conf-basic", "examples/basic") + options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{ + Testing: t, + TerraformDir: "examples/basic", + Prefix: "app-conf-basic", + Region: validRegions[rand.Intn(len(validRegions))], + }) output, err := options.RunTestConsistency() assert.Nil(t, err, "This should not have errored") diff --git a/tests/pr_test.go b/tests/pr_test.go index 5dec728..4734004 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -8,8 +8,8 @@ import ( "os" "strings" "testing" - "time" + "github.com/IBM/go-sdk-core/core" "github.com/gruntwork-io/terratest/modules/files" "github.com/gruntwork-io/terratest/modules/logger" "github.com/gruntwork-io/terratest/modules/random" @@ -19,16 +19,17 @@ import ( "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/cloudinfo" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/common" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testaddons" - "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testhelper" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testschematic" ) -// Use existing resource group +/* +Global variables +*/ const resourceGroup = "geretain-test-resources" const advancedExampleDir = "examples/advanced" const yamlLocation = "../common-dev-assets/common-go-assets/common-permanent-resources.yaml" - const fullyConfigFlavorDir = "solutions/fully-configurable" +const terraformVersion = "terraform_v1.10" // This should match the version in the ibm_catalog.json var validRegions = []string{ "au-syd", @@ -41,7 +42,14 @@ var validRegions = []string{ "ca-tor", "br-sao", } - +var appConfigCollection = []map[string]any{ + { + "name": "feature-flags", + "collection_id": "feature-flags-001", + "description": "Feature flags for dev environment", + "tags": "type:feature", + }, +} var permanentResources map[string]interface{} // TestMain will be run before any parallel tests, used to read data from yaml for use with tests @@ -56,83 +64,31 @@ func TestMain(m *testing.M) { os.Exit(m.Run()) } -func setupOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptions { - - rand.New(rand.NewSource(time.Now().Unix())) - options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{ - Testing: t, - TerraformDir: dir, - Prefix: prefix, - Region: validRegions[rand.Intn(len(validRegions))], - /* - Comment out the 'ResourceGroup' input to force this tests to create a unique resource group. This is because - there is a restriction with the Event Notification service, which allows only one Lite plan instance per resource group. - */ - // ResourceGroup: resourceGroup, - }) - return options -} - -func TestRunAdvancedExample(t *testing.T) { +func TestRunAdvancedExampleInSchematics(t *testing.T) { t.Parallel() - options := setupOptions(t, "app-conf", advancedExampleDir) - - output, err := options.RunTestConsistency() - assert.Nil(t, err, "This should not have errored") - assert.NotNil(t, output, "Expected some output") -} - -func TestFullyConfigurable(t *testing.T) { - t.Parallel() - - // Verify ibmcloud_api_key variable is set - checkVariable := "TF_VAR_ibmcloud_api_key" - val, present := os.LookupEnv(checkVariable) - require.True(t, present, checkVariable+" environment variable not set") - require.NotEqual(t, "", val, checkVariable+" environment variable is empty") - region := validRegions[rand.Intn(len(validRegions))] - prefix := "app-da" - - appConfigCollection := []map[string]any{ - { - "name": "feature-flags", - "collection_id": "feature-flags-001", - "description": "Feature flags for dev environment", - "tags": "type:feature", - }, - } - appConfigTags := []string{"owner:goldeneye", "resource:app-config"} - - // ------------------------------------------------------------------------------------ - // Deploy DA - // ------------------------------------------------------------------------------------ options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ Testing: t, - Region: region, - Prefix: prefix, + Prefix: "en-fs", TarIncludePatterns: []string{ "*.tf", - "modules/*/*.tf", - fullyConfigFlavorDir + "/*.tf", + advancedExampleDir + "/*.tf", }, - TemplateFolder: fullyConfigFlavorDir, - Tags: []string{"app-config-da-test"}, + ResourceGroup: resourceGroup, + TemplateFolder: advancedExampleDir, + Tags: []string{"test-schematic", "app-config-adv-ex"}, DeleteWorkspaceOnFail: false, WaitJobCompleteMinutes: 60, + TerraformVersion: terraformVersion, + Region: validRegions[rand.Intn(len(validRegions))], }) options.TerraformVars = []testschematic.TestSchematicTerraformVar{ {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, - {Name: "existing_resource_group_name", Value: resourceGroup, DataType: "string"}, - {Name: "app_config_name", Value: "test-app-config", DataType: "string"}, - {Name: "app_config_plan", Value: "standardv2", DataType: "string"}, - {Name: "app_config_service_endpoints", Value: "public", DataType: "string"}, - {Name: "app_config_collections", Value: appConfigCollection, DataType: "list(object)"}, - {Name: "app_config_tags", Value: appConfigTags, DataType: "list(string)"}, + {Name: "region", Value: options.Region, DataType: "string"}, {Name: "prefix", Value: options.Prefix, DataType: "string"}, - {Name: "enable_config_aggregator", Value: true, DataType: "bool"}, } + err := options.RunSchematicTest() assert.Nil(t, err, "This should not have errored") } @@ -171,13 +127,13 @@ func provisionPreReq(t *testing.T, p string) (string, *terraform.Options, error) return prefix, existingTerraformOptions, nil } -func TestFullyConfigurablewithKMSandENIntegration(t *testing.T) { +func TestFullyConfigurable(t *testing.T) { t.Parallel() prefix, existingTerraformOptions, existErr := provisionPreReq(t, "app-int") if existErr != nil { - assert.True(t, existErr == nil, "Init and Apply of temp existing resource failed") + assert.True(t, existErr == nil, "Init and Apply of temp pre-req resource failed") } else { // ------------------------------------------------------------------------------------ // Deploy DA @@ -190,34 +146,21 @@ func TestFullyConfigurablewithKMSandENIntegration(t *testing.T) { fullyConfigFlavorDir + "/*.tf", }, TemplateFolder: fullyConfigFlavorDir, - Tags: []string{"app-config-int-test"}, + Tags: []string{"test-schematic", "app-config-da-fc-int"}, DeleteWorkspaceOnFail: false, WaitJobCompleteMinutes: 60, + TerraformVersion: terraformVersion, }) - appConfigCollection := []map[string]any{ - { - "name": "feature-flags", - "collection_id": "feature-flags-001", - "description": "Feature flags for dev environment", - "tags": "type:feature", - }, - } - appConfigTags := []string{"owner:goldeneye", "resource:app-config"} - options.TerraformVars = []testschematic.TestSchematicTerraformVar{ {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, {Name: "existing_resource_group_name", Value: resourceGroup, DataType: "string"}, - {Name: "app_config_name", Value: "test-app-config", DataType: "string"}, - {Name: "app_config_plan", Value: "enterprise", DataType: "string"}, - {Name: "app_config_service_endpoints", Value: "public", DataType: "string"}, {Name: "app_config_collections", Value: appConfigCollection, DataType: "list(object)"}, - {Name: "app_config_tags", Value: appConfigTags, DataType: "list(string)"}, + {Name: "app_config_tags", Value: options.Tags, DataType: "list(string)"}, {Name: "prefix", Value: terraform.Output(t, existingTerraformOptions, "prefix"), DataType: "string"}, {Name: "enable_config_aggregator", Value: true, DataType: "bool"}, {Name: "kms_encryption_enabled", Value: true, DataType: "bool"}, {Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"}, - {Name: "kms_endpoint_type", Value: "private", DataType: "string"}, {Name: "kms_endpoint_url", Value: permanentResources["hpcs_south_private_endpoint"], DataType: "string"}, {Name: "enable_event_notifications", Value: true, DataType: "bool"}, {Name: "existing_event_notifications_instance_crn", Value: terraform.Output(t, existingTerraformOptions, "event_notifications_instance_crn"), DataType: "string"}, @@ -244,60 +187,65 @@ func TestFullyConfigurablewithKMSandENIntegration(t *testing.T) { func TestUpgradeFullyConfigurable(t *testing.T) { t.Parallel() - // Verify ibmcloud_api_key variable is set - checkVariable := "TF_VAR_ibmcloud_api_key" - val, present := os.LookupEnv(checkVariable) - require.True(t, present, checkVariable+" environment variable not set") - require.NotEqual(t, "", val, checkVariable+" environment variable is empty") - region := validRegions[rand.Intn(len(validRegions))] - prefix := "app-upg" - appConfigCollection := []map[string]any{ - { - "name": "feature-flags", - "collection_id": "feature-flags-001", - "description": "Feature flags for dev environment", - "tags": "type:feature", - }, - } - appConfigTags := []string{"owner:goldeneye", "resource:app-config"} + prefix, existingTerraformOptions, existErr := provisionPreReq(t, "app-upg") - // ------------------------------------------------------------------------------------ - // Deploy DA - // ------------------------------------------------------------------------------------ - options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ - Testing: t, - Region: region, - Prefix: prefix, - TarIncludePatterns: []string{ - "*.tf", - "modules/*/*.tf", - fullyConfigFlavorDir + "/*.tf", - }, - TemplateFolder: fullyConfigFlavorDir, - Tags: []string{"app-config-da-test"}, - DeleteWorkspaceOnFail: false, - WaitJobCompleteMinutes: 60, - }) + if existErr != nil { + assert.True(t, existErr == nil, "Init and Apply of temp pre-req resource failed") + } else { + // ------------------------------------------------------------------------------------ + // Deploy DA + // ------------------------------------------------------------------------------------ + options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ + Testing: t, + Prefix: prefix, + TarIncludePatterns: []string{ + "*.tf", + fullyConfigFlavorDir + "/*.tf", + }, + TemplateFolder: fullyConfigFlavorDir, + Tags: []string{"test-schematic", "app-config-da-upg"}, + DeleteWorkspaceOnFail: false, + WaitJobCompleteMinutes: 60, + CheckApplyResultForUpgrade: true, + TerraformVersion: terraformVersion, + }) - options.TerraformVars = []testschematic.TestSchematicTerraformVar{ - {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, - {Name: "existing_resource_group_name", Value: resourceGroup, DataType: "string"}, - {Name: "app_config_name", Value: "test-app-config", DataType: "string"}, - {Name: "app_config_plan", Value: "standardv2", DataType: "string"}, - {Name: "app_config_service_endpoints", Value: "public", DataType: "string"}, - {Name: "app_config_collections", Value: appConfigCollection, DataType: "list(object)"}, - {Name: "app_config_tags", Value: appConfigTags, DataType: "list(string)"}, - {Name: "prefix", Value: options.Prefix, DataType: "string"}, - {Name: "enable_config_aggregator", Value: true, DataType: "bool"}, - } - err := options.RunSchematicUpgradeTest() - if !options.UpgradeTestSkipped { + options.TerraformVars = []testschematic.TestSchematicTerraformVar{ + {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, + {Name: "existing_resource_group_name", Value: resourceGroup, DataType: "string"}, + {Name: "app_config_collections", Value: appConfigCollection, DataType: "list(object)"}, + {Name: "app_config_tags", Value: options.Tags, DataType: "list(string)"}, + {Name: "prefix", Value: terraform.Output(t, existingTerraformOptions, "prefix"), DataType: "string"}, + {Name: "enable_config_aggregator", Value: true, DataType: "bool"}, + {Name: "kms_encryption_enabled", Value: true, DataType: "bool"}, + {Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"}, + {Name: "kms_endpoint_url", Value: permanentResources["hpcs_south_private_endpoint"], DataType: "string"}, + {Name: "enable_event_notifications", Value: true, DataType: "bool"}, + {Name: "existing_event_notifications_instance_crn", Value: terraform.Output(t, existingTerraformOptions, "event_notifications_instance_crn"), DataType: "string"}, + {Name: "event_notifications_endpoint_url", Value: terraform.Output(t, existingTerraformOptions, "event_notification_endpoint_url"), DataType: "string"}, + } + + err := options.RunSchematicUpgradeTest() + if !options.UpgradeTestSkipped { + assert.Nil(t, err, "This should not have errored") + } assert.Nil(t, err, "This should not have errored") } - assert.Nil(t, err, "This should not have errored") + + // Check if "DO_NOT_DESTROY_ON_FAILURE" is set + envVal, _ := os.LookupEnv("DO_NOT_DESTROY_ON_FAILURE") + // Destroy the temporary existing resources if required + if t.Failed() && strings.ToLower(envVal) == "true" { + fmt.Println("Terratest failed. Debug the test and delete resources manually.") + } else { + logger.Log(t, "START: Destroy (prereq resources)") + terraform.Destroy(t, existingTerraformOptions) + terraform.WorkspaceDelete(t, existingTerraformOptions, prefix) + logger.Log(t, "END: Destroy (prereq resources)") + } } -func TestApprappDefaultConfiguration(t *testing.T) { +func TestAddonsDefaultConfiguration(t *testing.T) { t.Parallel() options := testaddons.TestAddonsOptionsDefault(&testaddons.TestAddonOptions{ @@ -312,9 +260,8 @@ func TestApprappDefaultConfiguration(t *testing.T) { "deploy-arch-ibm-apprapp", "fully-configurable", map[string]interface{}{ - "prefix": options.Prefix, - "region": validRegions[rand.Intn(len(validRegions))], - "app_config_plan": "enterprise", + "prefix": options.Prefix, + "region": validRegions[rand.Intn(len(validRegions))], }, ) @@ -322,23 +269,61 @@ func TestApprappDefaultConfiguration(t *testing.T) { require.NoError(t, err) } -// TestDependencyPermutations runs dependency permutations for the Event Notifications and all its dependencies -func TestApprappDependencyPermutations(t *testing.T) { - t.Skip() // skipping permutations test until we do a refactor +func TestAddonsWithDisabledDAs(t *testing.T) { + t.Parallel() + options := testaddons.TestAddonsOptionsDefault(&testaddons.TestAddonOptions{ - Testing: t, - Prefix: "app-per", - AddonConfig: cloudinfo.AddonConfig{ - OfferingName: "deploy-arch-ibm-apprapp", + Testing: t, + Prefix: "appcon-dis", + ResourceGroup: resourceGroup, + QuietMode: true, // Suppress logs except on failure + }) + + options.AddonConfig = cloudinfo.NewAddonConfigTerraform( + options.Prefix, + "deploy-arch-ibm-apprapp", + "fully-configurable", + map[string]interface{}{ + "prefix": options.Prefix, + "region": validRegions[rand.Intn(len(validRegions))], + }, + ) + + options.AddonConfig.Dependencies = []cloudinfo.AddonConfig{ + // Opt into Account Config DA + { + OfferingName: "deploy-arch-ibm-account-infra-base", + OfferingFlavor: "resource-groups-with-account-settings", + Enabled: core.BoolPtr(true), + }, + // Disable AT, ICL, Mon, EN and KMS + { + OfferingName: "deploy-arch-ibm-activity-tracker", OfferingFlavor: "fully-configurable", - Inputs: map[string]interface{}{ - "prefix": "app-per", - "region": validRegions[rand.Intn(len(validRegions))], - "existing_resource_group_name": resourceGroup, - }, + Enabled: core.BoolPtr(false), }, - }) + { + OfferingName: "deploy-arch-ibm-cloud-logs", + OfferingFlavor: "fully-configurable", + Enabled: core.BoolPtr(false), + }, + { + OfferingName: "deploy-arch-ibm-cloud-monitoring", + OfferingFlavor: "fully-configurable", + Enabled: core.BoolPtr(false), + }, + { + OfferingName: "deploy-arch-ibm-kms", + OfferingFlavor: "fully-configurable", + Enabled: core.BoolPtr(false), + }, + { + OfferingName: "deploy-arch-ibm-event-notifications", + OfferingFlavor: "fully-configurable", + Enabled: core.BoolPtr(false), + }, + } - err := options.RunAddonPermutationTest() - assert.NoError(t, err, "Dependency permutation test should not fail") + err := options.RunAddonTest() + require.NoError(t, err) }