Skip to content

DA improvement #772

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 21 commits into from
Closed

DA improvement #772

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
3691aad
DA improvement
aatreyee257 Aug 14, 2025
6a646f2
Merge branch 'main' into i-14207
aatreyee257 Aug 14, 2025
0ab5c4e
minor changes
aatreyee257 Aug 17, 2025
85f6e1e
Merge branch 'i-14207' of https://github.com/terraform-ibm-modules/te…
aatreyee257 Aug 17, 2025
1e837de
minor changes
aatreyee257 Aug 17, 2025
ea886bf
minor changes
aatreyee257 Aug 18, 2025
d8bb0a5
minor changes
aatreyee257 Aug 18, 2025
0018d43
minor changes
aatreyee257 Aug 18, 2025
e290a5c
diagram modifications
aatreyee257 Aug 19, 2025
289d34e
minor changes
aatreyee257 Aug 19, 2025
729bc12
minor changes
aatreyee257 Aug 19, 2025
20a595e
minor changes
aatreyee257 Aug 19, 2025
9bb61e1
Merge branch 'main' into i-14207
aatreyee257 Aug 21, 2025
1ba8c79
Update ibm_catalog.json
aatreyee257 Aug 21, 2025
f328745
resolved comments
aatreyee257 Aug 21, 2025
9d04a92
Merge branch 'i-14207' of https://github.com/terraform-ibm-modules/te…
aatreyee257 Aug 21, 2025
c3183df
resolved conflicts
aatreyee257 Aug 26, 2025
090fc77
fix
aatreyee257 Aug 26, 2025
be84baa
Merge branch 'main' of https://github.com/terraform-ibm-modules/terra…
aatreyee257 Sep 2, 2025
4176ae7
resolved conflicts
aatreyee257 Sep 2, 2025
49bd25b
fixes
aatreyee257 Sep 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 56 additions & 25 deletions ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@
"cluster",
"red_hat_openshift"
],
"short_description": "Automates the deployment of Red Hat OpenShift container platform on IBM Cloud with optional integration of security and logging services.",
"long_description": "The Cloud automation for Red Hat OpenShift Container Platform on VPC enables a scalable and flexible cloud environment for containerized applications with seamless integration to other security and observability services. This architecture can be deployed independently while also serving as a foundational deployable architecture for other architectures like [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global) to deploy mission critical applications and AI-driven initiatives to market quickly and securely with a managed OpenShift service.\n\nℹ️ This Terraform-based automation is part of a broader suite of IBM-maintained Infrastructure as Code (IaC) assets, each following the naming pattern \"Cloud automation for *servicename*\" and focusing on single IBM Cloud service. These single-service deployable architectures can be used on their own to streamline and automate service deployments through an [IaC approach](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understanding-projects), or assembled together into a broader [automated IaC stack](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-config-stack) to automate the deployment of an end-to-end solution architecture.",
"short_description": "Automates the deployment of Red Hat OpenShift container platform on IBM Cloud with optional integration of security and logging services",
"long_description": "The [Cloud automation for Red Hat OpenShift Container Platform](https://www.ibm.com/products/openshift) on VPC enables a scalable and flexible cloud environment for containerized applications with seamless integration to other security and observability services. This architecture can be deployed independently while also serving as a foundational deployable architecture for other architectures like [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global) to deploy mission critical applications and AI-driven initiatives to market quickly and securely with a managed OpenShift service.\n\nℹ️ This Terraform-based automation is part of a broader suite of IBM-maintained Infrastructure as Code (IaC) assets, each following the naming pattern \"Cloud automation for *servicename*\" and focusing on single IBM Cloud service. These single-service deployable architectures can be used on their own to streamline and automate service deployments through an [IaC approach](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understanding-projects), or assembled together into a broader [automated IaC stack](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-config-stack) to automate the deployment of an end-to-end solution architecture.",
"offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/README.md",
"offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/main/images/ocp_icon.svg",
"provider_name": "IBM",
Expand Down Expand Up @@ -66,7 +66,7 @@
{
"label": "Fully configurable",
"name": "fully-configurable",
"index": 2,
"index": 1,
"install_type": "fullstack",
"working_directory": "solutions/fully-configurable",
"compliance": {
Expand All @@ -79,11 +79,32 @@
]
},
"iam_permissions": [
{
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Viewer"
],
"service_name": "Resource group only",
"notes": "Viewer access is required in the resource group you want to provision in."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Viewer"
],
"service_name": "All Identity and Access enabled services",
"notes": "[Optional] Only required if creating context-based restrictions which can be toggled using the `provision_cbr` input."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Administrator"
],
"service_name": "All Account Management services",
"notes": "Administrator access is required for resource group creation and deletion."
},
{
"service_name": "containers-kubernetes",
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
"crn:v1:bluemix:public:iam::::role:Administrator"
],
"notes": "Required to create and edit OpenShift cluster and the related resources."
},
Expand All @@ -98,7 +119,8 @@
{
"service_name": "is.vpc",
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Administrator"
"crn:v1:bluemix:public:iam::::role:Administrator",
"crn:v1:bluemix:public:iam::::serviceRole:Manager"
],
"notes": "Required for creating Virtual Private Cloud(VPC)."
},
Expand All @@ -108,7 +130,7 @@
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"notes": "Required to create Cloud Object Storage (COS) Instance."
"notes": "[Optional] Required to create Cloud Object Storage (COS) Instance."
},
{
"service_name": "hs-crypto",
Expand All @@ -132,15 +154,15 @@
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Cloud monitoring."
"notes": "[Optional] Required for consuming Observability deployable architecture which sets up Cloud Monitoring."
},
{
"service_name": "logs",
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Cloud logs."
"notes": "[Optional] Required for consuming Observability deployable architecture which sets up Cloud Logs."
},
{
"service_name": "logs-router",
Expand All @@ -155,7 +177,7 @@
"crn:v1:bluemix:public:iam::::serviceRole:Writer",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Activity Tracker Event Routing."
"notes": "[Optional] Required for consuming Observability deployable architecture which sets up Activity Tracker Event Routing."
},
{
"service_name": "secrets-manager",
Expand All @@ -164,13 +186,21 @@
"crn:v1:bluemix:public:iam::::serviceRole:Manager"
],
"notes": "[Optional] Required for creating an Secrets Manager instance. 'Manager' access required to create new secret groups."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "event-notifications",
"notes": "[Optional] Required if you are configuring an Event Notifications Instance."
}
],
"architecture": {
"features": [
{
"title": " ",
"description": "Configured to use IBM secure by default standards, but can be edited to fit your use case."
"description": "Configured to use IBM secure-by-default standards, but can be edited to fit your use case."
}
],
"diagrams": [
Expand Down Expand Up @@ -457,36 +487,37 @@
},
{
"key": "enable_platform_metrics",
"type": "string",
"default_value": "true",
"description": "When set to `true`, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. ⚠️ You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-platform_metrics_enabling).",
"type": "boolean",
"default_value": false,
"description": "When set to `true`, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-platform_metrics_enabling).",
"required": true,
"virtual": true,
"options": [
{
"displayname": "true",
"value": "true"
"value": true
},
{
"displayname": "false",
"value": "false"
"value": false
}
]
},
{
"key": "logs_routing_tenant_regions",
"type": "list(string)",
"type": "array",
"default_value": "[]",
"description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in. For example: [\"us-south\", \"us-east\"]. [Learn more](https://cloud.ibm.com/docs/logs-router?topic=logs-router-about-platform-logs).",
"description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in. [Learn more](https://cloud.ibm.com/docs/logs-router?topic=logs-router-about-platform-logs).",
"required": true,
"virtual": true,
"custom_config": {
"type": "array",
"grouping": "deployment",
"original_grouping": "deployment",
"config_constraints": {
"type": "string"
"type": "string"
}
}
},
"virtual": true
},
{
"key": "existing_resource_group_name",
Expand Down Expand Up @@ -746,7 +777,7 @@
},
{
"key": "network_acls",
"type": "list(object)",
"type": "array",
"default_value": "[\n {\n name = \"vpc-acl\"\n add_ibm_cloud_internal_rules = true\n add_vpc_connectivity_rules = true\n prepend_ibm_rules = true\n rules = [\n {\n name = \"allow-all-443-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n port_min = 443\n port_max = 443\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-80-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n port_min = 80\n port_max = 80\n source_port_min = 80\n source_port_max = 80\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-ingress-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n source_port_min = 30000\n source_port_max = 32767\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-443-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n source_port_min = 443\n source_port_max = 443\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-80-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n source_port_min = 80\n source_port_max = 80\n port_min = 80\n port_max = 80\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-ingress-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n port_min = 30000\n port_max = 32767\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n }\n ]\n }\n]",
"description": "The list of ACLs to create. Provide at least one rule for each ACL. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#network-acls-).",
"required": false,
Expand All @@ -761,16 +792,16 @@
"key": "provider_visibility",
"options": [
{
"displayname": "private",
"displayname": "Private",
"value": "private"
},
{
"displayname": "public",
"displayname": "Public",
"value": "public"
},
{
"displayname": "public-and-private",
"value": "public-and-private"
"value": "Public-and-Private"
}
],
"hidden": true
Expand Down Expand Up @@ -1011,7 +1042,7 @@
{
"label": "QuickStart",
"name": "quickstart",
"index": 1,
"index": 2,
"install_type": "fullstack",
"working_directory": "solutions/quickstart",
"iam_permissions": [
Expand Down
4 changes: 1 addition & 3 deletions solutions/fully-configurable/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,7 @@ variable "ibmcloud_api_key" {

variable "prefix" {
type = string
nullable = true
description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-0405-ocp. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."
description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: wx-0205-orch. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."

validation {
# - null and empty string is allowed
Expand All @@ -30,7 +29,6 @@ variable "prefix" {
)
error_message = "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--')."
}

validation {
# must not exceed 16 characters in length
condition = var.prefix == null || var.prefix == "" ? true : length(var.prefix) <= 16
Expand Down
12 changes: 9 additions & 3 deletions solutions/quickstart/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,14 @@ variable "provider_visibility" {

variable "prefix" {
type = string
description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--'). Example: `prod-0205-ocpqs`. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."
nullable = true
description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: wx-0205-orch. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."

validation {
# - null and empty string is allowed
# - Must not contain consecutive hyphens (--): length(regexall("--", var.prefix)) == 0
# - Starts with a lowercase letter: [a-z]
# - Contains only lowercase letters (a–z), digits (0–9), and hyphens (-)
# - Must not end with a hyphen (-): [a-z0-9]
condition = (var.prefix == null || var.prefix == "" ? true :
alltrue([
can(regex("^[a-z][-a-z0-9]*[a-z0-9]$", var.prefix)),
Expand All @@ -36,14 +41,15 @@ variable "prefix" {
error_message = "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--')."
}
validation {
# must not exceed 16 characters in length
condition = var.prefix == null || var.prefix == "" ? true : length(var.prefix) <= 16
error_message = "Prefix must not exceed 16 characters."
}
}

variable "region" {
description = "The region to provision all resources in. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/region) about how to select different regions for different services."
type = string
description = "Region in which all the resources will be deployed. [Learn More](https://terraform-ibm-modules.github.io/documentation/#/region)."
default = "us-south"
}

Expand Down
6 changes: 3 additions & 3 deletions tests/existing-resources/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
module "resource_group" {
source = "terraform-ibm-modules/resource-group/ibm"
version = "1.3.0"
resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null
resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group-yz" : null
existing_resource_group_name = var.resource_group
}

Expand Down Expand Up @@ -41,9 +41,9 @@ module "cos" {
version = "8.21.25"
resource_group_id = module.resource_group.resource_group_id
region = var.region
cos_instance_name = "${var.prefix}-cos"
cos_instance_name = "${var.prefix}-cos-yz"
cos_tags = var.resource_tags
bucket_name = "${var.prefix}-bucket"
bucket_name = "${var.prefix}-bucket-yz"
retention_enabled = false
kms_encryption_enabled = false
}