Skip to content

fix: update iam permission for cloud monitoring DA #82

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Sep 10, 2025
Merged

fix: update iam permission for cloud monitoring DA #82

Changes from 7 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
6ba71c6
fix: update iam permission
Sep 3, 2025
9889067
update iam permission
Sep 4, 2025
779e835
Merge branch 'main' into iam-patch
iamar7 Sep 4, 2025
efa442d
update text for DA dependency
Sep 5, 2025
a69c108
Merge branch 'iam-patch' of https://github.com/terraform-ibm-modules/…
Sep 5, 2025
ef88ed9
update notes
Sep 5, 2025
cad598a
Merge branch 'main' into iam-patch
iamar7 Sep 8, 2025
a9fbf7a
resolve comments
Sep 8, 2025
406f37c
Merge branch 'main' into iam-patch
iamar7 Sep 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 16 additions & 9 deletions ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -217,23 +217,30 @@
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Administrator"
],
"service_name": "iam-identity",
"notes": "[Optional] Required if Cloud automation for account configuration is enabled."
"service_name": "All Account Management services",
"notes": "[Optional] Administrator access is required to create and delete resource groups."
Copy link
Member

@maheshwarishikha maheshwarishikha Sep 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this fit well here ?

Copy link
Member Author

@iamar7 iamar7 Sep 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I will update the notes to that

},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
"crn:v1:bluemix:public:iam::::role:Viewer"
],
"service_name": "sysdig-monitor",
"notes": "[Optional] Required for creating a new instance of cloud monitoring."
"service_name": "Resource group only",
"notes": "Viewer access is required in the resource group you want to provision in."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Administrator"
],
"service_name": "All Identity and Access enabled services",
"notes": "Required to create IAM authorization policy between Metrics Router and Cloud Monitoring."
Copy link
Member

@maheshwarishikha maheshwarishikha Sep 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it mandatory permission?
If so, the notes can be simplified.

Copy link
Member Author

@iamar7 iamar7 Sep 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this is mandatory permission. Simplified as in remove the later part from between till the end?

},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "metrics-router",
"notes": "[Optional] Required if metrics routing to cloud monitoring instance is enabled."
"service_name": "sysdig-monitor",
"notes": "Required for creating a new instance of cloud monitoring."
}
],
"architecture": {
Expand All @@ -257,7 +264,7 @@
"dependencies": [
{
"name": "deploy-arch-ibm-account-infra-base",
"description": "Enable to create a resource groups by default where all the resources will be provisioned and, when you enable the “with Account Settings” option, it also applies baseline security and governance settings. When disabled, provide your own resource group via the `existing_resource_group_name` input.",
"description": "Organize your IBM Cloud account with preconfigured resource groups. If not selected, the default resource group is used. Optionally, expand to apply recommended security controls via \"with Account Settings\" variation.",
"id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global",
"version": "v3.0.7",
"flavors": [
Expand Down