Skip to content

refactor: da best input practices #393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 7 commits into from
Closed

refactor: da best input practices #393

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
e288f5c
refactor: da best input practices
Mar 3, 2025
45c48ee
added space between variable names
Mar 3, 2025
a01656d
added custom config to tag inputs
Mar 3, 2025
89c2131
reordered variables in catalog
Mar 3, 2025
d9920cd
reordered variables in catalog
Mar 3, 2025
c6a255c
reordered variables
Mar 4, 2025
75b5e42
Merge branch 'main' into da_best_practices
vkuma17 Mar 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
157 changes: 90 additions & 67 deletions ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,12 @@
"description": "Prefix to add to all resources created by this solution. To not use any prefix value, you can enter the string `__NULL__`."
},
{
"key": "use_existing_resource_group"
"key": "use_existing_resource_group",
"required": true
},
{
"key": "resource_group_name"
"key": "resource_group_name",
"required": true
},
{
"key": "region",
Expand Down Expand Up @@ -97,7 +99,32 @@
]
},
{
"key": "event_notification_name"
"key": "existing_kms_instance_crn",
"required": true
},
{
"key": "kms_endpoint_url",
"required": true
},
{
"key": "provider_visibility",
"options": [
{
"displayname": "private",
"value": "private"
},
{
"displayname": "public",
"value": "public"
},
{
"displayname": "public-and-private",
"value": "public-and-private"
}
]
},
{
"key": "event_notifications_name"
},
{
"key": "service_plan",
Expand Down Expand Up @@ -126,32 +153,20 @@
]
},
{
"key": "tags"
},
{
"key": "existing_kms_instance_crn",
"required": true
"key": "event_notifications_tags",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"config_constraints": {
"type": "string"
}
}
},
{
"key": "kms_endpoint_url",
"required": true
"key": "event_notifications_instance_cbr_rules"
},
{
"key": "provider_visibility",
"options": [
{
"displayname": "private",
"value": "private"
},
{
"displayname": "public",
"value": "public"
},
{
"displayname": "public-and-private",
"value": "public-and-private"
}
]
"key": "ibmcloud_kms_api_key"
},
{
"key": "existing_kms_root_key_crn"
Expand All @@ -170,47 +185,43 @@
]
},
{
"key": "en_key_ring_name"
"key": "event_notifications_key_ring_name"
},
{
"key": "en_key_name"
},
{
"key": "cos_key_ring_name"
"key": "event_notifications_key_name"
},
{
"key": "cos_key_name"
"key": "skip_event_notifications_kms_iam_auth_policy"
},
{
"key": "skip_en_kms_auth_policy"
"key": "existing_event_notifications_instance_crn"
},
{
"key": "ibmcloud_kms_api_key"
"key": "cos_instance_name"
},
{
"key": "existing_cos_instance_crn"
"key": "cos_instance_tags",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"config_constraints": {
"type": "string"
}
}
},
{
"key": "existing_cos_bucket_name"
"key": "cos_instance_access_tags",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"config_constraints": {
"type": "string"
}
}
},
{
"key": "cos_bucket_name"
},
{
"key": "skip_en_cos_auth_policy"
},
{
"key": "skip_cos_kms_auth_policy"
},
{
"key": "cos_instance_name"
},
{
"key": "cos_instance_tags"
},
{
"key": "cos_instance_access_tags"
},
{
"key": "add_bucket_name_suffix"
},
Expand Down Expand Up @@ -241,7 +252,13 @@
"key": "archive_days"
},
{
"key": "retention_enabled"
"key": "archive_filter_prefix"
},
{
"key": "expire_filter_prefix"
},
{
"key": "enable_retention"
},
{
"key": "management_endpoint_type_for_bucket",
Expand All @@ -260,9 +277,30 @@
}
]
},
{
"key": "cos_key_ring_name"
},
{
"key": "cos_key_name"
},
{
"key": "existing_cos_instance_crn"
},
{
"key": "existing_cos_bucket_name"
},
{
"key": "existing_cos_endpoint"
},
{
"key": "existing_monitoring_crn"
},
{
"key": "skip_event_notifications_cos_iam_auth_policy"
},
{
"key": "skip_cos_kms_iam_auth_policy"
},
{
"key": "existing_secrets_manager_instance_crn"
},
Expand All @@ -279,29 +317,14 @@
}
]
},
{
"key": "skip_en_sm_auth_policy"
},
{
"key": "service_credential_secrets"
},
{
"key": "service_credential_names"
},
{
"key": "existing_monitoring_crn"
},
{
"key": "existing_en_instance_crn"
},
{
"key":"cbr_rules"
},
{
"key":"archive_filter_prefix"
},
{
"key":"expire_filter_prefix"
"key": "skip_event_notifications_secrets_manager_iam_auth_policy"
}
],
"iam_permissions": [
Expand Down
12 changes: 6 additions & 6 deletions solutions/standard/DA-cbr_rules.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,18 @@

Several optional input variables in the IBM Cloud [Event Notifications deployable architecture](https://cloud.ibm.com/catalog#deployable_architecture) use complex object types. You specify these inputs when you configure deployable architecture.

* Context-Based Restrictions Rules (`cbr_rules`)
* Context-Based Restrictions Rules (`event_notifications_instance_cbr_rules`)


## Rules For Context-Based Restrictions <a name="cbr_rules"></a>
## Rules For Context-Based Restrictions <a name="event_notifications_instance_cbr_rules"></a>

The `cbr_rules` input variable allows you to provide a rule for the target service to enforce access restrictions for the service based on the context of access requests. Contexts are criteria that include the network location of access requests, the endpoint type from where the request is sent, etc.
The `event_notifications_instance_cbr_rules` input variable allows you to provide a rule for the target service to enforce access restrictions for the service based on the context of access requests. Contexts are criteria that include the network location of access requests, the endpoint type from where the request is sent, etc.

- Variable name: `cbr_rules`.
- Variable name: `event_notifications_instance_cbr_rules`.
- Type: A list of objects. Allows only one object representing a rule for the target service
- Default value: An empty list (`[]`).

### Options for cbr_rules
### Options for event_notifications_instance_cbr_rules

- `description` (required): The description of the rule to create.
- `account_id` (required): The IBM Cloud Account ID
Expand All @@ -34,7 +34,7 @@ The `cbr_rules` input variable allows you to provide a rule for the target servi
### Example Rule For Context-Based Restrictions Configuration

```hcl
cbr_rules = [
event_notifications_instance_cbr_rules = [
{
description = "Event Notifications can be accessed from xyz"
account_id = "defc0df06b644a9cabc6e44f55b3880s."
Expand Down
2 changes: 1 addition & 1 deletion solutions/standard/catalogValidationValues.json.template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"ibmcloud_api_key": $VALIDATION_APIKEY,
"resource_group_name": $PREFIX,
"tags": $TAGS,
"event_notifications_tags": $TAGS,
"existing_kms_instance_crn": $HPCS_US_SOUTH_CRN,
"kms_endpoint_url": "https://api.private.us-south.hs-crypto.cloud.ibm.com:8992"
}
Loading