From 34b6096a6170e562bb695612915bc9453ebae434 Mon Sep 17 00:00:00 2001 From: whoffler Date: Tue, 1 Jul 2025 10:08:12 +0100 Subject: [PATCH 01/28] scc workload protection addon dependency --- ibm_catalog.json | 26 +++++++++++++++++++ .../deployable-architecture-elasticsearch.svg | 2 +- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index d108f771..6c31be1f 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -53,6 +53,32 @@ "index": 1, "install_type": "fullstack", "working_directory": "solutions/fully-configurable", + "dependencies": [ + { + "flavors": [ + "fully-configurable" + ], + "id": "4322cf44-2289-49aa-a719-dd79e39b14dc-global", + "name": "deploy-arch-ibm-scc-workload-protection", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "input_mapping": [ + { + "dependency_input": "region", + "version_input": "region" + }, + { + "dependency_input": "prefix", + "version_input": "prefix" + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name" + } + ], + "version": "v1.10.1", + "optional": true + } + ], "compliance": { "authority": "scc-v3", "profiles": [ diff --git a/reference-architecture/deployable-architecture-elasticsearch.svg b/reference-architecture/deployable-architecture-elasticsearch.svg index 367df641..c88d3a81 100644 --- a/reference-architecture/deployable-architecture-elasticsearch.svg +++ b/reference-architecture/deployable-architecture-elasticsearch.svg @@ -1,4 +1,4 @@ -IBM CloudRegionResource GroupDatabase for Elasticsearch
ES
ES
IBM Cloud Code Engine Project
IBM Cloud Code Engine ProjectKibana Code Engine App
[Optional] KMS
[Optional] KMS
Key Ring
Key Ringelasticsearch-keyText is not SVG - cannot display \ No newline at end of file +IBM CloudRegionResource GroupDatabase for Elasticsearch
ES
ES
IBM Cloud Code Engine Project
IBM Cloud Code Engine ProjectKibana Code Engine App
[Optional] SCC Workload Protection
[Optional] SCC Worklo...
[Optional] KMS
[Optional] KMS
Key Ring
Key Ringelasticsearch-keyText is not SVG - cannot display \ No newline at end of file From 842a7f019c328f856c37fac55ced7429a4eeb15a Mon Sep 17 00:00:00 2001 From: whoffler Date: Tue, 1 Jul 2025 10:21:48 +0100 Subject: [PATCH 02/28] values from ES to wp --- ibm_catalog.json | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 6c31be1f..b67c5163 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -64,15 +64,18 @@ "input_mapping": [ { "dependency_input": "region", - "version_input": "region" + "version_input": "region", + "reference_version": true }, { "dependency_input": "prefix", - "version_input": "prefix" + "version_input": "prefix", + "reference_version": true }, { "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name" + "version_input": "existing_resource_group_name", + "reference_version": true } ], "version": "v1.10.1", From e4a12a703a6c49118821f5f29cc62b573655e492 Mon Sep 17 00:00:00 2001 From: whoffler Date: Tue, 1 Jul 2025 11:46:39 +0100 Subject: [PATCH 03/28] security enforced addon config --- ibm_catalog.json | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/ibm_catalog.json b/ibm_catalog.json index b67c5163..172af77d 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -489,6 +489,35 @@ "index": 2, "install_type": "fullstack", "working_directory": "solutions/security-enforced", + "dependencies": [ + { + "flavors": [ + "fully-configurable" + ], + "id": "4322cf44-2289-49aa-a719-dd79e39b14dc-global", + "name": "deploy-arch-ibm-scc-workload-protection", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "input_mapping": [ + { + "dependency_input": "region", + "version_input": "region", + "reference_version": true + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + } + ], + "version": "v1.10.1", + "optional": true + } + ], "compliance": { "authority": "scc-v3", "profiles": [ From 40560369a18d6f5145ae141b2710449306c6504b Mon Sep 17 00:00:00 2001 From: whoffler Date: Wed, 2 Jul 2025 10:35:37 +0100 Subject: [PATCH 04/28] fully configurable dependencies --- ibm_catalog.json | 159 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 159 insertions(+) diff --git a/ibm_catalog.json b/ibm_catalog.json index 172af77d..452fa42f 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -76,10 +76,169 @@ "dependency_input": "existing_resource_group_name", "version_input": "existing_resource_group_name", "reference_version": true + }, + { + "dependency_input": "provider_visibility", + "version_input": "provider_visibility", + "reference_version": true } ], "version": "v1.10.1", "optional": true + }, + { + "flavors": [ + "fully-configurable" + ], + "id": "73debdbf-894f-4c14-81c7-5ece3a70b67d-global", + "name": "deploy-arch-ibm-cloud-monitoring", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "input_mapping": [ + { + "dependency_input": "region", + "version_input": "region", + "reference_version": true + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + }, + { + "dependency_input": "provider_visibility", + "version_input": "provider_visibility", + "reference_version": true + } + ], + "version": "v1.2.14", + "optional": true + }, + { + "flavors": [ + "fully-configurable" + ], + "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", + "name": "deploy-arch-ibm-kms", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "input_mapping": [ + { + "dependency_input": "region", + "version_input": "region", + "reference_version": true + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + }, + { + "dependency_input": "provider_visibility", + "version_input": "provider_visibility", + "reference_version": true + } + ], + "version": "v5.1.4", + "optional": true + }, + { + "flavors": [ + "fully-configurable" + ], + "id": "6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global", + "name": "deploy-arch-ibm-secrets-manager", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "input_mapping": [ + { + "dependency_input": "region", + "version_input": "region", + "reference_version": true + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + }, + { + "dependency_input": "provider_visibility", + "version_input": "provider_visibility", + "reference_version": true + } + ], + "version": "v2.6.4", + "optional": true + }, + { + "flavors": [ + "apps", + "project" + ], + "id": "413843d9-8962-48a5-8ab5-dfcf4429372c-global", + "name": "deploy-arch-ibm-code-engine", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "input_mapping": [ + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + }, + { + "dependency_input": "provider_visibility", + "version_input": "provider_visibility", + "reference_version": true + } + ], + "version": "v4.4.1", + "optional": true + }, + { + "id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global", + "name": "deploy-arch-ibm-account-infra-base", + "description": "Cloud automation for Account Configuration organizes your IBM Cloud account with a ready-made set of resource groups by default—and, when you enable the \"with Account Settings\" option, it also applies baseline security and governance settings.", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "flavors": [ + "resource-group-only", + "resource-groups-with-account-settings" + ], + "default_flavor": "resource-group-only", + "input_mapping": [ + { + "dependency_output": "security_resource_group_name", + "version_input": "existing_resource_group_name" + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "provider_visibility", + "version_input": "provider_visibility", + "reference_version": true + } + ], + "optional": true, + "on_by_default": false, + "version": "v3.0.7" } ], "compliance": { From 32f774e060b677d5afcb4b5aa9d4ab697fd3fa09 Mon Sep 17 00:00:00 2001 From: whoffler Date: Wed, 2 Jul 2025 15:10:04 +0100 Subject: [PATCH 05/28] add virtual inputs for dependencies --- ibm_catalog.json | 429 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 429 insertions(+) diff --git a/ibm_catalog.json b/ibm_catalog.json index 452fa42f..6aee6059 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -81,6 +81,21 @@ "dependency_input": "provider_visibility", "version_input": "provider_visibility", "reference_version": true + }, + { + "dependency_input": "scc_workload_protection_service_plan", + "version_input": "scc_workload_protection_service_plan", + "reference_version": true + }, + { + "dependency_input": "cspm_enabled", + "version_input": "cspm_enabled", + "reference_version": true + }, + { + "dependency_input": "app_config_plan", + "version_input": "app_config_plan", + "reference_version": true } ], "version": "v1.10.1", @@ -113,6 +128,16 @@ "dependency_input": "provider_visibility", "version_input": "provider_visibility", "reference_version": true + }, + { + "dependency_input": "cloud_monitoring_plan", + "version_input": "cloud_monitoring_plan", + "reference_version": true + }, + { + "dependency_input": "enable_platform_metrics", + "version_input": "cloud_monitoring_enable_platform_metrics", + "reference_version": true } ], "version": "v1.2.14", @@ -177,6 +202,16 @@ "dependency_input": "provider_visibility", "version_input": "provider_visibility", "reference_version": true + }, + { + "dependency_input": "service_plan", + "version_input": "secrets_manager_service_plan", + "reference_version": true + }, + { + "dependency_input": "enable_platform_metrics", + "version_input": "enable_platform_metrics", + "reference_version": true } ], "version": "v2.6.4", @@ -406,6 +441,121 @@ } ] }, + { + "key": "secrets_manager_service_plan", + "required": true, + "type": "string", + "description": "The service plan for Secrets Manager created by this solution.", + "virtual": true, + "default_value": "standard", + "options": [ + { + "displayname": "standard", + "value": "standard" + }, + { + "displayname": "trial", + "value": "trial" + } + ] + }, + { + "key": "enable_platform_metrics", + "required": true, + "type": "bool", + "description": "When set to true, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region.", + "virtual": true, + "default_value": true + }, + { + "key": "logs_routing_tenant_regions", + "required": true, + "type": "array", + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + }, + "description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in.", + "virtual": true, + "default_value": [] + }, + { + "key": "cloud_monitoring_plan", + "required": true, + "type": "string", + "description": "The service plan for Cloud Monitoring instance created by this solution.", + "virtual": true, + "default_value": "graduated-tier", + "options": [ + { + "displayname": "Graduated Tier", + "value": "graduated-tier" + }, + { + "displayname": "Lite", + "value": "lite" + } + ] + }, + { + "key": "cloud_monitoring_enable_platform_metrics", + "required": true, + "type": "bool", + "description": "When set to true, the IBM Cloud Monitoring instance collects the platform metrics.", + "virtual": true, + "default_value": false + }, + { + "key": "scc_workload_protection_service_plan", + "required": true, + "type": "string", + "description": "The pricing plan for the Workload Protection instance service. Possible values: free-trial, graduated-tier", + "virtual": true, + "default_value": "graduated-tier", + "options": [ + { + "displayname": "Graduated Tier", + "value": "graduated-tier" + }, + { + "displayname": "Free Trial", + "value": "free-trial" + } + ] + }, + { + "key": "cspm_enabled", + "required": true, + "type": "bool", + "description": "Enable Cloud Security Posture Management (CSPM) for the Workload Protection instance. This will create a trusted profile associated with the SCC Workload Protection instance that has viewer / reader access to the App Config service and viewer access to the Enterprise service.", + "virtual": true, + "default_value": false + }, + { + "key": "app_config_plan", + "required": true, + "type": "string", + "description": "The plan to use for the App Configuration service instance.", + "options": [ + { + "displayname": "Basic", + "value": "basic" + }, + { + "displayname": "Standard", + "value": "standardv2" + }, + { + "displayname": "Enterprise", + "value": "enterprise" + } + ], + "virtual": true, + "default_value": "basic" + }, { "key": "name" }, @@ -671,10 +821,174 @@ "dependency_input": "existing_resource_group_name", "version_input": "existing_resource_group_name", "reference_version": true + }, + { + "dependency_input": "scc_workload_protection_service_plan", + "version_input": "scc_workload_protection_service_plan", + "reference_version": true + }, + { + "dependency_input": "cspm_enabled", + "version_input": "cspm_enabled", + "reference_version": true + }, + { + "dependency_input": "app_config_plan", + "version_input": "app_config_plan", + "reference_version": true } ], "version": "v1.10.1", "optional": true + }, + { + "flavors": [ + "fully-configurable" + ], + "id": "73debdbf-894f-4c14-81c7-5ece3a70b67d-global", + "name": "deploy-arch-ibm-cloud-monitoring", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "input_mapping": [ + { + "dependency_input": "region", + "version_input": "region", + "reference_version": true + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + }, + { + "dependency_input": "cloud_monitoring_plan", + "version_input": "cloud_monitoring_plan", + "reference_version": true + }, + { + "dependency_input": "enable_platform_metrics", + "version_input": "cloud_monitoring_enable_platform_metrics", + "reference_version": true + } + ], + "version": "v1.2.14", + "optional": true + }, + { + "flavors": [ + "security-enforced" + ], + "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", + "name": "deploy-arch-ibm-kms", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "input_mapping": [ + { + "dependency_input": "region", + "version_input": "region", + "reference_version": true + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + } + ], + "version": "v5.1.4", + "optional": true + }, + { + "flavors": [ + "security-enforced" + ], + "id": "6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global", + "name": "deploy-arch-ibm-secrets-manager", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "input_mapping": [ + { + "dependency_input": "region", + "version_input": "region", + "reference_version": true + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + }, + { + "dependency_input": "service_plan", + "version_input": "secrets_manager_service_plan", + "reference_version": true + }, + { + "dependency_input": "enable_platform_metrics", + "version_input": "enable_platform_metrics", + "reference_version": true + } + ], + "version": "v2.6.4", + "optional": true + }, + { + "flavors": [ + "apps", + "project" + ], + "id": "413843d9-8962-48a5-8ab5-dfcf4429372c-global", + "name": "deploy-arch-ibm-code-engine", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "input_mapping": [ + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + } + ], + "version": "v4.4.1", + "optional": true + }, + { + "id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global", + "name": "deploy-arch-ibm-account-infra-base", + "description": "Cloud automation for Account Configuration organizes your IBM Cloud account with a ready-made set of resource groups by default—and, when you enable the \"with Account Settings\" option, it also applies baseline security and governance settings.", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "flavors": [ + "resource-group-only", + "resource-groups-with-account-settings" + ], + "default_flavor": "resource-group-only", + "input_mapping": [ + { + "dependency_output": "security_resource_group_name", + "version_input": "existing_resource_group_name" + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + } + ], + "optional": true, + "on_by_default": false, + "version": "v3.0.7" } ], "compliance": { @@ -837,6 +1151,121 @@ } ] }, + { + "key": "secrets_manager_service_plan", + "required": true, + "type": "string", + "description": "The service plan for Secrets Manager created by this solution.", + "virtual": true, + "default_value": "standard", + "options": [ + { + "displayname": "standard", + "value": "standard" + }, + { + "displayname": "trial", + "value": "trial" + } + ] + }, + { + "key": "enable_platform_metrics", + "required": true, + "type": "bool", + "description": "When set to true, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region.", + "virtual": true, + "default_value": true + }, + { + "key": "logs_routing_tenant_regions", + "required": true, + "type": "array", + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + }, + "description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in.", + "virtual": true, + "default_value": [] + }, + { + "key": "cloud_monitoring_plan", + "required": true, + "type": "string", + "description": "The service plan for Cloud Monitoring instance created by this solution.", + "virtual": true, + "default_value": "graduated-tier", + "options": [ + { + "displayname": "Graduated Tier", + "value": "graduated-tier" + }, + { + "displayname": "Lite", + "value": "lite" + } + ] + }, + { + "key": "cloud_monitoring_enable_platform_metrics", + "required": true, + "type": "bool", + "description": "When set to true, the IBM Cloud Monitoring instance collects the platform metrics.", + "virtual": true, + "default_value": false + }, + { + "key": "scc_workload_protection_service_plan", + "required": true, + "type": "string", + "description": "The pricing plan for the Workload Protection instance service. Possible values: free-trial, graduated-tier", + "virtual": true, + "default_value": "graduated-tier", + "options": [ + { + "displayname": "Graduated Tier", + "value": "graduated-tier" + }, + { + "displayname": "Free Trial", + "value": "free-trial" + } + ] + }, + { + "key": "cspm_enabled", + "required": true, + "type": "bool", + "description": "Enable Cloud Security Posture Management (CSPM) for the Workload Protection instance. This will create a trusted profile associated with the SCC Workload Protection instance that has viewer / reader access to the App Config service and viewer access to the Enterprise service.", + "virtual": true, + "default_value": false + }, + { + "key": "app_config_plan", + "required": true, + "type": "string", + "description": "The plan to use for the App Configuration service instance.", + "options": [ + { + "displayname": "Basic", + "value": "basic" + }, + { + "displayname": "Standard", + "value": "standardv2" + }, + { + "displayname": "Enterprise", + "value": "enterprise" + } + ], + "virtual": true, + "default_value": "basic" + }, { "key": "name" }, From a7dd60a5521980dc08f46f1c530f91bff510aeaa Mon Sep 17 00:00:00 2001 From: whoffler Date: Wed, 2 Jul 2025 15:34:24 +0100 Subject: [PATCH 06/28] update names --- ibm_catalog.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 6aee6059..3df9bc36 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -210,7 +210,7 @@ }, { "dependency_input": "enable_platform_metrics", - "version_input": "enable_platform_metrics", + "version_input": "secrets_manager_enable_platform_metrics", "reference_version": true } ], @@ -460,10 +460,10 @@ ] }, { - "key": "enable_platform_metrics", + "key": "secrets_manager_enable_platform_metrics", "required": true, "type": "bool", - "description": "When set to true, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region.", + "description": "Secrets Manager enabled platform metrics", "virtual": true, "default_value": true }, @@ -935,7 +935,7 @@ }, { "dependency_input": "enable_platform_metrics", - "version_input": "enable_platform_metrics", + "version_input": "secrets_manager_enable_platform_metrics", "reference_version": true } ], @@ -1170,10 +1170,10 @@ ] }, { - "key": "enable_platform_metrics", + "key": "secrets_manager_enable_platform_metrics", "required": true, "type": "bool", - "description": "When set to true, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region.", + "description": "Secrets Manager enabled platform metrics", "virtual": true, "default_value": true }, From 0d4d93eb5d263f9e95b9b8a54703182165de8209 Mon Sep 17 00:00:00 2001 From: whoffler Date: Thu, 3 Jul 2025 09:45:53 +0100 Subject: [PATCH 07/28] scc addon, plus fixes --- ibm_catalog.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 3df9bc36..c0483ad4 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -462,10 +462,10 @@ { "key": "secrets_manager_enable_platform_metrics", "required": true, - "type": "bool", + "type": "string", "description": "Secrets Manager enabled platform metrics", "virtual": true, - "default_value": true + "default_value": "true" }, { "key": "logs_routing_tenant_regions", @@ -480,7 +480,7 @@ }, "description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in.", "virtual": true, - "default_value": [] + "default_value": "[]" }, { "key": "cloud_monitoring_plan", @@ -503,10 +503,10 @@ { "key": "cloud_monitoring_enable_platform_metrics", "required": true, - "type": "bool", + "type": "string", "description": "When set to true, the IBM Cloud Monitoring instance collects the platform metrics.", "virtual": true, - "default_value": false + "default_value": "false" }, { "key": "scc_workload_protection_service_plan", @@ -1190,7 +1190,7 @@ }, "description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in.", "virtual": true, - "default_value": [] + "default_value": "[]" }, { "key": "cloud_monitoring_plan", From 2c75395610efa13a75a2aa42e1109eef339fb0e4 Mon Sep 17 00:00:00 2001 From: whoffler Date: Thu, 3 Jul 2025 09:49:35 +0100 Subject: [PATCH 08/28] fixes --- ibm_catalog.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index c0483ad4..7ff87924 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -529,10 +529,10 @@ { "key": "cspm_enabled", "required": true, - "type": "bool", + "type": "string", "description": "Enable Cloud Security Posture Management (CSPM) for the Workload Protection instance. This will create a trusted profile associated with the SCC Workload Protection instance that has viewer / reader access to the App Config service and viewer access to the Enterprise service.", "virtual": true, - "default_value": false + "default_value": "false" }, { "key": "app_config_plan", @@ -1239,10 +1239,10 @@ { "key": "cspm_enabled", "required": true, - "type": "bool", + "type": "string", "description": "Enable Cloud Security Posture Management (CSPM) for the Workload Protection instance. This will create a trusted profile associated with the SCC Workload Protection instance that has viewer / reader access to the App Config service and viewer access to the Enterprise service.", "virtual": true, - "default_value": false + "default_value": "false" }, { "key": "app_config_plan", From 4e0dd47ff8f7593fff5ffd00d9a2c4bf84ecc751 Mon Sep 17 00:00:00 2001 From: whoffler Date: Thu, 3 Jul 2025 16:07:16 +0100 Subject: [PATCH 09/28] remove scc-wp (unsupported) and update monitoring -> observability --- ibm_catalog.json | 275 ++++++----------------------------------------- 1 file changed, 31 insertions(+), 244 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 7ff87924..19b22566 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -58,8 +58,8 @@ "flavors": [ "fully-configurable" ], - "id": "4322cf44-2289-49aa-a719-dd79e39b14dc-global", - "name": "deploy-arch-ibm-scc-workload-protection", + "id": "a3137d28-79e0-479d-8a24-758ebd5a0eab-global", + "name": "deploy-arch-ibm-observability", "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "input_mapping": [ { @@ -81,32 +81,17 @@ "dependency_input": "provider_visibility", "version_input": "provider_visibility", "reference_version": true - }, - { - "dependency_input": "scc_workload_protection_service_plan", - "version_input": "scc_workload_protection_service_plan", - "reference_version": true - }, - { - "dependency_input": "cspm_enabled", - "version_input": "cspm_enabled", - "reference_version": true - }, - { - "dependency_input": "app_config_plan", - "version_input": "app_config_plan", - "reference_version": true } ], - "version": "v1.10.1", + "version": "v3.0.3", "optional": true }, { "flavors": [ "fully-configurable" ], - "id": "73debdbf-894f-4c14-81c7-5ece3a70b67d-global", - "name": "deploy-arch-ibm-cloud-monitoring", + "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", + "name": "deploy-arch-ibm-kms", "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "input_mapping": [ { @@ -130,45 +115,8 @@ "reference_version": true }, { - "dependency_input": "cloud_monitoring_plan", - "version_input": "cloud_monitoring_plan", - "reference_version": true - }, - { - "dependency_input": "enable_platform_metrics", - "version_input": "cloud_monitoring_enable_platform_metrics", - "reference_version": true - } - ], - "version": "v1.2.14", - "optional": true - }, - { - "flavors": [ - "fully-configurable" - ], - "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", - "name": "deploy-arch-ibm-kms", - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "input_mapping": [ - { - "dependency_input": "region", - "version_input": "region", - "reference_version": true - }, - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", - "reference_version": true - }, - { - "dependency_input": "provider_visibility", - "version_input": "provider_visibility", + "dependency_input": "key_protect_plan", + "version_input": "key_protect_plan", "reference_version": true } ], @@ -214,7 +162,7 @@ "reference_version": true } ], - "version": "v2.6.4", + "version": "v2.4.0", "optional": true }, { @@ -483,78 +431,21 @@ "default_value": "[]" }, { - "key": "cloud_monitoring_plan", + "key": "key_protect_plan", "required": true, "type": "string", - "description": "The service plan for Cloud Monitoring instance created by this solution.", - "virtual": true, - "default_value": "graduated-tier", + "description": "The plan to use for the Key Protect service instance.", "options": [ { - "displayname": "Graduated Tier", - "value": "graduated-tier" + "displayname": "Tiered Pricing", + "value": "tiered-pricing" }, { - "displayname": "Lite", - "value": "lite" - } - ] - }, - { - "key": "cloud_monitoring_enable_platform_metrics", - "required": true, - "type": "string", - "description": "When set to true, the IBM Cloud Monitoring instance collects the platform metrics.", - "virtual": true, - "default_value": "false" - }, - { - "key": "scc_workload_protection_service_plan", - "required": true, - "type": "string", - "description": "The pricing plan for the Workload Protection instance service. Possible values: free-trial, graduated-tier", - "virtual": true, - "default_value": "graduated-tier", - "options": [ - { - "displayname": "Graduated Tier", - "value": "graduated-tier" - }, - { - "displayname": "Free Trial", - "value": "free-trial" - } - ] - }, - { - "key": "cspm_enabled", - "required": true, - "type": "string", - "description": "Enable Cloud Security Posture Management (CSPM) for the Workload Protection instance. This will create a trusted profile associated with the SCC Workload Protection instance that has viewer / reader access to the App Config service and viewer access to the Enterprise service.", - "virtual": true, - "default_value": "false" - }, - { - "key": "app_config_plan", - "required": true, - "type": "string", - "description": "The plan to use for the App Configuration service instance.", - "options": [ - { - "displayname": "Basic", - "value": "basic" - }, - { - "displayname": "Standard", - "value": "standardv2" - }, - { - "displayname": "Enterprise", - "value": "enterprise" + "displayname": "Cross Region Resiliency", + "value": "cross-region-resiliency" } ], - "virtual": true, - "default_value": "basic" + "virtual": true }, { "key": "name" @@ -803,8 +694,8 @@ "flavors": [ "fully-configurable" ], - "id": "4322cf44-2289-49aa-a719-dd79e39b14dc-global", - "name": "deploy-arch-ibm-scc-workload-protection", + "id": "a3137d28-79e0-479d-8a24-758ebd5a0eab-global", + "name": "deploy-arch-ibm-observability", "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "input_mapping": [ { @@ -821,58 +712,6 @@ "dependency_input": "existing_resource_group_name", "version_input": "existing_resource_group_name", "reference_version": true - }, - { - "dependency_input": "scc_workload_protection_service_plan", - "version_input": "scc_workload_protection_service_plan", - "reference_version": true - }, - { - "dependency_input": "cspm_enabled", - "version_input": "cspm_enabled", - "reference_version": true - }, - { - "dependency_input": "app_config_plan", - "version_input": "app_config_plan", - "reference_version": true - } - ], - "version": "v1.10.1", - "optional": true - }, - { - "flavors": [ - "fully-configurable" - ], - "id": "73debdbf-894f-4c14-81c7-5ece3a70b67d-global", - "name": "deploy-arch-ibm-cloud-monitoring", - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "input_mapping": [ - { - "dependency_input": "region", - "version_input": "region", - "reference_version": true - }, - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", - "reference_version": true - }, - { - "dependency_input": "cloud_monitoring_plan", - "version_input": "cloud_monitoring_plan", - "reference_version": true - }, - { - "dependency_input": "enable_platform_metrics", - "version_input": "cloud_monitoring_enable_platform_metrics", - "reference_version": true } ], "version": "v1.2.14", @@ -900,6 +739,11 @@ "dependency_input": "existing_resource_group_name", "version_input": "existing_resource_group_name", "reference_version": true + }, + { + "dependency_input": "key_protect_plan", + "version_input": "key_protect_plan", + "reference_version": true } ], "version": "v5.1.4", @@ -939,7 +783,7 @@ "reference_version": true } ], - "version": "v2.6.4", + "version": "v2.4.0", "optional": true }, { @@ -1120,7 +964,7 @@ } ] }, -{ + { "key": "plan", "options": [ { @@ -1193,78 +1037,21 @@ "default_value": "[]" }, { - "key": "cloud_monitoring_plan", + "key": "key_protect_plan", "required": true, "type": "string", - "description": "The service plan for Cloud Monitoring instance created by this solution.", - "virtual": true, - "default_value": "graduated-tier", + "description": "The plan to use for the Key Protect service instance.", "options": [ { - "displayname": "Graduated Tier", - "value": "graduated-tier" + "displayname": "Tiered Pricing", + "value": "tiered-pricing" }, { - "displayname": "Lite", - "value": "lite" - } - ] - }, - { - "key": "cloud_monitoring_enable_platform_metrics", - "required": true, - "type": "bool", - "description": "When set to true, the IBM Cloud Monitoring instance collects the platform metrics.", - "virtual": true, - "default_value": false - }, - { - "key": "scc_workload_protection_service_plan", - "required": true, - "type": "string", - "description": "The pricing plan for the Workload Protection instance service. Possible values: free-trial, graduated-tier", - "virtual": true, - "default_value": "graduated-tier", - "options": [ - { - "displayname": "Graduated Tier", - "value": "graduated-tier" - }, - { - "displayname": "Free Trial", - "value": "free-trial" - } - ] - }, - { - "key": "cspm_enabled", - "required": true, - "type": "string", - "description": "Enable Cloud Security Posture Management (CSPM) for the Workload Protection instance. This will create a trusted profile associated with the SCC Workload Protection instance that has viewer / reader access to the App Config service and viewer access to the Enterprise service.", - "virtual": true, - "default_value": "false" - }, - { - "key": "app_config_plan", - "required": true, - "type": "string", - "description": "The plan to use for the App Configuration service instance.", - "options": [ - { - "displayname": "Basic", - "value": "basic" - }, - { - "displayname": "Standard", - "value": "standardv2" - }, - { - "displayname": "Enterprise", - "value": "enterprise" + "displayname": "Cross Region Resiliency", + "value": "cross-region-resiliency" } ], - "virtual": true, - "default_value": "basic" + "virtual": true }, { "key": "name" From db3a68a79277edd6bfdabc6a8f6ff255edcce5d5 Mon Sep 17 00:00:00 2001 From: whoffler Date: Fri, 4 Jul 2025 10:07:38 +0100 Subject: [PATCH 10/28] default value for key_protect_plan --- ibm_catalog.json | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 19b22566..b844a7c5 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -445,7 +445,8 @@ "value": "cross-region-resiliency" } ], - "virtual": true + "virtual": true, + "default_value": "tiered-pricing" }, { "key": "name" @@ -1051,7 +1052,8 @@ "value": "cross-region-resiliency" } ], - "virtual": true + "virtual": true, + "default_value": "tiered-pricing" }, { "key": "name" From e46e5cb3c62051049f112db980676ef9877ab795 Mon Sep 17 00:00:00 2001 From: whoffler Date: Fri, 4 Jul 2025 11:51:31 +0100 Subject: [PATCH 11/28] add dependency_version_2 --- ibm_catalog.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index b844a7c5..79651585 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -682,7 +682,8 @@ { "key": "cbr_rules" } - ] + ], + "dependency_version_2": true }, { "label": "Security-enforced", From 0f199321444f128fda045c29c21872978d8b65bb Mon Sep 17 00:00:00 2001 From: whoffler Date: Fri, 4 Jul 2025 13:14:45 +0100 Subject: [PATCH 12/28] add terraform version --- ibm_catalog.json | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 79651585..53821fd1 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -683,7 +683,8 @@ "key": "cbr_rules" } ], - "dependency_version_2": true + "dependency_version_2": true, + "terraform_version": "1.10.5" }, { "label": "Security-enforced", @@ -1210,7 +1211,9 @@ { "key": "cbr_rules" } - ] + ], + "dependency_version_2": true, + "terraform_version": "1.10.5" } ] } From 7a69a8ffcb4099c5090aad0564e12632cf6b1d83 Mon Sep 17 00:00:00 2001 From: whoffler Date: Fri, 4 Jul 2025 13:35:14 +0100 Subject: [PATCH 13/28] add missing required input for code engine --- ibm_catalog.json | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/ibm_catalog.json b/ibm_catalog.json index 53821fd1..0b1eafd1 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -188,6 +188,11 @@ "dependency_input": "provider_visibility", "version_input": "provider_visibility", "reference_version": true + }, + { + "dependency_input": "project_name", + "version_input": "code_engine_project_name", + "reference_version": true } ], "version": "v4.4.1", @@ -448,6 +453,14 @@ "virtual": true, "default_value": "tiered-pricing" }, + { + "key": "project_name", + "required": true, + "type": "string", + "description": "The name to use for the Code Engine Project.", + "virtual": true, + "default_value": "" + }, { "key": "name" }, @@ -807,6 +820,11 @@ "dependency_input": "existing_resource_group_name", "version_input": "existing_resource_group_name", "reference_version": true + }, + { + "dependency_input": "project_name", + "version_input": "code_engine_project_name", + "reference_version": true } ], "version": "v4.4.1", @@ -1057,6 +1075,14 @@ "virtual": true, "default_value": "tiered-pricing" }, + { + "key": "project_name", + "required": true, + "type": "string", + "description": "The name to use for the Code Engine Project.", + "virtual": true, + "default_value": "" + }, { "key": "name" }, From a6751c0e321f1cfd0d8bf349c17a4109d68aef51 Mon Sep 17 00:00:00 2001 From: whoffler Date: Fri, 4 Jul 2025 13:53:32 +0100 Subject: [PATCH 14/28] updated observability --- ibm_catalog.json | 102 +++++++++++++++++++++++++++++++++++++---------- 1 file changed, 81 insertions(+), 21 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 0b1eafd1..2d33df51 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -55,36 +55,38 @@ "working_directory": "solutions/fully-configurable", "dependencies": [ { + "name": "deploy-arch-ibm-observability", + "description": "Enables provisioning and configuration of IBM Cloud Logs to collect, route, analyze, and visualize platform logs and events — including those generated by the Event Notifications instance — for enhanced visibility, alerting, and troubleshooting.", "flavors": [ - "fully-configurable" + "instances" ], "id": "a3137d28-79e0-479d-8a24-758ebd5a0eab-global", - "name": "deploy-arch-ibm-observability", "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "input_mapping": [ { - "dependency_input": "region", - "version_input": "region", + "dependency_input": "prefix", + "version_input": "prefix", "reference_version": true }, { - "dependency_input": "prefix", - "version_input": "prefix", + "dependency_input": "region", + "version_input": "region", "reference_version": true }, { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", + "dependency_input": "enable_platform_metrics", + "version_input": "observability_enable_platform_metrics", "reference_version": true }, { - "dependency_input": "provider_visibility", - "version_input": "provider_visibility", + "dependency_input": "logs_routing_tenant_regions", + "version_input": "logs_routing_tenant_regions", "reference_version": true } ], - "version": "v3.0.3", - "optional": true + "optional": true, + "on_by_default": true, + "version": "v3.0.3" }, { "flavors": [ @@ -418,8 +420,34 @@ "type": "string", "description": "Secrets Manager enabled platform metrics", "virtual": true, + "options": [ + { + "value": "true" + }, + { + "value": "false" + } + ], "default_value": "true" }, + { + "key": "observability_enable_platform_metrics", + "type": "string", + "default_value": "true", + "description": "When set to `true`, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-platform_metrics_enabling).", + "required": true, + "virtual": true, + "options": [ + { + "displayname": "true", + "value": "true" + }, + { + "displayname": "false", + "value": "false" + } + ] + }, { "key": "logs_routing_tenant_regions", "required": true, @@ -459,6 +487,13 @@ "type": "string", "description": "The name to use for the Code Engine Project.", "virtual": true, + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + }, "default_value": "" }, { @@ -707,31 +742,38 @@ "working_directory": "solutions/security-enforced", "dependencies": [ { - "flavors": [ - "fully-configurable" - ], "id": "a3137d28-79e0-479d-8a24-758ebd5a0eab-global", "name": "deploy-arch-ibm-observability", "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "description": "Enables provisioning and configuration of IBM Cloud Logs to collect, route, analyze, and visualize platform logs and events — including those generated by the Event Notifications instance — for enhanced visibility, alerting, and troubleshooting.", + "flavors": [ + "instances" + ], "input_mapping": [ + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, { "dependency_input": "region", "version_input": "region", "reference_version": true }, { - "dependency_input": "prefix", - "version_input": "prefix", + "dependency_input": "enable_platform_metrics", + "version_input": "observability_enable_platform_metrics", "reference_version": true }, { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", + "dependency_input": "logs_routing_tenant_regions", + "version_input": "logs_routing_tenant_regions", "reference_version": true } ], - "version": "v1.2.14", - "optional": true + "optional": true, + "on_by_default": true, + "version": "v3.0.3" }, { "flavors": [ @@ -1042,6 +1084,24 @@ "virtual": true, "default_value": true }, + { + "key": "observability_enable_platform_metrics", + "type": "string", + "default_value": "true", + "description": "When set to `true`, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-platform_metrics_enabling).", + "required": true, + "virtual": true, + "options": [ + { + "displayname": "true", + "value": "true" + }, + { + "displayname": "false", + "value": "false" + } + ] + }, { "key": "logs_routing_tenant_regions", "required": true, From a7b51f2b4ad58e170d334f9d96d68e1204a3072a Mon Sep 17 00:00:00 2001 From: whoffler Date: Fri, 4 Jul 2025 14:05:29 +0100 Subject: [PATCH 15/28] update kms and ce dependencies --- ibm_catalog.json | 74 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 56 insertions(+), 18 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 2d33df51..6f9491e7 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -89,11 +89,12 @@ "version": "v3.0.3" }, { + "name": "deploy-arch-ibm-kms", + "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", + "description": "Enable Cloud automation for Key Protect to use your own managed encryption keys. If disabled, IBM Cloud's default service-managed encryption is used.", "flavors": [ "fully-configurable" ], - "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", - "name": "deploy-arch-ibm-kms", "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "input_mapping": [ { @@ -120,10 +121,29 @@ "dependency_input": "key_protect_plan", "version_input": "key_protect_plan", "reference_version": true + }, + { + "dependency_output": "kms_instance_crn", + "version_input": "existing_kms_instance_crn" + }, + { + "version_input": "kms_encryption_enabled", + "value": true + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "region", + "version_input": "region", + "reference_version": true } ], - "version": "v5.1.4", - "optional": true + "optional": true, + "on_by_default": true, + "version": "v5.1.4" }, { "flavors": [ @@ -482,18 +502,11 @@ "default_value": "tiered-pricing" }, { - "key": "project_name", + "key": "code_engine_project_name", "required": true, "type": "string", "description": "The name to use for the Code Engine Project.", "virtual": true, - "custom_config": { - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } - }, "default_value": "" }, { @@ -776,11 +789,12 @@ "version": "v3.0.3" }, { + "name": "deploy-arch-ibm-kms", + "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", + "description": "Enable Cloud automation for Key Protect to use your own managed encryption keys. If disabled, IBM Cloud's default service-managed encryption is used.", "flavors": [ - "security-enforced" + "fully-configurable" ], - "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", - "name": "deploy-arch-ibm-kms", "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "input_mapping": [ { @@ -798,14 +812,38 @@ "version_input": "existing_resource_group_name", "reference_version": true }, + { + "dependency_input": "provider_visibility", + "version_input": "provider_visibility", + "reference_version": true + }, { "dependency_input": "key_protect_plan", "version_input": "key_protect_plan", "reference_version": true + }, + { + "dependency_output": "kms_instance_crn", + "version_input": "existing_kms_instance_crn" + }, + { + "version_input": "kms_encryption_enabled", + "value": true + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "region", + "version_input": "region", + "reference_version": true } ], - "version": "v5.1.4", - "optional": true + "optional": true, + "on_by_default": true, + "version": "v5.1.4" }, { "flavors": [ @@ -1136,7 +1174,7 @@ "default_value": "tiered-pricing" }, { - "key": "project_name", + "key": "code_engine_project_name", "required": true, "type": "string", "description": "The name to use for the Code Engine Project.", From ef817292b54bb4fd0b78c5d694a02095f63bb226 Mon Sep 17 00:00:00 2001 From: whoffler Date: Sun, 6 Jul 2025 22:36:41 +0100 Subject: [PATCH 16/28] add elasticsearch inputs from dependency outputs --- ibm_catalog.json | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/ibm_catalog.json b/ibm_catalog.json index 6f9491e7..a1281cbd 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -182,6 +182,10 @@ "dependency_input": "enable_platform_metrics", "version_input": "secrets_manager_enable_platform_metrics", "reference_version": true + }, + { + "dependency_output": "secrets_manager_crn", + "version_input": "existing_secrets_manager_instance_crn" } ], "version": "v2.4.0", @@ -215,6 +219,10 @@ "dependency_input": "project_name", "version_input": "code_engine_project_name", "reference_version": true + }, + { + "dependency_output": "project_id", + "version_input": "existing_code_engine_project_id" } ], "version": "v4.4.1", @@ -877,6 +885,10 @@ "dependency_input": "enable_platform_metrics", "version_input": "secrets_manager_enable_platform_metrics", "reference_version": true + }, + { + "dependency_output": "secrets_manager_crn", + "version_input": "existing_secrets_manager_instance_crn" } ], "version": "v2.4.0", @@ -905,6 +917,10 @@ "dependency_input": "project_name", "version_input": "code_engine_project_name", "reference_version": true + }, + { + "dependency_output": "project_id", + "version_input": "existing_code_engine_project_id" } ], "version": "v4.4.1", From 983160b16fb0e889eac2d698579de50243b495a9 Mon Sep 17 00:00:00 2001 From: whoffler Date: Sun, 6 Jul 2025 22:42:31 +0100 Subject: [PATCH 17/28] show secrets_manager_enable_platform_metrics --- ibm_catalog.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ibm_catalog.json b/ibm_catalog.json index a1281cbd..f472e0e4 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -450,9 +450,11 @@ "virtual": true, "options": [ { + "displayname": "true", "value": "true" }, { + "displayname": "false", "value": "false" } ], From 6078d996a5a193e85b9d7d39bb5f92beb4931f29 Mon Sep 17 00:00:00 2001 From: whoffler Date: Mon, 7 Jul 2025 11:46:58 +0100 Subject: [PATCH 18/28] update --- ibm_catalog.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index f472e0e4..db3eebd5 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -146,12 +146,12 @@ "version": "v5.1.4" }, { - "flavors": [ - "fully-configurable" - ], "id": "6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global", "name": "deploy-arch-ibm-secrets-manager", "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "flavors": [ + "fully-configurable" + ], "input_mapping": [ { "dependency_input": "region", @@ -192,13 +192,13 @@ "optional": true }, { + "id": "413843d9-8962-48a5-8ab5-dfcf4429372c-global", + "name": "deploy-arch-ibm-code-engine", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "flavors": [ "apps", "project" ], - "id": "413843d9-8962-48a5-8ab5-dfcf4429372c-global", - "name": "deploy-arch-ibm-code-engine", - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "input_mapping": [ { "dependency_input": "prefix", From 603ec684b48df5ed19407acb4847853ffbe52658 Mon Sep 17 00:00:00 2001 From: whoffler Date: Mon, 7 Jul 2025 12:01:00 +0100 Subject: [PATCH 19/28] remove not required observability field --- ibm_catalog.json | 40 ---------------------------------------- 1 file changed, 40 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index db3eebd5..4416553f 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -77,11 +77,6 @@ "dependency_input": "enable_platform_metrics", "version_input": "observability_enable_platform_metrics", "reference_version": true - }, - { - "dependency_input": "logs_routing_tenant_regions", - "version_input": "logs_routing_tenant_regions", - "reference_version": true } ], "optional": true, @@ -478,21 +473,6 @@ } ] }, - { - "key": "logs_routing_tenant_regions", - "required": true, - "type": "array", - "custom_config": { - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } - }, - "description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in.", - "virtual": true, - "default_value": "[]" - }, { "key": "key_protect_plan", "required": true, @@ -787,11 +767,6 @@ "dependency_input": "enable_platform_metrics", "version_input": "observability_enable_platform_metrics", "reference_version": true - }, - { - "dependency_input": "logs_routing_tenant_regions", - "version_input": "logs_routing_tenant_regions", - "reference_version": true } ], "optional": true, @@ -1158,21 +1133,6 @@ } ] }, - { - "key": "logs_routing_tenant_regions", - "required": true, - "type": "array", - "custom_config": { - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } - }, - "description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in.", - "virtual": true, - "default_value": "[]" - }, { "key": "key_protect_plan", "required": true, From 9508eeb0c9daac9271cb759e656994f7c9df5306 Mon Sep 17 00:00:00 2001 From: whoffler Date: Mon, 7 Jul 2025 13:16:10 +0100 Subject: [PATCH 20/28] passing unit test --- .secrets.baseline | 4 +-- tests/go.mod | 5 ++-- tests/go.sum | 4 +-- tests/pr_test.go | 76 +++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 83 insertions(+), 6 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 99241264..8275f979 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2025-07-03T10:08:09Z", + "generated_at": "2025-07-07T12:13:05Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -110,7 +110,7 @@ "hashed_secret": "8c7c51db5075ebd0369c51e9f14737d9b4c1c21d", "is_secret": false, "is_verified": false, - "line_number": 369, + "line_number": 355, "type": "Base64 High Entropy String", "verified_result": null } diff --git a/tests/go.mod b/tests/go.mod index 69c227b7..3f4d120f 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -2,12 +2,13 @@ module github.com/terraform-ibm-modules/terraform-ibm-icd-elasticsearch go 1.23.0 -toolchain go1.24.4 +toolchain go1.24.1 require ( + github.com/IBM/go-sdk-core/v5 v5.20.1 github.com/gruntwork-io/terratest v0.50.0 github.com/stretchr/testify v1.10.0 - github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.55.2 + github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.55.3 ) require ( diff --git a/tests/go.sum b/tests/go.sum index 8b7b7430..ffa98a99 100644 --- a/tests/go.sum +++ b/tests/go.sum @@ -295,8 +295,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.55.2 h1:glzdzCX2gbltCJd6Ii4GCU/xYJVLUXFs+FvJp42YheE= -github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.55.2/go.mod h1:VqiPX6tW9J87xrrrSP7NE9C5jZNmv+wRoRHDfgBYSSY= +github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.55.3 h1:eNY99YyaCo2P79T96p/htlXRV8fRpAXa7NBWnjdOPOw= +github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.55.3/go.mod h1:VqiPX6tW9J87xrrrSP7NE9C5jZNmv+wRoRHDfgBYSSY= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tmccombs/hcl2json v0.6.4 h1:/FWnzS9JCuyZ4MNwrG4vMrFrzRgsWEOVi+1AyYUVLGw= github.com/tmccombs/hcl2json v0.6.4/go.mod h1:+ppKlIW3H5nsAsZddXPy2iMyvld3SHxyjswOZhavRDk= diff --git a/tests/pr_test.go b/tests/pr_test.go index f007cc33..54ec9ada 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -11,6 +11,7 @@ import ( "strings" "testing" + "github.com/IBM/go-sdk-core/v5/core" "github.com/gruntwork-io/terratest/modules/files" "github.com/gruntwork-io/terratest/modules/logger" "github.com/gruntwork-io/terratest/modules/random" @@ -19,6 +20,7 @@ import ( "github.com/stretchr/testify/require" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/cloudinfo" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/common" + "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testaddons" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testhelper" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testschematic" ) @@ -398,3 +400,77 @@ func GetRandomAdminPassword(t *testing.T) string { randomPass := "A1" + base64.URLEncoding.EncodeToString(randomBytes)[:13] return randomPass } + +// TestRunAddonTests runs addon tests in parallel using a matrix approach +func TestRunAddonTests(t *testing.T) { + testCases := []testaddons.AddonTestCase{ + { + Name: "ES-Default-Configuration", + Prefix: "esaddon", + }, + { + Name: "ES-With-RG-OBS-CE-KMS-SM-And-Account-Settings", + Prefix: "esall", + Dependencies: []cloudinfo.AddonConfig{ + { + OfferingName: "deploy-arch-ibm-account-infra-base", + OfferingFlavor: "resource-group-only", + Enabled: core.BoolPtr(true), + }, + { + OfferingName: "deploy-arch-ibm-observability", + OfferingFlavor: "instances", + Enabled: core.BoolPtr(true), + }, + { + OfferingName: "deploy-arch-ibm-kms", + OfferingFlavor: "fully-configurable", + Enabled: core.BoolPtr(true), + }, + { + OfferingName: "deploy-arch-ibm-secrets-manager", + OfferingFlavor: "fully-configurable", + Enabled: core.BoolPtr(true), + }, + { + OfferingName: "deploy-arch-ibm-code-engine", + OfferingFlavor: "project", + Enabled: core.BoolPtr(true), + }, + }, + SkipInfrastructureDeployment: true, // Skip infrastructure deployment for this test case + }, + } + // Define common options that apply to all test cases + baseOptions := testaddons.TestAddonsOptionsDefault(&testaddons.TestAddonOptions{ + Testing: t, + Prefix: "es-matrix", // Test cases will override with their own prefixes + ResourceGroup: resourceGroup, + SkipLocalChangeCheck: true, // Skip local change check for addon tests + }) + + matrix := testaddons.AddonTestMatrix{ + TestCases: testCases, + BaseOptions: baseOptions, + BaseSetupFunc: func(baseOptions *testaddons.TestAddonOptions, testCase testaddons.AddonTestCase) *testaddons.TestAddonOptions { + // The framework automatically handles prefix assignment from testCase.Prefix + // You can add any custom logic here if needed + return baseOptions + }, + AddonConfigFunc: func(options *testaddons.TestAddonOptions, testCase testaddons.AddonTestCase) cloudinfo.AddonConfig { + return cloudinfo.NewAddonConfigTerraform( + options.Prefix, + "deploy-arch-ibm-icd-elasticsearch", + "fully-configurable", + map[string]interface{}{ + "prefix": options.Prefix, + "region": "us-south", + "elasticsearch_version": "8.15", + "code_engine_project_name": "es-addons-project", + }, + ) + }, + } + + baseOptions.RunAddonTestMatrix(matrix) +} From 747a8fc4fd24214c9a3ffd920ba0968ad3a765f6 Mon Sep 17 00:00:00 2001 From: whoffler Date: Mon, 7 Jul 2025 14:32:42 +0100 Subject: [PATCH 21/28] update arch diagram --- .../deployable-architecture-elasticsearch.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference-architecture/deployable-architecture-elasticsearch.svg b/reference-architecture/deployable-architecture-elasticsearch.svg index c88d3a81..78d7128d 100644 --- a/reference-architecture/deployable-architecture-elasticsearch.svg +++ b/reference-architecture/deployable-architecture-elasticsearch.svg @@ -1,4 +1,4 @@ -IBM CloudRegionResource GroupDatabase for Elasticsearch
ES
ES
IBM Cloud Code Engine Project
IBM Cloud Code Engine ProjectKibana Code Engine App
[Optional] SCC Workload Protection
[Optional] SCC Worklo...
[Optional] KMS
[Optional] KMS
Key Ring
Key Ringelasticsearch-keyText is not SVG - cannot display \ No newline at end of file +IBM CloudRegionResource GroupDatabase for Elasticsearch
ES
ESKibana Code Engine App
[Optional] IBM Cloud Code Engine Project
[Optional] IBM Cloud Code Engi...
[Optional] Key Management Services
[Optional] Key Manageme...
Key Ring
Key Ringelasticsearch-keyCloud logs
Observability
Observabil...
[Optional]
[Option...Cloud Monitoring
Identity & Access
Management
Identity & Access...
Access Groups
Access Groups
[Optional] 
Secrets Manager
[Optional]...Text is not SVG - cannot display \ No newline at end of file From b304f09285f9c4e7f617f068faa967b7c1cd6ea3 Mon Sep 17 00:00:00 2001 From: whoffler Date: Mon, 7 Jul 2025 14:37:51 +0100 Subject: [PATCH 22/28] update --- tests/go.mod | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/go.mod b/tests/go.mod index 3f4d120f..18ee0099 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -16,7 +16,6 @@ require ( github.com/IBM-Cloud/bluemix-go v0.0.0-20240719075425-078fcb3a55be // indirect github.com/IBM-Cloud/power-go-client v1.11.0 // indirect github.com/IBM/cloud-databases-go-sdk v0.8.0 // indirect - github.com/IBM/go-sdk-core/v5 v5.20.1 // indirect github.com/IBM/platform-services-go-sdk v0.83.2 // indirect github.com/IBM/project-go-sdk v0.3.6 // indirect github.com/IBM/schematics-go-sdk v0.4.0 // indirect From 58570209a652302d1ea9c91e2aba7cf56f21ac6e Mon Sep 17 00:00:00 2001 From: whoffler Date: Mon, 7 Jul 2025 14:49:05 +0100 Subject: [PATCH 23/28] update secrets baseline --- .secrets.baseline | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 8275f979..7ec37090 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2025-07-07T12:13:05Z", + "generated_at": "2025-07-07T13:48:04Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -110,7 +110,7 @@ "hashed_secret": "8c7c51db5075ebd0369c51e9f14737d9b4c1c21d", "is_secret": false, "is_verified": false, - "line_number": 355, + "line_number": 371, "type": "Base64 High Entropy String", "verified_result": null } From 0bbc8aa6ed05d6373cba339c01ec2187dc27677e Mon Sep 17 00:00:00 2001 From: whoffler Date: Thu, 10 Jul 2025 13:12:36 +0100 Subject: [PATCH 24/28] update pr test wait time --- tests/pr_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/pr_test.go b/tests/pr_test.go index 54ec9ada..180d542c 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -174,7 +174,7 @@ func TestRunSecurityEnforcedSolutionSchematics(t *testing.T) { Prefix: "els-se-da", ResourceGroup: resourceGroup, DeleteWorkspaceOnFail: false, - WaitJobCompleteMinutes: 60, + WaitJobCompleteMinutes: 90, }) serviceCredentialSecrets := []map[string]interface{}{ From 5a3e42c0c4c4b0c2111a72607c062af2be476f4b Mon Sep 17 00:00:00 2001 From: whoffler Date: Thu, 10 Jul 2025 15:32:39 +0100 Subject: [PATCH 25/28] update --- ibm_catalog.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 4416553f..4db9777c 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -80,7 +80,7 @@ } ], "optional": true, - "on_by_default": true, + "on_by_default": false, "version": "v3.0.3" }, { @@ -137,7 +137,7 @@ } ], "optional": true, - "on_by_default": true, + "on_by_default": false, "version": "v5.1.4" }, { @@ -770,7 +770,7 @@ } ], "optional": true, - "on_by_default": true, + "on_by_default": false, "version": "v3.0.3" }, { @@ -827,7 +827,7 @@ } ], "optional": true, - "on_by_default": true, + "on_by_default": false, "version": "v5.1.4" }, { From b5e106a7fba922f81b58168f5517bec527c00285 Mon Sep 17 00:00:00 2001 From: whoffler Date: Fri, 11 Jul 2025 15:47:45 +0100 Subject: [PATCH 26/28] remove duplicate dependency inputs --- ibm_catalog.json | 28 ++++------------------------ 1 file changed, 4 insertions(+), 24 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 4db9777c..7adec433 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -80,7 +80,7 @@ } ], "optional": true, - "on_by_default": false, + "on_by_default": true, "version": "v3.0.3" }, { @@ -124,20 +124,10 @@ { "version_input": "kms_encryption_enabled", "value": true - }, - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_input": "region", - "version_input": "region", - "reference_version": true } ], "optional": true, - "on_by_default": false, + "on_by_default": true, "version": "v5.1.4" }, { @@ -770,7 +760,7 @@ } ], "optional": true, - "on_by_default": false, + "on_by_default": true, "version": "v3.0.3" }, { @@ -814,20 +804,10 @@ { "version_input": "kms_encryption_enabled", "value": true - }, - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_input": "region", - "version_input": "region", - "reference_version": true } ], "optional": true, - "on_by_default": false, + "on_by_default": true, "version": "v5.1.4" }, { From 19532952a18c980d29a57527dc8829f19e6a3b24 Mon Sep 17 00:00:00 2001 From: whoffler Date: Thu, 17 Jul 2025 12:40:28 +0100 Subject: [PATCH 27/28] update diagram --- .../deployable-architecture-elasticsearch.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference-architecture/deployable-architecture-elasticsearch.svg b/reference-architecture/deployable-architecture-elasticsearch.svg index 78d7128d..063150d0 100644 --- a/reference-architecture/deployable-architecture-elasticsearch.svg +++ b/reference-architecture/deployable-architecture-elasticsearch.svg @@ -1,4 +1,4 @@ -IBM CloudRegionResource GroupDatabase for Elasticsearch
ES
ESKibana Code Engine App
[Optional] IBM Cloud Code Engine Project
[Optional] IBM Cloud Code Engi...
[Optional] Key Management Services
[Optional] Key Manageme...
Key Ring
Key Ringelasticsearch-keyCloud logs
Observability
Observabil...
[Optional]
[Option...Cloud Monitoring
Identity & Access
Management
Identity & Access...
Access Groups
Access Groups
[Optional] 
Secrets Manager
[Optional]...Text is not SVG - cannot display \ No newline at end of file +IBM CloudRegionResource GroupDatabase for Elasticsearch
ES
ESKibana Code Engine App
[Optional] IBM Cloud Code Engine Project
[Optional] IBM Cloud Code Engi...
[Optional] Key Management Services
[Optional] Key Manageme...
Key Ring
Key Ringelasticsearch-keyCloud logs
Observability
Observabil...
[Optional]
[Option...Cloud Monitoring
Identity & Access
Management
Identity & Access...
Access Groups
Access Groups
[Optional] 
Secrets Manager
[Optional]...Text is not SVG - cannot display \ No newline at end of file From 86d599e0304f53459c4fbda9cc1f2f93e26bfff6 Mon Sep 17 00:00:00 2001 From: whoffler Date: Thu, 17 Jul 2025 15:12:59 +0100 Subject: [PATCH 28/28] upgrade to latest version of terratest --- tests/go.mod | 4 ++-- tests/go.sum | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/go.mod b/tests/go.mod index 18ee0099..3c5a48dc 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -2,13 +2,13 @@ module github.com/terraform-ibm-modules/terraform-ibm-icd-elasticsearch go 1.23.0 -toolchain go1.24.1 +toolchain go1.24.4 require ( github.com/IBM/go-sdk-core/v5 v5.20.1 github.com/gruntwork-io/terratest v0.50.0 github.com/stretchr/testify v1.10.0 - github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.55.3 + github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.55.6 ) require ( diff --git a/tests/go.sum b/tests/go.sum index ffa98a99..6a35bf68 100644 --- a/tests/go.sum +++ b/tests/go.sum @@ -295,8 +295,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.55.3 h1:eNY99YyaCo2P79T96p/htlXRV8fRpAXa7NBWnjdOPOw= -github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.55.3/go.mod h1:VqiPX6tW9J87xrrrSP7NE9C5jZNmv+wRoRHDfgBYSSY= +github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.55.6 h1:A//P0qWtKw0MKo6vg8/6orpKaD+SUj7d57MfI6EZLxI= +github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.55.6/go.mod h1:VqiPX6tW9J87xrrrSP7NE9C5jZNmv+wRoRHDfgBYSSY= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tmccombs/hcl2json v0.6.4 h1:/FWnzS9JCuyZ4MNwrG4vMrFrzRgsWEOVi+1AyYUVLGw= github.com/tmccombs/hcl2json v0.6.4/go.mod h1:+ppKlIW3H5nsAsZddXPy2iMyvld3SHxyjswOZhavRDk=