feat: initial module + DA

.catalog-onboard-pipeline.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+offerings:
+  - name: deploy-arch-ibm-monitoring-agent
+    kind: solution
+    catalog_id: _
+    offering_id: _
+    variations:
+      - name: fully-configurable
+        mark_ready: true
+        install_type: fullstack
+        pre_validation: "tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh"
+        post_validation: "tests/scripts/post-validation-destroy-slz-roks-and-obs-instances.sh"

.github/settings.yml

@@ -25,4 +25,4 @@ repository:
   # description: ""
 
   # Use a comma-separated list of topics to set on the repo (ensure not to use any caps in the topic string).
-  topics: terraform, ibm-cloud, terraform-module, core-team, monitoring-agent, sysdig-agent, observability, agent, sysdig
+  topics: terraform, ibm-cloud, terraform-module, core-team, monitoring-agent, sysdig-agent, observability, monitoring, agent, sysdig

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-11-22T17:36:38Z",
+  "generated_at": "2025-03-24T23:50:52Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -76,18 +76,7 @@
       "name": "TwilioKeyDetector"
     }
   ],
-  "results": {
-    "README.md": [
-      {
-        "hashed_secret": "ff9ee043d85595eb255c05dfe32ece02a53efbb2",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 74,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ]
-  },
+  "results": {},
   "version": "0.13.1+ibm.62.dss",
   "word_list": {
     "file": null,

CODEOWNERS

@@ -0,0 +1,2 @@
+# Primary owner should be listed first in list of global owners, followed by any secondary owners
+*       @jor2 @Aashiq-J

cra-config.yaml

@@ -1,17 +1,6 @@
-#
-# Developer tips:
-#   - CRA = Code Risk Analyzer (more info on CRA: https://cloud.ibm.com/docs/code-risk-analyzer-cli-plugin?topic=code-risk-analyzer-cli-plugin-cra-cli-plugin)
-#   - Multiple directories can be scanned by CRA. Ensure if there are any deployable architecture in the repository that they are all scanned
-#   - More info about supported configurations at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml
-#
-
+# More info about this file at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml
 version: "v1"
 CRA_TARGETS:
-  - CRA_TARGET: "examples/advanced" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
-    CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json"
-    PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3" # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile).
-    # SCC_INSTANCE_ID: "" # The SCC instance ID to use to download profile for CRA scan. If not provided, a default global value will be used.
-    # SCC_REGION: "" # The IBM Cloud region that the SCC instance is in. If not provided, a default global value will be used.
-    CRA_ENVIRONMENT_VARIABLES:  # An optional map of environment variables for CRA, where the key is the variable name and value is the value. Useful for providing TF_VARs.
-      TF_VAR_prefix: "mock"
-      TF_VAR_region: "us-south"
+  - CRA_TARGET: "examples/obs-agent-ocp" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
+    CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
+    PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3"         # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile).

cra-tf-validate-ignore-rules.json

@@ -1,3 +1,22 @@
 {
-    "scc_rules": []
+    "scc_rules": [
+        {
+            "scc_rule_id": "rule-216e2449-27d7-4afc-929a-b66e196a9cf9",
+            "description": "Check whether Flow Logs for VPC are enabled",
+            "ignore_reason": "This rule is not relevant to the module itself, just the VPC resource that is used in the example that is scanned",
+            "is_valid": false
+        },
+        {
+            "scc_rule_id": "rule-2325054a-c338-474a-9740-0b7034487e40",
+            "description:": "Check whether OpenShift clusters are accessible only by using private endpoints",
+            "ignore_reason": "This rule is not relevant to the module itself, just the cluster resource that is used in the example that is scanned",
+            "is_valid": false
+        },
+        {
+            "scc_rule_id": "rule-64c0bea0-8760-4a6b-a56c-ee375a48961e",
+            "description:": "Check whether Virtual Private Cloud (VPC) has no public gateways attached",
+            "ignore_reason": "This rule is not relevant to the module itself, just the VPC resource that is used in the example that is scanned",
+            "is_valid": false
+        }
+    ]
 }

examples/obs-agent-iks/README.md

@@ -0,0 +1,10 @@
+# Monitoring agent on Kubernetes using CSE ingress endpoint with an apikey
+
+An example that shows how to deploy a Monitoring agent in a Kubernetes cluster to send Logs directly to IBM a Cloud Monitoring instance.
+
+The example provisions the following resources:
+- A new resource group, if an existing one is not passed in.
+- A basic VPC (if `is_vpc_cluster` is true).
+- A Kubernetes cluster.
+- An IBM Cloud Monitoring instance
+- Monitoring agent