Skip to content
This repository was archived by the owner on Mar 19, 2025. It is now read-only.

Commit 3f40a51

Browse files
akocbekakocbek
authored
feat: The following variables have been renamed:<br>- skip_scc_wp_auth_policy -> skip_scc_workload_protection_auth_policy<br>- scc_wp_instance_name -> scc_workload_protection_instance_name<br>- scc_wp_service_plan -> scc_workload_protection_service_plan<br>- scc_wp_instance_tags -> scc_workload_protection_instance_tags<br>- scc_wp_resource_key_name -> scc_workload_protection_resource_key_name<br>- scc_wp_resource_key_tags -> scc_workload_protection_resource_key_tags<br>- scc_wp_access_tags -> scc_workload_protection_access_tags<br>* The following outputs have been renamed:<br>- scc_wp_id -> scc_workload_protection_id<br>- scc_wp_crn -> scc_workload_protection_crn<br>- scc_wp_name -> scc_workload_protection_name<br>- scc_wp_ingestion_endpoint -> scc_workload_protection_ingestion_endpoint<br>- scc_wp_api_endpoint -> scc_workload_protection_api_endpoint<br>- scc_wp_access_key -> scc_workload_protection_access_key<br>* grouped the input variable in order in catalog tile and made some dropdown pickers (#61)
1 parent be22e36 commit 3f40a51

File tree

6 files changed

+236
-40
lines changed

6 files changed

+236
-40
lines changed

ibm_catalog.json

Lines changed: 198 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -55,12 +55,208 @@
5555
}
5656
]
5757
},
58-
"configuration" : [
58+
"configuration": [
59+
{
60+
"key": "ibmcloud_api_key"
61+
},
62+
{
63+
"key": "use_existing_resource_group"
64+
},
65+
{
66+
"key": "resource_group_name"
67+
},
68+
{
69+
"key": "existing_monitoring_crn"
70+
},
71+
{
72+
"key": "existing_kms_instance_crn"
73+
},
5974
{
6075
"key": "existing_scc_cos_kms_key_crn",
6176
"required": true
77+
},
78+
{
79+
"key": "kms_endpoint_type",
80+
"options": [
81+
{
82+
"displayname": "Public",
83+
"value": "public"
84+
},
85+
{
86+
"displayname": "Private",
87+
"value": "private"
88+
}
89+
]
90+
},
91+
{
92+
"key": "scc_cos_key_ring_name"
93+
},
94+
{
95+
"key": "scc_cos_key_name"
96+
},
97+
{
98+
"custom_config": {
99+
"config_constraints": {
100+
"generationType": "2"
101+
},
102+
"grouping": "deployment",
103+
"original_grouping": "deployment",
104+
"type": "region"
105+
},
106+
"key": "cos_region",
107+
"required": true,
108+
"type": "string"
109+
},
110+
{
111+
"key": "cos_instance_name"
112+
},
113+
{
114+
"key": "cos_instance_tags"
115+
},
116+
{
117+
"key": "cos_instance_access_tags"
118+
},
119+
{
120+
"key": "scc_cos_bucket_name"
121+
},
122+
{
123+
"key": "add_bucket_name_suffix"
124+
},
125+
{
126+
"key": "scc_cos_bucket_access_tags"
127+
},
128+
{
129+
"key": "scc_cos_bucket_class",
130+
"options": [
131+
{
132+
"displayname": "Cold",
133+
"value": "cold"
134+
},
135+
{
136+
"displayname": "Onerate active",
137+
"value": "onerate_active"
138+
},
139+
{
140+
"displayname": "Smart",
141+
"value": "smart"
142+
},
143+
{
144+
"displayname": "Standard",
145+
"value": "standard"
146+
},
147+
{
148+
"displayname": "Vault",
149+
"value": "vault"
150+
}
151+
]
152+
},
153+
{
154+
"key": "existing_cos_instance_crn"
155+
},
156+
{
157+
"key": "existing_scc_cos_bucket_name"
158+
},
159+
{
160+
"key": "skip_cos_kms_auth_policy"
161+
},
162+
{
163+
"key": "management_endpoint_type_for_bucket",
164+
"options": [
165+
{
166+
"displayname": "Direct",
167+
"value": "direct"
168+
},
169+
{
170+
"displayname": "Private",
171+
"value": "private"
172+
},
173+
{
174+
"displayname": "Public",
175+
"value": "public"
176+
}
177+
]
178+
},
179+
{
180+
"key": "scc_instance_name"
181+
},
182+
{
183+
"key": "scc_region",
184+
"options": [
185+
{
186+
"displayname": "Dallas (us-south)",
187+
"value": "us-south"
188+
},
189+
{
190+
"displayname": "Frankfurt (eu-de)",
191+
"value": "eu-de"
192+
},
193+
{
194+
"displayname": "Madrid (eu-es)",
195+
"value": "eu-es"
196+
},
197+
{
198+
"displayname": "Toronto (ca-tor)",
199+
"value": "ca-tor"
200+
}
201+
]
202+
},
203+
{
204+
"key": "skip_scc_cos_auth_policy"
205+
},
206+
{
207+
"key": "scc_service_plan",
208+
"options": [
209+
{
210+
"displayname": "Standard",
211+
"value": "security-compliance-center-standard-plan"
212+
},
213+
{
214+
"displayname": "Trial",
215+
"value": "security-compliance-center-trial-plan"
216+
}
217+
]
218+
},
219+
{
220+
"key": "existing_en_crn"
221+
},
222+
{
223+
"key": "scc_instance_tags"
224+
},
225+
{
226+
"key": "skip_scc_workload_protection_auth_policy"
227+
},
228+
{
229+
"key": "provision_scc_workload_protection"
230+
},
231+
{
232+
"key": "scc_workload_protection_instance_name"
233+
},
234+
{
235+
"key": "scc_workload_protection_service_plan",
236+
"options": [
237+
{
238+
"displayname": "Free trial",
239+
"value": "free-trial"
240+
},
241+
{
242+
"displayname": "Graduated tier",
243+
"value": "graduated-tier"
244+
}
245+
]
246+
},
247+
{
248+
"key": "scc_workload_protection_instance_tags"
249+
},
250+
{
251+
"key": "scc_workload_protection_resource_key_name"
252+
},
253+
{
254+
"key": "scc_workload_protection_resource_key_tags"
255+
},
256+
{
257+
"key": "scc_workload_protection_access_tags"
62258
}
63-
],
259+
],
64260
"iam_permissions": [
65261
{
66262
"service_name": "compliance",

solutions/instances/README.md

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -61,15 +61,15 @@ No resources.
6161
| <a name="input_scc_instance_tags"></a> [scc\_instance\_tags](#input\_scc\_instance\_tags) | Optional list of tags to be added to SCC instance. | `list(string)` | `[]` | no |
6262
| <a name="input_scc_region"></a> [scc\_region](#input\_scc\_region) | The region in which to provision SCC resources. | `string` | `"us-south"` | no |
6363
| <a name="input_scc_service_plan"></a> [scc\_service\_plan](#input\_scc\_service\_plan) | The service/pricing plan to use when provisioning a new Security Compliance Center instance. Allowed values are: 'security-compliance-center-standard-plan' (default value) and 'security-compliance-center-trial-plan'. Only used if `provision_scc_instance` is set to true. | `string` | `"security-compliance-center-standard-plan"` | no |
64-
| <a name="input_scc_wp_access_tags"></a> [scc\_wp\_access\_tags](#input\_scc\_wp\_access\_tags) | A list of access tags to apply to the SCC WP instance. | `list(string)` | `[]` | no |
65-
| <a name="input_scc_wp_instance_name"></a> [scc\_wp\_instance\_name](#input\_scc\_wp\_instance\_name) | The name to give the SCC Workload Protection instance that will be provisioned by this solution. Must begine with a letter. Only used i 'provision\_scc\_workload\_protection' to true. | `string` | `"base-security-services-scc-wp"` | no |
66-
| <a name="input_scc_wp_instance_tags"></a> [scc\_wp\_instance\_tags](#input\_scc\_wp\_instance\_tags) | Optional list of tags to be added to SCC Workload Protection instance. | `list(string)` | `[]` | no |
67-
| <a name="input_scc_wp_resource_key_name"></a> [scc\_wp\_resource\_key\_name](#input\_scc\_wp\_resource\_key\_name) | The name to give the IBM Cloud SCC Workload Protection manager resource key. | `string` | `"SCCWPManagerKey"` | no |
68-
| <a name="input_scc_wp_resource_key_tags"></a> [scc\_wp\_resource\_key\_tags](#input\_scc\_wp\_resource\_key\_tags) | Tags associated with the IBM Cloud SCC WP resource key. | `list(string)` | `[]` | no |
69-
| <a name="input_scc_wp_service_plan"></a> [scc\_wp\_service\_plan](#input\_scc\_wp\_service\_plan) | SCC Workload Protection instance service pricing plan. Allowed values are: `free-trial` or `graduated-tier`. | `string` | `"graduated-tier"` | no |
64+
| <a name="input_scc_workload_protection_access_tags"></a> [scc\_workload\_protection\_access\_tags](#input\_scc\_workload\_protection\_access\_tags) | A list of access tags to apply to the SCC WP instance. | `list(string)` | `[]` | no |
65+
| <a name="input_scc_workload_protection_instance_name"></a> [scc\_workload\_protection\_instance\_name](#input\_scc\_workload\_protection\_instance\_name) | The name to give the SCC Workload Protection instance that will be provisioned by this solution. Must begine with a letter. Only used i 'provision\_scc\_workload\_protection' to true. | `string` | `"base-security-services-scc-wp"` | no |
66+
| <a name="input_scc_workload_protection_instance_tags"></a> [scc\_workload\_protection\_instance\_tags](#input\_scc\_workload\_protection\_instance\_tags) | Optional list of tags to be added to SCC Workload Protection instance. | `list(string)` | `[]` | no |
67+
| <a name="input_scc_workload_protection_resource_key_name"></a> [scc\_workload\_protection\_resource\_key\_name](#input\_scc\_workload\_protection\_resource\_key\_name) | The name to give the IBM Cloud SCC Workload Protection manager resource key. | `string` | `"SCCWPManagerKey"` | no |
68+
| <a name="input_scc_workload_protection_resource_key_tags"></a> [scc\_workload\_protection\_resource\_key\_tags](#input\_scc\_workload\_protection\_resource\_key\_tags) | Tags associated with the IBM Cloud SCC WP resource key. | `list(string)` | `[]` | no |
69+
| <a name="input_scc_workload_protection_service_plan"></a> [scc\_workload\_protection\_service\_plan](#input\_scc\_workload\_protection\_service\_plan) | SCC Workload Protection instance service pricing plan. Allowed values are: `free-trial` or `graduated-tier`. | `string` | `"graduated-tier"` | no |
7070
| <a name="input_skip_cos_kms_auth_policy"></a> [skip\_cos\_kms\_auth\_policy](#input\_skip\_cos\_kms\_auth\_policy) | Set to true to skip the creation of an IAM authorization policy that permits the COS instance created to read the encryption key from the KMS instance. WARNING: An authorization policy must exist before an encrypted bucket can be created | `bool` | `false` | no |
7171
| <a name="input_skip_scc_cos_auth_policy"></a> [skip\_scc\_cos\_auth\_policy](#input\_skip\_scc\_cos\_auth\_policy) | Set to true to skip the creation of an IAM authorization policy that permits the SCC instance created by this solution write access to the COS instance. Only used if `provision_scc_instance` is set to true. | `bool` | `false` | no |
72-
| <a name="input_skip_scc_wp_auth_policy"></a> [skip\_scc\_wp\_auth\_policy](#input\_skip\_scc\_wp\_auth\_policy) | Set to true to skip the creation of an IAM authorization policy that permits the SCC instance created by this solution read access to the workload protection instance. Only used if `provision_scc_workload_protection` is set to true. | `bool` | `false` | no |
72+
| <a name="input_skip_scc_workload_protection_auth_policy"></a> [skip\_scc\_workload\_protection\_auth\_policy](#input\_skip\_scc\_workload\_protection\_auth\_policy) | Set to true to skip the creation of an IAM authorization policy that permits the SCC instance created by this solution read access to the workload protection instance. Only used if `provision_scc_workload_protection` is set to true. | `bool` | `false` | no |
7373
| <a name="input_use_existing_resource_group"></a> [use\_existing\_resource\_group](#input\_use\_existing\_resource\_group) | Whether to use an existing resource group. | `bool` | `false` | no |
7474

7575
### Outputs
@@ -84,10 +84,10 @@ No resources.
8484
| <a name="output_scc_guid"></a> [scc\_guid](#output\_scc\_guid) | SCC instance guid |
8585
| <a name="output_scc_id"></a> [scc\_id](#output\_scc\_id) | SCC instance ID |
8686
| <a name="output_scc_name"></a> [scc\_name](#output\_scc\_name) | SCC instance name |
87-
| <a name="output_scc_wp_access_key"></a> [scc\_wp\_access\_key](#output\_scc\_wp\_access\_key) | SCC Workload Protection access key |
88-
| <a name="output_scc_wp_api_endpoint"></a> [scc\_wp\_api\_endpoint](#output\_scc\_wp\_api\_endpoint) | SCC Workload Protection API endpoint |
89-
| <a name="output_scc_wp_crn"></a> [scc\_wp\_crn](#output\_scc\_wp\_crn) | SCC Workload Protection instance CRN |
90-
| <a name="output_scc_wp_id"></a> [scc\_wp\_id](#output\_scc\_wp\_id) | SCC Workload Protection instance ID |
91-
| <a name="output_scc_wp_ingestion_endpoint"></a> [scc\_wp\_ingestion\_endpoint](#output\_scc\_wp\_ingestion\_endpoint) | SCC Workload Protection instance ingestion endpoint |
92-
| <a name="output_scc_wp_name"></a> [scc\_wp\_name](#output\_scc\_wp\_name) | SCC Workload Protection instance name |
87+
| <a name="output_scc_workload_protection_access_key"></a> [scc\_workload\_protection\_access\_key](#output\_scc\_workload\_protection\_access\_key) | SCC Workload Protection access key |
88+
| <a name="output_scc_workload_protection_api_endpoint"></a> [scc\_workload\_protection\_api\_endpoint](#output\_scc\_workload\_protection\_api\_endpoint) | SCC Workload Protection API endpoint |
89+
| <a name="output_scc_workload_protection_crn"></a> [scc\_workload\_protection\_crn](#output\_scc\_workload\_protection\_crn) | SCC Workload Protection instance CRN |
90+
| <a name="output_scc_workload_protection_id"></a> [scc\_workload\_protection\_id](#output\_scc\_workload\_protection\_id) | SCC Workload Protection instance ID |
91+
| <a name="output_scc_workload_protection_ingestion_endpoint"></a> [scc\_workload\_protection\_ingestion\_endpoint](#output\_scc\_workload\_protection\_ingestion\_endpoint) | SCC Workload Protection instance ingestion endpoint |
92+
| <a name="output_scc_workload_protection_name"></a> [scc\_workload\_protection\_name](#output\_scc\_workload\_protection\_name) | SCC Workload Protection instance name |
9393
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

solutions/instances/main.tf

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -137,7 +137,7 @@ module "scc" {
137137
resource_tags = var.scc_instance_tags
138138
attach_wp_to_scc_instance = var.provision_scc_workload_protection
139139
wp_instance_crn = var.provision_scc_workload_protection ? module.scc_wp[0].crn : null
140-
skip_scc_wp_auth_policy = var.skip_scc_wp_auth_policy
140+
skip_scc_wp_auth_policy = var.skip_scc_workload_protection_auth_policy
141141
}
142142

143143
#######################################################################################################################
@@ -148,13 +148,13 @@ module "scc_wp" {
148148
count = var.provision_scc_workload_protection ? 1 : 0
149149
source = "terraform-ibm-modules/scc-workload-protection/ibm"
150150
version = "1.3.0"
151-
name = var.scc_wp_instance_name
151+
name = var.scc_workload_protection_instance_name
152152
region = var.scc_region
153153
resource_group_id = module.resource_group.resource_group_id
154-
resource_tags = var.scc_wp_instance_tags
155-
resource_key_name = var.scc_wp_resource_key_name
156-
resource_key_tags = var.scc_wp_resource_key_tags
154+
resource_tags = var.scc_workload_protection_instance_tags
155+
resource_key_name = var.scc_workload_protection_resource_key_name
156+
resource_key_tags = var.scc_workload_protection_resource_key_tags
157157
cloud_monitoring_instance_crn = var.existing_monitoring_crn
158-
access_tags = var.scc_wp_access_tags
159-
scc_wp_service_plan = var.scc_wp_service_plan
158+
access_tags = var.scc_workload_protection_access_tags
159+
scc_wp_service_plan = var.scc_workload_protection_service_plan
160160
}

solutions/instances/outputs.tf

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -43,33 +43,33 @@ output "scc_name" {
4343
value = module.scc.name
4444
}
4545

46-
output "scc_wp_id" {
46+
output "scc_workload_protection_id" {
4747
description = "SCC Workload Protection instance ID"
4848
value = var.provision_scc_workload_protection ? module.scc_wp[0].id : null
4949
}
5050

51-
output "scc_wp_crn" {
51+
output "scc_workload_protection_crn" {
5252
description = "SCC Workload Protection instance CRN"
5353
value = var.provision_scc_workload_protection ? module.scc_wp[0].crn : null
5454
}
5555

56-
output "scc_wp_name" {
56+
output "scc_workload_protection_name" {
5757
description = "SCC Workload Protection instance name"
5858
value = var.provision_scc_workload_protection ? module.scc_wp[0].name : null
5959
}
6060

61-
output "scc_wp_ingestion_endpoint" {
61+
output "scc_workload_protection_ingestion_endpoint" {
6262
description = "SCC Workload Protection instance ingestion endpoint"
6363
value = var.provision_scc_workload_protection ? module.scc_wp[0].name : null
6464
}
6565

66-
output "scc_wp_api_endpoint" {
66+
output "scc_workload_protection_api_endpoint" {
6767
description = "SCC Workload Protection API endpoint"
6868
value = var.provision_scc_workload_protection ? module.scc_wp[0].api_endpoint : null
6969
sensitive = true
7070
}
7171

72-
output "scc_wp_access_key" {
72+
output "scc_workload_protection_access_key" {
7373
description = "SCC Workload Protection access key"
7474
value = var.provision_scc_workload_protection ? module.scc_wp[0].access_key : null
7575
sensitive = true

0 commit comments

Comments
 (0)