feat: initial release (#1)

Author: akocbek

README.md

@@ -1,19 +1,14 @@
 <!-- Update the title -->
 # Security and Compliance Center Workload Protection module
 
-<!--
-Update status and "latest release" badges:
-  1. For the status options, see https://github.ibm.com/GoldenEye/documentation/blob/master/status.md
-  2. Update the "latest release" badge to point to the correct module's repo. Replace "module-template" in two places.
--->
-[![Incubating (Not yet consumable)](https://img.shields.io/badge/status-Incubating%20(Not%20yet%20consumable)-red)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
-[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-module-template?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-module-template/releases/latest)
+[![Stable (With quality checks)](https://img.shields.io/badge/Status-Stable%20(With%20quality%20checks)-green)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
+[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-scc-workload-protection?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-scc-workload-protection/releases/latest)
 [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
 [![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/)
 [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)
 
 <!-- Add a description of module(s) in this repo -->
-TODO: Replace me with description of the module(s) in this repo
+A module for provisioning an [IBM Cloud Security and Compliance Center Workload Protection instance](https://cloud.ibm.com/docs/workload-protection?topic=workload-protection-getting-started). The module will always create a Manager resource key that connects to the SCC WP instance.
 
 
 <!-- Below content is automatically populated via pre-commit hook -->
@@ -22,7 +17,6 @@ TODO: Replace me with description of the module(s) in this repo
 * [terraform-ibm-scc-workload-protection](#terraform-ibm-scc-workload-protection)
 * [Examples](./examples)
     * [Basic example](./examples/basic)
-    * [Complete example](./examples/complete)
 * [Contributing](#contributing)
 <!-- END OVERVIEW HOOK -->
 
@@ -49,7 +43,14 @@ unless real values don't help users know what to change.
 -->
 
 ```hcl
-
+module "scc_wp" {
+  source            = "terraform-ibm-modules/scc-workload-protection/ibm"
+  version           = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
+  name              = "my-scc-wp-service"
+  region            = "us-south"
+  resource_group_id = "65xxxxxxxxxxxxxxxa3fd"
+  resource_key_tags = ["scc-wp-tag"]
+}
 ```
 
 ### Required IAM access policies
@@ -89,22 +90,42 @@ statement instead the previous block.
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0, <1.6.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.58.1, <2.0.0 |
 
 ### Modules
 
 No modules.
 
 ### Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [ibm_resource_instance.scc_wp](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_instance) | resource |
+| [ibm_resource_key.scc_wp_resource_key](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_key) | resource |
+| [ibm_resource_tag.scc_wp_access_tag](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_tag) | resource |
 
 ### Inputs
 
-No inputs.
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_access_tags"></a> [access\_tags](#input\_access\_tags) | A list of access tags to apply to the SCC WP instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. | `list(string)` | `[]` | no |
+| <a name="input_name"></a> [name](#input\_name) | A identifier used as a prefix when naming resources that will be provisioned. Must begin with a letter. | `string` | n/a | yes |
+| <a name="input_region"></a> [region](#input\_region) | IBM Cloud region where all resources will be deployed | `string` | `"us-south"` | no |
+| <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where resources will be provisioned. | `string` | n/a | yes |
+| <a name="input_resource_key_name"></a> [resource\_key\_name](#input\_resource\_key\_name) | The name to give the IBM Cloud SCC WP resource key. | `string` | `"SCCWPManagerKey"` | no |
+| <a name="input_resource_key_tags"></a> [resource\_key\_tags](#input\_resource\_key\_tags) | Tags associated with the IBM Cloud SCC WP resource key. | `list(string)` | `[]` | no |
+| <a name="input_resource_tags"></a> [resource\_tags](#input\_resource\_tags) | Optional list of tags to be added to created SCC WP instance. | `list(string)` | `[]` | no |
+| <a name="input_scc_wp_service_plan"></a> [scc\_wp\_service\_plan](#input\_scc\_wp\_service\_plan) | IBM service pricing plan. | `string` | `"free-trial"` | no |
 
 ### Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_api_endpoint"></a> [api\_endpoint](#output\_api\_endpoint) | API endpoint. |
+| <a name="output_crn"></a> [crn](#output\_crn) | CRN of created SCC WP instance. |
+| <a name="output_id"></a> [id](#output\_id) | ID of created SCC WP instance. |
+| <a name="output_ingestion_endpoint"></a> [ingestion\_endpoint](#output\_ingestion\_endpoint) | Ingestion endpoint. |
+| <a name="output_name"></a> [name](#output\_name) | Name of created SCC WP instance. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 <!-- Leave this section as is so that your module has a link to local development environment set up steps for contributors to follow -->

cra-config.yaml

@@ -1,11 +1,6 @@
 # More info about this file at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml
 version: "v1"
 CRA_TARGETS:
-  - CRA_TARGET: "examples/complete" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
+  - CRA_TARGET: "examples/basic" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
     CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
     PROFILE_ID: "0e6e7b5a-817d-4344-ab6f-e5d7a9c49520" # SCC profile ID (currently set to the FSCloud 1.4.0 profile).
-    # SCC_INSTANCE_ID: "" # The SCC instance ID to use to download profile for CRA scan. If not provided, a default global value will be used.
-    # SCC_REGION: "" # The IBM Cloud region that the SCC instance is in. If not provided, a default global value will be used.
-    # CRA_ENVIRONMENT_VARIABLES:  # An optional map of environment variables for CRA, where the key is the variable name and value is the value. Useful for providing TF_VARs.
-    #   TF_VAR_sample: "sample value"
-    #   TF_VAR_other:  "another value"

examples/basic/README.md

@@ -1,11 +1,6 @@
 # Basic example
 
-<!--
-The basic example should call the module(s) stored in this repository with a basic configuration.
-Note, there is a pre-commit hook that will take the title of each example and include it in the repos main README.md.
-The text below should describe exactly what resources are provisioned / configured by the example.
--->
+An end-to-end example that uses the module's default variable values. This example uses the IBM Cloud terraform provider to:
 
-An end-to-end basic example that will provision the following:
-- A new resource group if one is not passed in.
-- A new Cloud Object Storage instance.
+- Create a new resource group if one is not passed in.
+- Create a new Security and Compliance Center Workload Protection instance.

examples/basic/main.tf

@@ -11,14 +11,14 @@ module "resource_group" {
 }
 
 ########################################################################################################################
-# COS instance
+# SCC WP instance
 ########################################################################################################################
 
-resource "ibm_resource_instance" "cos_instance" {
-  name              = "${var.prefix}-cos"
+module "scc_wp" {
+  source            = "../.."
+  name              = var.prefix
+  region            = var.region
   resource_group_id = module.resource_group.resource_group_id
-  service           = "cloud-object-storage"
-  plan              = "standard"
-  location          = "global"
-  tags              = var.resource_tags
+  resource_tags     = var.resource_tags
+  access_tags       = var.access_tags
 }

examples/basic/outputs.tf

@@ -2,17 +2,29 @@
 # Outputs
 ########################################################################################################################
 
-output "cos_instance_id" {
-  description = "COS instance id"
-  value       = ibm_resource_instance.cos_instance.id
+output "id" {
+  description = "ID of created SCC WP instance."
+  value       = module.scc_wp.id
 }
 
-output "resource_group_name" {
-  description = "Resource group name"
-  value       = module.resource_group.resource_group_name
+output "crn" {
+  description = "CRN of created SCC WP instance."
+  value       = module.scc_wp.crn
 }
 
-output "resource_group_id" {
-  description = "Resource group ID"
-  value       = module.resource_group.resource_group_id
+output "name" {
+  description = "Name of created SCC WP instance."
+  value       = module.scc_wp.name
+}
+
+output "ingestion_endpoint" {
+  description = "Ingestion endpoint."
+  value       = module.scc_wp.ingestion_endpoint
+  sensitive   = true
+}
+
+output "api_endpoint" {
+  description = "API endpoint."
+  value       = module.scc_wp.api_endpoint
+  sensitive   = true
 }

examples/basic/variables.tf

@@ -1,33 +1,40 @@
-########################################################################################################################
-# Input variables
-########################################################################################################################
 
+##############################################################################
+# Input Variables
+##############################################################################
 variable "ibmcloud_api_key" {
+  description = "The IBM Cloud platform API key needed to deploy IAM enabled resources."
   type        = string
-  description = "The IBM Cloud API Key"
   sensitive   = true
 }
 
-variable "region" {
+variable "prefix" {
+  description = "Display name of the prefix for related resources"
   type        = string
-  description = "Region to provision all resources created by this example"
-  default     = "us-south"
+  default     = "scc-wp"
 }
 
-variable "prefix" {
+variable "region" {
+  description = "Name of the Region to deploy into"
   type        = string
-  description = "Prefix to append to all resources created by this example"
-  default     = "basic"
+  default     = "us-south"
 }
 
 variable "resource_group" {
   type        = string
-  description = "The name of an existing resource group to provision resources in to. If not set a new resource group will be created using the prefix variable"
+  description = "An existing resource group name to use for this example, if unset a new resource group will be created"
   default     = null
 }
 
+
 variable "resource_tags" {
   type        = list(string)
   description = "Optional list of tags to be added to created resources"
   default     = []
 }
+
+variable "access_tags" {
+  type        = list(string)
+  description = "Optional list of access management tags to add to the SCC WP instance"
+  default     = []
+}

examples/basic/version.tf

@@ -1,12 +1,10 @@
 terraform {
   required_version = ">= 1.3.0, <1.6.0"
-
-  # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
-  # module's version.tf (usually a basic example), and 1 example that will always use the latest provider version.
   required_providers {
+    # Pin to the lowest provider version of the range defined in the main module's version.tf to ensure lowest version still works
     ibm = {
-      source  = "IBM-Cloud/ibm"
-      version = "1.49.0"
+      source  = "ibm-cloud/ibm"
+      version = "1.58.1"
     }
   }
 }