terraform-ibm-modules · ocofaigh · Mar 14, 2025 · Feb 20, 2025 · Feb 20, 2025 · Feb 21, 2025
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+offerings:
+  - name: deploy-arch-ibm-workload-protection
+    kind: solution
+    catalog_id: _
+    offering_id: _
+    variations:
+      - name: fully-configurable
+        mark_ready: true
+        install_type: fullstack
+        scc:
+          instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
+          region: us-south
@@ -10,6 +10,9 @@
     }],
     ["@semantic-release/exec", {
       "successCmd": "echo \"SEMVER_VERSION=${nextRelease.version}\" >> $GITHUB_ENV"
+    }],
+    ["@semantic-release/exec", {
+      "publishCmd": "./ci/trigger-catalog-onboarding-pipeline.sh --version=v${nextRelease.version}"
     }]
   ]
 }
@@ -0,0 +1,230 @@
+{
+    "products": [
+      {
+        "name": "deploy-arch-ibm-workload-protection",
+        "label": "Cloud automation for Security and Compliance Center Workload Protection",
+        "product_kind": "solution",
+        "tags": [
+          "ibm_created",
+          "target_terraform",
+          "terraform",
+          "solution",
+          "security"
+        ],
+        "keywords": [
+          "SCC",
+          "security",
+          "compliance",
+          "workload-protection",
+          "IaC",
+          "infrastructure as code",
+          "terraform",
+          "solution"
+        ],
+        "short_description": "Creates and configures IBM Security and Compliance Center resources",
+        "long_description": "This architecture supports creating and configuring IBM Security and Compliance Center resources.",
+        "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-scc-workload-protection/blob/main/solutions/instances/README.md",
+        "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-scc-workload-protection/main/images/scc-icon.svg",
+        "provider_name": "IBM",
+        "features": [
+          {
+            "title": "Security and Compliance Center Workload Protection",
+            "description": "Creates and configures a Security and Compliance Center Workload Protection instance."
+          }
+        ],
+        "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in that repository [https://github.com/terraform-ibm-modules/terraform-ibm-scc-da/issues](https://github.com/terraform-ibm-modules/terraform-ibm-scc-da/issues). Please note this product is not supported via the IBM Cloud Support Center.",
+        "flavors": [
+          {
+            "label": "Fully Configurable",
+            "name": "fully-configurable",
+            "working_directory": "solutions/fully-configurable",
+            "install_type": "fullstack",
+            "compliance": {
+              "authority": "scc-v3",
+              "profiles": [
+                {
+                  "profile_name": "IBM Cloud Framework for Financial Services",
+                  "profile_version": "1.7.0"
+                }
+              ]
+            },
+            "configuration": [
+              {
+                "key": "ibmcloud_api_key",
+                "display_name": "API KEY",
+                "required": true
+              },
+              {
+                "key": "use_existing_resource_group",
+                "display_name": "Use Existing Resource Group",
+                "required": true
+              },
+              {
+                "key": "resource_group_name",
+                "display_name": "Resource Group Name",
+                "required": true
+              },
+              {
+                "key": "prefix",
+                "display_name": "Prefix",
+                "required": true,
+                "description": "The prefix to add to all resources that this solution creates (e.g `prod`, `test`, `dev`). To not use any prefix value, you can enter the string `__NULL__`."
+              },
+              {
+                "key": "region",
+                "display_name": "Region",
+                "required": true,
+                "options": [
+                  {
+                    "display_name": "Dallas (us-south)",
+                    "value": "us-south"
+                  },
+                  {
+                    "display_name": "Frankfurt (eu-de)",
+                    "value": "eu-de"
+                  },
+                  {
+                    "display_name": "London (eu-gb)",
+                    "value": "eu-gb"
+                  },
+                  {
+                    "display_name": "Madrid (eu-es)",
+                    "value": "eu-es"
+                  },
+                  {
+                    "display_name": "Osaka (jp-osa)",
+                    "value": "jp-osa"
+                  },
+                  {
+                    "display_name": "Sao Paulo (br-sao)",
+                    "value": "br-sao"
+                  },
+                  {
+                    "display_name": "Sydney (au-syd)",
+                    "value": "au-syd"
+                  },
+                  {
+                    "display_name": "Tokyo (jp-tok)",
+                    "value": "jp-tok"
+                  },
+                  {
+                    "display_name": "Toronto (ca-tor)",
+                    "value": "ca-tor"
+                  },
+                  {
+                    "display_name": "Washington DC (us-east)",
+                    "value": "us-east"
+                  }
+                ]
+              },
+              {
+                "key": "provider_visibility",
+                "display_name": "Provider Visibility",
+                "options": [
+                  {
+                    "display_name": "private",
+                    "value": "private"
+                  },
+                  {
+                    "display_name": "public",
+                    "value": "public"
+                  },
+                  {
+                    "display_name": "public-and-private",
+                    "value": "public-and-private"
+                  }
+                ]
+              },
+              {
+                "key": "existing_monitoring_crn",
+                "display_name": "Existing Monitoring CRN"
+              },
+              {
+                "key": "scc_workload_protection_instance_name",
+                "display_name": "Instance Name"
+              },
+              {
+                "key": "scc_workload_protection_service_plan",
+                "display_name": "Service Plan",
+                "options": [
+                  {
+                    "display_name": "Free trial",
+                    "value": "free-trial"
+                  },
+                  {
+                    "display_name": "Graduated tier",
+                    "value": "graduated-tier"
+                  }
+                ]
+              },
+              {
+                "key": "scc_workload_protection_instance_tags",
+                "display_name": "Instance Tags",
+                "custom_config": {
+                  "grouping": "deployment",
+                  "original_grouping": "deployment",
+                  "config_constraints": {
+                    "type": "string"
+                  }
+                }
+              },
+              {
+                "key": "scc_workload_protection_resource_key_tags",
+                "display_name": "Resource Key Tags",
+                "custom_config": {
+                  "grouping": "deployment",
+                  "original_grouping": "deployment",
+                  "config_constraints": {
+                    "type": "string"
+                  }
+                }
+              },
+              {
+                "key": "scc_workload_protection_access_tags",
+                "display_name": "Access Tags",
+                "custom_config": {
+                  "grouping": "deployment",
+                  "original_grouping": "deployment",
+                  "config_constraints": {
+                    "type": "string"
+                  }
+                }
+              },
+              {
+                "key": "cbr_rules",
+                "display_name": "CBR Rules"
+              }
+            ],
+            "iam_permissions": [
+              {
+                "service_name": "compliance",
+                "role_crns": [
+                  "crn:v1:bluemix:public:iam::::serviceRole:Manager",
+                  "crn:v1:bluemix:public:iam::::role:Editor"
+                ]
+              }
+            ],
+            "architecture": {
+              "descriptions": "This architecture supports creating and configuring a Security and Compliance Center Workload Protection instance.",
+              "features": [
+                {
+                  "title": "Creates a Security and Compliance Center Workload Protection instance",
+                  "description": "Creates and configures a Security and Compliance Center Workload Protection instance."
+                }
+              ],
+              "diagrams": [
+                {
+                  "diagram": {
+                    "caption": "Security and Compliance Center",
+                    "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-scc-workload-protection/main/reference-architecture/scc.svg",
+                    "type": "image/svg+xml"
+                  },
+                  "description": "This architecture supports creating and configuring IBM Security and Compliance Center resources"
+                }
+              ]
+            }
+          }
+        ]
+      }
+    ]
+  }
@@ -0,0 +1,61 @@
+# Security and Compliance Center Workload Protection solution
+
+This solution supports provisioning and configuring the following infrastructure:
+
+- A resource group, if one is not passed in.
+- A Security and Compliance Center Workload Protection instance.
+
+:exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).
+
+
+<!-- Below content is automatically populated via pre-commit hook -->
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+### Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.4.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.75.2 |
+
+### Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_resource_group"></a> [resource\_group](#module\_resource\_group) | terraform-ibm-modules/resource-group/ibm | 1.1.6 |
+| <a name="module_scc_wp"></a> [scc\_wp](#module\_scc\_wp) | ../.. | n/a |
+
+### Resources
+
+No resources.
+
+### Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules) | The list of context-based restriction rules to create for the instance.[Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-scc-workload-protection/blob/main/solutions/standard/cbr-rules.md) | <pre>list(object({<br/>    description = string<br/>    account_id  = string<br/>    rule_contexts = list(object({<br/>      attributes = optional(list(object({<br/>        name  = string<br/>        value = string<br/>    }))) }))<br/>    enforcement_mode = string<br/>    tags = optional(list(object({<br/>      name  = string<br/>      value = string<br/>    })), [])<br/>    operations = optional(list(object({<br/>      api_types = list(object({<br/>        api_type_id = string<br/>      }))<br/>    })))<br/>  }))</pre> | `[]` | no |
+| <a name="input_existing_monitoring_crn"></a> [existing\_monitoring\_crn](#input\_existing\_monitoring\_crn) | The CRN of an IBM Cloud Monitoring instance to to send Workload Protection data. If no value passed, metrics are sent to the instance associated to the container's location unless otherwise specified in the Metrics Router service configuration. Ignored if using existing Object Storage bucket and not provisioning Workload Protection. | `string` | `null` | no |
+| <a name="input_ibmcloud_api_key"></a> [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | The IBM Cloud API key to deploy resources. | `string` | n/a | yes |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | The prefix to add to all resources that this solution creates (e.g `prod`, `test`, `dev`). To not use any prefix value, you can set this value to `null` or an empty string. | `string` | `"dev"` | no |
+| <a name="input_provider_visibility"></a> [provider\_visibility](#input\_provider\_visibility) | Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints). | `string` | `"private"` | no |
+| <a name="input_region"></a> [region](#input\_region) | The region to provision Security and Compliance Center resources in. | `string` | `"us-south"` | no |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of a new or an existing resource group in which to provision resources to. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | n/a | yes |
+| <a name="input_scc_workload_protection_access_tags"></a> [scc\_workload\_protection\_access\_tags](#input\_scc\_workload\_protection\_access\_tags) | A list of access tags to apply to the Workload Protection instance. Maximum length: 128 characters. Possible characters are A-Z, 0-9, spaces, underscores, hyphens, periods, and colons. [Learn more](https://cloud.ibm.com/docs/account?topic=account-tag&interface=ui#limits). | `list(string)` | `[]` | no |
+| <a name="input_scc_workload_protection_instance_name"></a> [scc\_workload\_protection\_instance\_name](#input\_scc\_workload\_protection\_instance\_name) | The name for the Workload Protection instance that is created by this solution. Must begin with a letter. Applies only if `provision_scc_workload_protection` is true. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"workload_protection"` | no |
+| <a name="input_scc_workload_protection_instance_tags"></a> [scc\_workload\_protection\_instance\_tags](#input\_scc\_workload\_protection\_instance\_tags) | The list of tags to add to the Workload Protection instance. | `list(string)` | `[]` | no |
+| <a name="input_scc_workload_protection_resource_key_tags"></a> [scc\_workload\_protection\_resource\_key\_tags](#input\_scc\_workload\_protection\_resource\_key\_tags) | The tags associated with the Workload Protection resource key. | `list(string)` | `[]` | no |
+| <a name="input_scc_workload_protection_service_plan"></a> [scc\_workload\_protection\_service\_plan](#input\_scc\_workload\_protection\_service\_plan) | The pricing plan for the Workload Protection instance service. Possible values: `free-trial`, `graduated-tier`. | `string` | `"graduated-tier"` | no |
+| <a name="input_use_existing_resource_group"></a> [use\_existing\_resource\_group](#input\_use\_existing\_resource\_group) | Whether to use an existing resource group. | `bool` | `false` | no |
+
+### Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_resource_group_id"></a> [resource\_group\_id](#output\_resource\_group\_id) | Resource group ID |
+| <a name="output_resource_group_name"></a> [resource\_group\_name](#output\_resource\_group\_name) | Resource group name |
+| <a name="output_scc_workload_protection_access_key"></a> [scc\_workload\_protection\_access\_key](#output\_scc\_workload\_protection\_access\_key) | SCC Workload Protection access key |
+| <a name="output_scc_workload_protection_api_endpoint"></a> [scc\_workload\_protection\_api\_endpoint](#output\_scc\_workload\_protection\_api\_endpoint) | SCC Workload Protection API endpoint |
+| <a name="output_scc_workload_protection_crn"></a> [scc\_workload\_protection\_crn](#output\_scc\_workload\_protection\_crn) | SCC Workload Protection instance CRN |
+| <a name="output_scc_workload_protection_id"></a> [scc\_workload\_protection\_id](#output\_scc\_workload\_protection\_id) | SCC Workload Protection instance ID |
+| <a name="output_scc_workload_protection_ingestion_endpoint"></a> [scc\_workload\_protection\_ingestion\_endpoint](#output\_scc\_workload\_protection\_ingestion\_endpoint) | SCC Workload Protection instance ingestion endpoint |
+| <a name="output_scc_workload_protection_name"></a> [scc\_workload\_protection\_name](#output\_scc\_workload\_protection\_name) | SCC Workload Protection instance name |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -0,0 +1,4 @@
+{
+  "ibmcloud_api_key": $VALIDATION_APIKEY,
+  "resource_group_name": $PREFIX
+}