feat: scc wp cspm #225
feat: scc wp cspm #225
Conversation
|
There was a problem hiding this comment.
As discussed on slack, maybe we go with this:
- App Config DA:
- support creating AppConfig instance
- supports enabling config aggregator + the required trusted profile (disabled by default)
- Workload Protection DA
- supports creating WP instance
- defines the App Config DA as a dependant DA, and uses input mappings in the catalog json to enable the config aggregator
- supports enabling CSPM by taking in existing AppConfig CRN and creating WP trusted profile
|
blocked, waiting for terraform-ibm-modules/terraform-ibm-app-configuration#212 |
|
/run pipeline |
|
/run pipeline |
main.tf
Outdated
| # but profile can only exist after instance has been created | ||
| # hence we cannot directly enable CSPM in the instance creation | ||
| # and need to use a separate resource to enable it | ||
| resource "restapi_object" "enable_cspm" { |
There was a problem hiding this comment.
maybe change the name of the resource since it will also support disabling cspm
| resource "restapi_object" "enable_cspm" { | |
| resource "restapi_object" "cspm" { |
|
/run pipeline |
tests/pr_test.go
Outdated
| DeleteWorkspaceOnFail: false, | ||
| WaitJobCompleteMinutes: 60, | ||
| IgnoreUpdates: testhelper.Exemptions{ | ||
| List: []string{"module.scc_wp.restapi_object.enable_cspm"}, |
There was a problem hiding this comment.
This will be needed in all tests that enable CSPM. Also please link to a git issue tracking the problem. And add a note in both module and DA readmes
|
/run pipeline |
tests/pr_test.go
Outdated
| DeleteWorkspaceOnFail: false, | ||
| WaitJobCompleteMinutes: 60, | ||
| // workaround for https://github.com/terraform-ibm-modules/terraform-ibm-scc-workload-protection/issues/243 | ||
| IgnoreUpdates: testhelper.Exemptions{ |
There was a problem hiding this comment.
Its not an update, its a create, so need to use IgnoreAdds
|
/run pipeline |
|
/run pipeline |
|
While testing the DA through the catalog tile (and so through schematics), I'm getting the error: This is off as schematics runtime should have access to this private endpoint. I have reached out to the schematics team. For now, I'm going to default it back to public endpoint |
|
/run pipeline |
|
🎉 This PR is included in version 1.6.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
Description
Release required?
x.x.X)x.X.x)X.x.x)Release notes content
Run the pipeline
If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.
Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:
Checklist for reviewers
For mergers