From 62b1c157ef25585e239d16f06fbf374f60842101 Mon Sep 17 00:00:00 2001 From: Vipin Kumar Date: Fri, 15 Aug 2025 16:33:56 +0530 Subject: [PATCH 01/11] refactor: split observability DA --- ibm_catalog.json | 64 ++++++++++++++++++++++++++++++++++++------------ tests/pr_test.go | 52 ++++++++++++++++++++++++++++++++++++--- 2 files changed, 97 insertions(+), 19 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 69e507c..f57ab4f 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -134,31 +134,30 @@ "on_by_default": true }, { - "name": "deploy-arch-ibm-observability", - "description": "Enable to provision and configure IBM Cloud Logs, Cloud Monitoring, Metrics routing and Activity Tracker event routing for analysing logs and metrics generated by the SCC Workload Protection instance.", + "name": "deploy-arch-ibm-cloud-logs", + "description": "Provision and configure IBM Cloud Logs (ICL) instance which can be used for analysing logs generated by VPC instance. ", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "flavors": [ - "instances" + "fully-configurable" ], - "id": "a3137d28-79e0-479d-8a24-758ebd5a0eab-global", - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "id": "63d8ae58-fbf3-41ce-b844-0fb5b85882ab-global", + "version": "v1.6.11", + "optional": true, + "on_by_default": true, "input_mapping": [ - { - "dependency_output": "cloud_monitoring_crn", - "version_input": "existing_monitoring_crn" - }, { "dependency_input": "prefix", "version_input": "prefix", "reference_version": true }, { - "dependency_input": "region", - "version_input": "region", + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", "reference_version": true }, { - "dependency_input": "enable_platform_metrics", - "version_input": "enable_platform_metrics", + "dependency_input": "region", + "version_input": "region", "reference_version": true }, { @@ -166,10 +165,45 @@ "version_input": "logs_routing_tenant_regions", "reference_version": true } + ] + }, + { + "name": "deploy-arch-ibm-cloud-monitoring", + "description": "Provision and configure IBM Cloud Monitoring for metrics generated by the VPC instance.", + "id": "73debdbf-894f-4c14-81c7-5ece3a70b67d-global", + "version": "v1.6.4", + "flavors": [ + "fully-configurable" ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "optional": true, - "on_by_default": true, - "version": "v3.0.3" + "on_by_default": false, + "input_mapping": [ + { + "dependency_output": "cloud_monitoring_crn", + "version_input": "existing_monitoring_crn" + }, + { + "dependency_input": "enable_platform_metrics", + "version_input": "enable_platform_metrics", + "reference_version": true + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "region", + "version_input": "region", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + } + ] } ], "configuration": [ diff --git a/tests/pr_test.go b/tests/pr_test.go index 457b473..59a2755 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -4,19 +4,20 @@ package test import ( "fmt" "log" + "math/rand" "os" "strings" "testing" - "math/rand/v2" - "github.com/gruntwork-io/terratest/modules/files" "github.com/gruntwork-io/terratest/modules/logger" "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/cloudinfo" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/common" + "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testaddons" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testhelper" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testschematic" ) @@ -59,7 +60,7 @@ func TestMain(m *testing.M) { func TestFullyConfigurable(t *testing.T) { t.Parallel() - var region = validRegions[rand.IntN(len(validRegions))] + var region = validRegions[rand.Intn(len(validRegions))] // ------------------------------------------------------------------------------------ // Provision App Config first @@ -146,7 +147,7 @@ func TestFullyConfigurable(t *testing.T) { func TestFullyConfigurableUpgrade(t *testing.T) { t.Parallel() - var region = validRegions[rand.IntN(len(validRegions))] + var region = validRegions[rand.Intn(len(validRegions))] // ------------------------------------------------------------------------------------ // Provision App Config first @@ -231,3 +232,46 @@ func TestFullyConfigurableUpgrade(t *testing.T) { logger.Log(t, "END: Destroy (prereq resources)") } } + +func TestSccWpAddonDefaultConfiguration(t *testing.T) { + t.Parallel() + + options := testaddons.TestAddonsOptionsDefault(&testaddons.TestAddonOptions{ + Testing: t, + Prefix: "scc-def", + ResourceGroup: resourceGroup, + QuietMode: false, // Suppress logs except on failure + }) + + options.AddonConfig = cloudinfo.NewAddonConfigTerraform( + options.Prefix, + "deploy-arch-ibm-scc-workload-protection", + "fully-configurable", + map[string]interface{}{ + "prefix": options.Prefix, + "region": validRegions[rand.Intn(len(validRegions))], + }, + ) + + err := options.RunAddonTest() + require.NoError(t, err) +} + +// TestDependencyPermutations runs dependency permutations for landing zone vpc and all its dependencies +func TestSccWpDependencyPermutations(t *testing.T) { + options := testaddons.TestAddonsOptionsDefault(&testaddons.TestAddonOptions{ + Testing: t, + Prefix: "scc-per", + AddonConfig: cloudinfo.AddonConfig{ + OfferingName: "deploy-arch-ibm-scc-workload-protection", + OfferingFlavor: "fully-configurable", + Inputs: map[string]interface{}{ + "prefix": "vpc-per", + "region": validRegions[rand.Intn(len(validRegions))], + }, + }, + }) + + err := options.RunAddonPermutationTest() + assert.NoError(t, err, "Dependency permutation test should not fail") +} From 86bf29be638563352d7e0f6a28db37e20b2d61d1 Mon Sep 17 00:00:00 2001 From: Vipin Kumar Date: Fri, 15 Aug 2025 20:08:51 +0530 Subject: [PATCH 02/11] fix --- ibm_catalog.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index f57ab4f..55c0d49 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -135,7 +135,7 @@ }, { "name": "deploy-arch-ibm-cloud-logs", - "description": "Provision and configure IBM Cloud Logs (ICL) instance which can be used for analysing logs generated by VPC instance. ", + "description": "Provision and configure IBM Cloud Logs (ICL) instance which can be used for analysing logs generated by SCC Workload Protection instance. ", "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "flavors": [ "fully-configurable" @@ -169,7 +169,7 @@ }, { "name": "deploy-arch-ibm-cloud-monitoring", - "description": "Provision and configure IBM Cloud Monitoring for metrics generated by the VPC instance.", + "description": "Provision and configure IBM Cloud Monitoring for metrics generated by the SCC Workload Protection instance.", "id": "73debdbf-894f-4c14-81c7-5ece3a70b67d-global", "version": "v1.6.4", "flavors": [ From 3d6cb4f5469629b9781209c2e90a11c3d1f740bb Mon Sep 17 00:00:00 2001 From: Vipin Kumar <77929205+Vipin654@users.noreply.github.com> Date: Fri, 15 Aug 2025 20:39:35 +0530 Subject: [PATCH 03/11] Update pr_test.go --- tests/pr_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/pr_test.go b/tests/pr_test.go index 59a2755..b2a8be9 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -257,7 +257,7 @@ func TestSccWpAddonDefaultConfiguration(t *testing.T) { require.NoError(t, err) } -// TestDependencyPermutations runs dependency permutations for landing zone vpc and all its dependencies +// TestDependencyPermutations runs dependency permutations for SCC WP and all its dependencies func TestSccWpDependencyPermutations(t *testing.T) { options := testaddons.TestAddonsOptionsDefault(&testaddons.TestAddonOptions{ Testing: t, From cca5e70479d3b42146f58db49cefc2f9f4cc9d8a Mon Sep 17 00:00:00 2001 From: Vipin Kumar Date: Fri, 22 Aug 2025 02:57:30 +0530 Subject: [PATCH 04/11] updated testwrapper version --- tests/go.mod | 2 +- tests/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/go.mod b/tests/go.mod index a525b45..9ed2cc9 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -7,7 +7,7 @@ toolchain go1.25.0 require ( github.com/gruntwork-io/terratest v0.50.0 github.com/stretchr/testify v1.10.0 - github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.58.11 + github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.59.0 ) require ( diff --git a/tests/go.sum b/tests/go.sum index e9f9523..6e77dc8 100644 --- a/tests/go.sum +++ b/tests/go.sum @@ -295,8 +295,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.58.11 h1:f8qp4xvv2ySGSadmd0xJw/3r5equ9eOLKj2J0Ux9CyE= -github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.58.11/go.mod h1:2uu21nGEK+6saiBO6MVJNystf2Wm0BUIyiQmxTLM72U= +github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.59.0 h1:h+CvNQyeiieMXBSNESrHNVPJXj388T+sa4paV48nfl8= +github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.59.0/go.mod h1:6Wz8vnBelmRZxD5qjm5K4MpvPPWpoCWRPzG76j0B36g= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tmccombs/hcl2json v0.6.4 h1:/FWnzS9JCuyZ4MNwrG4vMrFrzRgsWEOVi+1AyYUVLGw= github.com/tmccombs/hcl2json v0.6.4/go.mod h1:+ppKlIW3H5nsAsZddXPy2iMyvld3SHxyjswOZhavRDk= From 25c29c3aeba57d2a8e217c07d9eb5855b55e97d4 Mon Sep 17 00:00:00 2001 From: Vipin Kumar Date: Mon, 25 Aug 2025 20:36:17 +0530 Subject: [PATCH 05/11] modified diagram --- scc.svg | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 scc.svg diff --git a/scc.svg b/scc.svg new file mode 100644 index 0000000..ed0b71a --- /dev/null +++ b/scc.svg @@ -0,0 +1,4 @@ + + + +
ACL
ACL
IBM Cloud
IBM Cloud
Region
Region
 Observability
Observabi...
 [Optional]
[Optio...Cloud MonitoringResource Group
SCC Workload Protection
SCC Workload Protecti...Activity Tracker Event Routing
App Configuration
App Config...Text is not SVG - cannot display \ No newline at end of file From 46d48c5eeb836cb589c48c6dd06577e42028ea46 Mon Sep 17 00:00:00 2001 From: Vipin Kumar Date: Mon, 25 Aug 2025 20:37:37 +0530 Subject: [PATCH 06/11] modified diagram --- reference-architecture/scc.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference-architecture/scc.svg b/reference-architecture/scc.svg index da2b653..ed0b71a 100644 --- a/reference-architecture/scc.svg +++ b/reference-architecture/scc.svg @@ -1,4 +1,4 @@ -
IBM Cloud
IBM Cloud
Existing Monitoring Instance
Existing Monitorin...
Region
Region
Resource Group
Resource Group
SCC Workload Protection
SCC Workload Protect...
Metrics
MetricsText is not SVG - cannot display \ No newline at end of file +
ACL
ACL
IBM Cloud
IBM Cloud
Region
Region
 Observability
Observabi...
 [Optional]
[Optio...Cloud MonitoringResource Group
SCC Workload Protection
SCC Workload Protecti...Activity Tracker Event Routing
App Configuration
App Config...Text is not SVG - cannot display \ No newline at end of file From e850fd5442892eff5c24035384875d802c29b90e Mon Sep 17 00:00:00 2001 From: Vipin Kumar Date: Mon, 25 Aug 2025 20:40:08 +0530 Subject: [PATCH 07/11] modified diagram --- reference-architecture/scc.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference-architecture/scc.svg b/reference-architecture/scc.svg index ed0b71a..6d0877f 100644 --- a/reference-architecture/scc.svg +++ b/reference-architecture/scc.svg @@ -1,4 +1,4 @@ -
ACL
ACL
IBM Cloud
IBM Cloud
Region
Region
 Observability
Observabi...
 [Optional]
[Optio...Cloud MonitoringResource Group
SCC Workload Protection
SCC Workload Protecti...Activity Tracker Event Routing
App Configuration
App Config...Text is not SVG - cannot display \ No newline at end of file +
ACL
ACL
IBM Cloud
IBM Cloud
Region
Region
 Observability
Observabi...
 [Optional]
[Optio...Cloud MonitoringResource Group
SCC Workload Protection
SCC Workload Protecti...Activity Tracker Event Routing
App Configuration
App Config...Text is not SVG - cannot display \ No newline at end of file From 0c473e181b200b4ab0054aba5777ba0064aa81e6 Mon Sep 17 00:00:00 2001 From: Vipin Kumar Date: Mon, 25 Aug 2025 20:51:49 +0530 Subject: [PATCH 08/11] addressed review comments --- ibm_catalog.json | 32 +++++++++++++++++++++++--------- tests/go.mod | 2 +- tests/go.sum | 4 ++-- tests/pr_test.go | 4 ++-- 4 files changed, 28 insertions(+), 14 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 55c0d49..137a589 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -135,7 +135,7 @@ }, { "name": "deploy-arch-ibm-cloud-logs", - "description": "Provision and configure IBM Cloud Logs (ICL) instance which can be used for analysing logs generated by SCC Workload Protection instance. ", + "description": "Configure IBM Cloud Logs instance to analyse the platform logs.", "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "flavors": [ "fully-configurable" @@ -150,11 +150,6 @@ "version_input": "prefix", "reference_version": true }, - { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", - "reference_version": true - }, { "dependency_input": "region", "version_input": "region", @@ -169,7 +164,7 @@ }, { "name": "deploy-arch-ibm-cloud-monitoring", - "description": "Provision and configure IBM Cloud Monitoring for metrics generated by the SCC Workload Protection instance.", + "description": "Configure IBM Cloud Monitoring to collect the platform metrics.", "id": "73debdbf-894f-4c14-81c7-5ece3a70b67d-global", "version": "v1.6.4", "flavors": [ @@ -197,10 +192,29 @@ "dependency_input": "region", "version_input": "region", "reference_version": true + } + ] + }, + { + "name": "deploy-arch-ibm-activity-tracker", + "description": "Configure Activity Tracker Event Routing to route the auditing events.", + "id": "918453c3-4f97-4583-8c4a-83ef12fc7916-global", + "version": "v1.2.12", + "flavors": [ + "fully-configurable" + ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "optional": true, + "on_by_default": true, + "input_mapping": [ + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true }, { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", + "dependency_input": "region", + "version_input": "region", "reference_version": true } ] diff --git a/tests/go.mod b/tests/go.mod index 2a08bac..52181a4 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -7,7 +7,7 @@ toolchain go1.25.0 require ( github.com/gruntwork-io/terratest v0.50.0 github.com/stretchr/testify v1.10.0 - github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.59.1 + github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.59.3 ) require ( diff --git a/tests/go.sum b/tests/go.sum index 538a020..43b5bb5 100644 --- a/tests/go.sum +++ b/tests/go.sum @@ -295,8 +295,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.59.1 h1:9/uYvUFFLIH91F16AiJqP/LZeGi4t2CYtc8iz3bBXdQ= -github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.59.1/go.mod h1:kdhZ+FeS71D+tB0E2Sh1ISD3zQ+RThPX5SyFqduo7G8= +github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.59.3 h1:Z5lZaaka8ilzOws9BrtJgmU4Kdt+ntVKWHnebMJUhvU= +github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.59.3/go.mod h1:kdhZ+FeS71D+tB0E2Sh1ISD3zQ+RThPX5SyFqduo7G8= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tmccombs/hcl2json v0.6.4 h1:/FWnzS9JCuyZ4MNwrG4vMrFrzRgsWEOVi+1AyYUVLGw= github.com/tmccombs/hcl2json v0.6.4/go.mod h1:+ppKlIW3H5nsAsZddXPy2iMyvld3SHxyjswOZhavRDk= diff --git a/tests/pr_test.go b/tests/pr_test.go index b2a8be9..f269bc6 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -240,7 +240,7 @@ func TestSccWpAddonDefaultConfiguration(t *testing.T) { Testing: t, Prefix: "scc-def", ResourceGroup: resourceGroup, - QuietMode: false, // Suppress logs except on failure + QuietMode: true, // Suppress logs except on failure }) options.AddonConfig = cloudinfo.NewAddonConfigTerraform( @@ -266,7 +266,7 @@ func TestSccWpDependencyPermutations(t *testing.T) { OfferingName: "deploy-arch-ibm-scc-workload-protection", OfferingFlavor: "fully-configurable", Inputs: map[string]interface{}{ - "prefix": "vpc-per", + "prefix": "scc-per", "region": validRegions[rand.Intn(len(validRegions))], }, }, From 9dd06ad875095df8b4771596d7220ce9d3c255c5 Mon Sep 17 00:00:00 2001 From: Vipin Kumar Date: Mon, 25 Aug 2025 21:06:14 +0530 Subject: [PATCH 09/11] changed app configuration version --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 137a589..ef50b82 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -88,7 +88,7 @@ ], "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "id": "045c1169-d15a-4046-ae81-aa3d3348421f-global", - "version": "v1.7.0", + "version": "v1.10.0", "optional": true, "input_mapping": [ { From b839893004af800898fed3a95c3d624fb528fc93 Mon Sep 17 00:00:00 2001 From: Vipin Kumar Date: Mon, 25 Aug 2025 21:17:32 +0530 Subject: [PATCH 10/11] added permissions --- ibm_catalog.json | 80 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 79 insertions(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index ef50b82..55e66b9 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -465,7 +465,85 @@ "role_crns": [ "crn:v1:bluemix:public:iam::::serviceRole:Manager", "crn:v1:bluemix:public:iam::::role:Editor" - ] + ], + "notes":"Required for creating and managing SCC Workload Protection instance." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Viewer" + ], + "service_name": "Resource group only", + "notes": "Viewer access is required in the resource group you want to provision in." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator", + "crn:v1:bluemix:public:iam::::serviceRole:Manager" + ], + "service_name": "apprapp", + "notes": "[Optional] Required for provisioning the App Configuration instance." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "service_name": "All Account Management services", + "notes": "[Optional] Required to deploy Cloud automation for account configuration which creates resource group and to create trusted profile for App Configuration aggregator." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "service_name": "All Identity and Access enabled services", + "notes": "[Optional] Required to deploy Cloud automation for account configuration which creates foundational IBM Cloud account resources, like resource group with account settings and to create trusted profile for App Configuration aggregator." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Writer", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "atracker", + "notes": "[Optional] Required when enabling the Activity Tracker Event Routing." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "sysdig-monitor", + "notes": "[Optional] Required to create an instance of Cloud Monitoring." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "logs", + "notes": "[Optional] Required to create an instance of Cloud Logs." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "hs-crypto", + "notes": "[Optional] Required if Hyper Protect Crypto Services is used for encryption." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "kms", + "notes": "[Optional] Required to deploy Cloud automation for Key Protect, so you can use your own managed encryption keys." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "cloud-object-storage", + "notes": "[Optional] Required to deploy Cloud automation for Object Storage." } ], "architecture": { From e603de7bed2b3d2f76a8fdc3fa7f39732561784d Mon Sep 17 00:00:00 2001 From: Vipin Kumar Date: Mon, 25 Aug 2025 21:45:49 +0530 Subject: [PATCH 11/11] addressed review comments --- reference-architecture/scc.svg | 2 +- scc.svg | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) delete mode 100644 scc.svg diff --git a/reference-architecture/scc.svg b/reference-architecture/scc.svg index 6d0877f..ecabbaf 100644 --- a/reference-architecture/scc.svg +++ b/reference-architecture/scc.svg @@ -1,4 +1,4 @@ -
ACL
ACL
IBM Cloud
IBM Cloud
Region
Region
 Observability
Observabi...
 [Optional]
[Optio...Cloud MonitoringResource Group
SCC Workload Protection
SCC Workload Protecti...Activity Tracker Event Routing
App Configuration
App Config...Text is not SVG - cannot display \ No newline at end of file +
ACL
ACL
IBM Cloud
IBM Cloud
Region
Region
 Observability
Observabi...
 [Optional]
[Optio...Cloud MonitoringResource Group
SCC Workload Protection
SCC Workload Protecti...Activity Tracker Event Routing
App Configuration
App Config...Cloud LogsText is not SVG - cannot display \ No newline at end of file diff --git a/scc.svg b/scc.svg deleted file mode 100644 index ed0b71a..0000000 --- a/scc.svg +++ /dev/null @@ -1,4 +0,0 @@ - - - -
ACL
ACL
IBM Cloud
IBM Cloud
Region
Region
 Observability
Observabi...
 [Optional]
[Optio...Cloud MonitoringResource Group
SCC Workload Protection
SCC Workload Protecti...Activity Tracker Event Routing
App Configuration
App Config...Text is not SVG - cannot display \ No newline at end of file