From b1f926ce008164266d83d41f705c921227153622 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Mon, 25 Mar 2024 21:30:28 +0000 Subject: [PATCH 01/23] feat: add profile submodule --- modules/profile/README.md | 81 ++++++++++++++++++++++++++++++++++++ modules/profile/main.tf | 25 +++++++++++ modules/profile/outputs.tf | 8 ++++ modules/profile/variables.tf | 40 ++++++++++++++++++ modules/profile/version.tf | 10 +++++ 5 files changed, 164 insertions(+) create mode 100644 modules/profile/README.md create mode 100644 modules/profile/main.tf create mode 100644 modules/profile/outputs.tf create mode 100644 modules/profile/variables.tf create mode 100644 modules/profile/version.tf diff --git a/modules/profile/README.md b/modules/profile/README.md new file mode 100644 index 0000000..15b0607 --- /dev/null +++ b/modules/profile/README.md @@ -0,0 +1,81 @@ +# SCC Profile Module + +This module creates SCC Profile's (https://cloud.ibm.com/docs/security-compliance?topic=security-compliance-build-custom-profiles&interface=ui). A profile is a grouping of controls that can be evaluated for compliance. + +The module supports the following actions: +- Create SCC Profile + +### Usage + +```hcl +provider "ibm" { + ibmcloud_api_key = "XXXXXXXXXX" # pragma: allowlist secret + region = "us-south" +} + +# - SCC Profile +module "create_scc_profile" { + source = "../../profile/." + ibmcloud_api_key = "XXXXXXXXXX" # pragma: allowlist secret + instance_id = "123-456-789" + controls = [ + { + control_library_id = "8739-3d38-2r37-hs37" + control_id = "032a81ca-6ef7-4ac2-81ac-20ee4a780e3b" + } + ] + profile_name = "terraform-ibm-modules-profile" + profile_description = "Profile generated by terraform-ibm-modules" + profile_type = "predefined" +} +``` + +The above will create a new scc profile output the `profile_id`: +``` + profile_id = "fc179109-3b0a-4e06-bbd8-7458706cc66d" +``` + +### Required IAM access policies +You need the following permissions to run this module. + +- Account Management + - Security and Compliance Center service + - `Administrator` platform access +- IAM Services + - Event Notifications service + - `Manager` service access + + +### Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3.0, <1.7.0 | +| [ibm](#requirement\_ibm) | >= 1.62.0, <2.0.0 | + +### Modules + +No modules. + +### Resources + +| Name | Type | +|------|------| +| [ibm_scc_profile.scc_profile_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/scc_profile) | resource | + +### Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [controls](#input\_controls) | The list of controls that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items. | 
list(object({
    control_library_id = optional(string)
    control_id         = optional(string)
  }))
| `[]` | no | +| [default\_parameters](#input\_default\_parameters) | The default parameters of the profile. Constraints: The maximum length is `512` items. The minimum length is `0` items. | 
list(object({
    assessment_type         = optional(string)
    assessment_id           = optional(string)
    parameter_name          = optional(string)
    parameter_default_value = optional(string)
    parameter_display_name  = optional(string)
    parameter_type          = optional(string)
  }))
| `[]` | no | +| [instance\_id](#input\_instance\_id) | The ID of the SCC instance in a particular region. | `string` | n/a | yes | +| [profile\_description](#input\_profile\_description) | The profile description. Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`. | `string` | n/a | yes | +| [profile\_name](#input\_profile\_name) | The profile name. Constraints: The maximum length is `64` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`. | `string` | n/a | yes | + +### Outputs + +| Name | Description | +|------|-------------| +| [profile\_id](#output\_profile\_id) | The id of the SCC profile created by this module | + diff --git a/modules/profile/main.tf b/modules/profile/main.tf new file mode 100644 index 0000000..a146af9 --- /dev/null +++ b/modules/profile/main.tf @@ -0,0 +1,25 @@ +resource "ibm_scc_profile" "scc_profile_instance" { + instance_id = var.instance_id + + dynamic "controls" { + for_each = var.controls != null ? var.controls : [] + content { + control_library_id = controls.value.control_library_id + control_id = controls.value.control_id + } + } + dynamic "default_parameters" { + for_each = var.default_parameters != null ? var.default_parameters : [] + content { + assessment_type = default_parameters.value.assessment_type + assessment_id = default_parameters.value.assessment_id + parameter_name = default_parameters.value.parameter_name + parameter_default_value = default_parameters.value.parameter_default_value + parameter_display_name = default_parameters.value.parameter_display_name + parameter_type = default_parameters.value.parameter_type + } + } + profile_description = var.profile_description + profile_name = var.profile_name + profile_type = "custom" +} diff --git a/modules/profile/outputs.tf b/modules/profile/outputs.tf new file mode 100644 index 0000000..4c9d591 --- /dev/null +++ b/modules/profile/outputs.tf @@ -0,0 +1,8 @@ +######################################################################################################################## +# Outputs +######################################################################################################################## + +output "profile_id" { + description = "The id of the SCC profile created by this module" + value = ibm_scc_profile.scc_profile_instance.id +} diff --git a/modules/profile/variables.tf b/modules/profile/variables.tf new file mode 100644 index 0000000..44d0133 --- /dev/null +++ b/modules/profile/variables.tf @@ -0,0 +1,40 @@ +######################################################################################################################## +# Input variables +######################################################################################################################## + +variable "instance_id" { + type = string + description = "The ID of the SCC instance in a particular region." +} + +variable "profile_name" { + type = string + description = "The profile name. Constraints: The maximum length is `64` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`." +} + +variable "profile_description" { + type = string + description = "The profile description. Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`." +} + +variable "controls" { + type = list(object({ + control_library_id = optional(string) + control_id = optional(string) + })) + default = [] + description = "The list of controls that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items." +} + +variable "default_parameters" { + type = list(object({ + assessment_type = optional(string) + assessment_id = optional(string) + parameter_name = optional(string) + parameter_default_value = optional(string) + parameter_display_name = optional(string) + parameter_type = optional(string) + })) + default = [] + description = "The default parameters of the profile. Constraints: The maximum length is `512` items. The minimum length is `0` items." +} diff --git a/modules/profile/version.tf b/modules/profile/version.tf new file mode 100644 index 0000000..3dd5fb1 --- /dev/null +++ b/modules/profile/version.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3.0, <1.7.0" + + required_providers { + ibm = { + source = "IBM-Cloud/ibm" + version = ">= 1.62.0, <2.0.0" + } + } +} From 51c5dd5240ed8fd3cb10d38174b2f0ea80bcf54d Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Tue, 26 Mar 2024 01:19:38 +0000 Subject: [PATCH 02/23] fix: example --- common-dev-assets | 2 +- examples/complete/main.tf | 62 +++++++++++++++++++++++------------- examples/complete/outputs.tf | 16 +++++----- examples/complete/version.tf | 2 +- modules/profile/main.tf | 14 ++++++-- modules/profile/variables.tf | 14 ++++---- 6 files changed, 69 insertions(+), 41 deletions(-) diff --git a/common-dev-assets b/common-dev-assets index 8405107..465a57d 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 8405107509b351b346887674d06ee37e98140493 +Subproject commit 465a57d227d66bf8c80e75ec934c91dd7dd3d2d8 diff --git a/examples/complete/main.tf b/examples/complete/main.tf index ddac7b9..ba2c2b3 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -54,28 +54,46 @@ module "create_scc_instance" { } ############################################################################## -# SCC attachment +# SCC profile ############################################################################## -module "create_profile_attachment" { - source = "../../modules/attachment" - profile_id = "f54b4962-06c6-46bb-bb04-396d9fa9bd60" # temporarily default to SOC 2 profile until provider add support to do data lookup by name https://github.com/IBM-Cloud/terraform-provider-ibm/issues/5185) - scc_instance_id = module.create_scc_instance.guid - attachment_name = "${var.prefix}-attachment" - attachment_description = "profile-attachment-description" - attachment_schedule = "every_7_days" - # scope the attachment to a specific resource group - scope = [{ - environment = "ibm-cloud" - properties = [ - { - name = "scope_type" - value = "account.resource_group" - }, - { - name = "scope_id" - value = module.resource_group.resource_group_id - } - ] - }] +module "create_scc_profile" { + source = "../../modules/profile/." + instance_id = module.create_scc_instance.guid + + control_library_names = [ + "Information Flow Enforcement", + "Use of External Systems" + ] + + profile_name = "${var.prefix}-profile" + profile_description = "scc-custom" + profile_type = "custom" } + +############################################################################## +# SCC attachment +############################################################################## + +# module "create_profile_attachment" { +# source = "../../modules/attachment" +# profile_id = "f54b4962-06c6-46bb-bb04-396d9fa9bd60" # temporarily default to SOC 2 profile until provider add support to do data lookup by name https://github.com/IBM-Cloud/terraform-provider-ibm/issues/5185) +# scc_instance_id = module.create_scc_instance.guid +# attachment_name = "${var.prefix}-attachment" +# attachment_description = "profile-attachment-description" +# attachment_schedule = "every_7_days" +# # scope the attachment to a specific resource group +# scope = [{ +# environment = "ibm-cloud" +# properties = [ +# { +# name = "scope_type" +# value = "account.resource_group" +# }, +# { +# name = "scope_id" +# value = module.resource_group.resource_group_id +# } +# ] +# }] +# } diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index ef7b1b5..7896042 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -53,12 +53,12 @@ output "cos_bucket" { depends_on = [module.create_scc_instance] } -output "scc_profile_attachment_id" { - description = "SCC profile attachment ID" - value = module.create_profile_attachment.id -} +# output "scc_profile_attachment_id" { +# description = "SCC profile attachment ID" +# value = module.create_profile_attachment.id +# } -output "scc_profile_attachment_parameters" { - description = "SCC profile attachment ID" - value = module.create_profile_attachment.attachment_parameters -} +# output "scc_profile_attachment_parameters" { +# description = "SCC profile attachment ID" +# value = module.create_profile_attachment.attachment_parameters +# } diff --git a/examples/complete/version.tf b/examples/complete/version.tf index e6cd7a4..4b7e353 100644 --- a/examples/complete/version.tf +++ b/examples/complete/version.tf @@ -6,7 +6,7 @@ terraform { required_providers { ibm = { source = "IBM-Cloud/ibm" - version = ">= 1.63.0" + version = "1.64.0-beta0" } } } diff --git a/modules/profile/main.tf b/modules/profile/main.tf index a146af9..b77d30c 100644 --- a/modules/profile/main.tf +++ b/modules/profile/main.tf @@ -1,10 +1,18 @@ +data "ibm_scc_control_libraries" "scc_control_libraries" { + instance_id = "00000000-1111-2222-3333-444444444444" +} + +locals { + control_libraries = [for control_library in data.ibm_scc_control_libraries.scc_control_libraries[0].control_libraries : control_library if contains(var.var.control_library_names, control_library.control_library_name)] +} + resource "ibm_scc_profile" "scc_profile_instance" { instance_id = var.instance_id dynamic "controls" { - for_each = var.controls != null ? var.controls : [] + for_each = locals.control_libraries content { - control_library_id = controls.value.control_library_id + control_library_id = controls.value.id control_id = controls.value.control_id } } @@ -21,5 +29,5 @@ resource "ibm_scc_profile" "scc_profile_instance" { } profile_description = var.profile_description profile_name = var.profile_name - profile_type = "custom" + profile_type = var.profile_type } diff --git a/modules/profile/variables.tf b/modules/profile/variables.tf index 44d0133..0df990a 100644 --- a/modules/profile/variables.tf +++ b/modules/profile/variables.tf @@ -12,18 +12,20 @@ variable "profile_name" { description = "The profile name. Constraints: The maximum length is `64` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`." } +variable "profile_type" { + type = string + description = "The profile type. Constraints: Allowable values are: `predefined`, `custom`." +} + variable "profile_description" { type = string description = "The profile description. Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`." } -variable "controls" { - type = list(object({ - control_library_id = optional(string) - control_id = optional(string) - })) +variable "control_library_names" { + type = list default = [] - description = "The list of controls that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items." + description = "The list of control_library_names that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items." } variable "default_parameters" { From cabb436f67fb1a8b8c33e5bdcde1b7ecc0b4570d Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Wed, 27 Mar 2024 13:22:48 +0000 Subject: [PATCH 03/23] feature: add profile functionality --- README.md | 1 + examples/complete/main.tf | 10 ++++++---- examples/complete/outputs.tf | 5 +++++ examples/complete/variables.tf | 2 +- modules/profile/README.md | 6 ++++-- modules/profile/main.tf | 34 ++++++++++++++++++++++++++-------- modules/profile/outputs.tf | 11 ++++++++--- modules/profile/variables.tf | 11 +++-------- 8 files changed, 54 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 04a6012..683063c 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ This module configures an IBM Cloud Security and Compliance instance. * [terraform-ibm-scc](#terraform-ibm-scc) * [Submodules](./modules) * [attachment](./modules/attachment) + * [profile](./modules/profile) * [Examples](./examples) * [Basic example](./examples/basic) * [Complete example](./examples/complete) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index ba2c2b3..ee22ac0 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -61,14 +61,16 @@ module "create_scc_profile" { source = "../../modules/profile/." instance_id = module.create_scc_instance.guid - control_library_names = [ - "Information Flow Enforcement", - "Use of External Systems" + # control_library_names = [ + # "IBM Cloud for Financial Services", + # ] + + control_library_ids = [ + "65e75833-e59d-4313-81c4-471af17d4782", ] profile_name = "${var.prefix}-profile" profile_description = "scc-custom" - profile_type = "custom" } ############################################################################## diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 7896042..3afa9ef 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -53,6 +53,11 @@ output "cos_bucket" { depends_on = [module.create_scc_instance] } +# output "scc_control_libraries" { +# description = "The COS bucket created in this example" +# value = module.create_scc_profile.scc_control_libraries +# } + # output "scc_profile_attachment_id" { # description = "SCC profile attachment ID" # value = module.create_profile_attachment.id diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index 8c44c2a..a5ecf2c 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -17,7 +17,7 @@ variable "region" { variable "prefix" { type = string description = "Prefix to append to all resources created by this example" - default = "scc" + default = "scc-r" } variable "resource_group" { diff --git a/modules/profile/README.md b/modules/profile/README.md index 15b0607..9ceb4b9 100644 --- a/modules/profile/README.md +++ b/modules/profile/README.md @@ -62,12 +62,14 @@ No modules. | Name | Type | |------|------| | [ibm_scc_profile.scc_profile_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/scc_profile) | resource | +| [ibm_scc_control_libraries.scc_control_libraries](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/scc_control_libraries) | data source | +| [ibm_scc_control_library.scc_control_library](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/scc_control_library) | data source | ### Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [controls](#input\_controls) | The list of controls that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items. | 
list(object({
    control_library_id = optional(string)
    control_id         = optional(string)
  }))
| `[]` | no | +| [control\_library\_ids](#input\_control\_library\_ids) | The list of control\_library\_ids that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items. | `list(any)` | `[]` | no | | [default\_parameters](#input\_default\_parameters) | The default parameters of the profile. Constraints: The maximum length is `512` items. The minimum length is `0` items. | 
list(object({
    assessment_type         = optional(string)
    assessment_id           = optional(string)
    parameter_name          = optional(string)
    parameter_default_value = optional(string)
    parameter_display_name  = optional(string)
    parameter_type          = optional(string)
  }))
| `[]` | no | | [instance\_id](#input\_instance\_id) | The ID of the SCC instance in a particular region. | `string` | n/a | yes | | [profile\_description](#input\_profile\_description) | The profile description. Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`. | `string` | n/a | yes | @@ -77,5 +79,5 @@ No modules. | Name | Description | |------|-------------| -| [profile\_id](#output\_profile\_id) | The id of the SCC profile created by this module | +| [scc\_control\_libraries](#output\_scc\_control\_libraries) | The COS bucket created in this example | diff --git a/modules/profile/main.tf b/modules/profile/main.tf index b77d30c..f32fa89 100644 --- a/modules/profile/main.tf +++ b/modules/profile/main.tf @@ -1,18 +1,39 @@ data "ibm_scc_control_libraries" "scc_control_libraries" { - instance_id = "00000000-1111-2222-3333-444444444444" + instance_id = var.instance_id +} + +locals { + control_library_ids = [for control_library in data.ibm_scc_control_libraries.scc_control_libraries.control_libraries : control_library if contains(var.control_library_ids, control_library.id)] +} + +data "ibm_scc_control_library" "scc_control_library" { + count = length(var.control_library_ids) + instance_id = var.instance_id + control_library_id = local.control_library_ids[count.index].id } locals { - control_libraries = [for control_library in data.ibm_scc_control_libraries.scc_control_libraries[0].control_libraries : control_library if contains(var.var.control_library_names, control_library.control_library_name)] + # Nested loop over both lists, and flatten the result. + controls_map = flatten([ + for index, control_library in local.control_library_ids : [ + for control in data.ibm_scc_control_library.scc_control_library[index].controls : { + control_library_id = control_library.id + control_id = control.control_id + } + ] + ]) } resource "ibm_scc_profile" "scc_profile_instance" { - instance_id = var.instance_id + instance_id = var.instance_id + profile_description = var.profile_description + profile_name = var.profile_name + profile_type = "custom" dynamic "controls" { - for_each = locals.control_libraries + for_each = local.controls_map content { - control_library_id = controls.value.id + control_library_id = controls.value.control_library_id control_id = controls.value.control_id } } @@ -27,7 +48,4 @@ resource "ibm_scc_profile" "scc_profile_instance" { parameter_type = default_parameters.value.parameter_type } } - profile_description = var.profile_description - profile_name = var.profile_name - profile_type = var.profile_type } diff --git a/modules/profile/outputs.tf b/modules/profile/outputs.tf index 4c9d591..adac3fb 100644 --- a/modules/profile/outputs.tf +++ b/modules/profile/outputs.tf @@ -2,7 +2,12 @@ # Outputs ######################################################################################################################## -output "profile_id" { - description = "The id of the SCC profile created by this module" - value = ibm_scc_profile.scc_profile_instance.id +# output "profile_id" { +# description = "The id of the SCC profile created by this module" +# value = ibm_scc_profile.scc_profile_instance.id +# } + +output "scc_control_libraries" { + description = "The COS bucket created in this example" + value = data.ibm_scc_control_libraries.scc_control_libraries.control_libraries } diff --git a/modules/profile/variables.tf b/modules/profile/variables.tf index 0df990a..3343266 100644 --- a/modules/profile/variables.tf +++ b/modules/profile/variables.tf @@ -12,20 +12,15 @@ variable "profile_name" { description = "The profile name. Constraints: The maximum length is `64` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`." } -variable "profile_type" { - type = string - description = "The profile type. Constraints: Allowable values are: `predefined`, `custom`." -} - variable "profile_description" { type = string description = "The profile description. Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`." } -variable "control_library_names" { - type = list +variable "control_library_ids" { + type = list(any) default = [] - description = "The list of control_library_names that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items." + description = "The list of control_library_ids that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items." } variable "default_parameters" { From 61f95e6f5eee4bea43a3189fe3698218dc2bd744 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Tue, 2 Apr 2024 01:09:59 +0100 Subject: [PATCH 04/23] feat: add scc profiles --- examples/complete/main.tf | 7 +++++-- modules/profile/main.tf | 12 ++++++++---- modules/profile/variables.tf | 7 +++++-- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index ee22ac0..5c6433e 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -65,8 +65,11 @@ module "create_scc_profile" { # "IBM Cloud for Financial Services", # ] - control_library_ids = [ - "65e75833-e59d-4313-81c4-471af17d4782", + control_libraries = [ + { + control_library_name = "IBM Cloud Framework for Financial Services", + control_library_version = "1.6.0" + } ] profile_name = "${var.prefix}-profile" diff --git a/modules/profile/main.tf b/modules/profile/main.tf index f32fa89..a1aac85 100644 --- a/modules/profile/main.tf +++ b/modules/profile/main.tf @@ -3,19 +3,23 @@ data "ibm_scc_control_libraries" "scc_control_libraries" { } locals { - control_library_ids = [for control_library in data.ibm_scc_control_libraries.scc_control_libraries.control_libraries : control_library if contains(var.control_library_ids, control_library.id)] + control_libraries = flatten([for control_library in data.ibm_scc_control_libraries.scc_control_libraries.control_libraries : [ + for ctrl in var.control_libraries: + control_library if ctrl.control_library_name == control_library.control_library_name && ctrl.control_library_version == control_library.control_library_version + ] + ]) } data "ibm_scc_control_library" "scc_control_library" { - count = length(var.control_library_ids) + count = length(var.control_libraries) instance_id = var.instance_id - control_library_id = local.control_library_ids[count.index].id + control_library_id = local.control_libraries[count.index].id } locals { # Nested loop over both lists, and flatten the result. controls_map = flatten([ - for index, control_library in local.control_library_ids : [ + for index, control_library in local.control_libraries : [ for control in data.ibm_scc_control_library.scc_control_library[index].controls : { control_library_id = control_library.id control_id = control.control_id diff --git a/modules/profile/variables.tf b/modules/profile/variables.tf index 3343266..98ef97b 100644 --- a/modules/profile/variables.tf +++ b/modules/profile/variables.tf @@ -17,8 +17,11 @@ variable "profile_description" { description = "The profile description. Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`." } -variable "control_library_ids" { - type = list(any) +variable "control_libraries" { + type = list(object({ + control_library_name = optional(string) + control_library_version = optional(string) + })) default = [] description = "The list of control_library_ids that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items." } From b7122e19a841ff0902eaf9e6c65967c7f7022155 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Tue, 2 Apr 2024 01:44:26 +0100 Subject: [PATCH 05/23] feat: update example --- examples/complete/main.tf | 56 +++++++++++++++++----------------- examples/complete/outputs.tf | 29 ++++++++++-------- examples/complete/variables.tf | 2 +- modules/profile/README.md | 5 +-- modules/profile/main.tf | 5 ++- modules/profile/outputs.tf | 19 ++++++++---- modules/profile/variables.tf | 4 +-- 7 files changed, 66 insertions(+), 54 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 5c6433e..364673c 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -61,15 +61,15 @@ module "create_scc_profile" { source = "../../modules/profile/." instance_id = module.create_scc_instance.guid - # control_library_names = [ - # "IBM Cloud for Financial Services", - # ] - control_libraries = [ { - control_library_name = "IBM Cloud Framework for Financial Services", + control_library_name = "IBM Cloud Framework for Financial Services", control_library_version = "1.6.0" - } + }, + { + control_library_name = "CIS Azure Kubernetes Service (AKS) Benchmark", + control_library_version = "1.2.0" + }, ] profile_name = "${var.prefix}-profile" @@ -80,25 +80,25 @@ module "create_scc_profile" { # SCC attachment ############################################################################## -# module "create_profile_attachment" { -# source = "../../modules/attachment" -# profile_id = "f54b4962-06c6-46bb-bb04-396d9fa9bd60" # temporarily default to SOC 2 profile until provider add support to do data lookup by name https://github.com/IBM-Cloud/terraform-provider-ibm/issues/5185) -# scc_instance_id = module.create_scc_instance.guid -# attachment_name = "${var.prefix}-attachment" -# attachment_description = "profile-attachment-description" -# attachment_schedule = "every_7_days" -# # scope the attachment to a specific resource group -# scope = [{ -# environment = "ibm-cloud" -# properties = [ -# { -# name = "scope_type" -# value = "account.resource_group" -# }, -# { -# name = "scope_id" -# value = module.resource_group.resource_group_id -# } -# ] -# }] -# } +module "create_profile_attachment" { + source = "../../modules/attachment" + profile_id = module.create_scc_profile.profile_id + scc_instance_id = module.create_scc_instance.guid + attachment_name = "${var.prefix}-attachment" + attachment_description = "profile-attachment-description" + attachment_schedule = "every_7_days" + # scope the attachment to a specific resource group + scope = [{ + environment = "ibm-cloud" + properties = [ + { + name = "scope_type" + value = "account.resource_group" + }, + { + name = "scope_id" + value = module.resource_group.resource_group_id + } + ] + }] +} diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 3afa9ef..4f730fc 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -53,17 +53,22 @@ output "cos_bucket" { depends_on = [module.create_scc_instance] } -# output "scc_control_libraries" { -# description = "The COS bucket created in this example" -# value = module.create_scc_profile.scc_control_libraries -# } +output "profile_id" { + description = "The id of the SCC profile created by this module" + value = module.create_scc_profile.profile_id +} + +output "scc_control_libraries" { + description = "The COS bucket created in this example" + value = module.create_scc_profile.scc_control_libraries +} -# output "scc_profile_attachment_id" { -# description = "SCC profile attachment ID" -# value = module.create_profile_attachment.id -# } +output "scc_profile_attachment_id" { + description = "SCC profile attachment ID" + value = module.create_profile_attachment.id +} -# output "scc_profile_attachment_parameters" { -# description = "SCC profile attachment ID" -# value = module.create_profile_attachment.attachment_parameters -# } +output "scc_profile_attachment_parameters" { + description = "SCC profile attachment ID" + value = module.create_profile_attachment.attachment_parameters +} diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index a5ecf2c..8c44c2a 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -17,7 +17,7 @@ variable "region" { variable "prefix" { type = string description = "Prefix to append to all resources created by this example" - default = "scc-r" + default = "scc" } variable "resource_group" { diff --git a/modules/profile/README.md b/modules/profile/README.md index 9ceb4b9..8d008c4 100644 --- a/modules/profile/README.md +++ b/modules/profile/README.md @@ -69,7 +69,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [control\_library\_ids](#input\_control\_library\_ids) | The list of control\_library\_ids that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items. | `list(any)` | `[]` | no | +| [control\_libraries](#input\_control\_libraries) | The list of control\_library\_ids that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items. | 
list(object({
    control_library_name    = optional(string)
    control_library_version = optional(string)
  }))
| `[]` | no | | [default\_parameters](#input\_default\_parameters) | The default parameters of the profile. Constraints: The maximum length is `512` items. The minimum length is `0` items. | 
list(object({
    assessment_type         = optional(string)
    assessment_id           = optional(string)
    parameter_name          = optional(string)
    parameter_default_value = optional(string)
    parameter_display_name  = optional(string)
    parameter_type          = optional(string)
  }))
| `[]` | no | | [instance\_id](#input\_instance\_id) | The ID of the SCC instance in a particular region. | `string` | n/a | yes | | [profile\_description](#input\_profile\_description) | The profile description. Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`. | `string` | n/a | yes | @@ -79,5 +79,6 @@ No modules. | Name | Description | |------|-------------| -| [scc\_control\_libraries](#output\_scc\_control\_libraries) | The COS bucket created in this example | +| [profile\_id](#output\_profile\_id) | The id of the SCC profile created by this module | +| [scc\_control\_libraries](#output\_scc\_control\_libraries) | The scc control libraries applied to the profile in this module | diff --git a/modules/profile/main.tf b/modules/profile/main.tf index a1aac85..cd2e3cc 100644 --- a/modules/profile/main.tf +++ b/modules/profile/main.tf @@ -4,8 +4,8 @@ data "ibm_scc_control_libraries" "scc_control_libraries" { locals { control_libraries = flatten([for control_library in data.ibm_scc_control_libraries.scc_control_libraries.control_libraries : [ - for ctrl in var.control_libraries: - control_library if ctrl.control_library_name == control_library.control_library_name && ctrl.control_library_version == control_library.control_library_version + for ctrl in var.control_libraries : + control_library if ctrl.control_library_name == control_library.control_library_name && ctrl.control_library_version == control_library.control_library_version ] ]) } @@ -17,7 +17,6 @@ data "ibm_scc_control_library" "scc_control_library" { } locals { - # Nested loop over both lists, and flatten the result. controls_map = flatten([ for index, control_library in local.control_libraries : [ for control in data.ibm_scc_control_library.scc_control_library[index].controls : { diff --git a/modules/profile/outputs.tf b/modules/profile/outputs.tf index adac3fb..17c42a8 100644 --- a/modules/profile/outputs.tf +++ b/modules/profile/outputs.tf @@ -2,12 +2,19 @@ # Outputs ######################################################################################################################## -# output "profile_id" { -# description = "The id of the SCC profile created by this module" -# value = ibm_scc_profile.scc_profile_instance.id -# } +output "profile_id" { + description = "The id of the SCC profile created by this module" + value = ibm_scc_profile.scc_profile_instance.profile_id +} output "scc_control_libraries" { - description = "The COS bucket created in this example" - value = data.ibm_scc_control_libraries.scc_control_libraries.control_libraries + description = "The scc control libraries applied to the profile in this module" + value = [ + for control_lib in local.control_libraries : { + name = control_lib.control_library_name + id = control_lib.id + version = control_lib.control_library_version + controls_count = control_lib.controls_count + } + ] } diff --git a/modules/profile/variables.tf b/modules/profile/variables.tf index 98ef97b..a27087a 100644 --- a/modules/profile/variables.tf +++ b/modules/profile/variables.tf @@ -18,8 +18,8 @@ variable "profile_description" { } variable "control_libraries" { - type = list(object({ - control_library_name = optional(string) + type = list(object({ + control_library_name = optional(string) control_library_version = optional(string) })) default = [] From b4cb06dfb69c9783f0170ca28e67c630d8eacfb6 Mon Sep 17 00:00:00 2001 From: Jordan Date: Wed, 3 Apr 2024 11:32:56 +0100 Subject: [PATCH 06/23] fix: Update version.tf --- examples/complete/version.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/complete/version.tf b/examples/complete/version.tf index 4b7e353..2ee8ba6 100644 --- a/examples/complete/version.tf +++ b/examples/complete/version.tf @@ -6,7 +6,7 @@ terraform { required_providers { ibm = { source = "IBM-Cloud/ibm" - version = "1.64.0-beta0" + version = "1.64.0" } } } From ce92eab6c7500addb10e04654c9be3d6563d8dae Mon Sep 17 00:00:00 2001 From: Jordan Date: Wed, 3 Apr 2024 11:33:33 +0100 Subject: [PATCH 07/23] fix: Update version.tf --- examples/complete/version.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/complete/version.tf b/examples/complete/version.tf index 2ee8ba6..db46101 100644 --- a/examples/complete/version.tf +++ b/examples/complete/version.tf @@ -6,7 +6,7 @@ terraform { required_providers { ibm = { source = "IBM-Cloud/ibm" - version = "1.64.0" + version = ">= 1.64.0" } } } From 329644e8ff0d87836358f98d097b717c8a853492 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Wed, 3 Apr 2024 13:15:10 +0100 Subject: [PATCH 08/23] fix: no provider --- examples/complete/main.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 364673c..b8fdbe9 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -66,10 +66,6 @@ module "create_scc_profile" { control_library_name = "IBM Cloud Framework for Financial Services", control_library_version = "1.6.0" }, - { - control_library_name = "CIS Azure Kubernetes Service (AKS) Benchmark", - control_library_version = "1.2.0" - }, ] profile_name = "${var.prefix}-profile" From 08e4fe999e938be52601d421cb10a6d221e16464 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Wed, 3 Apr 2024 13:27:44 +0100 Subject: [PATCH 09/23] fix: SKIP UPGRADE TEST --- examples/complete/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index b8fdbe9..0982c04 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -65,7 +65,7 @@ module "create_scc_profile" { { control_library_name = "IBM Cloud Framework for Financial Services", control_library_version = "1.6.0" - }, + } ] profile_name = "${var.prefix}-profile" From 529c2ffe218a3a05c4eea1b9dc5e55295c77352d Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 18 Apr 2024 01:00:03 +0100 Subject: [PATCH 10/23] feat: add profile functionality for individual rules --- README.md | 3 --- examples/complete/main.tf | 23 ++++++++++++++++++----- examples/complete/outputs.tf | 10 +++++----- modules/profile/README.md | 17 +++++------------ modules/profile/main.tf | 21 ++++++++++++++++----- modules/profile/outputs.tf | 5 +++++ modules/profile/variables.tf | 3 ++- modules/profile/version.tf | 2 +- 8 files changed, 52 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 78d9508..7317589 100644 --- a/README.md +++ b/README.md @@ -55,9 +55,6 @@ You need the following permissions to run this module. - Account Management - Security and Compliance Center service - `Administrator` platform access -- IAM Services - - Event Notifications service - - `Manager` service access diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 307049a..77de1cf 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -71,20 +71,33 @@ module "create_scc_instance" { } ############################################################################## -# SCC profile +# SCC custom profile ############################################################################## module "create_scc_profile" { source = "../../modules/profile/." instance_id = module.create_scc_instance.guid - - control_libraries = [ + controls = [ { control_library_name = "IBM Cloud Framework for Financial Services", control_library_version = "1.6.0" - } + control_list = [ + "AC", + "AC-1", + "AC-1(a)", + ] + }, + { + control_library_name = "CIS IBM Cloud Foundations Benchmark", + control_library_version = "1.0.0" + control_list = [ + "1.16", + "1.18", + "1.19", + "1.4", + ] + }, ] - profile_name = "${var.prefix}-profile" profile_description = "scc-custom" } diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 41d30e4..a28da12 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -68,12 +68,12 @@ output "scc_profile_attachment_id" { value = module.create_profile_attachment.id } -output "scc_profile_attachment_parameters" { - description = "SCC profile attachment ID" - value = module.create_profile_attachment.attachment_parameters -} - output "wp_crn" { description = "CRN of created SCC WP instance." value = module.scc_wp.crn } + +output "controls_map" { + description = "maps" + value = module.create_scc_profile.controls_map +} diff --git a/modules/profile/README.md b/modules/profile/README.md index 8d008c4..f2fec68 100644 --- a/modules/profile/README.md +++ b/modules/profile/README.md @@ -1,6 +1,6 @@ # SCC Profile Module -This module creates SCC Profile's (https://cloud.ibm.com/docs/security-compliance?topic=security-compliance-build-custom-profiles&interface=ui). A profile is a grouping of controls that can be evaluated for compliance. +This module creates an SCC Profile (https://cloud.ibm.com/docs/security-compliance?topic=security-compliance-build-custom-profiles&interface=ui). A profile is a grouping of controls that can be evaluated for compliance. The module supports the following actions: - Create SCC Profile @@ -15,7 +15,7 @@ provider "ibm" { # - SCC Profile module "create_scc_profile" { - source = "../../profile/." + source = "terraform-ibm-modules/scc/ibm//modules/profile" ibmcloud_api_key = "XXXXXXXXXX" # pragma: allowlist secret instance_id = "123-456-789" controls = [ @@ -30,20 +30,12 @@ module "create_scc_profile" { } ``` -The above will create a new scc profile output the `profile_id`: -``` - profile_id = "fc179109-3b0a-4e06-bbd8-7458706cc66d" -``` - ### Required IAM access policies You need the following permissions to run this module. - Account Management - Security and Compliance Center service - `Administrator` platform access -- IAM Services - - Event Notifications service - - `Manager` service access ### Requirements @@ -51,7 +43,7 @@ You need the following permissions to run this module. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0, <1.7.0 | -| [ibm](#requirement\_ibm) | >= 1.62.0, <2.0.0 | +| [ibm](#requirement\_ibm) | >= 1.64.1, <2.0.0 | ### Modules @@ -69,7 +61,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [control\_libraries](#input\_control\_libraries) | The list of control\_library\_ids that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items. | 
list(object({
    control_library_name    = optional(string)
    control_library_version = optional(string)
  }))
| `[]` | no | +| [controls](#input\_controls) | The list of control\_library\_ids that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items. | 
list(object({
    control_library_name    = optional(string)
    control_library_version = optional(string)
    control_list            = optional(list(string))
  }))
| `[]` | no | | [default\_parameters](#input\_default\_parameters) | The default parameters of the profile. Constraints: The maximum length is `512` items. The minimum length is `0` items. | 
list(object({
    assessment_type         = optional(string)
    assessment_id           = optional(string)
    parameter_name          = optional(string)
    parameter_default_value = optional(string)
    parameter_display_name  = optional(string)
    parameter_type          = optional(string)
  }))
| `[]` | no | | [instance\_id](#input\_instance\_id) | The ID of the SCC instance in a particular region. | `string` | n/a | yes | | [profile\_description](#input\_profile\_description) | The profile description. Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`. | `string` | n/a | yes | @@ -79,6 +71,7 @@ No modules. | Name | Description | |------|-------------| +| [controls\_map](#output\_controls\_map) | maps | | [profile\_id](#output\_profile\_id) | The id of the SCC profile created by this module | | [scc\_control\_libraries](#output\_scc\_control\_libraries) | The scc control libraries applied to the profile in this module | diff --git a/modules/profile/main.tf b/modules/profile/main.tf index cd2e3cc..e83d4ad 100644 --- a/modules/profile/main.tf +++ b/modules/profile/main.tf @@ -4,14 +4,14 @@ data "ibm_scc_control_libraries" "scc_control_libraries" { locals { control_libraries = flatten([for control_library in data.ibm_scc_control_libraries.scc_control_libraries.control_libraries : [ - for ctrl in var.control_libraries : + for ctrl in var.controls : control_library if ctrl.control_library_name == control_library.control_library_name && ctrl.control_library_version == control_library.control_library_version ] ]) } data "ibm_scc_control_library" "scc_control_library" { - count = length(var.control_libraries) + count = length(var.controls) instance_id = var.instance_id control_library_id = local.control_libraries[count.index].id } @@ -20,11 +20,22 @@ locals { controls_map = flatten([ for index, control_library in local.control_libraries : [ for control in data.ibm_scc_control_library.scc_control_library[index].controls : { - control_library_id = control_library.id - control_id = control.control_id + control_library_id = control_library.id + control_library_name = control_library.control_library_name + control_id = control.control_id + control_name = trimspace(split(":", control.control_name)[0]) } ] ]) + + relevant_controls = flatten([ + for ctrl_map in local.controls_map : [ + for control in var.controls : [ + for ctrl in control.control_list : + ctrl_map if ctrl_map.control_name == ctrl && ctrl_map.control_library_name == control.control_library_name + ] + ] + ]) } resource "ibm_scc_profile" "scc_profile_instance" { @@ -34,7 +45,7 @@ resource "ibm_scc_profile" "scc_profile_instance" { profile_type = "custom" dynamic "controls" { - for_each = local.controls_map + for_each = local.relevant_controls content { control_library_id = controls.value.control_library_id control_id = controls.value.control_id diff --git a/modules/profile/outputs.tf b/modules/profile/outputs.tf index 17c42a8..73618a4 100644 --- a/modules/profile/outputs.tf +++ b/modules/profile/outputs.tf @@ -7,6 +7,11 @@ output "profile_id" { value = ibm_scc_profile.scc_profile_instance.profile_id } +output "controls_map" { + description = "maps" + value = local.relevant_controls +} + output "scc_control_libraries" { description = "The scc control libraries applied to the profile in this module" value = [ diff --git a/modules/profile/variables.tf b/modules/profile/variables.tf index a27087a..3adc2fa 100644 --- a/modules/profile/variables.tf +++ b/modules/profile/variables.tf @@ -17,10 +17,11 @@ variable "profile_description" { description = "The profile description. Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`." } -variable "control_libraries" { +variable "controls" { type = list(object({ control_library_name = optional(string) control_library_version = optional(string) + control_list = optional(list(string)) })) default = [] description = "The list of control_library_ids that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items." diff --git a/modules/profile/version.tf b/modules/profile/version.tf index 3dd5fb1..a618493 100644 --- a/modules/profile/version.tf +++ b/modules/profile/version.tf @@ -4,7 +4,7 @@ terraform { required_providers { ibm = { source = "IBM-Cloud/ibm" - version = ">= 1.62.0, <2.0.0" + version = ">= 1.64.1, <2.0.0" } } } From dbcff43e06e5d8094ffb63ede541d0fa5453c67a Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 18 Apr 2024 01:04:50 +0100 Subject: [PATCH 11/23] feat: add profile functionality for individual rules --- modules/profile/README.md | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/modules/profile/README.md b/modules/profile/README.md index f2fec68..0e05fd3 100644 --- a/modules/profile/README.md +++ b/modules/profile/README.md @@ -16,17 +16,30 @@ provider "ibm" { # - SCC Profile module "create_scc_profile" { source = "terraform-ibm-modules/scc/ibm//modules/profile" - ibmcloud_api_key = "XXXXXXXXXX" # pragma: allowlist secret - instance_id = "123-456-789" + instance_id = module.create_scc_instance.guid controls = [ { - control_library_id = "8739-3d38-2r37-hs37" - control_id = "032a81ca-6ef7-4ac2-81ac-20ee4a780e3b" - } + control_library_name = "IBM Cloud Framework for Financial Services", + control_library_version = "1.6.0" + control_list = [ + "AC", + "AC-1", + "AC-1(a)", + ] + }, + { + control_library_name = "CIS IBM Cloud Foundations Benchmark", + control_library_version = "1.0.0" + control_list = [ + "1.16", + "1.18", + "1.19", + "1.4", + ] + }, ] - profile_name = "terraform-ibm-modules-profile" - profile_description = "Profile generated by terraform-ibm-modules" - profile_type = "predefined" + profile_name = "${var.prefix}-profile" + profile_description = "scc-custom" } ``` From 4876849b19a548c22dd36a84f16a5921b65e7097 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 18 Apr 2024 01:08:45 +0100 Subject: [PATCH 12/23] feat: add profile functionality for individual rules --- examples/complete/main.tf | 2 +- modules/profile/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 77de1cf..6467f26 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -20,7 +20,7 @@ module "cos" { kms_encryption_enabled = false retention_enabled = false resource_group_id = module.resource_group.resource_group_id - bucket_name = "${var.prefix}-cb" + bucket_name = "${var.prefix}-cb1" } ############################################################################## diff --git a/modules/profile/main.tf b/modules/profile/main.tf index e83d4ad..20d78f6 100644 --- a/modules/profile/main.tf +++ b/modules/profile/main.tf @@ -23,7 +23,7 @@ locals { control_library_id = control_library.id control_library_name = control_library.control_library_name control_id = control.control_id - control_name = trimspace(split(":", control.control_name)[0]) + control_name = control.control_name } ] ]) From 5c53976ea93ed13ac570ffd5bc1343c835e52466 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 18 Apr 2024 01:10:24 +0100 Subject: [PATCH 13/23] feat: add profile functionality for individual rules --- examples/complete/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 6467f26..77de1cf 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -20,7 +20,7 @@ module "cos" { kms_encryption_enabled = false retention_enabled = false resource_group_id = module.resource_group.resource_group_id - bucket_name = "${var.prefix}-cb1" + bucket_name = "${var.prefix}-cb" } ############################################################################## From 0fc92f033cf941995058604685ec8b9549420cad Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 18 Apr 2024 11:06:52 +0100 Subject: [PATCH 14/23] fix: docs --- modules/profile/README.md | 2 +- modules/profile/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/profile/README.md b/modules/profile/README.md index 0e05fd3..e0d8dcd 100644 --- a/modules/profile/README.md +++ b/modules/profile/README.md @@ -75,7 +75,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [controls](#input\_controls) | The list of control\_library\_ids that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items. | 
list(object({
    control_library_name    = optional(string)
    control_library_version = optional(string)
    control_list            = optional(list(string))
  }))
| `[]` | no | -| [default\_parameters](#input\_default\_parameters) | The default parameters of the profile. Constraints: The maximum length is `512` items. The minimum length is `0` items. | 
list(object({
    assessment_type         = optional(string)
    assessment_id           = optional(string)
    parameter_name          = optional(string)
    parameter_default_value = optional(string)
    parameter_display_name  = optional(string)
    parameter_type          = optional(string)
  }))
| `[]` | no | +| [default\_parameters](#input\_default\_parameters) | Each assessment must be assigned a value to evaluate your resources. To customize parameters for your profile, set a new default value. Constraints: The maximum length is `512` items. The minimum length is `0` items. | 
list(object({
    assessment_type         = optional(string)
    assessment_id           = optional(string)
    parameter_name          = optional(string)
    parameter_default_value = optional(string)
    parameter_display_name  = optional(string)
    parameter_type          = optional(string)
  }))
| `[]` | no | | [instance\_id](#input\_instance\_id) | The ID of the SCC instance in a particular region. | `string` | n/a | yes | | [profile\_description](#input\_profile\_description) | The profile description. Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`. | `string` | n/a | yes | | [profile\_name](#input\_profile\_name) | The profile name. Constraints: The maximum length is `64` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`. | `string` | n/a | yes | diff --git a/modules/profile/variables.tf b/modules/profile/variables.tf index 3adc2fa..c1677eb 100644 --- a/modules/profile/variables.tf +++ b/modules/profile/variables.tf @@ -37,5 +37,5 @@ variable "default_parameters" { parameter_type = optional(string) })) default = [] - description = "The default parameters of the profile. Constraints: The maximum length is `512` items. The minimum length is `0` items." + description = "Each assessment must be assigned a value to evaluate your resources. To customize parameters for your profile, set a new default value. Constraints: The maximum length is `512` items. The minimum length is `0` items." } From f382514ddc52e8b75f344aeb2ad205316f79205b Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 18 Apr 2024 21:49:32 +0100 Subject: [PATCH 15/23] fix: address feedback --- examples/complete/main.tf | 5 +++-- modules/profile/README.md | 21 ++++++++++----------- modules/profile/main.tf | 3 ++- modules/profile/variables.tf | 13 +++++++++---- 4 files changed, 24 insertions(+), 18 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 77de1cf..6d1e9e7 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -81,7 +81,7 @@ module "create_scc_profile" { { control_library_name = "IBM Cloud Framework for Financial Services", control_library_version = "1.6.0" - control_list = [ + control_name_list = [ "AC", "AC-1", "AC-1(a)", @@ -90,7 +90,7 @@ module "create_scc_profile" { { control_library_name = "CIS IBM Cloud Foundations Benchmark", control_library_version = "1.0.0" - control_list = [ + control_name_list = [ "1.16", "1.18", "1.19", @@ -100,6 +100,7 @@ module "create_scc_profile" { ] profile_name = "${var.prefix}-profile" profile_description = "scc-custom" + profile_version = "1.0.0" } ############################################################################## diff --git a/modules/profile/README.md b/modules/profile/README.md index e0d8dcd..e2c3bb7 100644 --- a/modules/profile/README.md +++ b/modules/profile/README.md @@ -2,9 +2,6 @@ This module creates an SCC Profile (https://cloud.ibm.com/docs/security-compliance?topic=security-compliance-build-custom-profiles&interface=ui). A profile is a grouping of controls that can be evaluated for compliance. -The module supports the following actions: -- Create SCC Profile - ### Usage ```hcl @@ -16,12 +13,12 @@ provider "ibm" { # - SCC Profile module "create_scc_profile" { source = "terraform-ibm-modules/scc/ibm//modules/profile" - instance_id = module.create_scc_instance.guid + instance_id = "00000000-1111-2222-3333-444444444444" controls = [ { control_library_name = "IBM Cloud Framework for Financial Services", control_library_version = "1.6.0" - control_list = [ + control_name_list = [ "AC", "AC-1", "AC-1(a)", @@ -30,7 +27,7 @@ module "create_scc_profile" { { control_library_name = "CIS IBM Cloud Foundations Benchmark", control_library_version = "1.0.0" - control_list = [ + control_name_list = [ "1.16", "1.18", "1.19", @@ -38,8 +35,9 @@ module "create_scc_profile" { ] }, ] - profile_name = "${var.prefix}-profile" + profile_name = "scc-profile" profile_description = "scc-custom" + profile_version = "1.0.0" } ``` @@ -74,11 +72,12 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [controls](#input\_controls) | The list of control\_library\_ids that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items. | 
list(object({
    control_library_name    = optional(string)
    control_library_version = optional(string)
    control_list            = optional(list(string))
  }))
| `[]` | no | -| [default\_parameters](#input\_default\_parameters) | Each assessment must be assigned a value to evaluate your resources. To customize parameters for your profile, set a new default value. Constraints: The maximum length is `512` items. The minimum length is `0` items. | 
list(object({
    assessment_type         = optional(string)
    assessment_id           = optional(string)
    parameter_name          = optional(string)
    parameter_default_value = optional(string)
    parameter_display_name  = optional(string)
    parameter_type          = optional(string)
  }))
| `[]` | no | +| [controls](#input\_controls) | The list of control\_library\_ids that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items. | 
list(object({
    control_library_name    = optional(string)
    control_library_version = optional(string)
    control_name_list       = optional(list(string))
  }))
| `[]` | no | +| [default\_parameters](#input\_default\_parameters) | Each assessment must be assigned a value to evaluate your resources. To customize parameters for your profile, set a new default value. | 
list(object({
    assessment_type         = optional(string)
    assessment_id           = optional(string)
    parameter_name          = optional(string)
    parameter_default_value = optional(string)
    parameter_display_name  = optional(string)
    parameter_type          = optional(string)
  }))
| `[]` | no | | [instance\_id](#input\_instance\_id) | The ID of the SCC instance in a particular region. | `string` | n/a | yes | -| [profile\_description](#input\_profile\_description) | The profile description. Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`. | `string` | n/a | yes | -| [profile\_name](#input\_profile\_name) | The profile name. Constraints: The maximum length is `64` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`. | `string` | n/a | yes | +| [profile\_description](#input\_profile\_description) | The description of the profile to be created. | `string` | n/a | yes | +| [profile\_name](#input\_profile\_name) | The name of the profile to be created. | `string` | n/a | yes | +| [profile\_version](#input\_profile\_version) | The version status of the profile. | `string` | n/a | yes | ### Outputs diff --git a/modules/profile/main.tf b/modules/profile/main.tf index 20d78f6..ef03d81 100644 --- a/modules/profile/main.tf +++ b/modules/profile/main.tf @@ -31,7 +31,7 @@ locals { relevant_controls = flatten([ for ctrl_map in local.controls_map : [ for control in var.controls : [ - for ctrl in control.control_list : + for ctrl in control.control_name_list : ctrl_map if ctrl_map.control_name == ctrl && ctrl_map.control_library_name == control.control_library_name ] ] @@ -43,6 +43,7 @@ resource "ibm_scc_profile" "scc_profile_instance" { profile_description = var.profile_description profile_name = var.profile_name profile_type = "custom" + profile_version = var.profile_version dynamic "controls" { for_each = local.relevant_controls diff --git a/modules/profile/variables.tf b/modules/profile/variables.tf index c1677eb..1d9a135 100644 --- a/modules/profile/variables.tf +++ b/modules/profile/variables.tf @@ -9,19 +9,24 @@ variable "instance_id" { variable "profile_name" { type = string - description = "The profile name. Constraints: The maximum length is `64` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`." + description = "The name of the profile to be created." } variable "profile_description" { type = string - description = "The profile description. Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `/[A-Za-z0-9]+/`." + description = "The description of the profile to be created." +} + +variable "profile_version" { + type = string + description = "The version status of the profile." } variable "controls" { type = list(object({ control_library_name = optional(string) control_library_version = optional(string) - control_list = optional(list(string)) + control_name_list = optional(list(string)) })) default = [] description = "The list of control_library_ids that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items." @@ -37,5 +42,5 @@ variable "default_parameters" { parameter_type = optional(string) })) default = [] - description = "Each assessment must be assigned a value to evaluate your resources. To customize parameters for your profile, set a new default value. Constraints: The maximum length is `512` items. The minimum length is `0` items." + description = "Each assessment must be assigned a value to evaluate your resources. To customize parameters for your profile, set a new default value." } From 1e160ca382cb3f95c48febd4d6f1904f7b38dabb Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 18 Apr 2024 22:53:12 +0100 Subject: [PATCH 16/23] fix: address feedback --- examples/complete/main.tf | 5 +++++ examples/complete/outputs.tf | 10 ---------- modules/profile/README.md | 2 +- modules/profile/main.tf | 2 +- modules/profile/variables.tf | 7 ++++--- 5 files changed, 11 insertions(+), 15 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 6d1e9e7..8ede874 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -97,6 +97,11 @@ module "create_scc_profile" { "1.4", ] }, + { + control_library_name = "SOC 2", + control_library_version = "1.0.0" + add_all_controls = true + }, ] profile_name = "${var.prefix}-profile" profile_description = "scc-custom" diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index a28da12..677115c 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -58,11 +58,6 @@ output "profile_id" { value = module.create_scc_profile.profile_id } -output "scc_control_libraries" { - description = "The COS bucket created in this example" - value = module.create_scc_profile.scc_control_libraries -} - output "scc_profile_attachment_id" { description = "SCC profile attachment ID" value = module.create_profile_attachment.id @@ -72,8 +67,3 @@ output "wp_crn" { description = "CRN of created SCC WP instance." value = module.scc_wp.crn } - -output "controls_map" { - description = "maps" - value = module.create_scc_profile.controls_map -} diff --git a/modules/profile/README.md b/modules/profile/README.md index e2c3bb7..d8d5d3e 100644 --- a/modules/profile/README.md +++ b/modules/profile/README.md @@ -72,7 +72,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [controls](#input\_controls) | The list of control\_library\_ids that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items. | 
list(object({
    control_library_name    = optional(string)
    control_library_version = optional(string)
    control_name_list       = optional(list(string))
  }))
| `[]` | no | +| [controls](#input\_controls) | The list of control\_library\_ids that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items. | 
list(object({
    control_library_name    = string
    control_library_version = string
    control_name_list       = optional(list(string), ["all_rules"])
    add_all_controls        = optional(bool, false)
  }))
| `[]` | no | | [default\_parameters](#input\_default\_parameters) | Each assessment must be assigned a value to evaluate your resources. To customize parameters for your profile, set a new default value. | 
list(object({
    assessment_type         = optional(string)
    assessment_id           = optional(string)
    parameter_name          = optional(string)
    parameter_default_value = optional(string)
    parameter_display_name  = optional(string)
    parameter_type          = optional(string)
  }))
| `[]` | no | | [instance\_id](#input\_instance\_id) | The ID of the SCC instance in a particular region. | `string` | n/a | yes | | [profile\_description](#input\_profile\_description) | The description of the profile to be created. | `string` | n/a | yes | diff --git a/modules/profile/main.tf b/modules/profile/main.tf index ef03d81..dbd946e 100644 --- a/modules/profile/main.tf +++ b/modules/profile/main.tf @@ -32,7 +32,7 @@ locals { for ctrl_map in local.controls_map : [ for control in var.controls : [ for ctrl in control.control_name_list : - ctrl_map if ctrl_map.control_name == ctrl && ctrl_map.control_library_name == control.control_library_name + ctrl_map if(ctrl_map.control_name == ctrl && ctrl_map.control_library_name == control.control_library_name) || control.add_all_controls ] ] ]) diff --git a/modules/profile/variables.tf b/modules/profile/variables.tf index 1d9a135..4856105 100644 --- a/modules/profile/variables.tf +++ b/modules/profile/variables.tf @@ -24,9 +24,10 @@ variable "profile_version" { variable "controls" { type = list(object({ - control_library_name = optional(string) - control_library_version = optional(string) - control_name_list = optional(list(string)) + control_library_name = string + control_library_version = string + control_name_list = optional(list(string), ["all_rules"]) + add_all_controls = optional(bool, false) })) default = [] description = "The list of control_library_ids that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items." From 6b424a98fbbd9aee6e28d33f1680fda03b6899c7 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 18 Apr 2024 22:59:33 +0100 Subject: [PATCH 17/23] fix: address feedback --- modules/profile/README.md | 1 - modules/profile/main.tf | 11 +++++++---- modules/profile/outputs.tf | 5 ----- 3 files changed, 7 insertions(+), 10 deletions(-) diff --git a/modules/profile/README.md b/modules/profile/README.md index d8d5d3e..758652b 100644 --- a/modules/profile/README.md +++ b/modules/profile/README.md @@ -83,7 +83,6 @@ No modules. | Name | Description | |------|-------------| -| [controls\_map](#output\_controls\_map) | maps | | [profile\_id](#output\_profile\_id) | The id of the SCC profile created by this module | | [scc\_control\_libraries](#output\_scc\_control\_libraries) | The scc control libraries applied to the profile in this module | diff --git a/modules/profile/main.tf b/modules/profile/main.tf index dbd946e..b39a437 100644 --- a/modules/profile/main.tf +++ b/modules/profile/main.tf @@ -3,6 +3,7 @@ data "ibm_scc_control_libraries" "scc_control_libraries" { } locals { + # Get conrtol libraries id from their name and version specified in var.controls.control_library_name control_libraries = flatten([for control_library in data.ibm_scc_control_libraries.scc_control_libraries.control_libraries : [ for ctrl in var.controls : control_library if ctrl.control_library_name == control_library.control_library_name && ctrl.control_library_version == control_library.control_library_version @@ -17,7 +18,8 @@ data "ibm_scc_control_library" "scc_control_library" { } locals { - controls_map = flatten([ + # Map out all controls from relevant control libraries + all_controls_map = flatten([ for index, control_library in local.control_libraries : [ for control in data.ibm_scc_control_library.scc_control_library[index].controls : { control_library_id = control_library.id @@ -28,8 +30,9 @@ locals { ] ]) - relevant_controls = flatten([ - for ctrl_map in local.controls_map : [ + # Get chosen controls from var.controls.control_name_list in local.all_controls_map + relevant_controls_map = flatten([ + for ctrl_map in local.all_controls_map : [ for control in var.controls : [ for ctrl in control.control_name_list : ctrl_map if(ctrl_map.control_name == ctrl && ctrl_map.control_library_name == control.control_library_name) || control.add_all_controls @@ -46,7 +49,7 @@ resource "ibm_scc_profile" "scc_profile_instance" { profile_version = var.profile_version dynamic "controls" { - for_each = local.relevant_controls + for_each = local.relevant_controls_map content { control_library_id = controls.value.control_library_id control_id = controls.value.control_id diff --git a/modules/profile/outputs.tf b/modules/profile/outputs.tf index 73618a4..17c42a8 100644 --- a/modules/profile/outputs.tf +++ b/modules/profile/outputs.tf @@ -7,11 +7,6 @@ output "profile_id" { value = ibm_scc_profile.scc_profile_instance.profile_id } -output "controls_map" { - description = "maps" - value = local.relevant_controls -} - output "scc_control_libraries" { description = "The scc control libraries applied to the profile in this module" value = [ From ab934e5c2cc8148f7e35850a8dce9c9d831c409d Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 18 Apr 2024 23:09:56 +0100 Subject: [PATCH 18/23] fix: address feedback --- modules/profile/README.md | 9 +++++++-- modules/profile/variables.tf | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/modules/profile/README.md b/modules/profile/README.md index 758652b..ebc6b1e 100644 --- a/modules/profile/README.md +++ b/modules/profile/README.md @@ -34,6 +34,11 @@ module "create_scc_profile" { "1.4", ] }, + { + control_library_name = "SOC 2", + control_library_version = "1.0.0" + add_all_controls = true + }, ] profile_name = "scc-profile" profile_description = "scc-custom" @@ -46,7 +51,7 @@ You need the following permissions to run this module. - Account Management - Security and Compliance Center service - - `Administrator` platform access + - `Editor` platform access ### Requirements @@ -73,7 +78,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [controls](#input\_controls) | The list of control\_library\_ids that are used to create the profile. Constraints: The maximum length is `600` items. The minimum length is `0` items. | 
list(object({
    control_library_name    = string
    control_library_version = string
    control_name_list       = optional(list(string), ["all_rules"])
    add_all_controls        = optional(bool, false)
  }))
| `[]` | no | -| [default\_parameters](#input\_default\_parameters) | Each assessment must be assigned a value to evaluate your resources. To customize parameters for your profile, set a new default value. | 
list(object({
    assessment_type         = optional(string)
    assessment_id           = optional(string)
    parameter_name          = optional(string)
    parameter_default_value = optional(string)
    parameter_display_name  = optional(string)
    parameter_type          = optional(string)
  }))
| `[]` | no | +| [default\_parameters](#input\_default\_parameters) | Each assessment must be assigned a value to evaluate your resources. To customize parameters for your profile, set a new default value. This is optional and if no values are passed then the default values will be used. | 
list(object({
    assessment_type         = optional(string)
    assessment_id           = optional(string)
    parameter_name          = optional(string)
    parameter_default_value = optional(string)
    parameter_display_name  = optional(string)
    parameter_type          = optional(string)
  }))
| `[]` | no | | [instance\_id](#input\_instance\_id) | The ID of the SCC instance in a particular region. | `string` | n/a | yes | | [profile\_description](#input\_profile\_description) | The description of the profile to be created. | `string` | n/a | yes | | [profile\_name](#input\_profile\_name) | The name of the profile to be created. | `string` | n/a | yes | diff --git a/modules/profile/variables.tf b/modules/profile/variables.tf index 4856105..b04f63b 100644 --- a/modules/profile/variables.tf +++ b/modules/profile/variables.tf @@ -43,5 +43,5 @@ variable "default_parameters" { parameter_type = optional(string) })) default = [] - description = "Each assessment must be assigned a value to evaluate your resources. To customize parameters for your profile, set a new default value." + description = "Each assessment must be assigned a value to evaluate your resources. To customize parameters for your profile, set a new default value. This is optional and if no values are passed then the default values will be used." } From de24cf1e720fdcb9b6dec63be7c27b1271190530 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 18 Apr 2024 23:13:01 +0100 Subject: [PATCH 19/23] fix: address feedback --- examples/complete/main.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 8ede874..c8481ac 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -78,6 +78,7 @@ module "create_scc_profile" { source = "../../modules/profile/." instance_id = module.create_scc_instance.guid controls = [ + # Apply 3 controls from IBM Cloud Framework for Financial Services control library version 1.6.0 { control_library_name = "IBM Cloud Framework for Financial Services", control_library_version = "1.6.0" @@ -87,6 +88,7 @@ module "create_scc_profile" { "AC-1(a)", ] }, + # Apply 4 controls from CIS IBM Cloud Foundations Benchmark control library version 1.0.0 { control_library_name = "CIS IBM Cloud Foundations Benchmark", control_library_version = "1.0.0" @@ -97,6 +99,7 @@ module "create_scc_profile" { "1.4", ] }, + # Apply all controls from SOC 2 control library version 1.0.0 { control_library_name = "SOC 2", control_library_version = "1.0.0" From e00ada3b6f71620ce2d26febecdd595f7d0490ed Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 18 Apr 2024 23:17:26 +0100 Subject: [PATCH 20/23] fix: address feedback --- modules/profile/README.md | 3 +++ modules/profile/main.tf | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/profile/README.md b/modules/profile/README.md index ebc6b1e..c7c32b3 100644 --- a/modules/profile/README.md +++ b/modules/profile/README.md @@ -15,6 +15,7 @@ module "create_scc_profile" { source = "terraform-ibm-modules/scc/ibm//modules/profile" instance_id = "00000000-1111-2222-3333-444444444444" controls = [ + # Apply 3 controls from IBM Cloud Framework for Financial Services control library version 1.6.0 { control_library_name = "IBM Cloud Framework for Financial Services", control_library_version = "1.6.0" @@ -24,6 +25,7 @@ module "create_scc_profile" { "AC-1(a)", ] }, + # Apply 4 controls from CIS IBM Cloud Foundations Benchmark control library version 1.0.0 { control_library_name = "CIS IBM Cloud Foundations Benchmark", control_library_version = "1.0.0" @@ -34,6 +36,7 @@ module "create_scc_profile" { "1.4", ] }, + # Apply all controls from SOC 2 control library version 1.0.0 { control_library_name = "SOC 2", control_library_version = "1.0.0" diff --git a/modules/profile/main.tf b/modules/profile/main.tf index b39a437..2351dfc 100644 --- a/modules/profile/main.tf +++ b/modules/profile/main.tf @@ -3,7 +3,7 @@ data "ibm_scc_control_libraries" "scc_control_libraries" { } locals { - # Get conrtol libraries id from their name and version specified in var.controls.control_library_name + # Get control libraries id from their name and version specified in var.controls.control_library_name control_libraries = flatten([for control_library in data.ibm_scc_control_libraries.scc_control_libraries.control_libraries : [ for ctrl in var.controls : control_library if ctrl.control_library_name == control_library.control_library_name && ctrl.control_library_version == control_library.control_library_version From 54a73604e99bc7be8fce05bfca2e18385cec9c43 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 23 May 2024 14:12:04 +0100 Subject: [PATCH 21/23] fix: update versions --- README.md | 2 +- common-dev-assets | 2 +- examples/basic/version.tf | 2 +- examples/complete/main.tf | 4 ++-- examples/complete/version.tf | 2 +- modules/attachment/README.md | 2 +- modules/attachment/version.tf | 2 +- modules/profile/README.md | 2 +- modules/profile/version.tf | 2 +- version.tf | 2 +- 10 files changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 7317589..64ef0f0 100644 --- a/README.md +++ b/README.md @@ -64,7 +64,7 @@ You need the following permissions to run this module. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0, <1.7.0 | -| [ibm](#requirement\_ibm) | >=1.64.1, <2.0.0 | +| [ibm](#requirement\_ibm) | >=1.65.1, <2.0.0 | | [time](#requirement\_time) | >= 0.9.1, <1.0.0 | ### Modules diff --git a/common-dev-assets b/common-dev-assets index d6af6b1..22a87c0 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit d6af6b18b38ca0ec7d039fe8c295d475f3574351 +Subproject commit 22a87c013571edfc07b2e6f412361a9aea627cec diff --git a/examples/basic/version.tf b/examples/basic/version.tf index 819124c..5032f5f 100644 --- a/examples/basic/version.tf +++ b/examples/basic/version.tf @@ -6,7 +6,7 @@ terraform { required_providers { ibm = { source = "IBM-Cloud/ibm" - version = "1.64.1" + version = "1.65.1" } } } diff --git a/examples/complete/main.tf b/examples/complete/main.tf index fcb98f0..68e92a4 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -20,7 +20,7 @@ module "cos" { kms_encryption_enabled = false retention_enabled = false resource_group_id = module.resource_group.resource_group_id - bucket_name = "${var.prefix}-cb" + bucket_name = "${var.prefix}-cb1" } ############################################################################## @@ -108,7 +108,7 @@ module "create_scc_profile" { ] profile_name = "${var.prefix}-profile" profile_description = "scc-custom" - profile_version = "1.0.0" + profile_version = "1.2.1" } ############################################################################## diff --git a/examples/complete/version.tf b/examples/complete/version.tf index 8ef10b8..0000310 100644 --- a/examples/complete/version.tf +++ b/examples/complete/version.tf @@ -6,7 +6,7 @@ terraform { required_providers { ibm = { source = "IBM-Cloud/ibm" - version = ">= 1.64.1" + version = ">= 1.65.1" } } } diff --git a/modules/attachment/README.md b/modules/attachment/README.md index abdd40e..70ea782 100644 --- a/modules/attachment/README.md +++ b/modules/attachment/README.md @@ -38,7 +38,7 @@ module "create_scc_profile_attachment " { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0, <1.7.0 | -| [ibm](#requirement\_ibm) | >=1.64.1, <2.0.0 | +| [ibm](#requirement\_ibm) | >=1.65.1, <2.0.0 | ### Modules diff --git a/modules/attachment/version.tf b/modules/attachment/version.tf index 91423ad..b5bcd01 100644 --- a/modules/attachment/version.tf +++ b/modules/attachment/version.tf @@ -4,7 +4,7 @@ terraform { required_providers { ibm = { source = "IBM-Cloud/ibm" - version = ">=1.64.1, <2.0.0" + version = ">=1.65.1, <2.0.0" } } } diff --git a/modules/profile/README.md b/modules/profile/README.md index c7c32b3..0e921a9 100644 --- a/modules/profile/README.md +++ b/modules/profile/README.md @@ -62,7 +62,7 @@ You need the following permissions to run this module. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0, <1.7.0 | -| [ibm](#requirement\_ibm) | >= 1.64.1, <2.0.0 | +| [ibm](#requirement\_ibm) | >= 1.65.1, <2.0.0 | ### Modules diff --git a/modules/profile/version.tf b/modules/profile/version.tf index a618493..ed30e5b 100644 --- a/modules/profile/version.tf +++ b/modules/profile/version.tf @@ -4,7 +4,7 @@ terraform { required_providers { ibm = { source = "IBM-Cloud/ibm" - version = ">= 1.64.1, <2.0.0" + version = ">= 1.65.1, <2.0.0" } } } diff --git a/version.tf b/version.tf index 44509ca..7dc4d48 100644 --- a/version.tf +++ b/version.tf @@ -6,7 +6,7 @@ terraform { required_providers { ibm = { source = "IBM-Cloud/ibm" - version = ">=1.64.1, <2.0.0" + version = ">=1.65.1, <2.0.0" } time = { From 9e88845ab48d55547a22a5d1006133c2c577e964 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 23 May 2024 14:13:33 +0100 Subject: [PATCH 22/23] fix: update versions --- examples/complete/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 68e92a4..fcb98f0 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -20,7 +20,7 @@ module "cos" { kms_encryption_enabled = false retention_enabled = false resource_group_id = module.resource_group.resource_group_id - bucket_name = "${var.prefix}-cb1" + bucket_name = "${var.prefix}-cb" } ############################################################################## @@ -108,7 +108,7 @@ module "create_scc_profile" { ] profile_name = "${var.prefix}-profile" profile_description = "scc-custom" - profile_version = "1.2.1" + profile_version = "1.0.0" } ############################################################################## From f73890ac89797d2e0d7ee9c163e2aac445ea971d Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Tue, 4 Jun 2024 23:35:27 +0100 Subject: [PATCH 23/23] fix: merge conflicts --- common-dev-assets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-dev-assets b/common-dev-assets index 7930ea5..4fac9bd 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 7930ea5ccc853a0fbab8b29cdaae590ec66b5366 +Subproject commit 4fac9bd04c7d0ac9bd4464836f97d004f475651d