Skip to content

Commit 6f6cf4e

Browse files
aatreyee257aatreyee257
authored
feat: added DA for IBM Cloud catalog (#322)
1 parent 8f9202f commit 6f6cf4e

File tree

14 files changed

+804
-49
lines changed

14 files changed

+804
-49
lines changed

.catalog-onboard-pipeline.yaml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
---
2+
apiVersion: v1
3+
offerings:
4+
- name: deploy-arch-secrets-manager-private-cert
5+
kind: solution
6+
catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd
7+
offering_id: 422283a7-9cb2-4149-8093-a36a799e1d27
8+
variations:
9+
- name: fully-configurable
10+
mark_ready: true
11+
install_type: fullstack
12+
scc:
13+
instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
14+
region: us-south

.releaserc

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,9 @@
1010
}],
1111
["@semantic-release/exec", {
1212
"successCmd": "echo \"SEMVER_VERSION=${nextRelease.version}\" >> $GITHUB_ENV"
13+
}],
14+
["@semantic-release/exec",{
15+
"publishCmd": "./ci/trigger-catalog-onboarding-pipeline.sh --version=v${nextRelease.version}"
1316
}]
1417
]
1518
}

ibm_catalog.json

Lines changed: 302 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,302 @@
1+
{
2+
"products": [
3+
{
4+
"name": "deploy-arch-secrets-manager-private-cert",
5+
"label": "Cloud automation for Secrets Manager private certificate",
6+
"product_kind": "solution",
7+
"tags": [
8+
"ibm_created",
9+
"target_terraform",
10+
"terraform",
11+
"solution",
12+
"security"
13+
],
14+
"keywords": [
15+
"Private certificate",
16+
"Secrets Manager",
17+
"IaC",
18+
"infrastructure as code",
19+
"terraform",
20+
"solution"
21+
],
22+
"short_description": "Creates and configures a Secrets Manager private certificate.",
23+
"long_description" : "This deployable architecture is used to create a private certificate within an existing instance of IBM Cloud Secrets Manager. The existing Secrets Manager instance must be configured with a Private Certificate Engine, which is necessary for managing and issuing private certificates. This solution simplifies the process of provisioning certificates by automating the necessary infrastructure steps, ensuring secure and consistent certificate creation aligned with your organization's security policies.",
24+
"offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager-private-cert/blob/main/README.md",
25+
"offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-secrets-manager-private-cert/main/images/secrets_manager_private_cert.svg",
26+
"provider_name": "IBM",
27+
"features": [
28+
{
29+
"title": "Certificate Template",
30+
"description": "Creates and manages certificate templates to define the parameters to apply to the private certificates."
31+
},
32+
{
33+
"title": "Certificate Signing Request",
34+
"description": "Facilitates the creation of a certificate within IBM Secrets Manager."
35+
},
36+
{
37+
"title": "Certificate Rotation",
38+
"description": "Defines the rotation policy for the certificate, including whether auto-rotation is enabled and the interval at which the certificate should be rotated."
39+
},
40+
{
41+
"title": "Secrets Manager integration",
42+
"description": "This solution provides an optional capability to integrate with [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) to automatically provision a Secrets Manager instance if one does not already exist."
43+
}
44+
],
45+
"support_details": "This product is in the community registry. As such support is handled through the originated repo. If you experience issues please open an issue in that repository [here](https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager-private-cert/issues). Please note this product is not supported via the IBM Cloud Support Center.",
46+
"flavors": [
47+
{
48+
"label": "Fully configurable",
49+
"name": "fully-configurable",
50+
"install_type": "fullstack",
51+
"working_directory": "solutions/fully-configurable",
52+
"architecture": {
53+
"features": [
54+
{
55+
"title": " ",
56+
"description": "Configured to use IBM secure by default standards, but can be edited to fit your use case."
57+
}
58+
],
59+
"diagrams": [
60+
{
61+
"diagram": {
62+
"caption": "Secrets Manager Private Certificate",
63+
"url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-secrets-manager-private-cert/main/reference-architecture/secrets_manager_private_cert.svg",
64+
"type": "image/svg+xml"
65+
},
66+
"description": "This deployable architecture automates the creation of a private certificate in an IBM Cloud Secrets Manager instance, making it easier for users to securely manage certificates without manual effort. By integrating seamlessly with IBM Cloud Secrets Manager, this solution ensures that certificates are generated, stored, and maintained in a centralized and secure environment, aligned with enterprise security and compliance needs.<br> <br>Certificate Rotation Support:<br>You can optionally define a rotation policy by setting auto-rotation, rotation intervals, and units (days, months, etc.). This allows the certificate to be automatically rotated according to your security compliance requirements.<br><br>Secrets Manager Integration:<br>This solution also supports integration with [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) instance automatically if one is not already available, enhancing provisioning flexibility in new environments.<br><br>Flexible Certificate Configuration:<br>Users can define all critical certificate attributes such as the certificate name, certificate common name, certificate alternate names , certificate signing request (CSR), certificate labels, certificate custom metadata, and certificate ttl.<br><br>Once deployed, users receive all relevant outputs based on their chosen return format, enabling easy integration of the certificate into their applications or infrastructure. This architecture is ideal for teams looking to simplify certificate management, improve operational efficiency, and maintain high security standards across their cloud workloads."
67+
}
68+
]
69+
},
70+
"configuration": [
71+
{
72+
"key": "ibmcloud_api_key"
73+
},
74+
{
75+
"key": "existing_secrets_manager_crn",
76+
"required": true
77+
},
78+
{
79+
"key": "prefix",
80+
"required": true
81+
},
82+
{
83+
"key": "service_endpoints",
84+
"options": [
85+
{
86+
"displayname": "private",
87+
"value": "private"
88+
},
89+
{
90+
"displayname": "public",
91+
"value": "public"
92+
}
93+
]
94+
},
95+
{
96+
"key": "cert_name",
97+
"required": true
98+
},
99+
{
100+
"key": "cert_description"
101+
},
102+
{
103+
"key": "cert_secrets_group_id"
104+
},
105+
{
106+
"key": "cert_template",
107+
"required":true
108+
},
109+
{
110+
"key": "cert_csr"
111+
},
112+
{
113+
"key": "cert_common_name",
114+
"required":true
115+
},
116+
{
117+
"key": "cert_alt_names"
118+
},
119+
{
120+
"key": "cert_custom_metadata"
121+
},
122+
{
123+
"key": "cert_version_custom_metadata"
124+
},
125+
{
126+
"key": "cert_labels"
127+
},
128+
{
129+
"key": "return_format",
130+
"options": [
131+
{
132+
"displayname": "pem",
133+
"value": "pem"
134+
},
135+
{
136+
"displayname": "pem_bundle",
137+
"value": "pem_bundle"
138+
}
139+
]
140+
},
141+
{
142+
"key": "private_key_format",
143+
"options": [
144+
{
145+
"displayname": "der",
146+
"value": "der"
147+
},
148+
{
149+
"displayname": "pkcs8",
150+
"value": "pkcs8"
151+
}
152+
]
153+
},
154+
{
155+
"key": "cert_rotation"
156+
},
157+
{
158+
"key": "cert_ip_sans"
159+
},
160+
{
161+
"key": "cert_uri_sans"
162+
},
163+
{
164+
"key": "exclude_cn_from_sans",
165+
"options": [
166+
{
167+
"displayname": "true",
168+
"value": "true"
169+
},
170+
{
171+
"displayname": "false",
172+
"value": "false"
173+
}
174+
]
175+
},
176+
{
177+
"key": "cert_ttl"
178+
},
179+
{
180+
"key": "cert_other_sans"
181+
},
182+
{
183+
"key": "provider_visibility",
184+
"hidden": true,
185+
"options": [
186+
{
187+
"displayname": "private",
188+
"value": "private"
189+
},
190+
{
191+
"displayname": "public",
192+
"value": "public"
193+
},
194+
{
195+
"displayname": "public-and-private",
196+
"value": "public-and-private"
197+
}
198+
]
199+
}
200+
],
201+
"iam_permissions": [
202+
{
203+
"role_crns": [
204+
"crn:v1:bluemix:public:iam::::role:Editor"
205+
],
206+
"service_name": "iam-access-groups",
207+
"notes": "[optional] Required for managing IAM access groups."
208+
},
209+
{
210+
"role_crns": [
211+
"crn:v1:bluemix:public:iam::::serviceRole:Administrator",
212+
"crn:v1:bluemix:public:iam::::serviceRole:Manager"
213+
],
214+
"service_name": "secrets-manager",
215+
"notes": "[optional] Required for creating an Secrets Manager instance."
216+
},
217+
{
218+
"role_crns": [
219+
"crn:v1:bluemix:public:iam::::role:Operator",
220+
"crn:v1:bluemix:public:iam::::role:Administrator"
221+
],
222+
"service_name": "iam-identity",
223+
"notes":"[Optional] Required for Cloud automation for account configuration is enabled."
224+
},
225+
{
226+
"role_crns": [
227+
"crn:v1:bluemix:public:iam::::role:Viewer"
228+
],
229+
"service_name": "resource-group",
230+
"notes":"Viewer access is required in the resource group you want to provision in."
231+
},
232+
{
233+
"role_crns": [
234+
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
235+
"crn:v1:bluemix:public:iam::::role:Editor"
236+
],
237+
"service_name": "event-notifications",
238+
"notes": "[Optional] Required if you are configuring an Event Notifications Instance."
239+
},
240+
{
241+
"role_crns": [
242+
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
243+
"crn:v1:bluemix:public:iam::::role:Editor"
244+
],
245+
"service_name": "sysdig-monitor",
246+
"notes": "[Optional] Required if you are consuming the Observability deployable architecture which sets up Cloud Monitoring."
247+
},
248+
{
249+
"role_crns": [
250+
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
251+
"crn:v1:bluemix:public:iam::::role:Editor"
252+
],
253+
"service_name": "logs",
254+
"notes": "[Optional] Required if you are consuming the Observability deployable architecture which sets up Cloud Logs."
255+
},
256+
{
257+
"role_crns": [
258+
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
259+
"crn:v1:bluemix:public:iam::::role:Editor"
260+
],
261+
"service_name": "hs-crypto",
262+
"notes": "[Optional] Required if you are creating/configuring keys in an existing Hyper Protect Crypto Services (HPCS) instance for encryption."
263+
},
264+
{
265+
"role_crns": [
266+
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
267+
"crn:v1:bluemix:public:iam::::role:Editor"
268+
],
269+
"service_name": "kms",
270+
"notes": "[Optional] Required if you are creating/configuring Key Protect instance and keys for encryption."
271+
}
272+
],
273+
"dependencies": [
274+
{
275+
"name": "deploy-arch-ibm-secrets-manager",
276+
"id": "6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global",
277+
"version": "v2.4.0",
278+
"flavors": ["fully-configurable"],
279+
"catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
280+
"optional": true,
281+
"on_by_default": true,
282+
"ignore_auto_referencing": ["*"],
283+
"input_mapping": [
284+
{
285+
"dependency_output": "secrets_manager_crn",
286+
"version_input": "existing_secrets_manager_crn"
287+
},
288+
{
289+
"dependency_input": "prefix",
290+
"version_input": "prefix",
291+
"reference_version": true
292+
}
293+
]
294+
}
295+
],
296+
"dependency_version_2": true,
297+
"terraform_version": "1.10.5"
298+
}
299+
]
300+
}
301+
]
302+
}

0 commit comments

Comments
 (0)