diff --git a/ibm_catalog.json b/ibm_catalog.json index 1a6c58d..d1e5d54 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -103,6 +103,24 @@ { "key": "ibmcloud_api_key" }, + { + "key": "provider_visibility", + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ], + "hidden": true + }, { "key": "existing_secrets_manager_crn", "required": true @@ -111,6 +129,73 @@ "key": "prefix", "required": true }, + { + "key": "secrets_manager_region", + "required": true, + "virtual": true, + "default_value": "us-south", + "description": "The region to provision a new Secrets Manager instance in.", + "options": [ + { + "displayname": "Osaka (jp-osa)", + "value": "jp-osa" + }, + { + "displayname": "Sydney (au-syd)", + "value": "au-syd" + }, + { + "displayname": "Tokyo (jp-tok)", + "value": "jp-tok" + }, + { + "displayname": "Frankfurt (eu-de)", + "value": "eu-de" + }, + { + "displayname": "London (eu-gb)", + "value": "eu-gb" + }, + { + "displayname": "Madrid (eu-es)", + "value": "eu-es" + }, + { + "displayname": "Dallas (us-south)", + "value": "us-south" + }, + { + "displayname": "Toronto (ca-tor)", + "value": "ca-tor" + }, + { + "displayname": "Washington DC (us-east)", + "value": "us-east" + }, + { + "displayname": "Sao Paulo (br-sao)", + "value": "br-sao" + } + ] + }, + { + "key": "secrets_manager_service_plan", + "required": true, + "virtual": true, + "type": "string", + "options": [ + { + "displayname": "Standard", + "value": "standard" + }, + { + "displayname": "Trial", + "value": "trial" + } + ], + "default_value": "__NOT_SET__", + "description": "The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`. You can create only one Trial instance of Secrets Manager per account. Before you can create a new Trial instance, you must delete the existing Trial instance and its reclamation. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-create-instance&interface=ui#upgrade-instance-standard)." + }, { "key": "ibmcloud_cis_api_key" }, @@ -143,10 +228,11 @@ ] }, { - "key": "acme_letsencrypt_private_key" + "key": "acme_letsencrypt_private_key", + "required": true }, { - "key":"private_key_secrets_manager_secret_crn" + "key":"acme_letsencrypt_private_key_secrets_manager_secret_crn" }, { "key":"skip_iam_authorization_policy" @@ -155,16 +241,31 @@ "dependencies": [ { "name": "deploy-arch-ibm-secrets-manager", - "description":"Configures Secrets Manager instance for the public certificates engine to be provisioned in.", + "description": "Create a new Secrets Manager instance.", "id": "6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global", - "version": "v2.6.1", + "version": "v2.6.3", "flavors": [ - "fully-configurable" + "fully-configurable" ], "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", "optional": true, "on_by_default": true, "input_mapping": [ + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "region", + "version_input": "secrets_manager_region", + "reference_version": true + }, + { + "dependency_input": "service_plan", + "version_input": "secrets_manager_service_plan", + "reference_version": true + }, { "dependency_output": "secrets_manager_crn", "version_input": "existing_secrets_manager_crn" @@ -172,7 +273,8 @@ ] } ], - "dependency_version_2": true + "dependency_version_2": true, + "terraform_version": "1.10.5" } ] } diff --git a/solutions/fully-configurable/catalogValidationValues.json.template b/solutions/fully-configurable/catalogValidationValues.json.template index b5e2fa0..284a43b 100644 --- a/solutions/fully-configurable/catalogValidationValues.json.template +++ b/solutions/fully-configurable/catalogValidationValues.json.template @@ -2,6 +2,6 @@ "ibmcloud_api_key": $VALIDATION_APIKEY, "existing_secrets_manager_crn": $SM_CRN, "prefix": $PREFIX, - "private_key_secrets_manager_secret_crn": $ACME_LETSENCRYPT_PRIVATE_KEY_SECRET_CRN, - "internet_services_crn": $CIS_INSTANCE_ID + "acme_letsencrypt_private_key": $ACME_KEY, + "internet_services_crn": $CIS_ID } diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index b80122b..744dd98 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -15,7 +15,7 @@ module "secrets_manager_crn_parser" { module "secret_crn_parser" { source = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser" version = "1.1.0" - crn = var.private_key_secrets_manager_secret_crn + crn = var.acme_letsencrypt_private_key_secrets_manager_secret_crn } locals { @@ -38,7 +38,7 @@ module "secrets_manager_public_cert_engine" { internet_services_crn = var.internet_services_crn cis_account_id = var.internet_services_account_id internet_service_domain_id = var.internet_service_domain_id - dns_config_name = "${local.prefix}${var.dns_config_name}" + dns_config_name = var.dns_config_name ca_config_name = "${local.prefix}${var.ca_config_name}" lets_encrypt_environment = var.lets_encrypt_environment acme_letsencrypt_private_key = var.acme_letsencrypt_private_key diff --git a/solutions/fully-configurable/provider.tf b/solutions/fully-configurable/provider.tf index 75c03c3..0a287e9 100644 --- a/solutions/fully-configurable/provider.tf +++ b/solutions/fully-configurable/provider.tf @@ -1,10 +1,12 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = local.existing_secrets_manager_region + visibility = var.provider_visibility } provider "ibm" { alias = "secret-store" ibmcloud_api_key = var.ibmcloud_api_key region = local.existing_secrets_manager_region + visibility = var.provider_visibility } diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 0443e35..4183792 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -4,6 +4,17 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "provider_visibility" { + description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." + type = string + default = "private" + + validation { + condition = contains(["public", "private", "public-and-private"], var.provider_visibility) + error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'." + } +} + variable "existing_secrets_manager_crn" { type = string description = "CRN of an existing secrets manager instance to create the secret engine in." @@ -12,7 +23,7 @@ variable "existing_secrets_manager_crn" { variable "prefix" { type = string nullable = true - description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-0205-cos. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)." + description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-us-south. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)." validation { # - null and empty string is allowed @@ -46,7 +57,7 @@ variable "ibmcloud_cis_api_key" { variable "internet_services_crn" { type = string - description = "The CRN of the Internet Service instance to authorize Secrets Manager against. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secrets-manager-cli#secrets-manager-configurations-cli)." + description = "The CRN of the Internet Service instance to authorize Secrets Manager against. For creating a public certificate, if using Cloud Internet Service for DNS then `internet_service_crn` is a required input. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secrets-manager-cli#secrets-manager-configurations-cli)." default = null } @@ -64,8 +75,13 @@ variable "internet_service_domain_id" { variable "dns_config_name" { type = string - description = "Name of the DNS config for the public_cert secrets engine. If a prefix input variable is specified, it is added to the value in the `-value` format. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secrets-manager-cli#secrets-manager-configurations-cli)." - default = "certificate-dns" + description = "Name of the DNS config for the public_cert secrets engine. If passing a value for `dns_config_name` a value for `internet_services_crn` is required. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secrets-manager-cli#secrets-manager-configurations-cli)." + default = null + + validation { + condition = var.dns_config_name != null ? var.internet_services_crn != null : true + error_message = "A value for 'internet_services_crn' must be passed to create a DNS config for public certificate secrets engine." + } } variable "ca_config_name" { @@ -87,9 +103,9 @@ variable "lets_encrypt_environment" { variable "acme_letsencrypt_private_key" { type = string - description = "The private key generated by the ACME account creation tool. Required if private_key_secrets_manager_secret_crn is not set. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secrets-manager-cli#secrets-manager-configurations-cli)." - default = null + description = "The private key generated by the ACME account creation tool. Alternatively `acme_letsencrypt_private_key_secrets_manager_secret_crn` can be provided. Required if acme_letsencrypt_private_key_secrets_manager_secret_crn is not set. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secrets-manager-cli#secrets-manager-configurations-cli)." sensitive = true + default = null } variable "skip_iam_authorization_policy" { @@ -98,16 +114,16 @@ variable "skip_iam_authorization_policy" { default = false } -variable "private_key_secrets_manager_secret_crn" { +variable "acme_letsencrypt_private_key_secrets_manager_secret_crn" { type = string description = "The secret CRN of your ACME private key. Required if acme_letsencrypt_private_key is not set. If both are set, this value will be used as the private key." default = null validation { condition = ( - var.private_key_secrets_manager_secret_crn != null || + var.acme_letsencrypt_private_key_secrets_manager_secret_crn != null || var.acme_letsencrypt_private_key != null ) - error_message = "If `acme_letsencrypt_private_key` is not set, you must provide a value for `private_key_secrets_manager_secret_crn`." + error_message = "If `acme_letsencrypt_private_key` is not set, you must provide a value for `acme_letsencrypt_private_key_secrets_manager_secret_crn`." } } diff --git a/tests/pr_test.go b/tests/pr_test.go index 82f8abb..94d04be 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -99,24 +99,12 @@ func TestRunIAMExample(t *testing.T) { assert.NotNil(t, output, "Expected some output") } -func TestRunUpgradeExample(t *testing.T) { - t.Parallel() - - options := setupOptions(t, "sm-pub-cert-eng-upg", IAMExampleTerraformDir) - - output, err := options.RunTestUpgrade() - if !options.UpgradeTestSkipped { - assert.Nil(t, err, "This should not have errored") - assert.NotNil(t, output, "Expected some output") - } -} - func TestRunSolutionsFullyConfigurableSchematics(t *testing.T) { t.Parallel() options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ Testing: t, - Prefix: "sm-pbce", + Prefix: "sm-pb", TarIncludePatterns: []string{ "*.tf", fullyConfigurableDir + "/*.tf", @@ -132,8 +120,7 @@ func TestRunSolutionsFullyConfigurableSchematics(t *testing.T) { {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, {Name: "prefix", Value: options.Prefix, DataType: "string"}, {Name: "existing_secrets_manager_crn", Value: permanentResources["secretsManagerCRN"], DataType: "string"}, - {Name: "private_key_secrets_manager_secret_crn", Value: permanentResources["acme_letsencrypt_private_key_secret_crn"], DataType: "string"}, - {Name: "internet_services_crn", Value: permanentResources["cisInstanceId"], DataType: "string"}, + {Name: "acme_letsencrypt_private_key_secrets_manager_secret_crn", Value: permanentResources["acme_letsencrypt_private_key_secret_crn"], DataType: "string"}, {Name: "skip_iam_authorization_policy", Value: true, DataType: "bool"}, // A permanent cis-sm auth policy already exists in the account } @@ -146,7 +133,7 @@ func TestRunSolutionsFullyConfigurableUpgradeSchematics(t *testing.T) { options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ Testing: t, - Prefix: "sm-pbce-up", + Prefix: "sm-pb-up", TarIncludePatterns: []string{ "*.tf", fullyConfigurableDir + "/*.tf", @@ -162,7 +149,8 @@ func TestRunSolutionsFullyConfigurableUpgradeSchematics(t *testing.T) { {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, {Name: "prefix", Value: options.Prefix, DataType: "string"}, {Name: "existing_secrets_manager_crn", Value: permanentResources["secretsManagerCRN"], DataType: "string"}, - {Name: "private_key_secrets_manager_secret_crn", Value: permanentResources["acme_letsencrypt_private_key_secret_crn"], DataType: "string"}, + {Name: "acme_letsencrypt_private_key_secrets_manager_secret_crn", Value: permanentResources["acme_letsencrypt_private_key_secret_crn"], DataType: "string"}, + {Name: "dns_config_name", Value: "cert-dns", DataType: "string"}, {Name: "internet_services_crn", Value: permanentResources["cisInstanceId"], DataType: "string"}, {Name: "skip_iam_authorization_policy", Value: true, DataType: "bool"}, // A permanent cis-sm auth policy already exists in the account }