fix: catalog onboarding failure

ibm_catalog.json

@@ -103,6 +103,24 @@
               {
                 "key": "ibmcloud_api_key"
               },
+              {
+                "key": "provider_visibility",
+                "options": [
+                  {
+                    "displayname": "private",
+                    "value": "private"
+                  },
+                  {
+                    "displayname": "public",
+                    "value": "public"
+                  },
+                  {
+                    "displayname": "public-and-private",
+                    "value": "public-and-private"
+                  }
+                ],
+                "hidden": true
+              },
               {
                 "key": "existing_secrets_manager_crn",
                 "required": true
@@ -111,6 +129,73 @@
                 "key": "prefix",
                 "required": true
               },
+              {
+                "key": "secrets_manager_region",
+                "required": true,
+                "virtual": true,
+                "default_value": "us-south",
+                "description": "The region to provision a new Secrets Manager instance in.",
+                "options": [
+                  {
+                    "displayname": "Osaka (jp-osa)",
+                    "value": "jp-osa"
+                  },
+                  {
+                    "displayname": "Sydney (au-syd)",
+                    "value": "au-syd"
+                  },
+                  {
+                    "displayname": "Tokyo (jp-tok)",
+                    "value": "jp-tok"
+                  },
+                  {
+                    "displayname": "Frankfurt (eu-de)",
+                    "value": "eu-de"
+                  },
+                  {
+                    "displayname": "London (eu-gb)",
+                    "value": "eu-gb"
+                  },
+                  {
+                    "displayname": "Madrid (eu-es)",
+                    "value": "eu-es"
+                  },
+                  {
+                    "displayname": "Dallas (us-south)",
+                    "value": "us-south"
+                  },
+                  {
+                    "displayname": "Toronto (ca-tor)",
+                    "value": "ca-tor"
+                  },
+                  {
+                    "displayname": "Washington DC (us-east)",
+                    "value": "us-east"
+                  },
+                  {
+                    "displayname": "Sao Paulo (br-sao)",
+                    "value": "br-sao"
+                  }
+                ]
+              },
+              {
+                "key": "secrets_manager_service_plan",
+                "required": true,
+                "virtual": true,
+                "type": "string",
+                "options": [
+                  {
+                    "displayname": "Standard",
+                    "value": "standard"
+                  },
+                  {
+                    "displayname": "Trial",
+                    "value": "trial"
+                  }
+                ],
+                "default_value": "__NOT_SET__",
+                "description": "The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`. You can create only one Trial instance of Secrets Manager per account. Before you can create a new Trial instance, you must delete the existing Trial instance and its reclamation. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-create-instance&interface=ui#upgrade-instance-standard)."
+              },
               {
                 "key": "ibmcloud_cis_api_key"
               },
@@ -143,10 +228,11 @@
                 ]
               },
               {
-                "key": "acme_letsencrypt_private_key"
+                "key": "acme_letsencrypt_private_key",
+                "required": true
               },
               {
-                "key":"private_key_secrets_manager_secret_crn"
+                "key":"acme_letsencrypt_private_key_secrets_manager_secret_crn"
               },
               {
                 "key":"skip_iam_authorization_policy"
@@ -155,24 +241,40 @@
             "dependencies": [
               {
                 "name": "deploy-arch-ibm-secrets-manager",
-                "description":"Configures Secrets Manager instance for the public certificates engine to be provisioned in.",
+                "description": "Create a new Secrets Manager instance.",
                 "id": "6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global",
-                "version": "v2.6.1",
+                "version": "v2.6.3",
                 "flavors": [
-                "fully-configurable"
+                  "fully-configurable"
                 ],
                 "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
                 "optional": true,
                 "on_by_default": true,
                 "input_mapping": [
+                  {
+                    "dependency_input": "prefix",
+                    "version_input": "prefix",
+                    "reference_version": true
+                  },
+                  {
+                    "dependency_input": "region",
+                    "version_input": "secrets_manager_region",
+                    "reference_version": true
+                  },
+                  {
+                    "dependency_input": "service_plan",
+                    "version_input": "secrets_manager_service_plan",
+                    "reference_version": true
+                  },
                   {
                     "dependency_output": "secrets_manager_crn",
                     "version_input": "existing_secrets_manager_crn"
                   }
                 ]
               }
             ],
-            "dependency_version_2": true
+            "dependency_version_2": true,
+            "terraform_version": "1.10.5"
           }
         ]
       }

solutions/fully-configurable/catalogValidationValues.json.template

@@ -2,6 +2,6 @@
   "ibmcloud_api_key": $VALIDATION_APIKEY,
   "existing_secrets_manager_crn": $SM_CRN,
   "prefix": $PREFIX,
-  "private_key_secrets_manager_secret_crn": $ACME_LETSENCRYPT_PRIVATE_KEY_SECRET_CRN,
-  "internet_services_crn": $CIS_INSTANCE_ID
+  "acme_letsencrypt_private_key": $ACME_KEY,
+  "internet_services_crn": $CIS_ID
 }

solutions/fully-configurable/main.tf

@@ -15,7 +15,7 @@ module "secrets_manager_crn_parser" {
 module "secret_crn_parser" {
   source  = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser"
   version = "1.1.0"
-  crn     = var.private_key_secrets_manager_secret_crn
+  crn     = var.acme_letsencrypt_private_key_secrets_manager_secret_crn
 }
 
 locals {
@@ -38,7 +38,7 @@ module "secrets_manager_public_cert_engine" {
   internet_services_crn                     = var.internet_services_crn
   cis_account_id                            = var.internet_services_account_id
   internet_service_domain_id                = var.internet_service_domain_id
-  dns_config_name                           = "${local.prefix}${var.dns_config_name}"
+  dns_config_name                           = var.dns_config_name
   ca_config_name                            = "${local.prefix}${var.ca_config_name}"
   lets_encrypt_environment                  = var.lets_encrypt_environment
   acme_letsencrypt_private_key              = var.acme_letsencrypt_private_key

solutions/fully-configurable/provider.tf

@@ -1,10 +1,12 @@
 provider "ibm" {
   ibmcloud_api_key = var.ibmcloud_api_key
   region           = local.existing_secrets_manager_region
+  visibility       = var.provider_visibility
 }
 
 provider "ibm" {
   alias            = "secret-store"
   ibmcloud_api_key = var.ibmcloud_api_key
   region           = local.existing_secrets_manager_region
+  visibility       = var.provider_visibility
 }

solutions/fully-configurable/variables.tf

@@ -4,6 +4,17 @@ variable "ibmcloud_api_key" {
   sensitive   = true
 }
 
+variable "provider_visibility" {
+  description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)."
+  type        = string
+  default     = "private"
+
+  validation {
+    condition     = contains(["public", "private", "public-and-private"], var.provider_visibility)
+    error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'."
+  }
+}
+
 variable "existing_secrets_manager_crn" {
   type        = string
   description = "CRN of an existing secrets manager instance to create the secret engine in."
@@ -12,7 +23,7 @@ variable "existing_secrets_manager_crn" {
 variable "prefix" {
   type        = string
   nullable    = true
-  description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-0205-cos. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."
+  description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-us-south. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."
 
   validation {
     # - null and empty string is allowed
@@ -46,7 +57,7 @@ variable "ibmcloud_cis_api_key" {
 
 variable "internet_services_crn" {
   type        = string
-  description = "The CRN of the Internet Service instance to authorize Secrets Manager against. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secrets-manager-cli#secrets-manager-configurations-cli)."
+  description = "The CRN of the Internet Service instance to authorize Secrets Manager against. For creating a public certificate, if using Cloud Internet Service for DNS then `internet_service_crn` is a required input. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secrets-manager-cli#secrets-manager-configurations-cli)."
   default     = null
 }
 
@@ -64,8 +75,13 @@ variable "internet_service_domain_id" {
 
 variable "dns_config_name" {
   type        = string
-  description = "Name of the DNS config for the public_cert secrets engine. If a prefix input variable is specified, it is added to the value in the `<prefix>-value` format. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secrets-manager-cli#secrets-manager-configurations-cli)."
-  default     = "certificate-dns"
+  description = "Name of the DNS config for the public_cert secrets engine. If passing a value for `dns_config_name` a value for `internet_services_crn` is required. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secrets-manager-cli#secrets-manager-configurations-cli)."
+  default     = null
+
+  validation {
+    condition     = var.dns_config_name != null ? var.internet_services_crn != null : true
+    error_message = "A value for 'internet_services_crn' must be passed to create a DNS config for public certificate secrets engine."
+  }
 }
 
 variable "ca_config_name" {
@@ -87,9 +103,9 @@ variable "lets_encrypt_environment" {
 
 variable "acme_letsencrypt_private_key" {
   type        = string
-  description = "The private key generated by the ACME account creation tool. Required if private_key_secrets_manager_secret_crn is not set. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secrets-manager-cli#secrets-manager-configurations-cli)."
-  default     = null
+  description = "The private key generated by the ACME account creation tool. Alternatively `acme_letsencrypt_private_key_secrets_manager_secret_crn` can be provided. Required if acme_letsencrypt_private_key_secrets_manager_secret_crn is not set. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secrets-manager-cli#secrets-manager-configurations-cli)."
   sensitive   = true
+  default     = null
 }
 
 variable "skip_iam_authorization_policy" {
@@ -98,16 +114,16 @@ variable "skip_iam_authorization_policy" {
   default     = false
 }
 
-variable "private_key_secrets_manager_secret_crn" {
+variable "acme_letsencrypt_private_key_secrets_manager_secret_crn" {
   type        = string
   description = "The secret CRN of your ACME private key. Required if acme_letsencrypt_private_key is not set. If both are set, this value will be used as the private key."
   default     = null
 
   validation {
     condition = (
-      var.private_key_secrets_manager_secret_crn != null ||
+      var.acme_letsencrypt_private_key_secrets_manager_secret_crn != null ||
       var.acme_letsencrypt_private_key != null
     )
-    error_message = "If `acme_letsencrypt_private_key` is not set, you must provide a value for `private_key_secrets_manager_secret_crn`."
+    error_message = "If `acme_letsencrypt_private_key` is not set, you must provide a value for `acme_letsencrypt_private_key_secrets_manager_secret_crn`."
   }
 }

tests/pr_test.go

@@ -99,24 +99,12 @@ func TestRunIAMExample(t *testing.T) {
 	assert.NotNil(t, output, "Expected some output")
 }
 
-func TestRunUpgradeExample(t *testing.T) {
-	t.Parallel()
-
-	options := setupOptions(t, "sm-pub-cert-eng-upg", IAMExampleTerraformDir)
-
-	output, err := options.RunTestUpgrade()
-	if !options.UpgradeTestSkipped {
-		assert.Nil(t, err, "This should not have errored")
-		assert.NotNil(t, output, "Expected some output")
-	}
-}
-
 func TestRunSolutionsFullyConfigurableSchematics(t *testing.T) {
 	t.Parallel()
 
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing: t,
-		Prefix:  "sm-pbce",
+		Prefix:  "sm-pb",
 		TarIncludePatterns: []string{
 			"*.tf",
 			fullyConfigurableDir + "/*.tf",
@@ -132,8 +120,7 @@ func TestRunSolutionsFullyConfigurableSchematics(t *testing.T) {
 		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
 		{Name: "prefix", Value: options.Prefix, DataType: "string"},
 		{Name: "existing_secrets_manager_crn", Value: permanentResources["secretsManagerCRN"], DataType: "string"},
-		{Name: "private_key_secrets_manager_secret_crn", Value: permanentResources["acme_letsencrypt_private_key_secret_crn"], DataType: "string"},
-		{Name: "internet_services_crn", Value: permanentResources["cisInstanceId"], DataType: "string"},
+		{Name: "acme_letsencrypt_private_key_secrets_manager_secret_crn", Value: permanentResources["acme_letsencrypt_private_key_secret_crn"], DataType: "string"},
 		{Name: "skip_iam_authorization_policy", Value: true, DataType: "bool"}, // A permanent cis-sm auth policy already exists in the account
 	}
 
@@ -146,7 +133,7 @@ func TestRunSolutionsFullyConfigurableUpgradeSchematics(t *testing.T) {
 
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing: t,
-		Prefix:  "sm-pbce-up",
+		Prefix:  "sm-pb-up",
 		TarIncludePatterns: []string{
 			"*.tf",
 			fullyConfigurableDir + "/*.tf",
@@ -162,7 +149,8 @@ func TestRunSolutionsFullyConfigurableUpgradeSchematics(t *testing.T) {
 		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
 		{Name: "prefix", Value: options.Prefix, DataType: "string"},
 		{Name: "existing_secrets_manager_crn", Value: permanentResources["secretsManagerCRN"], DataType: "string"},
-		{Name: "private_key_secrets_manager_secret_crn", Value: permanentResources["acme_letsencrypt_private_key_secret_crn"], DataType: "string"},
+		{Name: "acme_letsencrypt_private_key_secrets_manager_secret_crn", Value: permanentResources["acme_letsencrypt_private_key_secret_crn"], DataType: "string"},
+		{Name: "dns_config_name", Value: "cert-dns", DataType: "string"},
 		{Name: "internet_services_crn", Value: permanentResources["cisInstanceId"], DataType: "string"},
 		{Name: "skip_iam_authorization_policy", Value: true, DataType: "bool"}, // A permanent cis-sm auth policy already exists in the account
 	}