Skip to content

DA improvements #246

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 55 commits into from
Sep 30, 2025
Merged

DA improvements #246

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
55 commits
Select commit Hold shift + click to select a range
d8ea80e
DA improvements
Aayush-Abhyarthi Jul 10, 2025
5ed9f4a
add: index
Aayush-Abhyarthi Jul 11, 2025
e72ee13
Merge branch 'main' into improve-DA
Aayush-Abhyarthi Jul 14, 2025
d0de98e
add: permissions
Aayush-Abhyarthi Jul 14, 2025
3691571
Merge remote-tracking branch 'origin/improve-DA' into improve-DA
Aayush-Abhyarthi Jul 14, 2025
2586f3b
resolve conflicts
Aayush-Abhyarthi Jul 21, 2025
1f0e999
revert
Aayush-Abhyarthi Jul 22, 2025
48e4812
resolve comments
Aayush-Abhyarthi Jul 24, 2025
6aa57ec
Merge branch 'main' into improve-DA
Aayush-Abhyarthi Jul 24, 2025
c50c333
resolve conflicts
Aayush-Abhyarthi Jul 27, 2025
ee542d4
Merge branch 'main' into improve-DA
Aayush-Abhyarthi Jul 27, 2025
ea00a80
Update ibm_catalog.json
Aayush-Abhyarthi Jul 29, 2025
00d76ca
Update ibm_catalog.json
Aayush-Abhyarthi Jul 29, 2025
51f2158
Update ibm_catalog.json
Aayush-Abhyarthi Jul 29, 2025
c2a216c
resolve comments
Aayush-Abhyarthi Jul 29, 2025
2810162
Merge branch 'main' into improve-DA
Aayush-Abhyarthi Aug 3, 2025
36d8a65
resolve comments
Aayush-Abhyarthi Aug 11, 2025
9410b44
Merge branch 'main' into improve-DA
Aayush-Abhyarthi Aug 11, 2025
405de98
fix: diagram
Aayush-Abhyarthi Aug 18, 2025
fdabc65
more fixes
Aayush-Abhyarthi Aug 19, 2025
1efbc11
Update ibm_catalog.json
Aayush-Abhyarthi Aug 24, 2025
95209e3
Update ibm_catalog.json
Aayush-Abhyarthi Aug 24, 2025
67ca1ce
Update ibm_catalog.json
Aayush-Abhyarthi Aug 24, 2025
f7ddd2a
Update ibm_catalog.json
Aayush-Abhyarthi Aug 24, 2025
32d5403
Update ibm_catalog.json
Aayush-Abhyarthi Aug 24, 2025
6e51e85
Update ibm_catalog.json
Aayush-Abhyarthi Aug 24, 2025
3b2ae3c
Update ibm_catalog.json
Aayush-Abhyarthi Aug 24, 2025
9c63070
Update ibm_catalog.json
Aayush-Abhyarthi Aug 25, 2025
7ffcaa7
Update ibm_catalog.json
Aayush-Abhyarthi Aug 25, 2025
f18ef1e
resolve comments
Aayush-Abhyarthi Aug 25, 2025
149d759
Merge branch 'main' into improve-DA
Aayush-Abhyarthi Aug 25, 2025
a7b043f
Update ibm_catalog.json
Aayush-Abhyarthi Aug 27, 2025
ad6dd9c
Update ibm_catalog.json
Aayush-Abhyarthi Aug 27, 2025
974216e
fix: capitalization
Aayush-Abhyarthi Aug 27, 2025
b46e672
fix: diagram
Aayush-Abhyarthi Aug 27, 2025
27a3f3b
Merge branch 'main' into improve-DA
Aayush-Abhyarthi Aug 31, 2025
68610bc
Update solutions/fully-configurable/README.md
Aayush-Abhyarthi Sep 3, 2025
bd173d4
resolve comments
Aayush-Abhyarthi Sep 3, 2025
d47ecd4
pass cis
Aayush-Abhyarthi Sep 3, 2025
91700c7
revert prefix
Aayush-Abhyarthi Sep 3, 2025
cf5ec43
revert prefix
Aayush-Abhyarthi Sep 3, 2025
5270ce0
Update ibm_catalog.json
Aayush-Abhyarthi Sep 7, 2025
4bdbef7
Merge branch 'main' into improve-DA
Aayush-Abhyarthi Sep 7, 2025
5ef5e88
resolve comments
Aayush-Abhyarthi Sep 7, 2025
466776f
update diagram
Aayush-Abhyarthi Sep 10, 2025
9c16099
update: diagram
Aayush-Abhyarthi Sep 15, 2025
565d589
Merge branch 'main' into improve-DA
Aayush-Abhyarthi Sep 15, 2025
95894de
Merge branch 'main' into improve-DA
Aayush-Abhyarthi Sep 24, 2025
6f3deec
fix: split observability related updates
Aayush-Abhyarthi Sep 24, 2025
145b7b8
fixes
Aayush-Abhyarthi Sep 26, 2025
5053157
update content
Sep 30, 2025
68404e5
update cert name
Aayush-Abhyarthi Sep 30, 2025
c8b3ee0
Merge remote-tracking branch 'origin/improve-DA' into improve-DA
Aayush-Abhyarthi Sep 30, 2025
6af423f
resolve comment
Aayush-Abhyarthi Sep 30, 2025
bc69586
remove cda
Aayush-Abhyarthi Sep 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion common-dev-assets
Open in desktop
Submodule common-dev-assets updated 6 files
+1 −1 examples/Dockerfile
+1 −1 module-assets/.pre-commit-config.yaml
+1 −1 module-assets/ci/install-deps.sh
+0 −16 module-assets/ci/run-tests.sh
+1 −1 stack-assets/.pre-commit-config.yaml
+1 −1 stack-assets/stack-updater/requirements.txt
69 changes: 57 additions & 12 deletions ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,15 +27,15 @@
"provider_name": "IBM",
"features": [
{
"title": "Configures Internet Service DNS",
"title": "Internet Service DNS",
"description": "Configures Internet Service DNS."
},
{
"title": "Creates Secrets Manager Internet Service authorization",
"title": "Secrets Manager Internet Service authorization",
"description": "Creates authorization between Secrets Manager and Internet Service."
},
{
"title": "Configures Let's Encrypt certificate authority",
"title": "Let's Encrypt certificate authority",
"description": "Configures Let's Encrypt certificate authority."
}
],
Expand Down Expand Up @@ -75,29 +75,74 @@
},
"iam_permissions": [
{
"service_name": "iam-access-groups",
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Editor"
]
],
"service_name": "iam-access-groups",
"notes": "[optional] Required for managing IAM access groups."
},
{
"service_name": "iam-identity",
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Operator"
]
"crn:v1:bluemix:public:iam::::role:Operator",
"crn:v1:bluemix:public:iam::::role:Administrator"
],
"service_name": "iam-identity",
"notes":"[Optional] Required for Cloud automation for account configuration is enabled."
},
{
"service_name": "resource-group",
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Viewer"
]
],
"service_name": "resource-group",
"notes":"Viewer access is required in the resource group you want to provision in."
},
{
"service_name": "secrets-manager",
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Administrator",
"crn:v1:bluemix:public:iam::::serviceRole:Manager"
]
],
"service_name": "secrets-manager",
"notes": "[optional] Required for creating an Secrets Manager instance."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "event-notifications",
"notes": "[Optional] Required if you are configuring an Event Notifications Instance."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "sysdig-monitor",
"notes": "[Optional] Required if you are consuming the Observability deployable architecture which sets up Cloud Monitoring."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "logs",
"notes": "[Optional] Required if you are consuming the Observability deployable architecture which sets up Cloud Logs."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "hs-crypto",
"notes": "[Optional] Required if you are creating/configuring keys in an existing Hyper Protect Crypto Services (HPCS) instance for encryption."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "kms",
"notes": "[Optional] Required if you are creating/configuring Key Protect instance and keys for encryption."
}
],
"configuration": [
Expand Down
11 changes: 2 additions & 9 deletions solutions/fully-configurable/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,3 @@
# Secrets Manager Public Certificate Engine
# Cloud automation for Secrets Manager Public Certificate Engine (Fully configurable)

This solution supports the following:
- Provisioning a Secrets Manager public certificate authority configuration to configure Let's Encrypt as a Certificate Authority (CA).
- Provisioning a Secrets Manager DNS provider configuration for IBM Cloud Internet Services.
- Provisioning a Secrets Manager to Cloud Internet Service authorization policy.

![secrets-manager-public-cert-engine-deployable-architecture](../../reference-architecture/secrets_manager_public_cert_engine.svg)

**NB:** This solution is not intended to be invoked by other modules, as it includes provider configuration. As a result, it is incompatible with the `for_each`, `count`, and `depends_on` arguments. For more information see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers)
:exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).
7 changes: 4 additions & 3 deletions solutions/fully-configurable/provider.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
region = local.existing_secrets_manager_region
visibility = var.provider_visibility
ibmcloud_api_key = var.ibmcloud_api_key
region = local.existing_secrets_manager_region
visibility = var.provider_visibility
private_endpoint_type = (var.provider_visibility == "private" && local.existing_secrets_manager_region == "ca-mon") ? "vpe" : null
}

provider "ibm" {
Expand Down