add : fully configurable version

.catalog-onboard-pipeline.yaml

@@ -6,7 +6,13 @@ offerings:
     catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd
     offering_id: 6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944
     variations:
-      - name: standard
+      - name: security-enforced
+        mark_ready: true
+        install_type: fullstack
+        scc:
+          instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
+          region: us-south
+      - name: fully-configurable
         mark_ready: true
         install_type: fullstack
         scc:

README.md

@@ -67,7 +67,7 @@ You need the following permissions to run this module.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= v1.0.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= v1.9.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.76.0, <2.0.0 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.9.1, < 1.0.0 |
 

cra-config.yaml

@@ -1,10 +1,11 @@
 # More info about this file at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml
 version: "v1"
 CRA_TARGETS:
-  - CRA_TARGET: "solutions/standard" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
+  - CRA_TARGET: "solutions/fully-configurable" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
     CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
     PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3"         # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile).
     CRA_ENVIRONMENT_VARIABLES:  # An optional map of environment variables for CRA, where the key is the variable name and value is the value. Useful for providing TF_VARs.
       TF_VAR_existing_kms_instance_crn: "crn:v1:bluemix:public:hs-crypto:us-south:a/abac0df06b644a9cabc6e44f55b3880e:e6dce284-e80f-46e1-a3c1-830f7adff7a9::"
-      TF_VAR_resource_group_name: "test"
+      TF_VAR_existing_resource_group_name: "geretain-test-secrets-manager"
       TF_VAR_provider_visibility: "public"
+      TF_VAR_prefix: "test"

examples/basic/version.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= v1.0.0"
+  required_version = ">= v1.9.0"
 
   # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
   # module's version.tf (this example), and 1 example that will always use the latest provider version (complete example).

examples/complete/README.md

@@ -7,7 +7,7 @@ This examples handles the provisioning of a new Secrets Manager instance.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= v1.0.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= v1.9.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >=1.76.0 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | 0.12.1 |
 

examples/complete/version.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= v1.0.0"
+  required_version = ">= v1.9.0"
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"

examples/fscloud/version.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
   required_providers {
     # Use latest version of provider in non-basic examples to verify latest version works with module
     ibm = {

ibm_catalog.json

@@ -21,7 +21,7 @@
       ],
       "short_description": "Creates and configures a Secrets Manager instance.",
       "long_description": "This solution is used to provision and configure an IBM Cloud Secrets Manager instance.",
-      "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager/blob/main/solutions/standard/README.md",
+      "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager/blob/main/solutions/security-enforced/README.md",
       "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-secrets-manager/main/images/secrets_manager.svg",
       "provider_name": "IBM",
       "features": [
@@ -45,10 +45,10 @@
       "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in that repository [https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager/issues](https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager/issues). Please note this product is not supported via the IBM Cloud Support Center.",
       "flavors": [
         {
-          "label": "Standard",
-          "name": "standard",
+          "label": "Fully-configurable",
+          "name": "fully-configurable",
           "install_type": "fullstack",
-          "working_directory": "solutions/standard",
+          "working_directory": "solutions/fully-configurable",
           "compliance": {
             "authority": "scc-v3",
             "profiles": [
@@ -113,14 +113,6 @@
               "required": true,
               "description": "Prefix to add to all resources created by this solution. To not use any prefix value, you can enter the string `__NULL__`."
             },
-            {
-              "key": "use_existing_resource_group",
-              "required": true
-            },
-            {
-              "key": "resource_group_name",
-              "required": true
-            },
             {
               "key": "existing_kms_instance_crn",
               "required": true
@@ -149,7 +141,7 @@
               "key": "existing_secrets_manager_crn"
             },
             {
-              "key": "secrets_manager_tags",
+              "key": "secrets_manager_resource_tags",
               "custom_config": {
                 "grouping": "deployment",
                 "original_grouping": "deployment",
@@ -172,66 +164,236 @@
               ]
             },
             {
-              "key": "iam_engine_enabled"
+              "key": "allowed_network",
+              "options": [
+                {
+                  "displayname": "private-only",
+                  "value": "private-only"
+                },
+                {
+                  "displayname": "public-and-private",
+                  "value": "public-and-private"
+                }
+              ]
             },
             {
-              "key": "iam_engine_name"
+              "key": "existing_resource_group_name"
             },
             {
-              "key": "public_cert_engine_enabled"
+              "key": "key_management_service_encryption_enabled"
             },
             {
-              "key": "public_cert_engine_internet_services_crn"
+              "key": "service_endpoints",
+              "options": [
+                {
+                  "displayname": "public",
+                  "value": "public"
+                },
+                {
+                  "displayname": "private",
+                  "value": "private"
+                }
+              ]
             },
             {
-              "key": "public_cert_engine_dns_provider_config_name"
+              "key": "existing_secrets_manager_kms_key_crn"
             },
             {
-              "key": "public_cert_engine_lets_encrypt_config_ca_name"
+              "key": "skip_kms_iam_authorization_policy"
             },
             {
-              "key": "acme_letsencrypt_private_key"
+              "key": "ibmcloud_kms_api_key"
             },
             {
-              "key": "private_cert_engine_enabled"
+              "key": "kms_endpoint_type",
+              "options": [
+                {
+                  "displayname": "Public",
+                  "value": "public"
+                },
+                {
+                  "displayname": "Private",
+                  "value": "private"
+                }
+              ]
             },
             {
-              "key": "private_cert_engine_config_root_ca_name"
+              "key": "kms_key_ring_name"
             },
             {
-              "key": "private_cert_engine_config_root_ca_common_name"
+              "key": "kms_key_name"
             },
             {
-              "key": "private_cert_engine_config_root_ca_max_ttl"
+              "key": "enable_event_notifications"
             },
             {
-              "key": "private_cert_engine_config_intermediate_ca_name"
+              "key": "event_notifications_email_list"
             },
             {
-              "key": "private_cert_engine_config_template_name"
+              "key": "event_notifications_from_email"
             },
             {
-              "key": "existing_secrets_manager_kms_key_crn"
+              "key": "event_notifications_reply_to_email"
             },
             {
-              "key": "skip_kms_iam_authorization_policy"
+              "key": "existing_event_notifications_instance_crn"
             },
             {
-              "key": "ibmcloud_kms_api_key"
+              "key": "skip_event_notifications_iam_authorization_policy"
             },
             {
-              "key": "kms_endpoint_type",
+              "key":"cbr_rules"
+            }
+          ],
+          "architecture": {
+            "descriptions": "This architecture supports creating and configuring a Secrets Manager instance.",
+            "features": [
+              {
+                "title": "Creates a Secrets Manager instance.",
+                "description": "Creates and configures an IBM Secrets Manager instance."
+              },
+              {
+                "title": "Optionally configure an IBM Secrets Manager IAM credentials engine to an IBM Secrets Manager instance.",
+                "description": "Optionally configure an IBM Secrets Manager IAM credentials engine to an IBM Secrets Manager instance."
+              },
+              {
+                "title": "Sets up authorization policy.",
+                "description": "Sets up IBM IAM authorization policy between IBM Secrets Manager instance and IBM Key Management Service (KMS) instance. It also supports Event Notification authorization policy."
+              },
+              {
+                "title": "Configures lifecycle notifications for the Secrets Manager instance.",
+                "description": "Configures lifecycle notifications for the IBM Secrets Manager instance by connecting an IBM Event Notifications service. The DA supports optionally creating a KMS key ring and key, or using an already existing one to encrypt data."
+              }
+            ],
+            "diagrams": [
+              {
+                "diagram": {
+                  "caption": "Secrets Manager",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-secrets-manager/main/reference-architecture/secrets_manager.svg",
+                  "type": "image/svg+xml"
+                },
+                "description": "This architecture supports creating and configuring IBM Secrets Manager instance."
+              }
+            ]
+          }
+        },
+        {
+          "label": "Security-enforced",
+          "name": "security-enforced",
+          "install_type": "fullstack",
+          "working_directory": "solutions/security-enforced",
+          "compliance": {
+            "authority": "scc-v3",
+            "profiles": [
+              {
+                "profile_name": "IBM Cloud Framework for Financial Services",
+                "profile_version": "1.7.0"
+              }
+            ]
+          },
+          "configuration": [
+            {
+              "key": "ibmcloud_api_key"
+            },
+            {
+              "key": "region",
+              "required": true,
               "options": [
                 {
-                  "displayname": "Public",
-                  "value": "public"
+                  "displayname": "Osaka (jp-osa)",
+                  "value": "jp-osa"
                 },
                 {
-                  "displayname": "Private",
-                  "value": "private"
+                  "displayname": "Sydney (au-syd)",
+                  "value": "au-syd"
+                },
+                {
+                  "displayname": "Tokyo (jp-tok)",
+                  "value": "jp-tok"
+                },
+                {
+                  "displayname": "Frankfurt (eu-de)",
+                  "value": "eu-de"
+                },
+                {
+                  "displayname": "London (eu-gb)",
+                  "value": "eu-gb"
+                },
+                {
+                  "displayname": "Madrid (eu-es)",
+                  "value": "eu-es"
+                },
+                {
+                  "displayname": "Dallas (us-south)",
+                  "value": "us-south"
+                },
+                {
+                  "displayname": "Toronto (ca-tor)",
+                  "value": "ca-tor"
+                },
+                {
+                  "displayname": "Washington DC (us-east)",
+                  "value": "us-east"
+                },
+                {
+                  "displayname": "Sao Paulo (br-sao)",
+                  "value": "br-sao"
+                }
+              ]
+            },
+            {
+              "key": "prefix",
+              "required": true,
+              "description": "Prefix to add to all resources created by this solution. To not use any prefix value, you can enter the string `__NULL__`."
+            },
+            {
+              "key": "existing_kms_instance_crn",
+              "required": true
+            },
+            {
+              "key": "secrets_manager_instance_name"
+            },
+            {
+              "key": "existing_secrets_manager_crn"
+            },
+            {
+              "key": "secrets_manager_resource_tags",
+              "custom_config": {
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "config_constraints": {
+                  "type": "string"
+                }
+            }
+            },
+            {
+              "key": "service_plan",
+              "options": [
+                {
+                  "displayname": "Standard",
+                  "value": "standard"
+                },
+                {
+                  "displayname": "Trial",
+                  "value": "trial"
                 }
               ]
             },
+            {
+              "key": "existing_resource_group_name"
+            },
+            {
+              "key": "key_management_service_encryption_enabled"
+            },
+            {
+              "key": "existing_secrets_manager_kms_key_crn"
+            },
+            {
+              "key": "skip_kms_iam_authorization_policy"
+            },
+            {
+              "key": "ibmcloud_kms_api_key"
+            },
             {
               "key": "kms_key_ring_name"
             },

modules/fscloud/README.md

@@ -30,7 +30,7 @@ module "secrets_manager" {
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >=1.62.0, <2.0.0 |
 
 ### Modules

modules/fscloud/version.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
   required_providers {
     # The below tflint-ignore is required because although the below provider is not directly required by this submodule,
     # it is required by consuming modules, and if not set here, the top level module calling this module will not be

modules/secrets/README.md

@@ -43,7 +43,7 @@ module "secrets_manager" {
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >=1.62.0, <2.0.0 |
 
 ### Modules