Skip to content

fix: cleanup DA inputs #332

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
May 13, 2025
Merged

fix: cleanup DA inputs #332

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
aa38d3d
fix: cleanup DA inputs
ocofaigh May 12, 2025
9ab5467
Update ibm_catalog.json
ocofaigh May 12, 2025
5d391cf
Update ibm_catalog.json
ocofaigh May 12, 2025
90130fe
Update ibm_catalog.json
ocofaigh May 12, 2025
ec72db8
make plan required
ocofaigh May 12, 2025
7e6d602
fix cra
ocofaigh May 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
91 changes: 47 additions & 44 deletions ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,19 +121,16 @@
"required": true
},
{
"key": "provider_visibility",
"key": "service_plan",
"required": true,
"options": [
{
"displayname": "private",
"value": "private"
},
{
"displayname": "public",
"value": "public"
"displayname": "Standard",
"value": "standard"
},
{
"displayname": "public-and-private",
"value": "public-and-private"
"displayname": "Trial",
"value": "trial"
}
]
},
Expand All @@ -150,13 +147,29 @@
}
},
{
"key": "secrets_manager_instance_name"
"key": "provider_visibility",
"hidden": true,
"options": [
{
"displayname": "private",
"value": "private"
},
{
"displayname": "public",
"value": "public"
},
{
"displayname": "public-and-private",
"value": "public-and-private"
}
]
},
{
"key": "existing_secrets_manager_crn"
"key": "secrets_manager_instance_name"
},
{
"key": "secrets_manager_endpoint_type",
"hidden": true,
"options": [
{
"displayname": "public",
Expand All @@ -178,19 +191,6 @@
}
}
},
{
"key": "service_plan",
"options": [
{
"displayname": "Standard",
"value": "standard"
},
{
"displayname": "Trial",
"value": "trial"
}
]
},
{
"key": "skip_sm_ce_iam_authorization_policy"
},
Expand All @@ -211,8 +211,7 @@
"key": "kms_encryption_enabled"
},
{
"key": "existing_kms_instance_crn",
"required": true
"key": "existing_kms_instance_crn"
},
{
"key": "existing_secrets_manager_kms_key_crn"
Expand Down Expand Up @@ -262,6 +261,9 @@
},
{
"key": "secret_groups"
},
{
"key": "existing_secrets_manager_crn"
}
],
"architecture": {
Expand All @@ -285,11 +287,11 @@
},
{
"title": "Enforced private-only endpoint communication",
"description": "Yes"
"description": "No"
},
{
"title": "Enforced KMS encryption",
"description": "Yes"
"description": "No"
},
{
"title": "KMS instance creation",
Expand Down Expand Up @@ -392,16 +394,27 @@
"key": "prefix",
"required": true
},
{
"key": "service_plan",
"required": true,
"options": [
{
"displayname": "Standard",
"value": "standard"
},
{
"displayname": "Trial",
"value": "trial"
}
]
},
{
"key": "existing_kms_instance_crn",
"required": true
},
{
"key": "secrets_manager_instance_name"
},
{
"key": "existing_secrets_manager_crn"
},
{
"key": "secrets_manager_resource_tags",
"custom_config": {
Expand All @@ -412,19 +425,6 @@
}
}
},
{
"key": "service_plan",
"options": [
{
"displayname": "Standard",
"value": "standard"
},
{
"displayname": "Trial",
"value": "trial"
}
]
},
{
"key": "skip_sm_ce_iam_authorization_policy"
},
Expand Down Expand Up @@ -475,6 +475,9 @@
},
{
"key": "secret_groups"
},
{
"key": "existing_secrets_manager_crn"
}
],
"architecture": {
Expand Down
2 changes: 1 addition & 1 deletion solutions/fully-configurable/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ This solution supports the following:
| <a name="input_secrets_manager_endpoint_type"></a> [secrets\_manager\_endpoint\_type](#input\_secrets\_manager\_endpoint\_type) | The type of endpoint (public or private) to connect to the Secrets Manager API. The Terraform provider uses this endpoint type to interact with the Secrets Manager API and configure Event Notifications. | `string` | `"private"` | no |
| <a name="input_secrets_manager_instance_name"></a> [secrets\_manager\_instance\_name](#input\_secrets\_manager\_instance\_name) | The name to give the Secrets Manager instance provisioned by this solution. If a prefix input variable is specified, it is added to the value in the `<prefix>-value` format. Applies only if `existing_secrets_manager_crn` is not provided. | `string` | `"secrets-manager"` | no |
| <a name="input_secrets_manager_resource_tags"></a> [secrets\_manager\_resource\_tags](#input\_secrets\_manager\_resource\_tags) | The list of resource tags you want to associate with your Secrets Manager instance. Applies only if `existing_secrets_manager_crn` is not provided. | `list(any)` | `[]` | no |
| <a name="input_service_plan"></a> [service\_plan](#input\_service\_plan) | The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`. | `string` | `"standard"` | no |
| <a name="input_service_plan"></a> [service\_plan](#input\_service\_plan) | The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`. You can create only one Trial instance of Secrets Manager per account. Before you can create a new Trial instance, you must delete the existing Trial instance and its reclamation. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-create-instance&interface=ui#upgrade-instance-standard). | `string` | n/a | yes |
| <a name="input_skip_event_notifications_iam_authorization_policy"></a> [skip\_event\_notifications\_iam\_authorization\_policy](#input\_skip\_event\_notifications\_iam\_authorization\_policy) | If set to true, this skips the creation of a service to service authorization from Secrets Manager to Event Notifications. If false, the service to service authorization is created. | `bool` | `false` | no |
| <a name="input_skip_sm_ce_iam_authorization_policy"></a> [skip\_sm\_ce\_iam\_authorization\_policy](#input\_skip\_sm\_ce\_iam\_authorization\_policy) | Whether to skip the creation of the IAM authorization policies required to enable the IAM credentials engine. If set to false, policies will be created that grants the Secrets Manager instance 'Operator' access to the IAM identity service, and 'Groups Service Member Manage' access to the IAM groups service. | `bool` | `false` | no |
| <a name="input_skip_sm_kms_iam_authorization_policy"></a> [skip\_sm\_kms\_iam\_authorization\_policy](#input\_skip\_sm\_kms\_iam\_authorization\_policy) | Set to true to skip the creation of an IAM authorization policy that permits all Secrets Manager instances in the resource group to read the encryption key from the KMS instance. If set to false, pass in a value for the KMS instance in the `existing_kms_instance_crn` variable. If a value is specified for `ibmcloud_kms_api_key`, the policy is created in the KMS account. | `bool` | `false` | no |
Expand Down
9 changes: 6 additions & 3 deletions solutions/fully-configurable/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,14 @@ variable "existing_secrets_manager_crn" {

variable "service_plan" {
type = string
description = "The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`."
default = "standard"
description = "The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`. You can create only one Trial instance of Secrets Manager per account. Before you can create a new Trial instance, you must delete the existing Trial instance and its reclamation. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-create-instance&interface=ui#upgrade-instance-standard)."
validation {
condition = contains(["standard", "trial"], var.service_plan)
error_message = "Only \"standard\" and \"trial\" are allowed values for secrets_manager_service_plan.Applies only if not providing a value for the `existing_secrets_manager_crn` input."
error_message = "Only 'standard' and 'trial' are allowed values for 'service_plan'. Applies only if not providing a value for the 'existing_secrets_manager_crn' input."
}
validation {
condition = var.existing_secrets_manager_crn == null ? var.service_plan != null : true
error_message = "A value for 'service_plan' is required if not providing a value for 'existing_secrets_manager_crn'"
}
}

Expand Down
2 changes: 1 addition & 1 deletion solutions/security-enforced/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ No resources.
| <a name="input_secrets_manager_cbr_rules"></a> [secrets\_manager\_cbr\_rules](#input\_secrets\_manager\_cbr\_rules) | (Optional, list) List of CBR rules to create. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager/blob/main/solutions/fully-configurable/DA-cbr_rules.md) | <pre>list(object({<br/> description = string<br/> account_id = string<br/> rule_contexts = list(object({<br/> attributes = optional(list(object({<br/> name = string<br/> value = string<br/> }))) }))<br/> enforcement_mode = string<br/> operations = optional(list(object({<br/> api_types = list(object({<br/> api_type_id = string<br/> }))<br/> })))<br/> }))</pre> | `[]` | no |
| <a name="input_secrets_manager_instance_name"></a> [secrets\_manager\_instance\_name](#input\_secrets\_manager\_instance\_name) | The name to give the Secrets Manager instance provisioned by this solution. If a prefix input variable is specified, it is added to the value in the `<prefix>-value` format. Applies only if `existing_secrets_manager_crn` is not provided. | `string` | `"secrets-manager"` | no |
| <a name="input_secrets_manager_resource_tags"></a> [secrets\_manager\_resource\_tags](#input\_secrets\_manager\_resource\_tags) | The list of resource tags you want to associate with your Secrets Manager instance. Applies only if `existing_secrets_manager_crn` is not provided. | `list(any)` | `[]` | no |
| <a name="input_service_plan"></a> [service\_plan](#input\_service\_plan) | The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`. | `string` | `"standard"` | no |
| <a name="input_service_plan"></a> [service\_plan](#input\_service\_plan) | The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`. You can create only one Trial instance of Secrets Manager per account. Before you can create a new Trial instance, you must delete the existing Trial instance and its reclamation. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-create-instance&interface=ui#upgrade-instance-standard). | `string` | n/a | yes |
| <a name="input_skip_event_notifications_iam_authorization_policy"></a> [skip\_event\_notifications\_iam\_authorization\_policy](#input\_skip\_event\_notifications\_iam\_authorization\_policy) | If set to true, this skips the creation of a service to service authorization from Secrets Manager to Event Notifications. If false, the service to service authorization is created. | `bool` | `false` | no |
| <a name="input_skip_sm_ce_iam_authorization_policy"></a> [skip\_sm\_ce\_iam\_authorization\_policy](#input\_skip\_sm\_ce\_iam\_authorization\_policy) | Whether to skip the creation of the IAM authorization policies required to enable the IAM credentials engine. If set to false, policies will be created that grants the Secrets Manager instance 'Operator' access to the IAM identity service, and 'Groups Service Member Manage' access to the IAM groups service. | `bool` | `false` | no |
| <a name="input_skip_sm_kms_iam_authorization_policy"></a> [skip\_sm\_kms\_iam\_authorization\_policy](#input\_skip\_sm\_kms\_iam\_authorization\_policy) | Set to true to skip the creation of an IAM authorization policy that permits all Secrets Manager instances in the resource group to read the encryption key from the KMS instance. If set to false, pass in a value for the KMS instance in the `existing_kms_instance_crn` variable. If a value is specified for `ibmcloud_kms_api_key`, the policy is created in the KMS account. | `bool` | `false` | no |
Expand Down
9 changes: 6 additions & 3 deletions solutions/security-enforced/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,11 +54,14 @@ variable "existing_secrets_manager_crn" {

variable "service_plan" {
type = string
description = "The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`."
default = "standard"
description = "The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`. You can create only one Trial instance of Secrets Manager per account. Before you can create a new Trial instance, you must delete the existing Trial instance and its reclamation. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-create-instance&interface=ui#upgrade-instance-standard)."
validation {
condition = contains(["standard", "trial"], var.service_plan)
error_message = "Only \"standard\" and \"trial\" are allowed values for secrets_manager_service_plan.Applies only if not providing a value for the `existing_secrets_manager_crn` input."
error_message = "Only 'standard' and 'trial' are allowed values for 'service_plan'. Applies only if not providing a value for the 'existing_secrets_manager_crn' input."
}
validation {
condition = var.existing_secrets_manager_crn == null ? var.service_plan != null : true
error_message = "A value for 'service_plan' is required if not providing a value for 'existing_secrets_manager_crn'"
}
}

Expand Down