feat: added deployable architecture for IBM Cloud catalog (#650)

Author: subhajitbhuiyaibm

.catalog-onboard-pipeline.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: v1
+offerings:
+  - name: deploy-arch-ibm-vpe-gateway
+    kind: solution
+    catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd
+    offering_id: 0cb4c87d-e374-4113-9e69-c1deb00a17c5
+    variations:
+      - name: fully-configurable
+        mark_ready: true
+        install_type: fullstack
+        pre_validation: "tests/scripts/pre-validation-deploy-vpc.sh"
+        post_validation: "tests/scripts/post-validation-destroy-vpc.sh"
+        scc:
+          instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
+          region: us-south

.releaserc

@@ -10,6 +10,9 @@
     }],
     ["@semantic-release/exec", {
       "successCmd": "echo \"SEMVER_VERSION=${nextRelease.version}\" >> $GITHUB_ENV"
+    }],
+    ["@semantic-release/exec",{
+      "publishCmd": "./ci/trigger-catalog-onboarding-pipeline.sh --version=v${nextRelease.version}"
     }]
   ]
 }

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-12-10T07:29:36Z",
+  "generated_at": "2023-12-11T07:29:36Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

ibm_catalog.json

@@ -0,0 +1,120 @@
+{
+    "products": [
+      {
+        "name": "deploy-arch-ibm-vpe-gateway",
+        "label": "Cloud automation for VPE gateway",
+        "product_kind": "solution",
+        "tags": [
+          "ibm_created",
+          "target_terraform",
+          "terraform",
+          "solution",
+          "dev_ops"
+        ],
+        "keywords": [
+          "vpe",
+          "IaC",
+          "infrastructure as code",
+          "terraform",
+          "solution"
+        ],
+        "short_description": "Creates and configures Virtual Private Endpoint gateway",
+        "long_description": "This architecture supports creating and configuring Virtual Private Endpoint gateway.",
+        "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-vpe-gateway/blob/main/README.md",
+        "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-scc/main/images/ibm-cloud.svg",
+        "provider_name": "IBM",
+        "features": [
+          {
+            "title": "IBM Cloud VPE gateway",
+            "description": "Creates and configures an IBM Cloud VPE gateway."
+          }
+        ],
+        "flavors": [
+          {
+            "label": "Fully Configurable",
+            "name": "fully-configurable",
+            "install_type": "fullstack",
+            "working_directory": "solutions/fully-configurable",
+            "compliance": {},
+            "configuration": [
+              {
+                "key": "ibmcloud_api_key"
+              },
+              {
+                "custom_config": {
+                  "type": "region",
+                  "grouping": "deployment",
+                  "original_grouping": "deployment",
+                  "config_constraints": {
+                    "showKinds": [
+                      "region"
+                    ]
+                  }
+                },
+                "key": "region",
+                "required": true
+              },
+              {
+                "key": "existing_resource_group_name",
+                "required": true
+              },
+              {
+                "key": "prefix",
+                "required": true
+              },
+              {
+                "key": "vpc_name",
+                "required": true
+              },
+              {
+                "key": "subnet_ids",
+                "required": true
+              },
+              {
+                "key": "security_group_ids"
+              },
+              {
+                "key": "cloud_services"
+              },
+              {
+                "key": "cloud_service_by_crn"
+              },
+              {
+                "key": "service_endpoints"
+              },
+              {
+                "key": "reserved_ips"
+              }
+            ],
+            "iam_permissions": [
+              {
+                "service_name": "is",
+                "role_crns": [
+                  "crn:v1:bluemix:public:iam::::role:Editor"
+                ]
+              }
+            ],
+            "architecture": {
+              "descriptions": "This architecture supports creating and configuring an IBM Cloud VPE gateway.",
+              "features": [
+                {
+                  "title": "VPE gateway creation",
+                  "description": "Yes"
+                }
+              ],
+              "diagrams": [
+                {
+                  "diagram": {
+                    "caption": "VPE gateway",
+                    "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-vpe-gateway/main/reference-architecture/vpe-catalog.svg",
+                    "type": "image/svg+xml"
+                  },
+                  "description": "This architecture supports creating an IBM Cloud VPE gateway"
+                }
+              ]
+            }
+          }
+        ]
+      }
+    ]
+  }

reference-architecture/vpe-gateway.svg

@@ -0,0 +1,92 @@
+# Configuring complex inputs for Virtual Private Endpoint Gateways
+
+Several optional input variables in the IBM Cloud [VPE Gateway deployable architecture](https://cloud.ibm.com/catalog#deployable_architecture) use complex object types. You specify these inputs when you configure deployable architecture.
+
+You can specify a set of IBM Cloud services to create VPE endpoint gateways for. At least one of `cloud_services` or `cloud_service_by_crn` must be specified.
+
+- [Cloud Services by name](#cloud-services) (`cloud_services`)
+- [Cloud Services by CRN](#cloud-service-by-crn) (`cloud_service_by_crn`)
+- [Reserved IPs](#reserved-ips) (`reserved_ips`)
+
+## Cloud Services by name <a name="cloud-services"></a>
+
+You can specify a set of IBM Cloud services by service name to create VPE Endpoint Gateways for. Use `cloud-services` for services that offer general service endpoints.
+
+- Variable name: `cloud_services`.
+- Type: A list of objects that represent IBM Cloud services
+- Default value: An empty list (`[]`)
+
+### Options for cloud_service
+
+- `service_name` (required): The IBM Cloud service name.
+- `vpe_name` (optional): Full control on the VPE name. If not specified, the VPE name will be computed based on prefix, vpc name and service name.
+- `allow_dns_resolution_binding` (optional): Indicates whether to allow this endpoint gateway to participate in DNS resolution bindings with a VPC that has dns.enable_hub set to true.
+
+### Example service credential
+
+```hcl
+[
+  {
+    "service_name": "kms",
+    "vpe_name": "kms-gateway",
+    "allow_dns_resolution_binding": false
+  },
+  {
+    "service_name": "cloud-object-storage"
+  }
+]
+```
+
+## Cloud Service by CRN <a name="cloud-service-by-crn"></a>
+
+You can specify a set of IBM Cloud services by CRN to create VPE Endpoint Gateways for. Use `cloud-service-by-crn` for services that generate instance specific VPE gateway targets.
+
+- Variable name: `cloud_service_by_crn`.
+- Type: A list of objects that represent IBM Cloud services
+- Default value: An empty list (`[]`)
+
+### Options for cloud_service_by_crn
+
+- `crn` (required): IBM Cloud service CRN.
+- `vpe_name` (optional): Full control on the VPE name. If not specified, the VPE name will be computed based on prefix, vpc name and service name.
+- `service_name` (optional):
+- `allow_dns_resolution_binding` (optional): Indicates whether to allow this endpoint gateway to participate in DNS resolution bindings with a VPC that has dns.enable_hub set to true.
+
+### Example cloud_service_by_crn
+
+```hcl
+[
+  {
+    "crn": "crn:version:cname:ctype:service-name:location:scope:service-instance::",
+    "vpe_name": "service-gateway",
+    "service_name": "service-name",
+    "allow_dns_resolution_binding": false
+  },
+  {
+    "crn": "crn:version:cname:ctype:service-name:location:scope:service-instance::"
+  }
+]
+```
+
+## Reserved IPs <a name="reserved-ips"></a>
+
+Map of existing reserved IP names and values. If you wish to create your reserved ips independently and not create new ones you can first run the `reserved-ips` submodule and then copy the output `reserved_ip_map` here."
+
+- Variable name: `reserved_ips`
+- Type: A map of existing reserved IP names and ids
+- Default value: An empty map (`{}`)
+
+### Example reserved IPs
+
+The following example shows values for both disk and memory for the `reserved_ips` input.
+
+```hcl
+{
+  "vpc-cloud-object-storage-1" = "0717-12345678-1234-1234-1234-123456789abc"
+  "vpc-cloud-object-storage-2" = "0727-12345678-1234-1234-1234-123456789abc"
+  "vpc-cloud-object-storage-3" = "0737-12345678-1234-1234-1234-123456789abc"
+  "vpc-kms-1" = "0717-12345678-1234-1234-1234-123456789abc"
+  "vpc-kms-2" = "0727-12345678-1234-1234-1234-123456789abc"
+  "vpc-kms-3" = "0737-12345678-1234-1234-1234-123456789abc"
+}
+```

solutions/fully-configurable/DA-types.md

@@ -0,0 +1,9 @@
+# Deploy Virtual Private Endpoint (VPE) gateways to Virtual Private Cloud (VPC)
+
+This architecture creates and configures virtual private endpoint gateways to virtual private cloud.
+
+## Before you begin
+
+* You must have a Virtual Private Cloud instance.
+
+**NB:** This solution is not intended to be called by one or more other modules since it contains a provider configurations, meaning it is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers)

solutions/fully-configurable/README.md

@@ -0,0 +1,3 @@
+{
+  "ibmcloud_api_key": $VALIDATION_APIKEY
+}

solutions/fully-configurable/catalogValidationValues.json.template

@@ -0,0 +1,49 @@
+########################################################################################################################
+# Resource group
+########################################################################################################################
+
+module "resource_group" {
+  source                       = "terraform-ibm-modules/resource-group/ibm"
+  version                      = "1.1.6"
+  existing_resource_group_name = var.existing_resource_group_name
+}
+
+########################################################################################################################
+# VPC
+########################################################################################################################
+
+data "ibm_is_vpc" "vpc" {
+  name = var.vpc_name
+}
+
+data "ibm_is_subnet" "subnet" {
+  for_each   = toset(var.subnet_ids)
+  identifier = each.key
+}
+
+locals {
+  subnet_zone_list = [for subnet in data.ibm_is_subnet.subnet : {
+    name = subnet.name
+    id   = subnet.id
+    zone = subnet.zone
+  }]
+}
+
+########################################################################################################################
+# VPE
+########################################################################################################################
+
+module "vpe" {
+  source               = "../.."
+  region               = var.region
+  prefix               = var.prefix
+  resource_group_id    = module.resource_group.resource_group_id
+  vpc_name             = var.vpc_name
+  vpc_id               = data.ibm_is_vpc.vpc.id
+  subnet_zone_list     = local.subnet_zone_list
+  security_group_ids   = var.security_group_ids
+  cloud_services       = var.cloud_services
+  cloud_service_by_crn = var.cloud_service_by_crn
+  service_endpoints    = var.service_endpoints
+  reserved_ips         = var.reserved_ips
+}

solutions/fully-configurable/main.tf

@@ -0,0 +1,9 @@
+output "vpe_ips" {
+  description = "The endpoint gateway reserved ips"
+  value       = module.vpe.vpe_ips
+}
+
+output "crn" {
+  description = "The CRN of the endpoint gateway"
+  value       = module.vpe.crn
+}