feat: added latest service targets (#436)

terraform-ibm-modules · May 2, 2024 · 803c097 · 803c097
1 parent 88ff923
commit 803c097
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 19 deletions.
diff --git a/modules/fscloud/main.tf b/modules/fscloud/main.tf
@@ -95,6 +95,31 @@ locals {
     },
     "compliance" : {
       "enforcement_mode" : "report"
+    },
+    "IAM" : {
+      "enforcement_mode" : "report"
+      "service_group_id" : "IAM"
+    },
+    "context-based-restrictions" : {
+      "enforcement_mode" : "report"
+    },
+    "globalcatalog-collection" : {
+      "enforcement_mode" : "report"
+    },
+    "logdna" : {
+      "enforcement_mode" : "report"
+    },
+    "logdnaat" : {
+      "enforcement_mode" : "report"
+    },
+    "mqcloud" : {
+      "enforcement_mode" : "disabled"
+    },
+    "sysdig-monitor" : {
+      "enforcement_mode" : "report"
+    },
+    "sysdig-secure" : {
+      "enforcement_mode" : "report"
     }
   }
 
@@ -332,6 +357,11 @@ locals {
         operator = "stringEquals",
         value    = data.ibm_iam_account_settings.iam_account_settings.account_id
       },
+      try(value.service_group_id, null) != null ? {
+        name     = "service_group_id",
+        operator = "stringEquals",
+        value    = value.service_group_id
+      } : {},
       try(value.target_rg, null) != null ? {
         name     = "resourceGroupId",
         operator = "stringEquals",
@@ -347,11 +377,11 @@ locals {
         operator = "stringEquals",
         value    = value.region
       } : {},
-      {
+      try(value.service_group_id, null) == null ? {
         name     = "serviceName",
         operator = "stringEquals",
         value    = lookup(local.fake_service_names, key, key)
-      }
+      } : {}
   ] }
 }
 

diff --git a/modules/fscloud/variables.tf b/modules/fscloud/variables.tf
@@ -196,29 +196,14 @@ variable "target_service_details" {
   validation {
     condition = alltrue([
       for target_service_name, _ in var.target_service_details :
-      contains(["iam-groups", "iam-access-management", "iam-identity",
-        "user-management", "cloud-object-storage", "codeengine",
-        "container-registry", "databases-for-cassandra",
-        "databases-for-enterprisedb", "databases-for-elasticsearch",
-        "databases-for-etcd", "databases-for-mongodb",
-        "databases-for-mysql", "databases-for-postgresql", "databases-for-redis",
-        "directlink", "dns-svcs", "messagehub", "kms", "containers-kubernetes", "containers-kubernetes-cluster", "containers-kubernetes-management",
-        "messages-for-rabbitmq", "secrets-manager", "transit", "is",
-      "schematics", "apprapp", "event-notifications", "compliance", "hs-crypto"], target_service_name)
+      contains(["IAM", "apprapp", "cloud-object-storage", "codeengine", "compliance", "container-registry", "containers-kubernetes", "containers-kubernetes-cluster", "containers-kubernetes-management", "context-based-restrictions", "databases-for-cassandra", "databases-for-elasticsearch", "databases-for-enterprisedb", "databases-for-etcd", "databases-for-mongodb", "databases-for-mysql", "databases-for-postgresql", "databases-for-redis", "directlink", "dns-svcs", "event-notifications", "globalcatalog-collection", "hs-crypto", "iam-access-management", "iam-groups", "iam-identity", "is", "kms", "logdna", "logdnaat", "messagehub", "messages-for-rabbitmq", "mqcloud", "schematics", "secrets-manager", "sysdig-monitor", "sysdig-secure", "transit", "user-management"], target_service_name)
     ])
     error_message = "Provide a valid target service name that is supported by context-based restrictions"
   }
   validation {
     condition = alltrue([
       for target_service_name, attributes in var.target_service_details :
-      contains(["iam-identity", "codeengine",
-        "container-registry", "databases-for-cassandra",
-        "databases-for-enterprisedb", "databases-for-elasticsearch",
-        "databases-for-etcd", "databases-for-mongodb",
-        "databases-for-mysql", "databases-for-postgresql", "databases-for-redis", "messagehub",
-        "containers-kubernetes", "containers-kubernetes-cluster", "containers-kubernetes-management",
-        "messages-for-rabbitmq", "secrets-manager", "is",
-      "apprapp", "event-notifications", "hs-crypto"], target_service_name) if attributes.region != null
+      contains(["cloud-object-storage", "codeengine", "container-registry", "containers-kubernetes", "containers-kubernetes-cluster", "containers-kubernetes-management", "databases-for-cassandra", "databases-for-elasticsearch", "databases-for-enterprisedb", "databases-for-etcd", "databases-for-mongodb", "databases-for-mysql", "databases-for-postgresql", "databases-for-redis", "event-notifications", "hs-crypto", "iam-identity", "is", "logdna", "logdnaat", "messagehub", "messages-for-rabbitmq", "mqcloud", "secrets-manager", "sysdig-monitor", "sysdig-secure"], target_service_name) if attributes.region != null
     ])
     error_message = "Provide a valid target service name that supports region attribute."
   }