From 7798bed16a06ba85495ae89ca9d7586fe09ac950 Mon Sep 17 00:00:00 2001 From: "Matthew.Lemmond@ibm.com" Date: Tue, 14 May 2024 15:07:36 -0400 Subject: [PATCH 1/7] feat: add an optional audit resource group Create (or use an existing) resource group for audit resources created by the DA, added variable to test creation/use of the new resource group for audit resources --- solutions/instances/README.md | 1 + solutions/instances/main.tf | 9 ++++++++- solutions/instances/variables.tf | 12 ++++++++++++ tests/pr_test.go | 2 ++ 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/solutions/instances/README.md b/solutions/instances/README.md index 3b9a7c3b..42f33930 100644 --- a/solutions/instances/README.md +++ b/solutions/instances/README.md @@ -3,6 +3,7 @@ This architecture creates the observability instances on IBM Cloud and supports provisioning the following resources: - A resource group, if one is not passed in. + - Optionally create a resource group for provisioning audit resources, or use an existing audit resource group if one is not passed in - A Log Analysis instance. - A Cloud Monitoring instance. - Creates a Cloud Object Storage (COS) instance or supports using an existing one. diff --git a/solutions/instances/main.tf b/solutions/instances/main.tf index 44635aeb..e1be698b 100644 --- a/solutions/instances/main.tf +++ b/solutions/instances/main.tf @@ -84,6 +84,13 @@ module "resource_group" { existing_resource_group_name = var.use_existing_resource_group == true ? var.resource_group_name : null } +module "audit_resource_group" { + source = "terraform-ibm-modules/resource-group/ibm" + version = "1.1.5" + resource_group_name = var.use_existing_audit_resource_group == false ? (var.prefix != null ? "${var.prefix}-${var.audit_resource_group_name}" : var.audit_resource_group_name) : null + existing_resource_group_name = var.use_existing_audit_resource_group == true ? var.audit_resource_group_name : null +} + ####################################################################################################################### # Observability Instance ####################################################################################################################### @@ -210,7 +217,7 @@ module "cos_instance" { count = (var.existing_cos_instance_crn == null) ? 1 : 0 # no need to call COS module if consumer is using existing COS instance source = "terraform-ibm-modules/cos/ibm//modules/fscloud" version = "7.5.3" - resource_group_id = module.resource_group.resource_group_id + resource_group_id = try(module.audit_resource_group.resource_group_id, module.resource_group.resource_group_id) create_cos_instance = true create_resource_key = false cos_instance_name = var.prefix != null ? "${var.prefix}-${var.cos_instance_name}" : var.cos_instance_name diff --git a/solutions/instances/variables.tf b/solutions/instances/variables.tf index 29835303..e3a53e7a 100644 --- a/solutions/instances/variables.tf +++ b/solutions/instances/variables.tf @@ -14,11 +14,23 @@ variable "use_existing_resource_group" { default = false } +variable "use_existing_audit_resource_group" { + type = bool + description = "Whether to use an existing resource group." + default = false +} + variable "resource_group_name" { type = string description = "The name of a new or an existing resource group in which to provision resources to. If prefix input variable is passed then it will get prefixed infront of the value in the format of '-value'" } +variable "audit_resource_group_name" { + type = string + description = "(Optional) The name of a new or an existing resource group in which to provision audit resources to. If prefix input variable is passed then it will get prefixed infront of the value in the format of '-value'. If no value is provided, the value for `observability_resource_group_name` is used." + default = null +} + variable "region" { description = "Region where observability resources will be created" type = string diff --git a/tests/pr_test.go b/tests/pr_test.go index a643699c..cad9005c 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -79,6 +79,7 @@ func TestInstancesInSchematics(t *testing.T) { options.TerraformVars = []testschematic.TestSchematicTerraformVar{ {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, {Name: "resource_group_name", Value: options.Prefix, DataType: "string"}, + {Name: "audit_resource_group_name", Value: fmt.Sprintf("%s-%s", options.Prefix, "audit"), DataType: "string"}, {Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"}, {Name: "cos_region", Value: region, DataType: "string"}, {Name: "cos_instance_tags", Value: options.Tags, DataType: "list(string)"}, @@ -109,6 +110,7 @@ func TestRunUpgradeSolutionInstances(t *testing.T) { options.TerraformVars = map[string]interface{}{ "resource_group_name": options.Prefix, + "audit_resource_group_name": fmt.Sprintf("%s-%s", options.Prefix, "audit"), "cos_instance_access_tags": permanentResources["accessTags"], "existing_kms_instance_crn": permanentResources["hpcs_south_crn"], "kms_endpoint_type": "public", From 565050b44ee4bd706bda99517364808d23b1d73e Mon Sep 17 00:00:00 2001 From: "Matthew.Lemmond@ibm.com" Date: Tue, 14 May 2024 17:34:41 -0400 Subject: [PATCH 2/7] refactor: add flag on audit rg --- solutions/instances/main.tf | 1 + solutions/instances/variables.tf | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/solutions/instances/main.tf b/solutions/instances/main.tf index e1be698b..52cc830e 100644 --- a/solutions/instances/main.tf +++ b/solutions/instances/main.tf @@ -85,6 +85,7 @@ module "resource_group" { } module "audit_resource_group" { + count = var.enable_audit_resource_group ? 1 : 0 source = "terraform-ibm-modules/resource-group/ibm" version = "1.1.5" resource_group_name = var.use_existing_audit_resource_group == false ? (var.prefix != null ? "${var.prefix}-${var.audit_resource_group_name}" : var.audit_resource_group_name) : null diff --git a/solutions/instances/variables.tf b/solutions/instances/variables.tf index e3a53e7a..7ae31f47 100644 --- a/solutions/instances/variables.tf +++ b/solutions/instances/variables.tf @@ -8,6 +8,12 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "enable_audit_resource_group" { + type = bool + description = "Whether to use a separate resource group for audit resources." + default = false +} + variable "use_existing_resource_group" { type = bool description = "Whether to use an existing resource group." From fdf86a42b20080252266cb48c1f95090f721b89d Mon Sep 17 00:00:00 2001 From: Terraform IBM Modules Operations <106112202+terraform-ibm-modules-ops@users.noreply.github.com> Date: Sat, 18 May 2024 12:10:55 +0100 Subject: [PATCH 3/7] chore(deps): update terraform github.com/terraform-ibm-modules/terraform-ibm-landing-zone to v5.22.0 (#80) --- tests/resources/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/resources/main.tf b/tests/resources/main.tf index 035dcc9a..2c3b86d5 100644 --- a/tests/resources/main.tf +++ b/tests/resources/main.tf @@ -3,7 +3,7 @@ ############################################################################## module "landing_zone" { - source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone//patterns//roks//module?ref=v5.21.1" + source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone//patterns//roks//module?ref=v5.22.0" region = var.region prefix = var.prefix tags = var.resource_tags From 9099b652547d8b99594d440f677729065e9a03ce Mon Sep 17 00:00:00 2001 From: Terraform IBM Modules Operations <106112202+terraform-ibm-modules-ops@users.noreply.github.com> Date: Sat, 18 May 2024 20:09:03 +0100 Subject: [PATCH 4/7] fix(deps): update terraform terraform-ibm-modules/observability-agents/ibm to v1.24.3 (#81) --- solutions/agents/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/agents/main.tf b/solutions/agents/main.tf index 3a87bf24..79058800 100644 --- a/solutions/agents/main.tf +++ b/solutions/agents/main.tf @@ -11,7 +11,7 @@ data "ibm_container_cluster_config" "cluster_config" { module "observability_agents" { source = "terraform-ibm-modules/observability-agents/ibm" - version = "1.24.2" + version = "1.24.3" cluster_id = var.cluster_id cluster_resource_group_id = var.cluster_resource_group_id cluster_config_endpoint_type = var.cluster_config_endpoint_type From 3d4fb96a99bc2bc8ccd199f5edf3c94c7891ca7a Mon Sep 17 00:00:00 2001 From: Terraform IBM Modules Operations <106112202+terraform-ibm-modules-ops@users.noreply.github.com> Date: Sun, 19 May 2024 00:07:10 +0100 Subject: [PATCH 5/7] chore(deps): update ci dependencies (#76) --- common-dev-assets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-dev-assets b/common-dev-assets index 2015ae99..d6af6b18 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 2015ae9933bef5947865c5251e49009bfd06e66c +Subproject commit d6af6b18b38ca0ec7d039fe8c295d475f3574351 From bae6320fd344a2f124f4ef03eb56da288e9f4fa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Conall=20=C3=93=20Cofaigh?= Date: Mon, 20 May 2024 14:53:14 +0100 Subject: [PATCH 6/7] Update .catalog-onboard-pipeline.yaml (#84) --- .catalog-onboard-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index b3c678fd..e6903e16 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -7,7 +7,7 @@ offerings: offering_id: a3137d28-79e0-479d-8a24-758ebd5a0eab variations: - name: instances - mark_ready: true + mark_ready: false install_type: fullstack scc: instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37 From e6e926d617350fba2660c7abbd8c141fd6b56b6b Mon Sep 17 00:00:00 2001 From: "Matthew.Lemmond@ibm.com" Date: Mon, 20 May 2024 11:51:06 -0400 Subject: [PATCH 7/7] refactor: skipping upgrade test SKIP UPGRADE TEST due to the new variable being passed into the test the upgrade fails, variable is optional