From a612302676a2a99996b7d54744e4b8f713c26e03 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Fri, 2 Aug 2024 13:28:55 +0100 Subject: [PATCH 1/8] feat: existing scc instance for DA --- ibm_catalog.json | 7 +++++++ stack_definition.json | 21 ++++++++++++++++----- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index f5493c0..1e5182f 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -247,6 +247,13 @@ "description": "The name of an existing resource group that is used by this solution. Prefix is NOT used for existing resource group. All resources created by this solution are deployed in this resource group. ", "required": false }, + { + "key": "existing_scc_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing Security and Compliance Center instance. If not supplied, a new instance will be created.", + "required": false + }, { "key": "watsonx_admin_api_key", "type": "password", diff --git a/stack_definition.json b/stack_definition.json index 74d185a..fc6a253 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -68,6 +68,13 @@ "hidden": false, "default": null }, + { + "name": "existing_scc_instance_crn", + "required": false, + "type": "string", + "hidden": false, + "default": null + }, { "name": "enable_platform_logs_metrics", "required": false, @@ -225,7 +232,7 @@ }, { "name": "2c - Security Service - Security Compliance Center", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.f91391b9-72c3-48c2-b40d-fb27cfc7d00c-global", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.1ac9df0e-d3d5-4ed8-abfc-043578670dbb-global", "inputs": [ { "name": "ibmcloud_api_key", @@ -239,6 +246,14 @@ "name": "scc_region", "value": "ref:../../inputs/region" }, + { + "name": "existing_scc_instance_crn", + "value": "ref:../../inputs/existing_scc_instance_crn" + }, + { + "name": "provision_scc_workload_protection", + "value": false + }, { "name": "resource_group_name", "value": "ref:../1 - Account Infrastructure Base/outputs/audit_resource_group_name" @@ -250,10 +265,6 @@ { "name": "use_existing_resource_group", "value": true - }, - { - "name": "provision_scc_workload_protection", - "value": false } ] }, From 1ff3a7dc1acc243ae065125ecbff60434d300d03 Mon Sep 17 00:00:00 2001 From: Jordan Date: Wed, 7 Aug 2024 13:28:20 +0100 Subject: [PATCH 2/8] Update stack_definition.json --- stack_definition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack_definition.json b/stack_definition.json index 94922c7..2a8d8e7 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -685,4 +685,4 @@ "value": "ref:./members/6 - Sample RAG app configuration/outputs/watson_discovery_project_id" } ] -} \ No newline at end of file +} From 9d9c91220f83261dddf8130aa5926bd20ec374fc Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Mon, 12 Aug 2024 15:53:37 +0100 Subject: [PATCH 3/8] feat: update profile version --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 9686d20..28a47b3 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -63,7 +63,7 @@ "authority": "scc-v3", "profiles": [ { - "profile_name": "AI ICT Guardrails", + "profile_name": "AI Security Guardrails 2.0", "profile_version": "1.0.0" } ] From 48b86954ef4356783a472db111ad23fc14eb983f Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Mon, 12 Aug 2024 21:16:59 +0100 Subject: [PATCH 4/8] feat: add existing scc instance config --- tests/pr_test.go | 1 + tests/resources/main.tf | 35 +++++++++++++++++++++++++++++++++++ tests/resources/outputs.tf | 5 +++++ 3 files changed, 41 insertions(+) diff --git a/tests/pr_test.go b/tests/pr_test.go index d003989..9fb4bc1 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -126,6 +126,7 @@ func TestProjectsExistingResourcesTest(t *testing.T) { "signing_key": privateKey, "existing_kms_instance_crn": permanentResources["hpcs_south_crn"], "existing_en_instance_crn": terraform.Output(t, existingTerraformOptions, "event_notification_instance_crn"), + "existing_scc_instance_crn": terraform.Output(t, existingTerraformOptions, "existing_scc_instance_crn"), "en_email_list": []string{"GoldenEye.Operations@ibm.com"}, } diff --git a/tests/resources/main.tf b/tests/resources/main.tf index 2a06c7f..d6914dd 100644 --- a/tests/resources/main.tf +++ b/tests/resources/main.tf @@ -38,3 +38,38 @@ module "secrets_manager" { sm_service_plan = "trial" sm_tags = var.resource_tags } + +############################################################################# +# Provision cloud object storage and bucket +############################################################################# + +module "cos" { + source = "terraform-ibm-modules/cos/ibm" + version = "8.10.1" + resource_group_id = module.resource_group.resource_group_id + region = var.region + cross_region_location = null + cos_instance_name = "${var.prefix}-vpc-logs-cos" + cos_tags = var.resource_tags + bucket_name = "${var.prefix}-vpc-logs-cos-bucket" + kms_encryption_enabled = false + retention_enabled = false +} + +############################################################################## +# SCC +############################################################################## + +module "create_scc_instance" { + source = "terraform-ibm-modules/scc/ibm" + version = "1.7.2" + instance_name = "${var.prefix}-scc-instance" + region = var.region + resource_group_id = module.resource_group.resource_group_id + resource_tags = var.resource_tags + access_tags = [] + cos_bucket = module.cos.bucket_name + cos_instance_crn = module.cos.cos_instance_id + attach_wp_to_scc_instance = false + skip_cos_iam_authorization_policy = false +} diff --git a/tests/resources/outputs.tf b/tests/resources/outputs.tf index 567941d..e1b517f 100644 --- a/tests/resources/outputs.tf +++ b/tests/resources/outputs.tf @@ -27,3 +27,8 @@ output "secrets_manager_instance_crn" { value = module.secrets_manager.secrets_manager_crn description = "CRN of created secret manager instance" } + +output "existing_scc_instance_crn" { + value = module.scc_instance.crn + description = "CRN of created scc instance" +} From fd989b84b6ed99d6eaaa65c75e96ec8a61f39a2f Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Tue, 20 Aug 2024 21:55:06 +0100 Subject: [PATCH 5/8] fix: pre-commit hooks --- tests/resources/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/resources/outputs.tf b/tests/resources/outputs.tf index 4257402..86ff107 100644 --- a/tests/resources/outputs.tf +++ b/tests/resources/outputs.tf @@ -32,7 +32,7 @@ output "existing_scc_instance_crn" { value = module.scc_instance.crn description = "CRN of created scc instance" } - + output "kms_instance_crn" { value = module.key_protect_all_inclusive.key_protect_crn description = "CRN of created kms instance" From 0a26a4dbea3216f3ed9dc2d9bee1188494219bb7 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Mon, 26 Aug 2024 11:39:50 +0100 Subject: [PATCH 6/8] fix: merge issues --- solutions/basic/stack_definition.json | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/solutions/basic/stack_definition.json b/solutions/basic/stack_definition.json index c9039e8..61d11ef 100644 --- a/solutions/basic/stack_definition.json +++ b/solutions/basic/stack_definition.json @@ -382,6 +382,10 @@ "name": "scc_region", "value": "ref:../../inputs/region" }, + { + "name": "existing_scc_instance_crn", + "value": "ref:../../inputs/existing_scc_instance_crn" + }, { "name": "resource_group_name", "value": "ref:../Account Infrastructure Base/outputs/audit_resource_group_name" @@ -510,18 +514,6 @@ "name": "existing_discovery_instance", "value": "ref:../../inputs/existing_discovery_instance" }, - { - "name": "existing_scc_instance_crn", - "value": "ref:../../inputs/existing_scc_instance_crn" - }, - { - "name": "provision_scc_workload_protection", - "value": false - }, - { - "name": "resource_group_name", - "value": "ref:../1 - Account Infrastructure Base/outputs/audit_resource_group_name" - }, { "name": "watsonx_assistant_plan", "value": "plus" @@ -534,10 +526,6 @@ "name": "watsonx_governance_plan", "value": "do not install" }, - { - "name": "existing_en_crn", - "value": "ref:../4 - Event Notifications/outputs/crn" - }, { "name": "existing_governance_instance", "value": "ref:../../inputs/existing_governance_instance" From 3d4630e75fe65eac97d7be5d1d5b694f7c144a6a Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Fri, 30 Aug 2024 13:27:14 +0100 Subject: [PATCH 7/8] fix: change profile --- solutions/basic/stack_definition.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/solutions/basic/stack_definition.json b/solutions/basic/stack_definition.json index 61d11ef..93d7e7d 100644 --- a/solutions/basic/stack_definition.json +++ b/solutions/basic/stack_definition.json @@ -382,6 +382,10 @@ "name": "scc_region", "value": "ref:../../inputs/region" }, + { + "name": "profile_attachments", + "value": "AI Security Guardrails 2.0" + }, { "name": "existing_scc_instance_crn", "value": "ref:../../inputs/existing_scc_instance_crn" From ff95ff55596bf80114d545a4c755709be8d1f3da Mon Sep 17 00:00:00 2001 From: Jordan Date: Fri, 30 Aug 2024 13:53:23 +0100 Subject: [PATCH 8/8] Update stack_definition.json --- solutions/basic/stack_definition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/basic/stack_definition.json b/solutions/basic/stack_definition.json index 93d7e7d..edc8561 100644 --- a/solutions/basic/stack_definition.json +++ b/solutions/basic/stack_definition.json @@ -384,7 +384,7 @@ }, { "name": "profile_attachments", - "value": "AI Security Guardrails 2.0" + "value": ["AI Security Guardrails 2.0"] }, { "name": "existing_scc_instance_crn",