Skip to content
This repository has been archived by the owner on Dec 17, 2024. It is now read-only.

feat: existing scc instance for DA #8

Closed
wants to merge 13 commits into from
+63 −1
Closed

feat: existing scc instance for DA #8

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
a612302
feat: existing scc instance for DA
Aug 2, 2024
f6df4f4
Merge branch 'main' into existing-scc
jor2 Aug 7, 2024
1ff3a7d
Update stack_definition.json
jor2 Aug 7, 2024
8fd25b0
Merge branch 'main' into existing-scc
jor2 Aug 12, 2024
9d9c912
feat: update profile version
Aug 12, 2024
48b8695
feat: add existing scc instance config
Aug 12, 2024
e3e1160
Merge branch 'main' into existing-scc
jor2 Aug 19, 2024
b389f79
Merge branch 'main' of github.com:terraform-ibm-modules/dev-rag into …
Aug 20, 2024
fd989b8
fix: pre-commit hooks
Aug 20, 2024
17ec38e
Merge branch 'main' into existing-scc
jor2 Aug 26, 2024
0a26a4d
fix: merge issues
Aug 26, 2024
3d4630e
fix: change profile
Aug 30, 2024
ff95ff5
Update stack_definition.json
jor2 Aug 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@
"authority": "scc-v3",
"profiles": [
{
"profile_name": "AI ICT Guardrails",
"profile_name": "AI Security Guardrails 2.0",
"profile_version": "1.0.0"
}
]
Expand Down Expand Up @@ -255,6 +255,13 @@
"description": "The name of an existing resource group that is used by this solution. Prefix is NOT used for existing resource group. All resources created by this solution are deployed in this resource group. ",
"required": false
},
{
"key": "existing_scc_instance_crn",
"type": "string",
"default_value": "__NULL__",
"description": "The CRN of an existing Security and Compliance Center instance. If not supplied, a new instance will be created.",
"required": false
},
{
"key": "watsonx_admin_api_key",
"type": "password",
Expand Down
11 changes: 11 additions & 0 deletions solutions/basic/stack_definition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,13 @@
"hidden": false,
"default": null
},
{
"name": "existing_scc_instance_crn",
"required": false,
"type": "string",
"hidden": false,
"default": null
},
{
"name": "enable_platform_logs_metrics",
"required": false,
Expand Down Expand Up @@ -375,6 +382,10 @@
"name": "scc_region",
"value": "ref:../../inputs/region"
},
{
"name": "existing_scc_instance_crn",
"value": "ref:../../inputs/existing_scc_instance_crn"
},
{
"name": "resource_group_name",
"value": "ref:../Account Infrastructure Base/outputs/audit_resource_group_name"
Expand Down
1 change: 1 addition & 0 deletions tests/pr_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ func TestProjectsBasicExistingResourcesTest(t *testing.T) {
"signing_key": privateKey,
"existing_kms_instance_crn": terraform.Output(t, existingTerraformOptions, "kms_instance_crn"),
"existing_en_instance_crn": terraform.Output(t, existingTerraformOptions, "event_notification_instance_crn"),
"existing_scc_instance_crn": terraform.Output(t, existingTerraformOptions, "existing_scc_instance_crn"),
"en_email_list": []string{"GoldenEye.Operations@ibm.com"},
}

Expand Down
34 changes: 34 additions & 0 deletions tests/resources/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,40 @@ module "secrets_manager" {
sm_tags = var.resource_tags
}

#############################################################################
# Provision cloud object storage and bucket
#############################################################################

module "cos" {
source = "terraform-ibm-modules/cos/ibm"
version = "8.10.1"
resource_group_id = module.resource_group.resource_group_id
region = var.region
cross_region_location = null
cos_instance_name = "${var.prefix}-vpc-logs-cos"
cos_tags = var.resource_tags
bucket_name = "${var.prefix}-vpc-logs-cos-bucket"
kms_encryption_enabled = false
retention_enabled = false
}

##############################################################################
# SCC
##############################################################################

module "create_scc_instance" {
source = "terraform-ibm-modules/scc/ibm"
version = "1.7.2"
instance_name = "${var.prefix}-scc-instance"
region = var.region
resource_group_id = module.resource_group.resource_group_id
resource_tags = var.resource_tags
access_tags = []
cos_bucket = module.cos.bucket_name
cos_instance_crn = module.cos.cos_instance_id
attach_wp_to_scc_instance = false
skip_cos_iam_authorization_policy = false

##############################################################################
# Key Protect All Inclusive
##############################################################################
Expand Down
5 changes: 5 additions & 0 deletions tests/resources/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ output "secrets_manager_instance_crn" {
description = "CRN of created secret manager instance"
}

output "existing_scc_instance_crn" {
value = module.scc_instance.crn
description = "CRN of created scc instance"
}

output "kms_instance_crn" {
value = module.key_protect_all_inclusive.key_protect_crn
description = "CRN of created kms instance"
Expand Down