generated from terraform-ibm-modules/terraform-ibm-module-template
-
Notifications
You must be signed in to change notification settings - Fork 1
feat: fully configurable app config da #212
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
mukulpalit-ibm
wants to merge
12
commits into
main
Choose a base branch
from
13296-fully-configurable-da
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
12 commits
Select commit
Hold shift + click to select a range
9e50017
feat: #13296 Fully Configurable DA
mukulpalit-ibm 0ffb7b1
SKIP UPGRADE TEST
mukulpalit-ibm 9eca92f
Update catalog.json and SKIP UPGRADE TEST
mukulpalit-ibm a85734e
Update variables.tf and SKIP UPGRADE TEST
mukulpalit-ibm 0d1cf8e
Update readme
mukulpalit-ibm 037ac17
PR changes
mukulpalit-ibm c96421d
Update App config Icon
mukulpalit-ibm 03f1198
update offering name
mukulpalit-ibm 41996c4
testing tile
mukulpalit-ibm e2bfaee
Restore Image URL
mukulpalit-ibm b953419
PR changes
mukulpalit-ibm 4b971d6
update architecture features
mukulpalit-ibm File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| --- | ||
| apiVersion: v1 | ||
| offerings: | ||
| - name: deploy-arch-ibm-apprapp | ||
| kind: solution | ||
| catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd | ||
| offering_id: 045c1169-d15a-4046-ae81-aa3d3348421f | ||
| variations: | ||
| - name: fully-configurable | ||
| mark_ready: true | ||
| install_type: fullstack | ||
| scc: | ||
| instance_id: | ||
| region: us-south | ||
| scope_resource_group_var_name: existing_resource_group_name | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,219 @@ | ||
| { | ||
| "products": [ | ||
| { | ||
| "name": "deploy-arch-ibm-apprapp", | ||
| "label": "Cloud automation for App Configuration", | ||
| "product_kind": "solution", | ||
| "tags": [ | ||
| "devops", | ||
| "integration", | ||
| "ibm_created", | ||
| "terraform", | ||
| "solution", | ||
| "support_ibm" | ||
| ], | ||
| "keywords": [ | ||
| "terraform", | ||
| "appconfig", | ||
| "app configuration", | ||
| "solution", | ||
| "IaC", | ||
| "infrastructure as code" | ||
| ], | ||
| "short_description": "Creates and configures an App configuration service on IBM Cloud", | ||
| "long_description": "This deployable architecture automates the provisioning of IBM Cloud App Configuration along with initial collection to help you manage feature flags and dynamic properties at scale. It simplifies onboarding by preconfiguring key resources and provides support for defining context-based restrictions (CBR) to enhance security and control access based on network policies. Ideal for teams adopting feature flagging, experimentation, or remote configuration strategies in cloud-native applications, this solution accelerates setup while following IBM Cloud best practices. Refer [this](https://cloud.ibm.com/docs/app-configuration) for more information.", | ||
| "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/blob/main/README.md", | ||
| "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-app-configuration/main/images/app_config-icon.png", | ||
| "provider_name": "IBM", | ||
| "features": [ | ||
| { | ||
| "title": "Provision Collection", | ||
| "description": "Supports creation of collection to help manage feature flags and dynamic properties at scale." | ||
| }, | ||
| { | ||
| "title": "CBR Enhanced Security", | ||
| "description": "Provides support for defining context-based restrictions (CBR) to enhance security and control access based on network policies." | ||
| } | ||
| ], | ||
| "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in that repository [https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/issues](https://github.com/terraform-ibm-modules/terraform-ibm-app-configuration/issues). Please note this product is not supported via the IBM Cloud Support Center.", | ||
| "flavors": [ | ||
| { | ||
| "label": "Fully configurable", | ||
| "name": "fully-configurable", | ||
| "install_type": "fullstack", | ||
| "working_directory": "solutions/fully-configurable", | ||
| "compliance": { | ||
| "authority": "scc-v3", | ||
| "profiles": [ | ||
| { | ||
| "profile_name": "IBM Cloud Framework for Financial Services", | ||
| "profile_version": "1.7.0" | ||
| } | ||
| ] | ||
| }, | ||
| "configuration": [ | ||
| { | ||
| "key": "ibmcloud_api_key" | ||
| }, | ||
| { | ||
| "key": "prefix", | ||
| "required": true | ||
| }, | ||
| { | ||
| "key": "existing_resource_group_name", | ||
| "required": true, | ||
| "custom_config": { | ||
| "type": "resource_group", | ||
| "grouping": "deployment", | ||
| "original_grouping": "deployment", | ||
| "config_constraints": { | ||
| "identifier": "rg_name" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "key": "region", | ||
| "required": true, | ||
| "options": [ | ||
| { | ||
| "displayname": "Osaka (jp-osa)", | ||
| "value": "jp-osa" | ||
| }, | ||
| { | ||
mukulpalit-ibm marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| "displayname": "Sydney (au-syd)", | ||
| "value": "au-syd" | ||
| }, | ||
| { | ||
| "displayname": "Tokyo (jp-tok)", | ||
| "value": "jp-tok" | ||
| }, | ||
| { | ||
| "displayname": "Frankfurt (eu-de)", | ||
| "value": "eu-de" | ||
| }, | ||
| { | ||
| "displayname": "London (eu-gb)", | ||
| "value": "eu-gb" | ||
| }, | ||
| { | ||
| "displayname": "Madrid (eu-es)", | ||
| "value": "eu-es" | ||
| }, | ||
| { | ||
| "displayname": "Dallas (us-south)", | ||
| "value": "us-south" | ||
| }, | ||
| { | ||
| "displayname": "Toronto (ca-tor)", | ||
| "value": "ca-tor" | ||
| }, | ||
| { | ||
| "displayname": "Washington DC (us-east)", | ||
| "value": "us-east" | ||
| }, | ||
| { | ||
| "displayname": "Sao Paulo (br-sao)", | ||
| "value": "br-sao" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "key": "app_config_name", | ||
| "required": true | ||
| }, | ||
| { | ||
| "key": "app_config_plan", | ||
| "required": true, | ||
| "options": [ | ||
| { | ||
| "displayname": "lite", | ||
| "value": "lite" | ||
| }, | ||
| { | ||
| "displayname": "basic", | ||
| "value": "basic" | ||
| }, | ||
| { | ||
| "displayname": "standard", | ||
| "value": "standardv2" | ||
| }, | ||
| { | ||
| "displayname": "enterprise", | ||
| "value": "enterprise" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "key": "app_config_service_endpoints", | ||
| "required": true, | ||
| "options": [ | ||
| { | ||
| "displayname": "public", | ||
| "value": "public" | ||
| }, | ||
| { | ||
| "displayname": "public-and-private", | ||
| "value": "public-and-private" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "key": "app_config_collections" | ||
| }, | ||
| { | ||
| "key": "app_config_tags" | ||
| }, | ||
| { | ||
| "key": "app_config_cbr_rules" | ||
| }, | ||
| { | ||
| "key": "provider_visibility", | ||
| "hidden": true, | ||
| "options": [ | ||
| { | ||
| "displayname": "private", | ||
| "value": "private" | ||
| }, | ||
| { | ||
| "displayname": "public", | ||
| "value": "public" | ||
| }, | ||
| { | ||
| "displayname": "public-and-private", | ||
| "value": "public-and-private" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "architecture": { | ||
| "descriptions": "This architecture supports creating and configuring an IBM Cloud App Configuration", | ||
| "features": [ | ||
| { | ||
| "title": "App Configuration instance with Collections", | ||
| "description": "Creates App Configuration instance. Collections can be created and configured for the instance" | ||
| }, | ||
| { | ||
| "title": "Use existing resource group", | ||
| "description": "Supports deployment into an existing IBM Cloud resource group." | ||
| }, | ||
| { | ||
| "title": "CBR Enhanced Security", | ||
| "description": "Enforces network-based access control through context-based restrictions (CBR) rules." | ||
| } | ||
| ], | ||
| "diagrams": [ | ||
| { | ||
| "diagram": { | ||
| "caption": "App Configuration", | ||
| "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-app-configuration/main/reference-architecture/app_configuration.svg", | ||
| "type": "image/svg+xml" | ||
| }, | ||
| "description": "**App Configuration on IBM Cloud** <br/> <br/> <b>Description</b> <br/> This architecture automates the setup of IBM Cloud App Configuration. The modular design includes the creation of a collection to streamline the management of feature flags and properties and optionally integrates context-based restrictions (CBR) to improve access control and align with your network security policies." | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| # Configuring context-based restrictions (CBRs) | ||
|
|
||
| The `app_config_cbr_rules` input variable allows you to provide a rule for the target service to enforce access restrictions for the service based on the context of access requests. Contexts are criteria that include the network location of access requests, the endpoint type from where the request is sent, etc. | ||
|
|
||
| - Variable name: `app_config_cbr_rules`. | ||
| - Type: A list of objects. Allows only one object representing a rule for the target service | ||
| - Default value: An empty list (`[]`). | ||
|
|
||
| ### Options for app_config_cbr_rules | ||
|
|
||
| - `description` (required): The description of the rule to create. | ||
| - `account_id` (required): The IBM Cloud Account ID | ||
| - `tag` (optional): (List) The tags related to CBR rules | ||
| - `rule_contexts` (required): (List) The contexts the rule applies to | ||
| - `attributes` (optional): (List) Individual context attributes | ||
| - `name` (required): The attribute name. | ||
| - `value`(required): The attribute value. | ||
|
|
||
| - `enforcement_mode` (required): The rule enforcement mode can have the following values: | ||
| - `enabled` - The restrictions are enforced and reported. This is the default. | ||
| - `disabled` - The restrictions are disabled. Nothing is enforced or reported. | ||
| - `report` - The restrictions are evaluated and reported, but not enforced. | ||
|
|
||
|
|
||
| ### Example Rule For context-based restrictions configuration | ||
|
|
||
| ```hcl | ||
| [ | ||
| { | ||
| description = "Restrict access to App Config from trusted network" | ||
| account_id = "<AccountID>" | ||
| enforcement_mode = "enabled" | ||
| tags = [ | ||
| { | ||
| name = "env" | ||
| value = "dev" | ||
| } | ||
| ] | ||
| rule_contexts = [ | ||
| { | ||
| attributes = [ | ||
| { | ||
| name = "networkZoneId" | ||
| value = "<NetworkZoneID>" | ||
| }, | ||
| { | ||
| "name" : "endpointType", | ||
| "value" : "private" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| ``` |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add this
1c7d5f78-9262-44c3-b779-b28fe4d88c37as instance_id