feat: enable the DA with add-ons config (#66)

Author: vbontempi

.gitignore

@@ -51,6 +51,7 @@ terraform.rc
 
 # Visual Studio Code
 .vscode/
+*.code-workspace
 
 ### Go ###
 # Binaries for programs and plugins

cra-config.yaml

@@ -5,7 +5,7 @@ CRA_TARGETS:
     CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
     PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3"         # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile).
     CRA_ENVIRONMENT_VARIABLES:  # An optional map of environment variables for CRA, where the key is the variable name and value is the value. Useful for providing TF_VARs.
-      TF_VAR_prefix: "prefix"
+      TF_VAR_prefix: "cra"
       TF_VAR_db2_instance_name: "db2-da"
       TF_VAR_existing_resource_group_name: "geretain-test-resources"
       TF_VAR_provider_visibility: "public"

ibm_catalog.json

@@ -9,7 +9,8 @@
         "integration",
         "target_terraform",
         "terraform",
-        "solution"
+        "solution",
+        "application_modernization"
       ],
       "keywords": [
         "DB2",
@@ -20,14 +21,14 @@
         "solution"
       ],
       "short_description": "Creates and configures IBM Cloud DB2 on Cloud resources",
-      "long_description": "This architecture supports creating and configuring an IBM DB2 on Cloud service instance.",
+      "long_description": "IBM Cloud DB2 on Cloud is an end-to-end solution to creating and configuring an IBM DB2 on Cloud service instance.<br/>This architecture supports deploying an instance of DB2 on Cloud on cloud together with optional observability cloud services.<br/>br/>ℹ️ This Terraform-based automation is part of a broader suite of IBM-maintained Infrastructure as Code (IaC) assets, each following the naming pattern \"Cloud automation for *servicename*\" and focusing on single IBM Cloud service. These single-service deployable architectures can be used on their own to streamline and automate service deployments through an [IaC approach](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understanding-projects), or assembled together into a broader [automated IaC stack](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-config-stack) to automate the deployment of an end-to-end solution architecture.",
       "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-db2-cloud/blob/main/solutions/fully-configurable/README.md",
       "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-db2-cloud/main/images/DB2.svg",
       "provider_name": "IBM",
       "features": [
         {
           "title": "Creates a DB2 on Cloud instance.",
-          "description": "Creates and configures an DB2 on Cloud instance."
+          "description": "Creates and configures a DB2 on Cloud instance."
         }
       ],
       "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in that repository [https://github.com/terraform-ibm-modules/terraform-ibm-db2-cloud/issues](https://github.com/terraform-ibm-modules/terraform-ibm-db2-cloud/issues). Please note this product is not supported via the IBM Cloud Support Center.",
@@ -46,13 +47,93 @@
               "service_name": "dashdb-for-transactions"
             }
           ],
+          "architecture": {
+            "features": [
+              {
+                "title": " ",
+                "description": "Configured to use IBM secure by default standards, but can be edited to fit your use case."
+              }
+            ],
+            "diagrams": [
+              {
+                "diagram": {
+                  "caption": "IBM DB2 on Cloud",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-db2-cloud/main/reference-architectures/deployable-architecture-db2cloud.svg",
+                  "type": "image/svg+xml"
+                },
+                "description": "This architecture supports creating and configuring DB2 on Cloud resources"
+              }
+            ]
+          },
+          "dependencies": [
+            {
+              "name": "deploy-arch-ibm-observability",
+              "description": "Configure IBM Cloud Logs, Cloud Monitoring and Activity Tracker event routing for analysing logs and metrics generated by the DB2 on Cloud instance.",
+              "flavors": [
+                "instances"
+              ],
+              "id": "a3137d28-79e0-479d-8a24-758ebd5a0eab-global",
+              "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
+              "input_mapping": [
+                {
+                  "dependency_input": "prefix",
+                  "version_input": "prefix",
+                  "reference_version": true
+                },
+                {
+                  "dependency_input": "enable_platform_metrics",
+                  "version_input": "enable_platform_metrics",
+                  "reference_version": true
+                },
+                {
+                  "dependency_input": "logs_routing_tenant_regions",
+                  "version_input": "logs_routing_tenant_regions",
+                  "reference_version": true
+                },
+                {
+                  "dependency_input": "region",
+                  "version_input": "region",
+                  "reference_version": true
+                }
+              ],
+              "optional": true,
+              "on_by_default": true,
+              "version": "v3.0.3"
+            },
+            {
+              "name": "deploy-arch-ibm-account-infra-base",
+              "description": "Cloud automation for account configuration organizes your IBM Cloud account with a ready-made set of resource groups by default. When you enable the “with account settings” option, it also applies baseline security and governance settings.",
+              "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
+              "flavors": [
+                "resource-group-only",
+                "resource-groups-with-account-settings"
+              ],
+              "default_flavor": "resource-group-only",
+              "id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global",
+              "input_mapping": [
+                {
+                  "dependency_input": "prefix",
+                  "version_input": "prefix",
+                  "reference_version": true
+                },
+                {
+                  "dependency_output": "workload_resource_group_name",
+                  "version_input": "existing_resource_group_name"
+                }
+              ],
+              "optional": true,
+              "on_by_default": false,
+              "version": "v3.0.7"
+            }
+          ],
+          "dependency_version_2": true,
           "configuration": [
             {
-              "key": "ibmcloud_api_key",
-              "required": true
+              "key": "ibmcloud_api_key"
             },
             {
               "key": "provider_visibility",
+              "hidden": true,
               "options": [
                 {
                   "displayname": "private",
@@ -70,7 +151,7 @@
             },
             {
               "key": "existing_resource_group_name",
-              "required": true,
+              "display_name": "resource_group",
               "custom_config": {
                 "type": "resource_group",
                 "grouping": "deployment",
@@ -130,12 +211,38 @@
               "key": "db2_instance_name",
               "required": true
             },
+            {
+              "key": "enable_platform_metrics",
+              "type": "string",
+              "default_value": "true",
+              "description": "When set to `true`, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-platform_metrics_enabling).",
+              "required": true,
+              "virtual": true
+            },
+            {
+              "key": "logs_routing_tenant_regions",
+              "type": "list(string)",
+              "default_value": "[]",
+              "description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in. [Learn more](https://cloud.ibm.com/docs/logs-router?topic=logs-router-about-platform-logs).",
+              "required": true,
+              "virtual": true,
+              "custom_config": {
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "config_constraints": {
+                  "type": "string"
+                }
+              }
+            },
             {
               "key": "subscription_id"
             },
             {
               "key": "subscription_id_secret_crn"
             },
+            {
+              "key": "secrets_manager_ibmcloud_api_key"
+            },
             {
               "key": "node_type",
               "options": [
@@ -198,34 +305,19 @@
               "key": "enable_high_availability"
             },
             {
-              "key": "enable_oracle_compatibility"
+              "key": "resource_tags",
+              "custom_config": {
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "config_constraints": {
+                  "type": "string"
+                }
+              }
             },
             {
-              "key": "resource_tags"
+              "key": "enable_oracle_compatibility"
             }
-          ],
-          "architecture": {
-            "features": [
-              {
-                "title": "Creates an DB2 on Cloud instance.",
-                "description": "Creates and configures an DB2 on Cloud instance."
-              },
-              {
-                "title": "Creates a queue manager",
-                "description": "Creates a queue manager"
-              }
-            ],
-            "diagrams": [
-              {
-                "diagram": {
-                  "caption": "IBM DB2 on Cloud",
-                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-db2-cloud/main/reference-architectures/deployable-architecture-db2cloud.svg",
-                  "type": "image/svg+xml"
-                },
-                "description": "This architecture supports creating and configuring DB on Cloud resources"
-              }
-            ]
-          }
+          ]
         }
       ]
     }

reference-architectures/deployable-architecture-db2cloud.svg

@@ -1,61 +1,3 @@
-# Fully Configurable Solution
-
-## Prerequisites
-- An existing resource group
-
-This solution supports provisioning and configuring the following infrastructure:
-- A new DB2 instance on IBM Cloud.
+# Cloud automation for DB2 on Cloud (Fully configurable)
 
 :exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).
-
-![db2-deployable-architecture](../../reference-architectures/deployable-architecture-db2cloud.svg)
-
-<!-- Below content is automatically populated via pre-commit hook -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-### Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.78.3 |
-
-### Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_crn_parser_subid"></a> [crn\_parser\_subid](#module\_crn\_parser\_subid) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.1.0 |
-| <a name="module_db2_instance"></a> [db2\_instance](#module\_db2\_instance) | ../.. | n/a |
-| <a name="module_resource_group"></a> [resource\_group](#module\_resource\_group) | terraform-ibm-modules/resource-group/ibm | 1.2.0 |
-
-### Resources
-
-| Name | Type |
-|------|------|
-| [ibm_sm_arbitrary_secret.sm_subscription_id](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.78.3/docs/data-sources/sm_arbitrary_secret) | data source |
-
-### Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_db2_instance_name"></a> [db2\_instance\_name](#input\_db2\_instance\_name) | The name of the DB2 instance | `string` | n/a | yes |
-| <a name="input_enable_high_availability"></a> [enable\_high\_availability](#input\_enable\_high\_availability) | Whether to enable high availability on the DB2 instance | `bool` | `true` | no |
-| <a name="input_enable_oracle_compatibility"></a> [enable\_oracle\_compatibility](#input\_enable\_oracle\_compatibility) | Whether to enable Oracle compatibility on the DB2 instance | `bool` | `false` | no |
-| <a name="input_existing_resource_group_name"></a> [existing\_resource\_group\_name](#input\_existing\_resource\_group\_name) | The name of an existing resource group in which to provision DB2 resources to. | `string` | `"Default"` | no |
-| <a name="input_ibmcloud_api_key"></a> [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | The IBM Cloud API Key | `string` | n/a | yes |
-| <a name="input_node_type"></a> [node\_type](#input\_node\_type) | The node type of the DB2 instance, valid values are `bx2.1x4`, `bx2.4x16`, `bx2.8x32`, `bx2.16x64`, `bx2.32x128`, `bx2.48x192`, `mx2.4x32`, `mx2.16x128`, `mx2.128x1024` | `string` | `"bx2.4x16"` | no |
-| <a name="input_prefix"></a> [prefix](#input\_prefix) | The prefix to add to all resources that this solution creates. To not use any prefix value, you can set this value to `null` or an empty string. | `string` | n/a | yes |
-| <a name="input_provider_visibility"></a> [provider\_visibility](#input\_provider\_visibility) | Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints). | `string` | `"private"` | no |
-| <a name="input_region"></a> [region](#input\_region) | Region to provision all resources created by this example | `string` | `"us-east"` | no |
-| <a name="input_resource_tags"></a> [resource\_tags](#input\_resource\_tags) | Optional list of tags to be added to created resources | `list(string)` | `[]` | no |
-| <a name="input_service_endpoints"></a> [service\_endpoints](#input\_service\_endpoints) | Service endpoints for the DB2 instance, valid values are `public`, `private`, or `public-and-private` | `string` | `"private"` | no |
-| <a name="input_subscription_id"></a> [subscription\_id](#input\_subscription\_id) | Value of the subscription ID to use with the subscription plan of DB2 | `string` | `null` | no |
-| <a name="input_subscription_id_secret_crn"></a> [subscription\_id\_secret\_crn](#input\_subscription\_id\_secret\_crn) | CRN of the secret which contains the subscription ID to use the subscription plan of DB2 | `string` | `null` | no |
-
-### Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_crn"></a> [crn](#output\_crn) | CRN of the DB2 instance |
-| <a name="output_dashboard_url"></a> [dashboard\_url](#output\_dashboard\_url) | Dashboard URL of the DB2 instance |
-| <a name="output_name"></a> [name](#output\_name) | Name of the DB2 instance |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

solutions/fully-configurable/README.md

@@ -24,9 +24,10 @@ data "ibm_sm_arbitrary_secret" "sm_subscription_id" {
 }
 
 locals {
-  sm_region       = var.subscription_id_secret_crn != null ? module.crn_parser_subid[0].region : ""
-  subscription_id = var.subscription_id_secret_crn != null ? data.ibm_sm_arbitrary_secret.sm_subscription_id[0].payload : (var.subscription_id != null ? var.subscription_id : null)
-  prefix          = var.prefix != null ? (var.prefix != "" ? var.prefix : null) : null
+  sm_region           = var.subscription_id_secret_crn != null ? module.crn_parser_subid[0].region : ""
+  sm_ibmcloud_api_key = var.secrets_manager_ibmcloud_api_key == null ? var.ibmcloud_api_key : var.secrets_manager_ibmcloud_api_key
+  subscription_id     = var.subscription_id_secret_crn != null ? data.ibm_sm_arbitrary_secret.sm_subscription_id[0].payload : (var.subscription_id != null ? var.subscription_id : null)
+  prefix              = var.prefix != null ? trimspace(var.prefix) != "" ? "${var.prefix}-" : "" : ""
 }
 
 ########################################################################################################################
@@ -36,7 +37,7 @@ locals {
 module "db2_instance" {
   source                      = "../.."
   region                      = var.region
-  db2_instance_name           = try("${local.prefix}-${var.db2_instance_name}", var.db2_instance_name)
+  db2_instance_name           = "${local.prefix}${var.db2_instance_name}"
   subscription_id             = local.subscription_id
   resource_group_id           = module.resource_group.resource_group_id
   service_endpoints           = var.service_endpoints

solutions/fully-configurable/main.tf

@@ -16,3 +16,8 @@ output "name" {
   description = "Name of the DB2 instance"
   value       = module.db2_instance.name
 }
+
+output "resource_group_name" {
+  description = "Resource group name where DB2 instance is created"
+  value       = module.resource_group.resource_group_name
+}

solutions/fully-configurable/outputs.tf

@@ -3,14 +3,16 @@
 ########################################################################################################################
 
 provider "ibm" {
-  ibmcloud_api_key = var.ibmcloud_api_key
-  visibility       = var.provider_visibility
-  region           = var.region
+  ibmcloud_api_key      = var.ibmcloud_api_key
+  visibility            = var.provider_visibility
+  region                = var.region
+  private_endpoint_type = (var.provider_visibility == "private" && var.region == "ca-mon") ? "vpe" : null
 }
 
 provider "ibm" {
-  alias            = "ibm-sm"
-  ibmcloud_api_key = var.ibmcloud_api_key
-  visibility       = var.provider_visibility
-  region           = local.sm_region
+  ibmcloud_api_key      = local.sm_ibmcloud_api_key
+  visibility            = var.provider_visibility
+  region                = local.sm_region
+  alias                 = "ibm-sm"
+  private_endpoint_type = (var.provider_visibility == "private" && local.sm_region == "ca-mon") ? "vpe" : null
 }