feat: added new DA for IBM catalog (#233)

Author: MatthewLemmond

.catalog-onboard-pipeline.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+offerings:
+  - name: deploy-arch-ibm-iam-access-group
+    kind: solution
+    catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd
+    offering_id: 5a6c3a87-d9e8-437c-a524-bfdf4d18165a
+    variations:
+      - name: standard
+        mark_ready: false
+        install_type: fullstack
+        scc:
+          instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
+          region: us-south

.releaserc

@@ -10,6 +10,9 @@
     }],
     ["@semantic-release/exec", {
       "successCmd": "echo \"SEMVER_VERSION=${nextRelease.version}\" >> $GITHUB_ENV"
+    }],
+    ["@semantic-release/exec",{
+      "publishCmd": "./ci/trigger-catalog-onboarding-pipeline.sh --version=v${nextRelease.version}"
     }]
   ]
 }

cra-config.yaml

@@ -1,6 +1,9 @@
 # More info about this file at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml
 version: "v1"
 CRA_TARGETS:
-  - CRA_TARGET: "examples/access-management" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
+  - CRA_TARGET: "solutions/standard" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
     CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
     PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3"         # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile).
+    CRA_ENVIRONMENT_VARIABLES:
+      TF_VAR_prefix: "access-management"
+      TF_VAR_provider_visibility: "public"

ibm_catalog.json

@@ -0,0 +1,346 @@
+{
+  "products": [
+    {
+      "name": "deploy-arch-ibm-iam-access-group",
+      "label": "Cloud Automation for Access Management",
+      "product_kind": "solution",
+      "tags": [
+        "ibm_created",
+        "target_terraform",
+        "terraform",
+        "security",
+        "solution"
+      ],
+      "keywords": [
+        "IaC",
+        "infrastructure as code",
+        "terraform",
+        "solution",
+        "account",
+        "iam",
+        "access group"
+      ],
+      "short_description": "Creates and configures IAM access groups",
+      "long_description": "This architecture supports creating a preconfigured set of access groups and adding users, service IDs, and trusted profiles to the access groups.",
+      "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-iam-access-group/blob/main/solutions/standard/README.md",
+      "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/documentation/main/icons/security_icon.svg",
+      "provider_name": "IBM",
+      "features": [
+        {
+          "title": "Configures IAM access groups",
+          "description": "Configures IAM access groups to provide a default set of access policies and assign users to the groups."
+        }
+      ],
+      "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in that repository [https://github.com/terraform-ibm-modules/terraform-ibm-iam-access-group/issues](https://github.com/terraform-ibm-modules/terraform-ibm-iam-access-group/issues). Please note this product is not supported via the IBM Cloud Support Center.",
+      "flavors": [
+        {
+          "label": "Standard",
+          "name": "standard",
+          "install_type": "fullstack",
+          "working_directory": "solutions/standard",
+          "compliance": {
+            "authority": "scc-v3",
+            "profiles": [
+              {
+                "profile_name": "IBM Cloud Framework for Financial Services",
+                "profile_version": "1.7.0"
+              }
+            ]
+          },
+          "iam_permissions": [
+          ],
+          "architecture": {
+            "descriptions": "Configures IAM access groups to provide a default set of access policies and assign users to the groups.",
+            "diagrams": [
+              {
+                "diagram": {
+                  "caption": "Access Management",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-iam-access-group/main/reference-architectures/access-management.svg",
+                  "type": "image/svg+xml"
+                },
+                "description": "Configures IAM access groups to provide a default set of access policies and assign users to the groups."
+              }
+            ]
+          },
+          "configuration": [
+            {
+              "key": "ibmcloud_api_key"
+            },
+            {
+              "key": "provider_visibility",
+              "options": [
+                {
+                  "displayname": "private",
+                  "value": "private"
+                },
+                {
+                  "displayname": "public",
+                  "value": "public"
+                },
+                {
+                  "displayname": "public-and-private",
+                  "value": "public-and-private"
+                }
+              ]
+            },
+            {
+              "key": "prefix"
+            },
+            {
+              "key": "admin_compute_ag_name"
+            },
+            {
+              "key": "admin_compute_ag_description"
+            },
+            {
+              "key": "admin_compute_ag_add_members"
+            },
+            {
+              "key": "admin_compute_ag_ibm_ids"
+            },
+            {
+              "key": "admin_compute_ag_service_ids"
+            },
+            {
+              "key": "admin_compute_ag_trusted_profile_ids"
+            },
+            {
+              "key": "admin_compute_ag_tags"
+            },
+            {
+              "key": "admin_network_ag_name"
+            },
+            {
+              "key": "admin_network_ag_description"
+            },
+            {
+              "key": "admin_network_ag_add_members"
+            },
+            {
+              "key": "admin_network_ag_ibm_ids"
+            },
+            {
+              "key": "admin_network_ag_service_ids"
+            },
+            {
+              "key": "admin_network_ag_trusted_profile_ids"
+            },
+            {
+              "key": "admin_network_ag_tags"
+            },
+            {
+              "key": "admin_observability_ag_name"
+            },
+            {
+              "key": "admin_observability_ag_description"
+            },
+            {
+              "key": "admin_observability_ag_add_members"
+            },
+            {
+              "key": "admin_observability_ag_ibm_ids"
+            },
+            {
+              "key": "admin_observability_ag_service_ids"
+            },
+            {
+              "key": "admin_observability_ag_trusted_profile_ids"
+            },
+            {
+              "key": "admin_observability_ag_tags"
+            },
+            {
+              "key": "admin_security_ag_name"
+            },
+            {
+              "key": "admin_security_ag_description"
+            },
+            {
+              "key": "admin_security_ag_add_members"
+            },
+            {
+              "key": "admin_security_ag_ibm_ids"
+            },
+            {
+              "key": "admin_security_ag_service_ids"
+            },
+            {
+              "key": "admin_security_ag_trusted_profile_ids"
+            },
+            {
+              "key": "admin_security_ag_tags"
+            },
+            {
+              "key": "privileged_compute_ag_name"
+            },
+            {
+              "key": "privileged_compute_ag_description"
+            },
+            {
+              "key": "privileged_compute_ag_add_members"
+            },
+            {
+              "key": "privileged_compute_ag_ibm_ids"
+            },
+            {
+              "key": "privileged_compute_ag_service_ids"
+            },
+            {
+              "key": "privileged_compute_ag_trusted_profile_ids"
+            },
+            {
+              "key": "privileged_compute_ag_tags"
+            },
+            {
+              "key": "privileged_network_ag_name"
+            },
+            {
+              "key": "privileged_network_ag_description"
+            },
+            {
+              "key": "privileged_network_ag_add_members"
+            },
+            {
+              "key": "privileged_network_ag_ibm_ids"
+            },
+            {
+              "key": "privileged_network_ag_service_ids"
+            },
+            {
+              "key": "privileged_network_ag_trusted_profile_ids"
+            },
+            {
+              "key": "privileged_network_ag_tags"
+            },
+            {
+              "key": "privileged_observability_ag_name"
+            },
+            {
+              "key": "privileged_observability_ag_description"
+            },
+            {
+              "key": "privileged_observability_ag_add_members"
+            },
+            {
+              "key": "privileged_observability_ag_ibm_ids"
+            },
+            {
+              "key": "privileged_observability_ag_service_ids"
+            },
+            {
+              "key": "privileged_observability_ag_trusted_profile_ids"
+            },
+            {
+              "key": "privileged_observability_ag_tags"
+            },
+            {
+              "key": "privileged_security_ag_name"
+            },
+            {
+              "key": "privileged_security_ag_description"
+            },
+            {
+              "key": "privileged_security_ag_add_members"
+            },
+            {
+              "key": "privileged_security_ag_ibm_ids"
+            },
+            {
+              "key": "privileged_security_ag_service_ids"
+            },
+            {
+              "key": "privileged_security_ag_trusted_profile_ids"
+            },
+            {
+              "key": "privileged_security_ag_tags"
+            },
+            {
+              "key": "observer_compute_ag_name"
+            },
+            {
+              "key": "observer_compute_ag_description"
+            },
+            {
+              "key": "observer_compute_ag_add_members"
+            },
+            {
+              "key": "observer_compute_ag_ibm_ids"
+            },
+            {
+              "key": "observer_compute_ag_service_ids"
+            },
+            {
+              "key": "observer_compute_ag_trusted_profile_ids"
+            },
+            {
+              "key": "observer_compute_ag_tags"
+            },
+            {
+              "key": "observer_network_ag_name"
+            },
+            {
+              "key": "observer_network_ag_description"
+            },
+            {
+              "key": "observer_network_ag_add_members"
+            },
+            {
+              "key": "observer_network_ag_ibm_ids"
+            },
+            {
+              "key": "observer_network_ag_service_ids"
+            },
+            {
+              "key": "observer_network_ag_trusted_profile_ids"
+            },
+            {
+              "key": "observer_network_ag_tags"
+            },
+            {
+              "key": "observer_observability_ag_name"
+            },
+            {
+              "key": "observer_observability_ag_description"
+            },
+            {
+              "key": "observer_observability_ag_add_members"
+            },
+            {
+              "key": "observer_observability_ag_ibm_ids"
+            },
+            {
+              "key": "observer_observability_ag_service_ids"
+            },
+            {
+              "key": "observer_observability_ag_trusted_profile_ids"
+            },
+            {
+              "key": "observer_observability_ag_tags"
+            },
+            {
+              "key": "observer_security_ag_name"
+            },
+            {
+              "key": "observer_security_ag_description"
+            },
+            {
+              "key": "observer_security_ag_add_members"
+            },
+            {
+              "key": "observer_security_ag_ibm_ids"
+            },
+            {
+              "key": "observer_security_ag_service_ids"
+            },
+            {
+              "key": "observer_security_ag_trusted_profile_ids"
+            },
+            {
+              "key": "observer_security_ag_tags"
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

reference-architectures/access-management.svg

@@ -1,4 +1,5 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["github>terraform-ibm-modules/common-dev-assets:commonRenovateConfig"]
+  "extends": ["github>terraform-ibm-modules/common-dev-assets:commonRenovateConfig"],
+  "packageRules": []
 }

renovate.json

@@ -0,0 +1,7 @@
+# IBM Cloud Access Group solution
+
+A deployable architecture solution for managing administrator, privileged, and observer levels of access groups for observability, security, network, and compute categories. Each group has default access policies appropriate for the groups that the policies reside in. In addition to creating the groups and policies, you can provide IBM IDs, Service IDs, and Trusted Profiles to be added to these groups.
+
+![Access Management](../../reference-architectures/access-management.svg)
+
+**Important:** Because this solution contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments, do not call this solution from one or more other modules. For more information about how resources are associated with provider configurations with multiple modules, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).