feat: add support to attach workload protection instance #36
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
/run pipeline |
jor2
commented
Feb 29, 2024
ocofaigh
requested changes
Feb 29, 2024
variables.tf
Outdated
| type = string | ||
| description = "The name for the provider_type instance" | ||
| default = null | ||
| } |
There was a problem hiding this comment.
I don't think we need to expose this, lets just hard code it to "workload-protection-instance"
added 3 commits
March 4, 2024 22:32
jor2
changed the title
ocofaigh
reviewed
Mar 15, 2024
main.tf
Outdated
| @@ -11,6 +11,53 @@ resource "ibm_resource_instance" "scc_instance" { | |||
| tags = var.resource_tags | |||
| } | |||
|
|
|||
| data "ibm_scc_provider_type" "scc_provider_type" { | |||
| count = var.wp_instance_crn != null ? 1 : 0 | |||
| provider_type_name = var.provider_type_name | |||
There was a problem hiding this comment.
FYI, when IBM-Cloud/terraform-provider-ibm#5208 is implemented, this module wont have a provider_type_name variable, instead you will hard code "Security and Compliance Workload Protection" here nd do data lookup by name
There was a problem hiding this comment.
it won't take anything, instead we just get a list of every provider type by the looks of it https://github.com/IBM-Cloud/terraform-provider-ibm/pull/5179/files#diff-268bf1a5e7374e3609b776536171ae795dc6c12c9034ff087d169a59635cb3d6R19
There was a problem hiding this comment.
Once we can lookup the "Security and Compliance Workload Protection" by name and get its ID, we should be good here
|
@jor2 Can you try with https://github.com/IBM-Cloud/terraform-provider-ibm/releases/tag/v1.64.0-beta0 since it now has |
this works now using beta version. |
|
These are the provider types, hardcoded to workload one, let me know if you want to change or allow to be inputted by user. |
jor2
changed the title
jor2
changed the title
added 2 commits
April 3, 2024 11:37
…-ibm-scc into workload
|
/run pipeline |
|
/run pipeline |
|
|
/run pipeline |
ocofaigh
requested changes
Apr 12, 2024
variables.tf
Outdated
| @@ -14,6 +14,18 @@ variable "instance_name" { | |||
| description = "Name of the security and compliance instance that will be provisioned by this module" | |||
| } | |||
|
|
|||
| variable "attach_wp_to_scc_instance" { | |||
| type = string | |||
| description = "Set to `true` to attach an existing SCC Workload Protection instance to attach it to the SCC instance." | |||
There was a problem hiding this comment.
When set to true, a value must be passed for the wp_instance_crn inout variable
main.tf
Outdated
| } | ||
|
|
||
| resource "ibm_iam_authorization_policy" "scc_wp_s2s_access" { | ||
| count = var.attach_wp_to_scc_instance ? 1 : 0 |
There was a problem hiding this comment.
you need to add the ability to skip this. Suggest adding a variable called skip_scc_wp_auth_policy and update the logic here include it
examples/basic/version.tf
Outdated
| @@ -6,7 +6,7 @@ terraform { | |||
| required_providers { | |||
| ibm = { | |||
| source = "IBM-Cloud/ibm" | |||
| version = "1.63.0" | |||
| version = ">= 1.64.0" | |||
There was a problem hiding this comment.
basic example should lock into lowest supported version, which is now 1.64.1
version.tf
Outdated
|
|
||
| time = { | ||
| source = "hashicorp/time" | ||
| version = "0.9.1" |
There was a problem hiding this comment.
always use greater than sign in module, aka >= 0.9.1, <1.0.0
|
/run pipeline |
ocofaigh
reviewed
Apr 12, 2024
examples/basic/version.tf
Outdated
| @@ -6,7 +6,7 @@ terraform { | |||
| required_providers { | |||
| ibm = { | |||
| source = "IBM-Cloud/ibm" | |||
| version = "1.63.0" | |||
| version = ">= 1.64.1" | |||
There was a problem hiding this comment.
needs to lock into 1.64.1 for basic
|
/run pipeline |
ocofaigh
approved these changes
Apr 12, 2024
|
🎉 This PR is included in version 1.4.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
attach a Workload Protection instance to an SCC instance
#29
In a draft state as we are waiting on provider type to be able to be looked up by name.
Release required?
x.x.X)x.X.x)X.x.x)Release notes content
Run the pipeline
If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.
Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:
Checklist for reviewers
For mergers