feat: support for new quotas submodule and standard DA

.catalog-onboard-pipeline.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+offerings:
+  - name: deploy-arch-ibm-container-registry
+    kind: solution
+    catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd
+    offering_id: 5947efd7-d52a-4905-8052-45f1142f78a0
+    variations:
+      - name: standard
+        mark_ready: true
+        install_type: fullstack
+        scc:
+          instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
+          region: us-south

.github/settings.yml

@@ -26,4 +26,4 @@ repository:
 
   # Uncomment this topics property
   # and add a comma-separated list of topics to set on the repo.
-  topics: core-team, terraform, ibm-cloud, terraform-module, supported, graduated
+  topics: core-team, terraform, ibm-cloud, terraform-module, supported, graduated, deployable-architecture

.releaserc

@@ -10,6 +10,9 @@
     }],
     ["@semantic-release/exec", {
       "successCmd": "echo \"SEMVER_VERSION=${nextRelease.version}\" >> $GITHUB_ENV"
+    }],
+    ["@semantic-release/exec",{
+      "publishCmd": "./ci/trigger-catalog-onboarding-pipeline.sh --version=v${nextRelease.version}"
     }]
   ]
 }

README.md

@@ -15,8 +15,9 @@ You can use this module to provision and configure an [IBM Container Registry](h
 * [terraform-ibm-container-registry](#terraform-ibm-container-registry)
 * [Submodules](./modules)
     * [plan](./modules/plan)
+    * [quotas](./modules/quotas)
 * [Examples](./examples)
-    * [IBM Container Registry namespace example](./examples/namespace)
+    * [IBM Container Registry namespace example](./examples/complete)
 * [Contributing](#contributing)
 <!-- END OVERVIEW HOOK -->
 
@@ -32,6 +33,21 @@ module "namespace" {
   resource_group_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
   images_per_repo   = 2
 }
+
+module "upgrade-plan" {
+  source  = "terraform-ibm-modules/container-registry/ibm//modules/plan"
+  version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
+  container_registry_endpoint = "us.icr.io"
+}
+module "set_quota" {
+  source  = "terraform-ibm-modules/container-registry/ibm//modules/quotas"
+  version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
+  container_registry_endpoint = "us.icr.io"
+  update_storage_quota        = true
+  storage_megabytes           = 5 * 1024 # 5GiB
+  update_traffic_quota        = true
+  traffic_megabytes           = 500 # 500 MB
+}
 ```
 
 ### Required IAM access policies
@@ -61,22 +77,26 @@ No modules.
 |------|------|
 | [ibm_cr_namespace.cr_namespace](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cr_namespace) | resource |
 | [ibm_cr_retention_policy.cr_retention_policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cr_retention_policy) | resource |
+| [ibm_cr_namespaces.existing_cr_namespaces](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/cr_namespaces) | data source |
 
 ### Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_images_per_repo"></a> [images\_per\_repo](#input\_images\_per\_repo) | (Optional, Integer) Determines how many images are retained in each repository when the retention policy is processed. The value -1 denotes Unlimited (all images are retained). The value 0 denotes no retention policy will be created (default) | `number` | `0` | no |
-| <a name="input_name"></a> [name](#input\_name) | Name of the container registry namespace | `string` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | Name of the container registry namespace, if var.use\_existing\_namespace is set to false, a new namespace will be created in a region set by provider | `string` | n/a | yes |
 | <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where the IBM container namespace will be created. | `string` | n/a | yes |
 | <a name="input_retain_untagged"></a> [retain\_untagged](#input\_retain\_untagged) | (Optional, Bool) Determines whether untagged images are retained when the retention policy is processed. Default value is false, means untagged images can be deleted when the policy runs. | `bool` | `false` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Optional list of tags to be added to the IBM container namespace. | `list(string)` | `[]` | no |
+| <a name="input_use_existing_namespace"></a> [use\_existing\_namespace](#input\_use\_existing\_namespace) | Specify true to use an existing container registry namespace in the region set by provider, set false to create a new namespace. | `bool` | `false` | no |
 
 ### Outputs
 
 | Name | Description |
 |------|-------------|
 | <a name="output_namespace_crn"></a> [namespace\_crn](#output\_namespace\_crn) | CRN representing the namespace |
+| <a name="output_namespace_name"></a> [namespace\_name](#output\_namespace\_name) | Name of ICR namespace |
+| <a name="output_retention_policy_id"></a> [retention\_policy\_id](#output\_retention\_policy\_id) | ID of retentation policy |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 <!-- Leave this section as is so that your module has a link to local development environment set up steps for contributors to follow -->

cra-config.yaml

@@ -1,11 +1,10 @@
 version: "v1"
 CRA_TARGETS:
-  - CRA_TARGET: "examples/namespace"
+  - CRA_TARGET: "solutions/standard"
     CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json"
     PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3" # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile).
-    # CRA_ENVIRONMENT_VARIABLES:  # An optional map of environment variables for CRA, where the key is the variable name and value is the value. Useful for providing TF_VARs.
-    #   TF_VAR_sample: "sample value"
-    #   TF_VAR_other:  "another value"
+    CRA_ENVIRONMENT_VARIABLES:  # An optional map of environment variables for CRA, where the key is the variable name and value is the value. Useful for providing TF_VARs.
+      TF_VAR_provider_visibility: "public"
     # SCC_INSTANCE_ID: "" # The SCC instance ID to use to download profile for CRA scan. If not provided, a default global value will be used.
     # SCC_REGION: "" # The IBM Cloud region that the SCC instance is in. If not provided, a default global value will be used.
     # PROFILE_ID: "" # The Profile ID input for CRA SCC scan. Ensure to use a US-specific ID. If not provided, a default global value will be used.

examples/namespace/main.tf → examples/complete/main.tf

@@ -11,15 +11,27 @@ module "resource_group" {
 }
 
 module "namespace" {
-  source            = "../.."
-  name              = "${var.prefix}-namespace"
-  resource_group_id = module.resource_group.resource_group_id
-  tags              = var.resource_tags
-  images_per_repo   = var.images_per_repo
-  retain_untagged   = var.retain_untagged
+  providers = {
+    ibm = ibm.namespace
+  }
+  source                 = "../.."
+  name                   = var.namespace_name
+  use_existing_namespace = var.use_existing_namespace
+  resource_group_id      = module.resource_group.resource_group_id
+  tags                   = var.resource_tags
+  images_per_repo        = var.images_per_repo
+  retain_untagged        = var.retain_untagged
 }
 
+
 module "upgrade_plan" {
   source                      = "../..//modules/plan"
   container_registry_endpoint = "us.icr.io"
 }
+
+module "set_quota" {
+  source                      = "../../modules/quotas"
+  container_registry_endpoint = "br.icr.io"
+  storage_megabytes           = 5 * 1024 - 1
+  traffic_megabytes           = 499
+}

examples/namespace/provider.tf → examples/complete/provider.tf

@@ -4,7 +4,12 @@
 
 provider "ibm" {
   ibmcloud_api_key = var.ibmcloud_api_key
-  region           = var.region
+}
+
+provider "ibm" {
+  alias            = "namespace"
+  ibmcloud_api_key = var.ibmcloud_api_key
+  region           = var.namespace_region
 }
 
 # Data source to retrieve token details

examples/namespace/variables.tf → examples/complete/variables.tf

@@ -10,12 +10,24 @@ variable "prefix" {
   default     = "test-icr"
 }
 
-variable "region" {
+variable "namespace_region" {
   type        = string
-  description = "Prefix to append to all resources created by this example"
+  description = "The IBM Cloud region where the container registry namespace and retention policy will be created or where the existing namespace is located."
   default     = "us-south"
 }
 
+variable "namespace_name" {
+  type        = string
+  description = "The name of the container registry namespace to create or the name of an existing namespace."
+  default     = null
+}
+
+variable "use_existing_namespace" {
+  type        = bool
+  description = "Specify true to use an existing container registry namespace in the region defined by `var.namespace_region`, set false to create a new namespace."
+  default     = false
+}
+
 variable "resource_group" {
   type        = string
   description = "An existing resource group name to use for this example, if unset a new resource group will be created"

examples/namespace/versions.tf → examples/complete/versions.tf

@@ -11,7 +11,7 @@ terraform {
     }
     restapi = {
       source  = "Mastercard/restapi"
-      version = ">= 1.18.2"
+      version = ">= 1.20.0"
     }
   }
 }

ibm_catalog.json

@@ -0,0 +1,203 @@
+{
+  "products": [
+    {
+      "name": "deploy-arch-ibm-container-registry",
+      "label": "Cloud automation for IBM Container Registry",
+      "product_kind": "solution",
+      "tags": [
+        "ibm_created",
+        "target_terraform",
+        "terraform",
+        "containers",
+        "registry",
+        "solution"
+      ],
+      "keywords": [
+        "containers",
+        "IaC",
+        "infrastructure as code",
+        "terraform",
+        "solution",
+        "registry"
+      ],
+      "short_description": "Creates or uses an existing IBM Container Registry namespace, configures pull traffic and storage quotas, and supports upgrading the registry plan to Standard.",
+      "long_description": "This architecture creates or utilizes an existing IBM Container Registry namespace, provides the ability to configure pull traffic limits and storage quotas in megabytes, and allows for upgrading the registry plan to Standard. It ensures efficient management of container image access by regulating data pull volume from the registry and setting storage capacity limits for container images within each registry.",
+      "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-container-registry/main/README.md",
+      "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-container-registry/main/images/icr_icon.svg",
+      "provider_name": "IBM",
+      "features": [
+        {
+          "title": "Creates or Uses Existing IBM Container Registry Namespace",
+          "description": "Enables the creation of a new IBM Container Registry namespace or the use of an existing one, allowing users to define isolated environments for managing container images, with the ability to set a retention policy."
+        },
+        {
+          "title": "Configures Pull Traffic Limits",
+          "description": "Allows fine-grained configuration of pull traffic limits in megabytes, controlling the amount of data that can be pulled from the registry."
+        },
+        {
+          "title": "Sets Storage Quotas",
+          "description": "Enables the configuration of storage quotas in megabytes, defining the maximum amount of storage available for container images within each registry."
+        },
+        {
+          "title": "Upgrades Registry Plan to Standard",
+          "description": "Provides the ability to upgrade the container registry plan to Standard, allowing for enhanced features and capabilities."
+        }
+      ],
+
+      "flavors": [
+        {
+          "label": "Standard",
+          "name": "standard",
+          "install_type": "fullstack",
+          "working_directory": "solutions/standard",
+          "compliance": {
+            "authority": "scc-v3",
+            "profiles": [
+              {
+                "profile_name": "IBM Cloud Framework for Financial Services",
+                "profile_version": "1.7.0"
+              }
+            ]},
+          "iam_permissions": [
+            {
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Administrator"
+              ],
+              "service_name": "all-account-management-services"
+            },
+            {
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Writer",
+                "crn:v1:bluemix:public:iam::::role:Manager"
+              ],
+              "service_name": "container-registry"
+            }
+          ],
+          "architecture": {
+            "descriptions": "Creates or uses an existing IBM Container Registry namespace, configures pull traffic and storage quotas, and supports upgrading the registry plan to Standard.",
+            "features": [
+              {
+                "title": "Creates or uses an existing IBM Container Registry namespace, configures pull traffic and storage quotas, and supports upgrading the registry plan to Standard.",
+                "description": "This architecture creates or utilizes an existing IBM Container Registry namespace, provides the ability to configure pull traffic limits and storage quotas in megabytes, and allows for upgrading the registry plan to Standard. It ensures efficient management of container image access by regulating data pull volume from the registry and setting storage capacity limits for container images within each registry."
+              }
+            ],
+            "diagrams": [
+              {
+                "diagram": {
+                  "caption": "Creates IBM Container Registry namespace.",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-container-registry/main/reference-architecture/deployable-architecture-icr.svg",
+                  "type": "image/svg+xml"
+                },
+                "description": "This architecture creates or utilizes an existing IBM Container Registry namespace, provides the ability to configure pull traffic limits and storage quotas in megabytes, and allows for upgrading the registry plan to Standard. It ensures efficient management of container image access by regulating data pull volume from the registry and setting storage capacity limits for container images within each registry."
+              }
+            ]
+          },
+          "configuration": [
+              {
+                "key": "ibmcloud_api_key"
+              },
+              {
+                "key": "provider_visibility",
+                "options": [
+                  {
+                    "displayname": "private",
+                    "value": "private"
+                  },
+                  {
+                    "displayname": "public",
+                    "value": "public"
+                  },
+                  {
+                    "displayname": "public-and-private",
+                    "value": "public-and-private"
+                  }
+                ]
+              },
+              {
+                "key": "prefix"
+              },
+              {
+                "key": "use_existing_resource_group"
+              },
+              {
+                "key": "resource_group_name"
+              },
+              {
+                "key": "namespace_region",
+                "default_value": "us-south",
+                "options": [
+                  {
+                    "displayname": "Global (global)",
+                    "value": "global"
+                  },
+                  {
+                    "displayname": "Tokyo (jp-tok)",
+                    "value": "jp-tok"
+                  },
+                  {
+                    "displayname": "Sydney (au-syd)",
+                    "value": "au-syd"
+                  },
+                  {
+                    "displayname": "Sao Paulo (br-sao)",
+                    "value": "br-sao"
+                  },
+                  {
+                    "displayname": "Toronto (ca-tor)",
+                    "value": "ca-tor"
+                  },
+                  {
+                    "displayname": "Frankfurt (eu-de)",
+                    "value": "eu-de"
+                  },
+                  {
+                    "displayname": "Madrid (eu-es)",
+                    "value": "eu-es"
+                  },
+                  {
+                    "displayname": "London (eu-gb)",
+                    "value": "eu-gb"
+                  },
+                  {
+                    "displayname": "Osaka (jp-osa)",
+                    "value": "jp-osa"
+                  },
+                  {
+                    "displayname": "Dallas (us-south)",
+                    "value": "us-south"
+                  }
+                ]
+              },
+              {
+                "key": "namespace_name"
+              },
+              {
+                "key": "use_existing_namespace"
+              },
+              {
+                "key": "tags"
+              },
+              {
+                "key": "images_per_repo"
+              },
+              {
+                "key": "retain_untagged"
+              },
+              {
+                "key": "container_registry_endpoint"
+              },
+              {
+                "key": "upgrade_to_standard_plan"
+              },
+              {
+                "key": "storage_megabytes"
+              },
+              {
+                "key": "traffic_megabytes"
+              }
+            ]
+        }
+      ]
+    }
+  ]
+}