Skip to content

Commit

Permalink
chore: updated cbr enforcement mode (#251)
Browse files Browse the repository at this point in the history
  • Loading branch information
Ak-sky authored Jul 15, 2024
1 parent 44ce09a commit 50d21db
Show file tree
Hide file tree
Showing 4 changed files with 112 additions and 35 deletions.
31 changes: 28 additions & 3 deletions examples/complete/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ resource "ibm_is_subnet" "testacc_subnet" {
# Create CBR Zone
##############################################################################

module "cbr_zone" {
module "cbr_vpc_zone" {
source = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module"
version = "1.23.0"
name = "${var.prefix}-VPC-network-zone"
Expand All @@ -96,6 +96,21 @@ module "cbr_zone" {
}]
}

module "cbr_zone_schematics" {
source = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module"
version = "1.23.0"
name = "${var.prefix}-schematics-zone"
zone_description = "CBR Network zone containing Schematics"
account_id = data.ibm_iam_account_settings.iam_account_settings.account_id
addresses = [{
type = "serviceRef",
ref = {
account_id = data.ibm_iam_account_settings.iam_account_settings.account_id
service_name = "schematics"
}
}]
}

module "event_notification" {
source = "../../"
resource_group_id = module.resource_group.resource_group_id
Expand All @@ -117,7 +132,7 @@ module "event_notification" {
cbr_rules = [
{
description = "${var.prefix}-event notification access only from vpc"
enforcement_mode = "report"
enforcement_mode = "enabled"
account_id = data.ibm_iam_account_settings.iam_account_settings.account_id
rule_contexts = [{
attributes = [
Expand All @@ -127,7 +142,17 @@ module "event_notification" {
},
{
name = "networkZoneId"
value = module.cbr_zone.zone_id
value = module.cbr_vpc_zone.zone_id
}]
}, {
attributes = [
{
"name" : "endpointType",
"value" : "public"
},
{
name = "networkZoneId"
value = module.cbr_zone_schematics.zone_id
}]
}]
}
Expand Down
31 changes: 28 additions & 3 deletions examples/fscloud/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ resource "ibm_is_subnet" "testacc_subnet" {
# Create CBR Zone
##############################################################################

module "cbr_zone" {
module "cbr_vpc_zone" {
source = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module"
version = "1.23.0"
name = "${var.prefix}-VPC-network-zone"
Expand All @@ -50,6 +50,21 @@ module "cbr_zone" {
}]
}

module "cbr_zone_schematics" {
source = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module"
version = "1.23.0"
name = "${var.prefix}-schematics-zone"
zone_description = "CBR Network zone containing Schematics"
account_id = data.ibm_iam_account_settings.iam_account_settings.account_id
addresses = [{
type = "serviceRef",
ref = {
account_id = data.ibm_iam_account_settings.iam_account_settings.account_id
service_name = "schematics"
}
}]
}

##############################################################################
# Create COS Instance
##############################################################################
Expand Down Expand Up @@ -117,7 +132,7 @@ module "event_notification" {
cbr_rules = [
{
description = "${var.prefix}-event notification access only from vpc"
enforcement_mode = "report"
enforcement_mode = "enabled"
account_id = data.ibm_iam_account_settings.iam_account_settings.account_id
rule_contexts = [{
attributes = [
Expand All @@ -127,7 +142,17 @@ module "event_notification" {
},
{
name = "networkZoneId"
value = module.cbr_zone.zone_id
value = module.cbr_vpc_zone.zone_id
}]
}, {
attributes = [
{
"name" : "endpointType",
"value" : "private"
},
{
name = "networkZoneId"
value = module.cbr_zone_schematics.zone_id
}]
}]
}
Expand Down
2 changes: 1 addition & 1 deletion modules/fscloud/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ module "event_notification" {
cbr_rules = [
{
description = "Event notification access only from vpc"
enforcement_mode = "report"
enforcement_mode = "enabled"
account_id = "defc0df06b644a9cabc6e44f55b3880s"
rule_contexts = [{
attributes = [
Expand Down
83 changes: 55 additions & 28 deletions tests/pr_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,41 +55,36 @@ func setupOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptio
Region: validRegions[rand.Intn(len(validRegions))],
})

if dir == fsExampleDir {
options = testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{
Testing: t,
TerraformDir: dir,
Prefix: prefix,
ResourceGroup: resourceGroup,
Region: options.Region,
TerraformVars: map[string]interface{}{
"existing_kms_instance_crn": permanentResources["hpcs_south_crn"],
"root_key_crn": permanentResources["hpcs_south_root_key_crn"],
"kms_endpoint_url": permanentResources["hpcs_south_private_endpoint"],
},
})
}
return options
}

func TestRunCompleteExample(t *testing.T) {
func TestCompleteExampleInSchematics(t *testing.T) {
t.Parallel()

options := setupOptions(t, "event-notification-complete", completeExampleDir)

output, err := options.RunTestConsistency()
assert.Nil(t, err, "This should not have errored")
assert.NotNil(t, output, "Expected some output")
}
var region = validRegions[rand.Intn(len(validRegions))]

func TestRunFSCloudExample(t *testing.T) {
t.Parallel()
options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
Testing: t,
Prefix: "en-complete",
TarIncludePatterns: []string{
"*.tf",
completeExampleDir + "/*.tf",
},
ResourceGroup: resourceGroup,
TemplateFolder: completeExampleDir,
Tags: []string{"test-schematic"},
DeleteWorkspaceOnFail: false,
WaitJobCompleteMinutes: 60,
})

options := setupOptions(t, "en-fs", fsExampleDir)
options.TerraformVars = []testschematic.TestSchematicTerraformVar{
{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
{Name: "prefix", Value: options.Prefix, DataType: "string"},
{Name: "region", Value: region, DataType: "string"},
}

output, err := options.RunTestConsistency()
err := options.RunSchematicTest()
assert.Nil(t, err, "This should not have errored")
assert.NotNil(t, output, "Expected some output")
}

func TestDAInSchematics(t *testing.T) {
Expand All @@ -104,7 +99,6 @@ func TestDAInSchematics(t *testing.T) {
"*.tf",
solutionDADir + "/*.tf",
},
ResourceGroup: resourceGroup,
TemplateFolder: solutionDADir,
Tags: []string{"test-schematic"},
DeleteWorkspaceOnFail: false,
Expand All @@ -113,8 +107,8 @@ func TestDAInSchematics(t *testing.T) {

options.TerraformVars = []testschematic.TestSchematicTerraformVar{
{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
{Name: "resource_group_name", Value: options.Prefix, DataType: "string"},
{Name: "region", Value: region, DataType: "string"},
{Name: "resource_group_name", Value: options.Prefix, DataType: "string"},
{Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"},
{Name: "kms_endpoint_url", Value: permanentResources["hpcs_south_private_endpoint"], DataType: "string"},
{Name: "cross_region_location", Value: "us", DataType: "string"},
Expand All @@ -124,6 +118,39 @@ func TestDAInSchematics(t *testing.T) {
assert.Nil(t, err, "This should not have errored")
}

func TestFSCloudInSchematics(t *testing.T) {
t.Parallel()

var region = validRegions[rand.Intn(len(validRegions))]

options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
Testing: t,
Prefix: "en-fs",
TarIncludePatterns: []string{
"*.tf",
fsExampleDir + "/*.tf",
"modules/fscloud/*.tf",
},
ResourceGroup: resourceGroup,
TemplateFolder: fsExampleDir,
Tags: []string{"test-schematic"},
DeleteWorkspaceOnFail: false,
WaitJobCompleteMinutes: 60,
})

options.TerraformVars = []testschematic.TestSchematicTerraformVar{
{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
{Name: "region", Value: region, DataType: "string"},
{Name: "prefix", Value: options.Prefix, DataType: "string"},
{Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"},
{Name: "kms_endpoint_url", Value: permanentResources["hpcs_south_private_endpoint"], DataType: "string"},
{Name: "root_key_crn", Value: permanentResources["hpcs_south_root_key_crn"], DataType: "string"},
}

err := options.RunSchematicTest()
assert.Nil(t, err, "This should not have errored")
}

func TestRunUpgradeDASolution(t *testing.T) {
t.Parallel()

Expand Down

0 comments on commit 50d21db

Please sign in to comment.