feat: exposed the ability to set the provider_visibility in the DA.…

… [Learn more](https://registry.terraform.io/providers/IBM-Cloud/IBM/latest/docs#visibility-1). (#229)
terraform-ibm-modules · Nov 28, 2024 · 37744b7 · 37744b7
1 parent cf3447c
commit 37744b7
Show file tree

Hide file tree

Showing 8 changed files with 62 additions and 0 deletions.
diff --git a/cra-config.yaml b/cra-config.yaml
@@ -7,3 +7,4 @@ CRA_TARGETS:
     CRA_ENVIRONMENT_VARIABLES:
       TF_VAR_resource_group_name: "test"
       TF_VAR_existing_kms_instance_crn: "crn:v1:bluemix:public:hs-crypto:us-south:a/abac0df06b644a9cabc6e44f55b3880e:e6dce284-e80f-46e1-a3c1-830f7adff7a9::"
+      TF_VAR_provider_visibility: "public"
diff --git a/ibm_catalog.json b/ibm_catalog.json
@@ -60,6 +60,23 @@
             {
               "key": "ibmcloud_api_key"
             },
+            {
+              "key": "provider_visibility",
+              "options": [
+                {
+                  "displayname": "private",
+                  "value": "private"
+                },
+                {
+                  "displayname": "public",
+                  "value": "public"
+                },
+                {
+                  "displayname": "public-and-private",
+                  "value": "public-and-private"
+                }
+              ]
+            },
             {
               "key": "use_existing_resource_group"
             },
@@ -376,6 +393,23 @@
             {
               "key": "ibmcloud_api_key"
             },
+            {
+              "key": "provider_visibility",
+              "options": [
+                {
+                  "displayname": "private",
+                  "value": "private"
+                },
+                {
+                  "displayname": "public",
+                  "value": "public"
+                },
+                {
+                  "displayname": "public-and-private",
+                  "value": "public-and-private"
+                }
+              ]
+            },
             {
               "key": "name"
             },

diff --git a/solutions/agents/provider.tf b/solutions/agents/provider.tf
@@ -5,6 +5,7 @@
 provider "ibm" {
   ibmcloud_api_key = var.ibmcloud_api_key
   region           = var.region
+  visibility       = var.provider_visibility
 }
 
 provider "kubernetes" {

diff --git a/solutions/agents/variables.tf b/solutions/agents/variables.tf
@@ -7,7 +7,16 @@ variable "ibmcloud_api_key" {
   description = "The IBM Cloud API key to deploy resources."
   sensitive   = true
 }
+variable "provider_visibility" {
+  description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)."
+  type        = string
+  default     = "private"
 
+  validation {
+    condition     = contains(["public", "private", "public-and-private"], var.provider_visibility)
+    error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'."
+  }
+}
 ########################################################################################################################
 # SCC Workload Protection Agent variables
 ########################################################################################################################

diff --git a/solutions/instances/README.md b/solutions/instances/README.md
@@ -77,6 +77,7 @@ This solution supports provisioning and configuring the following infrastructure
 | <a name="input_management_endpoint_type_for_bucket"></a> [management\_endpoint\_type\_for\_bucket](#input\_management\_endpoint\_type\_for\_bucket) | The type of endpoint for the IBM Terraform provider to use to manage Object Storage buckets. Possible values: `public`, `private`m `direct`. If you specify `private`, enable virtual routing and forwarding in your account, and the Terraform runtime must have access to the the IBM Cloud private network. | `string` | `"private"` | no |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | The prefix to add to all resources created by this solution. | `string` | `null` | no |
 | <a name="input_profile_attachments"></a> [profile\_attachments](#input\_profile\_attachments) | The list of Security and Compliance Center profile attachments to create that are scoped to your IBM Cloud account. The attachment schedule runs daily and defaults to the latest version of the specified profile attachments. | `list(string)` | <pre>[<br/>  "IBM Cloud Framework for Financial Services"<br/>]</pre> | no |
+| <a name="input_provider_visibility"></a> [provider\_visibility](#input\_provider\_visibility) | Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints). | `string` | `"private"` | no |
 | <a name="input_provision_scc_workload_protection"></a> [provision\_scc\_workload\_protection](#input\_provision\_scc\_workload\_protection) | Whether to provision a Workload Protection instance. | `bool` | `true` | no |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of a new or an existing resource group in which to provision resources to. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | n/a | yes |
 | <a name="input_resource_groups_scope"></a> [resource\_groups\_scope](#input\_resource\_groups\_scope) | The resource group to associate with the Security and Compliance Center profile attachments. If not specified, the attachments are scoped to the current account ID. Only one resource group is allowed. | `list(string)` | `[]` | no |

diff --git a/solutions/instances/provider.tf b/solutions/instances/provider.tf
@@ -5,16 +5,19 @@
 provider "ibm" {
   ibmcloud_api_key = var.ibmcloud_api_key
   region           = local.scc_instance_region
+  visibility       = var.provider_visibility
 }
 
 provider "ibm" {
   alias            = "kms"
   ibmcloud_api_key = var.ibmcloud_kms_api_key != null ? var.ibmcloud_kms_api_key : var.ibmcloud_api_key
   region           = local.kms_region
+  visibility       = var.provider_visibility
 }
 
 provider "ibm" {
   alias            = "cos"
   ibmcloud_api_key = var.ibmcloud_api_key
   region           = var.cos_region
+  visibility       = var.provider_visibility
 }
diff --git a/solutions/instances/variables.tf b/solutions/instances/variables.tf
@@ -32,6 +32,16 @@ variable "prefix" {
   default     = null
 }
 
+variable "provider_visibility" {
+  description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)."
+  type        = string
+  default     = "private"
+
+  validation {
+    condition     = contains(["public", "private", "public-and-private"], var.provider_visibility)
+    error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'."
+  }
+}
 ########################################################################################################################
 # KMS variables
 ########################################################################################################################

diff --git a/tests/pr_test.go b/tests/pr_test.go
@@ -182,6 +182,7 @@ func TestRunUpgradeInstances(t *testing.T) {
 		"resource_group_name":                 options.Prefix,
 		"existing_kms_instance_crn":           permanentResources["hpcs_south_crn"],
 		"kms_endpoint_type":                   "public",
+		"provider_visibility":                 "public",
 		"management_endpoint_type_for_bucket": "public",
 	}
 
@@ -251,6 +252,7 @@ func TestRunExistingResourcesInstances(t *testing.T) {
 				"existing_scc_cos_bucket_name":        terraform.Output(t, existingTerraformOptions, "bucket_name"),
 				"existing_cos_instance_crn":           terraform.Output(t, existingTerraformOptions, "cos_crn"),
 				"management_endpoint_type_for_bucket": "public",
+				"provider_visibility":                 "public",
 				"existing_en_crn":                     terraform.Output(t, existingTerraformOptions, "en_crn"),
 				"en_source_name":                      prefix, // needs to be unique per EN instance
 			},
@@ -278,6 +280,7 @@ func TestRunExistingResourcesInstances(t *testing.T) {
 				"existing_monitoring_crn":             terraform.Output(t, existingTerraformOptions, "monitoring_crn"),
 				"existing_kms_instance_crn":           permanentResources["hpcs_south_crn"],
 				"kms_endpoint_type":                   "public",
+				"provider_visibility":                 "public",
 				"existing_cos_instance_crn":           terraform.Output(t, existingTerraformOptions, "cos_crn"),
 				"management_endpoint_type_for_bucket": "public",
 			},