From 37744b71fafd0a08b09dab66248962acb22fc4cb Mon Sep 17 00:00:00 2001
From: Aditya Ranjan <48973656+Aditya-ranjan-16@users.noreply.github.com>
Date: Thu, 28 Nov 2024 16:21:13 +0530
Subject: [PATCH] feat: exposed the ability to set the `provider_visibility` in
 the DA. [Learn
 more](https://registry.terraform.io/providers/IBM-Cloud/IBM/latest/docs#visibility-1).
 (#229)

---
 cra-config.yaml                  |  1 +
 ibm_catalog.json                 | 34 ++++++++++++++++++++++++++++++++
 solutions/agents/provider.tf     |  1 +
 solutions/agents/variables.tf    |  9 +++++++++
 solutions/instances/README.md    |  1 +
 solutions/instances/provider.tf  |  3 +++
 solutions/instances/variables.tf | 10 ++++++++++
 tests/pr_test.go                 |  3 +++
 8 files changed, 62 insertions(+)

diff --git a/cra-config.yaml b/cra-config.yaml
index 1c95429..ccac19f 100644
--- a/cra-config.yaml
+++ b/cra-config.yaml
@@ -7,3 +7,4 @@ CRA_TARGETS:
     CRA_ENVIRONMENT_VARIABLES:
       TF_VAR_resource_group_name: "test"
       TF_VAR_existing_kms_instance_crn: "crn:v1:bluemix:public:hs-crypto:us-south:a/abac0df06b644a9cabc6e44f55b3880e:e6dce284-e80f-46e1-a3c1-830f7adff7a9::"
+      TF_VAR_provider_visibility: "public"
diff --git a/ibm_catalog.json b/ibm_catalog.json
index c61996e..2f2e4f3 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -60,6 +60,23 @@
             {
               "key": "ibmcloud_api_key"
             },
+            {
+              "key": "provider_visibility",
+              "options": [
+                {
+                  "displayname": "private",
+                  "value": "private"
+                },
+                {
+                  "displayname": "public",
+                  "value": "public"
+                },
+                {
+                  "displayname": "public-and-private",
+                  "value": "public-and-private"
+                }
+              ]
+            },
             {
               "key": "use_existing_resource_group"
             },
@@ -376,6 +393,23 @@
             {
               "key": "ibmcloud_api_key"
             },
+            {
+              "key": "provider_visibility",
+              "options": [
+                {
+                  "displayname": "private",
+                  "value": "private"
+                },
+                {
+                  "displayname": "public",
+                  "value": "public"
+                },
+                {
+                  "displayname": "public-and-private",
+                  "value": "public-and-private"
+                }
+              ]
+            },
             {
               "key": "name"
             },
diff --git a/solutions/agents/provider.tf b/solutions/agents/provider.tf
index 18eefa1..73d8908 100644
--- a/solutions/agents/provider.tf
+++ b/solutions/agents/provider.tf
@@ -5,6 +5,7 @@
 provider "ibm" {
   ibmcloud_api_key = var.ibmcloud_api_key
   region           = var.region
+  visibility       = var.provider_visibility
 }
 
 provider "kubernetes" {
diff --git a/solutions/agents/variables.tf b/solutions/agents/variables.tf
index 95bbb0f..ec09a16 100644
--- a/solutions/agents/variables.tf
+++ b/solutions/agents/variables.tf
@@ -7,7 +7,16 @@ variable "ibmcloud_api_key" {
   description = "The IBM Cloud API key to deploy resources."
   sensitive   = true
 }
+variable "provider_visibility" {
+  description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)."
+  type        = string
+  default     = "private"
 
+  validation {
+    condition     = contains(["public", "private", "public-and-private"], var.provider_visibility)
+    error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'."
+  }
+}
 ########################################################################################################################
 # SCC Workload Protection Agent variables
 ########################################################################################################################
diff --git a/solutions/instances/README.md b/solutions/instances/README.md
index 326ea73..c1f1be1 100644
--- a/solutions/instances/README.md
+++ b/solutions/instances/README.md
@@ -77,6 +77,7 @@ This solution supports provisioning and configuring the following infrastructure
 | <a name="input_management_endpoint_type_for_bucket"></a> [management\_endpoint\_type\_for\_bucket](#input\_management\_endpoint\_type\_for\_bucket) | The type of endpoint for the IBM Terraform provider to use to manage Object Storage buckets. Possible values: `public`, `private`m `direct`. If you specify `private`, enable virtual routing and forwarding in your account, and the Terraform runtime must have access to the the IBM Cloud private network. | `string` | `"private"` | no |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | The prefix to add to all resources created by this solution. | `string` | `null` | no |
 | <a name="input_profile_attachments"></a> [profile\_attachments](#input\_profile\_attachments) | The list of Security and Compliance Center profile attachments to create that are scoped to your IBM Cloud account. The attachment schedule runs daily and defaults to the latest version of the specified profile attachments. | `list(string)` | <pre>[<br/>  "IBM Cloud Framework for Financial Services"<br/>]</pre> | no |
+| <a name="input_provider_visibility"></a> [provider\_visibility](#input\_provider\_visibility) | Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints). | `string` | `"private"` | no |
 | <a name="input_provision_scc_workload_protection"></a> [provision\_scc\_workload\_protection](#input\_provision\_scc\_workload\_protection) | Whether to provision a Workload Protection instance. | `bool` | `true` | no |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of a new or an existing resource group in which to provision resources to. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | n/a | yes |
 | <a name="input_resource_groups_scope"></a> [resource\_groups\_scope](#input\_resource\_groups\_scope) | The resource group to associate with the Security and Compliance Center profile attachments. If not specified, the attachments are scoped to the current account ID. Only one resource group is allowed. | `list(string)` | `[]` | no |
diff --git a/solutions/instances/provider.tf b/solutions/instances/provider.tf
index 2a4642b..42e29fa 100644
--- a/solutions/instances/provider.tf
+++ b/solutions/instances/provider.tf
@@ -5,16 +5,19 @@
 provider "ibm" {
   ibmcloud_api_key = var.ibmcloud_api_key
   region           = local.scc_instance_region
+  visibility       = var.provider_visibility
 }
 
 provider "ibm" {
   alias            = "kms"
   ibmcloud_api_key = var.ibmcloud_kms_api_key != null ? var.ibmcloud_kms_api_key : var.ibmcloud_api_key
   region           = local.kms_region
+  visibility       = var.provider_visibility
 }
 
 provider "ibm" {
   alias            = "cos"
   ibmcloud_api_key = var.ibmcloud_api_key
   region           = var.cos_region
+  visibility       = var.provider_visibility
 }
diff --git a/solutions/instances/variables.tf b/solutions/instances/variables.tf
index b593993..52ad998 100644
--- a/solutions/instances/variables.tf
+++ b/solutions/instances/variables.tf
@@ -32,6 +32,16 @@ variable "prefix" {
   default     = null
 }
 
+variable "provider_visibility" {
+  description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)."
+  type        = string
+  default     = "private"
+
+  validation {
+    condition     = contains(["public", "private", "public-and-private"], var.provider_visibility)
+    error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'."
+  }
+}
 ########################################################################################################################
 # KMS variables
 ########################################################################################################################
diff --git a/tests/pr_test.go b/tests/pr_test.go
index 6a011e5..c9e6561 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -182,6 +182,7 @@ func TestRunUpgradeInstances(t *testing.T) {
 		"resource_group_name":                 options.Prefix,
 		"existing_kms_instance_crn":           permanentResources["hpcs_south_crn"],
 		"kms_endpoint_type":                   "public",
+		"provider_visibility":                 "public",
 		"management_endpoint_type_for_bucket": "public",
 	}
 
@@ -251,6 +252,7 @@ func TestRunExistingResourcesInstances(t *testing.T) {
 				"existing_scc_cos_bucket_name":        terraform.Output(t, existingTerraformOptions, "bucket_name"),
 				"existing_cos_instance_crn":           terraform.Output(t, existingTerraformOptions, "cos_crn"),
 				"management_endpoint_type_for_bucket": "public",
+				"provider_visibility":                 "public",
 				"existing_en_crn":                     terraform.Output(t, existingTerraformOptions, "en_crn"),
 				"en_source_name":                      prefix, // needs to be unique per EN instance
 			},
@@ -278,6 +280,7 @@ func TestRunExistingResourcesInstances(t *testing.T) {
 				"existing_monitoring_crn":             terraform.Output(t, existingTerraformOptions, "monitoring_crn"),
 				"existing_kms_instance_crn":           permanentResources["hpcs_south_crn"],
 				"kms_endpoint_type":                   "public",
+				"provider_visibility":                 "public",
 				"existing_cos_instance_crn":           terraform.Output(t, existingTerraformOptions, "cos_crn"),
 				"management_endpoint_type_for_bucket": "public",
 			},