add : fully configurable version #300
Conversation
Aayush-Abhyarthi
changed the title
Aayush-Abhyarthi
changed the title
There was a problem hiding this comment.
Do not use spaces in directory names. The renamed directory should be solutions/security-enforced. The label name should be Security-enforced and the programmtic variation name should be security-enforced. I think you need to check your changes against the recent updates that were made to the standard variation. Several variables were renamed, and it seems you do not have the new names.
I think the direction we are going is the the whole code in the standard (security-enforced) directory will go away, and that new Security-enforced variation will actually just call the see below commentFully configurable variation in the ibm_catalog.json but will hard code a few variables, and force require others to lock it down. Otherwise we end up with alot of code duplication for now reason. Such a change will be a full breaking major version release.
|
@Aayush-Abhyarthi We talked more about what to do with the current |
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
Aayush-Abhyarthi
changed the title
|
/run pipeline |
|
/run pipeline |
There was a problem hiding this comment.
@Aayush-Abhyarthi Can you review all the variable descriptions please? Make sure they reference any related inputs.
Can you also make sure you are consistent everywhere with the changes in terraform-ibm-modules/terraform-ibm-scc#249?
The DA is missing the skip_iam_authorization_policy input that was added to the root level module for enabling the IAM credentials engine.
Diagram updates:
- Resource Group -> Existing resource group
- Make it more clear that IAM Engine is enabled now via an s2s policy. I would move the icon into the outer IBM Cloud box and rename it 'IAM'. And add the text 's2s IAM auth' along the arror that points to it
- Event Notifications -> Existing Event Notifications
Update the topic name to include the secrets manager GUID (like I did here)
|
/run pipeline |
|
#295 should be merged first |
|
/run pipeline |
There was a problem hiding this comment.
Please review the test coverage:
- You can remove
TestRunUpgradeExample- we don't need an upgrade test on an example since we have one for the DA - I see no point in having both
TestRunSecretsManagerSecurityEnforcedUpgradeSchematicandTestRunSecretsManagerFullyConfigurableUpgradeSchematicsince security enforced variation is a wrapper around fully configurable. I don't think we will introduce much of a test gap if we just have an upgrade test for security enforced. - There is no test that does not use KMS encryption
- There is no test that uses existing KMS key
- There is no test that uses existing secrets manager instance
Please try to plug these test gaps, but if keep the number of tests as low as possible so we don't create lots of secrets manager instances that will take up our quota
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
|
🎉 This PR is included in version 2.0.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
…nforced"<br>- The "standard" variation has been deprecated does not exist in this release (#300) BREAKING CHANGE: There is no upgrade path from the deprecated "Standard" DA variation to either of the new "Fully configurable" or "Security-enforced variations
Description
https://github.ibm.com/GoldenEye/issues/issues/12575
Release required?
x.x.X)x.X.x)X.x.x)Release notes content
This PR releases two variations of the Deployable Architecture -
The Solutions variation is depricated.
Run the pipeline
If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.
Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:
Checklist for reviewers
For mergers