chore: updated cbr enforcement mode (#251)

Ak-sky · web-flow · commit 50d21dbf030f · 2024-07-15T13:20:15.000+01:00
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -84,7 +84,7 @@ resource "ibm_is_subnet" "testacc_subnet" {
 # Create CBR Zone
 ##############################################################################
 
-module "cbr_zone" {
+module "cbr_vpc_zone" {
   source           = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module"
   version          = "1.23.0"
   name             = "${var.prefix}-VPC-network-zone"
@@ -96,6 +96,21 @@ module "cbr_zone" {
   }]
 }
 
+module "cbr_zone_schematics" {
+  source           = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module"
+  version          = "1.23.0"
+  name             = "${var.prefix}-schematics-zone"
+  zone_description = "CBR Network zone containing Schematics"
+  account_id       = data.ibm_iam_account_settings.iam_account_settings.account_id
+  addresses = [{
+    type = "serviceRef",
+    ref = {
+      account_id   = data.ibm_iam_account_settings.iam_account_settings.account_id
+      service_name = "schematics"
+    }
+  }]
+}
+
 module "event_notification" {
   source                    = "../../"
   resource_group_id         = module.resource_group.resource_group_id
@@ -117,7 +132,7 @@ module "event_notification" {
   cbr_rules = [
     {
       description      = "${var.prefix}-event notification access only from vpc"
-      enforcement_mode = "report"
+      enforcement_mode = "enabled"
       account_id       = data.ibm_iam_account_settings.iam_account_settings.account_id
       rule_contexts = [{
         attributes = [
@@ -127,7 +142,17 @@ module "event_notification" {
           },
           {
             name  = "networkZoneId"
-            value = module.cbr_zone.zone_id
+            value = module.cbr_vpc_zone.zone_id
+        }]
+        }, {
+        attributes = [
+          {
+            "name" : "endpointType",
+            "value" : "public"
+          },
+          {
+            name  = "networkZoneId"
+            value = module.cbr_zone_schematics.zone_id
         }]
       }]
     }
diff --git a/examples/fscloud/main.tf b/examples/fscloud/main.tf
@@ -38,7 +38,7 @@ resource "ibm_is_subnet" "testacc_subnet" {
 # Create CBR Zone
 ##############################################################################
 
-module "cbr_zone" {
+module "cbr_vpc_zone" {
   source           = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module"
   version          = "1.23.0"
   name             = "${var.prefix}-VPC-network-zone"
@@ -50,6 +50,21 @@ module "cbr_zone" {
   }]
 }
 
+module "cbr_zone_schematics" {
+  source           = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module"
+  version          = "1.23.0"
+  name             = "${var.prefix}-schematics-zone"
+  zone_description = "CBR Network zone containing Schematics"
+  account_id       = data.ibm_iam_account_settings.iam_account_settings.account_id
+  addresses = [{
+    type = "serviceRef",
+    ref = {
+      account_id   = data.ibm_iam_account_settings.iam_account_settings.account_id
+      service_name = "schematics"
+    }
+  }]
+}
+
 ##############################################################################
 # Create COS Instance
 ##############################################################################
@@ -117,7 +132,7 @@ module "event_notification" {
   cbr_rules = [
     {
       description      = "${var.prefix}-event notification access only from vpc"
-      enforcement_mode = "report"
+      enforcement_mode = "enabled"
       account_id       = data.ibm_iam_account_settings.iam_account_settings.account_id
       rule_contexts = [{
         attributes = [
@@ -127,7 +142,17 @@ module "event_notification" {
           },
           {
             name  = "networkZoneId"
-            value = module.cbr_zone.zone_id
+            value = module.cbr_vpc_zone.zone_id
+        }]
+        }, {
+        attributes = [
+          {
+            "name" : "endpointType",
+            "value" : "private"
+          },
+          {
+            name  = "networkZoneId"
+            value = module.cbr_zone_schematics.zone_id
         }]
       }]
     }
diff --git a/modules/fscloud/README.md b/modules/fscloud/README.md
@@ -40,7 +40,7 @@ module "event_notification" {
   cbr_rules = [
     {
       description      = "Event notification access only from vpc"
-      enforcement_mode = "report"
+      enforcement_mode = "enabled"
       account_id       = "defc0df06b644a9cabc6e44f55b3880s"
       rule_contexts = [{
         attributes = [
diff --git a/tests/pr_test.go b/tests/pr_test.go
@@ -55,41 +55,36 @@ func setupOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptio
 		Region:        validRegions[rand.Intn(len(validRegions))],
 	})
 
-	if dir == fsExampleDir {
-		options = testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{
-			Testing:       t,
-			TerraformDir:  dir,
-			Prefix:        prefix,
-			ResourceGroup: resourceGroup,
-			Region:        options.Region,
-			TerraformVars: map[string]interface{}{
-				"existing_kms_instance_crn": permanentResources["hpcs_south_crn"],
-				"root_key_crn":              permanentResources["hpcs_south_root_key_crn"],
-				"kms_endpoint_url":          permanentResources["hpcs_south_private_endpoint"],
-			},
-		})
-	}
 	return options
 }
 
-func TestRunCompleteExample(t *testing.T) {
+func TestCompleteExampleInSchematics(t *testing.T) {
 	t.Parallel()
 
-	options := setupOptions(t, "event-notification-complete", completeExampleDir)
-
-	output, err := options.RunTestConsistency()
-	assert.Nil(t, err, "This should not have errored")
-	assert.NotNil(t, output, "Expected some output")
-}
+	var region = validRegions[rand.Intn(len(validRegions))]
 
-func TestRunFSCloudExample(t *testing.T) {
-	t.Parallel()
+	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
+		Testing: t,
+		Prefix:  "en-complete",
+		TarIncludePatterns: []string{
+			"*.tf",
+			completeExampleDir + "/*.tf",
+		},
+		ResourceGroup:          resourceGroup,
+		TemplateFolder:         completeExampleDir,
+		Tags:                   []string{"test-schematic"},
+		DeleteWorkspaceOnFail:  false,
+		WaitJobCompleteMinutes: 60,
+	})
 
-	options := setupOptions(t, "en-fs", fsExampleDir)
+	options.TerraformVars = []testschematic.TestSchematicTerraformVar{
+		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
+		{Name: "prefix", Value: options.Prefix, DataType: "string"},
+		{Name: "region", Value: region, DataType: "string"},
+	}
 
-	output, err := options.RunTestConsistency()
+	err := options.RunSchematicTest()
 	assert.Nil(t, err, "This should not have errored")
-	assert.NotNil(t, output, "Expected some output")
 }
 
 func TestDAInSchematics(t *testing.T) {
@@ -104,7 +99,6 @@ func TestDAInSchematics(t *testing.T) {
 			"*.tf",
 			solutionDADir + "/*.tf",
 		},
-		ResourceGroup:          resourceGroup,
 		TemplateFolder:         solutionDADir,
 		Tags:                   []string{"test-schematic"},
 		DeleteWorkspaceOnFail:  false,
@@ -113,8 +107,8 @@ func TestDAInSchematics(t *testing.T) {
 
 	options.TerraformVars = []testschematic.TestSchematicTerraformVar{
 		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
-		{Name: "resource_group_name", Value: options.Prefix, DataType: "string"},
 		{Name: "region", Value: region, DataType: "string"},
+		{Name: "resource_group_name", Value: options.Prefix, DataType: "string"},
 		{Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"},
 		{Name: "kms_endpoint_url", Value: permanentResources["hpcs_south_private_endpoint"], DataType: "string"},
 		{Name: "cross_region_location", Value: "us", DataType: "string"},
@@ -124,6 +118,39 @@ func TestDAInSchematics(t *testing.T) {
 	assert.Nil(t, err, "This should not have errored")
 }
 
+func TestFSCloudInSchematics(t *testing.T) {
+	t.Parallel()
+
+	var region = validRegions[rand.Intn(len(validRegions))]
+
+	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
+		Testing: t,
+		Prefix:  "en-fs",
+		TarIncludePatterns: []string{
+			"*.tf",
+			fsExampleDir + "/*.tf",
+			"modules/fscloud/*.tf",
+		},
+		ResourceGroup:          resourceGroup,
+		TemplateFolder:         fsExampleDir,
+		Tags:                   []string{"test-schematic"},
+		DeleteWorkspaceOnFail:  false,
+		WaitJobCompleteMinutes: 60,
+	})
+
+	options.TerraformVars = []testschematic.TestSchematicTerraformVar{
+		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
+		{Name: "region", Value: region, DataType: "string"},
+		{Name: "prefix", Value: options.Prefix, DataType: "string"},
+		{Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"},
+		{Name: "kms_endpoint_url", Value: permanentResources["hpcs_south_private_endpoint"], DataType: "string"},
+		{Name: "root_key_crn", Value: permanentResources["hpcs_south_root_key_crn"], DataType: "string"},
+	}
+
+	err := options.RunSchematicTest()
+	assert.Nil(t, err, "This should not have errored")
+}
+
 func TestRunUpgradeDASolution(t *testing.T) {
 	t.Parallel()
 

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ module "event_notification" {`
`40`	`40`	`cbr_rules = [`
`41`	`41`	`{`
`42`	`42`	`description = "Event notification access only from vpc"`
`43`		`- enforcement_mode = "report"`
	`43`	`+ enforcement_mode = "enabled"`
`44`	`44`	`account_id = "defc0df06b644a9cabc6e44f55b3880s"`
`45`	`45`	`rule_contexts = [{`
`46`	`46`	`attributes = [`