|
2 | 2 | "products": [ |
3 | 3 | { |
4 | 4 | "name": "deploy-arch-ibm-kms", |
5 | | - "label": "Cloud automation for Key Management Services", |
| 5 | + "label": "Cloud automation for Key Protect", |
6 | 6 | "product_kind": "solution", |
7 | 7 | "tags": [ |
8 | 8 | "ibm_created", |
|
22 | 22 | "solution" |
23 | 23 | ], |
24 | 24 | "short_description": "Creates and configures IBM Cloud Key Management resources", |
25 | | - "long_description": "This architecture supports creating and configuring an IBM Key Protect instance, Key Rings, and Keys.", |
| 25 | + "long_description": "This architecture supports creating and configuring an IBM Key Protect instance, Key Rings, and Keys. For more details on Key Protect, [see here](https://cloud.ibm.com/docs/key-protect/index.html).", |
26 | 26 | "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-kms-all-inclusive/blob/main/solutions/fully-configurable/README.md", |
27 | 27 | "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-kms-all-inclusive/main/images/key_protect_icon.svg", |
28 | 28 | "provider_name": "IBM", |
29 | 29 | "features": [ |
30 | 30 | { |
31 | | - "title": "Creates a Key Protect instance.", |
32 | | - "description": "Creates and configures a Key Protect instance." |
| 31 | + "title": "Creates a Key Protect instance", |
| 32 | + "description": "For more details on Key Protect instances, [see here](https://cloud.ibm.com/catalog/services/key-protect#about)." |
33 | 33 | }, |
34 | 34 | { |
35 | 35 | "title": "Creates Key Rings and Keys", |
36 | | - "description": "Creates Key Rings and Keys in a KMS instance (Key Protect or HPCS)." |
| 36 | + "description": "For more details on Key Rings and Keys in a KMS instance (Key Protect or HPCS), [see here](https://github.com/terraform-ibm-modules/terraform-ibm-kms-all-inclusive/blob/main/solutions/fully-configurable/DA-keys.md)." |
| 37 | + }, |
| 38 | + { |
| 39 | + "title": "Creates Context-Based Restriction rules for Key Protect instance", |
| 40 | + "description": "For more details on Context-Based Restriction rules, [see here](https://github.com/terraform-ibm-modules/terraform-ibm-kms-all-inclusive/blob/main/solutions/fully-configurable/DA-cbr_rules.md)." |
37 | 41 | } |
38 | 42 | ], |
39 | 43 | "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in that repository [https://github.com/terraform-ibm-modules/terraform-ibm-kms-all-inclusive/issues](https://github.com/terraform-ibm-modules/terraform-ibm-kms-all-inclusive/issues). Please note this product is not supported via the IBM Cloud Support Center.", |
|
58 | 62 | "crn:v1:bluemix:public:iam::::serviceRole:Manager", |
59 | 63 | "crn:v1:bluemix:public:iam::::role:Editor" |
60 | 64 | ], |
61 | | - "service_name": "kms" |
| 65 | + "service_name": "kms", |
| 66 | + "notes": "[Optional] Required if you are creating a new Key Protect Instance." |
| 67 | + }, |
| 68 | + { |
| 69 | + "role_crns": [ |
| 70 | + "crn:v1:bluemix:public:iam::::role:Administrator" |
| 71 | + ], |
| 72 | + "service_name": "iam-identity", |
| 73 | + "notes": "[Optional] Required if Cloud automation for account configuration is enabled." |
62 | 74 | } |
63 | 75 | ], |
64 | 76 | "configuration": [ |
|
67 | 79 | }, |
68 | 80 | { |
69 | 81 | "key": "existing_resource_group_name", |
70 | | - "required": true, |
| 82 | + "display_name": "resource_group", |
| 83 | + "required": false, |
| 84 | + "default_value": "Default", |
71 | 85 | "custom_config": { |
72 | 86 | "type": "resource_group", |
73 | 87 | "grouping": "deployment", |
|
143 | 157 | "displayname": "public-and-private", |
144 | 158 | "value": "public-and-private" |
145 | 159 | } |
146 | | - ] |
| 160 | + ], |
| 161 | + "hidden": true |
147 | 162 | }, |
148 | 163 | { |
149 | 164 | "key": "key_protect_instance_name" |
150 | 165 | }, |
| 166 | + { |
| 167 | + "key": "existing_kms_instance_crn" |
| 168 | + }, |
151 | 169 | { |
152 | 170 | "key": "key_protect_plan", |
153 | 171 | "options": [ |
|
162 | 180 | ] |
163 | 181 | }, |
164 | 182 | { |
165 | | - "key": "key_protect_allowed_network", |
166 | | - "options": [ |
167 | | - { |
168 | | - "displayname": "Public and private", |
169 | | - "value": "public-and-private" |
170 | | - }, |
171 | | - { |
172 | | - "displayname": "Private only", |
173 | | - "value": "private-only" |
174 | | - } |
175 | | - ] |
176 | | - }, |
177 | | - { |
178 | | - "key": "key_protect_resource_tags", |
179 | | - "custom_config": { |
180 | | - "grouping": "deployment", |
181 | | - "original_grouping": "deployment", |
182 | | - "config_constraints": { |
183 | | - "type": "string" |
184 | | - } |
185 | | - } |
186 | | - }, |
187 | | - { |
188 | | - "key": "key_protect_access_tags", |
189 | | - "custom_config": { |
190 | | - "grouping": "deployment", |
191 | | - "original_grouping": "deployment", |
192 | | - "config_constraints": { |
193 | | - "type": "string" |
194 | | - } |
195 | | - } |
196 | | - }, |
197 | | - { |
198 | | - "key": "rotation_interval_month" |
| 183 | + "key": "keys" |
199 | 184 | }, |
200 | 185 | { |
201 | | - "key": "existing_kms_instance_crn" |
| 186 | + "key": "rotation_interval_month", |
| 187 | + "default_value": 3 |
202 | 188 | }, |
203 | 189 | { |
204 | 190 | "key": "kms_endpoint_type", |
| 191 | + "hidden": true, |
205 | 192 | "options": [ |
206 | 193 | { |
207 | 194 | "displayname": "Public", |
|
214 | 201 | ] |
215 | 202 | }, |
216 | 203 | { |
217 | | - "key": "keys" |
218 | | - }, |
219 | | - { |
220 | | - "key": "key_protect_instance_cbr_rules" |
221 | | - } |
222 | | - ], |
223 | | - "architecture": { |
224 | | - "descriptions": "This architecture supports creating and configuring an Key Protect instance.", |
225 | | - "features": [ |
226 | | - { |
227 | | - "title": "Creates a Key Protect instance.", |
228 | | - "description": "Creates and configures a Key Protect instance." |
229 | | - }, |
230 | | - { |
231 | | - "title": "Creates Key Rings and Keys", |
232 | | - "description": "Creates Key Rings and Keys in a KMS instance (Key Protect or HPCS)." |
233 | | - } |
234 | | - ], |
235 | | - "diagrams": [ |
236 | | - { |
237 | | - "diagram": { |
238 | | - "caption": "IBM Key Management Services", |
239 | | - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-kms-all-inclusive/main/reference-architecture/key_protect.svg", |
240 | | - "type": "image/svg+xml" |
241 | | - }, |
242 | | - "description": "This architecture supports creating and configuring IBM Key Management resources" |
243 | | - } |
244 | | - ] |
245 | | - } |
246 | | - }, |
247 | | - { |
248 | | - "label": "Security enforced", |
249 | | - "name": "security-enforced", |
250 | | - "install_type": "fullstack", |
251 | | - "working_directory": "solutions/security-enforced", |
252 | | - "compliance": { |
253 | | - "authority": "scc-v3", |
254 | | - "profiles": [ |
255 | | - { |
256 | | - "profile_name": "CIS IBM Cloud Foundations Benchmark v1.1.0", |
257 | | - "profile_version": "1.1.0" |
258 | | - } |
259 | | - ] |
260 | | - }, |
261 | | - "iam_permissions": [ |
262 | | - { |
263 | | - "role_crns": [ |
264 | | - "crn:v1:bluemix:public:iam::::serviceRole:Manager", |
265 | | - "crn:v1:bluemix:public:iam::::role:Editor" |
266 | | - ], |
267 | | - "service_name": "kms" |
268 | | - } |
269 | | - ], |
270 | | - "configuration": [ |
271 | | - { |
272 | | - "key": "ibmcloud_api_key" |
273 | | - }, |
274 | | - { |
275 | | - "key": "existing_resource_group_name", |
276 | | - "required": true, |
277 | | - "custom_config": { |
278 | | - "type": "resource_group", |
279 | | - "grouping": "deployment", |
280 | | - "original_grouping": "deployment", |
281 | | - "config_constraints": { |
282 | | - "identifier": "rg_name" |
283 | | - } |
284 | | - } |
285 | | - }, |
286 | | - { |
287 | | - "key": "region", |
288 | | - "required": true, |
289 | | - "default_value": "", |
290 | | - "options": [ |
291 | | - { |
292 | | - "displayname": "Dallas (us-south)", |
293 | | - "value": "us-south" |
294 | | - }, |
295 | | - { |
296 | | - "displayname": "Frankfurt (eu-de)", |
297 | | - "value": "eu-de" |
298 | | - }, |
299 | | - { |
300 | | - "displayname": "London (eu-gb)", |
301 | | - "value": "eu-gb" |
302 | | - }, |
303 | | - { |
304 | | - "displayname": "Madrid (eu-es)", |
305 | | - "value": "eu-es" |
306 | | - }, |
307 | | - { |
308 | | - "displayname": "Osaka (jp-osa)", |
309 | | - "value": "jp-osa" |
310 | | - }, |
311 | | - { |
312 | | - "displayname": "Sao Paulo (br-sao)", |
313 | | - "value": "br-sao" |
314 | | - }, |
315 | | - { |
316 | | - "displayname": "Sydney (au-syd)", |
317 | | - "value": "au-syd" |
318 | | - }, |
319 | | - { |
320 | | - "displayname": "Tokyo (jp-tok)", |
321 | | - "value": "jp-tok" |
322 | | - }, |
323 | | - { |
324 | | - "displayname": "Toronto (ca-tor)", |
325 | | - "value": "ca-tor" |
326 | | - }, |
327 | | - { |
328 | | - "displayname": "Washington (us-east)", |
329 | | - "value": "us-east" |
330 | | - } |
331 | | - ] |
332 | | - }, |
333 | | - { |
334 | | - "key": "prefix", |
335 | | - "required": true, |
336 | | - "description": "The prefix to add to all resources that this solution creates. To not use any prefix value, you can enter the string `__NULL__`." |
337 | | - }, |
338 | | - { |
339 | | - "key": "provider_visibility", |
| 204 | + "key": "key_protect_allowed_network", |
340 | 205 | "options": [ |
341 | 206 | { |
342 | | - "displayname": "private", |
343 | | - "value": "private" |
344 | | - }, |
345 | | - { |
346 | | - "displayname": "public", |
347 | | - "value": "public" |
348 | | - }, |
349 | | - { |
350 | | - "displayname": "public-and-private", |
| 207 | + "displayname": "Public and private", |
351 | 208 | "value": "public-and-private" |
352 | | - } |
353 | | - ] |
354 | | - }, |
355 | | - { |
356 | | - "key": "key_protect_instance_name" |
357 | | - }, |
358 | | - { |
359 | | - "key": "key_protect_plan", |
360 | | - "options": [ |
361 | | - { |
362 | | - "displayname": "Tiered Pricing", |
363 | | - "value": "tiered-pricing" |
364 | 209 | }, |
365 | 210 | { |
366 | | - "displayname": "Cross Region Resiliency", |
367 | | - "value": "cross-region-resiliency" |
| 211 | + "displayname": "Private only", |
| 212 | + "value": "private-only" |
368 | 213 | } |
369 | 214 | ] |
370 | 215 | }, |
|
388 | 233 | } |
389 | 234 | } |
390 | 235 | }, |
391 | | - { |
392 | | - "key": "rotation_interval_month" |
393 | | - }, |
394 | | - { |
395 | | - "key": "existing_kms_instance_crn" |
396 | | - }, |
397 | | - { |
398 | | - "key": "keys" |
399 | | - }, |
400 | 236 | { |
401 | 237 | "key": "key_protect_instance_cbr_rules" |
402 | 238 | } |
403 | 239 | ], |
404 | 240 | "architecture": { |
405 | | - "descriptions": "This architecture supports creating and configuring an Key Protect instance.", |
| 241 | + "description": "This architecture supports creating and configuring a Key Protect instance.", |
406 | 242 | "features": [ |
407 | 243 | { |
408 | | - "title": "Creates a Key Protect instance.", |
| 244 | + "title": "Key Protect instance", |
409 | 245 | "description": "Creates and configures a Key Protect instance." |
410 | 246 | }, |
411 | 247 | { |
412 | | - "title": "Creates Key Rings and Keys", |
413 | | - "description": "Creates Key Rings and Keys in a KMS instance (Key Protect or HPCS)." |
| 248 | + "title": "Key Rings and Keys", |
| 249 | + "description": "Creates Key Rings and Keys for either Key Protect or Hyper Protect Crypto Services instances." |
| 250 | + }, |
| 251 | + { |
| 252 | + "title": "Context-Based Restriction rules", |
| 253 | + "description": "Creates Context-Based Restriction rules for Key Protect instance." |
414 | 254 | } |
415 | 255 | ], |
416 | 256 | "diagrams": [ |
|
420 | 260 | "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-kms-all-inclusive/main/reference-architecture/key_protect.svg", |
421 | 261 | "type": "image/svg+xml" |
422 | 262 | }, |
423 | | - "description": "This architecture supports creating and configuring IBM Key Management resources" |
| 263 | + "description": "" |
424 | 264 | } |
425 | 265 | ] |
| 266 | + }, |
| 267 | + "dependencies": [ |
| 268 | + { |
| 269 | + "name": "deploy-arch-ibm-account-infra-base", |
| 270 | + "description": "This module prepares your IBM Cloud account with the necessary configurations to ensure a secure and organized environment for your architecture.", |
| 271 | + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", |
| 272 | + "flavors": [ |
| 273 | + "resource-group-only", |
| 274 | + "resource-groups-with-account-settings" |
| 275 | + ], |
| 276 | + "default_flavor": "resource-group-only", |
| 277 | + "id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global", |
| 278 | + "input_mapping": [ |
| 279 | + { |
| 280 | + "dependency_output": "security_resource_group_name", |
| 281 | + "version_input": "existing_resource_group_name" |
| 282 | + }, |
| 283 | + { |
| 284 | + "dependency_input": "prefix", |
| 285 | + "version_input": "prefix", |
| 286 | + "reference_version": true |
| 287 | + }, |
| 288 | + { |
| 289 | + "dependency_input": "provider_visibility", |
| 290 | + "version_input": "provider_visibility", |
| 291 | + "reference_version": true |
| 292 | + }, |
| 293 | + { |
| 294 | + "version_input": "use_existing_resource_group", |
| 295 | + "value": true |
| 296 | + } |
| 297 | + ], |
| 298 | + "optional": true, |
| 299 | + "on_by_default": false, |
| 300 | + "version": "v3.0.4" |
426 | 301 | } |
| 302 | + ], |
| 303 | + "dependency_version_2": true, |
| 304 | + "terraform_version": "1.10.5" |
427 | 305 | } |
428 | 306 | ] |
429 | 307 | } |
|
0 commit comments