diff --git a/ibm_catalog.json b/ibm_catalog.json index 19c0f4c5..cabbf342 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -1,356 +1,358 @@ { - "products": [ - { - "name": "deploy-arch-ibm-icd-elasticsearch", - "label": "Cloud automation for Databases for Elasticsearch", - "product_kind": "solution", - "tags": [ - "ibm_created", - "target_terraform", - "terraform", - "data_management", - "solution" - ], - "keywords": [ - "elasticsearch", - "IaC", - "infrastructure as code", - "terraform", - "solution", - "elasticsearch standard", - "database", - "nosql" - ], - "short_description": "Creates and configures an instance of IBM Cloud Databases for Elasticsearch.", - "long_description": "This architecture supports creating and configuring an instance of Databases for Elasticsearch with KMS encryption.", - "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-icd-elasticsearch/blob/main/README.md", - "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-icd-elasticsearch/main/images/elasticsearch_icon.svg", - "provider_name": "IBM", - "features": [ - { - "title": "Creates an instance of Databases for Elasticsearch", - "description": "Creates and configures an IBM Cloud Databases for Elasticsearch instance." - }, - { - "title": "Supports KMS encryption", - "description": "Provides KMS encryption for the data that you store in the database." - }, - { - "title": "Supports autoscaling", - "description": "Provides the autoscaling to allow the database to increase resources in response to usage." - }, - { - "title": "Attaches access tags", - "description": "Attaches access tags to the Elasticsearch instance." - }, - { - "title": "Supports backup restoration", - "description": "Provides database restoration using a backup created by a deployment with the same service ID." - } - ], - "flavors": [ - { - "label": "Standard", - "name": "standard", - "install_type": "fullstack", - "working_directory": "solutions/standard", - "compliance": { - "authority": "scc-v3", - "profiles": [ - { - "profile_name": "IBM Cloud Framework for Financial Services", - "profile_version": "1.7.0" - } - ] + "products": [ + { + "name": "deploy-arch-ibm-icd-elasticsearch", + "label": "Cloud automation for Databases for Elasticsearch", + "product_kind": "solution", + "tags": [ + "ibm_created", + "target_terraform", + "terraform", + "data_management", + "solution" + ], + "keywords": [ + "elasticsearch", + "IaC", + "infrastructure as code", + "terraform", + "solution", + "elasticsearch standard", + "database", + "nosql" + ], + "short_description": "Creates and configures an instance of IBM Cloud Databases for Elasticsearch.", + "long_description": "This architecture supports creating and configuring an instance of Databases for Elasticsearch with KMS encryption.", + "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-icd-elasticsearch/blob/main/README.md", + "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-icd-elasticsearch/main/images/elasticsearch_icon.svg", + "provider_name": "IBM", + "features": [ + { + "title": "Creates an instance of Databases for Elasticsearch", + "description": "Creates and configures an IBM Cloud Databases for Elasticsearch instance." }, - "iam_permissions": [ - { - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "service_name": "databases-for-elasticsearch" - } - ], - "architecture": { - "descriptions": "This architecture creates an instance of IBM CLoud Databases for Elasticsearch instance with KMS encryption. Supports autoscaling.", - "features": [ + { + "title": "Supports KMS encryption", + "description": "Provides KMS encryption for the data that you store in the database." + }, + { + "title": "Supports autoscaling", + "description": "Provides the autoscaling to allow the database to increase resources in response to usage." + }, + { + "title": "Attaches access tags", + "description": "Attaches access tags to the Elasticsearch instance." + }, + { + "title": "Supports backup restoration", + "description": "Provides database restoration using a backup created by a deployment with the same service ID." + } + ], + "flavors": [ + { + "label": "Standard", + "name": "standard", + "install_type": "fullstack", + "working_directory": "solutions/standard", + "compliance": { + "authority": "scc-v3", + "profiles": [ + { + "profile_name": "IBM Cloud Framework for Financial Services", + "profile_version": "1.6.0" + } + ]}, + "iam_permissions": [ { - "title": " Creates an instance of Databases for Elasticsearch", - "description": "This architecture creates an instance of IBM Cloud Databases for Elasticsearch with KMS encryption. It accepts or creates a resource group, and provides autoscaling rules." + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "databases-for-elasticsearch" } ], - "diagrams": [ - { - "diagram": { - "caption": "Databases for Elasticsearch instance on IBM Cloud", - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-icd-elasticsearch/main/reference-architecture/deployable-architecture-elasticsearch.svg", - "type": "image/svg+xml" - }, - "description": "This architecture supports creating and configuring an instance of Databases for Elasticsearch instance with KMS encryption." - } - ] - }, - "configuration": [ - { - "key": "ibmcloud_api_key" + "architecture": { + "descriptions": "This architecture creates an instance of IBM Cloud Databases for Elasticsearch instance with KMS encryption. Supports autoscaling.", + "features": [ + { + "title": " Creates an instance of Databases for Elasticsearch", + "description": "This architecture creates an instance of IBM Cloud Databases for Elasticsearch with KMS encryption. It accepts or creates a resource group, and provides autoscaling rules." + } + ], + "diagrams": [ + { + "diagram": { + "caption": "Databases for Elasticsearch instance on IBM Cloud", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-icd-elasticsearch/main/reference-architecture/deployable-architecture-elasticsearch.svg", + "type": "image/svg+xml" + }, + "description": "This architecture supports creating and configuring an instance of Databases for Elasticsearch instance with KMS encryption." + } + ] }, - { - "key": "provider_visibility", - "options": [ + "configuration": [ { - "displayname": "private", - "value": "private" + "key": "ibmcloud_api_key" }, { - "displayname": "public", - "value": "public" + "key": "provider_visibility", + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ] }, { - "displayname": "public-and-private", - "value": "public-and-private" - } - ] - }, - { - "key": "use_existing_resource_group" - }, - { - "key": "resource_group_name" - }, - { - "key": "prefix" - }, - { - "key": "region", - "required": true, - "options": [ + "key": "use_existing_resource_group" + }, { - "displayname": "Chennai (che01)", - "value": "che01" + "key": "resource_group_name" }, { - "displayname": "Dallas (us-south)", - "value": "us-south" + "key": "prefix" }, { - "displayname": "Frankfurt (eu-de)", - "value": "eu-de" + "key": "region", + "required": true, + "options": [ + { + "displayname": "Chennai (che01)", + "value": "che01" + }, + { + "displayname": "Dallas (us-south)", + "value": "us-south" + }, + { + "displayname": "Frankfurt (eu-de)", + "value": "eu-de" + }, + { + "displayname": "London (eu-gb)", + "value": "eu-gb" + }, + { + "displayname": "Madrid (eu-es)", + "value": "eu-es" + }, + { + "displayname": "Osaka (jp-osa)", + "value": "jp-osa" + }, + { + "displayname": "Paris (par01)", + "value": "par01" + }, + { + "displayname": "Sao Paulo (br-sao)", + "value": "br-sao" + }, + { + "displayname": "Sydney (au-syd)", + "value": "au-syd" + }, + { + "displayname": "Toronto (ca-tor)", + "value": "ca-tor" + }, + { + "displayname": "Tokyo (jp-tok)", + "value": "jp-tok" + }, + { + "displayname": "Washington (us-east)", + "value": "us-east" + } + ] }, { - "displayname": "London (eu-gb)", - "value": "eu-gb" + "key": "name" }, { - "displayname": "Madrid (eu-es)", - "value": "eu-es" + "key": "existing_db_instance_crn" }, { - "displayname": "Osaka (jp-osa)", - "value": "jp-osa" + "key": "plan", + "options": [ + { + "displayname": "enterprise", + "value": "enterprise" + }, + { + "displayname": "platinum", + "value": "platinum" + } + ] }, { - "displayname": "Paris (par01)", - "value": "par01" + "key": "elasticsearch_version", + "required": true, + "options": [ + { + "displayname": "8.15", + "value": "8.15" + }, + { + "displayname": "8.12", + "value": "8.12" + }, + { + "displayname": "8.10", + "value": "8.10" + } + ] }, { - "displayname": "Sao Paulo (br-sao)", - "value": "br-sao" + "key": "tags" }, { - "displayname": "Sydney (au-syd)", - "value": "au-syd" + "key": "access_tags" }, { - "displayname": "Toronto (ca-tor)", - "value": "ca-tor" + "key": "auto_scaling" }, { - "displayname": "Tokyo (jp-tok)", - "value": "jp-tok" + "key": "members" }, { - "displayname": "Washington (us-east)", - "value": "us-east" - } - ] - }, - { - "key": "name" - }, - { - "key": "existing_db_instance_crn" - }, - { - "key": "plan", - "options": [ + "key": "member_memory_mb" + }, { - "displayname": "enterprise", - "value": "enterprise" + "key": "member_cpu_count" }, { - "displayname": "platinum", - "value": "platinum" - } - ] - }, - { - "key": "elasticsearch_version", - "required": true, - "options": [ + "key": "member_disk_mb" + }, { - "displayname": "8.15", - "value": "8.15" + "key": "member_host_flavor" }, { - "displayname": "8.12", - "value": "8.12" + "key": "admin_pass" }, { - "displayname": "8.10", - "value": "8.10" - } - ] - }, - { - "key": "tags" - }, - { - "key": "access_tags" - }, - { - "key": "auto_scaling" - }, - { - "key": "members" - }, - { - "key": "member_memory_mb" - }, - { - "key": "member_cpu_count" - }, - { - "key": "member_disk_mb" - }, - { - "key": "member_host_flavor" - }, - { - "key": "admin_pass" - }, - { - "key": "users" - }, - { - "key": "service_credential_names" - }, - { - "key": "existing_secrets_manager_instance_crn" - }, - { - "key": "existing_secrets_manager_endpoint_type", - "options": [ + "key": "users" + }, { - "displayname": "public", - "value": "public" + "key": "service_credential_names" }, { - "displayname": "private", - "value": "private" - } - ] - }, - { - "key": "service_credential_secrets" - }, - { - "key": "admin_pass_sm_secret_group" - }, - { - "key": "use_existing_admin_pass_sm_secret_group" - }, - { - "key": "admin_pass_sm_secret_name" - }, - { - "key": "skip_es_sm_auth_policy" - }, - { - "key": "ibmcloud_kms_api_key" - }, - { - "key": "kms_endpoint_type", - "options": [ + "key": "existing_secrets_manager_instance_crn" + }, { - "displayname": "public", - "value": "public" + "key": "existing_secrets_manager_endpoint_type", + "options": [ + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "private", + "value": "private" + } + ] }, { - "displayname": "private", - "value": "private" - } - ] - }, - { - "key": "use_ibm_owned_encryption_key" - }, - { - "key": "existing_kms_instance_crn", - "required": true - }, - { - "key": "existing_kms_key_crn" - }, - { - "key": "existing_backup_kms_key_crn" - }, - { - "key": "use_default_backup_encryption_key" - }, - { - "key": "elasticsearch_key_ring_name" - }, - { - "key": "elasticsearch_key_name" - }, - { - "key": "skip_es_kms_auth_policy" - }, - { - "key": "backup_crn" - }, - { - "key": "enable_elser_model" - }, - { - "key": "elser_model_type", - "options": [ + "key": "service_credential_secrets" + }, + { + "key": "admin_pass_sm_secret_group" + }, + { + "key": "use_existing_admin_pass_sm_secret_group" + }, { - "displayname": ".elser_model_1", - "value": ".elser_model_1" + "key": "admin_pass_sm_secret_name" }, { - "displayname": ".elser_model_2", - "value": ".elser_model_2" + "key": "skip_es_sm_auth_policy" }, { - "displayname": ".elser_model_2_linux-x86_64", - "value": ".elser_model_2_linux-x86_64" + "key": "ibmcloud_kms_api_key" + }, + { + "key": "kms_endpoint_type", + "options": [ + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "private", + "value": "private" + } + ] + }, + { + "key": "use_ibm_owned_encryption_key" + }, + { + "key": "existing_kms_instance_crn", + "required": true + }, + { + "key": "existing_kms_key_crn" + }, + { + "key": "existing_backup_kms_key_crn" + }, + { + "key": "use_default_backup_encryption_key" + }, + { + "key": "elasticsearch_key_ring_name" + }, + { + "key": "elasticsearch_key_name" + }, + { + "key": "skip_es_kms_auth_policy" + }, + { + "key": "backup_crn" + }, + { + "key": "enable_elser_model" + }, + { + "key": "elser_model_type", + "options": [ + { + "displayname": ".elser_model_1", + "value": ".elser_model_1" + }, + { + "displayname": ".elser_model_2", + "value": ".elser_model_2" + }, + { + "displayname": ".elser_model_2_linux-x86_64", + "value": ".elser_model_2_linux-x86_64" + } + ] + }, + { + "key": "enable_kibana_dashboard" + }, + { + "key": "existing_code_engine_project_id" + }, + { + "key": "kibana_registry_namespace_image" + }, + { + "key": "kibana_image_digest" } ] - }, - { - "key": "enable_kibana_dashboard" - }, - { - "key": "existing_code_engine_project_id" - }, - { - "key": "elasticsearch_full_version" - } - ] - } - ] - } - ] -} + } + ] + } + ] + } diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf index 4e320836..64b4f0d9 100644 --- a/solutions/standard/main.tf +++ b/solutions/standard/main.tf @@ -435,8 +435,7 @@ locals { code_engine_project_id = var.existing_code_engine_project_id != null ? var.existing_code_engine_project_id : null code_engine_project_name = local.code_engine_project_id != null ? null : var.prefix != null ? "${var.prefix}-code-engine-kibana-project" : "ce-kibana-project" code_engine_app_name = var.prefix != null ? "${var.prefix}-kibana-app" : "ce-kibana-app" - es_data = var.enable_kibana_dashboard ? jsondecode(data.http.es_metadata[0].response_body) : null - es_full_version = var.enable_kibana_dashboard ? (var.elasticsearch_full_version != null ? var.elasticsearch_full_version : local.es_data.version.number) : null + kibana_version = var.enable_kibana_dashboard ? jsondecode(data.http.es_metadata[0].response_body).version.number : null } data "http" "es_metadata" { @@ -463,7 +462,7 @@ module "code_engine_kibana" { apps = { (local.code_engine_app_name) = { - image_reference = "docker.elastic.co/kibana/kibana:${local.es_full_version}" + image_reference = var.kibana_image_digest != null ? "${var.kibana_registry_namespace_image}@${var.kibana_image_digest}" : "${var.kibana_registry_namespace_image}:${local.kibana_version}" image_port = 5601 run_env_variables = [{ type = "literal" diff --git a/solutions/standard/variables.tf b/solutions/standard/variables.tf index b6378daf..541091de 100644 --- a/solutions/standard/variables.tf +++ b/solutions/standard/variables.tf @@ -352,19 +352,31 @@ variable "admin_pass_sm_secret_name" { ############################################################## variable "existing_code_engine_project_id" { - description = "Existing code engine project ID to deploy Kibana. If no value is passed, a new code engine project will be created." type = string + description = "Existing code engine project ID to deploy Kibana. If no value is passed, a new code engine project will be created." default = null } variable "enable_kibana_dashboard" { type = bool - description = "Set it true to deploy Kibana in code engine. NOTE: Kibana image is coming direcly from the official registry (https://www.docker.elastic.co/) and not certified by the IBM." + description = "Set to true to deploy Kibana in Code Engine. NOTE: By default, the Kibana image will be pulled from the official Elastic registry (docker.elastic.co) and is not certified by IBM, however this can be overridden using the `kibana_registry_namespace_image` and `kibana_image_digest` inputs." default = false } -variable "elasticsearch_full_version" { - description = "(Optional) Full version of the Elasticsearch instance in the format `x.x.x` to deploy Kibana dashboard. If no value is passed, data lookup will fetch the full version using the Elasticsearch API, see https://github.com/elastic/kibana?tab=readme-ov-file#version-compatibility-with-elasticsearch" +variable "kibana_registry_namespace_image" { + type = string + description = "The full Elasticsearch version (format `[registry-url]/[namespace]/[image]`) required to deploy the Kibana dashboard. This value is used only when `enable_kibana_dashboard` is set to true. By default, the image is pulled from `docker.elastic.co/kibana/kibana`." + default = "docker.elastic.co/kibana/kibana" +} + +variable "kibana_image_digest" { type = string + description = "When `enable_kibana_dashboard` is set to true, Kibana is deployed using an image tag compatible with the Elasticsearch version. Alternatively, an image digest in the format `sha256:xxxxx...` can also be specified but it must correspond to a version compatible with the Elasticsearch instance." default = null + validation { + condition = var.kibana_image_digest == null || can(regex("^sha256:", var.kibana_image_digest)) + error_message = "If provided, the value of kibana_image_digest must start with 'sha256:'." + } + + } diff --git a/solutions/standard/version.tf b/solutions/standard/version.tf index 99a88e8b..3e341a8b 100644 --- a/solutions/standard/version.tf +++ b/solutions/standard/version.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.3.0" + required_version = ">= 1.9.0" # Lock DA into an exact provider version - renovate automation will keep it updated required_providers { diff --git a/tests/pr_test.go b/tests/pr_test.go index c30f39f3..0e678276 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -121,7 +121,7 @@ func TestRunStandardSolutionSchematics(t *testing.T) { {Name: "access_tags", Value: permanentResources["accessTags"], DataType: "list(string)"}, {Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"}, {Name: "existing_backup_kms_key_crn", Value: permanentResources["hpcs_south_root_key_crn"], DataType: "string"}, - {Name: "kms_endpoint_type", Value: "public", DataType: "string"}, + {Name: "kms_endpoint_type", Value: "private", DataType: "string"}, {Name: "resource_group_name", Value: options.Prefix, DataType: "string"}, {Name: "plan", Value: "platinum", DataType: "string"}, {Name: "enable_elser_model", Value: true, DataType: "bool"},