diff --git a/ibm_catalog.json b/ibm_catalog.json index 09892b6..e332e74 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -333,6 +333,13 @@ "description": "The CRN of an existing event notification instance to use in this solution. If not set, a new event notification instance is provisioned.", "required": false }, + { + "key": "existing_scc_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing security and compliance center instance to use in this solution. If not set, a new security and compliance center instance is provisioned.", + "required": false + }, { "key": "existing_discovery_instance", "type": "string", diff --git a/solutions/basic/stack_definition.json b/solutions/basic/stack_definition.json index 469904d..b6962d9 100644 --- a/solutions/basic/stack_definition.json +++ b/solutions/basic/stack_definition.json @@ -68,6 +68,13 @@ "hidden": false, "default": null }, + { + "name": "existing_scc_instance_crn", + "required": false, + "type": "string", + "hidden": false, + "default": null + }, { "name": "existing_event_notification_instance_crn", "required": false, @@ -384,6 +391,10 @@ "name": "resource_group_name", "value": "ref:../Account Infrastructure Base/outputs/audit_resource_group_name" }, + { + "name": "existing_scc_instance_crn", + "value": "ref:../../inputs/existing_scc_instance_crn" + }, { "name": "existing_kms_instance_crn", "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" diff --git a/solutions/standard/stack_definition.json b/solutions/standard/stack_definition.json index 1be41ef..f89caac 100644 --- a/solutions/standard/stack_definition.json +++ b/solutions/standard/stack_definition.json @@ -68,6 +68,13 @@ "hidden": false, "default": null }, + { + "name": "existing_scc_instance_crn", + "required": false, + "type": "string", + "hidden": false, + "default": null + }, { "name": "existing_event_notification_instance_crn", "required": false, @@ -384,6 +391,10 @@ "name": "resource_group_name", "value": "ref:../Account Infrastructure Base/outputs/audit_resource_group_name" }, + { + "name": "existing_scc_instance_crn", + "value": "ref:../../inputs/existing_scc_instance_crn" + }, { "name": "existing_kms_instance_crn", "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" diff --git a/tests/pr_test.go b/tests/pr_test.go index 94a45ae..c9d60ed 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -78,7 +78,7 @@ func TestProjectsBasicExistingResourcesTest(t *testing.T) { t.Parallel() // ------------------------------------------------------------------------------------ - // Provision RG, EN and SM + // Provision RG, EN, SM, and SCC // ------------------------------------------------------------------------------------ prefix := fmt.Sprintf("ragext-%s", strings.ToLower(random.UniqueId())) @@ -108,7 +108,7 @@ func TestProjectsBasicExistingResourcesTest(t *testing.T) { } else { // ------------------------------------------------------------------------------------ - // Test passing an existing SM, RG, EN + // Test passing an existing SM, RG, EN, SCC // ------------------------------------------------------------------------------------ options := testprojects.TestProjectOptionsDefault(&testprojects.TestProjectsOptions{ @@ -134,6 +134,7 @@ func TestProjectsBasicExistingResourcesTest(t *testing.T) { "existing_kms_instance_crn": terraform.Output(t, existingTerraformOptions, "kms_instance_crn"), "existing_event_notification_instance_crn": terraform.Output(t, existingTerraformOptions, "event_notification_instance_crn"), "en_email_list": []string{"GoldenEye.Operations@ibm.com"}, + "existing_scc_instance_crn": terraform.Output(t, existingTerraformOptions, "crn"), } err := options.RunProjectsTest() diff --git a/tests/resources/main.tf b/tests/resources/main.tf index 9a553ab..c029dca 100644 --- a/tests/resources/main.tf +++ b/tests/resources/main.tf @@ -54,3 +54,37 @@ module "key_protect_all_inclusive" { key_ring_endpoint_type = "private" key_endpoint_type = "private" } + +module "kms_root_key" { + source = "terraform-ibm-modules/kms-key/ibm" + kms_instance_id = module.key_protect_all_inclusive.kms_guid + key_name = "${var.prefix}-kms-root-key" +} + +############################################################################## +# Security and Compliance Center +############################################################################## + +module "cos" { + source = "terraform-ibm-modules/cos/ibm" + version = "8.15.11" + cos_instance_name = "${var.prefix}-cos" + existing_kms_instance_guid = module.key_protect_all_inclusive.kms_guid + retention_enabled = false + resource_group_id = module.resource_group.resource_group_id + bucket_name = "${var.prefix}-cb" + kms_key_crn = module.kms_root_key.crn +} + +module "security_and_compliance_center" { + source = "terraform-ibm-modules/scc/ibm" + version = "1.8.30" + instance_name = "${var.prefix}-scc-instance" + region = var.region + resource_group_id = module.resource_group.resource_group_id + resource_tags = var.resource_tags + cos_bucket = module.cos.bucket_name + cos_instance_crn = module.cos.cos_instance_id + en_instance_crn = module.event_notifications.crn + en_source_name = module.event_notifications.event_notification_instance_name +}