Skip to content

Commit

Permalink
feat: initial module release (#37)
Browse files Browse the repository at this point in the history
  • Loading branch information
@namratabhadauriya
namratabhadauriya authored Mar 11, 2024
1 parent 23e9a79 commit d520b5f
Show file tree
Hide file tree
Showing 37 changed files with 480 additions and 332 deletions.
4 changes: 2 additions & 2 deletions .github/settings.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,14 @@ repository:
# By changing this field, you rename the repository.

# Uncomment this name property and set the name to the current repo name.
# name: ""
name: "terraform-ibm-enterprise"

# The description is displayed under the repository name on the
# organization page and in the 'About' section of the repository.

# Uncomment this description property
# and update the description to the current repo description.
# description: ""
description: "Creates accounts and account-groups in an existing enterprise"

# Uncomment this topics property
# and add a comma-separated list of topics to set on the repo.
Expand Down
2 changes: 1 addition & 1 deletion .secrets.baseline
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"files": "go.sum|^.secrets.baseline$",
"lines": null
},
"generated_at": "2023-12-09T05:14:35Z",
"generated_at": "2023-12-10T05:14:35Z",
"plugins_used": [
{
"name": "AWSKeyDetector"
Expand Down
189 changes: 61 additions & 128 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,177 +1,110 @@
<!-- BEGIN MODULE HOOK -->
# IBM Enterprise Account module

<!-- Update the title to match the module name and add a description -->
# Terraform Modules Template Project
<!-- UPDATE BADGE: Update the link for the following badge-->
[![Incubating (Not yet consumable)](https://img.shields.io/badge/status-Incubating%20(Not%20yet%20consumable)-red)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
[![Stable (Adopted)](https://img.shields.io/badge/Status-Stable%20(Adopted)-yellowgreen?style=plastic)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-enterprise?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-enterprise/releases/latest)
[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
[![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/)
[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)

This is a collection of sub modules and which will take tree based enterprise inputs and create child accounts and account-groups in an enterprise
* [dynamic_values](submodules/dynamic_values)
* [enterprise_hierarchy](submodules/enterprise_hierarchy)

<!-- Below content is automatically populated via pre-commit hook -->
<!-- BEGIN OVERVIEW HOOK -->
## Overview
* [terraform-ibm-enterprise](#terraform-ibm-enterprise)
* [Examples](./examples)
* [Advanced example](./examples/advanced)
* [Basic example](./examples/basic)
* [Complete example](./examples/complete)
* [Contributing](#contributing)
<!-- END OVERVIEW HOOK -->

<!-- Remove the content in this H2 heading after completing the steps -->

## Submit a new module

:+1::tada: Thank you for taking the time to contribute! :tada::+1:

This template repository exists to help you create Terraform modules for IBM Cloud.

The default structure includes the following files:

- `README.md`: A description of the module
- `main.tf`: The logic for the module
- `version.tf`: The required terraform and provider versions
- `variables.tf`: The input variables for the module
- `outputs.tf`: The values that are output from the module

Use nested modules to split complex behavior into smaller modules that advanced users can choose from. Put nested modules under a `/modules` subdirectory. If you include more than one nested module, make the submodules [composable](https://developer.hashicorp.com/terraform/language/modules/develop/composition) by the caller. In other words, don't embed calls between submodules to create a deeply nested tree of modules.
For more information, see [Module structure](https://terraform-ibm-modules.github.io/documentation/#/module-structure) in the project documentation.

You can add other content to support what your module does and how it works. For example, you might add a `scripts/` directory that contains shell scripts that are run by a `local-exec` `null_resource` in the Terraform module.

Follow this process to create and submit a Terraform module.

### Create a repo from this repo template

1. Create a repository from this repository template by clicking `Use this template` in the upper right of the GitHub UI.
&emsp;&emsp;&emsp;&emsp;<br>For more information about creating a repository from a template, see the [GitHub docs](https://docs.github.com/en/repositories/creating-and-managing-repositories/creating-a-repository-from-a-template).
1. Select `terraform-ibm-modules` as the owner.
1. Enter a name for the module in format `terraform-ibm-<name>`, where `<name>` reflects the type of infrastructure that the module manages.
&emsp;&emsp;&emsp;&emsp;<br>Use hyphens as delimiters for names with multiple words (for example, terraform-ibm-`activity-tracker`).
1. Provide a short description of the module.
&emsp;&emsp;&emsp;&emsp;<br>The description is displayed under the repository name on the [organization page](https://github.com/terraform-ibm-modules) and in the **About** section of the repository. Use the description to help users understand the purpose of your module. For more information, see [module names and descriptions](https://terraform-ibm-modules.github.io/documentation/#/implementation-guidelines?id=module-names-and-descriptions) in the docs.

### Clone the repo and set up your development environment

Locally clone the new repository and set up your development environment by completing the tasks in [Local development setup](https://terraform-ibm-modules.github.io/documentation/#/local-dev-setup) in the project documentation.

### Update the repo name and description in source control

To help make sure that the repo name and description are not changed except through pull requests, they are defined in the `settings.yml` file.

Check to make sure that values are uncommented and correct:

1. Open the [settings.yml](.github/settings.yml) file.
1. If not already updated, uncomment the `name` and `description` properties and set the values to what you specified when you requested the repo.

### Update the Terraform files

Implement the logic for your module by updating the `main.tf`, `version.tf`, `variables.tf`, and `outputs.tf` Terraform files. For more information, see [Creating Terraform on IBM Cloud templates](https://cloud.ibm.com/docs/ibm-cloud-provider-for-terraform?topic=ibm-cloud-provider-for-terraform-create-tf-config).

### Create examples and tests

Add one or more examples in the `examples` directory that consume your new module, and configure tests for them in the `tests` directory. For more information about tests, see [Tests](https://terraform-ibm-modules.github.io/documentation/#/tests).

### Update the content in the readme file

After you implement the logic for your module and create examples and tests, update this readme file in your repository by following these steps:

1. Update the title heading and add a description about your module.
1. Update the badge links.
1. Remove all the content in this H2 heading section.
1. Complete the [Usage](#usage) and [Required IAM access policies](#required-iam-access-policies) sections. The [Examples](#examples) and [Requirements](#requirements) section are populated by a pre-commit hook.

### Commit your code and submit your module for review

1. Before you commit any code, review [Contributing to the IBM Cloud Terraform modules project](https://terraform-ibm-modules.github.io/documentation/#/contribute-module) in the project documentation.
1. Create a pull request for review.

### Post-merge steps

After the first PR for your module is merged, follow these post-merge steps:

<!-- Remove the content in this previous H2 heading -->
### Reference architectures

<!--
Add links to any reference architectures for this module.
(Usually in the `/reference-architectures` directory.)
See "Reference architecture" in Authoring Guidelines in the public documentation at
https://terraform-ibm-modules.github.io/documentation/#/implementation-guidelines?id=reference-architecture
-->
<!-- This heading should always match the name of the root level module (aka the repo name) -->
## terraform-ibm-enterprise

### Usage

<!--
Add an example of the use of the module in the following code block.
Use real values instead of "var.<var_name>" or other placeholder values
unless real values don't help users know what to change.
-->
Full examples are in the [examples](./examples/) folder, but basic usage is as follows for creation of enterprise children is

```hcl
provider "ibm" {
ibmcloud_api_key = "XXXXXXXX" # pragma: allowlist secret
}
data "ibm_enterprises" "enterprise" {
name = "my-enterprise-account"
}
module "enterprise" {
source = "terraform-ibm-modules/terraform-ibm-enterprise"
enterprise_crn = data.ibm_enterprises.enterprise.enterprises[0].crn
enterprise_primary_contact_iam_id = data.ibm_enterprises.enterprise.enterprises[0].primary_contact_iam_id
enterprise_account_groups = [
{
key_name = "group-key-1"
name = "account_group_1"
parent_key_name = null
}]
enterprise_accounts = [
{
key_name = "acct-key-1"
name = "account_1"
parent_key_name = null
}
]
}
```

### Required IAM access policies

<!-- PERMISSIONS REQUIRED TO RUN MODULE
If this module requires permissions, uncomment the following block and update
the sample permissions, following the format.
Replace the sample Account and IBM Cloud service names and roles with the
information in the console at
Manage > Access (IAM) > Access groups > Access policies.
-->

<!--
You need the following permissions to run this module.
- Account Management
- **Sample Account Service** service
- `Editor` platform access
- `Manager` service access
- IAM Services
- **Sample Cloud Service** service
- `Administrator` platform access
-->

<!-- NO PERMISSIONS FOR MODULE
If no permissions are required for the module, uncomment the following
statement instead the previous block.
-->

<!-- No permissions are needed to run this module.-->
<!-- END MODULE HOOK -->
- **Enterprise** service
- `Administrator` platform access

<!-- Below content is automatically populated via pre-commit hook -->
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
### Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0, <1.7.0 |
| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.54.0, < 2.0.0 |

### Modules

No modules.
| Name | Source | Version |
|------|--------|---------|
| <a name="module_dynamic_values"></a> [dynamic\_values](#module\_dynamic\_values) | ./submodules/dynamic_values | n/a |
| <a name="module_enterprise_hierarchy_depth_0"></a> [enterprise\_hierarchy\_depth\_0](#module\_enterprise\_hierarchy\_depth\_0) | ./submodules/enterprise_hierarchy | n/a |
| <a name="module_enterprise_hierarchy_depth_1"></a> [enterprise\_hierarchy\_depth\_1](#module\_enterprise\_hierarchy\_depth\_1) | ./submodules/enterprise_hierarchy | n/a |
| <a name="module_enterprise_hierarchy_depth_2"></a> [enterprise\_hierarchy\_depth\_2](#module\_enterprise\_hierarchy\_depth\_2) | ./submodules/enterprise_hierarchy | n/a |

### Resources

No resources.

### Inputs

No inputs.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_enterprise_account_groups"></a> [enterprise\_account\_groups](#input\_enterprise\_account\_groups) | List of enterprise child account\_groups in the enterprise | `list(object({ name = string, key_name = string, parent_key_name = optional(string, null), owner_iam_id = optional(string, null) }))` | n/a | yes |
| <a name="input_enterprise_accounts"></a> [enterprise\_accounts](#input\_enterprise\_accounts) | List of enterprise child accounts in the enterprise | `list(object({ name = string, key_name = string, parent_key_name = optional(string, null), owner_iam_id = optional(string, null) }))` | n/a | yes |
| <a name="input_enterprise_crn"></a> [enterprise\_crn](#input\_enterprise\_crn) | The CRN of the parent Enterprise account to use. | `string` | n/a | yes |
| <a name="input_enterprise_primary_contact_iam_id"></a> [enterprise\_primary\_contact\_iam\_id](#input\_enterprise\_primary\_contact\_iam\_id) | The IAM id of the parent Enterprise account owner. | `string` | n/a | yes |

### Outputs

No outputs.
| Name | Description |
|------|-------------|
| <a name="output_enterprise_account_groups"></a> [enterprise\_account\_groups](#output\_enterprise\_account\_groups) | List of account groups created in an Enterprise |
| <a name="output_enterprise_accounts"></a> [enterprise\_accounts](#output\_enterprise\_accounts) | List of accounts created in an Enterprise |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

<!-- BEGIN CONTRIBUTING HOOK -->

<!-- Leave this section as is so that your module has a link to local development environment set up steps for contributors to follow -->
## Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See [Report an issue or request a feature](https://github.com/terraform-ibm-modules/.github/blob/main/.github/SUPPORT.md).

To set up your local development environment, see [Local development setup](https://terraform-ibm-modules.github.io/documentation/#/local-dev-setup) in the project documentation.
<!-- Source for this readme file: https://github.com/terraform-ibm-modules/common-dev-assets/tree/main/module-assets/ci/module-template-automation -->
<!-- END CONTRIBUTING HOOK -->
7 changes: 3 additions & 4 deletions cra-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
# More info about this file at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml
version: "v1"
CRA_TARGETS:
- CRA_TARGET: "examples/basic" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
- CRA_TARGET: "examples/advanced" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
PROFILE_ID: "0e6e7b5a-817d-4344-ab6f-e5d7a9c49520" # SCC profile ID (currently set to the FSCloud 1.4.0 profile).
SCC_INSTANCE_ID: "7a2983d7-bcee-40c9-93d3-7b235039920c" # Instance ID in account "DAF Enterprise (1f27e30e31f0486980cb0b2657d483f7) <-> 2716327"
SCC_REGION: "us-south" # The IBM Cloud region that the SCC instance is in. If not provided, a default global value will be used.
# CRA_ENVIRONMENT_VARIABLES: # An optional map of environment variables for CRA, where the key is the variable name and value is the value. Useful for providing TF_VARs.
# TF_VAR_sample: "sample value"
# TF_VAR_other: "another value"
CRA_ENVIRONMENT_VARIABLES: # An optional map of environment variables for CRA, where the key is the variable name and value is the value. Useful for providing TF_VARs.
TF_VAR_enterprise_name: "DAF Enterprise"
3 changes: 3 additions & 0 deletions examples/advanced/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Advanced example

This example will create a hierarchy of enterprise child accounts and account groups.
34 changes: 34 additions & 0 deletions examples/advanced/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# Lookup data from given enterprise account
data "ibm_enterprises" "enterprise" {
name = var.enterprise_name
}

# Call root level module to create a hierarchy of enterprise child accounts and account groups
module "enterprise" {
source = "../.."
enterprise_crn = data.ibm_enterprises.enterprise.enterprises[0].crn
enterprise_primary_contact_iam_id = data.ibm_enterprises.enterprise.enterprises[0].primary_contact_iam_id
enterprise_account_groups = [
{
key_name = "${var.prefix}-group-key-1"
name = "${var.prefix}_account_group_1"
parent_key_name = null
},
{
key_name = "${var.prefix}-group-key-2"
name = "${var.prefix}_account_group_2"
parent_key_name = "${var.prefix}-group-key-1"
}]
enterprise_accounts = [
{
key_name = "${var.prefix}-acc-key-1"
name = "${var.prefix}_account_1"
parent_key_name = null
},
{
key_name = "${var.prefix}-acc-key-2"
name = "${var.prefix}_account_2"
parent_key_name = null
}
]
}
6 changes: 3 additions & 3 deletions examples/complete/main.tf → examples/advanced/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
##############################################################################
# Complete example
##############################################################################
########################################################################################################################
# Outputs
########################################################################################################################
3 changes: 3 additions & 0 deletions examples/advanced/provider.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
}
16 changes: 16 additions & 0 deletions examples/advanced/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
variable "ibmcloud_api_key" {
type = string
description = "The IBM Cloud API Key with access to create enterprise sub accounts"
sensitive = true
}

variable "prefix" {
type = string
description = "Prefix to append to all resources created by this example"
default = "enterprise"
}

variable "enterprise_name" {
description = "Name of the enterprise account"
type = string
}
4 changes: 2 additions & 2 deletions examples/complete/version.tf → examples/advanced/version.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@ terraform {
required_version = ">= 1.3.0, <1.7.0"

# Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
# module's version.tf (usually a basic example), and 1 example that will always use the latest provider version.
# module's version.tf (basic example), and 1 example that will always use the latest provider version (advanced example).
required_providers {
ibm = {
source = "IBM-Cloud/ibm"
version = ">= 1.49.0, < 2.0.0"
version = ">= 1.54.0, < 2.0.0"
}
}
}
7 changes: 1 addition & 6 deletions examples/basic/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,3 @@
# Basic example

<!-- There is a pre-commit hook that will take the title of each example add include it in the repos main README.md -->
<!-- The text below should describe exactly what resources are provisioned / configured by the example -->

An end-to-end basic example that will provision the following:
- A new resource group if one is not passed in.
- A new Cloud Object Storage instance.
A simple example that shows how to provision an enterprise account group and account.
Loading

0 comments on commit d520b5f

Please sign in to comment.