feat: Updated services list to support CBR <br> - New supported services "atracker", "logs", "ghost-tags"<br> - Deprecated services "databases-for-cassandra", "logdna", "logdnaat" (#641)

* feat: added new CBR supported services

* feat: added new CBR supported services

* feat: added new CBR supported services

* update sevices

Author: Ak-sky

modules/cbr-service-profile/variables.tf

@@ -49,15 +49,7 @@ variable "target_service_details" {
   validation {
     condition = alltrue([
       for service_detail in var.target_service_details :
-      contains(["iam-groups", "iam-access-management", "iam-identity",
-        "user-management", "cloud-object-storage", "codeengine",
-        "container-registry", "databases-for-cassandra",
-        "databases-for-enterprisedb", "databases-for-elasticsearch",
-        "databases-for-etcd", "databases-for-mongodb",
-        "databases-for-mysql", "databases-for-postgresql", "databases-for-redis",
-        "directlink", "dns-svcs", "messagehub", "kms", "containers-kubernetes",
-        "messages-for-rabbitmq", "secrets-manager", "transit", "is",
-      "schematics", "apprapp", "event-notifications", "compliance", "logdna", "logdnaat"], service_detail.target_service_name)
+      contains(["apprapp", "atracker", "cloud-object-storage", "codeengine", "compliance", "container-registry", "containers-kubernetes", "context-based-restrictions", "databases-for-elasticsearch", "databases-for-enterprisedb", "databases-for-etcd", "databases-for-mongodb", "databases-for-mysql", "databases-for-postgresql", "databases-for-redis", "directlink", "dns-svcs", "event-notifications", "ghost-tags", "globalcatalog-collection", "hs-crypto", "IAM", "iam-access-management", "iam-groups", "iam-identity", "is", "kms", "logs", "messagehub", "messages-for-rabbitmq", "mqcloud", "schematics", "secrets-manager", "sysdig-monitor", "sysdig-secure", "transit", "user-management"], service_detail.target_service_name)
     ])
     error_message = "Provide a valid target service name that is supported by context-based restrictions"
   }

modules/fscloud/main.tf

@@ -9,16 +9,10 @@ locals {
   service_group_ids = ["IAM"] # List of pseudo services for which service_group_id is required
 
   target_service_details_default = {
-    "iam-groups" : {
-      "enforcement_mode" : "report"
-    },
-    "iam-access-management" : {
-      "enforcement_mode" : "report"
-    },
-    "iam-identity" : {
+    "apprapp" : {
       "enforcement_mode" : "report"
     },
-    "user-management" : {
+    "atracker" : {
       "enforcement_mode" : "report"
     },
     "cloud-object-storage" : {
@@ -27,24 +21,36 @@ locals {
     "codeengine" : {
       "enforcement_mode" : "report"
     },
+    "codeengine-platform" : {
+      "enforcement_mode" : "report"
+    },
     "codeengine-service-control-plane" : {
       "enforcement_mode" : "report"
     },
-    "codeengine-platform" : {
+    "compliance" : {
       "enforcement_mode" : "report"
     },
     "container-registry" : {
       "enforcement_mode" : "report"
     },
-    "databases-for-cassandra" : {
+    "containers-kubernetes" : {
       "enforcement_mode" : "disabled"
     },
-    "databases-for-enterprisedb" : {
+    "containers-kubernetes-cluster" : {
       "enforcement_mode" : "disabled"
     },
+    "containers-kubernetes-management" : {
+      "enforcement_mode" : "disabled"
+    },
+    "context-based-restrictions" : {
+      "enforcement_mode" : "report"
+    },
     "databases-for-elasticsearch" : {
       "enforcement_mode" : "disabled"
     },
+    "databases-for-enterprisedb" : {
+      "enforcement_mode" : "disabled"
+    },
     "databases-for-etcd" : {
       "enforcement_mode" : "disabled"
     },
@@ -66,61 +72,49 @@ locals {
     "dns-svcs" : {
       "enforcement_mode" : "report"
     },
-    "messagehub" : {
+    "event-notifications" : {
+      "enforcement_mode" : "disabled"
+    },
+    "ghost-tags" : {
       "enforcement_mode" : "report"
     },
-    "kms" : {
+    "globalcatalog-collection" : {
       "enforcement_mode" : "report"
     },
     "hs-crypto" : {
       "enforcement_mode" : "report"
     },
-    "containers-kubernetes" : {
-      "enforcement_mode" : "disabled"
-    },
-    "containers-kubernetes-management" : {
-      "enforcement_mode" : "disabled"
-    },
-    "containers-kubernetes-cluster" : {
-      "enforcement_mode" : "disabled"
-    },
-    "messages-for-rabbitmq" : {
-      "enforcement_mode" : "disabled"
-    },
-    "secrets-manager" : {
+    "IAM" : {
       "enforcement_mode" : "report"
     },
-    "transit" : {
+    "iam-access-management" : {
       "enforcement_mode" : "report"
     },
-    "is" : {
+    "iam-groups" : {
       "enforcement_mode" : "report"
     },
-    "schematics" : {
+    "iam-identity" : {
       "enforcement_mode" : "report"
     },
-    "apprapp" : {
+    "is" : {
       "enforcement_mode" : "report"
     },
-    "event-notifications" : {
-      "enforcement_mode" : "disabled"
-    },
-    "compliance" : {
+    "kms" : {
       "enforcement_mode" : "report"
     },
-    "IAM" : {
+    "logs" : {
       "enforcement_mode" : "report"
     },
-    "context-based-restrictions" : {
+    "messagehub" : {
       "enforcement_mode" : "report"
     },
-    "globalcatalog-collection" : {
-      "enforcement_mode" : "report"
+    "messages-for-rabbitmq" : {
+      "enforcement_mode" : "disabled"
     },
-    "logdna" : {
+    "schematics" : {
       "enforcement_mode" : "report"
     },
-    "logdnaat" : {
+    "secrets-manager" : {
       "enforcement_mode" : "report"
     },
     "sysdig-monitor" : {
@@ -129,7 +123,10 @@ locals {
     "sysdig-secure" : {
       "enforcement_mode" : "report"
     },
-    "logs" : {
+    "transit" : {
+      "enforcement_mode" : "report"
+    },
+    "user-management" : {
       "enforcement_mode" : "report"
     }
   }
@@ -383,7 +380,6 @@ locals {
   icd_api_types = ["crn:v1:bluemix:public:context-based-restrictions::::api-type:data-plane"]
   operations_apitype_val = {
     databases-for-enterprisedb       = local.icd_api_types,
-    containers-kubernetes            = ["crn:v1:bluemix:public:containers-kubernetes::::api-type:cluster", "crn:v1:bluemix:public:containers-kubernetes::::api-type:management"],
     containers-kubernetes-cluster    = ["crn:v1:bluemix:public:containers-kubernetes::::api-type:cluster"],
     containers-kubernetes-management = ["crn:v1:bluemix:public:containers-kubernetes::::api-type:management"]
     databases-for-cassandra          = local.icd_api_types,

modules/fscloud/variables.tf

@@ -310,7 +310,7 @@ variable "target_service_details" {
   validation {
     condition = alltrue([
       for target_service_name, _ in var.target_service_details :
-      contains(["IAM", "apprapp", "cloud-object-storage", "codeengine", "compliance", "container-registry", "containers-kubernetes", "containers-kubernetes-cluster", "containers-kubernetes-management", "context-based-restrictions", "databases-for-cassandra", "databases-for-elasticsearch", "databases-for-enterprisedb", "databases-for-etcd", "databases-for-mongodb", "databases-for-mysql", "databases-for-postgresql", "databases-for-redis", "directlink", "dns-svcs", "event-notifications", "globalcatalog-collection", "hs-crypto", "iam-access-management", "iam-groups", "iam-identity", "is", "kms", "logdna", "logdnaat", "messagehub", "messages-for-rabbitmq", "mqcloud", "schematics", "secrets-manager", "sysdig-monitor", "sysdig-secure", "transit", "user-management"], target_service_name)
+      contains(["apprapp", "atracker", "cloud-object-storage", "codeengine", "codeengine-platform", "codeengine-service-control-plane", "compliance", "container-registry", "containers-kubernetes", "containers-kubernetes-cluster", "containers-kubernetes-management", "context-based-restrictions", "databases-for-elasticsearch", "databases-for-enterprisedb", "databases-for-etcd", "databases-for-mongodb", "databases-for-mysql", "databases-for-postgresql", "databases-for-redis", "directlink", "dns-svcs", "event-notifications", "ghost-tags", "globalcatalog-collection", "hs-crypto", "IAM", "iam-access-management", "iam-groups", "iam-identity", "is", "kms", "logs", "messagehub", "messages-for-rabbitmq", "mqcloud", "schematics", "secrets-manager", "sysdig-monitor", "sysdig-secure", "transit", "user-management"], target_service_name)
     ])
     error_message = "Provide a valid target service name that is supported by context-based restrictions"
   }
@@ -328,7 +328,7 @@ variable "target_service_details" {
   validation {
     condition = alltrue([
       for target_service_name, attributes in var.target_service_details :
-      contains(["cloud-object-storage", "codeengine", "container-registry", "containers-kubernetes", "containers-kubernetes-cluster", "containers-kubernetes-management", "databases-for-cassandra", "databases-for-elasticsearch", "databases-for-enterprisedb", "databases-for-etcd", "databases-for-mongodb", "databases-for-mysql", "databases-for-postgresql", "databases-for-redis", "event-notifications", "hs-crypto", "iam-identity", "is", "logdna", "logdnaat", "messagehub", "messages-for-rabbitmq", "mqcloud", "secrets-manager", "sysdig-monitor", "sysdig-secure"], target_service_name) if attributes.region != null
+      contains(["atracker", "cloud-object-storage", "codeengine", "codeengine-platform", "codeengine-service-control-plane", "container-registry", "containers-kubernetes", "containers-kubernetes-cluster", "containers-kubernetes-management", "databases-for-elasticsearch", "databases-for-enterprisedb", "databases-for-etcd", "databases-for-mongodb", "databases-for-mysql", "databases-for-postgresql", "databases-for-redis", "event-notifications", "hs-crypto", "iam-identity", "is", "logs", "messagehub", "messages-for-rabbitmq", "mqcloud", "secrets-manager", "sysdig-monitor", "sysdig-secure"], target_service_name) if attributes.region != null
     ])
     error_message = "Provide a valid target service name that supports region attribute."
   }