feat: DA refactor:<br>- The standard variation has been removed and replace by a new Full configurable variation. This new variation is configured with add-ons. (#86)

BREAKING CHANGE: There is no migration path from the `standard` variation to the `Full configurable` variation

Author: shemau

.catalog-onboard-pipeline.yaml

@@ -6,9 +6,10 @@ offerings:
     catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd
     offering_id: 30a698d4-ab56-4668-bc01-03cd2135d7e4
     variations:
-      - name: standard
+      - name: fully-configurable
         mark_ready: true
         install_type: fullstack
         scc:
           instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
           region: us-south
+          scope_resource_group_var_name: existing_resource_group_name

.gitignore

@@ -52,3 +52,5 @@ terraform.rc
 
 # Visual Studio Code
 .vscode/
+*.code-workspace
+**/*.svg.bkp

README.md

@@ -10,7 +10,7 @@ Update status and "latest release" badges:
 NOTE: This feature is incubating and ONLY available in eu-fr2 region for validation.
 DO NOT mark this module as stable/supported BEFORE the feature is GA world wide.
 -->
-[![Incubating (Not yet consumable)](https://img.shields.io/badge/status-Incubating%20(Not%20yet%20consumable)-red)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
+[![Stable (With quality checks)](https://img.shields.io/badge/Status-Stable%20(With%20quality%20checks)-green)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
 [![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-mq-cloud?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-mq-cloud/releases/latest)
 [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
 [![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/)
@@ -143,6 +143,11 @@ statement instead the previous block.
 
 <!-- No permissions are needed to run this module.-->
 
+- IAM services
+    - **mqcloud** service
+        - `Editor` platform access
+        - `Manager` service access
+
 
 <!-- The following content is automatically populated by the pre-commit hook -->
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

cra-config.yaml

@@ -1,12 +1,14 @@
 # More info about this file at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml
 version: "v1"
 CRA_TARGETS:
-  - CRA_TARGET: "solutions/standard" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
+  - CRA_TARGET: "solutions/fully-configurable" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
     CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
     PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3"         # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile).
     CRA_ENVIRONMENT_VARIABLES:  # An optional map of environment variables for CRA, where the key is the variable name and value is the value. Useful for providing TF_VARs.
+      TF_VAR_prefix: "cra"
       TF_VAR_existing_mq_capacity_crn: "crn:v1:bluemix:public:mqcloud:us-east:a/abac0df06b644a9cabc6e44f55b3880e:9d9a3c00-2097-4da4-a5e4-78e06514b342::"
-      TF_VAR_resource_group_name: "test"
+      TF_VAR_existing_resource_group_name: "Default"
       TF_VAR_deployment_name: "deployment"
       TF_VAR_queue_manager_name: "qm"
       TF_VAR_queue_manager_display_name: "qm-display"
+      TF_VAR_provider_visibility: "public"

ibm_catalog.json

@@ -9,34 +9,40 @@
         "integration",
         "target_terraform",
         "terraform",
-        "solution"
+        "solution",
+        "application_modernization"
       ],
       "keywords": [
         "MQ",
         "MQ on Cloud",
         "IaC",
         "infrastructure as code",
         "terraform",
-        "solution"
+        "solution",
+        "application_modernization"
       ],
-      "short_description": "Creates and configures IBM Cloud MQ on Cloud resources",
-      "long_description": "This architecture supports creating and configuring an IBM MQ on Cloud deployment instance and queue manager.",
-      "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-mq-cloud/blob/main/solutions/standard/README.md",
+      "short_description": "Cloud architecture including instance of IBM Cloud MQ on Cloud with essential security and observability cloud services",
+      "long_description": "IBM Cloud MQ on Cloud is an end-to-end solution to building and running secure queue managers.<br/>This architecture supports deploying an instance of MQ on Cloud on cloud together with optional security and observability cloud services.<br/>br/>ℹ️ This Terraform-based automation is part of a broader suite of IBM-maintained Infrastructure as Code (IaC) assets, each following the naming pattern \"Cloud automation for *servicename*\" and focusing on single IBM Cloud service. These single-service deployable architectures can be used on their own to streamline and automate service deployments through an [IaC approach](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understanding-projects), or assembled together into a broader [automated IaC stack](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-config-stack) to automate the deployment of an end-to-end solution architecture.",
+      "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-mq-cloud/blob/main/solutions/fully-configurable/README.md",
       "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-mq-cloud/main/images/MQ.svg",
       "provider_name": "IBM",
       "features": [
         {
-          "title": "Creates an MQ on Cloud deployment instance.",
-          "description": "Creates and configures an MQ on Cloud deployment Protect instance."
+          "title": "Supports building, deploying and running IBM Cloud MQ on Cloud",
+          "description": "Supports building, deploying and running IBM Cloud MQ on Cloud"
+        },
+        {
+          "title": "Supports deploying of optional essential security and observability cloud services",
+          "description": "Supports deploying an instance of IBM Cloud MQ on Cloud together with optional security and observability cloud services"
         }
       ],
       "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in that repository [https://github.com/terraform-ibm-modules/terraform-ibm-mq-cloud/issues](https://github.com/terraform-ibm-modules/terraform-ibm-mq-cloud/issues). Please note this product is not supported via the IBM Cloud Support Center.",
       "flavors": [
         {
-          "label": "Standard",
-          "name": "standard",
+          "label": "Fully configurable",
+          "name": "fully-configurable",
           "install_type": "fullstack",
-          "working_directory": "solutions/standard",
+          "working_directory": "solutions/fully-configurable",
           "iam_permissions": [
             {
               "role_crns": [
@@ -46,27 +52,188 @@
               "service_name": "mqcloud"
             }
           ],
+          "dependencies": [
+            {
+              "name": "deploy-arch-ibm-secrets-manager",
+              "description": "Enable to provisions and configures IBM Cloud Secrets Manager for securely storing generated secrets.",
+              "id": "6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global",
+              "flavors": [
+                "fully-configurable"
+              ],
+              "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
+              "version": "v2.6.1",
+              "optional": true,
+              "on_by_default": true,
+              "default_flavor": "fully-configurable",
+              "input_mapping": [
+                {
+                  "reference_version": true,
+                  "dependency_input": "prefix",
+                  "version_input": "prefix"
+                },
+                {
+                  "dependency_output": "secrets_manager_crn",
+                  "version_input": "existing_secrets_manager_crn"
+                },
+                {
+                  "value": "us-south",
+                  "dependency_input": "region"
+                }
+              ]
+            },
+            {
+              "name": "deploy-arch-ibm-observability",
+              "description": "Configure IBM Cloud Logs, Cloud Monitoring and Activity Tracker event routing for analysing logs and metrics generated by the MQ on Cloud instance.",
+              "flavors": [
+                "instances"
+              ],
+              "id": "a3137d28-79e0-479d-8a24-758ebd5a0eab-global",
+              "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
+              "input_mapping": [
+                {
+                  "dependency_input": "prefix",
+                  "version_input": "prefix",
+                  "reference_version": true
+                },
+                {
+                  "dependency_input": "enable_platform_metrics",
+                  "version_input": "enable_platform_metrics",
+                  "reference_version": true
+                },
+                {
+                  "dependency_input": "logs_routing_tenant_regions",
+                  "version_input": "logs_routing_tenant_regions",
+                  "reference_version": true
+                },
+                {
+                  "dependency_input": "region",
+                  "version_input": "region",
+                  "reference_version": true
+                }
+              ],
+              "optional": true,
+              "on_by_default": true,
+              "version": "v3.0.3"
+            },
+              {
+              "name": "deploy-arch-ibm-account-infra-base",
+              "description": "Cloud automation for account configuration organizes your IBM Cloud account with a ready-made set of resource groups by default. When you enable the “with account settings” option, it also applies baseline security and governance settings.",
+              "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
+              "flavors": [
+                "resource-group-only",
+                "resource-groups-with-account-settings"
+              ],
+              "default_flavor": "resource-group-only",
+              "id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global",
+              "input_mapping": [
+                {
+                  "dependency_input": "prefix",
+                  "version_input": "prefix",
+                  "reference_version": true
+                },
+                {
+                  "dependency_output": "workload_resource_group_name",
+                  "version_input": "existing_resource_group_name"
+                }
+              ],
+              "optional": true,
+              "on_by_default": false,
+              "version": "v3.0.7"
+            }
+          ],
+          "dependency_version_2": true,
           "configuration": [
             {
               "key": "ibmcloud_api_key"
             },
             {
-              "key": "use_existing_resource_group"
+              "key": "provider_visibility",
+              "hidden": true,
+              "options": [
+                {
+                  "displayname": "private",
+                  "value": "private"
+                },
+                {
+                  "displayname": "public",
+                  "value": "public"
+                },
+                {
+                  "displayname": "public-and-private",
+                  "value": "public-and-private"
+                }
+              ]
             },
             {
-              "key": "resource_group_name",
-              "required": true
+              "key": "existing_resource_group_name",
+              "display_name": "resource_group",
+              "custom_config": {
+                "type": "resource_group",
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "config_constraints": {
+                  "identifier": "rg_name"
+                }
+              }
             },
             {
               "key": "region",
               "required": true,
-              "default_value": "us-east"
+              "options": [
+                {
+                  "displayname": "Washington (us-east)",
+                  "value": "us-east"
+                },
+                {
+                  "displayname": "Dallas (us-south)",
+                  "value": "us-south"
+                },
+                {
+                  "displayname": "London (eu-gb)",
+                  "value": "eu-gb"
+                },
+                {
+                  "displayname": "Frankfurt (eu-de)",
+                  "value": "eu-de"
+                }
+              ]
+            },
+            {
+              "key": "prefix",
+              "required": true
+            },
+            {
+              "key": "enable_platform_metrics",
+              "type": "string",
+              "default_value": "true",
+              "description": "When set to `true`, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-platform_metrics_enabling).",
+              "required": true,
+              "virtual": true
             },
             {
-              "key": "resource_tags"
+              "key": "logs_routing_tenant_regions",
+              "type": "list(string)",
+              "default_value": "[]",
+              "description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in. [Learn more](https://cloud.ibm.com/docs/logs-router?topic=logs-router-about-platform-logs).",
+              "required": true,
+              "virtual": true,
+              "custom_config": {
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "config_constraints": {
+                  "type": "string"
+                }
+              }
             },
             {
-              "key": "prefix"
+              "key": "resource_tags",
+              "custom_config": {
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "config_constraints": {
+                  "type": "string"
+                }
+              }
             },
             {
               "key": "existing_mq_capacity_crn",
@@ -124,7 +291,21 @@
               "key": "existing_secrets_manager_crn"
             },
             {
-              "key": "secrets_manager_endpoint_type"
+              "key": "secrets_manager_ibmcloud_api_key"
+            },
+            {
+              "key": "secrets_manager_endpoint_type",
+              "hidden": true,
+              "options": [
+                {
+                  "displayname": "Public",
+                  "value": "public"
+                },
+                {
+                  "displayname": "Private",
+                  "value": "private"
+                }
+              ]
             },
             {
               "key": "existing_secret_group_id"
@@ -136,12 +317,8 @@
           "architecture": {
             "features": [
               {
-                "title": "Creates an MQ on Cloud deployment instance.",
-                "description": "Creates and configures an MQ on Cloud deployment instance."
-              },
-              {
-                "title": "Creates a queue manager",
-                "description": "Creates a queue manager"
+                "title": " ",
+                "description": "Configured to use IBM secure by default standards, but can be edited to fit your use case."
               }
             ],
             "diagrams": [

reference-architecture/deployable-architecture-mqcloud.svg

@@ -0,0 +1,3 @@
+# Cloud automation for MQ on Cloud (Fully configurable)
+
+:exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).

solutions/fully-configurable/README.md

@@ -1,7 +1,7 @@
 {
   "ibmcloud_api_key": $VALIDATION_APIKEY,
   "region": "us-east",
-  "resource_group_name": $PREFIX,
+  "existing_resource_group_name": "geretain-test-resources",
   "existing_mq_capacity_crn": $MQ_CAPACITY_CRN,
   "deployment_name": $PREFIX,
   "queue_manager_name": "da_qm",