feat: add profile attachments to DA stack

jor2 commented 4 weeks ago

Description

Configure SCC to create default attachment aligned with compliance claims for this stack

https://github.com/terraform-ibm-modules/stack-retrieval-augmented-generation/issues/13

Release required?

[ ] No release
[ ] Patch release (x.x.X)
[ ] Minor release (x.X.x)
[ ] Major release (X.x.x)

Release notes content

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

[ ] If relevant, a test for the change is included or updated with this PR.
[ ] If relevant, documentation for the change is included or updated with this PR.

For mergers

Use a conventional commit message to set the release level. Follow the guidelines.
Include information that users need to know about the PR in the commit message. The commit message becomes part of the GitHub release notes.
Use the Squash and merge option.

jor2 commented 2 weeks ago

/run pipeline

jor2 commented 2 weeks ago

/run pipeline

jor2 commented 2 weeks ago

/run pipeline

ocofaigh commented 2 weeks ago

@vburckhardt As per the discussions here, we went with a basic list input variable and a predefined attachment configuration scoped to full account in order to keep the input variable simple to use via Projects.

As per that discussion, we also created an internal issue to expose a more advanced complex object type input, with supporting documentation on how to pass values to it from Projects UI, where users could basically customise exactly how they want there attachment to be set up.

Even if we had that advanced object type input variable, I don't think we would be able to reference the resource group outputs from the stack member DAs? I don't think it supports a kind of syntax like this?

{
          "name": "profile_attachments",
          "value": [{
                            profile_name    = "name"
                            profile_version = "1.0.0"
                            description     = "desc"
                            schedule        = "daily"
                            scope = [
                              {
                                environment = "ibm-cloud"
                                properties = [
                                  {
                                    name  = "scope_type"
                                    value = "account"
                                  },
                                  {
                                    name  = "scope_id"
                                    value = "ref:../1 - Account Infrastructure Base/outputs/audit_resource_group_name"
                                  },
                                  {
                                    name  = "scope_id"
                                    value = "ref:../1 - Account Infrastructure Base/outputs/observability_resource_group_name"
                                  }
                                ]
                              }
                            ]
                      }]
}

jor2 commented 2 weeks ago

/run pipeline

jor2 commented 1 week ago

/run pipeline

jor2 commented 1 week ago

/run pipeline

jor2 commented 2 days ago

/run pipeline

terraform-ibm-modules / stack-retrieval-augmented-generation