test: examples and tests (#183)

Author: rajatagarwal-ibm

.github/workflows/ci.yml

@@ -7,6 +7,7 @@ on:
     branches: [main]
   pull_request:
     branches: [main]
+    types: [opened, synchronize, reopened, ready_for_review]
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
@@ -16,6 +17,7 @@ jobs:
     uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-terraform-module-ci.yml@v1.9.1
     secrets: inherit
     with:
+      craSCCv2: true
       craTarget: "examples/fscloud"
-      craGoalIgnoreFile: "cra-tf-validate-ignore-goals.json"
-      craEnvironmentVariables: "TF_VAR_existing_at_instance_crn=crn:v1:bluemix:public:logdnaat:eu-de:a/abac0df06b644a9cabc6e44f55b3880e:b1ef3365-dfbf-4d8f-8ac8-75f4f84d6f4a::,TF_VAR_existing_kms_instance_guid=${{ vars.HPCS_SOUTH_GUID }},TF_VAR_kms_key_crn=${{ vars.HPCS_SOUTH_KEY_CRN }}"
+      craRuleIgnoreFile: "cra-tf-validate-ignore-rules.json"
+      craEnvironmentVariables: "TF_VAR_existing_at_instance_crn=${{ vars.AT_INSTANCE_CRN }},TF_VAR_existing_kms_instance_guid=${{ vars.HPCS_SOUTH_GUID }},TF_VAR_kms_key_crn=${{ vars.HPCS_SOUTH_KEY_CRN }}"

README.md

@@ -53,13 +53,11 @@ You need the following permissions to run this module.
 <!-- BEGIN EXAMPLES HOOK -->
 ## Examples
 
-- [ Autoscale example](examples/autoscale)
 - [ Restore from backup example](examples/backup)
-- [ Complete example with byok encryption, CBR rules and storing credentials in secrets manager](examples/complete)
-- [ Default example](examples/default)
+- [ Basic example](examples/basic)
+- [ Complete example with BYOK encryption, autoscaling, CBR rules, VPE creation and read-only replica provisioning](examples/complete)
 - [ Financial Services Cloud profile example](examples/fscloud)
 - [ Point in time recovery example (PITR)](examples/pitr)
-- [ Replica example](examples/replica)
 <!-- END EXAMPLES HOOK -->
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements

common-dev-assets

@@ -0,0 +1,16 @@
+{
+  "scc_rules": [
+    {
+      "scc_rule_id": "rule-9b2d8054-bc93-44fd-901b-91f677287e84",
+      "description": "Check whether Databases for PostgreSQL network access is restricted to a specific IP range",
+      "ignore_reason": "This module supports restricting network access using Context Based Restrictions (CBRs), however SCC does not yet support scanning for CBR rules, hence the rule currently fails. SCC CBR support is being tracked in AHA SCC-961",
+      "is_valid": true
+    },
+    {
+      "scc_rule_id": "rule-216e2449-27d7-4afc-929a-b66e196a9cf9",
+      "description": "Check whether Flow Logs for VPC are enabled",
+      "ignore_reason": "This rule is not relevant to the module itself, just the VPC resource is used in the example that is scanned",
+      "is_valid": false
+    }
+  ]
+}

cra-tf-validate-ignore-goals.json

@@ -14,6 +14,7 @@ module "postgresql_db" {
   source            = "../.."
   resource_group_id = module.resource_group.resource_group_id
   name              = "${var.prefix}-postgres"
+  pg_version        = var.pg_version
   region            = var.region
   resource_tags     = var.resource_tags
 }
@@ -28,6 +29,7 @@ module "restored_postgresql_db" {
   source            = "../.."
   resource_group_id = module.resource_group.resource_group_id
   name              = "${var.prefix}-postgres-restored"
+  pg_version        = var.pg_version
   region            = var.region
   resource_tags     = var.resource_tags
   backup_crn        = var.postgresql_db_backup_crn == null ? data.ibm_database_backups.backup_database[0].backups[0].backup_id : var.postgresql_db_backup_crn

cra-tf-validate-ignore-rules.json

@@ -16,6 +16,12 @@ variable "prefix" {
   default     = "pg-res"
 }
 
+variable "pg_version" {
+  description = "Version of the postgresql instance"
+  type        = string
+  default     = null
+}
+
 variable "resource_group" {
   type        = string
   description = "An existing resource group name to use for this example, if unset a new resource group will be created"