From 45cdadf0324c585c25a7bd61d67eb212dbfaa80b Mon Sep 17 00:00:00 2001 From: Todd Giguere Date: Tue, 3 Sep 2024 07:49:36 -0400 Subject: [PATCH 01/15] feat: initial commit of new roks flavor stack --- ibm_catalog.json | 363 +++++++- .../catalogValidationValues.json.template | 4 + solutions/openshift/stack_definition.json | 787 ++++++++++++++++++ 3 files changed, 1150 insertions(+), 4 deletions(-) create mode 100644 solutions/openshift/catalogValidationValues.json.template create mode 100644 solutions/openshift/stack_definition.json diff --git a/ibm_catalog.json b/ibm_catalog.json index c643551..d28634a 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -143,14 +143,368 @@ { "service_name": "databases-for-elasticsearch", "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Editor" + "crn:v1:bluemix:public:iam::::role:Editor" + ] + }, + { + "service_name": "event-notifications", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ] + } + ], + "architecture": { + "features": [ + { + "title": "Retrieval Augmented Generation sample pattern", + "description": "Deploy a banking retrieval augmented generation (RAG) sample application to IBM Cloud Code Engine using Continous Delivery." + }, + { + "title": "Ensure Observability", + "description": "The architecture provides observability by deploying services such as IBM Log Analysis, IBM Monitoring, IBM Activity Tracker, and log retention through Cloud Object Storage buckets." + }, + { + "title": "Implement Security", + "description": "The architecture ensures security by deploying IBM Key Protect and IBM Secrets Manager." + }, + { + "title": "Achieve Regulatory Compliance", + "description": "The architecture ensures regulatory compliance by implementing CI/CD/CC pipelines, along with IBM Security Compliance Center (SCC) for secure application lifecycle management." + }, + { + "title": "Establish Trust", + "description": "The architecture ensures trust by configuring the IBM Cloud account to align with compliance settings as defined in the Financial Services framework." + } + ], + "diagrams": [ + { + "diagram": { + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/RAG Pattern v2-part-2.svg", + "caption": "Reference architecture", + "type": "image/svg+xml", + "thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/RAG Pattern v2-part-2.svg" + }, + "description": "Reference architecture" + }, + { + "diagram": { + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/rag-stack.svg", + "caption": "Solution components", + "type": "image/svg+xml", + "thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/rag-stack.svg" + }, + "description": "Solution components" + } + ] + }, + "configuration": [ + { + "key": "prefix", + "type": "string", + "description": "A prefix added to the name of all resources created by this solution. Used to avoid name clashes in the target account when existing this solution multiple times.", + "default_value": "rag", + "required": true + }, + { + "key": "ibmcloud_api_key", + "type": "password", + "description": "The API Key used to provision all resources created in this solution.", + "required": true + }, + { + "key": "signing_key", + "type": "password", + "description": "The key used to sign the application image built by the CI pipeline deployed in this solution; please refer to the documentation at https://github.com/terraform-ibm-modules/stack-retrieval-augmented-generation/blob/main/README.md for generating the key; if not set, all resources will deploy successfully, but the initial CI pipeline execution will fail at the signing step.", + "display_name": "Multiline secure value", + "default_value": "replace", + "required": false, + "custom_config": { + "type": "multiline_secure_value", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "region", + "type": "string", + "default_value": "us-south", + "description": "The region in which all resources are deployed.", + "required": false, + "options": [ + { + "displayname": "us-south", + "value": "us-south" + }, + { + "displayname": "eu-de", + "value": "eu-de" + } + ] + }, + { + "key": "resource_group_name", + "type": "string", + "default_value": "rag-services", + "description": "The name of the resource group that is created by this solution. The actual name is prefixed with the value of the input 'prefix'. All resources created by this solution are deployed in this resource group. ", + "required": false + }, + { + "key": "existing_resource_group_name", + "type": "string", + "default_value": "__NULL__", + "description": "The name of an existing resource group that is used by this solution. Prefix is NOT used for existing resource group. All resources created by this solution are deployed in this resource group. ", + "required": false + }, + { + "key": "watsonx_admin_api_key", + "type": "password", + "description": "The API key used to provision the watson project resources. If not set, the API key used to deploy the solution is used.", + "required": false + }, + { + "key": "secret_manager_service_plan", + "type": "string", + "default_value": "trial", + "description": "The service/pricing plan to use when provisioning a new Secrets Manager instance. Only one trial instance is allowed per account.", + "required": false, + "options": [ + { + "displayname": "Trial", + "value": "trial" + }, + { + "displayname": "Standard", + "value": "standard" + } + ] + }, + { + "key": "existing_secrets_manager_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing secret manager instance to use in this solution. If not set, a new secret manager instance is provisioned.", + "required": false + }, + { + "key": "enable_platform_logs_metrics", + "type": "boolean", + "default_value": false, + "description": "Whether to provision logging and monitoring instances are configured to receive all platform logs and metrics in the target region. There can only be one instance per region provisioned for platform logs/metrics.", + "required": false + }, + { + "key": "sample_app_git_url", + "type": "string", + "default_value": "https://github.com/IBM/gen-ai-rag-watsonx-sample-application", + "description": "The URL to the public git repository containing the sample rag application code.", + "required": false + }, + { + "key": "existing_kms_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing KMS instance to use in this solution. If not set, a new KP instance is provisioned.", + "required": false + }, + { + "key": "existing_en_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing event notification instance to use in this solution. If not set, a new event notification instance is provisioned.", + "required": false + }, + { + "key": "elasticsearch_plan", + "type": "string", + "default_value": "enterprise", + "description": "The pricing plan for the Databases for Elasticsearch instance.", + "required": false, + "options": [ + { + "displayname": "Enterprise", + "value": "enterprise" + }, + { + "displayname": "Platinum", + "value": "platinum" + } + ] + }, + { + "key": "existing_discovery_instance", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing WatsonX SaaS discovery instance to use in this solution. If not set, a new discovery instance is provisioned depending on which plan is selected.", + "required": false + }, + { + "key": "existing_assistant_instance", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing WatsonX SaaS assistant instance to use in this solution. If not set, a new assistant instance is provisioned depending on which plan is selected.", + "required": false + }, + { + "key": "existing_governance_instance", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing WatsonX SaaS governance instance to use in this solution. If not set, a new governance instance is provisioned depending on which plan is selected.", + "required": false + }, + { + "key": "existing_studio_instance", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing WatsonX SaaS studio instance to use in this solution. If not set, a new studio instance is provisioned depending on which plan is selected.", + "required": false + }, + { + "key": "existing_machine_learning_instance", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing WatsonX SaaS machine learning instance to use in this solution. If not set, a new machine learning instance is provisioned depending on which plan is selected.", + "required": false + }, + { + "key": "existing_db_instance_crn", + "type": "string", + "default_value": "__NULL__", + "description": "The CRN of an existing elasticsearch instance to use in this solution. If not set, a new elasticsearch instance is provisioned.", + "required": false + } + ], + "outputs": [ + { + "key": "elasticsearch_hostname", + "description": "Elasticsearch instance hostname." + }, + { + "key": "elasticsearch_port", + "description": "Elasticsearch instance port." + }, + { + "key": "elasticsearch_service_credentials_json", + "description": "Elasticsearch instance service credentials json map." + }, + { + "key": "elasticsearch_crn", + "description": "Elasticsearch instance crn." + }, + { + "key": "watsonx_project_url", + "description": "The URL to the WatsonX project for the sample RAG application." + }, + { + "key": "watsonx_project_id", + "description": "The ID for the WatsonX project for the sample RAG application." + }, + { + "key": "watson_discovery_api_url", + "description": "The URL to the Watson Discovery API endpoint." + }, + { + "key": "watson_discovery_project_id", + "description": "The ID for the Watson Discovery project for the sample RAG application." + } + ], + "install_type": "fullstack" + }, + { + "label": "Red Hat OpenShift", + "name": "openshift", + "working_directory": "solutions/openshift", + "compliance": { + "authority": "scc-v3", + "profiles": [ + { + "profile_name": "AI ICT Guardrails", + "profile_version": "1.0.0" + } + ] + }, + "iam_permissions": [ + { + "service_name": "iam-groups", + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator" + ] + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "cloud-object-storage" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "service_name": "iam-identity" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Writer", + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "service_name": "atracker" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "kms" + }, + { + "service_name": "compliance", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ] + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "pm-20" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "data-science-experience" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "aiopenscale" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "conversation" + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "discovery" + }, + { + "service_name": "databases-for-elasticsearch", + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" ] }, { "service_name": "event-notifications", "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" ] } ], @@ -248,7 +602,8 @@ "default_value": "rag-services", "description": "The name of the resource group that is created by this solution. The actual name is prefixed with the value of the input 'prefix'. All resources created by this solution are deployed in this resource group. ", "required": false - }, { + }, + { "key": "existing_resource_group_name", "type": "string", "default_value": "__NULL__", diff --git a/solutions/openshift/catalogValidationValues.json.template b/solutions/openshift/catalogValidationValues.json.template new file mode 100644 index 0000000..2d3d4bf --- /dev/null +++ b/solutions/openshift/catalogValidationValues.json.template @@ -0,0 +1,4 @@ +{ + "ibmcloud_api_key": $VALIDATION_APIKEY, + "prefix": $PREFIX +} diff --git a/solutions/openshift/stack_definition.json b/solutions/openshift/stack_definition.json new file mode 100644 index 0000000..5a259d1 --- /dev/null +++ b/solutions/openshift/stack_definition.json @@ -0,0 +1,787 @@ +{ + "inputs": [ + { + "name": "prefix", + "required": true, + "type": "string", + "hidden": false, + "default": "rag" + }, + { + "name": "secret_manager_service_plan", + "required": false, + "type": "string", + "hidden": false, + "default": "trial" + }, + { + "name": "watsonx_admin_api_key", + "required": false, + "type": "password", + "hidden": false + }, + { + "name": "resource_group_name", + "required": false, + "type": "string", + "hidden": false + }, + { + "name": "existing_resource_group_name", + "required": false, + "type": "string", + "hidden": false, + "default": null + }, + { + "name": "region", + "required": false, + "type": "string", + "hidden": false, + "default": "us-south" + }, + { + "name": "sample_app_git_url", + "required": false, + "type": "string", + "hidden": false, + "default": "https://github.com/IBM/gen-ai-rag-watsonx-sample-application" + }, + { + "name": "signing_key", + "required": false, + "type": "password", + "hidden": false, + "default": "replace" + }, + { + "name": "existing_secrets_manager_crn", + "required": false, + "type": "string", + "hidden": false, + "default": null + }, + { + "name": "existing_kms_instance_crn", + "required": false, + "type": "string", + "hidden": false, + "default": null + }, + { + "name": "existing_en_instance_crn", + "required": false, + "type": "string", + "hidden": false, + "default": null + }, + { + "name": "enable_platform_logs_metrics", + "required": false, + "type": "boolean", + "hidden": false, + "default": false + }, + { + "name": "elasticsearch_plan", + "required": false, + "type": "string", + "hidden": false, + "default": "enterprise" + }, + { + "name": "existing_discovery_instance", + "required": false, + "type": "string", + "hidden": false, + "default": null + }, + { + "name": "existing_assistant_instance", + "required": false, + "type": "string", + "hidden": false, + "default": null + }, + { + "name": "existing_governance_instance", + "required": false, + "type": "string", + "hidden": false, + "default": null + }, + { + "name": "existing_studio_instance", + "required": false, + "type": "string", + "hidden": false, + "default": null + }, + { + "name": "existing_machine_learning_instance", + "required": false, + "type": "string", + "hidden": false, + "default": null + }, + { + "name": "existing_db_instance_crn", + "required": false, + "type": "string", + "hidden": false, + "default": null + } + ], + "members": [ + { + "name": "Account Infrastructure Base", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.7546bd0d-010e-4e34-90d5-5bd7d2fa820c-global", + "inputs": [ + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "ibmcloud_api_key", + "value": "" + }, + { + "name": "region", + "value": "ref:../../inputs/region" + }, + { + "name": "security_resource_group_name", + "value": "ref:../../inputs/resource_group_name" + }, + { + "name": "audit_resource_group_name", + "value": "ref:../../inputs/resource_group_name" + }, + { + "name": "observability_resource_group_name", + "value": "ref:../../inputs/resource_group_name" + }, + { + "name": "management_resource_group_name", + "value": "ref:../../inputs/resource_group_name" + }, + { + "name": "workload_resource_group_name", + "value": "ref:../../inputs/resource_group_name" + }, + { + "name": "edge_resource_group_name", + "value": "ref:../../inputs/resource_group_name" + }, + { + "name": "devops_resource_group_name", + "value": "ref:../../inputs/resource_group_name" + }, + { + "name": "existing_security_resource_group_name", + "value": "ref:../../inputs/existing_resource_group_name" + }, + { + "name": "existing_audit_resource_group_name", + "value": "ref:../../inputs/existing_resource_group_name" + }, + { + "name": "existing_observability_resource_group_name", + "value": "ref:../../inputs/existing_resource_group_name" + }, + { + "name": "existing_management_resource_group_name", + "value": "ref:../../inputs/existing_resource_group_name" + }, + { + "name": "existing_workload_resource_group_name", + "value": "ref:../../inputs/existing_resource_group_name" + }, + { + "name": "existing_edge_resource_group_name", + "value": "ref:../../inputs/existing_resource_group_name" + }, + { + "name": "existing_devops_resource_group_name", + "value": "ref:../../inputs/existing_resource_group_name" + }, + { + "name": "provision_trusted_profile_projects", + "value": false + } + ] + }, + { + "name": "Baseline Security - Encryption Key Management", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.a58250eb-8af0-4874-842e-88e66f5ffbb8-global", + "inputs": [ + { + "name": "resource_group_name", + "value": "ref:../Account Infrastructure Base/outputs/security_resource_group_name" + }, + { + "name": "use_existing_resource_group", + "value": true + }, + { + "name": "ibmcloud_api_key", + "value": "" + }, + { + "name": "region", + "value": "ref:../../inputs/region" + }, + { + "name": "existing_kms_instance_crn", + "value": "ref:../../inputs/existing_kms_instance_crn" + } + ] + }, + { + "name": "Baseline Security - Logging Monitoring Activity Tracker", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.6d66c3b4-6b0a-4484-a59e-8f490e3ff8b8-global", + "inputs": [ + { + "name": "ibmcloud_api_key", + "value": "" + }, + { + "name": "region", + "value": "ref:../../inputs/region" + }, + { + "name": "existing_kms_instance_crn", + "value": "ref:../Baseline Security - Encryption Key Management/outputs/kms_instance_crn" + }, + { + "name": "resource_group_name", + "value": "ref:../Account Infrastructure Base/outputs/observability_resource_group_name" + }, + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "use_existing_resource_group", + "value": true + }, + { + "name": "enable_platform_logs", + "value": "ref:../../inputs/enable_platform_logs_metrics" + }, + { + "name": "enable_platform_metrics", + "value": "ref:../../inputs/enable_platform_logs_metrics" + } + ] + }, + { + "name": "Baseline Security - Observability Event Notifications", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.ac3acff3-aa75-41f1-a5db-217d7bf6928a-global", + "inputs": [ + { + "name": "kms_endpoint_url", + "value": "ref:../Baseline Security - Encryption Key Management/outputs/kms_private_endpoint" + }, + { + "name": "existing_kms_instance_crn", + "value": "ref:../Baseline Security - Encryption Key Management/outputs/kms_instance_crn" + }, + { + "name": "kms_endpoint_type", + "value": "private" + }, + { + "name": "resource_group_name", + "value": "ref:../Account Infrastructure Base/outputs/observability_resource_group_name" + }, + { + "name": "use_existing_resource_group", + "value": true + }, + { + "name": "region", + "value": "ref:../../inputs/region" + }, + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "existing_monitoring_crn", + "value": "ref:../Baseline Security - Logging Monitoring Activity Tracker/outputs/cloud_monitoring_crn" + }, + { + "name": "existing_en_instance_crn", + "value": "ref:../../inputs/existing_en_instance_crn" + } + ] + }, + { + "name": "Baseline Security - Secrets Manager", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.266ee06f-e0d3-486e-8016-c5ce25845680-global", + "inputs": [ + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "resource_group_name", + "value": "ref:../Account Infrastructure Base/outputs/security_resource_group_name" + }, + { + "name": "ibmcloud_api_key", + "value": "" + }, + { + "name": "region", + "value": "ref:../../inputs/region" + }, + { + "name": "existing_kms_instance_crn", + "value": "ref:../Baseline Security - Encryption Key Management/outputs/kms_instance_crn" + }, + { + "name": "use_existing_resource_group", + "value": true + }, + { + "name": "existing_secrets_manager_crn", + "value": "ref:../../inputs/existing_secrets_manager_crn" + }, + { + "name": "service_plan", + "value": "ref:../../inputs/secret_manager_service_plan" + }, + { + "name": "existing_event_notification_instance_crn", + "value": "ref:../Baseline Security - Observability Event Notifications/outputs/crn" + } + ] + }, + { + "name": "Baseline Security - Security Compliance Center", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.86ecc32b-65b6-4cb9-b263-2815138c47bc-global", + "inputs": [ + { + "name": "ibmcloud_api_key", + "value": "" + }, + { + "name": "cos_region", + "value": "ref:../../inputs/region" + }, + { + "name": "scc_region", + "value": "ref:../../inputs/region" + }, + { + "name": "resource_group_name", + "value": "ref:../Account Infrastructure Base/outputs/audit_resource_group_name" + }, + { + "name": "existing_kms_instance_crn", + "value": "ref:../Baseline Security - Encryption Key Management/outputs/kms_instance_crn" + }, + { + "name": "use_existing_resource_group", + "value": true + }, + { + "name": "provision_scc_workload_protection", + "value": false + }, + { + "name": "existing_en_crn", + "value": "ref:../Baseline Security - Observability Event Notifications/outputs/crn" + } + ] + }, + { + "name": "Gen AI - Databases for Elasticsearch", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.2d84cdb9-84a9-4487-880d-574c47482646-global", + "inputs": [ + { + "name": "use_existing_resource_group", + "value": true + }, + { + "name": "resource_group_name", + "value": "ref:../../members/Account Infrastructure Base/outputs/workload_resource_group_name" + }, + { + "name": "region", + "value": "ref:../../inputs/region" + }, + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "plan", + "value": "ref:../../inputs/elasticsearch_plan" + }, + { + "name": "elasticsearch_version", + "value": "8.12" + }, + { + "name": "existing_kms_instance_crn", + "value": "ref:../../members/Baseline Security - Encryption Key Management/outputs/kms_instance_crn" + }, + { + "name": "kms_endpoint_type", + "value": "private" + }, + { + "name": "member_host_flavor", + "value": "b3c.4x16.encrypted" + }, + { + "name": "service_credential_names", + "value": { + "elastic_db_admin": "Administrator", + "wxasst_db_user": "Editor", + "toolchain_db_user": "Editor" + } + }, + { + "name": "existing_db_instance_crn", + "value": "ref:../../inputs/existing_db_instance_crn" + } + ] + }, + { + "name": "Gen AI - WatsonX SaaS services", + "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.6da72ae0-73c6-43f5-adc5-9d78f08be81d-global", + "inputs": [ + { + "name": "ibmcloud_api_key", + "value": "" + }, + { + "name": "watsonx_admin_api_key", + "value": "ref:../../inputs/watsonx_admin_api_key" + }, + { + "name": "resource_group_name", + "value": "ref:../Account Infrastructure Base/outputs/workload_resource_group_name" + }, + { + "name": "location", + "value": "ref:../../inputs/region" + }, + { + "name": "resource_prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "use_existing_resource_group", + "value": true + }, + { + "name": "watson_machine_learning_plan", + "value": "v2-standard" + }, + { + "name": "existing_machine_learning_instance", + "value": "ref:../../inputs/existing_machine_learning_instance" + }, + { + "name": "watson_studio_plan", + "value": "professional-v1" + }, + { + "name": "existing_studio_instance", + "value": "ref:../../inputs/existing_studio_instance" + }, + { + "name": "watson_discovery_plan", + "value": "do not install" + }, + { + "name": "existing_discovery_instance", + "value": "ref:../../inputs/existing_discovery_instance" + }, + { + "name": "watsonx_assistant_plan", + "value": "plus" + }, + { + "name": "existing_assistant_instance", + "value": "ref:../../inputs/existing_assistant_instance" + }, + { + "name": "watsonx_governance_plan", + "value": "do not install" + }, + { + "name": "existing_governance_instance", + "value": "ref:../../inputs/existing_governance_instance" + }, + { + "name": "cos_kms_crn", + "value": "ref:../Baseline Security - Encryption Key Management/outputs/kms_instance_crn" + } + ] + }, + { + "name": "Workload - Red Hat OpenShift Container Platform on VPC", + "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.05be05c6-ee02-4081-9f2c-6aff703afbb6-global", + "inputs": [ + { + "name": "ibmcloud_api_key", + "value": "" + }, + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "region", + "value": "ref:../../inputs/region" + }, + { + "name": "vpcs", + "value": [ + "workload" + ] + }, + { + "name": "enable_transit_gateway", + "value": false + }, + { + "name": "add_atracker_route", + "value": false + }, + { + "name": "existing_kms_instance_name", + "value": "ref:../../members/Baseline Security - Encryption Key Management/outputs/key_protect_name" + }, + { + "name": "existing_kms_resource_group", + "value": "ref:../Account Infrastructure Base/outputs/security_resource_group_name" + }, + { + "name": "existing_kms_endpoint_type", + "value": "private" + }, + { + "name": "existing_cos_instance_name", + "value": "ref:../Baseline Security - Logging Monitoring Activity Tracker/outputs/cos_instance_name" + }, + { + "name": "existing_cos_resource_group", + "value": "ref:../Account Infrastructure Base/outputs/observability_resource_group_name" + }, + { + "name": "existing_cos_endpoint_type", + "value": "private" + }, + { + "name": "use_existing_cos_for_vpc_flowlogs", + "value": true + } + ] + }, + { + "name": "Workload - Application Lifecycle Management", + "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.c3622dde-a31a-44c2-983b-9fe0a67a4e64-global", + "inputs": [ + { + "name": "ibmcloud_api_key", + "value": "" + }, + { + "name": "toolchain_name", + "value": "rag-sample-app" + }, + { + "name": "toolchain_region", + "value": "ref:../../inputs/region" + }, + { + "name": "toolchain_resource_group", + "value": "ref:../Account Infrastructure Base/outputs/devops_resource_group_name" + }, + { + "name": "cluster_name", + "value": "ref:../Workload - Red Hat OpenShift Container Platform on VPC/outputs/workload_cluster_name" + }, + { + "name": "sm_resource_group", + "value": "ref:../Baseline Security - Secrets Manager/outputs/resource_group_name" + }, + { + "name": "sm_name", + "value": "ref:../Baseline Security - Secrets Manager/outputs/secrets_manager_name" + }, + { + "name": "sm_location", + "value": "ref:../Baseline Security - Secrets Manager/outputs/secrets_manager_region" + }, + { + "name": "ci_code_engine_project", + "value": "generative-ai-sample-app-ci-project" + }, + { + "name": "registry_namespace", + "value": "rag-sample-app" + }, + { + "name": "ci_app_repo_clone_from_url", + "value": "ref:../../inputs/sample_app_git_url" + }, + { + "name": "ci_app_repo_clone_from_branch", + "value": "main" + }, + { + "name": "repositories_prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "ci_app_name", + "value": "rag-sample-app" + }, + { + "name": "ci_signing_key_secret_name", + "value": "signing-key" + }, + { + "name": "pipeline_ibmcloud_api_key_secret_name", + "value": "ibmcloud-api-key" + }, + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "add_container_name_suffix", + "value": true + } + ] + }, + { + "name": "Workload - Sample RAG App Configuration", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.d7ea2d8d-b35a-471a-ae83-02b0ea9989b9-global", + "inputs": [ + { + "name": "toolchain_region", + "value": "ref:../../inputs/region" + }, + { + "name": "ibmcloud_api_key", + "value": "" + }, + { + "name": "watson_discovery_region", + "value": "ref:../../inputs/region" + }, + { + "name": "watson_assistant_region", + "value": "ref:../../inputs/region" + }, + { + "name": "watson_assistant_instance_id", + "value": "ref:../Gen AI - WatsonX SaaS services/outputs/watsonx_assistant_guid" + }, + { + "name": "cd_pipeline_id", + "value": "ref:../Workload - Application Lifecycle Management/outputs/cd_pipeline_id" + }, + { + "name": "ci_pipeline_id", + "value": "ref:../Workload - Application Lifecycle Management/outputs/ci_pipeline_id" + }, + { + "name": "watson_machine_learning_instance_guid", + "value": "ref:../Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_guid" + }, + { + "name": "watson_machine_learning_instance_resource_name", + "value": "ref:../Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_name" + }, + { + "name": "watson_machine_learning_instance_crn", + "value": "ref:../Gen AI - WatsonX SaaS services/outputs/watson_machine_learning_crn" + }, + { + "name": "toolchain_resource_group", + "value": "ref:../Account Infrastructure Base/outputs/devops_resource_group_name" + }, + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "resource_group_name", + "value": "ref:../Account Infrastructure Base/outputs/devops_resource_group_name" + }, + { + "name": "use_existing_resource_group", + "value": true + }, + { + "name": "toolchain_region", + "value": "ref:../../inputs/region" + }, + { + "name": "signing_key", + "value": "ref:../../inputs/signing_key" + }, + { + "name": "secrets_manager_guid", + "value": "ref:../Baseline Security - Secrets Manager/outputs/secrets_manager_guid" + }, + { + "name": "secrets_manager_region", + "value": "ref:../Baseline Security - Secrets Manager/outputs/secrets_manager_region" + }, + { + "name": "elastic_instance_crn", + "value": "ref:../Gen AI - Databases for Elasticsearch/outputs/crn" + }, + { + "name": "cos_kms_crn", + "value": "ref:../Baseline Security - Encryption Key Management/outputs/kms_instance_crn" + } + ] + } + ], + "outputs": [ + { + "name": "elasticsearch_hostname", + "value": "ref:../Gen AI - Databases for Elasticsearch/outputs/hostname" + }, + { + "name": "elasticsearch_port", + "value": "ref:../Gen AI - Databases for Elasticsearch/outputs/port" + }, + { + "name": "elasticsearch_service_credentials_json", + "value": "ref:../Gen AI - Databases for Elasticsearch/outputs/service_credentials_json" + }, + { + "name": "elasticsearch_crn", + "value": "ref:../Gen AI - Databases for Elasticsearch/outputs/crn" + }, + { + "name": "watsonx_project_url", + "value": "ref:../Workload - Sample RAG App Configuration/outputs/watsonx_project_url" + }, + { + "name": "watsonx_project_id", + "value": "ref:../Workload - Sample RAG App Configuration/outputs/watsonx_project_id" + }, + { + "name": "watson_discovery_api_url", + "value": "ref:../Workload - Sample RAG App Configuration/outputs/watson_discovery_api_url" + }, + { + "name": "watson_discovery_project_id", + "value": "ref:../Workload - Sample RAG App Configuration/outputs/watson_discovery_project_id" + } + ] +} From f144b8093b2c7a80f4ab7a7b858ba527f744653a Mon Sep 17 00:00:00 2001 From: Todd Giguere Date: Wed, 4 Sep 2024 08:17:51 -0400 Subject: [PATCH 02/15] fix: remove unnecessary input for ALM step --- solutions/openshift/stack_definition.json | 4 ---- 1 file changed, 4 deletions(-) diff --git a/solutions/openshift/stack_definition.json b/solutions/openshift/stack_definition.json index 5a259d1..6435f19 100644 --- a/solutions/openshift/stack_definition.json +++ b/solutions/openshift/stack_definition.json @@ -621,10 +621,6 @@ "name": "sm_location", "value": "ref:../Baseline Security - Secrets Manager/outputs/secrets_manager_region" }, - { - "name": "ci_code_engine_project", - "value": "generative-ai-sample-app-ci-project" - }, { "name": "registry_namespace", "value": "rag-sample-app" From a07233ca515e67e2b5b7d69a9748421865a68cec Mon Sep 17 00:00:00 2001 From: Todd Giguere Date: Thu, 5 Sep 2024 11:30:50 -0400 Subject: [PATCH 03/15] refactor: rename to standard solution --- .../{openshift => standard}/catalogValidationValues.json.template | 0 solutions/{openshift => standard}/stack_definition.json | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename solutions/{openshift => standard}/catalogValidationValues.json.template (100%) rename solutions/{openshift => standard}/stack_definition.json (100%) diff --git a/solutions/openshift/catalogValidationValues.json.template b/solutions/standard/catalogValidationValues.json.template similarity index 100% rename from solutions/openshift/catalogValidationValues.json.template rename to solutions/standard/catalogValidationValues.json.template diff --git a/solutions/openshift/stack_definition.json b/solutions/standard/stack_definition.json similarity index 100% rename from solutions/openshift/stack_definition.json rename to solutions/standard/stack_definition.json From 1faa6dd9c8219dde055ad55187747a1a445a2db0 Mon Sep 17 00:00:00 2001 From: Todd Giguere Date: Thu, 5 Sep 2024 11:44:25 -0400 Subject: [PATCH 04/15] fix: merge in changes from basic into standard --- solutions/standard/stack_definition.json | 127 ++++++++++++----------- 1 file changed, 67 insertions(+), 60 deletions(-) diff --git a/solutions/standard/stack_definition.json b/solutions/standard/stack_definition.json index 6435f19..e2aad19 100644 --- a/solutions/standard/stack_definition.json +++ b/solutions/standard/stack_definition.json @@ -69,7 +69,7 @@ "default": null }, { - "name": "existing_en_instance_crn", + "name": "existing_event_notification_instance_crn", "required": false, "type": "string", "hidden": false, @@ -82,13 +82,6 @@ "hidden": false, "default": false }, - { - "name": "elasticsearch_plan", - "required": false, - "type": "string", - "hidden": false, - "default": "enterprise" - }, { "name": "existing_discovery_instance", "required": false, @@ -97,7 +90,7 @@ "default": null }, { - "name": "existing_assistant_instance", + "name": "existing_assistant_instance_crn", "required": false, "type": "string", "hidden": false, @@ -125,7 +118,7 @@ "default": null }, { - "name": "existing_db_instance_crn", + "name": "existing_elasticsearch_instance_crn", "required": false, "type": "string", "hidden": false, @@ -135,7 +128,7 @@ "members": [ { "name": "Account Infrastructure Base", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.7546bd0d-010e-4e34-90d5-5bd7d2fa820c-global", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.957fb9a6-fd43-4d5a-b29d-9c76695fa91a-global", "inputs": [ { "name": "prefix", @@ -212,8 +205,8 @@ ] }, { - "name": "Baseline Security - Encryption Key Management", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.a58250eb-8af0-4874-842e-88e66f5ffbb8-global", + "name": "Essential Security - Encryption Key Management", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.206bfa3d-3bbe-435e-adb9-dd244fdaad86-global", "inputs": [ { "name": "resource_group_name", @@ -238,8 +231,8 @@ ] }, { - "name": "Baseline Security - Logging Monitoring Activity Tracker", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.6d66c3b4-6b0a-4484-a59e-8f490e3ff8b8-global", + "name": "Essential Security - Logging Monitoring Activity Tracker", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.9a4b4855-07a5-43a0-af1d-ef44e091821c-global", "inputs": [ { "name": "ibmcloud_api_key", @@ -251,7 +244,7 @@ }, { "name": "existing_kms_instance_crn", - "value": "ref:../Baseline Security - Encryption Key Management/outputs/kms_instance_crn" + "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" }, { "name": "resource_group_name", @@ -276,16 +269,16 @@ ] }, { - "name": "Baseline Security - Observability Event Notifications", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.ac3acff3-aa75-41f1-a5db-217d7bf6928a-global", + "name": "Essential Security - Observability Event Notifications", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.ee7b0d6c-3603-40fb-953b-4bdbd43c3cbe-global", "inputs": [ { "name": "kms_endpoint_url", - "value": "ref:../Baseline Security - Encryption Key Management/outputs/kms_private_endpoint" + "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_private_endpoint" }, { "name": "existing_kms_instance_crn", - "value": "ref:../Baseline Security - Encryption Key Management/outputs/kms_instance_crn" + "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" }, { "name": "kms_endpoint_type", @@ -309,17 +302,17 @@ }, { "name": "existing_monitoring_crn", - "value": "ref:../Baseline Security - Logging Monitoring Activity Tracker/outputs/cloud_monitoring_crn" + "value": "ref:../Essential Security - Logging Monitoring Activity Tracker/outputs/cloud_monitoring_crn" }, { "name": "existing_en_instance_crn", - "value": "ref:../../inputs/existing_en_instance_crn" + "value": "ref:../../inputs/existing_event_notification_instance_crn" } ] }, { - "name": "Baseline Security - Secrets Manager", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.266ee06f-e0d3-486e-8016-c5ce25845680-global", + "name": "Essential Security - Secrets Manager", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.f98df044-b1c7-4f38-86db-6438e76a35bf-global", "inputs": [ { "name": "prefix", @@ -339,7 +332,7 @@ }, { "name": "existing_kms_instance_crn", - "value": "ref:../Baseline Security - Encryption Key Management/outputs/kms_instance_crn" + "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" }, { "name": "use_existing_resource_group", @@ -355,18 +348,26 @@ }, { "name": "existing_event_notification_instance_crn", - "value": "ref:../Baseline Security - Observability Event Notifications/outputs/crn" + "value": "ref:../Essential Security - Observability Event Notifications/outputs/crn" + }, + { + "name": "enable_event_notification", + "value": true } ] }, { - "name": "Baseline Security - Security Compliance Center", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.86ecc32b-65b6-4cb9-b263-2815138c47bc-global", + "name": "Essential Security - Security Compliance Center", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.c689955e-d4ad-4f9e-8bdc-c8929dd5991a-global", "inputs": [ { "name": "ibmcloud_api_key", "value": "" }, + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, { "name": "cos_region", "value": "ref:../../inputs/region" @@ -381,7 +382,7 @@ }, { "name": "existing_kms_instance_crn", - "value": "ref:../Baseline Security - Encryption Key Management/outputs/kms_instance_crn" + "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" }, { "name": "use_existing_resource_group", @@ -393,13 +394,19 @@ }, { "name": "existing_en_crn", - "value": "ref:../Baseline Security - Observability Event Notifications/outputs/crn" + "value": "ref:../Essential Security - Observability Event Notifications/outputs/crn" + }, + { + "name": "profile_attachments", + "value": [ + "AI Security Guardrails 2.0" + ] } ] }, { "name": "Gen AI - Databases for Elasticsearch", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.2d84cdb9-84a9-4487-880d-574c47482646-global", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.1b14c633-2d83-49a9-a9ee-4ce5921e22e1-global", "inputs": [ { "name": "use_existing_resource_group", @@ -419,7 +426,7 @@ }, { "name": "plan", - "value": "ref:../../inputs/elasticsearch_plan" + "value": "enterprise" }, { "name": "elasticsearch_version", @@ -427,7 +434,7 @@ }, { "name": "existing_kms_instance_crn", - "value": "ref:../../members/Baseline Security - Encryption Key Management/outputs/kms_instance_crn" + "value": "ref:../../members/Essential Security - Encryption Key Management/outputs/kms_instance_crn" }, { "name": "kms_endpoint_type", @@ -435,7 +442,11 @@ }, { "name": "member_host_flavor", - "value": "b3c.4x16.encrypted" + "value": "multitenant" + }, + { + "name": "member_cpu_count", + "value": 0 }, { "name": "service_credential_names", @@ -447,13 +458,13 @@ }, { "name": "existing_db_instance_crn", - "value": "ref:../../inputs/existing_db_instance_crn" + "value": "ref:../../inputs/existing_elasticsearch_instance_crn" } ] }, { "name": "Gen AI - WatsonX SaaS services", - "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.6da72ae0-73c6-43f5-adc5-9d78f08be81d-global", + "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.9e2f1ef3-4ab2-4e08-a302-64c0f63989a2-global", "inputs": [ { "name": "ibmcloud_api_key", @@ -509,7 +520,7 @@ }, { "name": "existing_assistant_instance", - "value": "ref:../../inputs/existing_assistant_instance" + "value": "ref:../../inputs/existing_assistant_instance_crn" }, { "name": "watsonx_governance_plan", @@ -521,7 +532,7 @@ }, { "name": "cos_kms_crn", - "value": "ref:../Baseline Security - Encryption Key Management/outputs/kms_instance_crn" + "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" } ] }, @@ -557,7 +568,7 @@ }, { "name": "existing_kms_instance_name", - "value": "ref:../../members/Baseline Security - Encryption Key Management/outputs/key_protect_name" + "value": "ref:../../members/Essential Security - Encryption Key Management/outputs/key_protect_name" }, { "name": "existing_kms_resource_group", @@ -569,7 +580,7 @@ }, { "name": "existing_cos_instance_name", - "value": "ref:../Baseline Security - Logging Monitoring Activity Tracker/outputs/cos_instance_name" + "value": "ref:../Essential Security - Logging Monitoring Activity Tracker/outputs/cos_instance_name" }, { "name": "existing_cos_resource_group", @@ -605,34 +616,30 @@ "name": "toolchain_resource_group", "value": "ref:../Account Infrastructure Base/outputs/devops_resource_group_name" }, - { - "name": "cluster_name", - "value": "ref:../Workload - Red Hat OpenShift Container Platform on VPC/outputs/workload_cluster_name" - }, { "name": "sm_resource_group", - "value": "ref:../Baseline Security - Secrets Manager/outputs/resource_group_name" + "value": "ref:../Essential Security - Secrets Manager/outputs/resource_group_name" }, { "name": "sm_name", - "value": "ref:../Baseline Security - Secrets Manager/outputs/secrets_manager_name" + "value": "ref:../Essential Security - Secrets Manager/outputs/secrets_manager_name" }, { "name": "sm_location", - "value": "ref:../Baseline Security - Secrets Manager/outputs/secrets_manager_region" + "value": "ref:../Essential Security - Secrets Manager/outputs/secrets_manager_region" + }, + { + "name": "cluster_name", + "value": "ref:../Workload - Red Hat OpenShift Container Platform on VPC/outputs/workload_cluster_name" }, { "name": "registry_namespace", - "value": "rag-sample-app" + "value": "rag-app" }, { "name": "ci_app_repo_clone_from_url", "value": "ref:../../inputs/sample_app_git_url" }, - { - "name": "ci_app_repo_clone_from_branch", - "value": "main" - }, { "name": "repositories_prefix", "value": "ref:../../inputs/prefix" @@ -653,6 +660,10 @@ "name": "prefix", "value": "ref:../../inputs/prefix" }, + { + "name": "create_icr_namespace", + "value": true + }, { "name": "add_container_name_suffix", "value": true @@ -661,7 +672,7 @@ }, { "name": "Workload - Sample RAG App Configuration", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.d7ea2d8d-b35a-471a-ae83-02b0ea9989b9-global", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.322cd315-4920-4d07-8724-dd10f31e5d1d-global", "inputs": [ { "name": "toolchain_region", @@ -719,21 +730,17 @@ "name": "use_existing_resource_group", "value": true }, - { - "name": "toolchain_region", - "value": "ref:../../inputs/region" - }, { "name": "signing_key", "value": "ref:../../inputs/signing_key" }, { "name": "secrets_manager_guid", - "value": "ref:../Baseline Security - Secrets Manager/outputs/secrets_manager_guid" + "value": "ref:../Essential Security - Secrets Manager/outputs/secrets_manager_guid" }, { "name": "secrets_manager_region", - "value": "ref:../Baseline Security - Secrets Manager/outputs/secrets_manager_region" + "value": "ref:../Essential Security - Secrets Manager/outputs/secrets_manager_region" }, { "name": "elastic_instance_crn", @@ -741,7 +748,7 @@ }, { "name": "cos_kms_crn", - "value": "ref:../Baseline Security - Encryption Key Management/outputs/kms_instance_crn" + "value": "ref:../Essential Security - Encryption Key Management/outputs/kms_instance_crn" } ] } From b9d8cb26bb7d71f59f1dc61c78b0d1aa59fa7d82 Mon Sep 17 00:00:00 2001 From: Todd Giguere Date: Thu, 5 Sep 2024 14:37:51 -0400 Subject: [PATCH 05/15] feat: use elasticsearch platinum in standard variation --- solutions/standard/stack_definition.json | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/solutions/standard/stack_definition.json b/solutions/standard/stack_definition.json index e2aad19..0bbc73b 100644 --- a/solutions/standard/stack_definition.json +++ b/solutions/standard/stack_definition.json @@ -426,7 +426,7 @@ }, { "name": "plan", - "value": "enterprise" + "value": "platinum" }, { "name": "elasticsearch_version", @@ -442,11 +442,19 @@ }, { "name": "member_host_flavor", - "value": "multitenant" + "value": "b3c.4x16.encrypted" }, { "name": "member_cpu_count", - "value": 0 + "value": 3 + }, + { + "name": "enable_elser_model", + "value": true + }, + { + "name": "elser_model_type", + "value": ".elser_model_2_linux-x86_64" }, { "name": "service_credential_names", From 7db64e68ea7584f63ba62287f0d2a348593f7f54 Mon Sep 17 00:00:00 2001 From: Todd Giguere Date: Thu, 5 Sep 2024 14:49:07 -0400 Subject: [PATCH 06/15] fix: ibm catalog entry for standard --- ibm_catalog.json | 57 ++++++++++++++++++++++++++++-------------------- 1 file changed, 33 insertions(+), 24 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index e0a8fd6..0455a62 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -411,14 +411,14 @@ "install_type": "fullstack" }, { - "label": "Red Hat OpenShift", - "name": "openshift", - "working_directory": "solutions/openshift", + "label": "Standard (Deploy on Red Hat OpenShift)", + "name": "standard", + "working_directory": "solutions/standard", "compliance": { "authority": "scc-v3", "profiles": [ { - "profile_name": "AI ICT Guardrails", + "profile_name": "AI Security Guardrails 2.0", "profile_version": "1.0.0" } ] @@ -534,19 +534,19 @@ "diagrams": [ { "diagram": { - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/RAG Pattern v2-part-2.svg", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/dev-rag/main/reference-architecture/rag-pattern.svg", "caption": "Reference architecture", "type": "image/svg+xml", - "thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/RAG Pattern v2-part-2.svg" + "thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/dev-rag/main/reference-architecture/rag-pattern.svg" }, "description": "Reference architecture" }, { "diagram": { - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/rag-stack.svg", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/dev-rag/main/reference-architecture/rag-stack.svg", "caption": "Solution components", "type": "image/svg+xml", - "thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/rag-stack.svg" + "thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/dev-rag/main/reference-architecture/rag-stack.svg" }, "description": "Solution components" } @@ -600,14 +600,14 @@ "key": "resource_group_name", "type": "string", "default_value": "rag-services", - "description": "The name of the resource group that is created by this solution. The actual name is prefixed with the value of the input 'prefix'. All resources created by this solution are deployed in this resource group. ", + "description": "The name of the resource group that is created by this solution. The actual name is prefixed with the value of the input 'prefix'. All resources created by this solution are deployed in this resource group.", "required": false }, { "key": "existing_resource_group_name", "type": "string", "default_value": "__NULL__", - "description": "The name of an existing resource group that is used by this solution, takes precedence over resource_group_name. Prefix is NOT used for existing resource group. All resources created by this solution are deployed in this resource group.", + "description": "The name of an existing resource group that is used by this solution. Prefix is NOT used for existing resource group. All resources created by this solution are deployed in this resource group. ", "required": false }, { @@ -662,12 +662,29 @@ "required": false }, { - "key": "existing_event_notification_instance_crn", + "key": "existing_en_instance_crn", "type": "string", "default_value": "__NULL__", "description": "The CRN of an existing event notification instance to use in this solution. If not set, a new event notification instance is provisioned.", "required": false }, + { + "key": "elasticsearch_plan", + "type": "string", + "default_value": "platinum", + "description": "The pricing plan for the Databases for Elasticsearch instance.", + "required": false, + "options": [ + { + "displayname": "Enterprise", + "value": "enterprise" + }, + { + "displayname": "Platinum", + "value": "platinum" + } + ] + }, { "key": "existing_discovery_instance", "type": "string", @@ -704,7 +721,7 @@ "required": false }, { - "key": "existing_elasticsearch_instance_crn", + "key": "existing_db_instance_crn", "type": "string", "default_value": "__NULL__", "description": "The CRN of an existing elasticsearch instance to use in this solution. If not set, a new elasticsearch instance is provisioned.", @@ -714,35 +731,27 @@ "outputs": [ { "key": "elasticsearch_hostname", - "description": "The hostname of the Elasticsearch instance." + "description": "Elasticsearch instance hostname." }, { "key": "elasticsearch_port", - "description": "The port of the Elasticsearch instance." + "description": "Elasticsearch instance port." }, { "key": "elasticsearch_service_credentials_json", - "description": "The service credentials of the Elasticsearch instance." + "description": "Elasticsearch instance service credentials json map." }, { "key": "elasticsearch_crn", - "description": "The CRN of the Elasticsearch instance." + "description": "Elasticsearch instance crn." }, { "key": "watsonx_project_url", "description": "The URL to the WatsonX project for the sample RAG application." }, - { - "key": "watsonx_project_id", - "description": "The ID for the WatsonX project for the sample RAG application." - }, { "key": "watson_discovery_api_url", "description": "The URL to the Watson Discovery API endpoint." - }, - { - "key": "watson_discovery_project_id", - "description": "The ID for the Watson Discovery project for the sample RAG application." } ], "install_type": "fullstack" From 8318295bf59f496225bf05d5cb78e218f0178109 Mon Sep 17 00:00:00 2001 From: Todd Giguere Date: Thu, 5 Sep 2024 16:52:57 -0400 Subject: [PATCH 07/15] fix: issue with inputs in catalog json --- ibm_catalog.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 0455a62..bd674f9 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -308,7 +308,7 @@ "required": false }, { - "key": "existing_en_instance_crn", + "key": "existing_event_notification_instance_crn", "type": "string", "default_value": "__NULL__", "description": "The CRN of an existing event notification instance to use in this solution. If not set, a new event notification instance is provisioned.", @@ -662,7 +662,7 @@ "required": false }, { - "key": "existing_en_instance_crn", + "key": "existing_event_notification_instance_crn", "type": "string", "default_value": "__NULL__", "description": "The CRN of an existing event notification instance to use in this solution. If not set, a new event notification instance is provisioned.", From bbebe4a2fbee9b9dcbad7425669862da1e06695f Mon Sep 17 00:00:00 2001 From: Todd Giguere Date: Fri, 6 Sep 2024 15:32:18 -0400 Subject: [PATCH 08/15] fix: update ibm_catalog from main --- ibm_catalog.json | 66 +++++++++++++++--------------------------------- 1 file changed, 20 insertions(+), 46 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index bd674f9..01d21ef 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -253,7 +253,7 @@ "key": "existing_resource_group_name", "type": "string", "default_value": "__NULL__", - "description": "The name of an existing resource group that is used by this solution. Prefix is NOT used for existing resource group. All resources created by this solution are deployed in this resource group. ", + "description": "The name of an existing resource group that is used by this solution, takes precedence over resource_group_name. Prefix is NOT used for existing resource group. All resources created by this solution are deployed in this resource group.", "required": false }, { @@ -314,23 +314,6 @@ "description": "The CRN of an existing event notification instance to use in this solution. If not set, a new event notification instance is provisioned.", "required": false }, - { - "key": "elasticsearch_plan", - "type": "string", - "default_value": "enterprise", - "description": "The pricing plan for the Databases for Elasticsearch instance.", - "required": false, - "options": [ - { - "displayname": "Enterprise", - "value": "enterprise" - }, - { - "displayname": "Platinum", - "value": "platinum" - } - ] - }, { "key": "existing_discovery_instance", "type": "string", @@ -367,7 +350,7 @@ "required": false }, { - "key": "existing_db_instance_crn", + "key": "existing_elasticsearch_instance_crn", "type": "string", "default_value": "__NULL__", "description": "The CRN of an existing elasticsearch instance to use in this solution. If not set, a new elasticsearch instance is provisioned.", @@ -377,19 +360,19 @@ "outputs": [ { "key": "elasticsearch_hostname", - "description": "Elasticsearch instance hostname." + "description": "The hostname of the Elasticsearch instance." }, { "key": "elasticsearch_port", - "description": "Elasticsearch instance port." + "description": "The port of the Elasticsearch instance." }, { "key": "elasticsearch_service_credentials_json", - "description": "Elasticsearch instance service credentials json map." + "description": "The service credentials of the Elasticsearch instance." }, { "key": "elasticsearch_crn", - "description": "Elasticsearch instance crn." + "description": "The CRN of the Elasticsearch instance." }, { "key": "watsonx_project_url", @@ -607,7 +590,7 @@ "key": "existing_resource_group_name", "type": "string", "default_value": "__NULL__", - "description": "The name of an existing resource group that is used by this solution. Prefix is NOT used for existing resource group. All resources created by this solution are deployed in this resource group. ", + "description": "The name of an existing resource group that is used by this solution, takes precedence over resource_group_name. Prefix is NOT used for existing resource group. All resources created by this solution are deployed in this resource group.", "required": false }, { @@ -668,23 +651,6 @@ "description": "The CRN of an existing event notification instance to use in this solution. If not set, a new event notification instance is provisioned.", "required": false }, - { - "key": "elasticsearch_plan", - "type": "string", - "default_value": "platinum", - "description": "The pricing plan for the Databases for Elasticsearch instance.", - "required": false, - "options": [ - { - "displayname": "Enterprise", - "value": "enterprise" - }, - { - "displayname": "Platinum", - "value": "platinum" - } - ] - }, { "key": "existing_discovery_instance", "type": "string", @@ -721,7 +687,7 @@ "required": false }, { - "key": "existing_db_instance_crn", + "key": "existing_elasticsearch_instance_crn", "type": "string", "default_value": "__NULL__", "description": "The CRN of an existing elasticsearch instance to use in this solution. If not set, a new elasticsearch instance is provisioned.", @@ -731,27 +697,35 @@ "outputs": [ { "key": "elasticsearch_hostname", - "description": "Elasticsearch instance hostname." + "description": "The hostname of the Elasticsearch instance." }, { "key": "elasticsearch_port", - "description": "Elasticsearch instance port." + "description": "The port of the Elasticsearch instance." }, { "key": "elasticsearch_service_credentials_json", - "description": "Elasticsearch instance service credentials json map." + "description": "The service credentials of the Elasticsearch instance." }, { "key": "elasticsearch_crn", - "description": "Elasticsearch instance crn." + "description": "The CRN of the Elasticsearch instance." }, { "key": "watsonx_project_url", "description": "The URL to the WatsonX project for the sample RAG application." }, + { + "key": "watsonx_project_id", + "description": "The ID for the WatsonX project for the sample RAG application." + }, { "key": "watson_discovery_api_url", "description": "The URL to the Watson Discovery API endpoint." + }, + { + "key": "watson_discovery_project_id", + "description": "The ID for the Watson Discovery project for the sample RAG application." } ], "install_type": "fullstack" From 31c229ef4a814e16171fda2f42ab3c524a5d0be6 Mon Sep 17 00:00:00 2001 From: Todd Giguere Date: Fri, 6 Sep 2024 15:45:55 -0400 Subject: [PATCH 09/15] fix: added more cluster config options to inputs --- solutions/standard/stack_definition.json | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/solutions/standard/stack_definition.json b/solutions/standard/stack_definition.json index 0bbc73b..dfc48e0 100644 --- a/solutions/standard/stack_definition.json +++ b/solutions/standard/stack_definition.json @@ -601,6 +601,18 @@ { "name": "use_existing_cos_for_vpc_flowlogs", "value": true + }, + { + "name": "cluster_zones", + "value": "2" + }, + { + "name": "flavor", + "value": "bx2.4x16" + }, + { + "name": "workers_per_zone", + "value": 1 } ] }, @@ -648,6 +660,10 @@ "name": "ci_app_repo_clone_from_url", "value": "ref:../../inputs/sample_app_git_url" }, + { + "name": "ci_app_repo_clone_from_branch", + "value": "main" + }, { "name": "repositories_prefix", "value": "ref:../../inputs/prefix" From 34a0cac4d1f0cb969f13658b0bebe0f4ff99a89f Mon Sep 17 00:00:00 2001 From: Todd Giguere Date: Mon, 9 Sep 2024 07:42:43 -0400 Subject: [PATCH 10/15] fix: use test roks catalog version --- solutions/standard/stack_definition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/standard/stack_definition.json b/solutions/standard/stack_definition.json index dfc48e0..8672883 100644 --- a/solutions/standard/stack_definition.json +++ b/solutions/standard/stack_definition.json @@ -546,7 +546,7 @@ }, { "name": "Workload - Red Hat OpenShift Container Platform on VPC", - "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.05be05c6-ee02-4081-9f2c-6aff703afbb6-global", + "version_locator": "ec669e77-13bd-4af9-ab52-b66ef515f35d.241c35fd-f8b1-4545-80d5-9befffe14fcd", "inputs": [ { "name": "ibmcloud_api_key", From 0e12a534c9ef8ee1c831bfa93804ea836b7fbb44 Mon Sep 17 00:00:00 2001 From: Todd Giguere Date: Tue, 10 Sep 2024 16:30:29 -0400 Subject: [PATCH 11/15] fix: updates to elastic and roks versions --- ibm_catalog.json | 2 +- solutions/basic/stack_definition.json | 11 ++++++++--- solutions/standard/stack_definition.json | 10 +++++++--- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 25fcbf0..c186707 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -322,7 +322,7 @@ "required": false }, { - "key": "existing_assistant_instance", + "key": "existing_assistant_instance_crn", "type": "string", "default_value": "__NULL__", "description": "The CRN of an existing WatsonX SaaS assistant instance to use in this solution. If not set, a new assistant instance is provisioned depending on which plan is selected.", diff --git a/solutions/basic/stack_definition.json b/solutions/basic/stack_definition.json index 805098b..e2837c3 100644 --- a/solutions/basic/stack_definition.json +++ b/solutions/basic/stack_definition.json @@ -402,13 +402,15 @@ }, { "name": "profile_attachments", - "value": ["AI Security Guardrails 2.0"] + "value": [ + "AI Security Guardrails 2.0" + ] } ] }, { "name": "Gen AI - Databases for Elasticsearch", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.1b14c633-2d83-49a9-a9ee-4ce5921e22e1-global", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.3858adc6-94f5-4f28-97c0-f249cba95e8a-global", "inputs": [ { "name": "use_existing_resource_group", @@ -560,7 +562,10 @@ }, { "name": "project_names", - "value": ["Generative_AI_Sample_App_CI_Project", "Generative_AI_Sample_App_CD_Project"] + "value": [ + "Generative_AI_Sample_App_CI_Project", + "Generative_AI_Sample_App_CD_Project" + ] }, { "name": "region", diff --git a/solutions/standard/stack_definition.json b/solutions/standard/stack_definition.json index 8672883..f4a157c 100644 --- a/solutions/standard/stack_definition.json +++ b/solutions/standard/stack_definition.json @@ -227,6 +227,10 @@ { "name": "existing_kms_instance_crn", "value": "ref:../../inputs/existing_kms_instance_crn" + }, + { + "name": "prefix", + "value": "ref:../../inputs/prefix" } ] }, @@ -406,7 +410,7 @@ }, { "name": "Gen AI - Databases for Elasticsearch", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.1b14c633-2d83-49a9-a9ee-4ce5921e22e1-global", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.3858adc6-94f5-4f28-97c0-f249cba95e8a-global", "inputs": [ { "name": "use_existing_resource_group", @@ -546,7 +550,7 @@ }, { "name": "Workload - Red Hat OpenShift Container Platform on VPC", - "version_locator": "ec669e77-13bd-4af9-ab52-b66ef515f35d.241c35fd-f8b1-4545-80d5-9befffe14fcd", + "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.afef7128-4e23-426b-bd52-10d2f5e7adee-global", "inputs": [ { "name": "ibmcloud_api_key", @@ -618,7 +622,7 @@ }, { "name": "Workload - Application Lifecycle Management", - "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.c3622dde-a31a-44c2-983b-9fe0a67a4e64-global", + "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.fba3ffcb-9f24-4ed8-83a7-5d3f5ac2122d-global", "inputs": [ { "name": "ibmcloud_api_key", From e8fc78c33d47554d623f3b14c45bf460d37d8e4d Mon Sep 17 00:00:00 2001 From: Todd Giguere Date: Tue, 10 Sep 2024 16:36:04 -0400 Subject: [PATCH 12/15] test: add new unit test for standard --- tests/pr_test.go | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tests/pr_test.go b/tests/pr_test.go index ed038b8..e2cffbd 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -40,6 +40,7 @@ func TestMain(m *testing.M) { } const basicDaStackDefPath = "solutions/basic/stack_definition.json" +const standardDaStackDefPath = "solutions/standard/stack_definition.json" func TestProjectsBasicFullTest(t *testing.T) { t.Parallel() @@ -153,3 +154,34 @@ func TestProjectsBasicExistingResourcesTest(t *testing.T) { logger.Log(t, "END: Destroy (existing resources)") } } + +func TestProjectsStandardFullTest(t *testing.T) { + t.Parallel() + + options := testprojects.TestProjectOptionsDefault(&testprojects.TestProjectsOptions{ + Testing: t, + Prefix: "rag-std-stack", + ParallelDeploy: true, + StackConfigurationPath: standardDaStackDefPath, + }) + + privateKey, _, kerr := common.GenerateTempGPGKeyPairBase64() + if kerr != nil { + t.Fatal(kerr) + } + options.StackInputs = map[string]interface{}{ + "resource_group_name": options.ResourceGroup, + "region": validRegions[rand.Intn(len(validRegions))], + "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], + "prefix": options.Prefix, + "signing_key": privateKey, + "secret_manager_service_plan": "trial", + } + + err := options.RunProjectsTest() + if assert.NoError(t, err) { + t.Log("TestProjectsFullTest Passed") + } else { + t.Error("TestProjectsFullTest Failed") + } +} From 670e6391a5ee13455d0a74c71fc514a76b0b69d5 Mon Sep 17 00:00:00 2001 From: Todd Giguere Date: Tue, 10 Sep 2024 21:33:17 -0400 Subject: [PATCH 13/15] fix: had wrong version locator for k8s alm --- solutions/standard/stack_definition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/standard/stack_definition.json b/solutions/standard/stack_definition.json index f4a157c..d768d7c 100644 --- a/solutions/standard/stack_definition.json +++ b/solutions/standard/stack_definition.json @@ -622,7 +622,7 @@ }, { "name": "Workload - Application Lifecycle Management", - "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.fba3ffcb-9f24-4ed8-83a7-5d3f5ac2122d-global", + "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.c3622dde-a31a-44c2-983b-9fe0a67a4e64-global", "inputs": [ { "name": "ibmcloud_api_key", From 56e1eb29095d3eb9662fe3d311a1dec3404ef092 Mon Sep 17 00:00:00 2001 From: Todd Giguere Date: Wed, 11 Sep 2024 08:17:54 -0400 Subject: [PATCH 14/15] test: shorten standard stack prefix --- tests/pr_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/pr_test.go b/tests/pr_test.go index e2cffbd..6822696 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -160,7 +160,7 @@ func TestProjectsStandardFullTest(t *testing.T) { options := testprojects.TestProjectOptionsDefault(&testprojects.TestProjectsOptions{ Testing: t, - Prefix: "rag-std-stack", + Prefix: "rag-s", ParallelDeploy: true, StackConfigurationPath: standardDaStackDefPath, }) From 0bc8c603813cf78fd5bf90d797c52df843ba959d Mon Sep 17 00:00:00 2001 From: Todd Giguere Date: Wed, 11 Sep 2024 10:20:16 -0400 Subject: [PATCH 15/15] docs: added prefix limit to catalog description --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index c186707..262ea00 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -539,7 +539,7 @@ { "key": "prefix", "type": "string", - "description": "A prefix added to the name of all resources created by this solution. Used to avoid name clashes in the target account when existing this solution multiple times.", + "description": "A prefix added to the name of all resources created by this solution. Must be 13 characters or less. Used to avoid name clashes in the target account when existing this solution multiple times.", "default_value": "rag", "required": true },