Improve DA user experience

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2025-05-12T16:40:05Z",
+  "generated_at": "2025-06-18T14:13:24Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -86,26 +86,6 @@
         "type": "Secret Keyword",
         "verified_result": null
       }
-    ],
-    "solutions/fully-configurable/README.md": [
-      {
-        "hashed_secret": "99046450b7d19bfd57bfe3773719f57af84c7f12",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 92,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "solutions/security-enforced/README.md": [
-      {
-        "hashed_secret": "99046450b7d19bfd57bfe3773719f57af84c7f12",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 68,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
     ]
   },
   "version": "0.13.1+ibm.62.dss",

examples/fscloud/main.tf

@@ -138,8 +138,8 @@ module "event_notification" {
       rule_contexts = [{
         attributes = [
           {
-            "name" : "endpointType",
-            "value" : "private"
+            name  = "endpointType",
+            value = "private"
           },
           {
             name  = "networkZoneId"
@@ -148,8 +148,8 @@ module "event_notification" {
         }, {
         attributes = [
           {
-            "name" : "endpointType",
-            "value" : "private"
+            name  = "endpointType",
+            value = "private"
           },
           {
             name  = "networkZoneId"

ibm_catalog.json

@@ -22,29 +22,38 @@
         "solution"
       ],
       "short_description": "Creates and configures an IBM Cloud Event Notifications instance.",
-      "long_description": "This deployable architecture is used to provision and configure an [IBM Cloud Event Notifications](https://www.ibm.com/products/event-notifications) instance.\n\n\n💡 This Terraform-based automation is part of a broader suite of IBM-maintained Infrastructure as Code (IaC) asset collection, each following the naming pattern \"Cloud automation for *servicename*\" and focusing on single IBM Cloud service. These single-service deployable architectures can be used on their own to streamline and automate service deployments through an [IaC approach](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understanding-projects), or assembled together into a broader [automated IaC stack](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-config-stack) to automate the deployment of an end-to-end solution architecture.",
+      "long_description": "This deployable architecture is used to provision and configure an [IBM Cloud Event Notifications](https://www.ibm.com/products/event-notifications) instance.\n\n\nℹ️  This Terraform-based automation is part of a broader suite of IBM-maintained Infrastructure as Code (IaC) asset collection, each following the naming pattern \"Cloud automation for *servicename*\" and focusing on single IBM Cloud service. These single-service deployable architectures can be used on their own to streamline and automate service deployments through an [IaC approach](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understanding-projects), or assembled together into a broader [automated IaC stack](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-config-stack) to automate the deployment of an end-to-end solution architecture.",
       "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-event-notifications/blob/main/solutions/standard/README.md",
       "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-event-notifications/main/images/en_icon.svg",
       "provider_name": "IBM",
       "features": [
         {
-          "title": "Creates an IBM Cloud Event Notifications instance",
+          "title": "Event Notifications instance",
           "description": "For more details on an IBM Cloud Event Notifications instance, [see here](https://cloud.ibm.com/docs/event-notifications?topic=event-notifications-en-about)."
         },
         {
-          "title": "Creates Key Rings and Keys to encrypt data",
-          "description": "For more details on managing encryption using an existing Key Management Services (Key Protect or HPCS) instance, [see here](https://cloud.ibm.com/docs/event-notifications?topic=event-notifications-en-managing-encryption)."
+          "title": "KMS Encryption",
+          "description": "Optionally you can enable Key Management Services (Key Protect or HPCS) [encryption](https://cloud.ibm.com/docs/event-notifications?topic=event-notifications-en-managing-encryption) of the event notification instance and Object Storage bucket using either a newly created key or an existing one."
         },
         {
-          "title": "Collect events that fail delivery",
-          "description": "Connect an existing IBM Cloud Object Storage (COS) service instance and creates a new bucket to collect events that fail delivery. For more details on collecting failed events [see here](https://cloud.ibm.com/docs/event-notifications?topic=event-notifications-en-cfe-integrations)."
+          "title": "Object Storage",
+          "description": "Creates and configures an Object Storage bucket to collect events that fail delivery. You can provide an existing COS Instance or use the [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) for creating a new instance. For more details on collecting failed events, [Learn more](https://cloud.ibm.com/docs/event-notifications?topic=event-notifications-en-cfe-integrations)."
+        },
+        {
+          "title": "Observability",
+          "description": "This solution can leverage [Cloud automation for Observability](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-observability-a3137d28-79e0-479d-8a24-758ebd5a0eab-global) that supports configuring resources for logging, monitoring and activity tracker event routing (optional)."
+        },
+        {
+          "title": "Service credentials",
+          "description": "Has the ability to create and configure [event notification service credentials](https://cloud.ibm.com/docs/event-notifications?topic=event-notifications-en-service-credentials) for your instance. Optionally choose to configure [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) to create a IBM Cloud Secrets Manager instance to store the service credentials."
         }
       ],
-      "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in that repository [https://github.com/terraform-ibm-modules/terraform-ibm-event-notifications/issues](https://github.com/terraform-ibm-modules/terraform-ibm-event-notifications/issues). Please note this product is not supported via the IBM Cloud Support Center.",
+      "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues, please open an issue in the repository [here](https://github.com/terraform-ibm-modules/terraform-ibm-event-notifications/issues). Please note this product is not supported via the IBM Cloud Support Center.",
       "flavors": [
         {
           "label": "Security-enforced",
           "name": "security-enforced",
+          "index": 2,
           "install_type": "fullstack",
           "working_directory": "solutions/security-enforced",
           "compliance": {
@@ -181,7 +190,13 @@
               "key": "skip_event_notifications_secrets_manager_auth_policy"
             },
             {
-              "key": "service_credential_secrets"
+              "key": "service_credential_secrets",
+              "type": "array",
+              "custom_config": {
+                "type": "textarea",
+                "grouping": "deployment",
+                "original_grouping": "deployment"
+              }
             },
             {
               "key": "service_credential_names"
@@ -190,10 +205,23 @@
               "key": "existing_event_notifications_instance_crn"
             },
             {
-              "key": "cbr_rules"
+              "key": "cbr_rules",
+              "type": "array",
+              "custom_config": {
+                "type": "textarea",
+                "grouping": "deployment",
+                "original_grouping": "deployment"
+              }
             }
           ],
           "iam_permissions": [
+            {
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Viewer"
+              ],
+              "service_name": "Resource group only",
+              "notes": "Viewer access is required in the resource group you want to provision in."
+            },
             {
               "role_crns": [
                 "crn:v1:bluemix:public:iam::::serviceRole:Manager",
@@ -206,16 +234,8 @@
           "architecture": {
             "features": [
               {
-                "title": "Creates an Event Notifications instance",
-                "description": "Creates and configures an Event Notifications instance."
-              },
-              {
-                "title": "Creates key rings and keys",
-                "description": "Creates key rings and keys in an existing KMS instance."
-              },
-              {
-                "title": "Collects events that fail delivery",
-                "description": "Connect an existing Object Storage service instance and bucket. Alternatively, create instances to connect to an Event Notifications instance and collect events that faile delivery."
+                "title": " ",
+                "description": "Configured to use IBM secure by default standards that can't be changed."
               }
             ],
             "diagrams": [
@@ -234,6 +254,7 @@
         {
           "label": "Fully configurable",
           "name": "fully-configurable",
+          "index": 1,
           "install_type": "fullstack",
           "working_directory": "solutions/fully-configurable",
           "compliance": {
@@ -474,6 +495,7 @@
             },
             {
               "key": "management_endpoint_type_for_bucket",
+              "hidden": true,
               "options": [
                 {
                   "displayname": "public",
@@ -490,6 +512,7 @@
             },
             {
               "key": "existing_secrets_manager_endpoint_type",
+              "hidden": true,
               "options": [
                 {
                   "displayname": "private",
@@ -505,16 +528,42 @@
               "key": "skip_event_notifications_secrets_manager_auth_policy"
             },
             {
-              "key": "service_credential_secrets"
+              "key": "service_credential_secrets",
+              "type": "array",
+              "custom_config": {
+                "type": "textarea",
+                "grouping": "deployment",
+                "original_grouping": "deployment"
+              }
             },
             {
               "key": "service_credential_names"
             },
             {
-              "key": "cbr_rules"
+              "key": "cbr_rules",
+              "type": "array",
+              "custom_config": {
+                "type": "textarea",
+                "grouping": "deployment",
+                "original_grouping": "deployment"
+              }
             }
           ],
           "iam_permissions": [
+            {
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Viewer"
+              ],
+              "service_name": "Resource group only",
+              "notes": "Viewer access is required in the resource group you want to provision in."
+            },
+            {
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Administrator"
+              ],
+              "service_name": "All Account Management services",
+              "notes": "[Optional] Required when setting up foundational IBM Cloud account components such as IAM settings, trusted profiles, access groups, and resource groups."
+            },
             {
               "role_crns": [
                 "crn:v1:bluemix:public:iam::::serviceRole:Manager",
@@ -539,13 +588,21 @@
               "service_name": "logs",
               "notes": "[Optional] Required if you are consuming Observability DA which sets up Cloud logs."
             },
+            {
+              "service_name": "atracker",
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::serviceRole:Writer",
+                "crn:v1:bluemix:public:iam::::role:Editor"
+              ],
+              "notes": "Required for configuring Activity Tracker event routing to cloud object storage bucket and cloud logs."
+            },
             {
               "role_crns": [
                 "crn:v1:bluemix:public:iam::::serviceRole:Manager",
                 "crn:v1:bluemix:public:iam::::role:Editor"
               ],
               "service_name": "cloud-object-storage",
-              "notes": "[Optional] Required if COS is chosen for target of Activity Tracker Event routing or Cloud logs data or cloud logs metrics or collecting Event Notifications failed events."
+              "notes": "[Optional] Required if Cloud Object Storage (COS) is selected as the target for collecting failed Event Notifications."
             },
             {
               "role_crns": [
@@ -583,16 +640,8 @@
           "architecture": {
             "features": [
               {
-                "title": "Creates an Event Notifications instance",
-                "description": "Creates and configures an Event Notifications instance."
-              },
-              {
-                "title": "Creates key rings and keys",
-                "description": "Creates key rings and keys in an existing KMS instance."
-              },
-              {
-                "title": "Collects events that fail delivery",
-                "description": "Connect an existing IBM Cloud Object Storage (COS) service instance and creates a new bucket to collect events that fail delivery."
+                "title": " ",
+                "description": "Configured to use IBM secure by default standards, but can be edited to fit your use case."
               }
             ],
             "diagrams": [
@@ -602,7 +651,7 @@
                   "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-event-notifications/main/reference-architectures/en.svg",
                   "type": "image/svg+xml"
                 },
-                "description": "This architecture supports creating and configuring an IBM Cloud Event Notifications instance."
+                "description": "This architecture supports creating and configuring an IBM Cloud Event Notifications instance.<br><br> A Cloud Object Storage (COS) instance is required for this topology. Within this instance, an Object Storage bucket will be created, which serves as the storage to collect events that failed delivery . The [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) architecture supports the creation of COS instance. Additionally, the event notification instance and storage bucket can be encrypted using [Key Management Services(KMS)](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-kms-2cad4789-fa90-4886-9c9e-857081c273ee-global) to enhance security.<br><br> For logging and monitoring needs, you can enable Observability for your event notification instance. [Cloud automation for Observability](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-observability-a3137d28-79e0-479d-8a24-758ebd5a0eab-global) provides advanced monitoring, logging, and operational insights into the performance and health of your deployment.<br><br> Secrets Manager Integration can also be enabled using [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/dep%5B%E2%80%A6%5Dbm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for writing the Event notification service credentials to an existing IBM Cloud Secrets Manager instance, ensuring secure management of the credentials."
               }
             ]
           },

solutions/fully-configurable/DA-cbr_rules.md

@@ -34,15 +34,14 @@ The `cbr_rules` input variable allows you to provide a rule for the target servi
 ### Example Rule For Context-Based Restrictions Configuration
 
 ```hcl
-cbr_rules = [
   {
   description = "Event Notifications can be accessed from xyz"
   account_id = "defc0df06b644a9cabc6e44f55b3880s."
   rule_contexts= [{
       attributes = [
                 {
-                              "name" : "endpointType",
-                              "value" : "private"
+                  name  = "endpointType",
+                  value = "private"
                 },
                 {
                   name  = "networkZoneId"
@@ -58,5 +57,4 @@ cbr_rules = [
       }]
     }]
   }
-]
 ```