fix: enhance DA for improving user experience<br>- updated reference architecture diagram<br>- updated tile content<br>- updated some of the input variables(prefix, region, resource_tags, kms_endpoint_type) description and validations (#148)

* refactor: enhance DA for improving user experience

* refactor: enhance DA for improving user experience

* update PR

* update kms validation

* update existing resource test

* updated existing test

* updated existing test

* updated existing test

* updated kms logic

* fix catalog.json

* minor fix

* fix minor issues

* Update solutions/fully-configurable/main.tf

Co-authored-by: prateek <sharma_prateek@outlook.com>

* Update solutions/fully-configurable/main.tf

Co-authored-by: prateek <sharma_prateek@outlook.com>

* Update tests/resources/kp-cos-instance/outputs.tf

Co-authored-by: prateek <sharma_prateek@outlook.com>

* resolve review comments

* updated dependency version

* resolve review comments

* testing

* testing

* update test

* update cloud logs icon

* reverted version

* Update ibm_catalog.json

Co-authored-by: prateek <sharma_prateek@outlook.com>

* Skipping kms test

* resolve review comments

* resolve review comments

* Update ibm_catalog.json

Co-authored-by: prateek <sharma_prateek@outlook.com>

* resolve review comment

* enabled encryption

* Update solutions/fully-configurable/variables.tf

Co-authored-by: Shikha Maheshwari <maheshwari.shikha@gmail.com>

* Update ibm_catalog.json

Co-authored-by: Shikha Maheshwari <maheshwari.shikha@gmail.com>

* Update ibm_catalog.json

Co-authored-by: Shikha Maheshwari <maheshwari.shikha@gmail.com>

* Update ibm_catalog.json

Co-authored-by: Shikha Maheshwari <maheshwari.shikha@gmail.com>

* Update ibm_catalog.json

Co-authored-by: Shikha Maheshwari <maheshwari.shikha@gmail.com>

* Update ibm_catalog.json

Co-authored-by: Shikha Maheshwari <maheshwari.shikha@gmail.com>

* minor fix

---------

Co-authored-by: Khuzaima-Shakeel <Khuzaima.Shakeel@ibm.com>
Co-authored-by: prateek <sharma_prateek@outlook.com>
Co-authored-by: Shikha Maheshwari <maheshwari.shikha@gmail.com>

Author: 4 people

ibm_catalog.json

@@ -14,19 +14,20 @@ The `watsonx_ai_new_project_members` input variable allows you to specify additi
 
 ### Example New Project Members Variable
 This is an example of adding two new members, one as an admin and one as a viewer to the project:
+
 ```json
-"members": [
-    {
-        "email": "example@ibm.com",
-        "iam_id": "IBMid-1111111111",
-        "role": "admin"
-    },
-    {
-        "email": "IBMid-1111111110",
-        "iam_id": "IBMid-1111111110",
-        "role": "viewer",
-        "state": "ACTIVE",
-        "type": "service"
-    }
+[
+  {
+    "email": "example@ibm.com",
+    "iam_id": "IBMid-1111111111",
+    "role": "admin"
+  },
+  {
+    "email": "IBMid-1111111110",
+    "iam_id": "IBMid-1111111110",
+    "role": "viewer",
+    "state": "ACTIVE",
+    "type": "service"
+  }
 ]
 ```

reference-architecture/deployable-architecture-watsonx-ai.svg

@@ -1,15 +1,3 @@
-# IBM watsonx.ai deployable architecture
-
-This deployable architecture supports provisioning the following resources:
-
-- A new resource group if one is not passed in.
-- A watsonx.ai Studio instance.
-- A watsonx.ai Runtime instance.
-- A Cloud Object Storage instance.
-- A new key-ring and key in the KMS(Key Protect) instance, if an existing key is not provided.
-- Configure the watsonx profile for IBM Cloud user.
-- Create a KMS encryption enabled IBM watsonx.ai project.
-
-![watsonx-ai-deployable-architecture](../../reference-architecture/watsonx-ai-da.svg)
+# Cloud automation for watsonx.ai (Fully configurable)
 
 :exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).

reference-architecture/watsonx-ai-da.svg

@@ -27,15 +27,17 @@ module "existing_kms_crn_parser" {
 
 locals {
   # fetch KMS region from existing_kms_instance_crn if KMS resources are required and existing_cos_kms_key_crn is not provided
-  kms_region        = var.existing_cos_kms_key_crn == null && var.existing_kms_instance_crn != null ? module.existing_kms_crn_parser[0].region : null
-  kms_key_ring_name = var.cos_key_ring_name != null ? "${local.prefix}${var.cos_key_ring_name}" : null
-  kms_key_name      = var.cos_key_name != null ? "${local.prefix}${var.cos_key_name}" : null
+  kms_enabled_cos   = var.enable_cos_kms_encryption && var.existing_kms_instance_crn != null
+  kms_region        = local.kms_enabled_cos ? module.existing_kms_instance_crn_parser[0].region : null
+  kms_key_ring_name = "${local.prefix}${var.cos_key_ring_name}"
+  kms_key_name      = "${local.prefix}${var.cos_key_name}"
+  create_kms_key    = local.kms_enabled_cos && var.existing_cos_kms_key_crn == null
 }
 
 module "kms" {
-  count                       = (var.enable_cos_kms_encryption && var.existing_cos_kms_key_crn == null && var.existing_kms_instance_crn != null) ? 1 : 0 # no need to create any KMS resources if passing an existing key
+  count                       = local.create_kms_key ? 1 : 0
   source                      = "terraform-ibm-modules/kms-all-inclusive/ibm"
-  version                     = "5.1.11"
+  version                     = "5.1.19"
   create_key_protect_instance = false
   region                      = local.kms_region
   existing_kms_instance_crn   = var.existing_kms_instance_crn
@@ -66,10 +68,9 @@ module "kms" {
 ########################################################################################################################
 
 locals {
-  cos_instance_crn  = var.existing_cos_instance_crn
   cos_kms_key_crn   = var.enable_cos_kms_encryption ? (var.existing_cos_kms_key_crn != null ? var.existing_cos_kms_key_crn : module.kms[0].keys[format("%s.%s", local.kms_key_ring_name, local.kms_key_name)].crn) : null
-  cos_instance_guid = local.cos_instance_crn != null ? module.existing_cos_crn_parser[0].service_instance : null
-  cos_account_id    = local.cos_instance_crn != null ? module.existing_cos_crn_parser[0].account_id : null
+  cos_instance_guid = var.existing_cos_instance_crn != null ? module.existing_cos_crn_parser[0].service_instance : null
+  cos_account_id    = var.existing_cos_instance_crn != null ? module.existing_cos_crn_parser[0].account_id : null
   kms_guid          = var.enable_cos_kms_encryption ? (length(module.existing_kms_key_crn_parser) > 0 ? module.existing_kms_key_crn_parser[0].service_instance : module.existing_kms_instance_crn_parser[0].service_instance) : null
   kms_account_id    = var.enable_cos_kms_encryption ? (length(module.existing_kms_key_crn_parser) > 0 ? module.existing_kms_key_crn_parser[0].account_id : module.existing_kms_instance_crn_parser[0].account_id) : null
   kms_service_name  = var.enable_cos_kms_encryption ? (length(module.existing_kms_key_crn_parser) > 0 ? module.existing_kms_key_crn_parser[0].service_name : module.existing_kms_instance_crn_parser[0].service_name) : null
@@ -105,7 +106,7 @@ module "watsonx_ai" {
   project_tags                  = var.project_tags
   mark_as_sensitive             = var.mark_project_as_sensitive
   enable_cos_kms_encryption     = var.enable_cos_kms_encryption
-  cos_instance_crn              = local.cos_instance_crn
+  cos_instance_crn              = var.existing_cos_instance_crn
   cos_kms_key_crn               = local.cos_kms_key_crn
   skip_iam_authorization_policy = local.create_cross_account_cos_kms_auth_policy || !local.create_cos_kms_iam_auth_policy
 }
@@ -174,7 +175,7 @@ module "existing_kms_key_crn_parser" {
 }
 
 module "existing_kms_instance_crn_parser" {
-  count   = var.enable_cos_kms_encryption && var.existing_kms_instance_crn != null && var.existing_kms_instance_crn != "" ? 1 : 0
+  count   = local.kms_enabled_cos && var.existing_kms_instance_crn != "" ? 1 : 0
   source  = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser"
   version = "1.2.0"
   crn     = var.existing_kms_instance_crn

solutions/fully-configurable/DA-watsonx_ai_new_project_members.md

@@ -74,3 +74,8 @@ output "watsonx_ai_project_url" {
   value       = module.watsonx_ai.watsonx_ai_project_url
   description = "The URL of the watsonx.ai project that is created."
 }
+
+output "cos_kms_key_crn" {
+  description = "The CRN of the key management service (Key Protect) key used to encrypt the Cloud Object Storage bucket that the solution creates."
+  value       = local.cos_kms_key_crn
+}

solutions/fully-configurable/README.md

@@ -27,31 +27,34 @@ variable "existing_resource_group_name" {
 
 variable "prefix" {
   type        = string
-  nullable    = true
-  description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits and hyphens ('-'). It should not exceed 16 characters, must not end with a hyphen ('-'), and can not contain consecutive hyphens ('--'). Example: wx-54-ai. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)"
+  description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: wx-0205-ai. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."
 
   validation {
-    condition = var.prefix == null || var.prefix == "" ? true : alltrue([
-      can(regex("^[a-z][-a-z0-9]*[a-z0-9]$", var.prefix)), length(regexall("--", var.prefix)) == 0
-    ])
-    error_message = "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens ('-'). It must not end with a hyphen ('-'), and cannot contain consecutive hyphens ('--')."
+    # - null and empty string is allowed
+    # - Must not contain consecutive hyphens (--): length(regexall("--", var.prefix)) == 0
+    # - Starts with a lowercase letter: [a-z]
+    # - Contains only lowercase letters (a–z), digits (0–9), and hyphens (-)
+    # - Must not end with a hyphen (-): [a-z0-9]
+    condition = (var.prefix == null || var.prefix == "" ? true :
+      alltrue([
+        can(regex("^[a-z][-a-z0-9]*[a-z0-9]$", var.prefix)),
+        length(regexall("--", var.prefix)) == 0
+      ])
+    )
+    error_message = "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--')."
   }
-
   validation {
+    # must not exceed 16 characters in length
     condition     = var.prefix == null || var.prefix == "" ? true : length(var.prefix) <= 16
     error_message = "Prefix must not exceed 16 characters."
   }
 }
 
+
 variable "region" {
-  default     = "us-south"
-  description = "Region where the watsonx.ai resources will be provisioned."
+  description = "The region to provision all resources in. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/region) about how to select different regions for different services."
   type        = string
-
-  validation {
-    condition     = contains(["eu-de", "us-south", "eu-gb", "jp-tok"], var.region)
-    error_message = "You must specify `eu-de`, `eu-gb`, `jp-tok` or `us-south` as the IBM Cloud region."
-  }
+  default     = "us-south"
 
   validation {
     condition     = (var.enable_cos_kms_encryption && var.existing_cos_kms_key_crn == null) ? local.kms_region == var.region : true
@@ -60,8 +63,8 @@ variable "region" {
 }
 
 variable "resource_tags" {
-  description = "Optional list of tags to describe the watsonx_ai runtime and studio instances created by the module."
   type        = list(string)
+  description = "Optional list of tags to describe the newly created watsonx.ai instance."
   default     = []
 }
 
@@ -130,7 +133,7 @@ variable "watsonx_ai_runtime_service_endpoints" {
 }
 
 variable "watsonx_ai_new_project_members" {
-  description = "The list of new members the owner of the Watsonx.ai project would like to add to the project. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-watsonx-ai/tree/main/solutions/standard/DA-watsonx_ai_new_project_members.md)"
+  description = "The list of new members the owner of the watsonx.ai project would like to add to the project. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-watsonx-ai/tree/main/solutions/standard/DA-watsonx_ai_new_project_members.md)"
   type = list(object({
     email  = string
     iam_id = string
@@ -199,8 +202,8 @@ variable "kms_endpoint_type" {
   description = "The type of endpoint to use for communicating with the Key Protect instance. Possible values: `public`, `private`. Applies only if `existing_cos_kms_key_crn` is not specified."
   default     = "private"
   validation {
-    condition     = can(regex("public|private", var.kms_endpoint_type))
-    error_message = "Valid values for the `kms_endpoint_type_value` are `public` or `private`."
+    condition     = var.existing_cos_kms_key_crn != null || can(regex("^(public|private)$", var.kms_endpoint_type))
+    error_message = "Valid values for `kms_endpoint_type` are `public` or `private`. Applies only if `existing_cos_kms_key_crn` is not specified."
   }
 }
 

solutions/fully-configurable/main.tf

@@ -84,7 +84,7 @@ func setupOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptio
 
 // Provision KMS - Key Protect to use in DA tests
 func setupKMSKeyProtect(t *testing.T, region string, prefix string) *terraform.Options {
-	realTerraformDir := "./resources/kp-instance"
+	realTerraformDir := "./resources/kp-cos-instance"
 	tempTerraformDir, _ := files.CopyTerraformFolderToTemp(realTerraformDir, fmt.Sprintf(prefix+"-%s", strings.ToLower(random.UniqueId())))
 
 	checkVariable := "TF_VAR_ibmcloud_api_key"
@@ -136,7 +136,6 @@ func TestRunBasicExample(t *testing.T) {
 
 func TestRunCompleteExample(t *testing.T) {
 	t.Parallel()
-
 	options := setupOptions(t, "wxai-complete", completeExampleDir)
 
 	output, err := options.RunTestConsistency()
@@ -149,8 +148,8 @@ func TestRunStandardSolution(t *testing.T) {
 	t.Parallel()
 
 	var region = validRegions[rand.Intn(len(validRegions))]
-	prefixKMSKey := fmt.Sprintf("wxai-da-%s", strings.ToLower(random.UniqueId()))
-	existingTerraformOptions := setupKMSKeyProtect(t, region, prefixKMSKey)
+	prefixExistingRes := fmt.Sprintf("wxai-da-%s", strings.ToLower(random.UniqueId()))
+	existingTerraformOptions := setupKMSKeyProtect(t, region, prefixExistingRes)
 
 	// Deploy watsonx.ai DA using existing KP details
 	options := testhelper.TestOptionsDefault(&testhelper.TestOptions{
@@ -181,21 +180,22 @@ func TestRunStandardSolution(t *testing.T) {
 		"existing_kms_instance_crn":    terraform.Output(t, existingTerraformOptions, "key_protect_crn"),
 		"kms_endpoint_type":            "public",
 		"existing_cos_instance_crn":    terraform.Output(t, existingTerraformOptions, "cos_crn"),
+		"enable_cos_kms_encryption":    true,
 	}
 
 	output, err := options.RunTestConsistency()
 	assert.Nil(t, err, "This should not have errored")
 	assert.NotNil(t, output, "Expected some output")
 
-	cleanupResources(t, existingTerraformOptions, prefixKMSKey)
+	cleanupResources(t, existingTerraformOptions, prefixExistingRes)
 }
 
 func TestRunStandardUpgradeSolution(t *testing.T) {
 	t.Parallel()
 
 	var region = validRegions[rand.Intn(len(validRegions))]
-	prefixKMSKey := fmt.Sprintf("wxai-da-%s", strings.ToLower(random.UniqueId()))
-	existingTerraformOptions := setupKMSKeyProtect(t, region, prefixKMSKey)
+	prefixExistingRes := fmt.Sprintf("wxai-da-%s", strings.ToLower(random.UniqueId()))
+	existingTerraformOptions := setupKMSKeyProtect(t, region, prefixExistingRes)
 
 	// Deploy watsonx.ai DA using existing KP details
 	options := testhelper.TestOptionsDefault(&testhelper.TestOptions{
@@ -226,6 +226,7 @@ func TestRunStandardUpgradeSolution(t *testing.T) {
 		"existing_kms_instance_crn":    terraform.Output(t, existingTerraformOptions, "key_protect_crn"),
 		"kms_endpoint_type":            "public",
 		"existing_cos_instance_crn":    terraform.Output(t, existingTerraformOptions, "cos_crn"),
+		"enable_cos_kms_encryption":    true,
 	}
 
 	output, err := options.RunTestUpgrade()
@@ -234,5 +235,5 @@ func TestRunStandardUpgradeSolution(t *testing.T) {
 		assert.NotNil(t, output, "Expected some output")
 	}
 
-	cleanupResources(t, existingTerraformOptions, prefixKMSKey)
+	cleanupResources(t, existingTerraformOptions, prefixExistingRes)
 }

solutions/fully-configurable/outputs.tf

@@ -1,13 +1,13 @@
 module "resource_group" {
   source                       = "terraform-ibm-modules/resource-group/ibm"
-  version                      = "1.2.1"
+  version                      = "1.3.0"
   resource_group_name          = var.resource_group == null ? "${var.prefix}-resource-group" : null
   existing_resource_group_name = var.resource_group
 }
 
 module "kms" {
   source                      = "terraform-ibm-modules/kms-all-inclusive/ibm"
-  version                     = "5.1.11"
+  version                     = "5.1.19"
   create_key_protect_instance = true
   key_protect_instance_name   = "${var.prefix}-kp"
   resource_group_id           = module.resource_group.resource_group_id