IBM Cloud Docs
Onboarding your Terraform template

Onboarding your Terraform template

This tutorial walks you through how to onboard a Terraform template to your private catalog in IBM Cloud®.

Before you begin

  1. Create your Terraform template. For more information, see Creating Terraform templates.

  2. Test your Terraform template by running the following commands from the Terraform CLI:

    • terraform init
    • terraform validate

  3. Upload your Terraform template to a GitHub release and create a .tgz file. For more information, see Upload your Terraform template and readme file to your GitHub repository.

    Use the latest release of the sample Terraform code as an example of how to set up your repository.

  4. Verify that you're assigned the correct roles. For Terraform, you need the following IBM Cloud Identity and Access Management (IAM) roles.

    • Administrator on all account management services and all IAM services
    • Editor on the catalog management service
    • Manager service access role for IBM Cloud Schematics
    • Operator platform role for VPC Infrastructure
    • Editor on the software instance service
    • The required permission to complete a specific task

Import your Terraform template

  1. In the IBM Cloud console, click the Navigation Menu icon Navigation Menu icon > Partner Center > My products.
  2. Select the product that you're onboarding.
  3. From the Software page, click Import a version.
  4. Choose Terraform as your deployment method.
  5. Select the type of repository.
  6. Enter the example Terraform URL as your source URL.
  7. Enter the software version in the format of major version, minor version, and revision, for example, 1.0.0.
  8. Click Add version.

Review the version details

After you import your version, you can review the version details.

  1. Click Configure version.
  2. Review your version details.
  3. Click Next.

Configure the deployment values

After you review the version details, you're ready to configure the deployment values.

  1. Click Configure version > Next.
  2. If you need to specify the Terraform runtime version that you want Schematics to use, click the Override the default Terraform runtime version checkbox and enter a version.
  3. From the Configure the deployment details section, click Add deployment values.
  4. Select the Parameter checkbox to select all options, and click Add.
  5. To customize which parameters are required for users to specify during the installation and which ones are hidden from users, select a parameter and click Edit. Click the checkboxes to configure the values and click Save.

Edit output value descriptions

You can improve the descriptions for your Terraform template's output values to help users better understand the purpose of the parameters. The description of any output value that you include in your template can be updated.

To add output values, you need to include them in a new imported version of your Terraform template.

Complete the following steps to edit the product's output value descriptions:

  1. Click Configure version > Next.
  2. From the Output value descriptions section, provide a new description for the parameter that you want to update.
  3. Click Next.

Define IAM access

After you configure your deployment values, you can add the service access and platform access roles that are required to install your product from the IBM catalog.

Use the following steps to define your product's access:

  1. Click Configure version > Next > Next.
  2. Click Add.
  3. Select the service and the required service and platform access.
    • The service access role allows access for using the service and performing service API calls.
    • The platform access role enables actions to be performed on platform resources, such as creating an instance, connecting instances to apps, and assigning user access.
  4. Click Save.

Set the license requirements

If users are required to accept any license agreements beyond the IBM Cloud Services Agreement, provide the URL to each agreement.

  1. From the Add license agreements tab, click Add license.
  2. Enter the name and URL, and click Add license.
  3. Enter all additional license agreements, and click Next.

Review your readme file

When users install the software, they can view product information by clicking the Readme file link. This information is generated from the readme file that you uploaded to your source repository.

  1. From the Edit readme tab, click the Edit icon Edit icon.
  2. Preview how the information in the readme file is displayed to users when they install the Terraform template.
  3. If you need to make changes, edit the repository where you uploaded the Terraform template and re-create the .tgz file. Then, you can import the updated file to your private catalog again.
  4. Click Save.
  5. Click Next.

Validate the Terraform template

  1. Click Validate version.

  2. Enter the name of your workspace, select a resource group, select a Schematics region, and click Next.

    In the Tags field, you can enter a name of a specific tag to attach to your template. This tag is put on the IBM Cloud Schematics workspace. Tags provide a way to organize, track usage costs, and manage access to the resources in your account.

  3. From the Deployment values section, review your parameter values, and click Next.

  4. In the Validate version section, select I have read and agree to the following license agreements.

  5. Click Validate.

    To monitor the progress of the validation process, click View logs.

Manage compliance

You can add controls to your software to prove that it meets security and compliance requirements. To claim compliance, you must add inventory results from Workload Protection. Only controls that are supported by Workload Protection appear in the catalog. You can add controls from policies and import controls from module references.

Add controls

To add controls, complete the following steps:

  1. On the Manage compliance page, select Add controls.

  2. Select a Workload Protection instance, then a policy.

    If you haven't provisioned a Workload Protection instance yet, you must set up one from the IBM Cloud catalog and enable Cloud Security Posture Management (CSPM) for your IBM Cloud account. Then, complete the steps to integrate with either an existing Workload Protection instance or a new instance.

  3. Select whether you want to add the entire policy or only a subset of controls.

  4. If you select to add an entire policy, continue to the next step. If you select to add a subset of controls, select the controls that you want to add.

  5. Click Add.

Add inventory results from Workload Protection

You can add inventory results from Workload Protection so that users can see the claimed compliance when they evaluate your product in the catalog.

In Workload Protection, your inventory is updated once every day. You must deploy your resources and wait for the inventory to be updated before you add the inventory to your catalog listing. For more information, go to Inventory.

To add inventory results, complete the following steps:

  1. On the Manage compliance page, click Add results.
  2. Select the Workload Protection instance that you provisioned previously.
  3. Click Apply to apply the latest inventory results.

Review requirements

You must complete validation and any other requirements to publish your Terraform template.

Next steps

Go to the Partner Center and submit your request to publish your Terraform template to the IBM Cloud catalog.