feat: initial commit

.github/settings.yml

@@ -14,12 +14,9 @@ repository:
 
  # By changing this field, you rename the repository.
 
- # Uncomment this name property and set the name to the current repo name.
- # name: ""
+ name: "terraform-ibm-data-engine"
 
  # The description is displayed under the repository name on the
  # organization page and in the 'About' section of the repository.
 
- # Uncomment this description property
- # and update the description to the current repo description.
- # description: ""
+ description: "Module that supports provisioning an IBM Cloud® Data Engine instance"

.github/workflows/ci.yml

@@ -7,6 +7,7 @@ on:
  branches: [main]
  pull_request:
  branches: [main]
+ types: [opened, synchronize, reopened, ready_for_review]
 
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
@@ -16,5 +17,6 @@ jobs:
  uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-terraform-module-ci.yml@v1.12.2
  secrets: inherit
  with:
- craTarget: "examples/default"
- craGoalIgnoreFile: "cra-tf-validate-ignore-goals.json"
+ craSCCv2: true
+ craTarget: "examples/complete"
+ craRuleIgnoreFile: "cra-tf-validate-ignore-rules.json"

.secrets.baseline

@@ -3,7 +3,7 @@
  "files": "go.sum|^.secrets.baseline$",
  "lines": null
  },
- "generated_at": "2023-05-05T07:42:37Z",
+ "generated_at": "2023-05-22T11:40:49Z",
  "plugins_used": [
  {
  "name": "AWSKeyDetector"
@@ -76,7 +76,18 @@
  "name": "TwilioKeyDetector"
  }
  ],
- "results": {},
+ "results": {
+ "README.md": [
+ {
+ "hashed_secret": "ff9ee043d85595eb255c05dfe32ece02a53efbb2",
+ "is_secret": false,
+ "is_verified": false,
+ "line_number": 16,
+ "type": "Secret Keyword",
+ "verified_result": null
+ }
+ ]
+ },
  "version": "0.13.1+ibm.60.dss",
  "word_list": {
  "file": null,

README.md

@@ -1,176 +1,102 @@
-<!-- BEGIN MODULE HOOK -->
+# Data Engine (SQL Query) Module
 
-<!-- Update the title to match the module name and add a description -->
-# Terraform Modules Template Project
-<!-- UPDATE BADGE: Update the link for the following badge-->
-[![Incubating (Not yet consumable)](https://img.shields.io/badge/status-Incubating%20(Not%20yet%20consumable)-red)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
-[![Build status](https://github.com/terraform-ibm-modules/terraform-ibm-module-template/actions/workflows/ci.yml/badge.svg)](https://github.com/terraform-ibm-modules/terraform-ibm-module-template/actions/workflows/ci.yml)
+[![Stable (With quality checks)](https://img.shields.io/badge/Status-Stable%20(With%20quality%20checks)-green?style=plastic)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
+[![Build status](https://github.com/terraform-ibm-modules/terraform-ibm-data-engine/actions/workflows/ci.yml/badge.svg)](https://github.com/terraform-ibm-modules/terraform-ibm-data-engine/actions/workflows/ci.yml)
 [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
-[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-module-template?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-module-template/releases/latest)
+[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-data-engine?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-data-engine/releases/latest)
 [![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/)
 [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)
 
-<!-- Remove the content in this H2 heading after completing the steps -->
-
-## Submit a new module
-
-:+1::tada: Thank you for taking the time to contribute! :tada::+1:
-
-This template repository exists to help you create Terraform modules for IBM Cloud.
-
-The default structure includes the following files:
-
-- `README.md`: A description of the module
-- `main.tf`: The logic for the module
-- `version.tf`: The required terraform and provider versions
-- `variables.tf`: The input variables for the module
-- `outputs.tf`: The values that are output from the module
-For more information, see [Module structure](https://terraform-ibm-modules.github.io/documentation/#/module-structure) in the project documentation.
-
-You can add other content to support what your module does and how it works. For example, you might add a `scripts/` directory that contains shell scripts that are run by a `local-exec` `null_resource` in the Terraform module.
-
-Follow this process to create and submit a Terraform module.
-
-### Create a repo from this repo template
-
-1. Create a repository from this repository template by clicking `Use this template` in the upper right of the GitHub UI.
-&emsp;&emsp;&emsp;&emsp;<br>For more information about creating a repository from a template, see the [GitHub docs](https://docs.github.com/en/repositories/creating-and-managing-repositories/creating-a-repository-from-a-template).
-1. Select `terraform-ibm-modules` as the owner.
-1. Enter a name for the module in format `terraform-ibm-<NAME>`, where `<NAME>` reflects the type of infrastructure that the module manages.
-&emsp;&emsp;&emsp;&emsp;<br>Use hyphens as delimiters for names with multiple words (for example, terraform-ibm-`activity-tracker`).
-1. Provide a short description of the module.
-&emsp;&emsp;&emsp;&emsp;<br>The description is displayed under the repository name on the [organization page](https://github.com/terraform-ibm-modules) and in the **About** section of the repository. Use the description to help users understand the purpose of your module. For more information, see [module names and descriptions](https://terraform-ibm-modules.github.io/documentation/#/implementation-guidelines?id=module-names-and-descriptions) in the docs.
-
-### Clone the repo and set up your development environment
-
-Locally clone the new repository and set up your development environment by completing the tasks in [Local development setup](https://terraform-ibm-modules.github.io/documentation/#/local-dev-setup) in the project documentation.
-
-### Update the repo name and description in source control
-
-To help make sure that the repo name and description are not changed except through pull requests, they are defined in the `settings.yml` file.
-
-Check to make sure that values are uncommented and correct:
-
-1. Open the [settings.yml](.github/settings.yml) file.
-1. If not already updated, uncomment the `name` and `description` properties and set the values to what you specified when you requested the repo.
-
-### Update the Terraform files
-
-Implement the logic for your module by updating the `main.tf`, `version.tf`, `variables.tf`, and `outputs.tf` Terraform files. For more information, see [Creating Terraform on IBM Cloud templates](https://cloud.ibm.com/docs/ibm-cloud-provider-for-terraform?topic=ibm-cloud-provider-for-terraform-create-tf-config).
-
-### Create examples and tests
-
-Add one or more examples in the `examples` directory that consume your new module, and configure tests for them in the `tests` directory. For more information about tests, see [Tests](https://terraform-ibm-modules.github.io/documentation/#/tests).
-
-### Update the content in the readme file
-
-After you implement the logic for your module and create examples and tests, update this readme file in your repository by following these steps:
-
-1. Update the title heading and add a description about your module.
-1. Update the badge links.
-1. Remove all the content in this H2 heading section.
-1. Complete the [Usage](#usage) and [Required IAM access policies](#required-iam-access-policies) sections. The [Examples](#examples) and [Requirements](#requirements) section are populated by a pre-commit hook.
-
-### Commit your code and submit your module for review
-
-1. Before you commit any code, review [Contributing to the IBM Cloud Terraform modules project](https://terraform-ibm-modules.github.io/documentation/#/contribute-module) in the project documentation.
-1. Create a pull request for review.
-
-### Post-merge steps
-
-After the first PR for your module is merged, follow these post-merge steps:
-
-1. Create a PR to enable the upgrade test by removing the `t.Skip` line in `tests/pr_test.go`.
-
-<!-- Remove the content in this previous H2 heading -->
-## Reference architectures
-
-<!--
-Add links to any reference architectures for this module.
-(Usually in the `/reference-architectures` directory.)
-See "Reference architecture" in Authoring Guidelines in the public documentation at
-https://terraform-ibm-modules.github.io/documentation/#/implementation-guidelines?id=reference-architecture
--->
+This module provisions an [IBM Cloud® Data Engine](https://cloud.ibm.com/docs/sql-query?topic=sql-query-getting-started) instance.
 
 ## Usage
 
-<!--
-Add an example of the use of the module in the following code block.
-
-Use real values instead of "var.<var_name>" or other placeholder values
-unless real values don't help users know what to change.
--->
-
 ```hcl
-
+provider "ibm" {
+ ibmcloud_api_key = "XXXXXXXXXX"
+ region = "us-south"
+}
+
+module "data_engine" {
+ # Replace "main" with a GIT release version to lock into a specific release
+ source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-data-engine.git?ref=main"
+ resource_group_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
+ region = "us-south"
+}
 ```
 
 ## Required IAM access policies
 
-<!-- PERMISSIONS REQUIRED TO RUN MODULE
-If this module requires permissions, uncomment the following block and update
-the sample permissions, following the format.
-Replace the sample Account and IBM Cloud service names and roles with the
-information in the console at
-Manage > Access (IAM) > Access groups > Access policies.
--->
-
-<!--
 You need the following permissions to run this module.
 
 - Account Management
- - **Sample Account Service** service
- - `Editor` platform access
- - `Manager` service access
- - IAM Services
- - **Sample Cloud Service** service
- - `Administrator` platform access
--->
-
-<!-- NO PERMISSIONS FOR MODULE
-If no permissions are required for the module, uncomment the following
-statement instead the previous block.
--->
-
-<!-- No permissions are needed to run this module.-->
-<!-- END MODULE HOOK -->
+ - **All Identity and Access Enabled** service
+ - `Viewer` platform access
+ - **All Resource Groups** service
+ - `Viewer` platform access
+- IAM Services
+ - **Data Engine** service
+ - `Editor` platform access
+ - `Manager` service access
+
 <!-- BEGIN EXAMPLES HOOK -->
 ## Examples
 
-- [ Default example](examples/default)
-- [ Example that uses existing resources](examples/existing-resources)
-- [ Non default example](examples/non-default)
+- [ Basic Example](examples/basic)
+- [ Complete example with BYOK encryption](examples/complete)
 <!-- END EXAMPLES HOOK -->
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.49.0 |
 
 ## Modules
 
 No modules.
 
 ## Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [ibm_iam_authorization_policy.kms_policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource |
+| [ibm_resource_instance.data_engine_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |
 
 ## Inputs
 
-No inputs.
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_existing_kms_instance_guid"></a> [existing\_kms\_instance\_guid](#input\_existing\_kms\_instance\_guid) | The GUID the Key Protect instance in which the key specified in var.kms\_key\_crn is coming from. Required only if var.kms\_encryption\_enabled is set to true, var.skip\_iam\_authorization\_policy is set to false. NOTE: Hyper Protect Crypto Services is not currently supported by Data Engine. | `string` | `null` | no |
+| <a name="input_instance_name"></a> [instance\_name](#input\_instance\_name) | The name to give the Data Engine instance. | `string` | n/a | yes |
+| <a name="input_kms_encryption_enabled"></a> [kms\_encryption\_enabled](#input\_kms\_encryption\_enabled) | Set this to true to control the encryption keys used to encrypt the data that you store in Data Engine. If set to false, the data is encrypted by using randomly generated keys. For more info on Key Protect integration, see https://cloud.ibm.com/docs/sql-query?topic=sql-query-securing-data. | `bool` | `false` | no |
+| <a name="input_kms_key_crn"></a> [kms\_key\_crn](#input\_kms\_key\_crn) | The root key CRN of a Key Protect key that you want to use for disk encryption. Only used if var.kms\_encryption\_enabled is set to true. NOTE: Hyper Protect Crypto Services is not currently supported by Data Engine. | `string` | `null` | no |
+| <a name="input_kms_region"></a> [kms\_region](#input\_kms\_region) | The region where KMS instance exists if using KMS encryption. | `string` | `"us-south"` | no |
+| <a name="input_plan"></a> [plan](#input\_plan) | The plan for the Data Engine instance. Supported plans: standard or lite. | `string` | `"lite"` | no |
+| <a name="input_region"></a> [region](#input\_region) | The region where you want to deploy your instance. | `string` | `"us-south"` | no |
+| <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where the Data Engine instance will be created. | `string` | n/a | yes |
+| <a name="input_service_endpoints"></a> [service\_endpoints](#input\_service\_endpoints) | Specify whether you want to enable the public, private, or both service endpoints. Supported values are 'public', 'private', or 'public-and-private'. | `string` | `"private"` | no |
+| <a name="input_skip_iam_authorization_policy"></a> [skip\_iam\_authorization\_policy](#input\_skip\_iam\_authorization\_policy) | Set to true to skip the creation of an IAM authorization policy that permits all Data Engine instances in the resource group to read the encryption key from the KMS instance. If set to false, pass in a value for the KMS instance in the existing\_kms\_instance\_guid variable. In addition, no policy is created if var.kms\_encryption\_enabled is set to false. | `bool` | `false` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional, Array of Strings) A list of tags that you want to add to your instance. | `list(any)` | `[]` | no |
 
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_crn"></a> [crn](#output\_crn) | data engine crn |
+| <a name="output_guid"></a> [guid](#output\_guid) | data engine guid |
+| <a name="output_id"></a> [id](#output\_id) | data engine id |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 <!-- BEGIN CONTRIBUTING HOOK -->
 
 <!-- Leave this section as is so that your module has a link to local development environment set up steps for contributors to follow -->
+
 ## Contributing
 
 You can report issues and request features for this module in GitHub issues in the module repo. See [Report an issue or request a feature](https://github.com/terraform-ibm-modules/.github/blob/main/.github/SUPPORT.md).
 
 To set up your local development environment, see [Local development setup](https://terraform-ibm-modules.github.io/documentation/#/local-dev-setup) in the project documentation.
+
 <!-- Source for this readme file: https://github.com/terraform-ibm-modules/common-dev-assets/tree/main/module-assets/ci/module-template-automation -->
 <!-- END CONTRIBUTING HOOK -->

cra-tf-validate-ignore-rules.json

@@ -0,0 +1,3 @@
+{
+ "scc_rules": []
+}

examples/basic/README.md

@@ -0,0 +1,6 @@
+# Basic Example
+
+An end-to-end example that creates the following infrastructure:
+
+- A resource group, if one is not passed in.
+- An IBM Cloud® Data Engine instance.

examples/default/main.tf → examples/basic/main.tf

@@ -9,11 +9,14 @@ module "resource_group" {
  existing_resource_group_name = var.resource_group
 }
 
-resource "ibm_resource_instance" "cos_instance" {
- name = "${var.prefix}-cos"
+##############################################################################
+# Data Engine
+##############################################################################
+
+module "data_engine" {
+ source = "../../"
  resource_group_id = module.resource_group.resource_group_id
- service = "cloud-object-storage"
- plan = "standard"
- location = "global"
  tags = var.resource_tags
+ region = var.region
+ instance_name = "${var.prefix}-data_engine"
 }

examples/basic/outputs.tf

@@ -0,0 +1,17 @@
+##############################################################################
+# Outputs
+##############################################################################
+output "id" {
+ description = "ID of data engine instance"
+ value = module.data_engine.id
+}
+
+output "guid" {
+ description = "GUID of data engine instance"
+ value = module.data_engine.guid
+}
+
+output "crn" {
+ description = "crn of data engine instance"
+ value = module.data_engine.crn
+}

examples/non-default/variables.tf → examples/basic/variables.tf

@@ -6,14 +6,14 @@ variable "ibmcloud_api_key" {
 
 variable "region" {
  type = string
- description = "Region to provision all resources created by this example"
+ description = "The region data engine is to be created on."
  default = "us-south"
 }
 
 variable "prefix" {
  type = string
  description = "Prefix to append to all resources created by this example"
- default = "terraform"
+ default = "data-engine"
 }
 
 variable "resource_group" {

examples/complete/README.md

@@ -0,0 +1,7 @@
+# Complete example with BYOK encryption
+
+An end-to-end example that uses the IBM Cloud Terraform provider to create the following infrastructure:
+
+- A resource group, if one is not passed in.
+- A Key Protect instance with a root key.
+- An instance of IBM Cloud® Data Engine with BYOK encryption.