feat: added fscloud profile

.github/workflows/ci.yml

@@ -18,6 +18,6 @@ jobs:
  secrets: inherit
  with:
  craSCCv2: true
- craTarget: "examples/complete"
+ craTarget: "examples/fscloud"
  craRuleIgnoreFile: "cra-tf-validate-ignore-rules.json"
  craEnvironmentVariables: "TF_VAR_existing_at_instance_crn=${{ vars.AT_INSTANCE_CRN }}"

README.md

@@ -127,6 +127,7 @@ You need the following permissions to run this module.
 
 - [ Basic example](examples/basic)
 - [ Complete example with BYOK encryption](examples/complete)
+- [ Complete example with BYOK encryption](examples/fscloud)
 <!-- END EXAMPLES HOOK -->
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements

examples/fscloud/README.md

@@ -0,0 +1,7 @@
+# Complete example with BYOK encryption
+
+An end-to-end example that creates an event streams instance with key protect.
+This example uses the IBM Cloud terraform provider to:
+ - Create a new resource group if one is not passed in.
+ - Create a Key Protect instance and root key in the provided region.
+ - Create a new event streams instance in the resource group and region provided, encrypted with the root key created above, and configured with topics and schemas.

examples/fscloud/main.tf

@@ -0,0 +1,26 @@
+##############################################################################
+# Resource Group
+##############################################################################
+
+module "resource_group" {
+ source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-resource-group.git?ref=v1.0.5"
+ # if an existing resource group is not set (null) create a new one using prefix
+ resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null
+ existing_resource_group_name = var.resource_group
+}
+
+# #############################################################################
+# Events-streams-instance
+# #############################################################################
+
+module "event_streams" {
+ source = "../../profiles/fscloud"
+ resource_group_id = module.resource_group.resource_group_id
+ es_name = "${var.prefix}-es"
+ plan = var.plan
+ kms_key_crn = var.kms_key_crn
+ existing_kms_instance_guid = var.existing_kms_instance_guid
+ schemas = var.schemas
+ tags = var.resource_tags
+ topics = var.topics
+}

examples/fscloud/outputs.tf

@@ -0,0 +1,33 @@
+##############################################################################
+# Outputs
+##############################################################################
+
+output "resource_group_name" {
+ description = "Resource group name"
+ value = module.resource_group.resource_group_name
+}
+
+output "resource_group_id" {
+ description = "Resource group ID"
+ value = module.resource_group.resource_group_id
+}
+
+output "crn" {
+ description = "Event Streams instance crn"
+ value = module.event_streams.crn
+}
+
+output "guid" {
+ description = "Event Streams instance guid"
+ value = module.event_streams.guid
+}
+
+output "kafka_brokers_sasl" {
+ description = "(Array of Strings) Kafka brokers use for interacting with Kafka native API"
+ value = module.event_streams.kafka_brokers_sasl
+}
+
+output "kafka_http_url" {
+ description = "The API endpoint to interact with Event Streams REST API"
+ value = module.event_streams.kafka_http_url
+}

examples/fscloud/provider.tf

@@ -0,0 +1,4 @@
+provider "ibm" {
+ ibmcloud_api_key = var.ibmcloud_api_key
+ region = var.region
+}

examples/fscloud/variables.tf

@@ -0,0 +1,113 @@
+variable "ibmcloud_api_key" {
+ type = string
+ description = "The IBM Cloud API Key"
+ sensitive = true
+}
+
+variable "region" {
+ type = string
+ description = "Region to provision all resources created by this example"
+ default = "us-south"
+}
+
+variable "plan" {
+ type = string
+ description = "Plan for the event stream instance. lite, standard or enterprise-3nodes-2tb"
+ default = "standard"
+}
+
+variable "prefix" {
+ type = string
+ description = "Prefix to append to all resources created by this example"
+ default = "fs-cloud"
+}
+
+variable "resource_group" {
+ type = string
+ description = "An existing resource group name to use for this example, if unset a new resource group will be created"
+ default = null
+}
+
+variable "resource_tags" {
+ type = list(string)
+ description = "List of tags associated with the Event Steams instance"
+ default = []
+}
+
+variable "schemas" {
+ type = list(object(
+ {
+ schema_id = string
+ schema = object({
+ type = string
+ name = string
+ })
+ }
+ ))
+ description = "The list of schema object which contains schema id and format of the schema"
+ default = [{
+ schema_id = "my-es-schema_1"
+ schema = {
+ type = "string"
+ name = "name_1"
+ }
+ },
+ {
+ schema_id = "my-es-schema_2"
+ schema = {
+ type = "string"
+ name = "name_2"
+ }
+ },
+ {
+ schema_id = "my-es-schema_3"
+ schema = {
+ type = "string"
+ name = "name_3"
+ }
+ }
+ ]
+}
+
+variable "topics" {
+ type = list(object(
+ {
+ name = string
+ partitions = number
+ config = object({})
+ }
+ ))
+ description = "List of topics. For lite plan only one topic is allowed."
+ default = [
+ {
+ name = "topic-1"
+ partitions = 1
+ config = {
+ "cleanup.policy" = "delete"
+ "retention.ms" = "86400000"
+ "retention.bytes" = "10485760"
+ "segment.bytes" = "10485760"
+ }
+ },
+ {
+ name = "topic-2"
+ partitions = 1
+ config = {
+ "cleanup.policy" = "compact,delete"
+ "retention.ms" = "86400000"
+ "retention.bytes" = "1073741824"
+ "segment.bytes" = "536870912"
+ }
+ }
+ ]
+}
+
+variable "existing_kms_instance_guid" {
+ description = "The GUID of the Hyper Protect Crypto service in which the key specified in var.kms_key_crn is coming from"
+ type = string
+}
+
+variable "kms_key_crn" {
+ type = string
+ description = "The root key CRN of a Hyper Protect Crypto Service (HPCS) that you want to use for disk encryption. See https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs&interface=ui for more information on integrating HPCS with MongoDB instance."
+}

examples/fscloud/version.tf

@@ -0,0 +1,9 @@
+terraform {
+ required_version = ">= 1.3.0"
+ required_providers {
+ ibm = {
+ source = "IBM-Cloud/ibm"
+ version = "1.49.0"
+ }
+ }
+}

profiles/fscloud/README.md

@@ -0,0 +1,7 @@
+# Complete example with BYOK encryption
+
+An end-to-end example that creates an event streams instance with key protect.
+This example uses the IBM Cloud terraform provider to:
+ - Create a new resource group if one is not passed in.
+ - Create a Key Protect instance and root key in the provided region.
+ - Create a new event streams instance in the resource group and region provided, encrypted with the root key created above, and configured with topics and schemas.

profiles/fscloud/main.tf

@@ -0,0 +1,13 @@
+module "event_streams" {
+ source = "../../"
+ resource_group_id = var.resource_group_id
+ es_name = var.es_name
+ plan = var.plan
+ skip_iam_authorization_policy = var.skip_iam_authorization_policy
+ kms_key_crn = var.kms_key_crn
+ existing_kms_instance_guid = var.existing_kms_instance_guid
+ schemas = var.schemas
+ tags = var.tags
+ topics = var.topics
+ service_endpoints = "private"
+}

profiles/fscloud/outputs.tf

@@ -0,0 +1,23 @@
+##############################################################################
+# Outputs
+##############################################################################
+
+output "crn" {
+ description = "Event Streams instance crn"
+ value = module.event_streams.crn
+}
+
+output "guid" {
+ description = "Event Streams instance guid"
+ value = module.event_streams.guid
+}
+
+output "kafka_brokers_sasl" {
+ description = "(Array of Strings) Kafka brokers use for interacting with Kafka native API"
+ value = module.event_streams.kafka_brokers_sasl
+}
+
+output "kafka_http_url" {
+ description = "The API endpoint to interact with Event Streams REST API"
+ value = module.event_streams.kafka_http_url
+}

profiles/fscloud/variables.tf

@@ -0,0 +1,107 @@
+variable "plan" {
+ type = string
+ description = "Plan for the event stream instance. lite, standard or enterprise-3nodes-2tb"
+ default = "standard"
+}
+
+variable "resource_group_id" {
+ description = "ID of resource group to use when creating the event stream instance"
+ type = string
+}
+
+variable "tags" {
+ type = list(string)
+ description = "List of tags associated with the Event Steams instance"
+ default = []
+}
+
+variable "es_name" {
+ description = "Name of the event streams instance"
+ type = string
+}
+
+variable "schemas" {
+ type = list(object(
+ {
+ schema_id = string
+ schema = object({
+ type = string
+ name = string
+ })
+ }
+ ))
+ description = "The list of schema object which contains schema id and format of the schema"
+ default = [{
+ schema_id = "my-es-schema_1"
+ schema = {
+ type = "string"
+ name = "name_1"
+ }
+ },
+ {
+ schema_id = "my-es-schema_2"
+ schema = {
+ type = "string"
+ name = "name_2"
+ }
+ },
+ {
+ schema_id = "my-es-schema_3"
+ schema = {
+ type = "string"
+ name = "name_3"
+ }
+ }
+ ]
+}
+
+variable "topics" {
+ type = list(object(
+ {
+ name = string
+ partitions = number
+ config = object({})
+ }
+ ))
+ description = "List of topics. For lite plan only one topic is allowed."
+ default = [
+ {
+ name = "topic-1"
+ partitions = 1
+ config = {
+ "cleanup.policy" = "delete"
+ "retention.ms" = "86400000"
+ "retention.bytes" = "10485760"
+ "segment.bytes" = "10485760"
+ }
+ },
+ {
+ name = "topic-2"
+ partitions = 1
+ config = {
+ "cleanup.policy" = "compact,delete"
+ "retention.ms" = "86400000"
+ "retention.bytes" = "1073741824"
+ "segment.bytes" = "536870912"
+ }
+ }
+ ]
+}
+
+variable "kms_key_crn" {
+ type = string
+ description = "(Optional) The root key CRN of a Key Management Service like Key Protect or Hyper Protect Crypto Service (HPCS) that you want to use for disk encryption. If null, database is encrypted by using randomly generated keys. See https://cloud.ibm.com/docs/EventStreams?topic=EventStreams-managing_encryption for more info."
+ default = null
+}
+
+variable "existing_kms_instance_guid" {
+ description = "(Optional) The GUID of the Hyper Protect or Key Protect instance in which the key specified in var.kms_key_crn is coming from. Only required if skip_iam_authorization_policy is false"
+ type = string
+ default = null
+}
+
+variable "skip_iam_authorization_policy" {
+ type = bool
+ description = "Set to true to skip the creation of an IAM authorization policy that permits all mongodb instances in the provided resource group reader access to the instance specified in the existing_kms_instance_guid variable."
+ default = false
+}

profiles/fscloud/version.tf

@@ -0,0 +1,3 @@
+terraform {
+ required_version = ">= 1.3.0"
+}