refactor: addressed the review comments

terraform-ibm-modules · jojustin · Jun 12, 2023 · May 11, 2023 · May 11, 2023 · May 12, 2023
commit c742a09d79a8cfc7292537381f96a9c8df167c42
@@ -8,7 +8,7 @@
  },
  {
  "scc_rule_id": "rule-216e2449-27d7-4afc-929a-b66e196a9cf9",
- "description": "Check whether Flow Logs for VPC are enabled Found in: resource_address:ibm_is_vpc.example_vpc",
+ "description": "Check whether Flow Logs for VPC are enabled.",
  "ignore_reason": "This rule is not relevant to the module itself, just the VPC resource is used in the example that is scanned",
  "is_valid": false
  }

@@ -3,10 +3,10 @@
 ## *Note:* This example is only deploying Event Streams in a compliant manner the other infrastructure may not necessarily compliant.
 
 ### Requirements
-This example expects you have Hyper Protect Crypto Service instances in the region you wish to deploy your Event Streams instance.
+This example expects you to have Hyper Protect Crypto Service instances in the region you wish to deploy your Event Streams instance.
 
- ### Deploys
+### Deploys
 An end-to-end example that creates an event streams instance with key protect.
 This example uses the IBM Cloud terraform provider to:
  - Create a new resource group if one is not passed in.
- - Create a new event streams instance in the resource group and region provided, encrypted with the root key, and configured with topics and schemas.
+ - Create a new event streams instance in the resource group and region provided, encrypted with the root key.
@@ -48,7 +48,6 @@ module "event_streams" {
  source = "../../profiles/fscloud"
  resource_group_id = module.resource_group.resource_group_id
  es_name = "${var.prefix}-es-fs"
- plan = var.plan
  kms_key_crn = var.kms_key_crn
  existing_kms_instance_guid = var.existing_kms_instance_guid
  schemas = var.schemas

@@ -10,12 +10,6 @@ variable "region" {
  default = "us-south"
 }
 
-variable "plan" {
- type = string
- description = "Plan for the event stream instance. lite, standard or enterprise-3nodes-2tb"
- default = "enterprise-3nodes-2tb"
-}
-
 variable "prefix" {
  type = string
  description = "Prefix to append to all resources created by this example"
@@ -45,28 +39,7 @@ variable "schemas" {
  }
  ))
  description = "The list of schema object which contains schema id and format of the schema"
- default = [{
- schema_id = "my-es-schema_1"
- schema = {
- type = "string"
- name = "name_1"
- }
- },
- {
- schema_id = "my-es-schema_2"
- schema = {
- type = "string"
- name = "name_2"
- }
- },
- {
- schema_id = "my-es-schema_3"
- schema = {
- type = "string"
- name = "name_3"
- }
- }
- ]
+ default = []
 }
 
 variable "topics" {
@@ -78,28 +51,7 @@ variable "topics" {
  }
  ))
  description = "List of topics. For lite plan only one topic is allowed."
- default = [
- {
- name = "topic-1"
- partitions = 1
- config = {
- "cleanup.policy" = "delete"
- "retention.ms" = "86400000"
- "retention.bytes" = "10485760"
- "segment.bytes" = "10485760"
- }
- },
- {
- name = "topic-2"
- partitions = 1
- config = {
- "cleanup.policy" = "compact,delete"
- "retention.ms" = "86400000"
- "retention.bytes" = "1073741824"
- "segment.bytes" = "536870912"
- }
- }
- ]
+ default = []
 }
 
 variable "existing_kms_instance_guid" {

@@ -4,3 +4,46 @@ This is a profile for PostgreSQL that meets Financial Services Cloud requirement
 It has been scanned by [IBM Code Risk Analyzer (CRA)](https://cloud.ibm.com/docs/code-risk-analyzer-cli-plugin?topic=code-risk-analyzer-cli-plugin-cra-cli-plugin#terraform-command) and meets all applicable goals with the following exception:
 
 > Rule ID rule-3b2768e5-d783-4b0c-a47f-81479af34689 : Check whether Event Streams is accessible only by using private endpoints
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.49.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_event_streams"></a> [event\_streams](#module\_event\_streams) | ../../ | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules) | (Optional, list) List of CBR rules to create | <pre>list(object({<br> description = string<br> account_id = string<br> rule_contexts = list(object({<br> attributes = optional(list(object({<br> name = string<br> value = string<br> }))) }))<br> enforcement_mode = string<br> }))</pre> | `[]` | no |
+| <a name="input_es_name"></a> [es\_name](#input\_es\_name) | Name of the event streams instance | `string` | n/a | yes |
+| <a name="input_existing_kms_instance_guid"></a> [existing\_kms\_instance\_guid](#input\_existing\_kms\_instance\_guid) | The GUID of the Hyper Protect Crypto Services instance. | `string` | n/a | yes |
+| <a name="input_kms_key_crn"></a> [kms\_key\_crn](#input\_kms\_key\_crn) | The root key CRN of the Hyper Protect Crypto Service (HPCS) to use for disk encryption. | `string` | n/a | yes |
+| <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | ID of resource group to use when creating the event stream instance | `string` | n/a | yes |
+| <a name="input_schemas"></a> [schemas](#input\_schemas) | The list of schema object which contains schema id and format of the schema | <pre>list(object(<br> {<br> schema_id = string<br> schema = object({<br> type = string<br> name = string<br> })<br> }<br> ))</pre> | `[]` | no |
+| <a name="input_skip_iam_authorization_policy"></a> [skip\_iam\_authorization\_policy](#input\_skip\_iam\_authorization\_policy) | Set to true to skip the creation of an IAM authorization policy that permits all event streams instances in the provided resource group reader access to the instance specified in the existing\_kms\_instance\_guid variable. | `bool` | `false` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | List of tags associated with the Event Steams instance | `list(string)` | `[]` | no |
+| <a name="input_topics"></a> [topics](#input\_topics) | List of topics. For lite plan only one topic is allowed. | <pre>list(object(<br> {<br> name = string<br> partitions = number<br> config = object({})<br> }<br> ))</pre> | `[]` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_crn"></a> [crn](#output\_crn) | Event Streams instance crn |
+| <a name="output_guid"></a> [guid](#output\_guid) | Event Streams instance guid |
+| <a name="output_id"></a> [id](#output\_id) | Event Streams instance crn |
+| <a name="output_kafka_brokers_sasl"></a> [kafka\_brokers\_sasl](#output\_kafka\_brokers\_sasl) | (Array of Strings) Kafka brokers use for interacting with Kafka native API |
+| <a name="output_kafka_http_url"></a> [kafka\_http\_url](#output\_kafka\_http\_url) | The API endpoint to interact with Event Streams REST API |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -2,7 +2,7 @@ module "event_streams" {
  source = "../../"
  resource_group_id = var.resource_group_id
  es_name = var.es_name
- plan = var.plan
+ plan = "enterprise-3nodes-2tb"
  kms_encryption_enabled = true
  skip_iam_authorization_policy = var.skip_iam_authorization_policy
  kms_key_crn = var.kms_key_crn

@@ -7,6 +7,11 @@ output "crn" {
  value = module.event_streams.crn
 }
 
+output "id" {
+ description = "Event Streams instance crn"
+ value = module.event_streams.id
+}
+
 output "guid" {
  description = "Event Streams instance guid"
  value = module.event_streams.guid

@@ -1,8 +1,4 @@
-variable "plan" {
- type = string
- description = "Plan for the event stream instance. lite, standard or enterprise-3nodes-2tb"
- default = "enterprise-3nodes-2tb"
-}
+
 
 variable "resource_group_id" {
  description = "ID of resource group to use when creating the event stream instance"
@@ -31,28 +27,7 @@ variable "schemas" {
  }
  ))
  description = "The list of schema object which contains schema id and format of the schema"
- default = [{
- schema_id = "my-es-schema_1"
- schema = {
- type = "string"
- name = "name_1"
- }
- },
- {
- schema_id = "my-es-schema_2"
- schema = {
- type = "string"
- name = "name_2"
- }
- },
- {
- schema_id = "my-es-schema_3"
- schema = {
- type = "string"
- name = "name_3"
- }
- }
- ]
+ default = []
 }
 
 variable "topics" {
@@ -64,43 +39,22 @@ variable "topics" {
  }
  ))
  description = "List of topics. For lite plan only one topic is allowed."
- default = [
- {
- name = "topic-1"
- partitions = 1
- config = {
- "cleanup.policy" = "delete"
- "retention.ms" = "86400000"
- "retention.bytes" = "10485760"
- "segment.bytes" = "10485760"
- }
- },
- {
- name = "topic-2"
- partitions = 1
- config = {
- "cleanup.policy" = "compact,delete"
- "retention.ms" = "86400000"
- "retention.bytes" = "1073741824"
- "segment.bytes" = "536870912"
- }
- }
- ]
+ default = []
 }
 
 variable "kms_key_crn" {
  type = string
- description = "The root key CRN of a Key Management Service like Key Protect or Hyper Protect Crypto Service (HPCS) that you want to use for disk encryption. If null, database is encrypted by using randomly generated keys. See https://cloud.ibm.com/docs/EventStreams?topic=EventStreams-managing_encryption for more info."
+ description = "The root key CRN of the Hyper Protect Crypto Service (HPCS) to use for disk encryption."
 }
 
 variable "existing_kms_instance_guid" {
- description = "The GUID of the Hyper Protect or Key Protect instance in which the key specified in var.kms_key_crn is coming from. Only required if skip_iam_authorization_policy is false."
+ description = "The GUID of the Hyper Protect Crypto Services instance."
  type = string
 }
 
 variable "skip_iam_authorization_policy" {
  type = bool
- description = "Set to true to skip the creation of an IAM authorization policy that permits all mongodb instances in the provided resource group reader access to the instance specified in the existing_kms_instance_guid variable."
+ description = "Set to true to skip the creation of an IAM authorization policy that permits all event streams instances in the provided resource group reader access to the instance specified in the existing_kms_instance_guid variable."
  default = false
 }
 

@@ -1,3 +1,13 @@
 terraform {
  required_version = ">= 1.3.0"
+ required_providers {
+ # The below tflint-ignore is required because although the below provider is not directly required by this submodule,
+ # it is required by consuming modules, and if not set here, the top level module calling this module will not be
+ # able to set alternative alias for the provider.
+ # tflint-ignore: terraform_unused_required_providers
+ ibm = {
+ source = "IBM-Cloud/ibm"
+ version = "1.49.0"
+ }
+ }
 }