iam_token_only defaults to false in solutions/enterprise

ibm_catalog.json

@@ -345,6 +345,9 @@
             },
             {
               "key": "existing_kms_key_crn"
+            },
+            {
+              "key": "iam_token_only"
             }
           ],
           "iam_permissions": [

solutions/enterprise/main.tf

@@ -159,6 +159,7 @@ module "event_streams" {
   mirroring                            = var.mirroring
   cbr_rules                            = var.cbr_rules
   schema_global_rule                   = var.schema_global_rule
+  iam_token_only                       = var.iam_token_only
   skip_kms_iam_authorization_policy    = var.skip_event_streams_kms_auth_policy
   skip_es_s2s_iam_authorization_policy = var.skip_event_streams_s2s_iam_auth_policy
   create_timeout                       = var.create_timeout

solutions/enterprise/variables.tf

@@ -253,6 +253,12 @@ variable "ibmcloud_kms_api_key" {
   default     = null
 }
 
+variable "iam_token_only" {
+  type        = bool
+  description = "If set to true, disables Kafka's SASL PLAIN authentication method, only allowing clients to authenticate with SASL OAUTHBEARER via IAM access token. For more information, see: https://cloud.ibm.com/docs/EventStreams?topic=EventStreams-security. Only allowed for enterprise plans."
+  default     = false
+}
+
 variable "create_timeout" {
   type        = string
   description = "The timeout value for creating an Event Streams instance. Specify `3h` for an Enterprise plan instance. Add 1 h for each level of non-default throughput. Add 30 min for each level of non-default storage size."