From 1e1c92f6436a52fe751491fcb359c9a83b1ac5b4 Mon Sep 17 00:00:00 2001
From: Kenneth Cox <kccox@us.ibm.com>
Date: Tue, 4 Mar 2025 09:51:39 -0600
Subject: [PATCH] iam_token_only defaults to false in solutions/enterprise

---
 ibm_catalog.json                  | 3 +++
 solutions/enterprise/main.tf      | 1 +
 solutions/enterprise/variables.tf | 6 ++++++
 3 files changed, 10 insertions(+)

diff --git a/ibm_catalog.json b/ibm_catalog.json
index f376052..2ba140b 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -345,6 +345,9 @@
             },
             {
               "key": "existing_kms_key_crn"
+            },
+            {
+              "key": "iam_token_only"
             }
           ],
           "iam_permissions": [
diff --git a/solutions/enterprise/main.tf b/solutions/enterprise/main.tf
index 15bed78..f3fec10 100644
--- a/solutions/enterprise/main.tf
+++ b/solutions/enterprise/main.tf
@@ -159,6 +159,7 @@ module "event_streams" {
   mirroring                            = var.mirroring
   cbr_rules                            = var.cbr_rules
   schema_global_rule                   = var.schema_global_rule
+  iam_token_only                       = var.iam_token_only
   skip_kms_iam_authorization_policy    = var.skip_event_streams_kms_auth_policy
   skip_es_s2s_iam_authorization_policy = var.skip_event_streams_s2s_iam_auth_policy
   create_timeout                       = var.create_timeout
diff --git a/solutions/enterprise/variables.tf b/solutions/enterprise/variables.tf
index 269c8b7..d62c85a 100644
--- a/solutions/enterprise/variables.tf
+++ b/solutions/enterprise/variables.tf
@@ -253,6 +253,12 @@ variable "ibmcloud_kms_api_key" {
   default     = null
 }
 
+variable "iam_token_only" {
+  type        = bool
+  description = "If set to true, disables Kafka's SASL PLAIN authentication method, only allowing clients to authenticate with SASL OAUTHBEARER via IAM access token. For more information, see: https://cloud.ibm.com/docs/EventStreams?topic=EventStreams-security. Only allowed for enterprise plans."
+  default     = false
+}
+
 variable "create_timeout" {
   type        = string
   description = "The timeout value for creating an Event Streams instance. Specify `3h` for an Enterprise plan instance. Add 1 h for each level of non-default throughput. Add 30 min for each level of non-default storage size."