diff --git a/README.md b/README.md
index 8b2d3da6..fc372a5a 100644
--- a/README.md
+++ b/README.md
@@ -137,7 +137,7 @@ You need the following permissions to run this module.
| [plan](#input\_plan) | The plan for the Event Streams instance. Possible values: `lite`, `standard`, `enterprise-3nodes-2tb`. | `string` | `"standard"` | no |
| [region](#input\_region) | The region where the Event Streams are created. | `string` | `"us-south"` | no |
| [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where the Event Streams instance is created. | `string` | n/a | yes |
-| [schemas](#input\_schemas) | The list of schema objects. Include the `schema_id` and the `type` and `name` of the schema in the `schema` object. | list(object(
{
schema_id = string
schema = object({
type = string
name = string
})
}
))
| `[]` | no |
+| [schemas](#input\_schemas) | The list of schema objects. Include the `schema_id` and the `type` and `name` of the schema in the `schema` object. | list(object(
{
schema_id = string
schema = object({
type = string
name = string
fields = optional(list(object({
name = string
type = string
})))
})
}
))
| `[]` | no |
| [service\_endpoints](#input\_service\_endpoints) | The type of service endpoints. Possible values: 'public', 'private', 'public-and-private'. | `string` | `"public"` | no |
| [storage\_size](#input\_storage\_size) | Storage size of the Event Streams in GB. Applies only to Enterprise plan instances. Possible values: `2048`, `4096`, `6144`, `8192`, `10240`, `12288`. Storage capacity cannot be reduced after the instance is created. When the `throughput` input variable is set to `300`, storage size starts at 4096. When `throughput` is `450`, storage size starts starts at `6144`. | `number` | `"2048"` | no |
| [tags](#input\_tags) | The list of tags associated with the Event Steams instance. | `list(string)` | `[]` | no |
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index 268b617a..27a87cfe 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -35,6 +35,10 @@ variable "schemas" {
schema = object({
type = string
name = string
+ fields = optional(list(object({
+ name = string
+ type = string
+ })))
})
}
))
diff --git a/modules/fscloud/README.md b/modules/fscloud/README.md
index c7f93127..ac4df85f 100644
--- a/modules/fscloud/README.md
+++ b/modules/fscloud/README.md
@@ -35,7 +35,7 @@ No resources.
| [kms\_key\_crn](#input\_kms\_key\_crn) | The root key CRN of the key management service (Key Protect or Hyper Protect Crypto Services) to use to encrypt the payload data. | `string` | n/a | yes |
| [region](#input\_region) | The region where the Event Streams are created. | `string` | `"us-south"` | no |
| [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where the Event Streams instance is created. | `string` | n/a | yes |
-| [schemas](#input\_schemas) | The list of schema objects. Include the `schema_id` and the `type` and `name` of the schema in the `schema` object. | list(object(
{
schema_id = string
schema = object({
type = string
name = string
})
}
))
| `[]` | no |
+| [schemas](#input\_schemas) | The list of schema objects. Include the `schema_id` and the `type` and `name` of the schema in the `schema` object. | list(object(
{
schema_id = string
schema = object({
type = string
name = string
fields = optional(list(object({
name = string
type = string
})))
})
}
))
| `[]` | no |
| [tags](#input\_tags) | The list of tags associated with the Event Steams instance. | `list(string)` | `[]` | no |
| [topics](#input\_topics) | The list of topics to apply to resources. Only one topic is allowed for Lite plan instances. | list(object(
{
name = string
partitions = number
config = object({})
}
))
| `[]` | no |
diff --git a/modules/fscloud/variables.tf b/modules/fscloud/variables.tf
index d5b74601..cf3dbb13 100644
--- a/modules/fscloud/variables.tf
+++ b/modules/fscloud/variables.tf
@@ -29,6 +29,10 @@ variable "schemas" {
schema = object({
type = string
name = string
+ fields = optional(list(object({
+ name = string
+ type = string
+ })))
})
}
))
diff --git a/solutions/standard/DA-schemas-topics-cbr.md b/solutions/standard/DA-schemas-topics-cbr.md
new file mode 100644
index 00000000..04979f87
--- /dev/null
+++ b/solutions/standard/DA-schemas-topics-cbr.md
@@ -0,0 +1,103 @@
+# Configuring schemas, topics and context-based restriction rules in Event Streams
+
+When you add a Event Streams deployable architecture from the IBM Cloud catalog to IBM Cloud Projects, you can configure schemas, topics, and context-based restriction rules. When you edit your project configuration, select the **Configure** panel, and then click the **Optional** tab.
+
+To enter a custom value, use the edit action to open the "Edit Array" panel. Add the schemas, topics, and context-based restriction rules configurations to the array.
+
+## Options with schemas
+
+
+- `schema_id` (optional): The unique ID to assign to the schema. If this value is not specified, a generated `UUID` is assigned.
+- `schema`
+ - `type` (required): schema type.
+ - `name` (required): schema name.
+ - `fields` (optional, only required when schema `type` is `complex`): A list of `name`, `type` field pairs. For more information, see [Using Event Streams Schema Registry](https://cloud.ibm.com/docs/EventStreams?topic=EventStreams-ES_schema_registry).
+
+The following example includes all the configuration options for schemas.
+
+```hcl
+[
+ {
+ schema_id = "my-es-schema_1"
+ schema = {
+ type = "string"
+ name = "name_1"
+ }
+ },
+ {
+ schema_id = "my-es-schema_2"
+ schema = {
+ type = "record"
+ name = "name_2",
+ fields : [
+ {"name": "value_1", "type": "long"},
+ {"name": "value_2", "type": "string"}
+ ]
+ }
+ }
+]
+```
+
+## Options with topics
+
+- `name` (required): The name of the topic.
+- `partitions` (optional): The number of partitions of the topic. The default value is `1`.
+- `config` (optional): The configuration parameters of the topic. Supported configurations are: `cleanup.policy`, `retention.ms`, `retention.bytes`, `segment.bytes`, `segment.ms`, `segment.index.bytes`.
+
+The following example includes all the configuration options for topics.
+
+```hcl
+[
+ {
+ name = "my-es-topic"
+ partitions = 1
+ config = {
+ "cleanup.policy" = "delete"
+ "retention.ms" = "86400000"
+ "retention.bytes" = "10485760"
+ "segment.bytes" = "10485760"
+ }
+ },
+ {
+ name = "topic-2"
+ partitions = 1
+ config = {
+ "cleanup.policy" = "compact,delete"
+ "retention.ms" = "86400000"
+ "retention.bytes" = "1073741824"
+ "segment.bytes" = "536870912"
+ }
+ }
+]
+```
+
+## Options with Context-based restriction rules
+
+- `description` (required): The description of the rule.
+- `account_id` (required): Your IBM Cloud account ID.
+- `enforcement_mode`(required): The rule enforcement mode. Allowable values are: `enabled`, `disabled`, `report`. For more information, see [What are context-based restrictions](https://cloud.ibm.com/docs/account?topic=account-context-restrictions-whatis#rule-enforcement).
+- `rule_contexts` (optional): The contexts this rule applies to. For more information, see [Rule contexts](https://cloud.ibm.com/docs/account?topic=account-context-restrictions-whatis#restriction-context).
+ - `attributes` (required): List of attributes.
+ - `name` (required): The attribute name.
+ - `value` (required): The attribute value.
+
+The following example includes all the configuration options for a context-based restriction rule.
+
+```hcl
+{
+ description = "Event stream access only from vpc"
+ enforcement_mode = "enabled"
+ account_id = "XX....XX"
+ rule_contexts = [{
+ attributes = [
+ {
+ "name" : "endpointType",
+ "value" : "private"
+ },
+ {
+ name = "networkZoneId"
+ value = <>
+ }]
+ }]
+}
+```
diff --git a/solutions/standard/variables.tf b/solutions/standard/variables.tf
index 71f654ff..b02c80a4 100644
--- a/solutions/standard/variables.tf
+++ b/solutions/standard/variables.tf
@@ -39,10 +39,14 @@ variable "schemas" {
schema = object({
type = string
name = string
+ fields = optional(list(object({
+ name = string
+ type = string
+ })))
})
}
))
- description = "The list of schema objects. Include the `schema_id` and the `type` and `name` of the schema in the `schema` object."
+ description = "The list of schema objects. Include the `schema_id` and the `type` and `name` of the schema in the `schema` object. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-event-streams/tree/main/solutions/standard/DA-schemas-topics-cbr.md)."
default = []
}
@@ -54,7 +58,7 @@ variable "topics" {
config = object({})
}
))
- description = "The list of topics to apply to resources. Only one topic is allowed for Lite plan instances."
+ description = "The list of topics to apply to resources. Only one topic is allowed for Lite plan instances. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-event-streams/tree/main/solutions/standard/DA-schemas-topics-cbr.md)."
default = []
}
@@ -78,7 +82,7 @@ variable "cbr_rules" {
}))) }))
enforcement_mode = string
}))
- description = "The list of context-based restriction rules to create."
+ description = "The list of context-based restriction rules to create. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-event-streams/tree/main/solutions/standard/DA-schemas-topics-cbr.md)."
default = []
# Validation happens in the rule module
}
diff --git a/variables.tf b/variables.tf
index a53389b6..7fcaf65d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -82,6 +82,10 @@ variable "schemas" {
schema = object({
type = string
name = string
+ fields = optional(list(object({
+ name = string
+ type = string
+ })))
})
}
))