From 4356437f4479cb0b82a516f39fe1716f336898e8 Mon Sep 17 00:00:00 2001
From: Ken Cox <73245287+kccox@users.noreply.github.com>
Date: Wed, 30 Oct 2024 11:47:00 -0500
Subject: [PATCH] feat: added support for access tags (#320)
---
README.md | 2 ++
examples/complete/main.tf | 1 +
examples/complete/variables.tf | 6 ++++++
ibm_catalog.json | 3 +++
main.tf | 10 ++++++++++
modules/fscloud/README.md | 1 +
modules/fscloud/main.tf | 1 +
modules/fscloud/variables.tf | 6 ++++++
solutions/quickstart/main.tf | 1 +
solutions/quickstart/variables.tf | 6 ++++++
variables.tf | 6 ++++++
11 files changed, 43 insertions(+)
diff --git a/README.md b/README.md
index 0f85d28c..56ff4d78 100644
--- a/README.md
+++ b/README.md
@@ -124,12 +124,14 @@ You need the following permissions to run this module.
| [ibm_iam_authorization_policy.kms_policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource |
| [ibm_resource_instance.es_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |
| [ibm_resource_key.service_credentials](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key) | resource |
+| [ibm_resource_tag.es_access_tag](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_tag) | resource |
| [time_sleep.wait_for_authorization_policy](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| [access\_tags](#input\_access\_tags) | The list of access tags associated with the Event Streams instance. | `list(string)` | `[]` | no |
| [cbr\_rules](#input\_cbr\_rules) | The list of context-based restriction rules to create. | list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
})) | `[]` | no |
| [create\_timeout](#input\_create\_timeout) | The timeout value for creating an Event Streams instance. Specify `3h` for an Enterprise plan instance. Add 1 h for each level of non-default throughput. Add 30 min for each level of non-default storage size. | `string` | `"3h"` | no |
| [delete\_timeout](#input\_delete\_timeout) | The timeout value for deleting an Event Streams instance. | `string` | `"15m"` | no |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 0f7c1e12..72f39cb9 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -20,6 +20,7 @@ module "event_streams" {
es_name = "${var.prefix}-es"
schemas = var.schemas
tags = var.resource_tags
+ access_tags = var.access_tags
topics = var.topics
service_credential_names = {
"es_writer" : "Writer",
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index 27a87cfe..2adeb05f 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -28,6 +28,12 @@ variable "resource_tags" {
default = []
}
+variable "access_tags" {
+ type = list(string)
+ description = "The list of access tags associated with the Event Steams instance."
+ default = []
+}
+
variable "schemas" {
type = list(object(
{
diff --git a/ibm_catalog.json b/ibm_catalog.json
index 26bf7d5d..e57c7737 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -110,6 +110,9 @@
{
"key": "resource_tags"
},
+ {
+ "key": "access_tags"
+ },
{
"key": "plan",
"options": [
diff --git a/main.tf b/main.tf
index c4ae6cc2..537e29df 100644
--- a/main.tf
+++ b/main.tf
@@ -78,6 +78,16 @@ resource "ibm_event_streams_topic" "es_topic" {
config = var.topics[count.index].config
}
+##############################################################################
+# ACCESS TAGS - attaching existing access tags to the resource instance
+##############################################################################
+resource "ibm_resource_tag" "es_access_tag" {
+ count = length(var.access_tags) > 0 ? 1 : 0
+ resource_id = ibm_resource_instance.es_instance.id
+ tags = var.access_tags
+ tag_type = "access"
+}
+
##############################################################################
# IAM Authorization Policy
##############################################################################
diff --git a/modules/fscloud/README.md b/modules/fscloud/README.md
index e84e9d85..ccc52fda 100644
--- a/modules/fscloud/README.md
+++ b/modules/fscloud/README.md
@@ -26,6 +26,7 @@ No resources.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| [access\_tags](#input\_access\_tags) | The list of access tags associated with the Event Steams instance. | `list(string)` | `[]` | no |
| [cbr\_rules](#input\_cbr\_rules) | The list of context-based restriction rules to create. | list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
})) | `[]` | no |
| [es\_name](#input\_es\_name) | The name of the Event Streams instance. | `string` | n/a | yes |
| [existing\_kms\_instance\_guid](#input\_existing\_kms\_instance\_guid) | The GUID of the Hyper Protect Crypto service in which the key specified in var.kms\_key\_crn is coming from | `string` | n/a | yes |
diff --git a/modules/fscloud/main.tf b/modules/fscloud/main.tf
index 4068ce64..a49026b4 100644
--- a/modules/fscloud/main.tf
+++ b/modules/fscloud/main.tf
@@ -8,6 +8,7 @@ module "event_streams" {
existing_kms_instance_guid = var.existing_kms_instance_guid
schemas = var.schemas
tags = var.tags
+ access_tags = var.access_tags
topics = var.topics
service_endpoints = "private"
cbr_rules = var.cbr_rules
diff --git a/modules/fscloud/variables.tf b/modules/fscloud/variables.tf
index 6dcaa017..19eed259 100644
--- a/modules/fscloud/variables.tf
+++ b/modules/fscloud/variables.tf
@@ -11,6 +11,12 @@ variable "tags" {
default = []
}
+variable "access_tags" {
+ type = list(string)
+ description = "The list of access tags associated with the Event Steams instance."
+ default = []
+}
+
variable "es_name" {
description = "The name of the Event Streams instance."
type = string
diff --git a/solutions/quickstart/main.tf b/solutions/quickstart/main.tf
index 4ebb211a..49ffad27 100644
--- a/solutions/quickstart/main.tf
+++ b/solutions/quickstart/main.tf
@@ -19,5 +19,6 @@ module "event_streams" {
region = var.region
topics = var.topics
tags = var.resource_tags
+ access_tags = var.access_tags
service_credential_names = var.service_credential_names
}
diff --git a/solutions/quickstart/variables.tf b/solutions/quickstart/variables.tf
index dba12180..7012d65d 100644
--- a/solutions/quickstart/variables.tf
+++ b/solutions/quickstart/variables.tf
@@ -40,6 +40,12 @@ variable "resource_tags" {
default = []
}
+variable "access_tags" {
+ type = list(string)
+ description = "The list of access tags associated with the Event Streams instance."
+ default = []
+}
+
variable "plan" {
type = string
description = "The plan for the Event Streams instance. Possible values: `lite` and `standard`."
diff --git a/variables.tf b/variables.tf
index efea1c9d..dc151345 100644
--- a/variables.tf
+++ b/variables.tf
@@ -28,6 +28,12 @@ variable "tags" {
default = []
}
+variable "access_tags" {
+ type = list(string)
+ description = "The list of access tags associated with the Event Streams instance."
+ default = []
+}
+
variable "region" {
type = string
description = "The region where the Event Streams are created."