iam_token_only defaults to true in solutions/enterprise

terraform-ibm-modules · Mar 4, 2025 · bc4f763 · bc4f763
1 parent c309287
commit bc4f763
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 0 deletions.
diff --git a/ibm_catalog.json b/ibm_catalog.json
@@ -336,6 +336,9 @@
             },
             {
               "key": "existing_kms_key_crn"
+            },
+            {
+              "key": "iam_token_only"
             }
           ],
           "iam_permissions": [

diff --git a/solutions/enterprise/main.tf b/solutions/enterprise/main.tf
@@ -159,6 +159,7 @@ module "event_streams" {
   mirroring                            = var.mirroring
   cbr_rules                            = var.cbr_rules
   schema_global_rule                   = var.schema_global_rule
+  iam_token_only                       = var.iam_token_only
   skip_kms_iam_authorization_policy    = var.skip_event_streams_kms_auth_policy
   skip_es_s2s_iam_authorization_policy = var.skip_event_streams_s2s_iam_auth_policy
 }
diff --git a/solutions/enterprise/variables.tf b/solutions/enterprise/variables.tf
@@ -252,3 +252,9 @@ variable "ibmcloud_kms_api_key" {
   sensitive   = true
   default     = null
 }
+
+variable "iam_token_only" {
+  type        = bool
+  description = "If set to true, disables Kafka's SASL PLAIN authentication method, only allowing clients to authenticate with SASL OAUTHBEARER via IAM access token. For more information, see: https://cloud.ibm.com/docs/EventStreams?topic=EventStreams-security. Only allowed for enterprise plans."
+  default     = true
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -336,6 +336,9 @@ @@
                 },
                 {
                   "key": "existing_kms_key_crn"
+                },
+                {
+                  "key": "iam_token_only"
                 }
               ],
               "iam_permissions": [
@@ Expand Down @@