fix: added instance id support to the target_service_details variable in the fscloud profile (#275)

Author: Ak-sky

examples/fscloud/main.tf

@@ -10,6 +10,18 @@ module "resource_group" {
   existing_resource_group_name = var.resource_group
 }
 
+##############################################################################
+# Key Protect Instance
+##############################################################################
+resource "ibm_resource_instance" "key_protect_instance" {
+  name              = "${var.prefix}-key-protect-instance"
+  resource_group_id = module.resource_group.resource_group_id
+  service           = "kms"
+  plan              = "tiered-pricing"
+  location          = var.region
+  service_endpoints = "private"
+}
+
 # ##############################################################################
 # # Get Cloud Account ID
 # ##############################################################################
@@ -63,6 +75,7 @@ module "cbr_account_level" {
   target_service_details = {
     "kms" = {
       "enforcement_mode" = "enabled"
+      "instance_id"      = ibm_resource_instance.key_protect_instance.guid
     }
   }
 
@@ -98,7 +111,7 @@ module "cbr_account_level" {
 ## A zone used to group operator machine ips.
 module "cbr_zone_operator_ips" {
   source           = "../../modules/cbr-zone-module"
-  name             = "List of operator environment public IPs"
+  name             = "${var.prefix}-List of operator environment public IPs"
   account_id       = data.ibm_iam_account_settings.iam_account_settings.account_id
   zone_description = "Zone grouping list of known public ips for operator machines"
   addresses = [{
@@ -107,7 +120,7 @@ module "cbr_zone_operator_ips" {
   }]
 }
 
-## Examples of data lookup on objects (zone, rule) created by the fscoud profile module
+## Examples of data lookup on objects (zone, rule) created by the fscloud profile module
 ## Get rule targetting "event-notification"
 data "ibm_cbr_rule" "event_notification_rule" {
   rule_id = module.cbr_account_level.map_target_service_rule_ids["event-notifications"].rule_id

modules/fscloud/README.md

@@ -52,7 +52,7 @@ Important: In order to avoid unexpected breakage in the account against which th
 | <a name="input_existing_serviceref_zone"></a> [existing\_serviceref\_zone](#input\_existing\_serviceref\_zone) | Provide a valid service reference and existing zone id | <pre>map(object(<br>    {<br>      zone_id = string<br>  }))</pre> | `{}` | no |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | Prefix to append to all vpc\_zone\_list, service\_ref\_zone\_list and cbr\_rule\_description created by this submodule | `string` | n/a | yes |
 | <a name="input_skip_specific_services_for_zone_creation"></a> [skip\_specific\_services\_for\_zone\_creation](#input\_skip\_specific\_services\_for\_zone\_creation) | Provide a list of service references for which zone creation is not required | `list(string)` | `[]` | no |
-| <a name="input_target_service_details"></a> [target\_service\_details](#input\_target\_service\_details) | Details of the target service for which a rule is created. The key is the service name. | <pre>map(object({<br>    target_rg        = optional(string)<br>    enforcement_mode = string<br>    tags             = optional(list(string))<br>  }))</pre> | `{}` | no |
+| <a name="input_target_service_details"></a> [target\_service\_details](#input\_target\_service\_details) | Details of the target service for which a rule is created. The key is the service name. | <pre>map(object({<br>    target_rg        = optional(string)<br>    instance_id      = optional(string)<br>    enforcement_mode = string<br>    tags             = optional(list(string))<br>  }))</pre> | `{}` | no |
 | <a name="input_zone_service_ref_list"></a> [zone\_service\_ref\_list](#input\_zone\_service\_ref\_list) | (List) Service reference for the zone creation | `list(string)` | <pre>[<br>  "cloud-object-storage",<br>  "codeengine",<br>  "containers-kubernetes",<br>  "databases-for-cassandra",<br>  "databases-for-elasticsearch",<br>  "databases-for-enterprisedb",<br>  "databases-for-etcd",<br>  "databases-for-mongodb",<br>  "databases-for-mysql",<br>  "databases-for-postgresql",<br>  "databases-for-redis",<br>  "directlink",<br>  "iam-groups",<br>  "is",<br>  "messagehub",<br>  "messages-for-rabbitmq",<br>  "schematics",<br>  "secrets-manager",<br>  "server-protect",<br>  "user-management",<br>  "apprapp",<br>  "compliance",<br>  "event-notifications"<br>]</pre> | no |
 | <a name="input_zone_vpc_crn_list"></a> [zone\_vpc\_crn\_list](#input\_zone\_vpc\_crn\_list) | (List) VPC CRN for the zones | `list(string)` | n/a | yes |
 

modules/fscloud/main.tf

@@ -321,6 +321,21 @@ module "cbr_rule" {
         operator = "stringEquals",
         value    = each.value.target_rg
       },
+      {
+        name     = "serviceName",
+        operator = "stringEquals",
+        value    = each.key
+      }] : try(each.value.instance_id, null) != null ? [
+      {
+        name     = "accountId",
+        operator = "stringEquals",
+        value    = data.ibm_iam_account_settings.iam_account_settings.account_id
+      },
+      {
+        name     = "serviceInstance",
+        operator = "stringEquals",
+        value    = each.value.instance_id
+      },
       {
         name     = "serviceName",
         operator = "stringEquals",

modules/fscloud/variables.tf

@@ -109,6 +109,7 @@ variable "custom_rule_contexts_by_service" {
 variable "target_service_details" {
   type = map(object({
     target_rg        = optional(string)
+    instance_id      = optional(string)
     enforcement_mode = string
     tags             = optional(list(string))
   }))