feat: initial release (#3)

Author: iamar7

.github/CODEOWNERS

@@ -1,2 +1,3 @@
 # Primary owner should be listed first in list of global owners, followed by any secondary owners
-*       @ocofaigh @daniel-butler-irl
+
+*       @iamar7 @shemau

.github/settings.yml

@@ -22,7 +22,7 @@ repository:
 
   # Uncomment this description property
   # and update the description to the current repo description.
-  # description: ""
+  description: "This module supports configuring an IBM Cloud Monitoring instance and IBM Cloud Metrics Routing."
 
   # Use a comma-separated list of topics to set on the repo (ensure not to use any caps in the topic string).
   topics: terraform, ibm-cloud, terraform-module, core-team, cloud-monitoring, metrics, observability

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-11-22T17:36:38Z",
+  "generated_at": "2025-04-09T08:26:47Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -82,7 +82,7 @@
         "hashed_secret": "ff9ee043d85595eb255c05dfe32ece02a53efbb2",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 74,
+        "line_number": 41,
         "type": "Secret Keyword",
         "verified_result": null
       }

README.md

@@ -1,60 +1,27 @@
-<!-- Update this title with a descriptive name. Use sentence case. -->
-# Terraform modules template project
-
-<!--
-Update status and "latest release" badges:
-  1. For the status options, see https://terraform-ibm-modules.github.io/documentation/#/badge-status
-  2. Update the "latest release" badge to point to the correct module's repo. Replace "terraform-ibm-module-template" in two places.
--->
-[![Incubating (Not yet consumable)](https://img.shields.io/badge/status-Incubating%20(Not%20yet%20consumable)-red)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
-[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-cloud-monitoring?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-cloud-monitoring/releases/latest)
+# IBM Cloud Monitoring module
+
+[![Graduated (Supported)](https://img.shields.io/badge/Status-Graduated%20(Supported)-brightgreen)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
+[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)
 [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
+[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-cloud-monitoring?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-cloud-monitoring/releases/latest)
 [![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/)
-[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)
-
-<!--
-Add a description of modules in this repo.
-Expand on the repo short description in the .github/settings.yml file.
 
-For information, see "Module names and descriptions" at
-https://terraform-ibm-modules.github.io/documentation/#/implementation-guidelines?id=module-names-and-descriptions
--->
+This module supports configuring an IBM Cloud Monitoring instance, metrics routing target, routes and settings.
 
-TODO: Replace this with a description of the modules in this repo.
-
-
-<!-- The following content is automatically populated by the pre-commit hook -->
-<!-- BEGIN OVERVIEW HOOK -->
 ## Overview
+
 * [terraform-ibm-cloud-monitoring](#terraform-ibm-cloud-monitoring)
+* [Submodules](./modules)
+  * [metrics_routing](./modules/metrics_routing)
 * [Examples](./examples)
-    * [Advanced example](./examples/advanced)
-    * [Basic example](./examples/basic)
+  * [Advanced example](./examples/advanced)
+  * [Basic example](./examples/basic)
 * [Contributing](#contributing)
-<!-- END OVERVIEW HOOK -->
-
-
-<!--
-If this repo contains any reference architectures, uncomment the heading below and link to them.
-(Usually in the `/reference-architectures` directory.)
-See "Reference architecture" in the public documentation at
-https://terraform-ibm-modules.github.io/documentation/#/implementation-guidelines?id=reference-architecture
--->
-<!-- ## Reference architectures -->
 
-
-<!-- Replace this heading with the name of the root level module (the repo name) -->
 ## terraform-ibm-cloud-monitoring
 
 ### Usage
 
-<!--
-Add an example of the use of the module in the following code block.
-
-Use real values instead of "var.<var_name>" or other placeholder values
-unless real values don't help users know what to change.
--->
-
 ```hcl
 terraform {
   required_version = ">= 1.9.0"
@@ -75,46 +42,65 @@ provider "ibm" {
   region           = local.region
 }
 
-module "module_template" {
-  source            = "terraform-ibm-modules/<replace>/ibm"
+# IBM Cloud Monitoring
+
+module "cloud_monitoring" {
+  source            = ""terraform-ibm-modules/cloud_monitoring/ibm""
   version           = "X.Y.Z" # Replace "X.Y.Z" with a release version to lock into a specific release
   region            = local.region
-  name              = "instance-name"
-  resource_group_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX" # Replace with the actual ID of resource group to use
+  resource_group_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
 }
-```
 
-### Required access policies
+# IBM Cloud Metrics Routing
 
-<!-- PERMISSIONS REQUIRED TO RUN MODULE
-If this module requires permissions, uncomment the following block and update
-the sample permissions, following the format.
-Replace the 'Sample IBM Cloud' service and roles with applicable values.
-The required information can usually be found in the services official
-IBM Cloud documentation.
-To view all available service permissions, you can go in the
-console at Manage > Access (IAM) > Access groups and click into an existing group
-(or create a new one) and in the 'Access' tab click 'Assign access'.
--->
+module "metric_router" {
+  source    = "terraform-ibm-modules/cloud_monitoring/ibm//modules/metrics_routing"
+  version   = "X.Y.Z" # Replace "X.Y.Z" with a release version to lock into a specific release
 
-<!--
-You need the following permissions to run this module:
+  metrics_router_targets = [
+    {
+      # ID of the Cloud Monitoring instance
+      destination_crn   = "crn:v1:bluemix:public:sysdig-monitor:eu-de:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxxxxx-XXXX-XXXX-XXXX-xxxxxx::"
+      target_region = "us-south"
+      target_name   = "my-mr-target"
+    }
+  ]
+
+  metrics_router_routes = [
+    {
+        name = "my-mr-route"
+        rules = [
+            {
+                action = "send"
+                targets = [{
+                    id = module.metric_router.metric_router_targets["my-mr-target"].id
+                }]
+                inclusion_filters = [{
+                    operand = "location"
+                    operator = "is"
+                    values = ["us-east"]
+                }]
+            }
+        ]
+    }
+  ]
+}
 
-- Service
-    - **Resource group only**
-        - `Viewer` access on the specific resource group
-    - **Sample IBM Cloud** service
-        - `Editor` platform access
-        - `Manager` service access
--->
+```
 
-<!-- NO PERMISSIONS FOR MODULE
-If no permissions are required for the module, uncomment the following
-statement instead the previous block.
--->
+### Required access policies
 
-<!-- No permissions are needed to run this module.-->
+You need the following permissions to run this module.
 
+* Service
+  * **Resource group only**
+    * `Viewer` access on the specific resource group
+  * **Cloud Monitoring**
+    * `Editor` platform access
+    * `Manager` service access
+  * **IBM Cloud Metrics Routing** (Required if creating metrics routing routes & target)
+    * `Editor` platform access
+    * `Manager` service access
 
 <!-- The following content is automatically populated by the pre-commit hook -->
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -123,7 +109,7 @@ statement instead the previous block.
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.71.2, < 2.0.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.76.1, < 2.0.0 |
 
 ### Modules
 
@@ -133,25 +119,36 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [ibm_resource_instance.cos_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |
+| [ibm_resource_instance.cloud_monitoring](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_instance) | resource |
+| [ibm_resource_key.resource_key](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_key) | resource |
+| [ibm_resource_tag.cloud_monitoring_tag](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_tag) | resource |
 
 ### Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_name"></a> [name](#input\_name) | A descriptive name used to identify the resource instance. | `string` | n/a | yes |
-| <a name="input_plan"></a> [plan](#input\_plan) | The name of the plan type supported by service. | `string` | `"standard"` | no |
-| <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The ID of the resource group where you want to create the service. | `string` | n/a | yes |
-| <a name="input_resource_tags"></a> [resource\_tags](#input\_resource\_tags) | List of resource tag to associate with the instance. | `list(string)` | `[]` | no |
+| <a name="input_access_tags"></a> [access\_tags](#input\_access\_tags) | Access Management Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | `list(string)` | `[]` | no |
+| <a name="input_enable_platform_metrics"></a> [enable\_platform\_metrics](#input\_enable\_platform\_metrics) | Receive platform metrics in the provisioned IBM Cloud Monitoring instance. Only 1 instance in a given region can be enabled for platform metrics. | `bool` | `false` | no |
+| <a name="input_instance_name"></a> [instance\_name](#input\_instance\_name) | The name of the IBM Cloud Monitoring instance to create. Defaults to 'cloud-monitoring-<region>' | `string` | `null` | no |
+| <a name="input_manager_key_name"></a> [manager\_key\_name](#input\_manager\_key\_name) | The name to give the IBM Cloud Monitoring manager key. | `string` | `"SysdigManagerKey"` | no |
+| <a name="input_manager_key_tags"></a> [manager\_key\_tags](#input\_manager\_key\_tags) | Tags associated with the IBM Cloud Monitoring manager key. | `list(string)` | `[]` | no |
+| <a name="input_plan"></a> [plan](#input\_plan) | The IBM Cloud Monitoring plan to provision. Available: lite, graduated-tier | `string` | `"lite"` | no |
+| <a name="input_region"></a> [region](#input\_region) | The IBM Cloud region where Cloud Monitoring instance will be created. | `string` | `"us-south"` | no |
+| <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The id of the IBM Cloud resource group where the Cloud Monitoring instance will be created. | `string` | n/a | yes |
+| <a name="input_resource_tags"></a> [resource\_tags](#input\_resource\_tags) | Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | `list(string)` | `[]` | no |
+| <a name="input_service_endpoints"></a> [service\_endpoints](#input\_service\_endpoints) | The type of the service endpoint that will be set for the Sisdig instance. | `string` | `"public-and-private"` | no |
 
 ### Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_account_id"></a> [account\_id](#output\_account\_id) | An alpha-numeric value identifying the account ID. |
-| <a name="output_crn"></a> [crn](#output\_crn) | The CRN of the resource instance. |
-| <a name="output_guid"></a> [guid](#output\_guid) | The GUID of the resource instance. |
-| <a name="output_id"></a> [id](#output\_id) | The unique identifier of the resource instance. |
+| <a name="output_access_key"></a> [access\_key](#output\_access\_key) | The cloud monitoring access key for agents to use |
+| <a name="output_account_id"></a> [account\_id](#output\_account\_id) | The account id where cloud monitoring instance is provisioned. |
+| <a name="output_crn"></a> [crn](#output\_crn) | The id of the provisioned cloud monitoring instance. |
+| <a name="output_guid"></a> [guid](#output\_guid) | The guid of the provisioned cloud monitoring instance. |
+| <a name="output_manager_key_name"></a> [manager\_key\_name](#output\_manager\_key\_name) | The cloud monitoring manager key name |
+| <a name="output_name"></a> [name](#output\_name) | The name of the provisioned cloud monitoring instance. |
+| <a name="output_resource_group_id"></a> [resource\_group\_id](#output\_resource\_group\_id) | The resource group where cloud monitoring monitor instance resides |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 <!-- Leave this section as is so that your module has a link to local development environment set-up steps for contributors to follow -->

cra-config.yaml

@@ -13,5 +13,5 @@ CRA_TARGETS:
     # SCC_INSTANCE_ID: "" # The SCC instance ID to use to download profile for CRA scan. If not provided, a default global value will be used.
     # SCC_REGION: "" # The IBM Cloud region that the SCC instance is in. If not provided, a default global value will be used.
     CRA_ENVIRONMENT_VARIABLES:  # An optional map of environment variables for CRA, where the key is the variable name and value is the value. Useful for providing TF_VARs.
-      TF_VAR_prefix: "mock"
+      TF_VAR_prefix: "monitoring"
       TF_VAR_region: "us-south"

examples/advanced/README.md

@@ -1,4 +1,6 @@
 # Advanced example
 
-<!-- There is a pre-commit hook that will take the title of each example add include it in the repos main README.md  -->
-<!-- Add text below should describe exactly what resources are provisioned / configured by the example  -->
+Example that configures:
+
+- IBM Cloud Monitoring instance
+- IBM Cloud Metrics Routing

examples/advanced/main.tf

@@ -1,6 +1,6 @@
-########################################################################################################################
-# Resource group
-########################################################################################################################
+##############################################################################
+# Resource Group
+##############################################################################
 
 module "resource_group" {
   source  = "terraform-ibm-modules/resource-group/ibm"
@@ -10,23 +10,71 @@ module "resource_group" {
   existing_resource_group_name = var.resource_group
 }
 
-########################################################################################################################
-# COS
-########################################################################################################################
-
-#
-# Developer tips:
-#   - Call the local module / modules in the example to show how they can be consumed
-#   - Include the actual module source as a code comment like below so consumers know how to consume from correct location
-#
-
-module "cos" {
-  source = "../.."
-  # remove the above line and uncomment the below 2 lines to consume the module from the registry
-  # source            = "terraform-ibm-modules/<replace>/ibm"
-  # version           = "X.Y.Z" # Replace "X.Y.Z" with a release version to lock into a specific release
-  name              = "${var.prefix}-cos"
+##############################################################################
+# Cloud Monitoring
+##############################################################################
+
+locals {
+  cloud_monitoring_instance_name = "${var.prefix}-cloud-monitoring"
+  metrics_router_target_name     = "${var.prefix}-cloud-monitoring-target"
+}
+
+module "cloud_monitoring" {
+  source            = "../../"
   resource_group_id = module.resource_group.resource_group_id
+  region            = var.region
   resource_tags     = var.resource_tags
-  plan              = "cos-one-rate-plan"
+  access_tags       = var.access_tags
+  plan              = "graduated-tier"
+  instance_name     = local.cloud_monitoring_instance_name
+}
+
+##############################################################################
+# IBM Cloud Metrics Routing
+#   - Cloud Monitoring target
+#   - Metrics Router route to the cloud monitoring target
+##############################################################################
+
+module "metrics_routing" {
+  source = "../../modules/metrics_routing"
+
+  metrics_router_targets = [
+    {
+      destination_crn = module.cloud_monitoring.crn
+      target_name     = local.metrics_router_target_name
+      target_region   = var.region
+    }
+  ]
+
+  metrics_router_routes = [
+    {
+      name = "${var.prefix}-metric-routing-route"
+      rules = [
+        {
+          action = "send"
+          targets = [{
+            id = module.metrics_routing.metrics_router_targets[local.metrics_router_target_name].id
+          }]
+          inclusion_filters = [{
+            operand  = "location"
+            operator = "is"
+            values   = ["us-south"]
+          }]
+        }
+      ]
+    }
+  ]
+
+  ##############################################################################
+  # - Global Metrics Routing configuration
+  ##############################################################################
+
+  metrics_router_settings = {
+    default_targets = [{
+      id = module.metrics_routing.metrics_router_targets[local.metrics_router_target_name].id
+    }]
+    permitted_target_regions  = ["us-south", "eu-de", "us-east", "eu-es", "eu-gb", "au-syd", "br-sao", "ca-tor", "jp-tok", "jp-osa"]
+    primary_metadata_region   = var.region
+    private_api_endpoint_only = false
+  }
 }