feat: add module to fetch primary_metadata_region

ibm_catalog.json

@@ -220,7 +220,7 @@
               ]
             },
             {
-              "key": "enable_primary_metadata_region"
+              "key": "use_private_endpoint"
             },
             {
               "key": "metrics_routing_route_name"

modules/get_primary_metadata_region/README.md

@@ -0,0 +1,62 @@
+# Primary Metadata Region
+
+This module retrieves the `primary_metadata_region` value from the IBM Cloud Metrics Routing Account Settings.
+
+### Customizing default cloud service endpoints
+
+The user must export the endpoint as an environment variable in order to use custom cloud service endpoints with this module. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints#getting-started-with-custom-service-endpoints).
+
+**Important** The only supported method for customizing cloud service endpoints is to export the environment variables endpoint; be sure to export the value for `IBMCLOUD_METRICS_ROUTING_API_ENDPOINT`. For example,
+
+```
+export IBMCLOUD_METRICS_ROUTING_API_ENDPOINT="<endpoint_url>"
+```
+
+## Usage
+
+```hcl
+
+provider "ibm" {
+  ibmcloud_api_key      = "XXXXXXXXXXXXXXXXXXXXXXXX"  # pragma: allowlist secret
+}
+
+module "metrics_router" {
+  source = "terraform-ibm-modules/cloud-monitoring/ibm//modules/get_primary_metadata_region"
+  region              = "us-south"
+  use_private_endpoint = false
+}
+```
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+### Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
+| <a name="requirement_external"></a> [external](#requirement\_external) | >= 2.3.5, <3.0.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.69.2, < 2.0.0 |
+
+### Modules
+
+No modules.
+
+### Resources
+
+| Name | Type |
+|------|------|
+| [external_external.get_primary_metadata_region](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |
+| [ibm_iam_auth_token.token](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/iam_auth_token) | data source |
+
+### Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_region"></a> [region](#input\_region) | The IBM Cloud Metrics Routing region. | `string` | `"us-south"` | no |
+| <a name="input_use_private_endpoint"></a> [use\_private\_endpoint](#input\_use\_private\_endpoint) | Set to true to use the private endpoints instead of public endpoints for IBM Cloud Metrics Routing service. When true, the script queries the private Metrics Routing endpoint for the given region. [Learn more](https://cloud.ibm.com/docs/metrics-router?topic=metrics-router-endpoints) | `bool` | `false` | no |
+
+### Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_primary_metadata_region"></a> [primary\_metadata\_region](#output\_primary\_metadata\_region) | The current primary metadata region set for IBM Cloud Metrics Routing. |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/get_primary_metadata_region/main.tf

@@ -0,0 +1,15 @@
+########################################################################
+# Metrics Routing Primary Metadata Region
+#########################################################################
+
+data "ibm_iam_auth_token" "token" {}
+
+data "external" "get_primary_metadata_region" {
+  program = ["python3", "${path.module}/scripts/primary_metadata_region.py"]
+
+  query = {
+    iam_access_token     = data.ibm_iam_auth_token.token.iam_access_token
+    region               = var.region
+    use_private_endpoint = var.use_private_endpoint
+  }
+}

modules/get_primary_metadata_region/outputs.tf

@@ -0,0 +1,8 @@
+########################################################################
+# Output
+#########################################################################
+
+output "primary_metadata_region" {
+  value       = data.external.get_primary_metadata_region.result.primary_metadata_region
+  description = "The current primary metadata region set for IBM Cloud Metrics Routing."
+}

modules/get_primary_metadata_region/scripts/primary_metadata_region.py

@@ -0,0 +1,102 @@
+#!/usr/bin/env python3
+import http.client
+import json
+import os
+import sys
+import time
+import urllib.parse
+
+
+def load_input():
+    try:
+        raw = sys.stdin.read()
+        data = json.loads(raw)
+        return data
+    except Exception as e:
+        log_error(f"Failed to parse JSON input: {e}")
+        sys.exit(1)
+
+
+def log_error(message):
+    print(message, file=sys.stderr)
+
+
+def resolve_metrics_router_endpoint(region, use_private):
+    metrics_endpoint = os.getenv("IBMCLOUD_METRICS_ROUTING_API_ENDPOINT")
+
+    if not metrics_endpoint:
+        metrics_endpoint = "metrics-router.cloud.ibm.com"
+    metrics_endpoint = metrics_endpoint.replace("https://", "")
+
+    if metrics_endpoint == "metrics-router.cloud.ibm.com":
+        if use_private:
+            return f"https://private.{region}.{metrics_endpoint}"
+        else:
+            return f"https://{region}.{metrics_endpoint}"
+
+    return f"https://{metrics_endpoint}"
+
+
+def http_get(url, headers=None, timeout=10):
+    headers = headers or {}
+    parsed = urllib.parse.urlparse(url)
+    metricsrouterconn = http.client.HTTPSConnection(
+        parsed.hostname, parsed.port, timeout=timeout
+    )
+
+    try:
+        metricsrouterconn.request("GET", parsed.path, headers=headers)
+        response = metricsrouterconn.getresponse()
+        metrics_router_response = response.read().decode("utf-8")
+        return response.status, metrics_router_response
+
+    except Exception:
+        raise
+
+    finally:
+        metricsrouterconn.close()
+
+
+def fetch_primary_metadata_region(base_url, iam_token):
+    url = f"{base_url}/api/v3/settings"
+    headers = {"Authorization": iam_token}
+
+    max_retries = 5
+    retry_delay = 3
+
+    for attempt in range(1, max_retries + 1):
+        try:
+            status, body = http_get(url, headers=headers, timeout=10)
+            data = json.loads(body)
+
+        except Exception as e:
+            data = {}
+            status = str(e)
+
+        if "primary_metadata_region" in data:
+            return data["primary_metadata_region"]
+
+        log_error(
+            f"Attempt {attempt} failed (status {status}), retrying in {retry_delay}s..."
+        )
+        time.sleep(retry_delay)
+
+    log_error("`primary_metadata_region` could not be fetched after 5 attempts.")
+    sys.exit(1)
+
+
+def main():
+    input_data = load_input()
+
+    region = input_data["region"]
+    iam_token = input_data["iam_access_token"]
+    use_private_endpoint = json.loads(input_data["use_private_endpoint"])
+
+    base_url = resolve_metrics_router_endpoint(region, use_private_endpoint)
+    primary_region = fetch_primary_metadata_region(base_url, iam_token)
+
+    print(json.dumps({"primary_metadata_region": primary_region}))
+
+
+if __name__ == "__main__":
+    main()

modules/get_primary_metadata_region/variables.tf

@@ -0,0 +1,15 @@
+##############################################################################
+# Input Variables
+##############################################################################
+
+variable "region" {
+  description = "The IBM Cloud Metrics Routing region."
+  type        = string
+  default     = "us-south"
+}
+
+variable "use_private_endpoint" {
+  type        = bool
+  description = "Set to true to use the private endpoints instead of public endpoints for IBM Cloud Metrics Routing service. When true, the script queries the private Metrics Routing endpoint for the given region. [Learn more](https://cloud.ibm.com/docs/metrics-router?topic=metrics-router-endpoints)"
+  default     = false
+}

modules/get_primary_metadata_region/version.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.9.0"
+  required_providers {
+    # Use "greater than or equal to" range in modules
+    ibm = {
+      source  = "ibm-cloud/ibm"
+      version = ">= 1.69.2, < 2.0.0"
+    }
+    external = {
+      source  = "hashicorp/external"
+      version = ">= 2.3.5, <3.0.0"
+    }
+  }
+}

solutions/fully-configurable/main.tf

@@ -72,5 +72,11 @@ module "metrics_routing" {
   ]
 
   metrics_router_routes   = length(var.metrics_router_routes) != 0 ? var.metrics_router_routes : local.default_metrics_router_route
-  metrics_router_settings = var.enable_primary_metadata_region ? { primary_metadata_region = var.region } : null
+  metrics_router_settings = length(module.primary_metadata_region.primary_metadata_region) != 0 ? null : { primary_metadata_region = var.region }
+}
+
+module "primary_metadata_region" {
+  source               = "../../modules/get_primary_metadata_region"
+  region               = var.region
+  use_private_endpoint = var.use_private_endpoint
 }

solutions/fully-configurable/variables.tf

@@ -120,6 +120,12 @@ variable "enable_platform_metrics" {
 # Metrics Routing
 ########################################################################################################################
 
+variable "use_private_endpoint" {
+  type        = bool
+  description = "Set to true to use the private endpoints instead of public endpoints for IBM Cloud Metrics Routing service. When true, the script queries the private Metrics Routing endpoint for the given region. [Learn more](https://cloud.ibm.com/docs/metrics-router?topic=metrics-router-endpoints)"
+  default     = false
+}
+
 variable "metrics_routing_target_name" {
   type        = string
   description = "The name of the IBM Cloud Metrics Routing target where metrics are collected. If the prefix variable is passed, the name of the target is prefixed to the value in the `<prefix>-value` format."
@@ -138,12 +144,6 @@ variable "enable_metrics_routing_to_cloud_monitoring" {
   default     = true
 }
 
-variable "enable_primary_metadata_region" {
-  type        = bool
-  description = "When set to `true`, sets `primary_metadata_region` to `region`, storing Metrics Router metadata in that region. When `false`, no region is set and the default global region is used. For new accounts, creating targets and routes will fail until primary_metadata_region is set, so it is recommended to default enable_primary_metadata_region to true. [Learn more](https://cloud.ibm.com/docs/metrics-router?topic=metrics-router-getting-started#configuring_account_settings)."
-  default     = true
-}
-
 variable "metrics_router_routes" {
   type = list(object({
     name = string

tests/go.mod

@@ -6,7 +6,7 @@ toolchain go1.25.4
 
 require (
 	github.com/stretchr/testify v1.11.1
-	github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.60.21
+	github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.60.31
 )
 
 require (
@@ -23,7 +23,6 @@ require (
 	github.com/ProtonMail/go-crypto v1.1.6 // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
-	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
 	github.com/cloudflare/circl v1.6.1 // indirect
 	github.com/cyphar/filepath-securejoin v0.4.1 // indirect
@@ -37,13 +36,13 @@ require (
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/analysis v0.23.0 // indirect
-	github.com/go-openapi/errors v0.22.3 // indirect
+	github.com/go-openapi/errors v0.22.4 // indirect
 	github.com/go-openapi/jsonpointer v0.21.1 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/loads v0.22.0 // indirect
 	github.com/go-openapi/runtime v0.28.0 // indirect
 	github.com/go-openapi/spec v0.21.0 // indirect
-	github.com/go-openapi/strfmt v0.24.0 // indirect
+	github.com/go-openapi/strfmt v0.25.0 // indirect
 	github.com/go-openapi/swag v0.23.1 // indirect
 	github.com/go-openapi/validate v0.24.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
@@ -53,7 +52,7 @@ require (
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/gruntwork-io/terratest v0.52.0 // indirect
+	github.com/gruntwork-io/terratest v0.53.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-getter/v2 v2.2.3 // indirect
@@ -85,19 +84,19 @@ require (
 	github.com/ulikunitz/xz v0.5.11 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/zclconf/go-cty v1.16.4 // indirect
-	go.mongodb.org/mongo-driver v1.17.4 // indirect
+	go.mongodb.org/mongo-driver v1.17.6 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/otel v1.35.0 // indirect
 	go.opentelemetry.io/otel/metric v1.35.0 // indirect
 	go.opentelemetry.io/otel/trace v1.35.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
-	golang.org/x/crypto v0.43.0 // indirect
-	golang.org/x/mod v0.28.0 // indirect
-	golang.org/x/net v0.45.0 // indirect
+	golang.org/x/crypto v0.44.0 // indirect
+	golang.org/x/mod v0.29.0 // indirect
+	golang.org/x/net v0.46.0 // indirect
 	golang.org/x/sync v0.18.0 // indirect
-	golang.org/x/sys v0.37.0 // indirect
-	golang.org/x/text v0.30.0 // indirect
-	golang.org/x/tools v0.37.0 // indirect
+	golang.org/x/sys v0.38.0 // indirect
+	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/tools v0.38.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect