From 35ba0cbd5b11febebfe0b1ee458d6c191a0beebb Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 16 Sep 2025 11:56:43 +0530 Subject: [PATCH 01/42] fix: update resource key creation --- main.tf | 10 +++++++--- variables.tf | 34 ++++++++++++++++++++++++---------- 2 files changed, 31 insertions(+), 13 deletions(-) diff --git a/main.tf b/main.tf index 322053b..8526856 100644 --- a/main.tf +++ b/main.tf @@ -32,10 +32,14 @@ resource "ibm_resource_tag" "cloud_monitoring_tag" { } resource "ibm_resource_key" "resource_key" { - name = var.manager_key_name + for_each = { for key in var.resource_keys : key.name => key } + name = each.value.key_name == null ? each.key : each.value.key_name resource_instance_id = ibm_resource_instance.cloud_monitoring.id - role = "Manager" - tags = var.manager_key_tags + role = each.value.role + parameters = { + "serviceid_crn" = each.value.service_id_crn + "HMAC" = each.value.generate_hmac_credentials + } } ######################################################################## diff --git a/variables.tf b/variables.tf index 07aeed2..20171c5 100644 --- a/variables.tf +++ b/variables.tf @@ -31,16 +31,30 @@ variable "plan" { } } -variable "manager_key_name" { - type = string - description = "The name to give the IBM Cloud Monitoring manager key." - default = "SysdigManagerKey" -} - -variable "manager_key_tags" { - type = list(string) - description = "Tags associated with the IBM Cloud Monitoring manager key." - default = [] +# 'name' is the terraform static reference to the object in the list +# 'key_name' is the IBM Cloud resource key name +# name MUST not be dynamic, so that it is known at plan time +# if key_name is not specified, name will be used for the key_name +# key_name can be a dynamic reference created during apply +variable "resource_keys" { + description = "The definition of the resource keys to generate. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key)." + type = list(object({ + name = string + key_name = optional(string, null) + generate_hmac_credentials = optional(bool, false) + role = optional(string, "Reader") + service_id_crn = optional(string, null) + })) + default = [] + validation { + # From: https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key + # Service roles (for Cloud Monitoring) https://cloud.ibm.com/iam/roles + # Reader, Writer, Manager, Supertenant Metrics Publisher, NONE + condition = alltrue([ + for key in var.resource_keys : contains(["Writer", "Reader", "Manager", "Supertenant Metrics Publisher", "NONE"], key.role) + ]) + error_message = "resource_keys role must be one of 'Writer', 'Reader', 'Manager', 'Supertenant Metrics Publisher', 'NONE', reference https://cloud.ibm.com/iam/roles and `Cloud Monitoring`" + } } variable "resource_tags" { From 78ad177a919cea15ef4ff8008b93d7906e190cba Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 16 Sep 2025 12:42:47 +0530 Subject: [PATCH 02/42] update output --- outputs.tf | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/outputs.tf b/outputs.tf index f7ed581..11d5b3a 100644 --- a/outputs.tf +++ b/outputs.tf @@ -24,14 +24,17 @@ output "resource_group_id" { } output "access_key" { - value = ibm_resource_key.resource_key.credentials["Sysdig Access Key"] description = "The cloud monitoring access key for agents to use" - sensitive = true + value = { + for name, rk in ibm_resource_key.resource_key : + name => rk.credentials["Sysdig Access Key"] + } + sensitive = true } output "manager_key_name" { - value = ibm_resource_key.resource_key.name description = "The cloud monitoring manager key name" + value = [for rk in ibm_resource_key.resource_key : rk.name] } # https://cloud.ibm.com/docs/monitoring?topic=monitoring-endpoints#endpoints_ingestion From 4df2403b94a880655792e6bce7987f14bf930479 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 16 Sep 2025 07:24:59 +0000 Subject: [PATCH 03/42] update readme --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index d3ce916..be69f07 100644 --- a/README.md +++ b/README.md @@ -170,11 +170,10 @@ You need the following permissions to run this module. | [cbr\_rules](#input\_cbr\_rules) | (Optional, list) List of context-based restrictions rules to create | 
list(object({
    description = string
    account_id  = string
    rule_contexts = list(object({
      attributes = optional(list(object({
        name  = string
        value = string
    }))) }))
    enforcement_mode = string
    operations = optional(list(object({
      api_types = list(object({
        api_type_id = string
      }))
    })))
  }))
| `[]` | no | | [enable\_platform\_metrics](#input\_enable\_platform\_metrics) | Receive platform metrics in the provisioned IBM Cloud Monitoring instance. Only 1 instance in a given region can be enabled for platform metrics. | `bool` | `false` | no | | [instance\_name](#input\_instance\_name) | The name of the IBM Cloud Monitoring instance to create. Defaults to 'cloud-monitoring-' | `string` | `null` | no | -| [manager\_key\_name](#input\_manager\_key\_name) | The name to give the IBM Cloud Monitoring manager key. | `string` | `"SysdigManagerKey"` | no | -| [manager\_key\_tags](#input\_manager\_key\_tags) | Tags associated with the IBM Cloud Monitoring manager key. | `list(string)` | `[]` | no | | [plan](#input\_plan) | The IBM Cloud Monitoring plan to provision. Available: lite, graduated-tier and graduated-tier-sysdig-secure-plus-monitor (available in region eu-fr2 only) | `string` | `"lite"` | no | | [region](#input\_region) | The IBM Cloud region where Cloud Monitoring instance will be created. | `string` | `"us-south"` | no | | [resource\_group\_id](#input\_resource\_group\_id) | The id of the IBM Cloud resource group where the Cloud Monitoring instance will be created. | `string` | n/a | yes | +| [resource\_keys](#input\_resource\_keys) | The definition of the resource keys to generate. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key). | 
list(object({
    name                      = string
    key_name                  = optional(string, null)
    generate_hmac_credentials = optional(bool, false)
    role                      = optional(string, "Reader")
    service_id_crn            = optional(string, null)
  }))
| `[]` | no | | [resource\_tags](#input\_resource\_tags) | Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | `list(string)` | `[]` | no | | [service\_endpoints](#input\_service\_endpoints) | The type of the service endpoint that will be set for the Sisdig instance. | `string` | `"public-and-private"` | no | From 07816b3078bbf80748f95e7e93d74b81be8f6677 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Thu, 18 Sep 2025 14:01:42 +0000 Subject: [PATCH 04/42] add pragma allowlist --- README.md | 2 +- variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index be69f07..9fb9f95 100644 --- a/README.md +++ b/README.md @@ -173,7 +173,7 @@ You need the following permissions to run this module. | [plan](#input\_plan) | The IBM Cloud Monitoring plan to provision. Available: lite, graduated-tier and graduated-tier-sysdig-secure-plus-monitor (available in region eu-fr2 only) | `string` | `"lite"` | no | | [region](#input\_region) | The IBM Cloud region where Cloud Monitoring instance will be created. | `string` | `"us-south"` | no | | [resource\_group\_id](#input\_resource\_group\_id) | The id of the IBM Cloud resource group where the Cloud Monitoring instance will be created. | `string` | n/a | yes | -| [resource\_keys](#input\_resource\_keys) | The definition of the resource keys to generate. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key). | 
list(object({
    name                      = string
    key_name                  = optional(string, null)
    generate_hmac_credentials = optional(bool, false)
    role                      = optional(string, "Reader")
    service_id_crn            = optional(string, null)
  }))
| `[]` | no | +| [resource\_keys](#input\_resource\_keys) | The definition of the resource keys to generate. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key). | 
list(object({
    name                      = string
    key_name                  = optional(string, null)
    generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret
    role                      = optional(string, "Reader")
    service_id_crn            = optional(string, null)
  }))
| `[]` | no | | [resource\_tags](#input\_resource\_tags) | Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | `list(string)` | `[]` | no | | [service\_endpoints](#input\_service\_endpoints) | The type of the service endpoint that will be set for the Sisdig instance. | `string` | `"public-and-private"` | no | diff --git a/variables.tf b/variables.tf index 20171c5..bd3ef95 100644 --- a/variables.tf +++ b/variables.tf @@ -41,7 +41,7 @@ variable "resource_keys" { type = list(object({ name = string key_name = optional(string, null) - generate_hmac_credentials = optional(bool, false) + generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret role = optional(string, "Reader") service_id_crn = optional(string, null) })) From 0bdb1dcc85ed5d34400637aa4a3bd7218a6b4918 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Thu, 18 Sep 2025 16:46:50 +0000 Subject: [PATCH 05/42] update cdev --- common-dev-assets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-dev-assets b/common-dev-assets index 47c0edb..325cfd0 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 47c0edbc6d669874511116e4cb645097d10561b9 +Subproject commit 325cfd0d91902e08079644092bbf298c4872f388 From 83a9a206ba6dd1e0d9e5916f8b657974ecc6701c Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 23 Sep 2025 17:53:09 +0530 Subject: [PATCH 06/42] update resource_key default --- variables.tf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/variables.tf b/variables.tf index 20171c5..b1ac34c 100644 --- a/variables.tf +++ b/variables.tf @@ -42,10 +42,11 @@ variable "resource_keys" { name = string key_name = optional(string, null) generate_hmac_credentials = optional(bool, false) - role = optional(string, "Reader") + role = optional(string, "Manager") service_id_crn = optional(string, null) })) - default = [] + default = [{ + name = "SysdigManagerKey" }] validation { # From: https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key # Service roles (for Cloud Monitoring) https://cloud.ibm.com/iam/roles From 96c820d079f15ac61560145a6eb1916f7118fe06 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 23 Sep 2025 12:49:40 +0000 Subject: [PATCH 07/42] resolve comments --- README.md | 4 ++-- common-dev-assets | 2 +- main.tf | 2 +- outputs.tf | 7 ++++--- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 9fb9f95..30fa936 100644 --- a/README.md +++ b/README.md @@ -159,7 +159,7 @@ You need the following permissions to run this module. | Name | Type | |------|------| | [ibm_resource_instance.cloud_monitoring](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_instance) | resource | -| [ibm_resource_key.resource_key](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_key) | resource | +| [ibm_resource_key.resource_keys](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_key) | resource | | [ibm_resource_tag.cloud_monitoring_tag](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_tag) | resource | ### Inputs @@ -187,9 +187,9 @@ You need the following permissions to run this module. | [guid](#output\_guid) | The guid of the provisioned cloud monitoring instance. | | [ingestion\_endpoint\_private](#output\_ingestion\_endpoint\_private) | The Cloud Monitoring private ingestion endpoint. | | [ingestion\_endpoint\_public](#output\_ingestion\_endpoint\_public) | The Cloud Monitoring public ingestion endpoint. | -| [manager\_key\_name](#output\_manager\_key\_name) | The cloud monitoring manager key name | | [name](#output\_name) | The name of the provisioned cloud monitoring instance. | | [resource\_group\_id](#output\_resource\_group\_id) | The resource group where cloud monitoring monitor instance resides | +| [resource\_keys](#output\_resource\_keys) | List of resource resource\_keys | diff --git a/common-dev-assets b/common-dev-assets index 325cfd0..03fd242 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 325cfd0d91902e08079644092bbf298c4872f388 +Subproject commit 03fd242c14074713be00c371ed86971093163e4e diff --git a/main.tf b/main.tf index 8526856..5de0e34 100644 --- a/main.tf +++ b/main.tf @@ -31,7 +31,7 @@ resource "ibm_resource_tag" "cloud_monitoring_tag" { tag_type = "access" } -resource "ibm_resource_key" "resource_key" { +resource "ibm_resource_key" "resource_keys" { for_each = { for key in var.resource_keys : key.name => key } name = each.value.key_name == null ? each.key : each.value.key_name resource_instance_id = ibm_resource_instance.cloud_monitoring.id diff --git a/outputs.tf b/outputs.tf index 11d5b3a..f29098d 100644 --- a/outputs.tf +++ b/outputs.tf @@ -32,9 +32,10 @@ output "access_key" { sensitive = true } -output "manager_key_name" { - description = "The cloud monitoring manager key name" - value = [for rk in ibm_resource_key.resource_key : rk.name] +output "resource_keys" { + description = "List of resource resource_keys" + value = ibm_resource_key.resource_keys + sensitive = true } # https://cloud.ibm.com/docs/monitoring?topic=monitoring-endpoints#endpoints_ingestion From b15ad6a4b4de31a5f359ae60c8ada78ef4c67d6c Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 23 Sep 2025 12:52:59 +0000 Subject: [PATCH 08/42] update output --- README.md | 1 - outputs.tf | 9 --------- 2 files changed, 10 deletions(-) diff --git a/README.md b/README.md index 30fa936..f211df9 100644 --- a/README.md +++ b/README.md @@ -181,7 +181,6 @@ You need the following permissions to run this module. | Name | Description | |------|-------------| -| [access\_key](#output\_access\_key) | The cloud monitoring access key for agents to use | | [account\_id](#output\_account\_id) | The account id where cloud monitoring instance is provisioned. | | [crn](#output\_crn) | The id of the provisioned cloud monitoring instance. | | [guid](#output\_guid) | The guid of the provisioned cloud monitoring instance. | diff --git a/outputs.tf b/outputs.tf index f29098d..570cad0 100644 --- a/outputs.tf +++ b/outputs.tf @@ -23,15 +23,6 @@ output "resource_group_id" { description = "The resource group where cloud monitoring monitor instance resides" } -output "access_key" { - description = "The cloud monitoring access key for agents to use" - value = { - for name, rk in ibm_resource_key.resource_key : - name => rk.credentials["Sysdig Access Key"] - } - sensitive = true -} - output "resource_keys" { description = "List of resource resource_keys" value = ibm_resource_key.resource_keys From d264ed80e30b2892942ac93fbeec4a1d85138de8 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Wed, 24 Sep 2025 11:54:04 +0000 Subject: [PATCH 09/42] set default resource key --- README.md | 2 +- examples/advanced/outputs.tf | 11 ----------- solutions/fully-configurable/outputs.tf | 4 ++-- variables.tf | 8 ++++++-- 4 files changed, 9 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index f211df9..8126997 100644 --- a/README.md +++ b/README.md @@ -173,7 +173,7 @@ You need the following permissions to run this module. | [plan](#input\_plan) | The IBM Cloud Monitoring plan to provision. Available: lite, graduated-tier and graduated-tier-sysdig-secure-plus-monitor (available in region eu-fr2 only) | `string` | `"lite"` | no | | [region](#input\_region) | The IBM Cloud region where Cloud Monitoring instance will be created. | `string` | `"us-south"` | no | | [resource\_group\_id](#input\_resource\_group\_id) | The id of the IBM Cloud resource group where the Cloud Monitoring instance will be created. | `string` | n/a | yes | -| [resource\_keys](#input\_resource\_keys) | The definition of the resource keys to generate. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key). | 
list(object({
    name                      = string
    key_name                  = optional(string, null)
    generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret
    role                      = optional(string, "Reader")
    service_id_crn            = optional(string, null)
  }))
| `[]` | no | +| [resource\_keys](#input\_resource\_keys) | The definition of the resource keys to generate. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key). | 
list(object({
    name                      = string
    key_name                  = optional(string, null)
    generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret
    role                      = optional(string, "Manager")
    service_id_crn            = optional(string, null)
  }))
| 
[
  {
    "name": "SysdigManagerKey"
  }
]
| no | | [resource\_tags](#input\_resource\_tags) | Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | `list(string)` | `[]` | no | | [service\_endpoints](#input\_service\_endpoints) | The type of the service endpoint that will be set for the Sisdig instance. | `string` | `"public-and-private"` | no | diff --git a/examples/advanced/outputs.tf b/examples/advanced/outputs.tf index acde659..25f6199 100644 --- a/examples/advanced/outputs.tf +++ b/examples/advanced/outputs.tf @@ -27,17 +27,6 @@ output "resource_group_id" { description = "The resource group where cloud monitoring monitor instance resides." } -output "access_key" { - value = module.cloud_monitoring.access_key - description = "The cloud monitoring access key for agents to use." - sensitive = true -} - -output "manager_key_name" { - value = module.cloud_monitoring.manager_key_name - description = "The cloud monitoring manager key name." -} - output "metrics_router_routes" { value = module.metrics_routing.metrics_router_routes description = "The created metrics routing routes." diff --git a/solutions/fully-configurable/outputs.tf b/solutions/fully-configurable/outputs.tf index db54849..0d6bf5d 100644 --- a/solutions/fully-configurable/outputs.tf +++ b/solutions/fully-configurable/outputs.tf @@ -27,8 +27,8 @@ output "cloud_monitoring_guid" { description = "The guid of the provisioned IBM cloud monitoring instance." } -output "cloud_monitoring_access_key" { - value = local.create_cloud_monitoring ? module.cloud_monitoring[0].access_key : null +output "cloud_monitoring_resource_key" { + value = local.create_cloud_monitoring ? module.cloud_monitoring[0].resource_keys : null description = "IBM cloud monitoring access key for agents to use" sensitive = true } diff --git a/variables.tf b/variables.tf index bd3ef95..66808e9 100644 --- a/variables.tf +++ b/variables.tf @@ -42,10 +42,14 @@ variable "resource_keys" { name = string key_name = optional(string, null) generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret - role = optional(string, "Reader") + role = optional(string, "Manager") service_id_crn = optional(string, null) })) - default = [] + default = [ + { + name = "SysdigManagerKey" + } + ] validation { # From: https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key # Service roles (for Cloud Monitoring) https://cloud.ibm.com/iam/roles From 986997c07b691b7b3195d18df5f89962aad9cd52 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Thu, 25 Sep 2025 14:26:48 +0530 Subject: [PATCH 10/42] add moved block --- common-dev-assets | 2 +- moved.tf | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 moved.tf diff --git a/common-dev-assets b/common-dev-assets index 03fd242..95eee19 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 03fd242c14074713be00c371ed86971093163e4e +Subproject commit 95eee1969a5ad814bfa2e5a07b03c8ee6b589271 diff --git a/moved.tf b/moved.tf new file mode 100644 index 0000000..b3b5565 --- /dev/null +++ b/moved.tf @@ -0,0 +1,4 @@ +moved { + from = ibm_resource_key.resource_key + to = ibm_resource_key.resource_keys["SysdigManagerKey"] +} From 0807d34d13a280791a8f8425f3b9f86b2463050a Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 29 Sep 2025 17:39:39 +0530 Subject: [PATCH 11/42] resolve comments --- solutions/fully-configurable/outputs.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/solutions/fully-configurable/outputs.tf b/solutions/fully-configurable/outputs.tf index 0d6bf5d..b0baf89 100644 --- a/solutions/fully-configurable/outputs.tf +++ b/solutions/fully-configurable/outputs.tf @@ -27,9 +27,9 @@ output "cloud_monitoring_guid" { description = "The guid of the provisioned IBM cloud monitoring instance." } -output "cloud_monitoring_resource_key" { +output "cloud_monitoring_resource_keys" { value = local.create_cloud_monitoring ? module.cloud_monitoring[0].resource_keys : null - description = "IBM cloud monitoring access key for agents to use" + description = "IBM cloud monitoring access keys for agents to use" sensitive = true } From a63358822cc423702cc94fe009dfd90aa0c73279 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 29 Sep 2025 17:42:54 +0530 Subject: [PATCH 12/42] remove cdev --- common-dev-assets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-dev-assets b/common-dev-assets index 95eee19..325cfd0 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 95eee1969a5ad814bfa2e5a07b03c8ee6b589271 +Subproject commit 325cfd0d91902e08079644092bbf298c4872f388 From 71f760679b2f817982dc06bd4623e12d16272cad Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 29 Sep 2025 18:10:56 +0530 Subject: [PATCH 13/42] update output descriptions --- examples/advanced/outputs.tf | 6 ++++++ solutions/fully-configurable/outputs.tf | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/examples/advanced/outputs.tf b/examples/advanced/outputs.tf index 25f6199..f4f1f88 100644 --- a/examples/advanced/outputs.tf +++ b/examples/advanced/outputs.tf @@ -27,6 +27,12 @@ output "resource_group_id" { description = "The resource group where cloud monitoring monitor instance resides." } +output "cloud_monitoring_resource_keys" { + value = module.cloud_monitoring.resource_keys + description = "IBM Cloud Monitoring resource keys for agents to use" + sensitive = true +} + output "metrics_router_routes" { value = module.metrics_routing.metrics_router_routes description = "The created metrics routing routes." diff --git a/solutions/fully-configurable/outputs.tf b/solutions/fully-configurable/outputs.tf index b0baf89..2944ee5 100644 --- a/solutions/fully-configurable/outputs.tf +++ b/solutions/fully-configurable/outputs.tf @@ -29,7 +29,7 @@ output "cloud_monitoring_guid" { output "cloud_monitoring_resource_keys" { value = local.create_cloud_monitoring ? module.cloud_monitoring[0].resource_keys : null - description = "IBM cloud monitoring access keys for agents to use" + description = "IBM cloud monitoring resource keys for agents to use" sensitive = true } From f8d23bafa92a6fe8ba607f56730cb7c21c13919b Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Wed, 1 Oct 2025 18:56:51 +0530 Subject: [PATCH 14/42] resolve comments --- examples/advanced/outputs.tf | 8 +++++++- examples/basic/outputs.tf | 7 +++++++ ibm_catalog.json | 11 +++++++++++ outputs.tf | 12 +++++++++++- solutions/fully-configurable/main.tf | 1 + solutions/fully-configurable/variables.tf | 11 +++++++++++ variables.tf | 8 ++++++-- 7 files changed, 54 insertions(+), 4 deletions(-) diff --git a/examples/advanced/outputs.tf b/examples/advanced/outputs.tf index f4f1f88..cf04983 100644 --- a/examples/advanced/outputs.tf +++ b/examples/advanced/outputs.tf @@ -29,7 +29,13 @@ output "resource_group_id" { output "cloud_monitoring_resource_keys" { value = module.cloud_monitoring.resource_keys - description = "IBM Cloud Monitoring resource keys for agents to use" + description = "The map of resource keys created for the Cloud Monitoring instance." + sensitive = true +} + +output "cloud_monitoring_access_key" { + value = module.cloud_monitoring.access_keys["SysdigManagerKey"] + description = "The Cloud Monitoring access keys for agents to use." sensitive = true } diff --git a/examples/basic/outputs.tf b/examples/basic/outputs.tf index 6a88655..d9fe97a 100644 --- a/examples/basic/outputs.tf +++ b/examples/basic/outputs.tf @@ -26,3 +26,10 @@ output "ingestion_endpoint_public" { value = module.cloud_monitoring.ingestion_endpoint_public description = "The Cloud Monitoring public ingestion endpoint." } + + +output "cloud_monitoring_access_key" { + value = module.cloud_monitoring.access_keys["SysdigManagerKey"] + description = "The Cloud Monitoring access keys for agents to use." + sensitive = true +} diff --git a/ibm_catalog.json b/ibm_catalog.json index 34b9e0f..ac25e9b 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -183,6 +183,17 @@ } } }, + { + "key": "cloud_monitoring_resource_keys", + "custom_config": { + "grouping": "deployment", + "type": "array", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, { "key": "enable_platform_metrics", "required": true diff --git a/outputs.tf b/outputs.tf index 570cad0..652d035 100644 --- a/outputs.tf +++ b/outputs.tf @@ -24,11 +24,21 @@ output "resource_group_id" { } output "resource_keys" { - description = "List of resource resource_keys" + description = "Map of resource keys created for the IBM Cloud Monitoring instance, used by agents for authentication and data forwarding." value = ibm_resource_key.resource_keys sensitive = true } +# https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key +output "access_keys" { + description = "The Cloud Monitoring access keys for agents to use." + value = { + for name, key in ibm_resource_key.resource_keys : + name => key.credentials["Sysdig Access Key"] + } + sensitive = true +} + # https://cloud.ibm.com/docs/monitoring?topic=monitoring-endpoints#endpoints_ingestion output "ingestion_endpoint_private" { value = "ingest.private.${var.region}.monitoring.cloud.ibm.com" diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index abf9192..fd87549 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -52,6 +52,7 @@ module "cloud_monitoring" { plan = var.cloud_monitoring_plan resource_tags = var.cloud_monitoring_resource_tags access_tags = var.cloud_monitoring_access_tags + resource_keys = var.cloud_monitoring_resource_keys service_endpoints = "public-and-private" enable_platform_metrics = var.enable_platform_metrics cbr_rules = var.cbr_rules diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index bfebe1b..708064c 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -77,6 +77,17 @@ variable "cloud_monitoring_access_tags" { default = [] } +variable "cloud_monitoring_resource_keys" { + description = "List of access keys to create for the IBM Cloud Monitoring instance. These keys are used by monitoring agents to forward data. Each entry defines one resource key. For guidance on access keys, see: https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key" + type = list(object({ + name = string + key_name = optional(string, null) + generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret + role = optional(string, "Manager") + service_id_crn = optional(string, null) + })) +} + variable "cloud_monitoring_plan" { type = string description = "The IBM Cloud Monitoring plan to provision. Available values are `lite` and `graduated-tier` and graduated-tier-sysdig-secure-plus-monitor (available in region eu-fr2 only)." diff --git a/variables.tf b/variables.tf index 66808e9..da0043b 100644 --- a/variables.tf +++ b/variables.tf @@ -37,7 +37,7 @@ variable "plan" { # if key_name is not specified, name will be used for the key_name # key_name can be a dynamic reference created during apply variable "resource_keys" { - description = "The definition of the resource keys to generate. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key)." + description = "List of access keys to create for the IBM Cloud Monitoring instance. These keys are used by monitoring agents to forward data. Each entry defines one resource key. For guidance on access keys, see: https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key" type = list(object({ name = string key_name = optional(string, null) @@ -47,7 +47,11 @@ variable "resource_keys" { })) default = [ { - name = "SysdigManagerKey" + name = "SysdigManagerKey" + key_name = "SysdigManagerKey" + generate_hmac_credentials = false + role = "Manager" + service_id_crn = null } ] validation { From f17f2df7d525929fc85d9b7bcc2ae05ff3b05a88 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Thu, 2 Oct 2025 07:48:04 +0000 Subject: [PATCH 15/42] resolve pc --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8126997..4129053 100644 --- a/README.md +++ b/README.md @@ -173,7 +173,7 @@ You need the following permissions to run this module. | [plan](#input\_plan) | The IBM Cloud Monitoring plan to provision. Available: lite, graduated-tier and graduated-tier-sysdig-secure-plus-monitor (available in region eu-fr2 only) | `string` | `"lite"` | no | | [region](#input\_region) | The IBM Cloud region where Cloud Monitoring instance will be created. | `string` | `"us-south"` | no | | [resource\_group\_id](#input\_resource\_group\_id) | The id of the IBM Cloud resource group where the Cloud Monitoring instance will be created. | `string` | n/a | yes | -| [resource\_keys](#input\_resource\_keys) | The definition of the resource keys to generate. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key). | 
list(object({
    name                      = string
    key_name                  = optional(string, null)
    generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret
    role                      = optional(string, "Manager")
    service_id_crn            = optional(string, null)
  }))
| 
[
  {
    "name": "SysdigManagerKey"
  }
]
| no | +| [resource\_keys](#input\_resource\_keys) | List of access keys to create for the IBM Cloud Monitoring instance. These keys are used by monitoring agents to forward data. Each entry defines one resource key. For guidance on access keys, see: https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key | 
list(object({
    name                      = string
    key_name                  = optional(string, null)
    generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret
    role                      = optional(string, "Manager")
    service_id_crn            = optional(string, null)
  }))
| 
[
  {
    "generate_hmac_credentials": false,
    "key_name": "SysdigManagerKey",
    "name": "SysdigManagerKey",
    "role": "Manager",
    "service_id_crn": null
  }
]
| no | | [resource\_tags](#input\_resource\_tags) | Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | `list(string)` | `[]` | no | | [service\_endpoints](#input\_service\_endpoints) | The type of the service endpoint that will be set for the Sisdig instance. | `string` | `"public-and-private"` | no | @@ -181,6 +181,7 @@ You need the following permissions to run this module. | Name | Description | |------|-------------| +| [access\_keys](#output\_access\_keys) | The Cloud Monitoring access keys for agents to use. | | [account\_id](#output\_account\_id) | The account id where cloud monitoring instance is provisioned. | | [crn](#output\_crn) | The id of the provisioned cloud monitoring instance. | | [guid](#output\_guid) | The guid of the provisioned cloud monitoring instance. | @@ -188,7 +189,7 @@ You need the following permissions to run this module. | [ingestion\_endpoint\_public](#output\_ingestion\_endpoint\_public) | The Cloud Monitoring public ingestion endpoint. | | [name](#output\_name) | The name of the provisioned cloud monitoring instance. | | [resource\_group\_id](#output\_resource\_group\_id) | The resource group where cloud monitoring monitor instance resides | -| [resource\_keys](#output\_resource\_keys) | List of resource resource\_keys | +| [resource\_keys](#output\_resource\_keys) | Map of resource keys created for the IBM Cloud Monitoring instance, used by agents for authentication and data forwarding. | From c72858f6fd65e0a723834c0e3af41858173c16c5 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Thu, 2 Oct 2025 08:05:19 +0000 Subject: [PATCH 16/42] added default resource_key --- solutions/fully-configurable/variables.tf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 708064c..946c354 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -86,6 +86,15 @@ variable "cloud_monitoring_resource_keys" { role = optional(string, "Manager") service_id_crn = optional(string, null) })) + default = [ + { + name = "SysdigManagerKey" + key_name = "SysdigManagerKey" + generate_hmac_credentials = false + role = "Manager" + service_id_crn = null + } + ] } variable "cloud_monitoring_plan" { From f5b979430b362bfaaabe02e0f436650a36dfad8b Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 3 Oct 2025 10:11:17 +0000 Subject: [PATCH 17/42] add output --- solutions/fully-configurable/outputs.tf | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/solutions/fully-configurable/outputs.tf b/solutions/fully-configurable/outputs.tf index 2944ee5..f4d044b 100644 --- a/solutions/fully-configurable/outputs.tf +++ b/solutions/fully-configurable/outputs.tf @@ -27,9 +27,15 @@ output "cloud_monitoring_guid" { description = "The guid of the provisioned IBM cloud monitoring instance." } +output "cloud_monitoring_access_key" { + value = local.create_cloud_monitoring ? module.cloud_monitoring[0].access_key : null + description = "IBM cloud monitoring access key for agents to use" + sensitive = true +} + output "cloud_monitoring_resource_keys" { value = local.create_cloud_monitoring ? module.cloud_monitoring[0].resource_keys : null - description = "IBM cloud monitoring resource keys for agents to use" + description = "Map of resource keys created for the IBM Cloud Monitoring instance, used by agents for authentication and data forwarding." sensitive = true } From 83e4cd0f08ae092f5bd317caa505b5df630384a4 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 3 Oct 2025 10:50:53 +0000 Subject: [PATCH 18/42] add access key output --- solutions/fully-configurable/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/fully-configurable/outputs.tf b/solutions/fully-configurable/outputs.tf index f4d044b..6237094 100644 --- a/solutions/fully-configurable/outputs.tf +++ b/solutions/fully-configurable/outputs.tf @@ -28,7 +28,7 @@ output "cloud_monitoring_guid" { } output "cloud_monitoring_access_key" { - value = local.create_cloud_monitoring ? module.cloud_monitoring[0].access_key : null + value = local.create_cloud_monitoring ? module.cloud_monitoring[0].access_keys : null description = "IBM cloud monitoring access key for agents to use" sensitive = true } From bd9fcb0f2494275790724fa372673f71221ec73a Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 6 Oct 2025 04:11:22 +0530 Subject: [PATCH 19/42] resolve comments --- examples/basic/outputs.tf | 12 ++++++++ solutions/fully-configurable/DA-types.md | 34 +++++++++++++++++++++++ solutions/fully-configurable/variables.tf | 13 ++------- 3 files changed, 48 insertions(+), 11 deletions(-) diff --git a/examples/basic/outputs.tf b/examples/basic/outputs.tf index d9fe97a..aa2aefe 100644 --- a/examples/basic/outputs.tf +++ b/examples/basic/outputs.tf @@ -17,6 +17,18 @@ output "resource_group_id" { description = "The resource group where cloud monitoring monitor instance resides." } +output "cloud_monitoring_resource_keys" { + value = module.cloud_monitoring.resource_keys + description = "The map of resource keys created for the Cloud Monitoring instance." + sensitive = true +} + +output "cloud_monitoring_access_key" { + value = module.cloud_monitoring.access_keys["SysdigManagerKey"] + description = "The Cloud Monitoring access keys for agents to use." + sensitive = true +} + output "ingestion_endpoint_private" { value = module.cloud_monitoring.ingestion_endpoint_private description = "The Cloud Monitoring private ingestion endpoint." diff --git a/solutions/fully-configurable/DA-types.md b/solutions/fully-configurable/DA-types.md index b2a060e..011a8c4 100644 --- a/solutions/fully-configurable/DA-types.md +++ b/solutions/fully-configurable/DA-types.md @@ -4,6 +4,7 @@ Several optional input variables in the IBM Cloud [Cloud Monitoring instances de * [IBM Cloud Metrics Router Routes](#metrics_router_routes) (`metrics_router_routes`) * [Context Based Restrictions Rules](#cbr_rules) (`cbr_rules`) +* [Cloud Monitoring Resource Keys](#cloud_monitoring_resource_keys) (`cloud_monitoring_resource_keys`) ## Metrics Router Routes @@ -105,3 +106,36 @@ The `cbr_rules` input variable allows you to provide a rule for the target servi } ] ``` + +## Cloud Monitoring Resource Keys + +The `cloud_monitoring_resource_keys` input variable allows you to provide a list of resource key to create that will be configured in the IBM Cloud Monitoring instance. In the configuration, specify the name of the resource key, whether HMAC credentials should be included, the Role of the key and an optional Service ID CRN to create with a Service ID. Refer [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key) for more information. + +* Variable name: `cloud_monitoring_resource_keys`. +* Type: A list of objects that represent a resource key +* Default value: An empty list (`[]`). + +### Options for cloud_monitoring_resource_keys + +* `name` (required): A unique human-readable name that identifies this resource key. +* `generate_hmac_credentials` (optional, default = `false`): Set to true to include HMAC keys in the resource key. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key#example-to-create-by-using-hmac). +* `role` (optional, default = `Reader`): The name of the user role. +* `service_id_crn` (optional, default = `null`): Pass a Service ID CRN to create credentials for a resource with a Service ID. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key#example-to-create-by-using-serviceid). + +### Example route for Cloud Monitoring Resource Keys + +The following example includes all the configuration options for two resource keys. One is a HMAC key with a `Reader` role, the other with an IAM key with `Manager` role. + +```hcl +[ + { + "name": "icm-resource-key", + "generate_hmac_credentials": true, + "role": "Reader", + }, + { + "name": "icm-resource-key", + "role": "Manager" + } +] +``` diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 946c354..60b387f 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -78,23 +78,14 @@ variable "cloud_monitoring_access_tags" { } variable "cloud_monitoring_resource_keys" { - description = "List of access keys to create for the IBM Cloud Monitoring instance. These keys are used by monitoring agents to forward data. Each entry defines one resource key. For guidance on access keys, see: https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key" + description = "List of access keys to create for the IBM Cloud Monitoring instance. These keys are used by monitoring agents to forward data. Each entry defines one resource key. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-cloud-monitoring/tree/main/solutions/fully-configurable/DA-types.md#cloud-monitoring-resource-keys)" type = list(object({ name = string - key_name = optional(string, null) generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret role = optional(string, "Manager") service_id_crn = optional(string, null) })) - default = [ - { - name = "SysdigManagerKey" - key_name = "SysdigManagerKey" - generate_hmac_credentials = false - role = "Manager" - service_id_crn = null - } - ] + default = [] } variable "cloud_monitoring_plan" { From 5d7b07f39e9baa3b36824d89c70a238cdc4c0212 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 6 Oct 2025 08:46:02 +0000 Subject: [PATCH 20/42] resolve pc --- .secrets.baseline | 4 ++-- examples/basic/outputs.tf | 7 ------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 867633b..3f75079 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2025-04-17T09:27:20Z", + "generated_at": "2025-10-06T08:45:19Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -88,7 +88,7 @@ } ] }, - "version": "0.13.1+ibm.62.dss", + "version": "0.13.1+ibm.64.dss", "word_list": { "file": null, "hash": null diff --git a/examples/basic/outputs.tf b/examples/basic/outputs.tf index aa2aefe..54f7238 100644 --- a/examples/basic/outputs.tf +++ b/examples/basic/outputs.tf @@ -38,10 +38,3 @@ output "ingestion_endpoint_public" { value = module.cloud_monitoring.ingestion_endpoint_public description = "The Cloud Monitoring public ingestion endpoint." } - - -output "cloud_monitoring_access_key" { - value = module.cloud_monitoring.access_keys["SysdigManagerKey"] - description = "The Cloud Monitoring access keys for agents to use." - sensitive = true -} From dbc1eeeccf66554fe52aef826ad0fb6cca5df40d Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 6 Oct 2025 09:08:08 +0000 Subject: [PATCH 21/42] update default --- solutions/fully-configurable/DA-types.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/fully-configurable/DA-types.md b/solutions/fully-configurable/DA-types.md index 011a8c4..43dfac6 100644 --- a/solutions/fully-configurable/DA-types.md +++ b/solutions/fully-configurable/DA-types.md @@ -119,7 +119,7 @@ The `cloud_monitoring_resource_keys` input variable allows you to provide a list * `name` (required): A unique human-readable name that identifies this resource key. * `generate_hmac_credentials` (optional, default = `false`): Set to true to include HMAC keys in the resource key. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key#example-to-create-by-using-hmac). -* `role` (optional, default = `Reader`): The name of the user role. +* `role` (optional, default = `Manager`): The name of the user role. * `service_id_crn` (optional, default = `null`): Pass a Service ID CRN to create credentials for a resource with a Service ID. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key#example-to-create-by-using-serviceid). ### Example route for Cloud Monitoring Resource Keys From 96489c893a93db8f37d9501de417a3562077439a Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 6 Oct 2025 09:12:13 +0000 Subject: [PATCH 22/42] update catalog json --- ibm_catalog.json | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index ac25e9b..1ed5e56 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -185,13 +185,11 @@ }, { "key": "cloud_monitoring_resource_keys", + "type": "array", "custom_config": { + "type": "code_editor", "grouping": "deployment", - "type": "array", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } + "original_grouping": "deployment" } }, { From 68ab9c3cec0f4bb30a59a0453f80afa53831fdeb Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 6 Oct 2025 11:24:41 +0000 Subject: [PATCH 23/42] update default --- solutions/fully-configurable/DA-types.md | 13 +++++++++++-- solutions/fully-configurable/variables.tf | 9 ++++++++- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/solutions/fully-configurable/DA-types.md b/solutions/fully-configurable/DA-types.md index 43dfac6..ea0216d 100644 --- a/solutions/fully-configurable/DA-types.md +++ b/solutions/fully-configurable/DA-types.md @@ -113,13 +113,22 @@ The `cloud_monitoring_resource_keys` input variable allows you to provide a list * Variable name: `cloud_monitoring_resource_keys`. * Type: A list of objects that represent a resource key -* Default value: An empty list (`[]`). +* Default value: + + ``` + { + name = "SysdigManagerKey" + generate_hmac_credentials = false + role = "Manager" + service_id_crn = null + } + ``` ### Options for cloud_monitoring_resource_keys * `name` (required): A unique human-readable name that identifies this resource key. * `generate_hmac_credentials` (optional, default = `false`): Set to true to include HMAC keys in the resource key. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key#example-to-create-by-using-hmac). -* `role` (optional, default = `Manager`): The name of the user role. +* `role` (optional, default = `Reader`): The name of the user role. * `service_id_crn` (optional, default = `null`): Pass a Service ID CRN to create credentials for a resource with a Service ID. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key#example-to-create-by-using-serviceid). ### Example route for Cloud Monitoring Resource Keys diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 60b387f..819227b 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -85,7 +85,14 @@ variable "cloud_monitoring_resource_keys" { role = optional(string, "Manager") service_id_crn = optional(string, null) })) - default = [] + default = [ + { + name = "SysdigManagerKey" + generate_hmac_credentials = false + role = "Manager" + service_id_crn = null + } + ] } variable "cloud_monitoring_plan" { From 736a645de3df40d83c0a479c81bc1c0ec60fd3d7 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 13 Oct 2025 12:32:40 +0530 Subject: [PATCH 24/42] update variable description --- solutions/fully-configurable/variables.tf | 2 +- variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 819227b..ab80d72 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -78,7 +78,7 @@ variable "cloud_monitoring_access_tags" { } variable "cloud_monitoring_resource_keys" { - description = "List of access keys to create for the IBM Cloud Monitoring instance. These keys are used by monitoring agents to forward data. Each entry defines one resource key. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-cloud-monitoring/tree/main/solutions/fully-configurable/DA-types.md#cloud-monitoring-resource-keys)" + description = "List of access keys to create for the IBM Cloud Monitoring instance. Each entry defines one resource key. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-cloud-monitoring/tree/main/solutions/fully-configurable/DA-types.md#cloud-monitoring-resource-keys)." type = list(object({ name = string generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret diff --git a/variables.tf b/variables.tf index da0043b..501fe4d 100644 --- a/variables.tf +++ b/variables.tf @@ -37,7 +37,7 @@ variable "plan" { # if key_name is not specified, name will be used for the key_name # key_name can be a dynamic reference created during apply variable "resource_keys" { - description = "List of access keys to create for the IBM Cloud Monitoring instance. These keys are used by monitoring agents to forward data. Each entry defines one resource key. For guidance on access keys, see: https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key" + description = "List of access keys to create for the IBM Cloud Monitoring instance. Each entry defines one resource key. For guidance on access keys, see [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key)." type = list(object({ name = string key_name = optional(string, null) From ab6cca09a866cc46b087dfdcf4c540879ca104f6 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 13 Oct 2025 07:09:03 +0000 Subject: [PATCH 25/42] update README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0c14c3b..529c231 100644 --- a/README.md +++ b/README.md @@ -173,7 +173,7 @@ You need the following permissions to run this module. | [plan](#input\_plan) | The IBM Cloud Monitoring plan to provision. Available: lite, graduated-tier and graduated-tier-sysdig-secure-plus-monitor (available in region eu-fr2 only) | `string` | `"lite"` | no | | [region](#input\_region) | The IBM Cloud region where Cloud Monitoring instance will be created. | `string` | `"us-south"` | no | | [resource\_group\_id](#input\_resource\_group\_id) | The id of the IBM Cloud resource group where the Cloud Monitoring instance will be created. | `string` | n/a | yes | -| [resource\_keys](#input\_resource\_keys) | List of access keys to create for the IBM Cloud Monitoring instance. These keys are used by monitoring agents to forward data. Each entry defines one resource key. For guidance on access keys, see: https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key | 
list(object({
    name                      = string
    key_name                  = optional(string, null)
    generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret
    role                      = optional(string, "Manager")
    service_id_crn            = optional(string, null)
  }))
| 
[
  {
    "generate_hmac_credentials": false,
    "key_name": "SysdigManagerKey",
    "name": "SysdigManagerKey",
    "role": "Manager",
    "service_id_crn": null
  }
]
| no | +| [resource\_keys](#input\_resource\_keys) | List of access keys to create for the IBM Cloud Monitoring instance. Each entry defines one resource key. For guidance on access keys, see [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key). | 
list(object({
    name                      = string
    key_name                  = optional(string, null)
    generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret
    role                      = optional(string, "Manager")
    service_id_crn            = optional(string, null)
  }))
| 
[
  {
    "generate_hmac_credentials": false,
    "key_name": "SysdigManagerKey",
    "name": "SysdigManagerKey",
    "role": "Manager",
    "service_id_crn": null
  }
]
| no | | [resource\_tags](#input\_resource\_tags) | Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | `list(string)` | `[]` | no | | [service\_endpoints](#input\_service\_endpoints) | The type of the service endpoint that will be set for the Sisdig instance. | `string` | `"public-and-private"` | no | From 5da9bf6c99bef98a9263eb22ff446a074361fa78 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 17 Oct 2025 16:15:35 +0530 Subject: [PATCH 26/42] resolve comments --- main.tf | 16 ++++++++++++++++ moved.tf | 2 +- outputs.tf | 6 ++++++ variables.tf | 30 ++++++++++++++++++++---------- 4 files changed, 43 insertions(+), 11 deletions(-) diff --git a/main.tf b/main.tf index 745176a..b99f94b 100644 --- a/main.tf +++ b/main.tf @@ -31,6 +31,22 @@ resource "ibm_resource_tag" "cloud_monitoring_tag" { tag_type = "access" } +############################################################################### +# Resource Key (Default Manager Key) +############################################################################### + +resource "ibm_resource_key" "resource_key" { + count = var.disable_access_key_creation ? 0 : 1 + name = var.access_key_name + resource_instance_id = ibm_resource_instance.cloud_monitoring.id + role = "Manager" + tags = var.manager_key_tags +} + +############################################################################### +# Resource Keys (Custom Access Keys) +############################################################################### + resource "ibm_resource_key" "resource_keys" { for_each = { for key in var.resource_keys : key.name => key } name = each.value.key_name == null ? each.key : each.value.key_name diff --git a/moved.tf b/moved.tf index b3b5565..6931496 100644 --- a/moved.tf +++ b/moved.tf @@ -1,4 +1,4 @@ moved { from = ibm_resource_key.resource_key - to = ibm_resource_key.resource_keys["SysdigManagerKey"] + to = ibm_resource_key.resource_keys[0] } diff --git a/outputs.tf b/outputs.tf index 652d035..1eb683b 100644 --- a/outputs.tf +++ b/outputs.tf @@ -29,6 +29,12 @@ output "resource_keys" { sensitive = true } +output "access_key" { + value = !var.disable_access_key_creation ? ibm_resource_key.resource_key[0].credentials["Sysdig Access Key"] : null + description = "The cloud monitoring access key for agents to use" + sensitive = true +} + # https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key output "access_keys" { description = "The Cloud Monitoring access keys for agents to use." diff --git a/variables.tf b/variables.tf index 501fe4d..00c0e97 100644 --- a/variables.tf +++ b/variables.tf @@ -31,13 +31,31 @@ variable "plan" { } } +variable "disable_access_key_creation" { + type = bool + description = "When set to true, disables the creation of the default Manager access key. See `resource_keys` to handle rotation, or even creation of non manager role keys." + default = false +} + +variable "access_key_name" { + type = optional(string) + description = "The name to give the default IBM Cloud Monitoring Manager access key." + default = "SysdigManagerKey" +} + +variable "manager_key_tags" { + type = list(string) + description = "Tags associated with the IBM Cloud Monitoring manager key." + default = [] +} + # 'name' is the terraform static reference to the object in the list # 'key_name' is the IBM Cloud resource key name # name MUST not be dynamic, so that it is known at plan time # if key_name is not specified, name will be used for the key_name # key_name can be a dynamic reference created during apply variable "resource_keys" { - description = "List of access keys to create for the IBM Cloud Monitoring instance. Each entry defines one resource key. For guidance on access keys, see [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key)." + description = "List of keys to create for the IBM Cloud Monitoring instance. Each entry defines one resource key. Use this to manage custom keys, rotation, and disable default access key creation using `disable_access_key_creation`. For guidance on access keys, see [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key)." type = list(object({ name = string key_name = optional(string, null) @@ -45,15 +63,7 @@ variable "resource_keys" { role = optional(string, "Manager") service_id_crn = optional(string, null) })) - default = [ - { - name = "SysdigManagerKey" - key_name = "SysdigManagerKey" - generate_hmac_credentials = false - role = "Manager" - service_id_crn = null - } - ] + default = [] validation { # From: https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key # Service roles (for Cloud Monitoring) https://cloud.ibm.com/iam/roles From 1b32a059c2d70f2a0c70bf7fd8593ad7f37bd43f Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 17 Oct 2025 16:25:07 +0530 Subject: [PATCH 27/42] resolve pc --- README.md | 7 ++++++- variables.tf | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 529c231..471efd4 100644 --- a/README.md +++ b/README.md @@ -159,6 +159,7 @@ You need the following permissions to run this module. | Name | Type | |------|------| | [ibm_resource_instance.cloud_monitoring](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_instance) | resource | +| [ibm_resource_key.resource_key](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_key) | resource | | [ibm_resource_key.resource_keys](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_key) | resource | | [ibm_resource_tag.cloud_monitoring_tag](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_tag) | resource | @@ -166,14 +167,17 @@ You need the following permissions to run this module. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [access\_key\_name](#input\_access\_key\_name) | The name to give the default IBM Cloud Monitoring Manager access key. | `string` | `"SysdigManagerKey"` | no | | [access\_tags](#input\_access\_tags) | Access Management Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | `list(string)` | `[]` | no | | [cbr\_rules](#input\_cbr\_rules) | (Optional, list) List of context-based restrictions rules to create | 
list(object({
    description = string
    account_id  = string
    rule_contexts = list(object({
      attributes = optional(list(object({
        name  = string
        value = string
    }))) }))
    enforcement_mode = string
    operations = optional(list(object({
      api_types = list(object({
        api_type_id = string
      }))
    })))
  }))
| `[]` | no | +| [disable\_access\_key\_creation](#input\_disable\_access\_key\_creation) | When set to true, disables the creation of the default Manager access key. See `resource_keys` to handle rotation, or even creation of non manager role keys. | `bool` | `false` | no | | [enable\_platform\_metrics](#input\_enable\_platform\_metrics) | Receive platform metrics in the provisioned IBM Cloud Monitoring instance. Only 1 instance in a given region can be enabled for platform metrics. | `bool` | `false` | no | | [instance\_name](#input\_instance\_name) | The name of the IBM Cloud Monitoring instance to create. Defaults to 'cloud-monitoring-' | `string` | `null` | no | +| [manager\_key\_tags](#input\_manager\_key\_tags) | Tags associated with the IBM Cloud Monitoring manager key. | `list(string)` | `[]` | no | | [plan](#input\_plan) | The IBM Cloud Monitoring plan to provision. Available: lite, graduated-tier and graduated-tier-sysdig-secure-plus-monitor (available in region eu-fr2 only) | `string` | `"lite"` | no | | [region](#input\_region) | The IBM Cloud region where Cloud Monitoring instance will be created. | `string` | `"us-south"` | no | | [resource\_group\_id](#input\_resource\_group\_id) | The id of the IBM Cloud resource group where the Cloud Monitoring instance will be created. | `string` | n/a | yes | -| [resource\_keys](#input\_resource\_keys) | List of access keys to create for the IBM Cloud Monitoring instance. Each entry defines one resource key. For guidance on access keys, see [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key). | 
list(object({
    name                      = string
    key_name                  = optional(string, null)
    generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret
    role                      = optional(string, "Manager")
    service_id_crn            = optional(string, null)
  }))
| 
[
  {
    "generate_hmac_credentials": false,
    "key_name": "SysdigManagerKey",
    "name": "SysdigManagerKey",
    "role": "Manager",
    "service_id_crn": null
  }
]
| no | +| [resource\_keys](#input\_resource\_keys) | List of keys to create for the IBM Cloud Monitoring instance. Each entry defines one resource key. Use this to manage custom keys, rotation, and disable default access key creation using `disable_access_key_creation`. For guidance on access keys, see [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key). | 
list(object({
    name                      = string
    key_name                  = optional(string, null)
    generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret
    role                      = optional(string, "Manager")
    service_id_crn            = optional(string, null)
  }))
| `[]` | no | | [resource\_tags](#input\_resource\_tags) | Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | `list(string)` | `[]` | no | | [service\_endpoints](#input\_service\_endpoints) | The type of the service endpoint that will be set for the Sisdig instance. | `string` | `"public-and-private"` | no | @@ -181,6 +185,7 @@ You need the following permissions to run this module. | Name | Description | |------|-------------| +| [access\_key](#output\_access\_key) | The cloud monitoring access key for agents to use | | [access\_keys](#output\_access\_keys) | The Cloud Monitoring access keys for agents to use. | | [account\_id](#output\_account\_id) | The account id where cloud monitoring instance is provisioned. | | [crn](#output\_crn) | The id of the provisioned cloud monitoring instance. | diff --git a/variables.tf b/variables.tf index 00c0e97..916af15 100644 --- a/variables.tf +++ b/variables.tf @@ -38,7 +38,7 @@ variable "disable_access_key_creation" { } variable "access_key_name" { - type = optional(string) + type = string description = "The name to give the default IBM Cloud Monitoring Manager access key." default = "SysdigManagerKey" } From f885ed02cc0123f4a7cdf2f93d595a0df35fad66 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 21 Oct 2025 13:10:59 +0530 Subject: [PATCH 28/42] resolve comments --- examples/advanced/outputs.tf | 17 +++++++++++------ examples/advanced/provider.tf | 2 +- outputs.tf | 2 +- solutions/fully-configurable/outputs.tf | 2 +- solutions/fully-configurable/variables.tf | 9 +-------- 5 files changed, 15 insertions(+), 17 deletions(-) diff --git a/examples/advanced/outputs.tf b/examples/advanced/outputs.tf index cf04983..2e0e891 100644 --- a/examples/advanced/outputs.tf +++ b/examples/advanced/outputs.tf @@ -27,15 +27,20 @@ output "resource_group_id" { description = "The resource group where cloud monitoring monitor instance resides." } -output "cloud_monitoring_resource_keys" { - value = module.cloud_monitoring.resource_keys - description = "The map of resource keys created for the Cloud Monitoring instance." +output "access_key" { + value = module.cloud_monitoring.access_key + description = "The cloud monitoring access key for agents to use." sensitive = true } -output "cloud_monitoring_access_key" { - value = module.cloud_monitoring.access_keys["SysdigManagerKey"] - description = "The Cloud Monitoring access keys for agents to use." +output "access_key_name" { + value = module.cloud_monitoring.name + description = "The cloud monitoring manager key name." +} + +output "cloud_monitoring_resource_keys" { + value = module.cloud_monitoring.resource_keys + description = "The map of resource keys created for the Cloud Monitoring instance." sensitive = true } diff --git a/examples/advanced/provider.tf b/examples/advanced/provider.tf index 3512785..8bcaf1a 100644 --- a/examples/advanced/provider.tf +++ b/examples/advanced/provider.tf @@ -5,5 +5,5 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region - visibility = "private" + visibility = "public" } diff --git a/outputs.tf b/outputs.tf index 1eb683b..3708513 100644 --- a/outputs.tf +++ b/outputs.tf @@ -38,7 +38,7 @@ output "access_key" { # https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key output "access_keys" { description = "The Cloud Monitoring access keys for agents to use." - value = { + value = length(var.resource_keys) == 0 ? null : { for name, key in ibm_resource_key.resource_keys : name => key.credentials["Sysdig Access Key"] } diff --git a/solutions/fully-configurable/outputs.tf b/solutions/fully-configurable/outputs.tf index 6237094..ac06cb5 100644 --- a/solutions/fully-configurable/outputs.tf +++ b/solutions/fully-configurable/outputs.tf @@ -28,7 +28,7 @@ output "cloud_monitoring_guid" { } output "cloud_monitoring_access_key" { - value = local.create_cloud_monitoring ? module.cloud_monitoring[0].access_keys : null + value = module.cloud_monitoring[0].access_key description = "IBM cloud monitoring access key for agents to use" sensitive = true } diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index a86dc50..2d4cec6 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -85,14 +85,7 @@ variable "cloud_monitoring_resource_keys" { role = optional(string, "Manager") service_id_crn = optional(string, null) })) - default = [ - { - name = "SysdigManagerKey" - generate_hmac_credentials = false - role = "Manager" - service_id_crn = null - } - ] + default = [] } variable "cloud_monitoring_plan" { From 6a028964eccab6fc314f24429c00e61646d857f0 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 21 Oct 2025 15:19:31 +0530 Subject: [PATCH 29/42] update code --- examples/advanced/provider.tf | 2 +- moved.tf | 4 ---- solutions/fully-configurable/outputs.tf | 2 +- 3 files changed, 2 insertions(+), 6 deletions(-) delete mode 100644 moved.tf diff --git a/examples/advanced/provider.tf b/examples/advanced/provider.tf index 8bcaf1a..3512785 100644 --- a/examples/advanced/provider.tf +++ b/examples/advanced/provider.tf @@ -5,5 +5,5 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region - visibility = "public" + visibility = "private" } diff --git a/moved.tf b/moved.tf deleted file mode 100644 index 6931496..0000000 --- a/moved.tf +++ /dev/null @@ -1,4 +0,0 @@ -moved { - from = ibm_resource_key.resource_key - to = ibm_resource_key.resource_keys[0] -} diff --git a/solutions/fully-configurable/outputs.tf b/solutions/fully-configurable/outputs.tf index ac06cb5..f4d044b 100644 --- a/solutions/fully-configurable/outputs.tf +++ b/solutions/fully-configurable/outputs.tf @@ -28,7 +28,7 @@ output "cloud_monitoring_guid" { } output "cloud_monitoring_access_key" { - value = module.cloud_monitoring[0].access_key + value = local.create_cloud_monitoring ? module.cloud_monitoring[0].access_key : null description = "IBM cloud monitoring access key for agents to use" sensitive = true } From 1b8e0056430a93779fe4e420e144faa544b658cf Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 21 Oct 2025 16:04:00 +0530 Subject: [PATCH 30/42] add disable access key variable --- ibm_catalog.json | 3 +++ solutions/fully-configurable/main.tf | 25 ++++++++++++----------- solutions/fully-configurable/variables.tf | 6 ++++++ 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 7e3b566..77e411b 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -194,6 +194,9 @@ "original_grouping": "deployment" } }, + { + "key": "disable_access_key_creation" + }, { "key": "enable_platform_metrics", "required": true diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index ea24909..04f9d8e 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -44,18 +44,19 @@ locals { } module "cloud_monitoring" { - count = local.create_cloud_monitoring ? 1 : 0 - source = "../.." - resource_group_id = module.resource_group.resource_group_id - region = var.region - instance_name = local.cloud_monitoring_instance_name - plan = var.cloud_monitoring_plan - resource_tags = var.cloud_monitoring_resource_tags - access_tags = var.cloud_monitoring_access_tags - resource_keys = var.cloud_monitoring_resource_keys - service_endpoints = "public-and-private" - enable_platform_metrics = var.enable_platform_metrics - cbr_rules = var.cbr_rules + count = local.create_cloud_monitoring ? 1 : 0 + source = "../.." + resource_group_id = module.resource_group.resource_group_id + region = var.region + instance_name = local.cloud_monitoring_instance_name + plan = var.cloud_monitoring_plan + resource_tags = var.cloud_monitoring_resource_tags + access_tags = var.cloud_monitoring_access_tags + resource_keys = var.cloud_monitoring_resource_keys + disable_access_key_creation = var.disable_access_key_creation + service_endpoints = "public-and-private" + enable_platform_metrics = var.enable_platform_metrics + cbr_rules = var.cbr_rules } module "metrics_routing" { diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 2d4cec6..fe0725d 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -77,6 +77,12 @@ variable "cloud_monitoring_access_tags" { default = [] } +variable "disable_access_key_creation" { + type = bool + description = "When set to true, disables the creation of the default Manager access key. See `resource_keys` to handle rotation, or even creation of non manager role keys." + default = false +} + variable "cloud_monitoring_resource_keys" { description = "List of access keys to create for the IBM Cloud Monitoring instance. Each entry defines one resource key. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-cloud-monitoring/tree/main/solutions/fully-configurable/DA-types.md#cloud-monitoring-resource-keys)." type = list(object({ From 92b82c56e08eb71071573361236a6eb40a276308 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 21 Oct 2025 20:18:56 +0530 Subject: [PATCH 31/42] resolve comments --- examples/advanced/outputs.tf | 4 ++-- examples/basic/outputs.tf | 4 ++-- ibm_catalog.json | 6 ++++++ main.tf | 4 ++-- outputs.tf | 11 +---------- solutions/fully-configurable/main.tf | 2 ++ solutions/fully-configurable/outputs.tf | 2 +- solutions/fully-configurable/variables.tf | 16 ++++++++++++++-- variables.tf | 10 +++++----- 9 files changed, 35 insertions(+), 24 deletions(-) diff --git a/examples/advanced/outputs.tf b/examples/advanced/outputs.tf index 2e0e891..9cc4f87 100644 --- a/examples/advanced/outputs.tf +++ b/examples/advanced/outputs.tf @@ -35,12 +35,12 @@ output "access_key" { output "access_key_name" { value = module.cloud_monitoring.name - description = "The cloud monitoring manager key name." + description = "The cloud monitoring access key name." } output "cloud_monitoring_resource_keys" { value = module.cloud_monitoring.resource_keys - description = "The map of resource keys created for the Cloud Monitoring instance." + description = "A list of maps containing resource keys created for the Cloud Monitoring instance." sensitive = true } diff --git a/examples/basic/outputs.tf b/examples/basic/outputs.tf index 54f7238..338ef10 100644 --- a/examples/basic/outputs.tf +++ b/examples/basic/outputs.tf @@ -19,13 +19,13 @@ output "resource_group_id" { output "cloud_monitoring_resource_keys" { value = module.cloud_monitoring.resource_keys - description = "The map of resource keys created for the Cloud Monitoring instance." + description = "The list of resource keys created for the Cloud Monitoring instance." sensitive = true } output "cloud_monitoring_access_key" { value = module.cloud_monitoring.access_keys["SysdigManagerKey"] - description = "The Cloud Monitoring access keys for agents to use." + description = "The Cloud Monitoring access key for agents to use." sensitive = true } diff --git a/ibm_catalog.json b/ibm_catalog.json index 77e411b..7c1af2c 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -194,6 +194,12 @@ "original_grouping": "deployment" } }, + { + "key": "access_key_name" + }, + { + "key": "access_key_tags" + }, { "key": "disable_access_key_creation" }, diff --git a/main.tf b/main.tf index f63c25a..ebe74f8 100644 --- a/main.tf +++ b/main.tf @@ -40,11 +40,11 @@ resource "ibm_resource_key" "resource_key" { name = var.access_key_name resource_instance_id = ibm_resource_instance.cloud_monitoring.id role = "Manager" - tags = var.manager_key_tags + tags = var.access_key_tags } ############################################################################### -# Resource Keys (Custom Access Keys) +# Resource Keys ############################################################################### resource "ibm_resource_key" "resource_keys" { diff --git a/outputs.tf b/outputs.tf index 3708513..ff266a9 100644 --- a/outputs.tf +++ b/outputs.tf @@ -29,22 +29,13 @@ output "resource_keys" { sensitive = true } +# https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key output "access_key" { value = !var.disable_access_key_creation ? ibm_resource_key.resource_key[0].credentials["Sysdig Access Key"] : null description = "The cloud monitoring access key for agents to use" sensitive = true } -# https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key -output "access_keys" { - description = "The Cloud Monitoring access keys for agents to use." - value = length(var.resource_keys) == 0 ? null : { - for name, key in ibm_resource_key.resource_keys : - name => key.credentials["Sysdig Access Key"] - } - sensitive = true -} - # https://cloud.ibm.com/docs/monitoring?topic=monitoring-endpoints#endpoints_ingestion output "ingestion_endpoint_private" { value = "ingest.private.${var.region}.monitoring.cloud.ibm.com" diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index 04f9d8e..b9297d4 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -54,6 +54,8 @@ module "cloud_monitoring" { access_tags = var.cloud_monitoring_access_tags resource_keys = var.cloud_monitoring_resource_keys disable_access_key_creation = var.disable_access_key_creation + access_key_name = var.access_key_name + access_key_tags = var.access_key_tags service_endpoints = "public-and-private" enable_platform_metrics = var.enable_platform_metrics cbr_rules = var.cbr_rules diff --git a/solutions/fully-configurable/outputs.tf b/solutions/fully-configurable/outputs.tf index f4d044b..a4e19e6 100644 --- a/solutions/fully-configurable/outputs.tf +++ b/solutions/fully-configurable/outputs.tf @@ -35,7 +35,7 @@ output "cloud_monitoring_access_key" { output "cloud_monitoring_resource_keys" { value = local.create_cloud_monitoring ? module.cloud_monitoring[0].resource_keys : null - description = "Map of resource keys created for the IBM Cloud Monitoring instance, used by agents for authentication and data forwarding." + description = "A list of maps representing resource keys created for the IBM Cloud Monitoring instance." sensitive = true } diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index fe0725d..186416a 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -79,12 +79,24 @@ variable "cloud_monitoring_access_tags" { variable "disable_access_key_creation" { type = bool - description = "When set to true, disables the creation of the default Manager access key. See `resource_keys` to handle rotation, or even creation of non manager role keys." + description = "When set to true, disables the creation of the default manager access key. You can use `resource_keys` to create custom resource keys for the instance with different roles." default = false } +variable "access_key_name" { + type = string + description = "The name to give the default IBM Cloud Monitoring Manager access key. Use `disable_access_key_creation` to disable key creation. For guidance on access keys, see [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key)." + default = "SysdigManagerKey" +} + +variable "access_key_tags" { + type = list(string) + description = "Tags associated with the IBM Cloud Monitoring access key." + default = [] +} + variable "cloud_monitoring_resource_keys" { - description = "List of access keys to create for the IBM Cloud Monitoring instance. Each entry defines one resource key. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-cloud-monitoring/tree/main/solutions/fully-configurable/DA-types.md#cloud-monitoring-resource-keys)." + description = "A list of maps representing resource keys to create for the IBM Cloud Monitoring instance. Each entry defines a single resource key. Use this list to manage custom keys and handle key rotation." type = list(object({ name = string generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret diff --git a/variables.tf b/variables.tf index 916af15..8a7f9e6 100644 --- a/variables.tf +++ b/variables.tf @@ -33,19 +33,19 @@ variable "plan" { variable "disable_access_key_creation" { type = bool - description = "When set to true, disables the creation of the default Manager access key. See `resource_keys` to handle rotation, or even creation of non manager role keys." + description = "When set to true, disables the creation of the default manager access key. You can use `resource_keys` to create custom resource keys for the instance with different roles." default = false } variable "access_key_name" { type = string - description = "The name to give the default IBM Cloud Monitoring Manager access key." + description = "The name to give the default IBM Cloud Monitoring Manager access key. Use `disable_access_key_creation` to disable key creation. For guidance on access keys, see [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key)." default = "SysdigManagerKey" } -variable "manager_key_tags" { +variable "access_key_tags" { type = list(string) - description = "Tags associated with the IBM Cloud Monitoring manager key." + description = "Tags associated with the IBM Cloud Monitoring access key." default = [] } @@ -55,7 +55,7 @@ variable "manager_key_tags" { # if key_name is not specified, name will be used for the key_name # key_name can be a dynamic reference created during apply variable "resource_keys" { - description = "List of keys to create for the IBM Cloud Monitoring instance. Each entry defines one resource key. Use this to manage custom keys, rotation, and disable default access key creation using `disable_access_key_creation`. For guidance on access keys, see [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key)." + description = "A list of maps representing resource keys to create for the IBM Cloud Monitoring instance. Each entry defines a single resource key. Use this list to manage custom keys and handle key rotation." type = list(object({ name = string key_name = optional(string, null) From 31339a2a2f70fd51f8d027e01d698366de130362 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 21 Oct 2025 20:19:47 +0530 Subject: [PATCH 32/42] resolve comments --- ibm_catalog.json | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 7c1af2c..37a92fb 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -198,7 +198,15 @@ "key": "access_key_name" }, { - "key": "access_key_tags" + "key": "access_key_tags", + "custom_config": { + "grouping": "deployment", + "type": "array", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } }, { "key": "disable_access_key_creation" From 8e2d1fa5ee26f2eb2b197b672e740b8b7c0978e5 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 21 Oct 2025 20:24:20 +0530 Subject: [PATCH 33/42] update output --- examples/basic/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/basic/outputs.tf b/examples/basic/outputs.tf index 338ef10..0d9b77b 100644 --- a/examples/basic/outputs.tf +++ b/examples/basic/outputs.tf @@ -24,7 +24,7 @@ output "cloud_monitoring_resource_keys" { } output "cloud_monitoring_access_key" { - value = module.cloud_monitoring.access_keys["SysdigManagerKey"] + value = module.cloud_monitoring.access_key description = "The Cloud Monitoring access key for agents to use." sensitive = true } From bdf138831a97e92e9fb1aa5e4cca8f9be6bd97aa Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 21 Oct 2025 20:28:22 +0530 Subject: [PATCH 34/42] update description --- solutions/fully-configurable/variables.tf | 2 +- variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 186416a..f7a23c5 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -85,7 +85,7 @@ variable "disable_access_key_creation" { variable "access_key_name" { type = string - description = "The name to give the default IBM Cloud Monitoring Manager access key. Use `disable_access_key_creation` to disable key creation. For guidance on access keys, see [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key)." + description = "The name to give the default IBM Cloud Monitoring Manager access key. Use `disable_access_key_creation` to disable access key creation. For guidance on access keys, see [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key)." default = "SysdigManagerKey" } diff --git a/variables.tf b/variables.tf index 8a7f9e6..4fc5cd1 100644 --- a/variables.tf +++ b/variables.tf @@ -39,7 +39,7 @@ variable "disable_access_key_creation" { variable "access_key_name" { type = string - description = "The name to give the default IBM Cloud Monitoring Manager access key. Use `disable_access_key_creation` to disable key creation. For guidance on access keys, see [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key)." + description = "The name to give the default IBM Cloud Monitoring Manager access key. Use `disable_access_key_creation` to disable access key creation. For guidance on access keys, see [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key)." default = "SysdigManagerKey" } From df2e732ccb7221635646b18fce59b7f9ef03f173 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Wed, 22 Oct 2025 15:19:15 +0530 Subject: [PATCH 35/42] remove exposed variables --- ibm_catalog.json | 14 -------------- solutions/fully-configurable/variables.tf | 12 ------------ 2 files changed, 26 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 37a92fb..77e411b 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -194,20 +194,6 @@ "original_grouping": "deployment" } }, - { - "key": "access_key_name" - }, - { - "key": "access_key_tags", - "custom_config": { - "grouping": "deployment", - "type": "array", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } - } - }, { "key": "disable_access_key_creation" }, diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index f7a23c5..41c68b6 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -83,18 +83,6 @@ variable "disable_access_key_creation" { default = false } -variable "access_key_name" { - type = string - description = "The name to give the default IBM Cloud Monitoring Manager access key. Use `disable_access_key_creation` to disable access key creation. For guidance on access keys, see [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key)." - default = "SysdigManagerKey" -} - -variable "access_key_tags" { - type = list(string) - description = "Tags associated with the IBM Cloud Monitoring access key." - default = [] -} - variable "cloud_monitoring_resource_keys" { description = "A list of maps representing resource keys to create for the IBM Cloud Monitoring instance. Each entry defines a single resource key. Use this list to manage custom keys and handle key rotation." type = list(object({ From 4e461cbd36aaa0f82081816365af637f4d7d15ad Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Wed, 22 Oct 2025 12:00:29 +0000 Subject: [PATCH 36/42] resolve pc --- README.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 6f49572..cc66ada 100644 --- a/README.md +++ b/README.md @@ -167,17 +167,17 @@ You need the following permissions to run this module. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [access\_key\_name](#input\_access\_key\_name) | The name to give the default IBM Cloud Monitoring Manager access key. | `string` | `"SysdigManagerKey"` | no | +| [access\_key\_name](#input\_access\_key\_name) | The name to give the default IBM Cloud Monitoring Manager access key. Use `disable_access_key_creation` to disable access key creation. For guidance on access keys, see [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key). | `string` | `"SysdigManagerKey"` | no | +| [access\_key\_tags](#input\_access\_key\_tags) | Tags associated with the IBM Cloud Monitoring access key. | `list(string)` | `[]` | no | | [access\_tags](#input\_access\_tags) | Access Management Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | `list(string)` | `[]` | no | | [cbr\_rules](#input\_cbr\_rules) | (Optional, list) List of context-based restrictions rules to create | 
list(object({
    description = string
    account_id  = string
    rule_contexts = list(object({
      attributes = optional(list(object({
        name  = string
        value = string
    }))) }))
    enforcement_mode = string
    operations = optional(list(object({
      api_types = list(object({
        api_type_id = string
      }))
    })))
  }))
| `[]` | no | -| [disable\_access\_key\_creation](#input\_disable\_access\_key\_creation) | When set to true, disables the creation of the default Manager access key. See `resource_keys` to handle rotation, or even creation of non manager role keys. | `bool` | `false` | no | +| [disable\_access\_key\_creation](#input\_disable\_access\_key\_creation) | When set to true, disables the creation of the default manager access key. You can use `resource_keys` to create custom resource keys for the instance with different roles. | `bool` | `false` | no | | [enable\_platform\_metrics](#input\_enable\_platform\_metrics) | Receive platform metrics in the provisioned IBM Cloud Monitoring instance. Only 1 instance in a given region can be enabled for platform metrics. | `bool` | `false` | no | | [instance\_name](#input\_instance\_name) | The name of the IBM Cloud Monitoring instance to create. Defaults to 'cloud-monitoring-' | `string` | `null` | no | -| [manager\_key\_tags](#input\_manager\_key\_tags) | Tags associated with the IBM Cloud Monitoring manager key. | `list(string)` | `[]` | no | | [plan](#input\_plan) | The IBM Cloud Monitoring plan to provision. Available: lite, graduated-tier and graduated-tier-sysdig-secure-plus-monitor (available in region eu-fr2 only) | `string` | `"lite"` | no | | [region](#input\_region) | The IBM Cloud region where Cloud Monitoring instance will be created. | `string` | `"us-south"` | no | | [resource\_group\_id](#input\_resource\_group\_id) | The id of the IBM Cloud resource group where the Cloud Monitoring instance will be created. | `string` | n/a | yes | -| [resource\_keys](#input\_resource\_keys) | List of keys to create for the IBM Cloud Monitoring instance. Each entry defines one resource key. Use this to manage custom keys, rotation, and disable default access key creation using `disable_access_key_creation`. For guidance on access keys, see [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key). | 
list(object({
    name                      = string
    key_name                  = optional(string, null)
    generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret
    role                      = optional(string, "Manager")
    service_id_crn            = optional(string, null)
  }))
| `[]` | no | +| [resource\_keys](#input\_resource\_keys) | A list of maps representing resource keys to create for the IBM Cloud Monitoring instance. Each entry defines a single resource key. Use this list to manage custom keys and handle key rotation. | 
list(object({
    name                      = string
    key_name                  = optional(string, null)
    generate_hmac_credentials = optional(bool, false) # pragma: allowlist secret
    role                      = optional(string, "Manager")
    service_id_crn            = optional(string, null)
  }))
| `[]` | no | | [resource\_tags](#input\_resource\_tags) | Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | `list(string)` | `[]` | no | | [service\_endpoints](#input\_service\_endpoints) | The type of the service endpoint that will be set for the Sisdig instance. | `string` | `"public-and-private"` | no | @@ -186,7 +186,6 @@ You need the following permissions to run this module. | Name | Description | |------|-------------| | [access\_key](#output\_access\_key) | The cloud monitoring access key for agents to use | -| [access\_keys](#output\_access\_keys) | The Cloud Monitoring access keys for agents to use. | | [account\_id](#output\_account\_id) | The account id where cloud monitoring instance is provisioned. | | [crn](#output\_crn) | The id of the provisioned cloud monitoring instance. | | [guid](#output\_guid) | The guid of the provisioned cloud monitoring instance. | From bf5e5868f41fdb54490a7309a22e38e9b0f8033f Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Wed, 22 Oct 2025 12:08:10 +0000 Subject: [PATCH 37/42] resolve comments --- README.md | 2 +- examples/basic/outputs.tf | 2 +- outputs.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index cc66ada..1fe32be 100644 --- a/README.md +++ b/README.md @@ -193,7 +193,7 @@ You need the following permissions to run this module. | [ingestion\_endpoint\_public](#output\_ingestion\_endpoint\_public) | The Cloud Monitoring public ingestion endpoint. | | [name](#output\_name) | The name of the provisioned cloud monitoring instance. | | [resource\_group\_id](#output\_resource\_group\_id) | The resource group where cloud monitoring monitor instance resides | -| [resource\_keys](#output\_resource\_keys) | Map of resource keys created for the IBM Cloud Monitoring instance, used by agents for authentication and data forwarding. | +| [resource\_keys](#output\_resource\_keys) | A list of maps representing resource keys created for the IBM Cloud Monitoring instance. | diff --git a/examples/basic/outputs.tf b/examples/basic/outputs.tf index 0d9b77b..90b506b 100644 --- a/examples/basic/outputs.tf +++ b/examples/basic/outputs.tf @@ -19,7 +19,7 @@ output "resource_group_id" { output "cloud_monitoring_resource_keys" { value = module.cloud_monitoring.resource_keys - description = "The list of resource keys created for the Cloud Monitoring instance." + description = "A list of maps containing resource keys created for the Cloud Monitoring instance." sensitive = true } diff --git a/outputs.tf b/outputs.tf index ff266a9..98d9cda 100644 --- a/outputs.tf +++ b/outputs.tf @@ -24,7 +24,7 @@ output "resource_group_id" { } output "resource_keys" { - description = "Map of resource keys created for the IBM Cloud Monitoring instance, used by agents for authentication and data forwarding." + description = "A list of maps representing resource keys created for the IBM Cloud Monitoring instance." value = ibm_resource_key.resource_keys sensitive = true } From a4d04c4ab3aa6e131b8069af45a4983bd2c837e1 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Wed, 22 Oct 2025 12:37:07 +0000 Subject: [PATCH 38/42] resolve comments --- solutions/fully-configurable/main.tf | 2 -- 1 file changed, 2 deletions(-) diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index b9297d4..04f9d8e 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -54,8 +54,6 @@ module "cloud_monitoring" { access_tags = var.cloud_monitoring_access_tags resource_keys = var.cloud_monitoring_resource_keys disable_access_key_creation = var.disable_access_key_creation - access_key_name = var.access_key_name - access_key_tags = var.access_key_tags service_endpoints = "public-and-private" enable_platform_metrics = var.enable_platform_metrics cbr_rules = var.cbr_rules From 58577bc76fd569e477dad28cd6f7a0c207e2a07d Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Thu, 23 Oct 2025 11:07:02 +0530 Subject: [PATCH 39/42] resolve comments --- outputs.tf | 2 +- solutions/fully-configurable/variables.tf | 2 +- variables.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/outputs.tf b/outputs.tf index 98d9cda..037668f 100644 --- a/outputs.tf +++ b/outputs.tf @@ -32,7 +32,7 @@ output "resource_keys" { # https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key output "access_key" { value = !var.disable_access_key_creation ? ibm_resource_key.resource_key[0].credentials["Sysdig Access Key"] : null - description = "The cloud monitoring access key for agents to use" + description = "The Cloud Monitoring access key for agents to use" sensitive = true } diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 41c68b6..8974a89 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -79,7 +79,7 @@ variable "cloud_monitoring_access_tags" { variable "disable_access_key_creation" { type = bool - description = "When set to true, disables the creation of the default manager access key. You can use `resource_keys` to create custom resource keys for the instance with different roles." + description = "When set to true, disables the creation of a default manager access key which is required by agents to ingest metrics." default = false } diff --git a/variables.tf b/variables.tf index 4fc5cd1..1be58ea 100644 --- a/variables.tf +++ b/variables.tf @@ -33,7 +33,7 @@ variable "plan" { variable "disable_access_key_creation" { type = bool - description = "When set to true, disables the creation of the default manager access key. You can use `resource_keys` to create custom resource keys for the instance with different roles." + description = "When set to true, disables the creation of a default manager access key which is required by agents to ingest metrics." default = false } From 17dde29a8869616d06a132e3b3b532fd8472c42c Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Thu, 23 Oct 2025 05:42:39 +0000 Subject: [PATCH 40/42] update readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1fe32be..5b52cbf 100644 --- a/README.md +++ b/README.md @@ -171,7 +171,7 @@ You need the following permissions to run this module. | [access\_key\_tags](#input\_access\_key\_tags) | Tags associated with the IBM Cloud Monitoring access key. | `list(string)` | `[]` | no | | [access\_tags](#input\_access\_tags) | Access Management Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | `list(string)` | `[]` | no | | [cbr\_rules](#input\_cbr\_rules) | (Optional, list) List of context-based restrictions rules to create | 
list(object({
    description = string
    account_id  = string
    rule_contexts = list(object({
      attributes = optional(list(object({
        name  = string
        value = string
    }))) }))
    enforcement_mode = string
    operations = optional(list(object({
      api_types = list(object({
        api_type_id = string
      }))
    })))
  }))
| `[]` | no | -| [disable\_access\_key\_creation](#input\_disable\_access\_key\_creation) | When set to true, disables the creation of the default manager access key. You can use `resource_keys` to create custom resource keys for the instance with different roles. | `bool` | `false` | no | +| [disable\_access\_key\_creation](#input\_disable\_access\_key\_creation) | When set to true, disables the creation of a default manager access key which is required by agents to ingest metrics. | `bool` | `false` | no | | [enable\_platform\_metrics](#input\_enable\_platform\_metrics) | Receive platform metrics in the provisioned IBM Cloud Monitoring instance. Only 1 instance in a given region can be enabled for platform metrics. | `bool` | `false` | no | | [instance\_name](#input\_instance\_name) | The name of the IBM Cloud Monitoring instance to create. Defaults to 'cloud-monitoring-' | `string` | `null` | no | | [plan](#input\_plan) | The IBM Cloud Monitoring plan to provision. Available: lite, graduated-tier and graduated-tier-sysdig-secure-plus-monitor (available in region eu-fr2 only) | `string` | `"lite"` | no | @@ -185,7 +185,7 @@ You need the following permissions to run this module. | Name | Description | |------|-------------| -| [access\_key](#output\_access\_key) | The cloud monitoring access key for agents to use | +| [access\_key](#output\_access\_key) | The Cloud Monitoring access key for agents to use | | [account\_id](#output\_account\_id) | The account id where cloud monitoring instance is provisioned. | | [crn](#output\_crn) | The id of the provisioned cloud monitoring instance. | | [guid](#output\_guid) | The guid of the provisioned cloud monitoring instance. | From ea614691fb5ed4e7d0c28edbcd2b28201004804c Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 24 Oct 2025 10:40:44 +0000 Subject: [PATCH 41/42] resolve comment --- README.md | 1 + examples/advanced/outputs.tf | 2 +- outputs.tf | 5 +++++ solutions/fully-configurable/outputs.tf | 15 ++++++++++----- 4 files changed, 17 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 5b52cbf..18b0d9b 100644 --- a/README.md +++ b/README.md @@ -186,6 +186,7 @@ You need the following permissions to run this module. | Name | Description | |------|-------------| | [access\_key](#output\_access\_key) | The Cloud Monitoring access key for agents to use | +| [access\_key\_name](#output\_access\_key\_name) | The Cloud Monitoring access key name | | [account\_id](#output\_account\_id) | The account id where cloud monitoring instance is provisioned. | | [crn](#output\_crn) | The id of the provisioned cloud monitoring instance. | | [guid](#output\_guid) | The guid of the provisioned cloud monitoring instance. | diff --git a/examples/advanced/outputs.tf b/examples/advanced/outputs.tf index 9cc4f87..86d5b9d 100644 --- a/examples/advanced/outputs.tf +++ b/examples/advanced/outputs.tf @@ -34,7 +34,7 @@ output "access_key" { } output "access_key_name" { - value = module.cloud_monitoring.name + value = module.cloud_monitoring.access_key_name description = "The cloud monitoring access key name." } diff --git a/outputs.tf b/outputs.tf index 037668f..7bebf82 100644 --- a/outputs.tf +++ b/outputs.tf @@ -29,6 +29,11 @@ output "resource_keys" { sensitive = true } +output "access_key_name" { + value = !var.disable_access_key_creation ? ibm_resource_key.resource_key[0].name : null + description = "The Cloud Monitoring access key name" +} + # https://cloud.ibm.com/docs/monitoring?topic=monitoring-access_key output "access_key" { value = !var.disable_access_key_creation ? ibm_resource_key.resource_key[0].credentials["Sysdig Access Key"] : null diff --git a/solutions/fully-configurable/outputs.tf b/solutions/fully-configurable/outputs.tf index a4e19e6..004967a 100644 --- a/solutions/fully-configurable/outputs.tf +++ b/solutions/fully-configurable/outputs.tf @@ -15,21 +15,26 @@ output "resource_group_id" { output "cloud_monitoring_crn" { value = local.cloud_monitoring_crn - description = "The id of the provisioned IBM cloud monitoring instance." + description = "The id of the provisioned IBM Cloud Monitoring instance." } output "cloud_monitoring_name" { value = local.create_cloud_monitoring ? module.cloud_monitoring[0].name : null - description = "The name of the provisioned IBM cloud monitoring instance." + description = "The name of the provisioned IBM Cloud Monitoring instance." } output "cloud_monitoring_guid" { value = local.create_cloud_monitoring ? module.cloud_monitoring[0].guid : module.existing_cloud_monitoring_crn_parser[0].service_instance - description = "The guid of the provisioned IBM cloud monitoring instance." + description = "The guid of the provisioned IBM Cloud Monitoring instance." +} + +output "cloud_monitoring_access_key_name" { + value = local.create_cloud_monitoring ? module.cloud_monitoring[0].access_key_name : null + description = "The name of the IBM Cloud Monitoring access key for agents to use" } output "cloud_monitoring_access_key" { value = local.create_cloud_monitoring ? module.cloud_monitoring[0].access_key : null - description = "IBM cloud monitoring access key for agents to use" + description = "IBM Cloud Monitoring access key for agents to use" sensitive = true } @@ -41,7 +46,7 @@ output "cloud_monitoring_resource_keys" { output "account_id" { value = local.create_cloud_monitoring ? module.cloud_monitoring[0].account_id : module.existing_cloud_monitoring_crn_parser[0].account_id - description = "The account id where cloud monitoring instance is provisioned." + description = "The account id where Cloud Monitoring instance is provisioned." } # https://cloud.ibm.com/docs/monitoring?topic=monitoring-endpoints#endpoints_ingestion From 5280edea15aff7d23df0436a7cd71c214f21a82c Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 24 Oct 2025 16:21:58 +0530 Subject: [PATCH 42/42] update output --- examples/advanced/outputs.tf | 12 ++++++------ examples/basic/outputs.tf | 6 +++--- solutions/fully-configurable/outputs.tf | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/examples/advanced/outputs.tf b/examples/advanced/outputs.tf index 86d5b9d..4f71ce3 100644 --- a/examples/advanced/outputs.tf +++ b/examples/advanced/outputs.tf @@ -9,33 +9,33 @@ output "cloud_monitoring_crn" { value = module.cloud_monitoring.crn - description = "The CRN of the provisioned IBM cloud monitoring instance." + description = "The CRN of the provisioned IBM Cloud Monitoring instance." } output "cloud_monitoring_guid" { value = module.cloud_monitoring.guid - description = "The GUID of the provisioned IBM cloud monitoring instance." + description = "The GUID of the provisioned IBM Cloud Monitoring instance." } output "cloud_monitoring_name" { value = module.cloud_monitoring.name - description = "The name of the provisioned IBM cloud monitoring instance." + description = "The name of the provisioned IBM Cloud Monitoring instance." } output "resource_group_id" { value = module.resource_group.resource_group_id - description = "The resource group where cloud monitoring monitor instance resides." + description = "The resource group where Cloud Monitoring monitor instance resides." } output "access_key" { value = module.cloud_monitoring.access_key - description = "The cloud monitoring access key for agents to use." + description = "The Cloud Monitoring access key for agents to use." sensitive = true } output "access_key_name" { value = module.cloud_monitoring.access_key_name - description = "The cloud monitoring access key name." + description = "The Cloud Monitoring access key name." } output "cloud_monitoring_resource_keys" { diff --git a/examples/basic/outputs.tf b/examples/basic/outputs.tf index 90b506b..6f262ee 100644 --- a/examples/basic/outputs.tf +++ b/examples/basic/outputs.tf @@ -4,17 +4,17 @@ output "cloud_monitoring_crn" { value = module.cloud_monitoring.crn - description = "The CRN of the provisioned IBM cloud monitoring instance." + description = "The CRN of the provisioned IBM Cloud Monitoring instance." } output "cloud_monitoring_name" { value = module.cloud_monitoring.name - description = "The name of the provisioned IBM cloud monitoring instance." + description = "The name of the provisioned IBM Cloud Monitoring instance." } output "resource_group_id" { value = module.resource_group.resource_group_id - description = "The resource group where cloud monitoring monitor instance resides." + description = "The resource group where Cloud Monitoring monitor instance resides." } output "cloud_monitoring_resource_keys" { diff --git a/solutions/fully-configurable/outputs.tf b/solutions/fully-configurable/outputs.tf index 004967a..f3f68af 100644 --- a/solutions/fully-configurable/outputs.tf +++ b/solutions/fully-configurable/outputs.tf @@ -34,7 +34,7 @@ output "cloud_monitoring_access_key_name" { output "cloud_monitoring_access_key" { value = local.create_cloud_monitoring ? module.cloud_monitoring[0].access_key : null - description = "IBM Cloud Monitoring access key for agents to use" + description = "The IBM Cloud Monitoring access key for agents to use" sensitive = true }