Skip to content

feat: add support to create resource key #90

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 53 commits into from
Oct 24, 2025
Merged

feat: add support to create resource key #90

merged 53 commits into from
Oct 24, 2025

Conversation

@iamar7
Copy link
Member

@iamar7 iamar7 commented Sep 16, 2025
edited
Loading

Description

Resolves: #28

Release required?

  • No release
  • Patch release (x.x.X)
  • Minor release (x.X.x)
  • Major release (X.x.x)
Release notes content

This release added a new disable_access_key_creation flag (default: false) to allow opting out of automatic access key creation and added an additional method to support multiple resource keys. You can now define multiple keys by adding more entries to the resource_keys list.

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

  • If relevant, a test for the change is included or updated with this PR.
  • If relevant, documentation for the change is included or updated with this PR.

For mergers

  • Use a conventional commit message to set the release level. Follow the guidelines.
  • Include information that users need to know about the PR in the commit message. The commit message becomes part of the GitHub release notes.
  • Use the Squash and merge option.

@iamar7
Copy link
Member Author

iamar7 commented Sep 16, 2025

/run pipeline

@iamar7
Copy link
Member Author

iamar7 commented Sep 18, 2025

/run pipeline

@iamar7
Copy link
Member Author

iamar7 commented Sep 18, 2025

/run pipeline

@iamar7
Copy link
Member Author

iamar7 commented Sep 19, 2025
edited
Loading

The TestAddonDefaultConfiguration failed with the following error:

	(icm-def-paw-deploy-arch-ibm-cloud-monitoring) Deployment error:
Error: ge: [ERROR] Error deleting resource instance: The broker for 'Cloud Monitoring' service returned error, [400, Bad Request] Sysdig instance update request return code: 400 message: 400 BAD_REQUEST. If this is unexpected, open a support ticket with the service to help troubleshoot the issue. with resp code: {
		resource_type: ibm_resource_group.default[0]
[TestAddonDefaultConfiguration]   undeploy stack failed with state undeploying_failed
[TestAddonDefaultConfiguration] === END BUFFERED LOG OUTPUT ===
[TestAddonDefaultConfiguration] 🔄 Cleaning up resources
[TestAddonDefaultConfiguration] TEST EXECUTION END: TestAddonDefaultConfiguration - RESULT: PASSED
=== NAME  TestAddonDefaultConfiguration
    pr_test.go:246: 
        	Error Trace:	/__w/terraform-ibm-cloud-monitoring/terraform-ibm-cloud-monitoring/tests/pr_test.go:246
        	Error:      	Received unexpected error:
        	            	errors occurred during undeploy
        	Test:       	TestAddonDefaultConfiguration
--- FAIL: TestAddonDefaultConfiguration (569.10s)

Re-running the pipeline

@iamar7
Copy link
Member Author

iamar7 commented Sep 19, 2025

/run pipeline

@iamar7
Copy link
Member Author

iamar7 commented Sep 19, 2025
edited
Loading

Failing due to the earlier resource key being destroyed

2025/09/19 03:59:25 Terraform plan | Terraform used the selected providers to generate the following execution
      2025/09/19 03:59:25 Terraform plan | plan. Resource actions are indicated with the following symbols:
      2025/09/19 03:59:25 Terraform plan |   - destroy
      2025/09/19 03:59:25 Terraform plan | 
      2025/09/19 03:59:25 Terraform plan | Terraform will perform the following actions:
      2025/09/19 03:59:25 Terraform plan | 
      2025/09/19 03:59:25 Terraform plan |   # module.cloud_monitoring[0].ibm_resource_key.resource_key will be destroyed
      2025/09/19 03:59:25 Terraform plan |   # (because resource uses count or for_each)
      2025/09/19 03:59:25 Terraform plan |   - resource "ibm_resource_key" "resource_key" {
      2025/09/19 03:59:25 Terraform plan |       - account_id            = "abac0df06b644a9cabc6e44f55b3880e" -> null
      2025/09/19 03:59:25 Terraform plan |       - created_at            = "2025-09-19T03:55:28.378Z" -> null
      2025/09/19 03:59:25 Terraform plan |       - created_by            = "IBMid-666000KAO3" -> null
      2025/09/19 03:59:25 Terraform plan |       - credentials           = (sensitive value) -> null
      2025/09/19 03:59:25 Terraform plan |       - credentials_json      = (sensitive value) -> null
      2025/09/19 03:59:25 Terraform plan |       - crn                   = "crn:v1:bluemix:public:sysdig-monitor:us-east:a/abac0df06b644a9cabc6e44f55b3880e:4e194131-d8f6-4f04-b769-991759957e4f:resource-key:347838de-2cc9-483b-9270-99e1d19823d5" -> null
      2025/09/19 03:59:25 Terraform plan |       - guid                  = "347838de-2cc9-483b-9270-99e1d19823d5" -> null
      2025/09/19 03:59:25 Terraform plan |       - iam_compatible        = true -> null
      2025/09/19 03:59:25 Terraform plan |       - id                    = "crn:v1:bluemix:public:sysdig-monitor:us-east:a/abac0df06b644a9cabc6e44f55b3880e:4e194131-d8f6-4f04-b769-991759957e4f:resource-key:347838de-2cc9-483b-9270-99e1d19823d5" -> null
      2025/09/19 03:59:25 Terraform plan |       - name                  = "SysdigManagerKey" -> null
      2025/09/19 03:59:25 Terraform plan |       - onetime_credentials   = false -> null
      2025/09/19 03:59:25 Terraform plan |       - resource_group_id     = "292170bc79c94f5e9019e46fb48f245a" -> null
      2025/09/19 03:59:25 Terraform plan |       - resource_instance_id  = "crn:v1:bluemix:public:sysdig-monitor:us-east:a/abac0df06b644a9cabc6e44f55b3880e:4e194131-d8f6-4f04-b769-991759957e4f::" -> null
      2025/09/19 03:59:25 Terraform plan |       - resource_instance_url = "/v2/resource_instances/4e194131-d8f6-4f04-b769-991759957e4f" -> null
      2025/09/19 03:59:25 Terraform plan |       - role                  = "Manager" -> null
      2025/09/19 03:59:25 Terraform plan |       - source_crn            = "crn:v1:bluemix:public:sysdig-monitor:us-east:a/abac0df06b644a9cabc6e44f55b3880e:4e194131-d8f6-4f04-b769-991759957e4f::" -> null
      2025/09/19 03:59:25 Terraform plan |       - state                 = "active" -> null
      2025/09/19 03:59:25 Terraform plan |       - status                = "active" -> null
      2025/09/19 03:59:25 Terraform plan |       - updated_at            = "2025-09-19T03:55:28.378Z" -> null
      2025/09/19 03:59:25 Terraform plan |       - url                   = "/v2/resource_keys/347838de-2cc9-483b-9270-99e1d19823d5" -> null
      2025/09/19 03:59:25 Terraform plan |         # (3 unchanged attributes hidden)
      2025/09/19 03:59:25 Terraform plan |     }
      2025/09/19 03:59:25 Terraform plan | 
      2025/09/19 03:59:25 Terraform plan | Plan: 0 to add, 0 to change, 1 to destroy.
      2025/09/19 03:59:25 Terraform plan | 
      2025/09/19 03:59:25 Terraform plan | Changes to Outputs:
      2025/09/19 03:59:25 Terraform plan |   ~ cloud_monitoring_access_key = (sensitive value)
      2025/09/19 03:59:25 Command finished successfully.

@iamar7 iamar7 marked this pull request as ready for review September 19, 2025 09:38
@iamar7 iamar7 requested a review from shemau as a code owner September 19, 2025 09:38
ocofaigh
ocofaigh reviewed Sep 19, 2025
View reviewed changes
@iamar7
Copy link
Member Author

iamar7 commented Sep 23, 2025

/run pipeline

@iamar7
Copy link
Member Author

iamar7 commented Sep 24, 2025

/run pipeline

@iamar7
Copy link
Member Author

iamar7 commented Sep 25, 2025

/run pipeline

@iamar7 iamar7 requested a review from ocofaigh September 25, 2025 12:11
@iamar7 iamar7 self-assigned this Sep 25, 2025
@iamar7
Copy link
Member Author

iamar7 commented Sep 26, 2025

/run pipeline

ocofaigh
ocofaigh requested changes Oct 21, 2025
View reviewed changes
Copy link
Contributor

@ocofaigh ocofaigh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comments

main.tf

resource "ibm_resource_key" "resource_key" {
name = var.manager_key_name
count = var.disable_access_key_creation ? 0 : 1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wont this be a breaking change without a moved block? Why did upgrade test not fail?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, when I ran locally terraform is understanding that we've added a count around the resource block. I will attach the screenshot here

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure? Usually a moved block is required when we add a count

@iamar7
Copy link
Member Author

iamar7 commented Oct 21, 2025

/run pipeline

@iamar7
Copy link
Member Author

iamar7 commented Oct 22, 2025

/run pipeline

@iamar7
Copy link
Member Author

iamar7 commented Oct 22, 2025

/run pipeline

ocofaigh
ocofaigh requested changes Oct 22, 2025
View reviewed changes
Copy link
Contributor

@ocofaigh ocofaigh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

final few comments

main.tf

resource "ibm_resource_key" "resource_key" {
name = var.manager_key_name
count = var.disable_access_key_creation ? 0 : 1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure? Usually a moved block is required when we add a count

Md Anam Raihan and others added 2 commits October 23, 2025 11:07
@iamar7
Copy link
Member Author

iamar7 commented Oct 23, 2025

/run pipeline

@iamar7
Copy link
Member Author

iamar7 commented Oct 23, 2025

Screenshot 2025-10-23 at 11 28 57

@iamar7 iamar7 requested a review from ocofaigh October 23, 2025 06:05
@iamar7 iamar7 changed the title fix: update method for resource key creation feat: add support to create resource key Oct 23, 2025
ocofaigh
ocofaigh reviewed Oct 23, 2025
View reviewed changes
outputs.tf
sensitive = true
}

output "manager_key_name" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should keep this output, but it should be renamed to access_key_name

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remember that I have renamed this and added it back, somehow it is not in the final push :(

ocofaigh
ocofaigh requested changes Oct 23, 2025
View reviewed changes
Copy link
Contributor

@ocofaigh ocofaigh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@iamar7 1 final comment

@iamar7
Copy link
Member Author

iamar7 commented Oct 24, 2025

/run pipeline

@iamar7
Copy link
Member Author

iamar7 commented Oct 24, 2025

@iamar7 1 final comment

Resolved

@ocofaigh ocofaigh merged commit 7c7df61 into main Oct 24, 2025
2 checks passed
@ocofaigh ocofaigh deleted the 12536-key branch October 24, 2025 11:41
@terraform-ibm-modules-ops
Copy link
Contributor

🎉 This PR is included in version 1.10.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ocofaigh ocofaigh ocofaigh approved these changes

@shemau shemau shemau left review comments

Assignees

@iamar7 iamar7

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[terraform-ibm-cloud-monitoring] Changed needed to sysdig resource key creation

4 participants

@iamar7 @terraform-ibm-modules-ops @shemau @ocofaigh