diff --git a/ibm_catalog.json b/ibm_catalog.json
index 7b7c3095..bf79eb42 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -65,10 +65,12 @@
"description": "Prefix to add to all resources created by this solution. To not use any prefix value, you can enter the string `__NULL__`."
},
{
- "key": "use_existing_resource_group"
+ "key": "use_existing_resource_group",
+ "required": true
},
{
- "key": "resource_group_name"
+ "key": "resource_group_name",
+ "required": true
},
{
"key": "region",
@@ -97,7 +99,32 @@
]
},
{
- "key": "event_notification_name"
+ "key": "existing_kms_instance_crn",
+ "required": true
+ },
+ {
+ "key": "kms_endpoint_url",
+ "required": true
+ },
+ {
+ "key": "provider_visibility",
+ "options": [
+ {
+ "displayname": "private",
+ "value": "private"
+ },
+ {
+ "displayname": "public",
+ "value": "public"
+ },
+ {
+ "displayname": "public-and-private",
+ "value": "public-and-private"
+ }
+ ]
+ },
+ {
+ "key": "event_notifications_name"
},
{
"key": "service_plan",
@@ -126,32 +153,20 @@
]
},
{
- "key": "tags"
- },
- {
- "key": "existing_kms_instance_crn",
- "required": true
+ "key": "event_notifications_tags",
+ "custom_config": {
+ "grouping": "deployment",
+ "original_grouping": "deployment",
+ "config_constraints": {
+ "type": "string"
+ }
+ }
},
{
- "key": "kms_endpoint_url",
- "required": true
+ "key": "event_notifications_instance_cbr_rules"
},
{
- "key": "provider_visibility",
- "options": [
- {
- "displayname": "private",
- "value": "private"
- },
- {
- "displayname": "public",
- "value": "public"
- },
- {
- "displayname": "public-and-private",
- "value": "public-and-private"
- }
- ]
+ "key": "ibmcloud_kms_api_key"
},
{
"key": "existing_kms_root_key_crn"
@@ -170,47 +185,43 @@
]
},
{
- "key": "en_key_ring_name"
+ "key": "event_notifications_key_ring_name"
},
{
- "key": "en_key_name"
- },
- {
- "key": "cos_key_ring_name"
+ "key": "event_notifications_key_name"
},
{
- "key": "cos_key_name"
+ "key": "skip_event_notifications_kms_iam_auth_policy"
},
{
- "key": "skip_en_kms_auth_policy"
+ "key": "existing_event_notifications_instance_crn"
},
{
- "key": "ibmcloud_kms_api_key"
+ "key": "cos_instance_name"
},
{
- "key": "existing_cos_instance_crn"
+ "key": "cos_instance_tags",
+ "custom_config": {
+ "grouping": "deployment",
+ "original_grouping": "deployment",
+ "config_constraints": {
+ "type": "string"
+ }
+ }
},
{
- "key": "existing_cos_bucket_name"
+ "key": "cos_instance_access_tags",
+ "custom_config": {
+ "grouping": "deployment",
+ "original_grouping": "deployment",
+ "config_constraints": {
+ "type": "string"
+ }
+ }
},
{
"key": "cos_bucket_name"
},
- {
- "key": "skip_en_cos_auth_policy"
- },
- {
- "key": "skip_cos_kms_auth_policy"
- },
- {
- "key": "cos_instance_name"
- },
- {
- "key": "cos_instance_tags"
- },
- {
- "key": "cos_instance_access_tags"
- },
{
"key": "add_bucket_name_suffix"
},
@@ -241,7 +252,13 @@
"key": "archive_days"
},
{
- "key": "retention_enabled"
+ "key": "archive_filter_prefix"
+ },
+ {
+ "key": "expire_filter_prefix"
+ },
+ {
+ "key": "enable_retention"
},
{
"key": "management_endpoint_type_for_bucket",
@@ -260,9 +277,30 @@
}
]
},
+ {
+ "key": "cos_key_ring_name"
+ },
+ {
+ "key": "cos_key_name"
+ },
+ {
+ "key": "existing_cos_instance_crn"
+ },
+ {
+ "key": "existing_cos_bucket_name"
+ },
{
"key": "existing_cos_endpoint"
},
+ {
+ "key": "existing_monitoring_crn"
+ },
+ {
+ "key": "skip_event_notifications_cos_iam_auth_policy"
+ },
+ {
+ "key": "skip_cos_kms_iam_auth_policy"
+ },
{
"key": "existing_secrets_manager_instance_crn"
},
@@ -279,9 +317,6 @@
}
]
},
- {
- "key": "skip_en_sm_auth_policy"
- },
{
"key": "service_credential_secrets"
},
@@ -289,19 +324,7 @@
"key": "service_credential_names"
},
{
- "key": "existing_monitoring_crn"
- },
- {
- "key": "existing_en_instance_crn"
- },
- {
- "key":"cbr_rules"
- },
- {
- "key":"archive_filter_prefix"
- },
- {
- "key":"expire_filter_prefix"
+ "key": "skip_event_notifications_secrets_manager_iam_auth_policy"
}
],
"iam_permissions": [
diff --git a/solutions/standard/DA-cbr_rules.md b/solutions/standard/DA-cbr_rules.md
index d038a377..a84a8e19 100644
--- a/solutions/standard/DA-cbr_rules.md
+++ b/solutions/standard/DA-cbr_rules.md
@@ -2,18 +2,18 @@
Several optional input variables in the IBM Cloud [Event Notifications deployable architecture](https://cloud.ibm.com/catalog#deployable_architecture) use complex object types. You specify these inputs when you configure deployable architecture.
-* Context-Based Restrictions Rules (`cbr_rules`)
+* Context-Based Restrictions Rules (`event_notifications_instance_cbr_rules`)
-## Rules For Context-Based Restrictions
+## Rules For Context-Based Restrictions
-The `cbr_rules` input variable allows you to provide a rule for the target service to enforce access restrictions for the service based on the context of access requests. Contexts are criteria that include the network location of access requests, the endpoint type from where the request is sent, etc.
+The `event_notifications_instance_cbr_rules` input variable allows you to provide a rule for the target service to enforce access restrictions for the service based on the context of access requests. Contexts are criteria that include the network location of access requests, the endpoint type from where the request is sent, etc.
-- Variable name: `cbr_rules`.
+- Variable name: `event_notifications_instance_cbr_rules`.
- Type: A list of objects. Allows only one object representing a rule for the target service
- Default value: An empty list (`[]`).
-### Options for cbr_rules
+### Options for event_notifications_instance_cbr_rules
- `description` (required): The description of the rule to create.
- `account_id` (required): The IBM Cloud Account ID
@@ -34,7 +34,7 @@ The `cbr_rules` input variable allows you to provide a rule for the target servi
### Example Rule For Context-Based Restrictions Configuration
```hcl
-cbr_rules = [
+event_notifications_instance_cbr_rules = [
{
description = "Event Notifications can be accessed from xyz"
account_id = "defc0df06b644a9cabc6e44f55b3880s."
diff --git a/solutions/standard/catalogValidationValues.json.template b/solutions/standard/catalogValidationValues.json.template
index 56722d59..7a8d11da 100644
--- a/solutions/standard/catalogValidationValues.json.template
+++ b/solutions/standard/catalogValidationValues.json.template
@@ -1,7 +1,7 @@
{
"ibmcloud_api_key": $VALIDATION_APIKEY,
"resource_group_name": $PREFIX,
- "tags": $TAGS,
+ "event_notifications_tags": $TAGS,
"existing_kms_instance_crn": $HPCS_US_SOUTH_CRN,
"kms_endpoint_url": "https://api.private.us-south.hs-crypto.cloud.ibm.com:8992"
}
diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
index c06b63c5..796abd46 100644
--- a/solutions/standard/main.tf
+++ b/solutions/standard/main.tf
@@ -4,7 +4,7 @@
# Create new resource group, or take in existing group
module "resource_group" {
- count = var.existing_en_instance_crn == null ? 1 : 0
+ count = var.existing_event_notifications_instance_crn == null ? 1 : 0
source = "terraform-ibm-modules/resource-group/ibm"
version = "1.1.6"
resource_group_name = var.use_existing_resource_group == false ? try("${local.prefix}-${var.resource_group_name}", var.resource_group_name) : null
@@ -19,7 +19,7 @@ module "resource_group" {
locals {
# Validate that a value has been passed for 'existing_kms_instance_crn' and 'kms_endpoint_url' if not using existing EN instance
# tflint-ignore: terraform_unused_declarations
- validate_kms_input = (var.existing_kms_instance_crn == null || var.kms_endpoint_url == null) && var.existing_en_instance_crn == null ? tobool("A value for 'existing_kms_instance_crn' and 'kms_endpoint_url' must be passed when no value is passed for 'existing_en_instance_crn'.") : true
+ validate_kms_input = (var.existing_kms_instance_crn == null || var.kms_endpoint_url == null) && var.existing_event_notifications_instance_crn == null ? tobool("A value for 'existing_kms_instance_crn' and 'kms_endpoint_url' must be passed when no value is passed for 'existing_event_notifications_instance_crn'.") : true
prefix = var.prefix != null ? (var.prefix != "" ? var.prefix : null) : null
}
@@ -41,7 +41,7 @@ module "kms_instance_crn_parser" {
# If not using an existing COS bucket, or an existing EN instance, parse details from the KMS key CRN used for COS
module "cos_kms_key_crn_parser" {
- count = var.existing_cos_bucket_name == null && var.existing_en_instance_crn == null ? 1 : 0
+ count = var.existing_cos_bucket_name == null && var.existing_event_notifications_instance_crn == null ? 1 : 0
source = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser"
version = "1.1.0"
crn = local.cos_kms_key_crn
@@ -49,11 +49,11 @@ module "cos_kms_key_crn_parser" {
locals {
# If an existing KMS root key, or an existing EN instance is passed, do not create a new KMS root key
- create_kms_keys = var.existing_kms_root_key_crn != null || var.existing_en_instance_crn != null ? false : true
+ create_kms_keys = var.existing_kms_root_key_crn != null || var.existing_event_notifications_instance_crn != null ? false : true
# If existing KMS root key CRN passed, parse the ID from it
existing_en_kms_root_key_id = var.existing_kms_root_key_crn != null ? module.kms_root_key_crn_parser[0].resource : null
# Determine the KMS root key ID value (new key or existing key)
- en_kms_key_id = local.existing_en_kms_root_key_id != null ? local.existing_en_kms_root_key_id : var.existing_en_instance_crn == null ? module.kms[0].keys[format("%s.%s", local.en_key_ring_name, local.en_key_name)].key_id : null
+ en_kms_key_id = local.existing_en_kms_root_key_id != null ? local.existing_en_kms_root_key_id : var.existing_event_notifications_instance_crn == null ? module.kms[0].keys[format("%s.%s", local.en_key_ring_name, local.en_key_name)].key_id : null
# If existing KMS instance CRN passed, parse the region from it
kms_region = var.existing_kms_instance_crn != null ? module.kms_instance_crn_parser[0].region : null
# If existing KMS instance CRN passed, parse the GUID from it
@@ -64,19 +64,19 @@ locals {
# TODO: update logic once CRN parser supports outputting account id (tracked in https://github.com/terraform-ibm-modules/terraform-ibm-common-utilities/issues/17)
kms_account_id = var.existing_kms_instance_crn != null ? split("/", module.kms_instance_crn_parser[0].scope)[1] : null
# Create cross account EN / KMS auth policy if not using existing EN instance, if 'skip_en_kms_auth_policy' is false, and a value is passed for 'ibmcloud_kms_api_key'
- create_cross_account_en_kms_auth_policy = var.existing_en_instance_crn == null && !var.skip_en_kms_auth_policy && var.ibmcloud_kms_api_key != null
- # Create cross account COS / KMS auth policy if not using existing EN instance, if not using existing bucket, if 'skip_cos_kms_auth_policy' is false, and if a value is passed for 'ibmcloud_kms_api_key'
- create_cross_account_cos_kms_auth_policy = var.existing_en_instance_crn == null && var.existing_cos_bucket_name == null && !var.skip_cos_kms_auth_policy && var.ibmcloud_kms_api_key != null
+ create_cross_account_en_kms_auth_policy = var.existing_event_notifications_instance_crn == null && !var.skip_event_notifications_kms_iam_auth_policy && var.ibmcloud_kms_api_key != null
+ # Create cross account COS / KMS auth policy if not using existing EN instance, if not using existing bucket, if 'skip_cos_kms_iam_auth_policy' is false, and if a value is passed for 'ibmcloud_kms_api_key'
+ create_cross_account_cos_kms_auth_policy = var.existing_event_notifications_instance_crn == null && var.existing_cos_bucket_name == null && !var.skip_cos_kms_iam_auth_policy && var.ibmcloud_kms_api_key != null
# If a prefix value is passed, add it to the EN key name
- en_key_name = try("${local.prefix}-${var.en_key_name}", var.en_key_name)
+ en_key_name = try("${local.prefix}-${var.event_notifications_key_name}", var.event_notifications_key_name)
# If a prefix value is passed, add it to the EN key ring name
- en_key_ring_name = try("${local.prefix}-${var.en_key_ring_name}", var.en_key_ring_name)
+ en_key_ring_name = try("${local.prefix}-${var.event_notifications_key_ring_name}", var.event_notifications_key_ring_name)
# If a prefix value is passed, add it to the COS key name
cos_key_name = try("${local.prefix}-${var.cos_key_name}", var.cos_key_name)
# If a prefix value is passed, add it to the COS key ring name
cos_key_ring_name = try("${local.prefix}-${var.cos_key_ring_name}", var.cos_key_ring_name)
# Determine the COS KMS key CRN (new key or existing key). It will only have a value if not using an existing bucket or existing EN instance
- cos_kms_key_crn = var.existing_en_instance_crn != null || var.existing_cos_bucket_name != null ? null : var.existing_kms_root_key_crn != null ? var.existing_kms_root_key_crn : module.kms[0].keys[format("%s.%s", local.cos_key_ring_name, local.cos_key_name)].crn
+ cos_kms_key_crn = var.existing_event_notifications_instance_crn != null || var.existing_cos_bucket_name != null ? null : var.existing_kms_root_key_crn != null ? var.existing_kms_root_key_crn : module.kms[0].keys[format("%s.%s", local.cos_key_ring_name, local.cos_key_name)].crn
# If existing KMS instance CRN passed, parse the key ID from it
cos_kms_key_id = local.cos_kms_key_crn != null ? module.cos_kms_key_crn_parser[0].resource : null
# Event Notifications KMS Key ring config
@@ -231,7 +231,7 @@ locals {
validate_cos_bucket = var.existing_cos_bucket_name != null && (var.existing_cos_instance_crn == null || var.existing_cos_endpoint == null) ? tobool("When passing a value for 'existing_cos_bucket_name', you must also pass values for 'existing_cos_instance_crn' and 'existing_cos_endpoint'.") : true
# If a bucket name is passed, or an existing EN CRN is passed; do not create COS resources
- create_cos_bucket = var.existing_cos_bucket_name != null || var.existing_en_instance_crn != null ? false : true
+ create_cos_bucket = var.existing_cos_bucket_name != null || var.existing_event_notifications_instance_crn != null ? false : true
# determine COS details
cos_bucket_name = var.existing_cos_bucket_name != null ? var.existing_cos_bucket_name : local.create_cos_bucket ? try("${local.prefix}-${var.cos_bucket_name}", var.cos_bucket_name) : null
cos_bucket_name_with_suffix = var.existing_cos_bucket_name != null ? var.existing_cos_bucket_name : local.create_cos_bucket ? module.cos[0].bucket_name : null
@@ -239,10 +239,10 @@ locals {
cos_instance_name = try("${local.prefix}-${var.cos_instance_name}", var.cos_instance_name)
cos_endpoint = var.existing_cos_bucket_name == null ? (local.create_cos_bucket ? "https://${module.cos[0].s3_endpoint_direct}" : null) : var.existing_cos_endpoint
# If not using existing EN instance, and if existing COS instance CRN passed, parse the GUID from it, otherwise get GUID from COS module output
- cos_instance_guid = var.existing_en_instance_crn == null ? var.existing_cos_instance_crn == null ? module.cos[0].cos_instance_guid : module.cos_instance_crn_parser[0].service_instance : null
+ cos_instance_guid = var.existing_event_notifications_instance_crn == null ? var.existing_cos_instance_crn == null ? module.cos[0].cos_instance_guid : module.cos_instance_crn_parser[0].service_instance : null
# If not using existing EN instance, parse the COS account ID from the CRN
# TODO: update logic once CRN parser supports outputting account id (tracked in https://github.com/terraform-ibm-modules/terraform-ibm-common-utilities/issues/17)
- cos_account_id = var.existing_en_instance_crn == null ? var.existing_cos_instance_crn != null ? split("/", module.cos_instance_crn_parser[0].scope)[1] : module.cos[0].cos_account_id : null
+ cos_account_id = var.existing_event_notifications_instance_crn == null ? var.existing_cos_instance_crn != null ? split("/", module.cos_instance_crn_parser[0].scope)[1] : module.cos[0].cos_account_id : null
}
module "cos" {
@@ -252,7 +252,7 @@ module "cos" {
create_cos_instance = var.existing_cos_instance_crn == null ? true : false
create_cos_bucket = local.create_cos_bucket
existing_cos_instance_id = var.existing_cos_instance_crn
- skip_iam_authorization_policy = local.create_cross_account_en_kms_auth_policy || local.create_cross_account_cos_kms_auth_policy || var.skip_cos_kms_auth_policy
+ skip_iam_authorization_policy = local.create_cross_account_en_kms_auth_policy || local.create_cross_account_cos_kms_auth_policy || var.skip_cos_kms_iam_auth_policy
add_bucket_name_suffix = var.add_bucket_name_suffix
resource_group_id = module.resource_group[0].resource_group_id
region = local.cos_bucket_region
@@ -266,7 +266,7 @@ module "cos" {
existing_kms_instance_guid = local.kms_instance_guid
kms_key_crn = local.cos_kms_key_crn
monitoring_crn = var.existing_monitoring_crn
- retention_enabled = var.retention_enabled
+ retention_enabled = var.enable_retention
archive_days = var.archive_days
expire_filter_prefix = var.expire_filter_prefix
archive_filter_prefix = var.archive_filter_prefix
@@ -279,21 +279,21 @@ module "cos" {
# If existing EN intance CRN passed, parse details from it
module "existing_en_crn_parser" {
- count = var.existing_en_instance_crn != null ? 1 : 0
+ count = var.existing_event_notifications_instance_crn != null ? 1 : 0
source = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser"
version = "1.1.0"
- crn = var.existing_en_instance_crn
+ crn = var.existing_event_notifications_instance_crn
}
locals {
# determine if existing EN instance being used
- use_existing_en_instance = var.existing_en_instance_crn != null
+ use_existing_en_instance = var.existing_event_notifications_instance_crn != null
# if using existing EN instance, parse the GUID from it
existing_en_instance_guid = local.use_existing_en_instance ? module.existing_en_crn_parser[0].service_instance : null
# determine the EN GUID
eventnotification_guid = local.use_existing_en_instance ? local.existing_en_instance_guid : module.event_notifications[0].guid
# determine the EN CRN
- eventnotification_crn = local.use_existing_en_instance ? var.existing_en_instance_crn : module.event_notifications[0].crn
+ eventnotification_crn = local.use_existing_en_instance ? var.existing_event_notifications_instance_crn : module.event_notifications[0].crn
}
# Lookup instance if using an existing one
@@ -307,9 +307,9 @@ module "event_notifications" {
source = "../.."
resource_group_id = module.resource_group[0].resource_group_id
region = var.region
- name = try("${local.prefix}-${var.event_notification_name}", var.event_notification_name)
+ name = try("${local.prefix}-${var.event_notifications_name}", var.event_notifications_name)
plan = var.service_plan
- tags = var.tags
+ tags = var.event_notifications_tags
service_endpoints = var.service_endpoints
service_credential_names = var.service_credential_names
# KMS Related
@@ -317,14 +317,14 @@ module "event_notifications" {
kms_endpoint_url = var.kms_endpoint_url
existing_kms_instance_crn = var.existing_kms_instance_crn
root_key_id = local.en_kms_key_id
- skip_en_kms_auth_policy = local.create_cross_account_en_kms_auth_policy || local.create_cross_account_cos_kms_auth_policy || var.skip_en_kms_auth_policy
+ skip_en_kms_auth_policy = local.create_cross_account_en_kms_auth_policy || local.create_cross_account_cos_kms_auth_policy || var.skip_event_notifications_kms_iam_auth_policy
# COS Related
cos_integration_enabled = true
cos_bucket_name = local.cos_bucket_name_with_suffix
cos_instance_id = var.existing_cos_instance_crn != null ? var.existing_cos_instance_crn : module.cos[0].cos_instance_crn
- skip_en_cos_auth_policy = var.skip_en_cos_auth_policy
+ skip_en_cos_auth_policy = var.skip_event_notifications_cos_iam_auth_policy
cos_endpoint = local.cos_endpoint
- cbr_rules = var.cbr_rules
+ cbr_rules = var.event_notifications_instance_cbr_rules
}
########################################################################################################################
@@ -373,7 +373,7 @@ locals {
# create a service authorization between Secrets Manager and the target service (Event Notification)
resource "ibm_iam_authorization_policy" "secrets_manager_key_manager" {
- count = var.skip_en_sm_auth_policy || var.existing_secrets_manager_instance_crn == null ? 0 : 1
+ count = var.skip_event_notifications_secrets_manager_iam_auth_policy || var.existing_secrets_manager_instance_crn == null ? 0 : 1
source_service_name = "secrets-manager"
source_resource_instance_id = local.existing_secrets_manager_instance_guid
target_service_name = "event-notifications"
diff --git a/solutions/standard/outputs.tf b/solutions/standard/outputs.tf
index 79a54881..7fc15782 100644
--- a/solutions/standard/outputs.tf
+++ b/solutions/standard/outputs.tf
@@ -4,12 +4,12 @@
output "event_notification_instance_name" {
description = "Event Notification name"
- value = var.existing_en_instance_crn == null ? module.event_notifications[0].event_notification_instance_name : data.ibm_resource_instance.existing_en_instance[0].name
+ value = var.existing_event_notifications_instance_crn == null ? module.event_notifications[0].event_notification_instance_name : data.ibm_resource_instance.existing_en_instance[0].name
}
output "crn" {
description = "Event Notification crn"
- value = local.use_existing_en_instance ? var.existing_en_instance_crn : module.event_notifications[0].crn
+ value = local.use_existing_en_instance ? var.existing_event_notifications_instance_crn : module.event_notifications[0].crn
}
output "guid" {
diff --git a/solutions/standard/variables.tf b/solutions/standard/variables.tf
index 6a7f9404..92bc7a19 100644
--- a/solutions/standard/variables.tf
+++ b/solutions/standard/variables.tf
@@ -7,6 +7,7 @@ variable "ibmcloud_api_key" {
description = "The API key to use for IBM Cloud."
sensitive = true
}
+
variable "provider_visibility" {
description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)."
type = string
@@ -17,6 +18,7 @@ variable "provider_visibility" {
error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'."
}
}
+
variable "use_existing_resource_group" {
type = bool
description = "Whether to use an existing resource group."
@@ -43,7 +45,7 @@ variable "existing_monitoring_crn" {
variable "prefix" {
type = string
- description = "(Optional) Prefix to add to all resources created by this solution. To not use any prefix value, you can set this value to `null` or an empty string."
+ description = "The prefix to add to all resources that this solution creates. To not use any prefix value, you can set this value to `null` or an empty string."
default = "dev"
validation {
condition = (var.prefix == null ? true :
@@ -71,7 +73,7 @@ variable "service_credential_names" {
}
}
-variable "event_notification_name" {
+variable "event_notifications_name" {
type = string
description = "The name of the Event Notifications instance that is created by this solution. If a `prefix` input variable is specified, it is added to this name in the `-value` format."
default = "base-event-notifications"
@@ -98,15 +100,15 @@ variable "service_endpoints" {
}
}
-variable "tags" {
+variable "event_notifications_tags" {
type = list(string)
description = "The list of tags to add to the Event Notifications instance."
default = []
}
-variable "existing_en_instance_crn" {
+variable "existing_event_notifications_instance_crn" {
type = string
- description = "The CRN of existing event notification instance. If not supplied, a new instance is created."
+ description = "The CRN of existing event notifications instance. If not supplied, a new instance is created."
default = null
}
@@ -128,7 +130,7 @@ variable "existing_kms_root_key_crn" {
variable "kms_endpoint_url" {
type = string
- description = "The KMS endpoint URL to use when you configure KMS encryption. The Hyper Protect Crypto Services endpoint URL format is `https://api.private..hs-crypto.cloud.ibm.com:` and the Key Protect endpoint URL format is `https://.kms.cloud.ibm.com`. Not required if passing an existing instance using the `existing_en_instance_crn` input."
+ description = "The KMS endpoint URL to use when you configure KMS encryption. The Hyper Protect Crypto Services endpoint URL format is `https://api.private..hs-crypto.cloud.ibm.com:` and the Key Protect endpoint URL format is `https://.kms.cloud.ibm.com`. Not required if passing an existing instance using the `existing_event_notifications_instance_crn` input."
default = null
}
@@ -142,31 +144,31 @@ variable "kms_endpoint_type" {
}
}
-variable "en_key_ring_name" {
+variable "event_notifications_key_ring_name" {
type = string
- default = "en-key-ring"
+ default = "event-notifications-key-ring"
description = "The name of the key ring which will be created for the Event Notifications instance. Not used if supplying an existing key. If a `prefix` input variable is specified, it is added to this name in the `-value` format."
}
-variable "en_key_name" {
+variable "event_notifications_key_name" {
type = string
- default = "en-key"
+ default = "event-notifications-key"
description = "The name for the key that will be created for the Event Notifications. Not used if an existing key is specfied. If a `prefix` input variable is specified, it is added to this name in the `-value` format."
}
variable "cos_key_ring_name" {
type = string
- default = "en-cos-key-ring"
+ default = "event-notifications-cos-key-ring"
description = "The name of the key ring which will be created for Object Storage. Not used if supplying an existing key or if `existing_cos_bucket_name` is specified. If a `prefix` input variable is specified, it is added to this name in the `-value` format."
}
variable "cos_key_name" {
type = string
- default = "en-cos-key"
- description = "The name of the key which will be created for the Event Notifications. Not used if supplying an existing key. If a `prefix` input variable is specified, it is added to this name in the `-value` format."
+ default = "event-notifications-cos-key"
+ description = "The name of the key which will be created for Object Storage. Not used if supplying an existing key. If a `prefix` input variable is specified, it is added to this name in the `-value` format."
}
-variable "skip_en_kms_auth_policy" {
+variable "skip_event_notifications_kms_iam_auth_policy" {
type = bool
description = "Set to true to skip the creation of an IAM authorization policy that permits the Event Notifications instance to read the encryption key from the KMS instance. If a value is specified for `ibmcloud_kms_api_key`, the policy is created in the KMS account."
default = false
@@ -203,13 +205,13 @@ variable "cos_bucket_name" {
default = "base-event-notifications-bucket"
}
-variable "skip_en_cos_auth_policy" {
+variable "skip_event_notifications_cos_iam_auth_policy" {
type = bool
description = "Set to `true` to skip the creation of an IAM authorization policy that permits the Event Notifications instance `Object Writer` and `Reader` access to the given Object Storage bucket. Set to `true` to use an existing policy."
default = false
}
-variable "skip_cos_kms_auth_policy" {
+variable "skip_cos_kms_iam_auth_policy" {
type = bool
description = "Set to true to skip the creation of an IAM authorization policy that permits the COS instance to read the encryption key from the KMS instance. If set to false, pass in a value for the KMS instance in the `existing_kms_instance_crn` variable. If a value is specified for `ibmcloud_kms_api_key`, the policy is created in the KMS account."
default = false
@@ -272,9 +274,9 @@ variable "archive_days" {
default = null
}
-variable "retention_enabled" {
+variable "enable_retention" {
type = bool
- description = "Set to `true` to skip the creation of an IAM authorization policy that permits all Event Notifications instances in the resource group to read the encryption key from the KMS instance."
+ description = "Whether retention is enabled for the Object Storage bucket."
default = false
}
@@ -358,12 +360,13 @@ variable "service_credential_secrets" {
}
}
-variable "skip_en_sm_auth_policy" {
+variable "skip_event_notifications_secrets_manager_iam_auth_policy" {
type = bool
default = false
description = "Whether an IAM authorization policy is created for Secrets Manager instance to create a service credential secrets for Event Notification.If set to false, the Secrets Manager instance passed by the user is granted the Key Manager access to the Event Notifications instance created by the Deployable Architecture. Set to `true` to use an existing policy. The value of this is ignored if any value for 'existing_secrets_manager_instance_crn' is not passed."
}
-variable "cbr_rules" {
+
+variable "event_notifications_instance_cbr_rules" {
type = list(object({
description = string
account_id = string
diff --git a/tests/pr_test.go b/tests/pr_test.go
index 49c13a8e..f1de7085 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -285,7 +285,7 @@ func TestRunExistingResourcesInstances(t *testing.T) {
{Name: "region", Value: region, DataType: "string"},
{Name: "resource_group_name", Value: terraform.Output(t, existingTerraformOptions, "resource_group_name"), DataType: "string"},
{Name: "use_existing_resource_group", Value: true, DataType: "bool"},
- {Name: "existing_en_instance_crn", Value: terraform.Output(t, existingTerraformOptions, "event_notification_instance_crn"), DataType: "string"},
+ {Name: "existing_event_notifications_instance_crn", Value: terraform.Output(t, existingTerraformOptions, "event_notification_instance_crn"), DataType: "string"},
}
err := options.RunSchematicTest()
assert.NoError(t, err, "TestRunExistingResourcesInstances using existing RG and EN Failed")