diff --git a/README.md b/README.md
index 721dddca..62943d93 100644
--- a/README.md
+++ b/README.md
@@ -96,8 +96,8 @@ You need the following permissions to run this module.
| [backup\_encryption\_key\_crn](#input\_backup\_encryption\_key\_crn) | The CRN of a Hyper Protect Crypto Services use for encrypting the disk that holds deployment backups. There are limitation per region on the Hyper Protect Crypto Services and region for those services. See https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups | `string` | `null` | no |
| [cbr\_rules](#input\_cbr\_rules) | The list of context-based restriction rules to create. | list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
})) | `[]` | no |
| [elasticsearch\_version](#input\_elasticsearch\_version) | The version of Databases for Elasticsearch to deploy. Possible values: `8.7`, `8.10`, `8.12`, `8.15` which requires an Enterprise Platinum pricing plan. If no value is specified, the current preferred version for IBM Cloud Databases is used. | `string` | `null` | no |
-| [elser\_model\_type](#input\_elser\_model\_type) | Trained ELSER model to be used for Elastic's Natural Language Processing. Possible values: `.elser_model_1`, `.elser_model_2` and `.elser_model_2_linux-x86_64`. [Learn more](https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-elser.html) | `string` | `".elser_model_2_linux-x86_64"` | no |
-| [enable\_elser\_model](#input\_enable\_elser\_model) | Set it to true to install and start the Elastic's Natural Language Processing model. [Learn more](https://cloud.ibm.com/docs/databases-for-elasticsearch?topic=databases-for-elasticsearch-elser-embeddings-elasticsearch) | `bool` | `false` | no |
+| [elser\_model\_type](#input\_elser\_model\_type) | Trained ELSER model to be used for Elastic's Natural Language Processing. Possible values: `.elser_model_1`, `.elser_model_2` and `.elser_model_2_linux-x86_64`. Applies only if also 'plan' is set to 'platinum' and 'enable\_elser\_model' is enabled. [Learn more](https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-elser.html) | `string` | `".elser_model_2_linux-x86_64"` | no |
+| [enable\_elser\_model](#input\_enable\_elser\_model) | Set it to true to install and start the Elastic's Natural Language Processing model. Applies only if also 'plan' is set to 'platinum'. [Learn more](https://cloud.ibm.com/docs/databases-for-elasticsearch?topic=databases-for-elasticsearch-elser-embeddings-elasticsearch) | `bool` | `false` | no |
| [existing\_kms\_instance\_guid](#input\_existing\_kms\_instance\_guid) | The GUID of a Hyper Protect Crypto Services or Key Protect instance for the CRN specified in `kms_key_crn` and `backup_encryption_key_crn`. Applies only if `kms_encryption_enabled` is true, `skip_iam_authorization_policy` is false, and you specify values for `kms_key_crn` or `backup_encryption_key_crn`. | `string` | `null` | no |
| [kms\_encryption\_enabled](#input\_kms\_encryption\_enabled) | Whether to specify the keys used to encrypt data in the database. Specify `true` to identify the encryption keys. If set to `false`, the data is encrypted with randomly generated keys. [Learn more about Key Protect integration](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect). [Learn more about HPCS integration](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs). | `bool` | `false` | no |
| [kms\_key\_crn](#input\_kms\_key\_crn) | The root key CRN of the Key Protect or Hyper Protect Crypto Services instance to use for disk encryption. Applies only if `kms_encryption_enabled` is true. | `string` | `null` | no |
diff --git a/examples/fscloud/variables.tf b/examples/fscloud/variables.tf
index 664994c7..0f212ecb 100644
--- a/examples/fscloud/variables.tf
+++ b/examples/fscloud/variables.tf
@@ -111,6 +111,6 @@ variable "backup_encryption_key_crn" {
variable "enable_elser_model" {
type = bool
- description = "Set it to true to install and start the Elastic's Natural Language Processing model. [Learn more](https://cloud.ibm.com/docs/databases-for-elasticsearch?topic=databases-for-elasticsearch-elser-embeddings-elasticsearch)"
+ description = "Set it to true to install and start the Elastic's Natural Language Processing model. Applies only if also 'plan' is set to 'platinum'. [Learn more](https://cloud.ibm.com/docs/databases-for-elasticsearch?topic=databases-for-elasticsearch-elser-embeddings-elasticsearch)"
default = false
}
diff --git a/ibm_catalog.json b/ibm_catalog.json
index bfc04fd4..7061f67e 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -111,10 +111,12 @@
]
},
{
- "key": "use_existing_resource_group"
+ "key": "use_existing_resource_group",
+ "required": true
},
{
- "key": "resource_group_name"
+ "key": "resource_group_name",
+ "required": true
},
{
"key": "prefix"
@@ -177,6 +179,9 @@
{
"key": "name"
},
+ {
+ "key": "existing_elasticsearch_instance_crn"
+ },
{
"key": "plan",
"options": [
@@ -209,10 +214,27 @@
]
},
{
- "key": "access_tags"
+ "key": "enable_elser_model"
},
{
- "key": "use_ibm_owned_encryption_key"
+ "key": "elser_model_type",
+ "options": [
+ {
+ "displayname": ".elser_model_1",
+ "value": ".elser_model_1"
+ },
+ {
+ "displayname": ".elser_model_2",
+ "value": ".elser_model_2"
+ },
+ {
+ "displayname": ".elser_model_2_linux-x86_64",
+ "value": ".elser_model_2_linux-x86_64"
+ }
+ ]
+ },
+ {
+ "key": "access_tags"
},
{
"key": "tags"
@@ -220,6 +242,12 @@
{
"key": "users"
},
+ {
+ "key": "service_credential_names"
+ },
+ {
+ "key": "admin_pass"
+ },
{
"key": "members"
},
@@ -236,80 +264,56 @@
"key": "member_host_flavor"
},
{
- "key": "service_credential_names"
- },
- {
- "key": "admin_pass"
- },
- {
- "key": "admin_pass_sm_secret_group"
- },
- {
- "key": "use_existing_admin_pass_sm_secret_group"
- },
- {
- "key": "admin_pass_sm_secret_name"
+ "key": "auto_scaling"
},
{
- "key": "skip_iam_authorization_policy"
+ "key": "admin_pass_secrets_manager_secret_group"
},
{
- "key": "kms_endpoint_type",
- "options": [
- {
- "displayname": "public",
- "value": "public"
- },
- {
- "displayname": "private",
- "value": "private"
- }
- ]
+ "key": "use_existing_admin_pass_secrets_manager_secret_group"
},
{
- "key": "existing_kms_key_crn"
+ "key": "admin_pass_secrets_manager_secret_name"
},
{
- "key": "existing_kms_instance_crn",
- "required": true
+ "key": "existing_secrets_manager_instance_crn"
},
{
- "key": "elasticsearch_key_ring_name"
+ "key": "existing_secrets_manager_endpoint_type"
},
{
- "key": "elasticsearch_key_name"
+ "key": "skip_elasticsearch_to_secrets_manager_auth_policy"
},
{
- "key": "auto_scaling"
+ "key": "service_credential_secrets"
},
{
- "key": "backup_crn"
+ "key": "skip_iam_authorization_policy"
},
+ {
+ "key": "kms_endpoint_type",
+ "options": [
+ {
+ "displayname": "public",
+ "value": "public"
+ },
+ {
+ "displayname": "private",
+ "value": "private"
+ }
+ ]
+ },
{
- "key": "existing_backup_kms_key_crn"
+ "key": "existing_kms_key_crn"
},
{
- "key": "existing_backup_kms_instance_crn"
+ "key": "existing_kms_instance_crn"
},
{
- "key": "enable_elser_model"
+ "key": "elasticsearch_key_ring_name"
},
{
- "key": "elser_model_type",
- "options": [
- {
- "displayname": ".elser_model_1",
- "value": ".elser_model_1"
- },
- {
- "displayname": ".elser_model_2",
- "value": ".elser_model_2"
- },
- {
- "displayname": ".elser_model_2_linux-x86_64",
- "value": ".elser_model_2_linux-x86_64"
- }
- ]
+ "key": "elasticsearch_key_name"
}
]
}
diff --git a/modules/fscloud/README.md b/modules/fscloud/README.md
index d89eaa74..19010c92 100644
--- a/modules/fscloud/README.md
+++ b/modules/fscloud/README.md
@@ -37,8 +37,8 @@ No resources.
| [backup\_encryption\_key\_crn](#input\_backup\_encryption\_key\_crn) | The Hyper Protect Crypto Services (HPCS) or Key Protect root key CRN to use for encrypting the disk that holds deployment backups. There are region limitations for backup encryption. See https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups (HPCS) and https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok (Key Protect). | `string` | `null` | no |
| [cbr\_rules](#input\_cbr\_rules) | (Optional, list) List of CBR rules to create | list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
})) | `[]` | no |
| [elasticsearch\_version](#input\_elasticsearch\_version) | Version of the Elasticsearch instance. If no value is passed, the current preferred version of IBM Cloud Databases is used. | `string` | `null` | no |
-| [elser\_model\_type](#input\_elser\_model\_type) | Trained ELSER model to be used for Elastic's Natural Language Processing. Possible values: `.elser_model_1`, `.elser_model_2` and `.elser_model_2_linux-x86_64`. [Learn more](https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-elser.html) | `string` | `".elser_model_2_linux-x86_64"` | no |
-| [enable\_elser\_model](#input\_enable\_elser\_model) | Set it to true to install and start the Elastic's Natural Language Processing model. [Learn more](https://cloud.ibm.com/docs/databases-for-elasticsearch?topic=databases-for-elasticsearch-elser-embeddings-elasticsearch) | `bool` | `false` | no |
+| [elser\_model\_type](#input\_elser\_model\_type) | Trained ELSER model to be used for Elastic's Natural Language Processing. Possible values: `.elser_model_1`, `.elser_model_2` and `.elser_model_2_linux-x86_64`. Applies only if also 'plan' is set to 'platinum' and 'enable\_elser\_model' is enabled. [Learn more](https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-elser.html) | `string` | `".elser_model_2_linux-x86_64"` | no |
+| [enable\_elser\_model](#input\_enable\_elser\_model) | Set it to true to install and start the Elastic's Natural Language Processing model. Applies only if also 'plan' is set to 'platinum'. [Learn more](https://cloud.ibm.com/docs/databases-for-elasticsearch?topic=databases-for-elasticsearch-elser-embeddings-elasticsearch) | `bool` | `false` | no |
| [existing\_kms\_instance\_guid](#input\_existing\_kms\_instance\_guid) | The GUID of the Hyper Protect Crypto Services (HPCS) or Key Protect instance. | `string` | `null` | no |
| [kms\_key\_crn](#input\_kms\_key\_crn) | The Hyper Protect Crypto Services (HPCS) or Key Protect root key CRN to use for disk encryption. | `string` | `null` | no |
| [member\_cpu\_count](#input\_member\_cpu\_count) | Allocated dedicated CPU per member. For shared CPU, set to 0. [Learn more](https://cloud.ibm.com/docs/databases-for-elasticsearch?topic=databases-for-elasticsearch-resources-scaling) | `number` | `0` | no |
diff --git a/modules/fscloud/variables.tf b/modules/fscloud/variables.tf
index d6d0bc3c..a22244be 100644
--- a/modules/fscloud/variables.tf
+++ b/modules/fscloud/variables.tf
@@ -198,13 +198,13 @@ variable "backup_crn" {
variable "enable_elser_model" {
type = bool
- description = "Set it to true to install and start the Elastic's Natural Language Processing model. [Learn more](https://cloud.ibm.com/docs/databases-for-elasticsearch?topic=databases-for-elasticsearch-elser-embeddings-elasticsearch)"
+ description = "Set it to true to install and start the Elastic's Natural Language Processing model. Applies only if also 'plan' is set to 'platinum'. [Learn more](https://cloud.ibm.com/docs/databases-for-elasticsearch?topic=databases-for-elasticsearch-elser-embeddings-elasticsearch)"
default = false
}
variable "elser_model_type" {
type = string
- description = "Trained ELSER model to be used for Elastic's Natural Language Processing. Possible values: `.elser_model_1`, `.elser_model_2` and `.elser_model_2_linux-x86_64`. [Learn more](https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-elser.html)"
+ description = "Trained ELSER model to be used for Elastic's Natural Language Processing. Possible values: `.elser_model_1`, `.elser_model_2` and `.elser_model_2_linux-x86_64`. Applies only if also 'plan' is set to 'platinum' and 'enable_elser_model' is enabled. [Learn more](https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-elser.html)"
default = ".elser_model_2_linux-x86_64"
validation {
condition = contains([".elser_model_1", ".elser_model_2", ".elser_model_2_linux-x86_64"], var.elser_model_type)
diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
index 5af0ec1f..e59400a5 100644
--- a/solutions/standard/main.tf
+++ b/solutions/standard/main.tf
@@ -11,20 +11,20 @@ locals {
elasticsearch_key_ring_name = var.prefix != null ? "${var.prefix}-${var.elasticsearch_key_ring_name}" : var.elasticsearch_key_ring_name
- existing_db_instance_guid = var.existing_db_instance_crn != null ? element(split(":", var.existing_db_instance_crn), length(split(":", var.existing_db_instance_crn)) - 3) : null
- use_existing_db_instance = var.existing_db_instance_crn != null
+ existing_elasticsearch_instance_guid = var.existing_elasticsearch_instance_crn != null ? element(split(":", var.existing_elasticsearch_instance_crn), length(split(":", var.existing_elasticsearch_instance_crn)) - 3) : null
+ use_existing_elasticsearch_instance = var.existing_elasticsearch_instance_crn != null
create_cross_account_auth_policy = !var.skip_iam_authorization_policy && var.ibmcloud_kms_api_key != null && !var.use_ibm_owned_encryption_key
- create_sm_auth_policy = var.skip_es_sm_auth_policy || var.existing_secrets_manager_instance_crn == null ? 0 : 1
+ create_sm_auth_policy = var.skip_elasticsearch_to_secrets_manager_auth_policy || var.existing_secrets_manager_instance_crn == null ? 0 : 1
- kms_key_crn = var.existing_db_instance_crn != null ? null : !var.use_ibm_owned_encryption_key ? var.existing_kms_key_crn != null ? var.existing_kms_key_crn : module.kms[0].keys[format("%s.%s", local.elasticsearch_key_ring_name, local.elasticsearch_key_name)].crn : null
+ kms_key_crn = var.existing_elasticsearch_instance_crn != null ? null : !var.use_ibm_owned_encryption_key ? var.existing_kms_key_crn != null ? var.existing_kms_key_crn : module.kms[0].keys[format("%s.%s", local.elasticsearch_key_ring_name, local.elasticsearch_key_name)].crn : null
parsed_kms_key_crn = local.kms_key_crn != null ? split(":", local.kms_key_crn) : []
kms_service = length(local.parsed_kms_key_crn) > 0 ? local.parsed_kms_key_crn[4] : null
kms_scope = length(local.parsed_kms_key_crn) > 0 ? local.parsed_kms_key_crn[6] : null
kms_account_id = length(local.parsed_kms_key_crn) > 0 ? split("/", local.kms_scope)[1] : null
kms_key_id = length(local.parsed_kms_key_crn) > 0 ? local.parsed_kms_key_crn[9] : null
- elasticsearch_guid = local.use_existing_db_instance ? data.ibm_database.existing_db_instance[0].guid : module.elasticsearch[0].guid
+ elasticsearch_guid = local.use_existing_elasticsearch_instance ? data.ibm_database.existing_db_instance[0].guid : module.elasticsearch[0].guid
}
#######################################################################################################################
@@ -97,7 +97,7 @@ module "kms" {
providers = {
ibm = ibm.kms
}
- count = var.existing_kms_key_crn != null || local.use_existing_db_instance || var.use_ibm_owned_encryption_key ? 0 : 1 # no need to create any KMS resources if passing an existing key or using IBM owned keys
+ count = var.existing_kms_key_crn != null || local.use_existing_elasticsearch_instance || var.use_ibm_owned_encryption_key ? 0 : 1 # no need to create any KMS resources if passing an existing key or using IBM owned keys
source = "terraform-ibm-modules/kms-all-inclusive/ibm"
version = "4.17.1"
create_key_protect_instance = false
@@ -198,7 +198,7 @@ module "backup_kms" {
#######################################################################################################################
module "elasticsearch" {
- count = local.use_existing_db_instance ? 0 : 1
+ count = local.use_existing_elasticsearch_instance ? 0 : 1
source = "../../modules/fscloud"
depends_on = [time_sleep.wait_for_authorization_policy, time_sleep.wait_for_backup_kms_authorization_policy]
resource_group_id = module.resource_group.resource_group_id
@@ -278,7 +278,7 @@ locals {
service_credentials_ttl = secret.service_credentials_ttl
service_credential_secret_description = secret.service_credential_secret_description
service_credentials_source_service_role = secret.service_credentials_source_service_role
- service_credentials_source_service_crn = local.use_existing_db_instance ? data.ibm_database.existing_db_instance[0].id : module.elasticsearch[0].crn
+ service_credentials_source_service_crn = local.use_existing_elasticsearch_instance ? data.ibm_database.existing_db_instance[0].id : module.elasticsearch[0].crn
secret_type = "service_credentials" #checkov:skip=CKV_SECRET_6
}
]
@@ -287,10 +287,10 @@ locals {
admin_pass = var.admin_pass == null ? local.admin_password : var.admin_pass
admin_pass_secret = [{
- secret_group_name = var.prefix != null && var.admin_pass_sm_secret_group != null ? "${var.prefix}-${var.admin_pass_sm_secret_group}" : var.admin_pass_sm_secret_group
- existing_secret_group = var.use_existing_admin_pass_sm_secret_group
+ secret_group_name = var.prefix != null && var.admin_pass_secrets_manager_secret_group != null ? "${var.prefix}-${var.admin_pass_secrets_manager_secret_group}" : var.admin_pass_secrets_manager_secret_group
+ existing_secret_group = var.use_existing_admin_pass_secrets_manager_secret_group
secrets = [{
- secret_name = var.prefix != null && var.admin_pass_sm_secret_name != null ? "${var.prefix}-${var.admin_pass_sm_secret_name}" : var.admin_pass_sm_secret_name
+ secret_name = var.prefix != null && var.admin_pass_secrets_manager_secret_name != null ? "${var.prefix}-${var.admin_pass_secrets_manager_secret_name}" : var.admin_pass_secrets_manager_secret_name
secret_type = "arbitrary"
secret_payload_password = local.admin_pass
}
@@ -305,9 +305,9 @@ locals {
# tflint-ignore: terraform_unused_declarations
validate_sm_crn = length(local.service_credential_secrets) > 0 && var.existing_secrets_manager_instance_crn == null ? tobool("`existing_secrets_manager_instance_crn` is required when adding service credentials to a secrets manager secret.") : false
# tflint-ignore: terraform_unused_declarations
- validate_sm_sg = var.existing_secrets_manager_instance_crn != null && var.admin_pass_sm_secret_group == null ? tobool("`admin_pass_sm_secret_group` is required when `existing_secrets_manager_instance_crn` is set.") : false
+ validate_sm_sg = var.existing_secrets_manager_instance_crn != null && var.admin_pass_secrets_manager_secret_group == null ? tobool("`admin_pass_secrets_manager_secret_group` is required when `existing_secrets_manager_instance_crn` is set.") : false
# tflint-ignore: terraform_unused_declarations
- validate_sm_sn = var.existing_secrets_manager_instance_crn != null && var.admin_pass_sm_secret_name == null ? tobool("`admin_pass_sm_secret_name` is required when `existing_secrets_manager_instance_crn` is set.") : false
+ validate_sm_sn = var.existing_secrets_manager_instance_crn != null && var.admin_pass_secrets_manager_secret_name == null ? tobool("`admin_pass_secrets_manager_secret_name` is required when `existing_secrets_manager_instance_crn` is set.") : false
}
module "secrets_manager_service_credentials" {
@@ -324,12 +324,12 @@ module "secrets_manager_service_credentials" {
# this extra block is needed when passing in an existing ES instance - the database data block
# requires a name and resource_id to retrieve the data
data "ibm_resource_instance" "existing_instance_resource" {
- count = local.use_existing_db_instance ? 1 : 0
- identifier = local.existing_db_instance_guid
+ count = local.use_existing_elasticsearch_instance ? 1 : 0
+ identifier = local.existing_elasticsearch_instance_guid
}
data "ibm_database" "existing_db_instance" {
- count = local.use_existing_db_instance ? 1 : 0
+ count = local.use_existing_elasticsearch_instance ? 1 : 0
name = data.ibm_resource_instance.existing_instance_resource[0].name
resource_group_id = data.ibm_resource_instance.existing_instance_resource[0].resource_group_id
location = var.region
@@ -337,7 +337,7 @@ data "ibm_database" "existing_db_instance" {
}
data "ibm_database_connection" "existing_connection" {
- count = local.use_existing_db_instance ? 1 : 0
+ count = local.use_existing_elasticsearch_instance ? 1 : 0
endpoint_type = "private"
deployment_id = data.ibm_database.existing_db_instance[0].id
user_id = data.ibm_database.existing_db_instance[0].adminuser
@@ -354,10 +354,10 @@ locals {
code_engine_project_name = local.code_engine_project_id != null ? null : var.prefix != null ? "${var.prefix}-code-engine-kibana-project" : "ce-kibana-project"
code_engine_app_name = var.prefix != null ? "${var.prefix}-kibana-app" : "ce-kibana-app"
- es_host = local.use_existing_db_instance ? data.ibm_database_connection.existing_connection[0].https[0].hosts[0].hostname : module.elasticsearch[0].hostname
- es_port = local.use_existing_db_instance ? data.ibm_database_connection.existing_connection[0].https[0].hosts[0].port : module.elasticsearch[0].port
- es_cert = local.use_existing_db_instance ? data.ibm_database_connection.existing_connection[0].https[0].certificate[0].certificate_base64 : module.elasticsearch[0].certificate_base64
- es_username = local.use_existing_db_instance ? data.ibm_database.existing_db_instance[0].adminuser : "admin"
+ es_host = local.use_existing_elasticsearch_instance ? data.ibm_database_connection.existing_connection[0].https[0].hosts[0].hostname : module.elasticsearch[0].hostname
+ es_port = local.use_existing_elasticsearch_instance ? data.ibm_database_connection.existing_connection[0].https[0].hosts[0].port : module.elasticsearch[0].port
+ es_cert = local.use_existing_elasticsearch_instance ? data.ibm_database_connection.existing_connection[0].https[0].certificate[0].certificate_base64 : module.elasticsearch[0].certificate_base64
+ es_username = local.use_existing_elasticsearch_instance ? data.ibm_database.existing_db_instance[0].adminuser : "admin"
es_password = local.admin_pass
es_data = var.enable_kibana_dashboard ? jsondecode(data.http.es_metadata[0].response_body) : null
es_full_version = var.enable_kibana_dashboard ? (var.elasticsearch_full_version != null ? var.elasticsearch_full_version : local.es_data.version.number) : null
diff --git a/solutions/standard/outputs.tf b/solutions/standard/outputs.tf
index 62f1d12a..570c58bc 100644
--- a/solutions/standard/outputs.tf
+++ b/solutions/standard/outputs.tf
@@ -4,7 +4,7 @@
output "id" {
description = "Elasticsearch instance id"
- value = local.use_existing_db_instance ? data.ibm_database.existing_db_instance[0].id : module.elasticsearch[0].id
+ value = local.use_existing_elasticsearch_instance ? data.ibm_database.existing_db_instance[0].id : module.elasticsearch[0].id
}
output "guid" {
@@ -14,39 +14,39 @@ output "guid" {
output "version" {
description = "Elasticsearch instance version"
- value = local.use_existing_db_instance ? data.ibm_database.existing_db_instance[0].version : module.elasticsearch[0].version
+ value = local.use_existing_elasticsearch_instance ? data.ibm_database.existing_db_instance[0].version : module.elasticsearch[0].version
}
output "crn" {
description = "Elasticsearch instance crn"
- value = local.use_existing_db_instance ? var.existing_db_instance_crn : module.elasticsearch[0].crn
+ value = local.use_existing_elasticsearch_instance ? var.existing_elasticsearch_instance_crn : module.elasticsearch[0].crn
}
output "cbr_rule_ids" {
description = "CBR rule ids created to restrict Elasticsearch"
- value = local.use_existing_db_instance ? null : module.elasticsearch[0].cbr_rule_ids
+ value = local.use_existing_elasticsearch_instance ? null : module.elasticsearch[0].cbr_rule_ids
}
output "service_credentials_json" {
description = "Service credentials json map"
- value = local.use_existing_db_instance ? null : module.elasticsearch[0].service_credentials_json
+ value = local.use_existing_elasticsearch_instance ? null : module.elasticsearch[0].service_credentials_json
sensitive = true
}
output "service_credentials_object" {
description = "Service credentials object"
- value = local.use_existing_db_instance ? null : module.elasticsearch[0].service_credentials_object
+ value = local.use_existing_elasticsearch_instance ? null : module.elasticsearch[0].service_credentials_object
sensitive = true
}
output "hostname" {
description = "Elasticsearch instance hostname"
- value = local.use_existing_db_instance ? data.ibm_database_connection.existing_connection[0].https[0].hosts[0].hostname : module.elasticsearch[0].hostname
+ value = local.use_existing_elasticsearch_instance ? data.ibm_database_connection.existing_connection[0].https[0].hosts[0].hostname : module.elasticsearch[0].hostname
}
output "port" {
description = "Elasticsearch instance port"
- value = local.use_existing_db_instance ? data.ibm_database_connection.existing_connection[0].https[0].hosts[0].port : module.elasticsearch[0].port
+ value = local.use_existing_elasticsearch_instance ? data.ibm_database_connection.existing_connection[0].https[0].hosts[0].port : module.elasticsearch[0].port
}
output "secrets_manager_secrets" {
diff --git a/solutions/standard/variables.tf b/solutions/standard/variables.tf
index b169b2f0..8c454f66 100644
--- a/solutions/standard/variables.tf
+++ b/solutions/standard/variables.tf
@@ -77,7 +77,7 @@ variable "plan" {
default = "platinum"
}
-variable "existing_db_instance_crn" {
+variable "existing_elasticsearch_instance_crn" {
type = string
default = null
description = "The CRN of an existing Databases for Elasticsearch instance. If no value is specified, a new instance is created."
@@ -91,7 +91,7 @@ variable "enable_elser_model" {
variable "elser_model_type" {
type = string
- description = "Trained ELSER model to be used for Elastic's Natural Language Processing. Possible values: `.elser_model_1`, `.elser_model_2` and `.elser_model_2_linux-x86_64`. [Learn more](https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-elser.html)"
+ description = "Trained ELSER model to be used for Elastic's Natural Language Processing. Possible values: `.elser_model_1`, `.elser_model_2` and `.elser_model_2_linux-x86_64`. Applies only if also 'plan' is set to 'platinum' and 'enable_elser_model' is enabled. [Learn more](https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-elser.html)"
default = ".elser_model_2_linux-x86_64"
validation {
condition = contains([".elser_model_1", ".elser_model_2", ".elser_model_2_linux-x86_64"], var.elser_model_type)
@@ -315,25 +315,25 @@ variable "service_credential_secrets" {
}
}
-variable "skip_es_sm_auth_policy" {
+variable "skip_elasticsearch_to_secrets_manager_auth_policy" {
type = bool
default = false
description = "Whether an IAM authorization policy is created for Secrets Manager instance to create a service credential secrets for Databases for Elasticsearch. Set to `true` to use an existing policy."
}
-variable "admin_pass_sm_secret_group" {
+variable "admin_pass_secrets_manager_secret_group" {
type = string
description = "The name of a new or existing secrets manager secret group for admin password. To use existing secret group, `use_existing_admin_pass_sm_secret_group` must be set to `true`. If a prefix input variable is specified, the prefix is added to the name in the `-` format."
default = "elasticsearch-secrets"
}
-variable "use_existing_admin_pass_sm_secret_group" {
+variable "use_existing_admin_pass_secrets_manager_secret_group" {
type = bool
description = "Whether to use an existing secrets manager secret group for admin password."
default = false
}
-variable "admin_pass_sm_secret_name" {
+variable "admin_pass_secrets_manager_secret_name" {
type = string
description = "The name of a new elasticsearch administrator secret. If a prefix input variable is specified, the prefix is added to the name in the `-` format."
default = "elasticsearch-admin-password"
diff --git a/variables.tf b/variables.tf
index 7a6e3184..d32f0883 100644
--- a/variables.tf
+++ b/variables.tf
@@ -266,13 +266,13 @@ variable "backup_crn" {
variable "enable_elser_model" {
type = bool
- description = "Set it to true to install and start the Elastic's Natural Language Processing model. [Learn more](https://cloud.ibm.com/docs/databases-for-elasticsearch?topic=databases-for-elasticsearch-elser-embeddings-elasticsearch)"
+ description = "Set it to true to install and start the Elastic's Natural Language Processing model. Applies only if also 'plan' is set to 'platinum'. [Learn more](https://cloud.ibm.com/docs/databases-for-elasticsearch?topic=databases-for-elasticsearch-elser-embeddings-elasticsearch)"
default = false
}
variable "elser_model_type" {
type = string
- description = "Trained ELSER model to be used for Elastic's Natural Language Processing. Possible values: `.elser_model_1`, `.elser_model_2` and `.elser_model_2_linux-x86_64`. [Learn more](https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-elser.html)"
+ description = "Trained ELSER model to be used for Elastic's Natural Language Processing. Possible values: `.elser_model_1`, `.elser_model_2` and `.elser_model_2_linux-x86_64`. Applies only if also 'plan' is set to 'platinum' and 'enable_elser_model' is enabled. [Learn more](https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-elser.html)"
default = ".elser_model_2_linux-x86_64"
validation {
condition = contains([".elser_model_1", ".elser_model_2", ".elser_model_2_linux-x86_64"], var.elser_model_type)