added PITR

Author: Aatreyee Mukherjee

README.md

@@ -49,6 +49,7 @@ You need the following permissions to run this module.
 - [ Basic example](examples/basic)
 - [ Complete example with BYOK encryption and CBR rules](examples/complete)
 - [ Financial Services Cloud profile example with autoscaling enabled](examples/fscloud)
+- [ Point in time recovery example (PITR)](examples/pitr)
 <!-- END EXAMPLES HOOK -->
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ### Requirements
@@ -98,6 +99,8 @@ You need the following permissions to run this module.
 | <a name="input_members"></a> [members](#input\_members) | The number of members that are allocated. [Learn more](https://cloud.ibm.com/docs/databases-for-mongodb?topic=databases-for-mongodb-resources-scaling) | `number` | `3` | no |
 | <a name="input_mongodb_version"></a> [mongodb\_version](#input\_mongodb\_version) | The version of the MongoDB to provision. If no value passed, the current ICD preferred version is used. For our version policy, see https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-versioning-policy for more details | `string` | `null` | no |
 | <a name="input_name"></a> [name](#input\_name) | The name to give the MongoDB instance. | `string` | n/a | yes |
+| <a name="input_pitr_id"></a> [pitr\_id](#input\_pitr\_id) | (Optional) The ID of the source deployment MongoDB instance that you want to recover back to. The MongoDB instance is expected to be in an up and in running state. | `string` | `null` | no |
+| <a name="input_pitr_time"></a> [pitr\_time](#input\_pitr\_time) | (Optional) The timestamp in UTC format (%Y-%m-%dT%H:%M:%SZ) for any time in the last 7 days that you want to restore to. If empty string ("") is passed, earliest\_point\_in\_time\_recovery\_time will be used as pitr\_time. To retrieve the timestamp, run the command (ibmcloud cdb MongoDB earliest-pitr-timestamp <deployment name or CRN>). For more info on Point-in-time Recovery, see https://cloud.ibm.com/docs/databases-for-mongodb?topic=databases-for-mongodb-pitr&interface=ui | `string` | `null` | no |
 | <a name="input_plan"></a> [plan](#input\_plan) | The name of the service plan that you choose for your MongoDB instance | `string` | `"standard"` | no |
 | <a name="input_region"></a> [region](#input\_region) | The region where you want to deploy your instance. | `string` | `"us-south"` | no |
 | <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where the MongoDB instance will be created. | `string` | n/a | yes |

examples/pitr/README.md

@@ -0,0 +1,7 @@
+# Point in time recovery example (PITR)
+
+This example provides an end-to-end solution that:
+
+- Creates a new resource group if one is not passed in.
+- Creates a new ICD MongoDB database instance.
+- Creates a new MongoDB instance pointing to a PITR time.

examples/pitr/main.tf

@@ -0,0 +1,29 @@
+#############################################################################
+# Resource Group
+##############################################################################
+
+module "resource_group" {
+  source  = "terraform-ibm-modules/resource-group/ibm"
+  version = "1.1.6"
+  # if an existing resource group is not set (null) create a new one using prefix
+  resource_group_name          = var.resource_group == null ? "${var.prefix}-resource-group" : null
+  existing_resource_group_name = var.resource_group
+}
+
+# New ICD mongodb database instance pointing to a PITR time
+module "mongodb_db_pitr" {
+  source             = "../.."
+  resource_group_id  = module.resource_group.resource_group_id
+  name               = "${var.prefix}-mongodb-pitr"
+  region             = var.region
+  plan="enterprise"
+  tags      = var.resource_tags
+  access_tags        = var.access_tags
+  member_host_flavor = "multitenant"
+  member_memory_mb=14336
+  member_disk_mb     = 20480
+  member_cpu_count   = 6
+  mongodb_version         = var.mongodb_version
+  pitr_id            = var.pitr_id
+  pitr_time        = var.pitr_time == "" ? " " : var.pitr_time
+}

examples/pitr/outputs.tf

@@ -0,0 +1,17 @@
+##############################################################################
+# Outputs
+##############################################################################
+
+output "mongodb_time" {
+  description = "PITR timestamp in UTC format (%Y-%m-%dT%H:%M:%SZ) used to create PITR instance"
+  value       = var.pitr_time
+}
+output "pitr_mongodb_db_id" {
+  description = "PITR MongoDB instance id"
+  value       = module.mongodb_db_pitr.id
+}
+
+output "pitr_mongodb_db_version" {
+  description = "PITR MongoDB instance version"
+  value       = module.mongodb_db_pitr.version
+}

examples/pitr/provider.tf

@@ -0,0 +1,4 @@
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+  region           = var.region
+}

examples/pitr/variables.tf

@@ -0,0 +1,51 @@
+variable "ibmcloud_api_key" {
+  type        = string
+  description = "The IBM Cloud API Key"
+  sensitive   = true
+}
+
+variable "region" {
+  type        = string
+  description = "Region to provision all resources created by this example."
+}
+
+variable "prefix" {
+  type        = string
+  description = "Prefix to append to all resources created by this example"
+}
+
+variable "resource_group" {
+  type        = string
+  description = "An existing resource group name to use for this example, if unset a new resource group will be created"
+  default     = null
+}
+
+variable "mongodb_version" {
+  description = "Version of the mongodb instance. If no value passed, the current ICD preferred version is used."
+  type        = string
+  default     = null
+}
+
+variable "resource_tags" {
+  type        = list(string)
+  description = "Optional list of tags to be added to created resources"
+  default     = []
+}
+
+variable "access_tags" {
+  type        = list(string)
+  description = "Optional list of access management tags to add to resources that are created"
+  default     = []
+}
+
+variable "pitr_id" {
+  type        = string
+  description = "The ID of the source deployment MongoDB instance that you want to recover back to. The MongoDB instance is expected to be in an up and in running state."
+}
+
+variable "pitr_time" {
+  type        = string
+  description = "The timestamp in UTC format (%Y-%m-%dT%H:%M:%SZ) for any time in the last 7 days that you want to restore to. If empty string (\"\") is passed, earliest_in_time_recovery_time will be used as pitr_time. To retrieve the timestamp, run the command (ibmcloud cdb MongoDB earliest-pitr-timestamp <deployment name or CRN>). For more info on Point-in-time Recovery, see https://cloud.ibm.com/docs/databases-for-mongodb?topic=databases-for-mongodb-pitr&interface=ui"
+}
+
+

examples/pitr/version.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_version = ">= 1.3.0"
+  required_providers {
+    # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
+    # module's version.tf (basic example), and 1 example that will always use the latest provider version (complete example).
+    ibm = {
+      source  = "IBM-Cloud/ibm"
+      version = ">=1.70.0, <2.0.0"
+    }
+  }
+}

ibm_catalog.json

@@ -228,7 +228,7 @@
               "key": "admin_pass_secret_manager_secret_name"
             },
             {
-              "key": "existing_db_instance_crn"
+              "key": "existing_mongodb_instance_crn"
             },
             {
               "key": "use_existing_admin_pass_secret_manager_secret_group"

main.tf

@@ -12,6 +12,10 @@ locals {
   validate_backup_key = !var.use_ibm_owned_encryption_key && var.backup_encryption_key_crn != null && (var.use_default_backup_encryption_key || var.use_same_kms_key_for_backups) ? tobool("When passing a value for 'backup_encryption_key_crn' you cannot set 'use_default_backup_encryption_key' to true or 'use_ibm_owned_encryption_key' to false.") : true
   # tflint-ignore: terraform_unused_declarations
   validate_backup_key_2 = !var.use_ibm_owned_encryption_key && var.backup_encryption_key_crn == null && !var.use_same_kms_key_for_backups ? tobool("When 'use_same_kms_key_for_backups' is set to false, a value needs to be passed for 'backup_encryption_key_crn'.") : true
+  # tflint-ignore: terraform_unused_declarations
+  validate_pitr_vars = (var.pitr_id != null && var.pitr_time == null) || (var.pitr_time != null && var.pitr_id == null) ? tobool("To use Point-In-Time Recovery (PITR), values for both var.pitr_id and var.pitr_time need to be set. Otherwise, unset both of these.") : true
+  # Determine if restore, from backup or point in time recovery
+  recovery_mode = var.backup_crn != null || var.pitr_id != null
 }
 
 ########################################################################################################################
@@ -172,19 +176,21 @@ resource "time_sleep" "wait_for_backup_kms_authorization_policy" {
 ########################################################################################################################
 
 resource "ibm_database" "mongodb" {
-  depends_on                = [time_sleep.wait_for_authorization_policy, time_sleep.wait_for_backup_kms_authorization_policy]
-  name                      = var.name
-  location                  = var.region
-  plan                      = var.plan
-  service                   = "databases-for-mongodb"
-  version                   = var.mongodb_version
-  resource_group_id         = var.resource_group_id
-  adminpassword             = var.admin_pass
-  tags                      = var.tags
-  service_endpoints         = var.service_endpoints
-  key_protect_key           = var.kms_key_crn
-  backup_encryption_key_crn = local.backup_encryption_key_crn
-  backup_id                 = var.backup_crn
+  depends_on                           = [time_sleep.wait_for_authorization_policy, time_sleep.wait_for_backup_kms_authorization_policy]
+  name                                 = var.name
+  location                             = var.region
+  plan                                 = var.plan
+  service                              = "databases-for-mongodb"
+  version                              = var.mongodb_version
+  resource_group_id                    = var.resource_group_id
+  adminpassword                        = var.admin_pass
+  tags                                 = var.tags
+  service_endpoints                    = var.service_endpoints
+  key_protect_key                      = var.kms_key_crn
+  backup_encryption_key_crn            = local.backup_encryption_key_crn
+  backup_id                            = var.backup_crn
+  point_in_time_recovery_deployment_id = var.pitr_id
+  point_in_time_recovery_time          = var.pitr_time
 
   dynamic "users" {
     for_each = nonsensitive(var.users != null ? var.users : [])
@@ -200,7 +206,7 @@ resource "ibm_database" "mongodb" {
   ## This is used to conditionally add one, OR, the other group block depending on var.local.host_flavor_set
   ## This block is for if host_flavor IS set to specific pre-defined host sizes and not set to "multitenant"
   dynamic "group" {
-    for_each = local.host_flavor_set && var.member_host_flavor != "multitenant" && var.backup_crn == null ? [1] : []
+    for_each = local.host_flavor_set && var.member_host_flavor != "multitenant" && !local.recovery_mode ? [1] : []
     content {
       group_id = "member" # Only member type is allowed for IBM Cloud Databases
       host_flavor {
@@ -217,7 +223,7 @@ resource "ibm_database" "mongodb" {
 
   ## This block is for if host_flavor IS set to "multitenant"
   dynamic "group" {
-    for_each = local.host_flavor_set && var.member_host_flavor == "multitenant" && var.backup_crn == null ? [1] : []
+    for_each = local.host_flavor_set && var.member_host_flavor == "multitenant" && !local.recovery_mode == null ? [1] : []
     content {
       group_id = "member" # Only member type is allowed for IBM Cloud Databases
       host_flavor {
@@ -240,7 +246,7 @@ resource "ibm_database" "mongodb" {
 
   ## This block is for if host_flavor IS NOT set
   dynamic "group" {
-    for_each = !local.host_flavor_set && var.backup_crn == null ? [1] : []
+    for_each = !local.host_flavor_set && !local.recovery_mode == null ? [1] : []
     content {
       group_id = "member" # Only member type is allowed for IBM Cloud Databases
       memory {
@@ -388,3 +394,8 @@ data "ibm_database_connection" "database_connection" {
   user_id       = ibm_database.mongodb.adminuser
   user_type     = "database"
 }
+
+# data "ibm_database_point_in_time_recovery" "source_db_earliest_pitr_time" {
+#   count         = var.pitr_time != " " ? 0 : 1
+#   deployment_id = var.pitr_id
+# }

outputs.tf

@@ -59,3 +59,8 @@ output "certificate_base64" {
   value       = data.ibm_database_connection.database_connection.mongodb[0].certificate[0].certificate_base64
   sensitive   = true
 }
+
+# output "pitr_time" {
+#   description = "MongoDB instance id"
+#   value       = var.pitr_time != "" ? var.pitr_time : data.ibm_database_point_in_time_recovery.source_db_earliest_pitr_time[0].earliest_point_in_time_recovery_time
+# }