feat: added new input variable member_host_flavor and updated default value of memory_mb to 8192.<br><br>Reference: [Cloud Database Hosting Models](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hosting-models)<br><br>The [host model switching](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hosting-models&interface=api#hosting-models-switching) section has details of the migrations that the service is rolling out. All instances will have to be switched and the [time line](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hosting-models&interface=api#hosting-model-transition-timeline) for the migrations is outlined.<br><br>During the transition both existing and new models are supported.<br><br>Users of this module should consider the changes being implemented by the service. It is recommended that new deployments use the shared or isolated compute models to start, by specifying the member_host_flavor. It is recommended that existing deployments make updates to control the upgrade process by specifying shared or isolate compute configurations and the resource required to run the service, by adding the member_host_flavor. (#199)

shemau · web-flow · commit 227cf242439e · 2024-07-12T09:50:29.000+01:00
diff --git a/README.md b/README.md
@@ -94,8 +94,9 @@ You need the following permissions to run this module.
 | <a name="input_instance_name"></a> [instance\_name](#input\_instance\_name) | The name to give the RabbitMQ instance | `string` | n/a | yes |
 | <a name="input_kms_encryption_enabled"></a> [kms\_encryption\_enabled](#input\_kms\_encryption\_enabled) | Set this to true to control the encryption keys used to encrypt the data that you store in IBM Cloud® Databases. If set to false, the data is encrypted by using randomly generated keys. For more info on Key Protect integration, see https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect. For more info on HPCS integration, see https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs | `bool` | `false` | no |
 | <a name="input_kms_key_crn"></a> [kms\_key\_crn](#input\_kms\_key\_crn) | The root key CRN of a Key Management Services like Key Protect or Hyper Protect Crypto Service (HPCS) that you want to use for disk encryption. Only used if var.kms\_encryption\_enabled is set to true. | `string` | `null` | no |
+| <a name="input_member_host_flavor"></a> [member\_host\_flavor](#input\_member\_host\_flavor) | Allocated host flavor per member. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/database#host_flavor). | `string` | `null` | no |
 | <a name="input_members"></a> [members](#input\_members) | Allocated number of members. For more information, see: https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-resources-scaling | `number` | `3` | no |
-| <a name="input_memory_mb"></a> [memory\_mb](#input\_memory\_mb) | Allocated memory per-member. For more information, see: https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-resources-scaling | `number` | `1024` | no |
+| <a name="input_memory_mb"></a> [memory\_mb](#input\_memory\_mb) | Allocated memory per-member. For more information, see: https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-resources-scaling | `number` | `8192` | no |
 | <a name="input_plan"></a> [plan](#input\_plan) | The name of the service plan that you choose for your RabbitMQ instance | `string` | `"standard"` | no |
 | <a name="input_rabbitmq_version"></a> [rabbitmq\_version](#input\_rabbitmq\_version) | The version of RabbitMQ to deploy. If no value passed, the current ICD preferred version is used. | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | The region where you want to deploy your instance. | `string` | `"us-south"` | no |
diff --git a/examples/backup-restore/main.tf b/examples/backup-restore/main.tf
@@ -16,12 +16,13 @@ data "ibm_database_backups" "backup_database" {
 
 # New RabbitMQ db instance pointing to the backup instance
 module "restored_rabbitmq_db" {
-  source            = "../.."
-  resource_group_id = module.resource_group.resource_group_id
-  instance_name     = "${var.prefix}-rabbitmq-restored"
-  region            = var.region
-  rabbitmq_version  = var.rabbitmq_version
-  access_tags       = var.access_tags
-  tags              = var.resource_tags
-  backup_crn        = data.ibm_database_backups.backup_database.backups[0].backup_id
+  source             = "../.."
+  resource_group_id  = module.resource_group.resource_group_id
+  instance_name      = "${var.prefix}-rabbitmq-restored"
+  region             = var.region
+  rabbitmq_version   = var.rabbitmq_version
+  access_tags        = var.access_tags
+  tags               = var.resource_tags
+  member_host_flavor = "multitenant"
+  backup_crn         = data.ibm_database_backups.backup_database.backups[0].backup_id
 }
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -96,6 +96,7 @@ module "icd_rabbitmq" {
   tags                       = var.resource_tags
   access_tags                = var.access_tags
   auto_scaling               = var.auto_scaling
+  member_host_flavor         = "multitenant"
   cbr_rules = [
     {
       description      = "${var.prefix}-rabbitmq access only from vpc"
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
@@ -8,7 +8,7 @@ output "id" {
 }
 
 output "guid" {
-  description = "Postgresql instance guid"
+  description = "RabbitMQ instance guid"
   value       = module.icd_rabbitmq.guid
 }
 
diff --git a/examples/fscloud/main.tf b/examples/fscloud/main.tf
@@ -50,7 +50,7 @@ module "cbr_zone" {
 }
 
 ##############################################################################
-# Postgres Instance
+# RabbitMQ Instance
 ##############################################################################
 
 module "rabbitmq_database" {
@@ -66,6 +66,7 @@ module "rabbitmq_database" {
   tags                       = var.tags
   access_tags                = var.access_tags
   auto_scaling               = var.auto_scaling
+  member_host_flavor         = "b3c.4x16.encrypted"
   backup_encryption_key_crn  = var.backup_encryption_key_crn
   backup_crn                 = var.backup_crn
   cbr_rules = [
diff --git a/main.tf b/main.tf
@@ -16,6 +16,9 @@ locals {
   # Determine if auto scaling is enabled
   auto_scaling_enabled = var.auto_scaling == null ? [] : [1]
 
+  # Determine if host_flavor is used
+  host_flavor_set = var.member_host_flavor != null ? true : false
+
   # Determine what KMS service is being used for database encryption
   kms_service = var.kms_key_crn != null ? (
     can(regex(".*kms.*", var.kms_key_crn)) ? "kms" : (
@@ -67,23 +70,65 @@ resource "ibm_database" "rabbitmq_database" {
     }
   }
 
-  group {
-    group_id = "member"
-
-    memory {
-      allocation_mb = var.memory_mb
-    }
-
-    disk {
-      allocation_mb = var.disk_mb
+  ## This for_each block is NOT a loop to attach to multiple group blocks.
+  ## This is used to conditionally add one, OR, the other group block depending on var.local.host_flavor_set
+  ## This block is for if host_flavor IS set to specific pre-defined host sizes and not set to "multitenant"
+  dynamic "group" {
+    for_each = local.host_flavor_set && var.member_host_flavor != "multitenant" ? [1] : []
+    content {
+      group_id = "member" # Only member type is allowed for IBM Cloud Databases
+      host_flavor {
+        id = var.member_host_flavor
+      }
+      disk {
+        allocation_mb = var.disk_mb
+      }
+      members {
+        allocation_count = var.members
+      }
     }
+  }
 
-    cpu {
-      allocation_count = var.cpu_count
+  ## This block is for if host_flavor IS set to "multitenant"
+  dynamic "group" {
+    for_each = local.host_flavor_set && var.member_host_flavor == "multitenant" ? [1] : []
+    content {
+      group_id = "member" # Only member type is allowed for IBM Cloud Databases
+      host_flavor {
+        id = var.member_host_flavor
+      }
+      disk {
+        allocation_mb = var.disk_mb
+      }
+      memory {
+        allocation_mb = var.memory_mb
+      }
+      cpu {
+        allocation_count = var.cpu_count
+      }
+      members {
+        allocation_count = var.members
+      }
     }
+  }
 
-    members {
-      allocation_count = var.members
+  ## This block is for if host_flavor IS NOT set
+  dynamic "group" {
+    for_each = local.host_flavor_set ? [] : [1]
+    content {
+      group_id = "member" # Only member type is allowed for IBM Cloud Databases
+      memory {
+        allocation_mb = var.memory_mb
+      }
+      disk {
+        allocation_mb = var.disk_mb
+      }
+      cpu {
+        allocation_count = var.cpu_count
+      }
+      members {
+        allocation_count = var.members
+      }
     }
   }
 
diff --git a/modules/fscloud/README.md b/modules/fscloud/README.md
@@ -42,11 +42,14 @@ No resources.
 | <a name="input_existing_kms_instance_guid"></a> [existing\_kms\_instance\_guid](#input\_existing\_kms\_instance\_guid) | The GUID of the Hyper Protect Crypto Services instance. | `string` | n/a | yes |
 | <a name="input_instance_name"></a> [instance\_name](#input\_instance\_name) | The name of the RabbitMQ instance | `string` | n/a | yes |
 | <a name="input_kms_key_crn"></a> [kms\_key\_crn](#input\_kms\_key\_crn) | The root key CRN of a Key Management Services like Key Protect or Hyper Protect Crypto Service (HPCS) that you want to use for disk encryption. Only used if var.kms\_encryption\_enabled is set to true. | `string` | `null` | no |
+| <a name="input_member_host_flavor"></a> [member\_host\_flavor](#input\_member\_host\_flavor) | Allocated host flavor per member. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/database#host_flavor). | `string` | `null` | no |
 | <a name="input_members"></a> [members](#input\_members) | Allocated number of members. For more information, see: https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-resources-scaling | `number` | `3` | no |
+| <a name="input_memory_mb"></a> [memory\_mb](#input\_memory\_mb) | Allocated memory per member. [Learn more](https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-resources-scaling). | `number` | `8192` | no |
 | <a name="input_rabbitmq_version"></a> [rabbitmq\_version](#input\_rabbitmq\_version) | The version of RabbitMQ to deploy. If no value passed, the current ICD preferred version is used. | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | The region where you want to deploy your instance. | `string` | `"us-south"` | no |
 | <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where the RabbitMQ instance will be created. | `string` | n/a | yes |
 | <a name="input_service_credential_names"></a> [service\_credential\_names](#input\_service\_credential\_names) | Map of name, role for service credentials that you want to create for the database | `map(string)` | `{}` | no |
+| <a name="input_skip_iam_authorization_policy"></a> [skip\_iam\_authorization\_policy](#input\_skip\_iam\_authorization\_policy) | Set to true to skip the creation of an IAM authorization policy that permits all RabbitMQ instances in the resource group to read the encryption key from the Hyper Protect Crypto Services instance. The HPCS instance is passed in through the var.existing\_kms\_instance\_guid variable. | `bool` | `false` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Optional list of tags to be added to the RabbitMQ instance. | `list(any)` | `[]` | no |
 | <a name="input_users"></a> [users](#input\_users) | A list of users that you want to create on the database. Multiple blocks are allowed. The user password must be in the range of 10-32 characters. Be warned that in most case using IAM service credentials (via the var.service\_credential\_names) is sufficient to control access to the RabbitMQ instance. This blocks creates native RabbitMQ database users, more info on that can be found here https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-user-management | <pre>list(object({<br>    name     = string<br>    password = string # pragma: allowlist secret<br>    type     = string # "type" is required to generate the connection string for the outputs.<br>    role     = optional(string)<br>  }))</pre> | `[]` | no |
 
diff --git a/modules/fscloud/main.tf b/modules/fscloud/main.tf
@@ -1,23 +1,26 @@
 module "rabbitmq_database" {
-  source                     = "../../"
-  resource_group_id          = var.resource_group_id
-  instance_name              = var.instance_name
-  region                     = var.region
-  rabbitmq_version           = var.rabbitmq_version
-  endpoints                  = var.endpoints
-  tags                       = var.tags
-  access_tags                = var.access_tags
-  kms_encryption_enabled     = true
-  existing_kms_instance_guid = var.existing_kms_instance_guid
-  service_credential_names   = var.service_credential_names
-  backup_encryption_key_crn  = var.backup_encryption_key_crn
-  kms_key_crn                = var.kms_key_crn
-  admin_pass                 = var.admin_pass
-  members                    = var.members
-  users                      = var.users
-  disk_mb                    = var.disk_mb
-  cpu_count                  = var.cpu_count
-  auto_scaling               = var.auto_scaling
-  cbr_rules                  = var.cbr_rules
-  backup_crn                 = var.backup_crn
+  source                        = "../../"
+  resource_group_id             = var.resource_group_id
+  instance_name                 = var.instance_name
+  region                        = var.region
+  skip_iam_authorization_policy = var.skip_iam_authorization_policy
+  rabbitmq_version              = var.rabbitmq_version
+  endpoints                     = var.endpoints
+  tags                          = var.tags
+  access_tags                   = var.access_tags
+  kms_encryption_enabled        = true
+  existing_kms_instance_guid    = var.existing_kms_instance_guid
+  service_credential_names      = var.service_credential_names
+  backup_encryption_key_crn     = var.backup_encryption_key_crn
+  kms_key_crn                   = var.kms_key_crn
+  admin_pass                    = var.admin_pass
+  members                       = var.members
+  users                         = var.users
+  memory_mb                     = var.memory_mb
+  disk_mb                       = var.disk_mb
+  cpu_count                     = var.cpu_count
+  member_host_flavor            = var.member_host_flavor
+  auto_scaling                  = var.auto_scaling
+  cbr_rules                     = var.cbr_rules
+  backup_crn                    = var.backup_crn
 }
diff --git a/modules/fscloud/variables.tf b/modules/fscloud/variables.tf
@@ -47,6 +47,12 @@ variable "existing_kms_instance_guid" {
   type        = string
 }
 
+variable "skip_iam_authorization_policy" {
+  type        = bool
+  description = "Set to true to skip the creation of an IAM authorization policy that permits all RabbitMQ instances in the resource group to read the encryption key from the Hyper Protect Crypto Services instance. The HPCS instance is passed in through the var.existing_kms_instance_guid variable."
+  default     = false
+}
+
 variable "backup_encryption_key_crn" {
   type        = string
   description = "The CRN of a Hyper Protect Crypto Service use for encrypting the disk that holds deployment backups. Only used if var.kms_encryption_enabled is set to true. There are limitation per region on the Hyper Protect Crypto Services and region for those services. See https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups"
@@ -86,6 +92,13 @@ variable "service_credential_names" {
   default     = {}
 }
 
+variable "memory_mb" {
+  type        = number
+  description = "Allocated memory per member. [Learn more](https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-resources-scaling)."
+  default     = 8192
+  # Validation is done in the Terraform plan phase by the IBM provider, so no need to add extra validation here.
+}
+
 variable "disk_mb" {
   description = "Allocated disk per member. For more information, see https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-resources-scaling"
   type        = number
@@ -98,6 +111,12 @@ variable "cpu_count" {
   default     = 0
 }
 
+variable "member_host_flavor" {
+  type        = string
+  description = "Allocated host flavor per member. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/database#host_flavor)."
+  default     = null
+}
+
 variable "auto_scaling" {
   type = object({
     disk = object({
diff --git a/variables.tf b/variables.tf
@@ -83,7 +83,7 @@ variable "members" {
 variable "memory_mb" {
   description = "Allocated memory per-member. For more information, see: https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-resources-scaling"
   type        = number
-  default     = 1024
+  default     = 8192
 }
 
 variable "cpu_count" {
@@ -98,6 +98,13 @@ variable "disk_mb" {
   default     = 1024
 }
 
+variable "member_host_flavor" {
+  type        = string
+  description = "Allocated host flavor per member. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/database#host_flavor)."
+  default     = null
+  # Validation is done in the Terraform plan phase by the IBM provider, so no need to add extra validation here.
+}
+
 variable "auto_scaling" {
   type = object({
     disk = object({

Original file line number	Diff line number	Diff line change
`@@ -96,6 +96,7 @@ module "icd_rabbitmq" {`
`96`	`96`	`tags = var.resource_tags`
`97`	`97`	`access_tags = var.access_tags`
`98`	`98`	`auto_scaling = var.auto_scaling`
	`99`	`+ member_host_flavor = "multitenant"`
`99`	`100`	`cbr_rules = [`
`100`	`101`	`{`
`101`	`102`	`description = "${var.prefix}-rabbitmq access only from vpc"`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ output "id" {`
`8`	`8`	`}`
`9`	`9`
`10`	`10`	`output "guid" {`
`11`		`- description = "Postgresql instance guid"`
	`11`	`+ description = "RabbitMQ instance guid"`
`12`	`12`	`value = module.icd_rabbitmq.guid`
`13`	`13`	`}`
`14`	`14`