diff --git a/.github/settings.yml b/.github/settings.yml
index e68b5db5..149420a3 100644
--- a/.github/settings.yml
+++ b/.github/settings.yml
@@ -22,7 +22,7 @@ repository:
# Uncomment this description property
# and update the description to the current repo description.
- description: "Implements an instance of the IBM Cloud Databases for RabbitMQ."
+ description: "Implements an instance of the IBM Cloud Messages for RabbitMQ."
# Uncomment this topics property
# and add a comma-separated list of topics to set on the repo.
diff --git a/.secrets.baseline b/.secrets.baseline
index a8049784..145ce775 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
"files": "go.sum|^.secrets.baseline$",
"lines": null
},
- "generated_at": "2025-07-24T12:57:34Z",
+ "generated_at": "2025-09-09T11:16:56Z",
"plugins_used": [
{
"name": "AWSKeyDetector"
@@ -82,7 +82,7 @@
"hashed_secret": "44cdfc3615970ada14420caaaa5c5745fca06002",
"is_secret": false,
"is_verified": false,
- "line_number": 124,
+ "line_number": 125,
"type": "Secret Keyword",
"verified_result": null
},
@@ -90,7 +90,7 @@
"hashed_secret": "bd0d0d73a240c29656fb8ae0dfa5f863077788dc",
"is_secret": false,
"is_verified": false,
- "line_number": 129,
+ "line_number": 130,
"type": "Secret Keyword",
"verified_result": null
}
diff --git a/README.md b/README.md
index b95b252f..a6552be4 100644
--- a/README.md
+++ b/README.md
@@ -91,6 +91,7 @@ You need the following permissions to run this module.
| [backup\_crn](#input\_backup\_crn) | The CRN of a backup resource to restore from. The backup is created by a database deployment with the same service ID. The backup is loaded after provisioning and the new deployment starts up that uses that data. A backup CRN is in the format crn:v1:<…>:backup:. If omitted, the database is provisioned empty. | `string` | `null` | no |
| [backup\_encryption\_key\_crn](#input\_backup\_encryption\_key\_crn) | The CRN of a Key Protect or Hyper Protect Crypto Services encryption key that you want to use for encrypting the disk that holds deployment backups. Applies only if `use_ibm_owned_encryption_key` is false and `use_same_kms_key_for_backups` is false. If no value is passed, and `use_same_kms_key_for_backups` is true, the value of `kms_key_crn` is used. Alternatively set `use_default_backup_encryption_key` to true to use the IBM Cloud Databases default encryption. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups). | `string` | `null` | no |
| [cbr\_rules](#input\_cbr\_rules) | (Optional, list) List of context-based restrictions rules to create. | list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
tags = optional(list(object({
name = string
value = string
})))
operations = optional(list(object({
api_types = list(object({
api_type_id = string
}))
})))
})) | `[]` | no |
+| [configuration](#input\_configuration) | Database configuration parameters, see https://cloud.ibm.com/docs/databases-for-rabbitmq?topic=databases-for-rabbitmq-changing-configuration&interface=api for more details. | object({
delete_undefined_queues = optional(bool)
}) | `null` | no |
| [cpu\_count](#input\_cpu\_count) | Allocated dedicated CPU per member. For shared CPU, set to 0. [Learn more](https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-resources-scaling) | `number` | `0` | no |
| [deletion\_protection](#input\_deletion\_protection) | Enable deletion protection within terraform. This is not a property of the resource and does not prevent deletion outside of terraform. The database can not be deleted by terraform when this value is set to 'true'. In order to delete with terraform the value must be set to 'false' and a terraform apply performed before the destroy is performed. The default is 'true'. | `bool` | `true` | no |
| [disk\_mb](#input\_disk\_mb) | Allocated disk per member. [Learn more](https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-resources-scaling) | `number` | `1024` | no |
@@ -105,12 +106,12 @@ You need the following permissions to run this module.
| [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where the RabbitMQ instance will be created. | `string` | n/a | yes |
| [service\_credential\_names](#input\_service\_credential\_names) | Map of name, role for service credentials that you want to create for the database | `map(string)` | `{}` | no |
| [service\_endpoints](#input\_service\_endpoints) | Specify whether you want to enable the public, private, or both service endpoints. Supported values are 'public', 'private', or 'public-and-private'. | `string` | `"private"` | no |
-| [skip\_iam\_authorization\_policy](#input\_skip\_iam\_authorization\_policy) | Set to true to skip the creation of IAM authorization policies that permits all Databases for RabbitMQ instances in the given resource group 'Reader' access to the Key Protect or Hyper Protect Crypto Services key that was provided in the `kms_key_crn` and `backup_encryption_key_crn` inputs. This policy is required in order to enable KMS encryption, so only skip creation if there is one already present in your account. No policy is created if `use_ibm_owned_encryption_key` is true. | `bool` | `false` | no |
+| [skip\_iam\_authorization\_policy](#input\_skip\_iam\_authorization\_policy) | Set to true to skip the creation of IAM authorization policies that permits all Messages for RabbitMQ instances in the given resource group 'Reader' access to the Key Protect or Hyper Protect Crypto Services key that was provided in the `kms_key_crn` and `backup_encryption_key_crn` inputs. This policy is required in order to enable KMS encryption, so only skip creation if there is one already present in your account. No policy is created if `use_ibm_owned_encryption_key` is true. | `bool` | `false` | no |
| [tags](#input\_tags) | Optional list of tags to be added to the RabbitMQ instance. | `list(string)` | `[]` | no |
| [timeouts\_update](#input\_timeouts\_update) | A database update may require a longer timeout for the update to complete. The default is 120 minutes. Set this variable to change the `update` value in the `timeouts` block. [Learn more](https://developer.hashicorp.com/terraform/language/resources/syntax#operation-timeouts). | `string` | `"120m"` | no |
| [use\_default\_backup\_encryption\_key](#input\_use\_default\_backup\_encryption\_key) | When `use_ibm_owned_encryption_key` is set to false, backups will be encrypted with either the key specified in `kms_key_crn`, or in `backup_encryption_key_crn` if a value is passed. If you do not want to use your own key for backups encryption, you can set this to `true` to use the IBM Cloud Databases default encryption for backups. Alternatively set `use_ibm_owned_encryption_key` to true to use the default encryption for both backups and deployment data. | `bool` | `false` | no |
| [use\_ibm\_owned\_encryption\_key](#input\_use\_ibm\_owned\_encryption\_key) | IBM Cloud Databases will secure your deployment's data at rest automatically with an encryption key that IBM hold. Alternatively, you may select your own Key Management System instance and encryption key (Key Protect or Hyper Protect Crypto Services) by setting this to false. If setting to false, a value must be passed for the `kms_key_crn` input. | `bool` | `true` | no |
-| [use\_same\_kms\_key\_for\_backups](#input\_use\_same\_kms\_key\_for\_backups) | Set this to false if you wan't to use a different key that you own to encrypt backups. When set to false, a value is required for the `backup_encryption_key_crn` input. Alternatiely set `use_default_backup_encryption_key` to true to use the IBM Cloud Databases default encryption. Applies only if `use_ibm_owned_encryption_key` is false. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups). | `bool` | `true` | no |
+| [use\_same\_kms\_key\_for\_backups](#input\_use\_same\_kms\_key\_for\_backups) | Set this to false if you wan't to use a different key that you own to encrypt backups. When set to false, a value is required for the `backup_encryption_key_crn` input. Alternatively set `use_default_backup_encryption_key` to true to use the IBM Cloud Databases default encryption. Applies only if `use_ibm_owned_encryption_key` is false. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups). | `bool` | `true` | no |
| [users](#input\_users) | A list of users that you want to create on the database. Multiple blocks are allowed. The user password must be in the range of 10-32 characters. Be warned that in most case using IAM service credentials (via the var.service\_credential\_names) is sufficient to control access to the RabbitMQ instance. This blocks creates native RabbitMQ database users, more info on that can be found here https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-user-management | list(object({
name = string
password = string # pragma: allowlist secret
type = optional(string)
role = optional(string)
})) | `[]` | no |
| [version\_upgrade\_skip\_backup](#input\_version\_upgrade\_skip\_backup) | Whether to skip taking a backup before upgrading the database version. Attention: Skipping a backup is not recommended. Skipping a backup before a version upgrade is dangerous and may result in data loss if the upgrade fails at any stage — there will be no immediate backup to restore from. | `bool` | `false` | no |
diff --git a/examples/backup-restore/README.md b/examples/backup-restore/README.md
index 6977e563..9e7a83b4 100644
--- a/examples/backup-restore/README.md
+++ b/examples/backup-restore/README.md
@@ -3,4 +3,4 @@
This example provides an end-to-end executable flow of how a RabbitMQ DB can be created from a backup instance. This example uses the IBM Cloud terraform provider to:
- Create a new resource group if one is not passed in.
-- Create a restored ICD RabbitMQ database instance pointing to the lastest backup of the existing RabbitMQ database instance crn passed.
+- Create a restored ICD RabbitMQ database instance pointing to the latest backup of the existing RabbitMQ database instance crn passed.
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 602b87d2..fc7162bb 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -125,6 +125,10 @@ module "icd_rabbitmq" {
backup_encryption_key_crn = module.key_protect_all_inclusive.keys["icd.${local.backups_key_name}"].crn
service_credential_names = local.service_credential_names
member_host_flavor = "multitenant"
+ # Example of setting configuration - none of the below is mandatory - those settings are set in this example for illustation purpose and ensure path is exercised in automated test using this example.
+ configuration = {
+ delete_undefined_queues = true
+ }
cbr_rules = [
{
description = "${var.prefix}-rabbitmq access only from vpc"
diff --git a/examples/fscloud/README.md b/examples/fscloud/README.md
index 3fbd2852..8dcffc99 100644
--- a/examples/fscloud/README.md
+++ b/examples/fscloud/README.md
@@ -1,6 +1,6 @@
# Financial Services Cloud profile example with autoscaling enabled
-An end-to-end example that uses the [Profile for IBM Cloud Framework for Financial Services](../../modules/fscloud/) to deploy an instance of IBM Cloud Databases for RabbitMQ.
+An end-to-end example that uses the [Profile for IBM Cloud Framework for Financial Services](../../modules/fscloud/) to deploy an instance of IBM Cloud Messages for RabbitMQ.
The example uses the IBM Cloud Terraform provider to create the following infrastructure:
@@ -12,7 +12,7 @@ The example uses the IBM Cloud Terraform provider to create the following infras
- A sample virtual private cloud (VPC).
- A context-based restriction (CBR) rule to only allow RabbitMQ to be accessible from within the VPC.
-:exclamation: **Important:** In this example, only the IBM Cloud Databases for RabbitMQ instance complies with the IBM Cloud Framework for Financial Services. Other parts of the infrastructure do not necessarily comply.
+:exclamation: **Important:** In this example, only the IBM Cloud Messages for RabbitMQ instance complies with the IBM Cloud Framework for Financial Services. Other parts of the infrastructure do not necessarily comply.
## Before you begin
- You need a Hyper Protect Crypto Services instance and root key available in the region that you want to deploy your RabbitMQ database instance to.
diff --git a/ibm_catalog.json b/ibm_catalog.json
index 56e5c783..0d555af6 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -21,8 +21,8 @@
"cache",
"in memory"
],
- "short_description": "Creates and configures an instance of IBM Cloud Databases for RabbitMQ.",
- "long_description": "This architecture supports creating and configuring an instance of Databases for RabbitMQ with KMS encryption. RabbitMQ routes messages between microservices for modern applications. [Messages for RabbitMQ](https://www.ibm.com/products/messages-for-rabbitmq) makes RabbitMQ even better by managing it for you. Features include high availability, automated backup orchestration, autoscaling, and de-coupled allocation of storage, RAM, and vCPUs. Messages for RabbitMQ pricing is based on underlying disk, RAM, and optional vCPU allocation, as well as backup storage usage. The service is HIPAA-Ready and compliant with PCI-DSS, SOC 1 Type 2, SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, ISO 27701, and GDPR. You can also learn more by viewing docs, API docs, and terms.\n\nℹ️ This Terraform-based automation is part of a broader suite of IBM-maintained Infrastructure as Code (IaC) assets, each following the naming pattern \"Cloud automation for servicename\" and focusing on single IBM Cloud service. These single-service deployable architectures can be used on their own to streamline and automate service deployments through an [IaC approach](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understanding-projects), or assembled together into a broader [automated IaC stack](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-config-stack) to automate the deployment of an end-to-end solution architecture.",
+ "short_description": "Creates and configures an instance of IBM Cloud Messages for RabbitMQ.",
+ "long_description": "This architecture supports creating and configuring an instance of Messages for RabbitMQ with KMS encryption. RabbitMQ routes messages between microservices for modern applications. [Messages for RabbitMQ](https://www.ibm.com/products/messages-for-rabbitmq) makes RabbitMQ even better by managing it for you. Features include high availability, automated backup orchestration, autoscaling, and de-coupled allocation of storage, RAM, and vCPUs. Messages for RabbitMQ pricing is based on underlying disk, RAM, and optional vCPU allocation, as well as backup storage usage. The service is HIPAA-Ready and compliant with PCI-DSS, SOC 1 Type 2, SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, ISO 27701, and GDPR. You can also learn more by viewing docs, API docs, and terms.\n\nℹ️ This Terraform-based automation is part of a broader suite of IBM-maintained Infrastructure as Code (IaC) assets, each following the naming pattern \"Cloud automation for servicename\" and focusing on single IBM Cloud service. These single-service deployable architectures can be used on their own to streamline and automate service deployments through an [IaC approach](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understanding-projects), or assembled together into a broader [automated IaC stack](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-config-stack) to automate the deployment of an end-to-end solution architecture.",
"offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-icd-rabbitmq/blob/main/README.md",
"offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-icd-rabbitmq/main/images/rabbitmq_icon.svg",
"provider_name": "IBM",
@@ -256,6 +256,14 @@
{
"key": "auto_scaling"
},
+ {
+ "key": "configuration",
+ "custom_config": {
+ "type": "code_editor",
+ "grouping": "deployment",
+ "original_grouping": "deployment"
+ }
+ },
{
"key": "service_endpoints",
"options": [
@@ -283,7 +291,12 @@
"key": "version_upgrade_skip_backup"
},
{
- "key": "service_credential_names"
+ "key": "service_credential_names",
+ "custom_config": {
+ "type": "code_editor",
+ "grouping": "deployment",
+ "original_grouping": "deployment"
+ }
},
{
"key": "service_credential_secrets",
@@ -383,7 +396,13 @@
"key": "existing_rabbitmq_instance_crn"
},
{
- "key": "cbr_rules"
+ "key": "cbr_rules",
+ "type": "array",
+ "custom_config": {
+ "type": "code_editor",
+ "grouping": "deployment",
+ "original_grouping": "deployment"
+ }
}
],
"terraform_version": "1.10.5"
@@ -580,6 +599,14 @@
{
"key": "auto_scaling"
},
+ {
+ "key": "configuration",
+ "custom_config": {
+ "type": "code_editor",
+ "grouping": "deployment",
+ "original_grouping": "deployment"
+ }
+ },
{
"key": "deletion_protection"
},
@@ -587,7 +614,12 @@
"key": "timeouts_update"
},
{
- "key": "service_credential_names"
+ "key": "service_credential_names",
+ "custom_config": {
+ "type": "code_editor",
+ "grouping": "deployment",
+ "original_grouping": "deployment"
+ }
},
{
"key": "service_credential_secrets",
@@ -654,7 +686,13 @@
"key": "existing_rabbitmq_instance_crn"
},
{
- "key": "cbr_rules"
+ "key": "cbr_rules",
+ "type": "array",
+ "custom_config": {
+ "type": "code_editor",
+ "grouping": "deployment",
+ "original_grouping": "deployment"
+ }
}
],
"terraform_version": "1.10.5"
diff --git a/main.tf b/main.tf
index 06663f9f..f340095b 100644
--- a/main.tf
+++ b/main.tf
@@ -156,14 +156,16 @@ resource "time_sleep" "wait_for_backup_kms_authorization_policy" {
########################################################################################################################
resource "ibm_database" "rabbitmq_database" {
- depends_on = [time_sleep.wait_for_authorization_policy, time_sleep.wait_for_backup_kms_authorization_policy]
- name = var.name
- plan = var.plan
- location = var.region
- service = "messages-for-rabbitmq"
- version = var.rabbitmq_version
- resource_group_id = var.resource_group_id
- service_endpoints = var.service_endpoints
+ depends_on = [time_sleep.wait_for_authorization_policy, time_sleep.wait_for_backup_kms_authorization_policy]
+ name = var.name
+ plan = var.plan
+ location = var.region
+ service = "messages-for-rabbitmq"
+ version = var.rabbitmq_version
+ resource_group_id = var.resource_group_id
+ service_endpoints = var.service_endpoints
+ # remove elements with null values: see https://github.com/terraform-ibm-modules/terraform-ibm-icd-postgresql/issues/273
+ configuration = var.configuration != null ? jsonencode({ for k, v in var.configuration : k => v if v != null }) : null
deletion_protection = var.deletion_protection
version_upgrade_skip_backup = var.version_upgrade_skip_backup
tags = var.tags
diff --git a/modules/fscloud/README.md b/modules/fscloud/README.md
index ab407f32..0f38e0f6 100644
--- a/modules/fscloud/README.md
+++ b/modules/fscloud/README.md
@@ -2,7 +2,7 @@
This code is a version of the [parent root module](../../) that includes a default configuration that complies with the relevant controls from the [IBM Cloud Framework for Financial Services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-about). See the [Example for IBM Cloud Framework for Financial Services](/examples/fscloud/) for logic that uses this module.
-:exclamation: **Exception:** The Databases for RabbitMQ service is not yet Financial services validated. Therefore, the infrastructure that is deployed by this module is also not validated with the Framework for Financial Services. For more information, see the list of [Financial Services Validated services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-vpc-architecture-about#financial-services-validated-services).
+:exclamation: **Exception:** The Messages for RabbitMQ service is not yet Financial services validated. Therefore, the infrastructure that is deployed by this module is also not validated with the Framework for Financial Services. For more information, see the list of [Financial Services Validated services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-vpc-architecture-about#financial-services-validated-services).
The default values in this profile were scanned by [IBM Code Risk Analyzer (CRA)](https://cloud.ibm.com/docs/code-risk-analyzer-cli-plugin?topic=code-risk-analyzer-cli-plugin-cra-cli-plugin#terraform-command) for compliance with the IBM Cloud Framework for Financial Services profile that is specified by the IBM Security and Compliance Center.
@@ -36,6 +36,7 @@ No resources.
| [backup\_crn](#input\_backup\_crn) | The CRN of a backup resource to restore from. The backup is created by a database deployment with the same service ID. The backup is loaded after provisioning and the new deployment starts up that uses that data. A backup CRN is in the format crn:v1:<…>:backup:. If omitted, the database is provisioned empty. | `string` | `null` | no |
| [backup\_encryption\_key\_crn](#input\_backup\_encryption\_key\_crn) | The CRN of a Key Protect or Hyper Protect Crypto Services encryption key that you want to use for encrypting the disk that holds deployment backups. Applies only if `use_ibm_owned_encryption_key` is false and `use_same_kms_key_for_backups` is false. If no value is passed, and `use_same_kms_key_for_backups` is true, the value of `kms_key_crn` is used. Alternatively set `use_default_backup_encryption_key` to true to use the IBM Cloud Databases default encryption. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups). | `string` | `null` | no |
| [cbr\_rules](#input\_cbr\_rules) | (Optional, list) List of CBR rules to create | list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
})) | `[]` | no |
+| [configuration](#input\_configuration) | Database configuration parameters, see https://cloud.ibm.com/docs/databases-for-rabbitmq?topic=databases-for-rabbitmq-changing-configuration&interface=api for more details. | object({
delete_undefined_queues = optional(bool)
}) | `null` | no |
| [cpu\_count](#input\_cpu\_count) | Allocated dedicated CPU per member. For shared CPU, set to 0. [Learn more](https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-resources-scaling) | `number` | `0` | no |
| [deletion\_protection](#input\_deletion\_protection) | Enable deletion protection within terraform. This is not a property of the resource and does not prevent deletion outside of terraform. The database can not be deleted by terraform when this value is set to 'true'. In order to delete with terraform the value must be set to 'false' and a terraform apply performed before the destroy is performed. The default is 'true'. | `bool` | `true` | no |
| [disk\_mb](#input\_disk\_mb) | Allocated disk per member. [Learn more](https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-resources-scaling) | `number` | `1024` | no |
@@ -48,12 +49,12 @@ No resources.
| [region](#input\_region) | The region where you want to deploy your instance. | `string` | `"us-south"` | no |
| [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where the RabbitMQ instance will be created. | `string` | n/a | yes |
| [service\_credential\_names](#input\_service\_credential\_names) | Map of name, role for service credentials that you want to create for the database | `map(string)` | `{}` | no |
-| [skip\_iam\_authorization\_policy](#input\_skip\_iam\_authorization\_policy) | Set to true to skip the creation of IAM authorization policies that permits all Databases for RabbitMQ instances in the given resource group 'Reader' access to the Key Protect or Hyper Protect Crypto Services key that was provided in the `kms_key_crn` and `backup_encryption_key_crn` inputs. This policy is required in order to enable KMS encryption, so only skip creation if there is one already present in your account. No policy is created if `use_ibm_owned_encryption_key` is true. | `bool` | `false` | no |
+| [skip\_iam\_authorization\_policy](#input\_skip\_iam\_authorization\_policy) | Set to true to skip the creation of IAM authorization policies that permits all Messages for RabbitMQ instances in the given resource group 'Reader' access to the Key Protect or Hyper Protect Crypto Services key that was provided in the `kms_key_crn` and `backup_encryption_key_crn` inputs. This policy is required in order to enable KMS encryption, so only skip creation if there is one already present in your account. No policy is created if `use_ibm_owned_encryption_key` is true. | `bool` | `false` | no |
| [tags](#input\_tags) | Optional list of tags to be added to the RabbitMQ instance. | `list(string)` | `[]` | no |
| [timeouts\_update](#input\_timeouts\_update) | A database update may require a longer timeout for the update to complete. The default is 120 minutes. Set this variable to change the `update` value in the `timeouts` block. [Learn more](https://developer.hashicorp.com/terraform/language/resources/syntax#operation-timeouts). | `string` | `"120m"` | no |
| [use\_default\_backup\_encryption\_key](#input\_use\_default\_backup\_encryption\_key) | When `use_ibm_owned_encryption_key` is set to false, backups will be encrypted with either the key specified in `kms_key_crn`, or in `backup_encryption_key_crn` if a value is passed. If you do not want to use your own key for backups encryption, you can set this to `true` to use the IBM Cloud Databases default encryption for backups. Alternatively set `use_ibm_owned_encryption_key` to true to use the default encryption for both backups and deployment data. | `bool` | `false` | no |
| [use\_ibm\_owned\_encryption\_key](#input\_use\_ibm\_owned\_encryption\_key) | Set to true to use the default IBM Cloud® Databases randomly generated keys for disk and backups encryption. To control the encryption keys, use the `kms_key_crn` and `backup_encryption_key_crn` inputs. | `string` | `false` | no |
-| [use\_same\_kms\_key\_for\_backups](#input\_use\_same\_kms\_key\_for\_backups) | Set this to false if you wan't to use a different key that you own to encrypt backups. When set to false, a value is required for the `backup_encryption_key_crn` input. Alternatiely set `use_default_backup_encryption_key` to true to use the IBM Cloud Databases default encryption. Applies only if `use_ibm_owned_encryption_key` is false. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups). | `bool` | `true` | no |
+| [use\_same\_kms\_key\_for\_backups](#input\_use\_same\_kms\_key\_for\_backups) | Set this to false if you wan't to use a different key that you own to encrypt backups. When set to false, a value is required for the `backup_encryption_key_crn` input. Alternatively set `use_default_backup_encryption_key` to true to use the IBM Cloud Databases default encryption. Applies only if `use_ibm_owned_encryption_key` is false. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups). | `bool` | `true` | no |
| [users](#input\_users) | A list of users that you want to create on the database. Multiple blocks are allowed. The user password must be in the range of 10-32 characters. Be warned that in most case using IAM service credentials (via the var.service\_credential\_names) is sufficient to control access to the RabbitMQ instance. This blocks creates native RabbitMQ database users, more info on that can be found here https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-user-management | list(object({
name = string
password = string # pragma: allowlist secret
type = optional(string)
role = optional(string)
})) | `[]` | no |
| [version\_upgrade\_skip\_backup](#input\_version\_upgrade\_skip\_backup) | Whether to skip taking a backup before upgrading the database version. Attention: Skipping a backup is not recommended. Skipping a backup before a version upgrade is dangerous and may result in data loss if the upgrade fails at any stage — there will be no immediate backup to restore from. | `bool` | `false` | no |
diff --git a/modules/fscloud/main.tf b/modules/fscloud/main.tf
index 81866de9..0ef041e5 100644
--- a/modules/fscloud/main.tf
+++ b/modules/fscloud/main.tf
@@ -26,5 +26,6 @@ module "rabbitmq_database" {
cpu_count = var.cpu_count
member_host_flavor = var.member_host_flavor
auto_scaling = var.auto_scaling
+ configuration = var.configuration
service_credential_names = var.service_credential_names
}
diff --git a/modules/fscloud/variables.tf b/modules/fscloud/variables.tf
index 9c58f803..5ac8ed51 100644
--- a/modules/fscloud/variables.tf
+++ b/modules/fscloud/variables.tf
@@ -95,6 +95,14 @@ variable "access_tags" {
default = []
}
+variable "configuration" {
+ type = object({
+ delete_undefined_queues = optional(bool)
+ })
+ description = "Database configuration parameters, see https://cloud.ibm.com/docs/databases-for-rabbitmq?topic=databases-for-rabbitmq-changing-configuration&interface=api for more details."
+ default = null
+}
+
variable "version_upgrade_skip_backup" {
type = bool
description = "Whether to skip taking a backup before upgrading the database version. Attention: Skipping a backup is not recommended. Skipping a backup before a version upgrade is dangerous and may result in data loss if the upgrade fails at any stage — there will be no immediate backup to restore from."
@@ -170,7 +178,7 @@ variable "kms_key_crn" {
variable "use_same_kms_key_for_backups" {
type = bool
- description = "Set this to false if you wan't to use a different key that you own to encrypt backups. When set to false, a value is required for the `backup_encryption_key_crn` input. Alternatiely set `use_default_backup_encryption_key` to true to use the IBM Cloud Databases default encryption. Applies only if `use_ibm_owned_encryption_key` is false. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups)."
+ description = "Set this to false if you wan't to use a different key that you own to encrypt backups. When set to false, a value is required for the `backup_encryption_key_crn` input. Alternatively set `use_default_backup_encryption_key` to true to use the IBM Cloud Databases default encryption. Applies only if `use_ibm_owned_encryption_key` is false. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups)."
default = true
}
@@ -196,7 +204,7 @@ variable "use_default_backup_encryption_key" {
variable "skip_iam_authorization_policy" {
type = bool
- description = "Set to true to skip the creation of IAM authorization policies that permits all Databases for RabbitMQ instances in the given resource group 'Reader' access to the Key Protect or Hyper Protect Crypto Services key that was provided in the `kms_key_crn` and `backup_encryption_key_crn` inputs. This policy is required in order to enable KMS encryption, so only skip creation if there is one already present in your account. No policy is created if `use_ibm_owned_encryption_key` is true."
+ description = "Set to true to skip the creation of IAM authorization policies that permits all Messages for RabbitMQ instances in the given resource group 'Reader' access to the Key Protect or Hyper Protect Crypto Services key that was provided in the `kms_key_crn` and `backup_encryption_key_crn` inputs. This policy is required in order to enable KMS encryption, so only skip creation if there is one already present in your account. No policy is created if `use_ibm_owned_encryption_key` is true."
default = false
}
diff --git a/solutions/fully-configurable/DA-types.md b/solutions/fully-configurable/DA-types.md
index f4232205..084ce719 100644
--- a/solutions/fully-configurable/DA-types.md
+++ b/solutions/fully-configurable/DA-types.md
@@ -1,11 +1,12 @@
-# Configuring complex inputs in Databases for RabbitMQ
+# Configuring complex inputs in Messages for RabbitMQ
-Several optional input variables in the IBM Cloud [Databases for RabbitMQ deployable architecture](https://cloud.ibm.com/catalog#deployable_architecture) use complex object types. You specify these inputs when you configure deployable architecture.
+Several optional input variables in the IBM Cloud [Messages for RabbitMQ deployable architecture](https://cloud.ibm.com/catalog#deployable_architecture) use complex object types. You specify these inputs when you configure deployable architecture.
- [Service credentials](#svc-credential-name) (`service_credential_names`)
- [Service credential secrets](#service-credential-secrets) (`service_credential_secrets`)
- [Users](#users) (`users`)
- [Autoscaling](#autoscaling) (`auto_scaling`)
+- [Configuration](#configuration) (`configuration`)
## Service credentials
@@ -195,3 +196,28 @@ The following example shows values for both disk and memory for the `auto_scalin
}
}
```
+
+## Configuration
+
+The Configuration variable tunes messages for RabbitMQ to suit different use case. For more information, see [Configuration](https://cloud.ibm.com/apidocs/cloud-databases-api/cloud-databases-api-v5#updatedatabaseconfiguration-request).
+
+- Variable name: `configuration`
+- Type: An object with multiple attributes i.e. `delete_undefined_queues`
+
+### Options for configuration
+
+The configuration object in the input contains the following options
+
+**Available Settings. [Learn more](https://cloud.ibm.com/apidocs/cloud-databases-api/cloud-databases-api-v5#updatedatabaseconfiguration-request)**
+
+- `delete_undefined_queues`: Automatically delete undefined queues. (default: `true`).
+
+### Example configuration
+
+The following example shows values for the `configuration` input.
+
+```hcl
+{
+ delete_undefined_queues = true
+}
+```
diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf
index 2c8c387a..b19afc5a 100644
--- a/solutions/fully-configurable/main.tf
+++ b/solutions/fully-configurable/main.tf
@@ -298,6 +298,7 @@ module "rabbitmq" {
disk_mb = var.member_disk_mb
cpu_count = var.member_cpu_count
auto_scaling = var.auto_scaling
+ configuration = var.configuration
service_credential_names = var.service_credential_names
backup_crn = var.backup_crn
service_endpoints = var.service_endpoints
@@ -333,7 +334,7 @@ module "sm_instance_crn_parser" {
crn = var.existing_secrets_manager_instance_crn
}
-# create a service authorization between Secrets Manager and the target service (Databases for RabbitMQ)
+# create a service authorization between Secrets Manager and the target service (Messages for RabbitMQ)
resource "ibm_iam_authorization_policy" "secrets_manager_key_manager" {
count = local.create_sm_auth_policy
source_service_name = "secrets-manager"
@@ -386,7 +387,7 @@ locals {
]
}]
- # Concatinate into 1 secrets object
+ # Concatenate into 1 secrets object
secrets = concat(local.service_credential_secrets, local.admin_pass_secret)
# Parse Secrets Manager details from the CRN
existing_secrets_manager_instance_guid = var.existing_secrets_manager_instance_crn != null ? module.sm_instance_crn_parser[0].service_instance : null
diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index bcd91182..3e63497b 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -43,7 +43,7 @@ variable "prefix" {
variable "name" {
type = string
- description = "The name of the Databases for RabbitMQ instance. If a prefix input variable is specified, the prefix is added to the name in the `-` format."
+ description = "The name of the Messages for RabbitMQ instance. If a prefix input variable is specified, the prefix is added to the name in the `-` format."
default = "rabbitmq"
}
@@ -120,6 +120,16 @@ variable "member_host_flavor" {
}
}
+variable "configuration" {
+ type = object({
+ delete_undefined_queues = optional(bool)
+ })
+ description = "Messages for RabbitMQ configuration parameters, see https://cloud.ibm.com/docs/messages-for-rabbitmq for more details."
+ default = {
+ delete_undefined_queues = true
+ }
+}
+
variable "service_credential_names" {
description = "Map of name, role for service credentials that you want to create for the database. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-icd-rabbitmq/blob/main/solutions/standard/DA-types.md#svc-credential-name)"
type = map(string)
@@ -225,7 +235,7 @@ variable "kms_endpoint_type" {
variable "skip_rabbitmq_kms_auth_policy" {
type = bool
- description = "Whether to create an IAM authorization policy that permits all Databases for RabbitMQ instances in the resource group to read the encryption key from the Hyper Protect Crypto Services instance specified in the `existing_kms_instance_crn` variable."
+ description = "Whether to create an IAM authorization policy that permits all Messages for RabbitMQ instances in the resource group to read the encryption key from the Hyper Protect Crypto Services instance specified in the `existing_kms_instance_crn` variable."
default = false
}
@@ -239,13 +249,13 @@ variable "ibmcloud_kms_api_key" {
variable "key_ring_name" {
type = string
default = "rabbitmq-key-ring"
- description = "The name for the key ring created for the Databases for RabbitMQ key. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `-` format."
+ description = "The name for the key ring created for the Messages for RabbitMQ key. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `-` format."
}
variable "key_name" {
type = string
default = "rabbitmq-key"
- description = "The name for the key created for the Databases for RabbitMQ key. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `-` format."
+ description = "The name for the key created for the Messages for RabbitMQ key. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `-` format."
}
variable "existing_backup_kms_key_crn" {
@@ -323,7 +333,7 @@ variable "auto_scaling" {
variable "existing_secrets_manager_instance_crn" {
type = string
default = null
- description = "The CRN of existing secrets manager to use to create service credential secrets for Databases for RabbitMQ instance."
+ description = "The CRN of existing secrets manager to use to create service credential secrets for Messages for RabbitMQ instance."
}
variable "existing_secrets_manager_endpoint_type" {
@@ -355,7 +365,7 @@ variable "service_credential_secrets" {
}))
}))
default = []
- description = "Service credential secrets configuration for Databases for RabbitMQ. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-icd-rabbitmq/tree/main/solutions/standard/DA-types.md#service-credential-secrets)."
+ description = "Service credential secrets configuration for Messages for RabbitMQ. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-icd-rabbitmq/tree/main/solutions/standard/DA-types.md#service-credential-secrets)."
validation {
# Service roles CRNs can be found at https://cloud.ibm.com/iam/roles, select the IBM Cloud Database and select the role
@@ -379,7 +389,7 @@ variable "service_credential_secrets" {
variable "skip_rabbitmq_secrets_manager_auth_policy" {
type = bool
- description = "Whether an IAM authorization policy is created for Secrets Manager instance to create a service credential secrets for Databases for RabbitMQ. If set to false, the Secrets Manager instance passed by the user is granted the Key Manager access to the RabbitMQ instance created by the Deployable Architecture. Set to `true` to use an existing policy. The value of this is ignored if any value for 'existing_secrets_manager_instance_crn' is not passed."
+ description = "Whether an IAM authorization policy is created for Secrets Manager instance to create a service credential secrets for Messages for RabbitMQ. If set to false, the Secrets Manager instance passed by the user is granted the Key Manager access to the RabbitMQ instance created by the Deployable Architecture. Set to `true` to use an existing policy. The value of this is ignored if any value for 'existing_secrets_manager_instance_crn' is not passed."
default = false
}
diff --git a/solutions/security-enforced/main.tf b/solutions/security-enforced/main.tf
index 5d8c5e69..708575de 100644
--- a/solutions/security-enforced/main.tf
+++ b/solutions/security-enforced/main.tf
@@ -13,6 +13,7 @@ module "icd_rabbitmq" {
member_cpu_count = var.member_cpu_count
member_disk_mb = var.member_disk_mb
member_host_flavor = var.member_host_flavor
+ configuration = var.configuration
service_credential_names = var.service_credential_names
admin_pass = var.admin_pass
users = var.users
diff --git a/solutions/security-enforced/variables.tf b/solutions/security-enforced/variables.tf
index 01b86660..dd82b549 100644
--- a/solutions/security-enforced/variables.tf
+++ b/solutions/security-enforced/variables.tf
@@ -43,7 +43,7 @@ variable "prefix" {
variable "name" {
type = string
- description = "The name of the Databases for RabbitMQ instance. If a prefix input variable is specified, the prefix is added to the name in the `-` format."
+ description = "The name of the Messages for RabbitMQ instance. If a prefix input variable is specified, the prefix is added to the name in the `-` format."
default = "rabbitmq"
}
@@ -141,6 +141,16 @@ variable "access_tags" {
default = []
}
+variable "configuration" {
+ type = object({
+ delete_undefined_queues = optional(bool)
+ })
+ description = "Database configuration parameters, see https://cloud.ibm.com/docs/messages-for-rabbitmq for more details."
+ default = {
+ delete_undefined_queues = true
+ }
+}
+
variable "deletion_protection" {
type = bool
description = "Enable deletion protection within terraform. This is not a property of the resource and does not prevent deletion outside of terraform. The database can not be deleted by terraform when this value is set to 'true'. In order to delete with terraform the value must be set to 'false' and a terraform apply performed before the destroy is performed. The default is 'true'."
@@ -176,7 +186,7 @@ variable "existing_kms_key_crn" {
variable "skip_rabbitmq_kms_auth_policy" {
type = bool
- description = "Whether to create an IAM authorization policy that permits all Databases for RabbitMQ instances in the resource group to read the encryption key from the Hyper Protect Crypto Services instance specified in the `existing_kms_instance_crn` variable."
+ description = "Whether to create an IAM authorization policy that permits all Messages for RabbitMQ instances in the resource group to read the encryption key from the Hyper Protect Crypto Services instance specified in the `existing_kms_instance_crn` variable."
default = false
}
@@ -190,13 +200,13 @@ variable "ibmcloud_kms_api_key" {
variable "key_ring_name" {
type = string
default = "rabbitmq-key-ring"
- description = "The name for the key ring created for the Databases for RabbitMQ key. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `-` format."
+ description = "The name for the key ring created for the Messages for RabbitMQ key. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `-` format."
}
variable "key_name" {
type = string
default = "rabbitmq-key"
- description = "The name for the key created for the Databases for RabbitMQ key. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `-` format."
+ description = "The name for the key created for the Messages for RabbitMQ key. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `-` format."
}
variable "existing_backup_kms_key_crn" {
@@ -257,7 +267,7 @@ variable "auto_scaling" {
variable "existing_secrets_manager_instance_crn" {
type = string
default = null
- description = "The CRN of existing secrets manager to use to create service credential secrets for Databases for RabbitMQ instance."
+ description = "The CRN of existing secrets manager to use to create service credential secrets for Messages for RabbitMQ instance."
}
variable "service_credential_secrets" {
@@ -278,7 +288,7 @@ variable "service_credential_secrets" {
}))
}))
default = []
- description = "Service credential secrets configuration for Databases for RabbitMQ. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-icd-rabbitmq/tree/main/solutions/standard/DA-types.md#service-credential-secrets)."
+ description = "Service credential secrets configuration for Messages for RabbitMQ. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-icd-rabbitmq/tree/main/solutions/standard/DA-types.md#service-credential-secrets)."
validation {
# Service roles CRNs can be found at https://cloud.ibm.com/iam/roles, select the IBM Cloud Database and select the role
@@ -302,7 +312,7 @@ variable "service_credential_secrets" {
variable "skip_rabbitmq_secrets_manager_auth_policy" {
type = bool
- description = "Whether an IAM authorization policy is created for Secrets Manager instance to create a service credential secrets for Databases for RabbitMQ. If set to false, the Secrets Manager instance passed by the user is granted the Key Manager access to the RabbitMQ instance created by the Deployable Architecture. Set to `true` to use an existing policy. The value of this is ignored if any value for 'existing_secrets_manager_instance_crn' is not passed."
+ description = "Whether an IAM authorization policy is created for Secrets Manager instance to create a service credential secrets for Messages for RabbitMQ. If set to false, the Secrets Manager instance passed by the user is granted the Key Manager access to the RabbitMQ instance created by the Deployable Architecture. Set to `true` to use an existing policy. The value of this is ignored if any value for 'existing_secrets_manager_instance_crn' is not passed."
default = false
}
diff --git a/variables.tf b/variables.tf
index d6f4b15c..ab6bb8a0 100644
--- a/variables.tf
+++ b/variables.tf
@@ -145,6 +145,14 @@ variable "access_tags" {
}
}
+variable "configuration" {
+ type = object({
+ delete_undefined_queues = optional(bool)
+ })
+ description = "Database configuration parameters, see https://cloud.ibm.com/docs/databases-for-rabbitmq?topic=databases-for-rabbitmq-changing-configuration&interface=api for more details."
+ default = null
+}
+
variable "version_upgrade_skip_backup" {
type = bool
description = "Whether to skip taking a backup before upgrading the database version. Attention: Skipping a backup is not recommended. Skipping a backup before a version upgrade is dangerous and may result in data loss if the upgrade fails at any stage — there will be no immediate backup to restore from."
@@ -255,7 +263,7 @@ variable "kms_key_crn" {
variable "use_same_kms_key_for_backups" {
type = bool
- description = "Set this to false if you wan't to use a different key that you own to encrypt backups. When set to false, a value is required for the `backup_encryption_key_crn` input. Alternatiely set `use_default_backup_encryption_key` to true to use the IBM Cloud Databases default encryption. Applies only if `use_ibm_owned_encryption_key` is false. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups)."
+ description = "Set this to false if you wan't to use a different key that you own to encrypt backups. When set to false, a value is required for the `backup_encryption_key_crn` input. Alternatively set `use_default_backup_encryption_key` to true to use the IBM Cloud Databases default encryption. Applies only if `use_ibm_owned_encryption_key` is false. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups)."
default = true
}
@@ -276,7 +284,7 @@ variable "backup_encryption_key_crn" {
variable "skip_iam_authorization_policy" {
type = bool
- description = "Set to true to skip the creation of IAM authorization policies that permits all Databases for RabbitMQ instances in the given resource group 'Reader' access to the Key Protect or Hyper Protect Crypto Services key that was provided in the `kms_key_crn` and `backup_encryption_key_crn` inputs. This policy is required in order to enable KMS encryption, so only skip creation if there is one already present in your account. No policy is created if `use_ibm_owned_encryption_key` is true."
+ description = "Set to true to skip the creation of IAM authorization policies that permits all Messages for RabbitMQ instances in the given resource group 'Reader' access to the Key Protect or Hyper Protect Crypto Services key that was provided in the `kms_key_crn` and `backup_encryption_key_crn` inputs. This policy is required in order to enable KMS encryption, so only skip creation if there is one already present in your account. No policy is created if `use_ibm_owned_encryption_key` is true."
default = false
}