Flow logs (#24)

* work in progres: flow logs

* Added flow log with tests

Signed-off-by: Andrew Trice <[email protected]>

* added random string to bucket name

Signed-off-by: Andrew Trice <[email protected]>

* added random string to bucket name

Signed-off-by: Andrew Trice <[email protected]>

* removed random string b/c it causs other problems.  changed bucket name to be unique

Signed-off-by: Andrew Trice <[email protected]>

* added policy creation for the automated testing script

Signed-off-by: Andrew Trice <[email protected]>

Author: Andrew Trice

main.tf

@@ -106,3 +106,15 @@ resource ibm_is_security_group_rule private_dns_2 {
     port_max = 53
   }
 }
+
+resource ibm_is_flow_log flowlog_instance {
+  count = length(var.flow-log-cos-bucket-name) > 0 ? 1 : 0
+  depends_on = [ibm_is_vpc.vpc]
+  name = "${local.vpc_name}-flowlog"
+  active = true
+  //target can be VPC or Virtual Server Instance or Subnet or Primary Network Interface or Secondary Network Interface 
+  target = data.ibm_is_vpc.vpc.id
+  resource_group = var.resource_group_id
+  storage_bucket = var.flow-log-cos-bucket-name
+}
+

test/stages/stage0.tf

@@ -1,2 +1,15 @@
 terraform {
+  required_version = ">= 0.13.0"
+
+  required_providers {
+    ibm = {
+      source = "ibm-cloud/ibm"
+      version = ">= 1.22.0"
+    }
+  }
 }
+
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+}
+

test/stages/stage3-vpc-flow-log.tf

@@ -0,0 +1,52 @@
+module "cos" {
+  source = "github.com/ibm-garage-cloud/terraform-ibm-object-storage.git"
+
+  resource_group_name = var.resource_group_name
+  name_prefix         = var.name_prefix
+  name                = "flow-log-cos-instance"
+}
+
+resource null_resource print_cos_id {
+  depends_on = [module.cos.id]
+  provisioner "local-exec" {
+    command = "echo 'Provisioning bucket into COS instance: ${module.cos.id}'"
+  }
+}
+
+resource "ibm_iam_authorization_policy" "policy" {
+    source_service_name = "is"
+    source_resource_type = "flow-log-collector"
+    target_service_name = "cloud-object-storage"
+    roles = ["Writer"] 
+}
+
+module "dev_cos_bucket" {
+  source = "github.com/cloud-native-toolkit/terraform-ibm-object-storage-bucket.git"
+
+  resource_group_name = module.resource_group.name
+  cos_instance_id     = module.cos.id
+  name_prefix         = var.name_prefix
+  ibmcloud_api_key    = var.ibmcloud_api_key
+  name                = "fl-testing-gsi"
+  region              = var.region
+}
+
+resource null_resource print_bucket {
+  provisioner "local-exec" {
+    command = "echo 'Bucket created: ${module.dev_cos_bucket.bucket_name}'"
+  }
+}
+
+
+module "dev_vpc_with_flowlog" {
+  source = "./module"
+
+
+  resource_group_id   = module.resource_group.id
+  resource_group_name = module.resource_group.name
+  region              = var.region
+  name_prefix         = var.name_prefix
+  name                = "vpc-with-fl-${module.cos.name}-${length(null_resource.print_bucket)}"
+  ibmcloud_api_key    = var.ibmcloud_api_key
+  flow-log-cos-bucket-name = module.dev_cos_bucket.bucket_name
+}

variables.tf

@@ -35,3 +35,9 @@ variable "provision" {
   description = "Flag indicating that the instance should be provisioned. If false then an existing instance will be looked up"
   default     = true
 }
+
+variable "flow-log-cos-bucket-name" {
+  type        = string
+  description = "Cloud Object Storage bucket id for flow logs (optional)"
+  default     = ""
+}