From 0d9474c2459091ce48f8edae8abd8aeb32f0f394 Mon Sep 17 00:00:00 2001 From: Lionel Mace Date: Mon, 24 Jun 2024 22:02:35 +0200 Subject: [PATCH] minimize odm version --- terraform/icd-postgres/database-postgres.tf | 11 +- terraform/icd-postgres/testing.auto.tfvars | 4 +- terraform/odmonroks/account-rg.tf | 26 ++- terraform/odmonroks/container-openshift.tf | 51 +----- terraform/odmonroks/database-postgres.tf | 160 ++---------------- terraform/odmonroks/iam-ag.tf | 16 +- terraform/odmonroks/networking-vpc-sgs.tf | 17 -- terraform/odmonroks/networking-vpc.tf | 29 +++- terraform/odmonroks/odm.auto.tfvars | 21 +-- terraform/odmonroks/provider.tf | 14 +- terraform/odmonroks/security-key-protect.tf | 64 ------- .../odmonroks/security-secrets-manager.tf | 34 ---- terraform/odmonroks/variables.tf | 18 +- 13 files changed, 86 insertions(+), 379 deletions(-) delete mode 100644 terraform/odmonroks/networking-vpc-sgs.tf delete mode 100644 terraform/odmonroks/security-key-protect.tf delete mode 100644 terraform/odmonroks/security-secrets-manager.tf diff --git a/terraform/icd-postgres/database-postgres.tf b/terraform/icd-postgres/database-postgres.tf index 89f279e..f553e30 100644 --- a/terraform/icd-postgres/database-postgres.tf +++ b/terraform/icd-postgres/database-postgres.tf @@ -22,7 +22,7 @@ variable "icd_postgres_ram_allocation" { variable "icd_postgres_disk_allocation" { type = number description = "Disk Usage (GB/data member)" - default = 20480 + default = 5120 } variable "icd_postgres_core_allocation" { @@ -80,12 +80,9 @@ resource "ibm_database" "icd_postgres" { group { group_id = "member" host_flavor { id = "multitenant" } - memory { allocation_mb = 4096 } - disk { allocation_mb = 5120 } - cpu { allocation_count = 0 } - # memory { allocation_mb = var.icd_postgres_ram_allocation } - # disk { allocation_mb = var.icd_postgres_disk_allocation } - # cpu { allocation_count = var.icd_postgres_core_allocation } + memory { allocation_mb = var.icd_postgres_ram_allocation } + disk { allocation_mb = var.icd_postgres_disk_allocation } + cpu { allocation_count = var.icd_postgres_core_allocation } } # auto_scaling { diff --git a/terraform/icd-postgres/testing.auto.tfvars b/terraform/icd-postgres/testing.auto.tfvars index abbe8e6..5e432a6 100644 --- a/terraform/icd-postgres/testing.auto.tfvars +++ b/terraform/icd-postgres/testing.auto.tfvars @@ -30,8 +30,8 @@ icd_postgres_use_vpe = "true" # icd_postgres_core_allocation = 6 # Minimum parameter for Standard Edition -icd_postgres_ram_allocation = 1024 -icd_postgres_disk_allocation = 20480 +icd_postgres_ram_allocation = 4096 +icd_postgres_disk_allocation = 5120 icd_postgres_core_allocation = 0 icd_postgres_users = [{ diff --git a/terraform/odmonroks/account-rg.tf b/terraform/odmonroks/account-rg.tf index d836d64..69df059 100644 --- a/terraform/odmonroks/account-rg.tf +++ b/terraform/odmonroks/account-rg.tf @@ -1,13 +1,27 @@ - ############################################################################## # Create a resource group or reuse an existing one ############################################################################## +variable "existing_resource_group_name" { + default = "" + description = "(Optional) Name of an existing resource group where to create resources" +} + resource "ibm_resource_group" "group" { - name = "${local.basename}-group" - tags = var.tags + count = var.existing_resource_group_name != "" ? 0 : 1 + name = "${local.basename}-group" + tags = var.tags +} + +data "ibm_resource_group" "group" { + count = var.existing_resource_group_name != "" ? 1 : 0 + name = var.existing_resource_group_name +} + +locals { + resource_group_id = var.existing_resource_group_name != "" ? data.ibm_resource_group.group.0.id : ibm_resource_group.group.0.id } -output "resource_group_name" { - value = ibm_resource_group.group.name -} \ No newline at end of file +# output "resource_group_name" { +# value = ibm_resource_group.group.name +# } \ No newline at end of file diff --git a/terraform/odmonroks/container-openshift.tf b/terraform/odmonroks/container-openshift.tf index f69142c..b2494bd 100644 --- a/terraform/odmonroks/container-openshift.tf +++ b/terraform/odmonroks/container-openshift.tf @@ -107,11 +107,6 @@ variable "roks_worker_pools" { pool_name = "dev" machine_type = "bx2.4x16" workers_per_zone = 1 - # }, - # { - # pool_name = "odf" - # machine_type = "bx2.16x64" - # workers_per_zone = 1 } ] @@ -137,7 +132,7 @@ variable "roks_worker_pools" { resource "ibm_container_vpc_cluster" "roks_cluster" { name = format("%s-%s", local.basename, var.openshift_cluster_name) vpc_id = ibm_is_vpc.vpc.id - resource_group_id = ibm_resource_group.group.id + resource_group_id = local.resource_group_id # Optional: Specify OpenShift version. If not included, 4.15 is used kube_version = var.openshift_version == "" ? "4.15_openshift" : var.openshift_version operating_system = var.openshift_os @@ -161,58 +156,16 @@ resource "ibm_container_vpc_cluster" "roks_cluster" { subnet_id = zones.value.id } } - - kms_config { - instance_id = ibm_resource_instance.key-protect.guid # GUID of Key Protect instance - crk_id = ibm_kms_key.key.key_id # ID of customer root key - private_endpoint = true - } - depends_on = [ - ibm_iam_authorization_policy.roks-kms - ] } -# Additional Worker Pool -############################################################################## -# resource "ibm_container_vpc_worker_pool" "roks_worker_pools" { -# for_each = { for pool in var.roks_worker_pools : pool.pool_name => pool } -# cluster = ibm_container_vpc_cluster.roks_cluster.id -# resource_group_id = ibm_resource_group.group.id -# worker_pool_name = each.key -# flavor = lookup(each.value, "machine_type", null) -# vpc_id = ibm_is_vpc.vpc.id -# worker_count = each.value.workers_per_zone -# operating_system = var.openshift_os - -# dynamic "zones" { -# for_each = { for subnet in ibm_is_subnet.subnet : subnet.id => subnet } -# content { -# name = zones.value.zone -# subnet_id = zones.value.id -# } -# } -# } - # Object Storage to backup the OpenShift Internal Registry ############################################################################## resource "ibm_resource_instance" "cos_openshift_registry" { count = var.is_openshift_cluster ? 1 : 0 name = join("-", [local.basename, "cos-registry"]) - resource_group_id = ibm_resource_group.group.id + resource_group_id = local.resource_group_id service = "cloud-object-storage" plan = "standard" location = "global" tags = var.tags } - -# IAM AUTHORIZATIONS -############################################################################## - -# Authorization policy between OpenShift and Key Protect -# Require to encrypt OpenShift with Key in Key Protect -resource "ibm_iam_authorization_policy" "roks-kms" { - source_service_name = "containers-kubernetes" - target_service_name = "kms" - target_resource_instance_id = ibm_resource_instance.key-protect.guid - roles = ["Reader"] -} \ No newline at end of file diff --git a/terraform/odmonroks/database-postgres.tf b/terraform/odmonroks/database-postgres.tf index 7396d33..4bfe5f6 100644 --- a/terraform/odmonroks/database-postgres.tf +++ b/terraform/odmonroks/database-postgres.tf @@ -22,7 +22,7 @@ variable "icd_postgres_ram_allocation" { variable "icd_postgres_disk_allocation" { type = number description = "Disk Usage (GB/data member)" - default = 20480 + default = 5120 } variable "icd_postgres_core_allocation" { @@ -43,17 +43,12 @@ variable "icd_postgres_users" { description = "Database Users. It is set of username and passwords" } -# PostgresDB cannot support both public and private endpoints simultaneously. -# This cannot be changed after provisioning. variable "icd_postgres_service_endpoints" { default = "public" type = string description = "Types of the service endpoints. Possible values are 'public', 'private', 'public-and-private'." } -variable "icd_postgres_use_vpe" { default = false } - - ############################################################################## ## ICD Postgres ############################################################################## @@ -64,174 +59,41 @@ resource "ibm_database" "icd_postgres" { version = var.icd_postgres_db_version service_endpoints = var.icd_postgres_service_endpoints location = var.region - resource_group_id = ibm_resource_group.group.id + resource_group_id = local.resource_group_id tags = var.tags - # Encrypt DB (comment to use IBM-provided Automatic Key) - key_protect_instance = ibm_resource_instance.key-protect.id - key_protect_key = ibm_kms_key.key.id - backup_encryption_key_crn = ibm_kms_key.key.id - depends_on = [ # require when using encryption key otherwise provisioning failed - ibm_iam_authorization_policy.postgres-kms, - ] - # DB Settings adminpassword = var.icd_postgres_adminpassword group { group_id = "member" - # host_flavor { id = "multitenant" } + host_flavor { id = "multitenant" } memory { allocation_mb = var.icd_postgres_ram_allocation } disk { allocation_mb = var.icd_postgres_disk_allocation } cpu { allocation_count = var.icd_postgres_core_allocation } } - - # auto_scaling { - # cpu { - # rate_increase_percent = 20 - # rate_limit_count_per_member = 20 - # rate_period_seconds = 900 - # rate_units = "count" - # } - # disk { - # capacity_enabled = true - # free_space_less_than_percent = 15 - # io_above_percent = 85 - # io_enabled = true - # io_over_period = "15m" - # rate_increase_percent = 15 - # rate_limit_mb_per_member = 3670016 - # rate_period_seconds = 900 - # rate_units = "mb" - # } - # memory { - # io_above_percent = 90 - # io_enabled = true - # io_over_period = "15m" - # rate_increase_percent = 10 - # rate_limit_mb_per_member = 114688 - # rate_period_seconds = 900 - # rate_units = "mb" - # } - # } - - # users { - # name = "user123" - # password = "password12" - # } - } ## Service Credentials ############################################################################## -resource "ibm_resource_key" "icd_postgres_key" { +resource "ibm_resource_key" "db-svc-credentials" { name = format("%s-%s", local.basename, "postgres-key") resource_instance_id = ibm_database.icd_postgres.id role = "Viewer" } -# Database connection -############################################################################## -# data "ibm_database_connection" "postgres_db_connection" { -# deployment_id = ibm_database.icd_postgres.id -# endpoint_type = var.icd_postgres_service_endpoints -# user_id = "user_id" -# user_type = "database" -# } - - -## IAM -############################################################################## -# Doc at https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-iam -resource "ibm_iam_access_group_policy" "iam-postgres" { - access_group_id = ibm_iam_access_group.accgrp.id - roles = ["Editor"] - - resources { - service = "databases-for-postgresql" - resource_group_id = ibm_resource_group.group.id - } -} - locals { endpoints = [ { - name = "postgres", - crn = ibm_database.icd_postgres.id - hostname = ibm_resource_key.icd_postgres_key.credentials["connection.postgres.hosts.0.hostname"] + name = "postgres", + crn = ibm_database.icd_postgres.id + db-name = nonsensitive(ibm_resource_key.db-svc-credentials.credentials["connection.postgres.database"]) + db-host = nonsensitive(ibm_resource_key.db-svc-credentials.credentials["connection.postgres.hosts.0.hostname"]) + db-user = nonsensitive(ibm_resource_key.db-svc-credentials.credentials["connection.postgres.authentication.username"]) + db-password = nonsensitive(ibm_resource_key.db-svc-credentials.credentials["connection.postgres.authentication.password"]) } ] } -output "endpoints" { - sensitive = true +output "icd-postgres-credentials" { value = local.endpoints -} - - -## VPE (Optional) -############################################################################## -# VPE can only be created once Postgres DB is fully registered in the backend -resource "time_sleep" "wait_for_postgres_initialization" { - count = tobool(var.icd_postgres_use_vpe) ? 1 : 0 - - depends_on = [ - ibm_database.icd_postgres - ] - - create_duration = "5m" -} - -# VPE (Virtual Private Endpoint) for Postgres -############################################################################## -# Make sure your Cloud Databases deployment's private endpoint is enabled -# otherwise you'll face this error: "Service does not support VPE extensions." -############################################################################## -resource "ibm_is_virtual_endpoint_gateway" "vpe_postgres" { - for_each = { for target in local.endpoints : target.name => target if tobool(var.icd_postgres_use_vpe) } - - name = "${local.basename}-postgres-vpe" - resource_group = ibm_resource_group.group.id - vpc = ibm_is_vpc.vpc.id - - target { - crn = ibm_database.icd_postgres.id - resource_type = "provider_cloud_service" - } - - # one Reserved IP for per zone in the VPC - dynamic "ips" { - for_each = { for subnet in ibm_is_subnet.subnet : subnet.id => subnet } - content { - subnet = ips.key - name = "${ips.value.name}-ip-postgres" - } - } - - depends_on = [ - time_sleep.wait_for_postgres_initialization - ] - - tags = var.tags -} - -# data "ibm_is_virtual_endpoint_gateway_ips" "postgres_vpe_ips" { -# gateway = ibm_is_virtual_endpoint_gateway.vpe_postgres.id -# } - -# output "postgres_vpe_ips" { -# value = data.ibm_is_virtual_endpoint_gateway_ips.postgres_vpe_ips -# } - - -# IAM AUTHORIZATIONS -############################################################################## - -# Authorization policy between Postgres and Key Protect -# Require to encrypt Postgres DB with Key in Key Protect -# https://github.com/IBM-Cloud/vpc-scaling-dedicated-host/blob/master/modules/create_services/main.tf -resource "ibm_iam_authorization_policy" "postgres-kms" { - source_service_name = "databases-for-postgresql" - target_service_name = "kms" - target_resource_instance_id = ibm_resource_instance.key-protect.guid - roles = ["Reader", "Authorization Delegator"] } \ No newline at end of file diff --git a/terraform/odmonroks/iam-ag.tf b/terraform/odmonroks/iam-ag.tf index a9bfc7c..269d908 100644 --- a/terraform/odmonroks/iam-ag.tf +++ b/terraform/odmonroks/iam-ag.tf @@ -10,7 +10,7 @@ resource "ibm_iam_access_group_policy" "iam-rg-viewer" { roles = ["Viewer"] resources { resource_type = "resource-group" - resource = ibm_resource_group.group.id + resource = local.resource_group_id } } @@ -21,7 +21,7 @@ resource "ibm_iam_access_group_policy" "policy-k8s" { resources { service = "containers-kubernetes" - resource_group_id = ibm_resource_group.group.id + resource_group_id = local.resource_group_id } } @@ -36,7 +36,15 @@ resource "ibm_iam_access_group_policy" "policy-k8s-identity-administrator" { } } - -# AUTHORIZATIONS +## IAM ############################################################################## +# Doc at https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-iam +resource "ibm_iam_access_group_policy" "iam-postgres" { + access_group_id = ibm_iam_access_group.accgrp.id + roles = ["Editor"] + resources { + service = "databases-for-postgresql" + resource_group_id = local.resource_group_id + } +} \ No newline at end of file diff --git a/terraform/odmonroks/networking-vpc-sgs.tf b/terraform/odmonroks/networking-vpc-sgs.tf deleted file mode 100644 index ce23703..0000000 --- a/terraform/odmonroks/networking-vpc-sgs.tf +++ /dev/null @@ -1,17 +0,0 @@ -# Security Groups -############################################################################## - -# Rules required to allow necessary inbound traffic to your cluster (IKS/OCP) -############################################################################## -# To expose apps by using load balancers or Ingress, allow traffic through VPC -# load balancers. For example, for Ingress listening on TCP/443 -resource "ibm_is_security_group_rule" "sg-rule-inbound-https" { - group = ibm_is_vpc.vpc.default_security_group - direction = "inbound" - remote = "0.0.0.0/0" - - tcp { - port_min = 443 - port_max = 443 - } -} diff --git a/terraform/odmonroks/networking-vpc.tf b/terraform/odmonroks/networking-vpc.tf index e7d43ca..3e390e9 100644 --- a/terraform/odmonroks/networking-vpc.tf +++ b/terraform/odmonroks/networking-vpc.tf @@ -72,7 +72,7 @@ variable "floating_ip" { resource "ibm_is_vpc" "vpc" { name = format("%s-%s", local.basename, "vpc") - resource_group = ibm_resource_group.group.id + resource_group = local.resource_group_id address_prefix_management = var.vpc_address_prefix_management default_security_group_name = "${local.basename}-vpc-sg" default_network_acl_name = "${local.basename}-vpc-acl" @@ -108,7 +108,7 @@ resource "ibm_is_public_gateway" "pgw" { name = "${local.basename}-pgw-${count.index + 1}" vpc = ibm_is_vpc.vpc.id zone = "${var.region}-${count.index + 1}" - resource_group = ibm_resource_group.group.id + resource_group = local.resource_group_id tags = var.tags } @@ -119,7 +119,7 @@ resource "ibm_is_network_acl" "multizone_acl" { name = "${local.basename}-multizone-acl" vpc = ibm_is_vpc.vpc.id - resource_group = ibm_resource_group.group.id + resource_group = local.resource_group_id dynamic "rules" { @@ -150,7 +150,26 @@ resource "ibm_is_subnet" "subnet" { network_acl = ibm_is_network_acl.multizone_acl.id public_gateway = var.vpc_enable_public_gateway ? element(ibm_is_public_gateway.pgw.*.id, count.index) : null tags = var.tags - resource_group = ibm_resource_group.group.id + resource_group = local.resource_group_id depends_on = [ibm_is_vpc_address_prefix.address_prefix] -} \ No newline at end of file +} + +############################################################################## +# Security Groups +############################################################################## + +# Rules required to allow necessary inbound traffic to your cluster (IKS/OCP) +############################################################################## +# To expose apps by using load balancers or Ingress, allow traffic through VPC +# load balancers. For example, for Ingress listening on TCP/443 +resource "ibm_is_security_group_rule" "sg-rule-inbound-https" { + group = ibm_is_vpc.vpc.default_security_group + direction = "inbound" + remote = "0.0.0.0/0" + + tcp { + port_min = 443 + port_max = 443 + } +} diff --git a/terraform/odmonroks/odm.auto.tfvars b/terraform/odmonroks/odm.auto.tfvars index 8109ab9..9f028d9 100644 --- a/terraform/odmonroks/odm.auto.tfvars +++ b/terraform/odmonroks/odm.auto.tfvars @@ -2,8 +2,8 @@ ## Global Variables ############################################################################## -#region = "eu-de" # eu-de for Frankfurt MZR -#icr_region = "de.icr.io" +region = "eu-de" # eu-de for Frankfurt MZR +# existing_resource_group_name = "" ############################################################################## ## VPC @@ -29,11 +29,6 @@ openshift_disable_outbound_traffic_protection = true openshift_wait_till = "OneWorkerNodeReady" openshift_update_all_workers = false -############################################################################## -## Secrets Manager -############################################################################## -# existing_secrets_manager_name = "secrets-manager" -existing_secrets_manager_name = "" ############################################################################## ## ICD Postgres @@ -46,11 +41,11 @@ icd_postgres_db_version = "16" icd_postgres_service_endpoints = "public" # Minimum parameter for Standard Edition -icd_postgres_ram_allocation = 1024 -icd_postgres_disk_allocation = 20480 +icd_postgres_ram_allocation = 4096 +icd_postgres_disk_allocation = 5120 icd_postgres_core_allocation = 0 -icd_postgres_users = [{ - name = "user123" - password = "Password12forODM" -}] +# icd_postgres_users = [{ +# name = "user123" +# password = "Password12forODM" +# }] diff --git a/terraform/odmonroks/provider.tf b/terraform/odmonroks/provider.tf index 04b1caa..7fc561c 100644 --- a/terraform/odmonroks/provider.tf +++ b/terraform/odmonroks/provider.tf @@ -9,22 +9,10 @@ terraform { source = "IBM-Cloud/ibm" version = "1.66.0" } - logdna = { - source = "logdna/logdna" - version = ">= 1.16.0" - } - http-full = { - source = "salrashid123/http-full" - version = "1.3.1" - } } } -provider "http-full" {} - provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region -} - -############################################################################## \ No newline at end of file +} \ No newline at end of file diff --git a/terraform/odmonroks/security-key-protect.tf b/terraform/odmonroks/security-key-protect.tf deleted file mode 100644 index 0df51b7..0000000 --- a/terraform/odmonroks/security-key-protect.tf +++ /dev/null @@ -1,64 +0,0 @@ -############################################################################## -## Key Protect -############################################################################## -resource "ibm_resource_instance" "key-protect" { - resource_group_id = ibm_resource_group.group.id - name = format("%s-%s", local.basename, "key-protect") - service = "kms" - plan = "tiered-pricing" - location = var.region - tags = var.tags - service_endpoints = "private" -} - -resource "ibm_kms_instance_policies" "instance_policy" { - instance_id = ibm_resource_instance.key-protect.guid - rotation { - enabled = true - interval_month = 3 - } - # A instance with dual authorization policy enabled cannot be destroyed by using Terraform. - dual_auth_delete { - enabled = false - } - metrics { - enabled = true - } - key_create_import_access { - enabled = true - } -} - -resource "ibm_kms_key" "key" { - instance_id = ibm_resource_instance.key-protect.guid - key_name = "${local.basename}-root-key" - standard_key = false - force_delete = true -} - -resource "ibm_kms_key_policies" "key_policy" { - instance_id = ibm_resource_instance.key-protect.guid - key_id = ibm_kms_key.key.key_id - rotation { - enabled = true - interval_month = 3 - } - # A instance with dual authorization policy enabled cannot be destroyed by using Terraform. - dual_auth_delete { - enabled = false - } -} - - -## IAM -############################################################################## - -resource "ibm_iam_access_group_policy" "iam-kms" { - access_group_id = ibm_iam_access_group.accgrp.id - roles = ["Reader", "Viewer"] - - resources { - service = "kms" - resource_group_id = ibm_resource_group.group.id - } -} diff --git a/terraform/odmonroks/security-secrets-manager.tf b/terraform/odmonroks/security-secrets-manager.tf deleted file mode 100644 index c874e78..0000000 --- a/terraform/odmonroks/security-secrets-manager.tf +++ /dev/null @@ -1,34 +0,0 @@ -############################################################################## -## Create a Secrets Manager instance or reuse an existing one -############################################################################## - -variable "existing_secrets_manager_name" { - description = "Only one Trial plan of Secrets Manager is allowed per account. If this account already has an instance, enter the CRN (Cloud Resource Name)." - type = string - default = "" -} - -resource "ibm_resource_instance" "secrets_manager" { - count = var.existing_secrets_manager_name != "" ? 0 : 1 - name = format("%s-%s", local.basename, "secrets-manager") - service = "secrets-manager" - plan = "trial" - location = var.region - resource_group_id = ibm_resource_group.group.id - tags = var.tags - service_endpoints = "private" -} - -data "ibm_resource_instance" "secrets_manager" { - count = var.existing_secrets_manager_name != "" ? 1 : 0 - name = var.existing_secrets_manager_name -} - -locals { - secrets_manager_id = var.existing_secrets_manager_name != "" ? data.ibm_resource_instance.secrets_manager.0.id : ibm_resource_instance.secrets_manager.0.id - secrets_manager_guid = var.existing_secrets_manager_name != "" ? data.ibm_resource_instance.secrets_manager.0.guid : ibm_resource_instance.secrets_manager.0.guid -} - -output "secrets_manager_id" { - value = local.secrets_manager_id -} \ No newline at end of file diff --git a/terraform/odmonroks/variables.tf b/terraform/odmonroks/variables.tf index 289ff97..029a617 100644 --- a/terraform/odmonroks/variables.tf +++ b/terraform/odmonroks/variables.tf @@ -23,7 +23,7 @@ resource "random_string" "random" { } locals { - basename = lower(var.prefix == "" ? "icn-${random_string.random.0.result}" : var.prefix) + basename = lower(var.prefix == "" ? "odm-${random_string.random.0.result}" : var.prefix) } variable "region" { @@ -31,22 +31,8 @@ variable "region" { default = "eu-de" } -variable "icr_region" { - description = "IBM Container Registry Region (e.g. de.icr.io)" - default = "de.icr.io" -} - variable "tags" { description = "List of Tags" type = list(string) - default = ["tf", "icn"] -} - -# Account ID is required for CBR (Context Based Restrictions) and SCC scope -############################################################################## -data "ibm_iam_auth_token" "tokendata" {} -data "ibm_iam_account_settings" "account_settings" {} - -locals { - account_id = data.ibm_iam_account_settings.account_settings.account_id + default = ["tf", "odm"] } \ No newline at end of file