diff --git a/.secrets.baseline b/.secrets.baseline
index bf2b636b..f8feeaff 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
"files": "go.sum|^.secrets.baseline$",
"lines": null
},
- "generated_at": "2024-08-01T14:50:58Z",
+ "generated_at": "2024-10-15T12:05:56Z",
"plugins_used": [
{
"name": "AWSKeyDetector"
@@ -90,7 +90,7 @@
"hashed_secret": "a7c93faaa770c377154ea9d4d0d17a9056dbfa95",
"is_secret": false,
"is_verified": false,
- "line_number": 196,
+ "line_number": 195,
"type": "Secret Keyword",
"verified_result": null
}
@@ -118,7 +118,7 @@
"hashed_secret": "a7c93faaa770c377154ea9d4d0d17a9056dbfa95",
"is_secret": false,
"is_verified": false,
- "line_number": 119,
+ "line_number": 116,
"type": "Secret Keyword",
"verified_result": null
}
@@ -138,7 +138,7 @@
"hashed_secret": "3e4bdbe0b80e63c22b178576e906810777387b50",
"is_secret": false,
"is_verified": false,
- "line_number": 227,
+ "line_number": 226,
"type": "Secret Keyword",
"verified_result": null
}
diff --git a/README.md b/README.md
index ee1db0a2..b699151d 100644
--- a/README.md
+++ b/README.md
@@ -159,8 +159,7 @@ You need the following permissions to run this module.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [access\_tags](#input\_access\_tags) | A list of access tags to apply to the Object Storage instance created by the module. [Learn more](https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial). | `list(string)` | `[]` | no |
-| [activity\_tracker\_crn](#input\_activity\_tracker\_crn) | The CRN of an Activity Tracker instance to send Object Storage bucket events to. If no value passed, events are sent to the instance associated to the container's location unless otherwise specified in the Activity Tracker Event Routing service configuration. Bucket management events are always enabled if a value is passed, regardless of the value of `activity_tracker_management_events`. | `string` | `null` | no |
-| [activity\_tracker\_management\_events](#input\_activity\_tracker\_management\_events) | If set to true, all Object Storage management events will be sent to Activity Tracker. Only applies if `activity_tracker_crn` is not populated. | `bool` | `true` | no |
+| [activity\_tracker\_management\_events](#input\_activity\_tracker\_management\_events) | If set to true, all Object Storage management events will be sent to Activity Tracker. | `bool` | `true` | no |
| [activity\_tracker\_read\_data\_events](#input\_activity\_tracker\_read\_data\_events) | If set to true, all Object Storage bucket read events (i.e. downloads) will be sent to Activity Tracker. | `bool` | `true` | no |
| [activity\_tracker\_write\_data\_events](#input\_activity\_tracker\_write\_data\_events) | If set to true, all Object Storage bucket write events (i.e. uploads) will be sent to Activity Tracker. | `bool` | `true` | no |
| [add\_bucket\_name\_suffix](#input\_add\_bucket\_name\_suffix) | Whether to add a randomly generated 4-character suffix to the new bucket name. | `bool` | `false` | no |
diff --git a/cra-config.yaml b/cra-config.yaml
index 368d323b..8343feef 100644
--- a/cra-config.yaml
+++ b/cra-config.yaml
@@ -5,7 +5,6 @@ CRA_TARGETS:
CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
PROFILE_ID: "bfacb71d-4b84-41ac-9825-e8a3a3eb7405" # SCC profile ID (currently set to IBM Cloud Framework for Financial Services 1.6.0 profile).
CRA_ENVIRONMENT_VARIABLES: # An optional map of environment variables for CRA, where the key is the variable name and value is the value. Useful for providing TF_VARs.
- TF_VAR_existing_at_instance_crn: "crn:v1:bluemix:public:logdnaat:eu-de:a/abac0df06b644a9cabc6e44f55b3880e:b1ef3365-dfbf-4d8f-8ac8-75f4f84d6f4a::"
TF_VAR_bucket_existing_hpcs_instance_guid: "e6dce284-e80f-46e1-a3c1-830f7adff7a9"
TF_VAR_bucket_hpcs_key_crn: "crn:v1:bluemix:public:hs-crypto:us-south:a/abac0df06b644a9cabc6e44f55b3880e:e6dce284-e80f-46e1-a3c1-830f7adff7a9:key:76170fae-4e0c-48c3-8ebe-326059ebb533"
TF_VAR_region: "us-south"
diff --git a/examples/advanced/README.md b/examples/advanced/README.md
index 45dbf2de..8b0a0cba 100644
--- a/examples/advanced/README.md
+++ b/examples/advanced/README.md
@@ -7,7 +7,7 @@ The following resources are provisioned by this example:
- A new resource group, if an existing one is not passed in.
- A service ID that is used to generate resource keys.
- An IBM Cloud Monitoring instance in the given resource group and region.
-- An IBM Cloud Activity Tracker instance, if existing ones is not passed in, in the given resource group and region.
+- An IBM Cloud Logs.
- A Key Protect instance (with metrics enabled), a key ring, and a root key in the given resource group and region.
- An IBM Cloud Object Storage instance in the given resource group and region.
- An IAM authorization policy to allow the Object Storage instance read access to the Key Protect instance.
diff --git a/examples/advanced/catalogValidationValues.json.template b/examples/advanced/catalogValidationValues.json.template
index ff9d4913..d761afae 100644
--- a/examples/advanced/catalogValidationValues.json.template
+++ b/examples/advanced/catalogValidationValues.json.template
@@ -2,6 +2,5 @@
"ibmcloud_api_key": $VALIDATION_APIKEY,
"region": "us-south",
"resource_tags": $TAGS,
- "prefix": $PREFIX,
- "existing_at_instance_crn": $AT_CRN
+ "prefix": $PREFIX
}
diff --git a/examples/advanced/main.tf b/examples/advanced/main.tf
index a9d90d95..e3145514 100644
--- a/examples/advanced/main.tf
+++ b/examples/advanced/main.tf
@@ -43,32 +43,33 @@ resource "ibm_is_subnet" "testacc_subnet" {
# Observability Instances (Monitoring + AT)
##############################################################################
-locals {
- existing_at = var.existing_at_instance_crn != null ? true : false
- at_crn = var.existing_at_instance_crn == null ? module.observability_instances.activity_tracker_crn : var.existing_at_instance_crn
-}
-
-# Create Monitoring and Activity Tracker instance
+# Create Monitoring and Cloud logs instance
module "observability_instances" {
- source = "terraform-ibm-modules/observability-instances/ibm"
- version = "2.19.1"
- providers = {
- logdna.at = logdna.at
- logdna.ld = logdna.ld
- }
+ source = "terraform-ibm-modules/observability-instances/ibm"
+ version = "3.0.1"
region = var.region
resource_group_id = module.resource_group.resource_group_id
cloud_monitoring_instance_name = "${var.prefix}-monitoring"
cloud_monitoring_plan = "graduated-tier"
enable_platform_logs = false
enable_platform_metrics = false
- log_analysis_provision = false
- activity_tracker_instance_name = "${var.prefix}-at"
- activity_tracker_tags = var.resource_tags
- activity_tracker_plan = "7-day"
- activity_tracker_provision = !local.existing_at
- log_analysis_tags = var.resource_tags
cloud_monitoring_tags = var.resource_tags
+ # Cloud Logs
+ cloud_logs_tags = var.resource_tags
+ cloud_logs_access_tags = var.access_tags
+ cloud_logs_data_storage = {
+ # logs and metrics buckets must be different
+ logs_data = {
+ enabled = true
+ bucket_crn = module.cos_bucket1.bucket_crn
+ bucket_endpoint = module.cos_bucket1.s3_endpoint_direct
+ },
+ metrics_data = {
+ enabled = true
+ bucket_crn = module.cos_bucket2.bucket_crn
+ bucket_endpoint = module.cos_bucket2.s3_endpoint_direct
+ }
+ }
}
##############################################################################
@@ -127,7 +128,6 @@ module "cbr_zone" {
# Create COS instance and COS bucket-1 with:
# - Encryption
# - Monitoring
-# - Activity Tracking
##############################################################################
module "cos_bucket1" {
@@ -144,7 +144,6 @@ module "cos_bucket1" {
kms_key_crn = module.key_protect_all_inclusive.keys["${local.key_ring_name}.${local.key_name}"].crn
monitoring_crn = module.observability_instances.cloud_monitoring_crn
retention_enabled = false # disable retention for test environments - enable for stage/prod
- activity_tracker_crn = local.at_crn
resource_keys = [
{
name = "${var.prefix}-writer-key"
@@ -222,7 +221,6 @@ module "cos_bucket1" {
# - Cross Region Location
# - Encryption
# - Monitoring
-# - Activity Tracking
##############################################################################
module "cos_bucket2" {
@@ -235,7 +233,6 @@ module "cos_bucket2" {
cross_region_location = var.cross_region_location
archive_days = null
monitoring_crn = module.observability_instances.cloud_monitoring_crn
- activity_tracker_crn = local.at_crn
create_cos_instance = false
existing_cos_instance_id = module.cos_bucket1.cos_instance_id
skip_iam_authorization_policy = true # Required since cos_bucket1 creates the IAM authorization policy
@@ -267,7 +264,6 @@ module "cos_bucket2" {
# - Hard Quota
# - Encryption
# - Monitoring
-# - Activity Tracking
##############################################################################
module "cos_bucket3" {
@@ -281,7 +277,6 @@ module "cos_bucket3" {
hard_quota = "1000000" #Sets a maximum amount of storage (in bytes) available for a bucket. If it is set to `null` then quota is disabled.
archive_days = null
monitoring_crn = module.observability_instances.cloud_monitoring_crn
- activity_tracker_crn = local.at_crn
create_cos_instance = false
existing_cos_instance_id = module.cos_bucket1.cos_instance_id
kms_encryption_enabled = false # disable encryption because single site location doesn't support it
diff --git a/examples/advanced/providers.tf b/examples/advanced/providers.tf
index 77c4ba11..4a12678d 100644
--- a/examples/advanced/providers.tf
+++ b/examples/advanced/providers.tf
@@ -1,19 +1,3 @@
provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
}
-
-locals {
- at_endpoint = "https://api.${var.region}.logging.cloud.ibm.com"
-}
-
-provider "logdna" {
- alias = "at"
- servicekey = module.observability_instances.activity_tracker_resource_key != null ? module.observability_instances.activity_tracker_resource_key : ""
- url = local.at_endpoint
-}
-
-provider "logdna" {
- alias = "ld"
- servicekey = module.observability_instances.log_analysis_resource_key != null ? module.observability_instances.log_analysis_resource_key : ""
- url = local.at_endpoint
-}
diff --git a/examples/advanced/variables.tf b/examples/advanced/variables.tf
index 891869b9..828f52d2 100644
--- a/examples/advanced/variables.tf
+++ b/examples/advanced/variables.tf
@@ -66,9 +66,3 @@ variable "resource_group" {
description = "An existing resource group name to use for this example, if unset a new resource group will be created"
default = null
}
-
-variable "existing_at_instance_crn" {
- type = string
- description = "Optionally pass an existing activity tracker instance CRN to use in the example. If not passed, a new instance will be provisioned"
- default = null
-}
diff --git a/examples/advanced/version.tf b/examples/advanced/version.tf
index ae17c3ba..a1fb7d8a 100644
--- a/examples/advanced/version.tf
+++ b/examples/advanced/version.tf
@@ -8,9 +8,5 @@ terraform {
source = "ibm-cloud/ibm"
version = ">= 1.67.0, < 2.0.0"
}
- logdna = {
- source = "logdna/logdna"
- version = ">= 1.14.2, < 2.0.0"
- }
}
}
diff --git a/examples/fscloud/README.md b/examples/fscloud/README.md
index 2c437508..bac2014d 100644
--- a/examples/fscloud/README.md
+++ b/examples/fscloud/README.md
@@ -7,7 +7,7 @@ The following resources are provisioned by this example:
- A new resource group, if an existing one is not passed in.
- An IBM Cloud Monitoring instance in the given resource group and region.
-- An IBM Cloud Activity Tracker instance, if existing ones is not passed in, in the given resource group and region.
+- An IBM Cloud Logs.
- An IBM Cloud Object Storage instance in the given resource group and region.
- An IAM authorization policy to allow the Object Storage instance read access to the Key Protect instance.
- A regional bucket with KYOK Hyper Protect Crypto Services (HPCS) encryption, monitoring, and activity tracking enabled.
diff --git a/examples/fscloud/catalogValidationValues.json.template b/examples/fscloud/catalogValidationValues.json.template
index f004d827..b648c2ab 100644
--- a/examples/fscloud/catalogValidationValues.json.template
+++ b/examples/fscloud/catalogValidationValues.json.template
@@ -3,7 +3,6 @@
"region": "us-south",
"resource_tags": $TAGS,
"prefix": $PREFIX,
- "existing_at_instance_crn": $AT_CRN,
"bucket_existing_hpcs_instance_guid": $HPCS_US_SOUTH_GUID,
"bucket_hpcs_key_crn": $HPCS_US_SOUTH_ROOT_KEY_CRN
}
diff --git a/examples/fscloud/main.tf b/examples/fscloud/main.tf
index 7647a4c2..d2d1f3bc 100644
--- a/examples/fscloud/main.tf
+++ b/examples/fscloud/main.tf
@@ -32,31 +32,16 @@ resource "ibm_is_subnet" "testacc_subnet" {
# Observability Instances (Monitoring + AT)
##############################################################################
-locals {
- existing_at = var.existing_at_instance_crn != null ? true : false
- at_crn = var.existing_at_instance_crn == null ? module.observability_instances.activity_tracker_crn : var.existing_at_instance_crn
-}
-
# Create Monitoring and Activity Tracker instance
module "observability_instances" {
- source = "terraform-ibm-modules/observability-instances/ibm"
- version = "2.19.1"
- providers = {
- logdna.at = logdna.at
- logdna.ld = logdna.ld
- }
+ source = "terraform-ibm-modules/observability-instances/ibm"
+ version = "3.0.1"
region = var.region
resource_group_id = module.resource_group.resource_group_id
cloud_monitoring_instance_name = "${var.prefix}-monitoring"
cloud_monitoring_plan = "graduated-tier"
enable_platform_logs = false
enable_platform_metrics = false
- log_analysis_provision = false
- activity_tracker_instance_name = "${var.prefix}-at"
- activity_tracker_tags = var.resource_tags
- activity_tracker_plan = "7-day"
- activity_tracker_provision = !local.existing_at
- log_analysis_tags = var.resource_tags
cloud_monitoring_tags = var.resource_tags
}
@@ -156,9 +141,6 @@ module "cos_fscloud" {
kms_guid = var.bucket_existing_hpcs_instance_guid
management_endpoint_type = var.management_endpoint_type_for_bucket
region_location = var.region
- activity_tracking = {
- activity_tracker_crn = local.at_crn
- }
metrics_monitoring = {
metrics_monitoring_crn = module.observability_instances.cloud_monitoring_crn
}
diff --git a/examples/fscloud/providers.tf b/examples/fscloud/providers.tf
index 4285bc24..df45ef50 100644
--- a/examples/fscloud/providers.tf
+++ b/examples/fscloud/providers.tf
@@ -2,19 +2,3 @@ provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
region = var.region
}
-
-locals {
- at_endpoint = "https://api.${var.region}.logging.cloud.ibm.com"
-}
-
-provider "logdna" {
- alias = "at"
- servicekey = module.observability_instances.activity_tracker_resource_key != null ? module.observability_instances.activity_tracker_resource_key : ""
- url = local.at_endpoint
-}
-
-provider "logdna" {
- alias = "ld"
- servicekey = module.observability_instances.log_analysis_resource_key != null ? module.observability_instances.log_analysis_resource_key : ""
- url = local.at_endpoint
-}
diff --git a/examples/fscloud/variables.tf b/examples/fscloud/variables.tf
index c682e5d7..094c1657 100644
--- a/examples/fscloud/variables.tf
+++ b/examples/fscloud/variables.tf
@@ -37,12 +37,6 @@ variable "resource_group" {
default = null
}
-variable "existing_at_instance_crn" {
- type = string
- description = "Optionally pass an existing activity tracker instance CRN to use in the example. If not passed, a new instance will be provisioned"
- default = null
-}
-
variable "access_tags" {
type = list(string)
description = "Optional list of access tags to be added to the created resources"
diff --git a/examples/fscloud/version.tf b/examples/fscloud/version.tf
index ae17c3ba..a1fb7d8a 100644
--- a/examples/fscloud/version.tf
+++ b/examples/fscloud/version.tf
@@ -8,9 +8,5 @@ terraform {
source = "ibm-cloud/ibm"
version = ">= 1.67.0, < 2.0.0"
}
- logdna = {
- source = "logdna/logdna"
- version = ">= 1.14.2, < 2.0.0"
- }
}
}
diff --git a/main.tf b/main.tf
index 1cbfe6e1..0550fb15 100644
--- a/main.tf
+++ b/main.tf
@@ -5,7 +5,7 @@
##############################################################################
locals {
- at_enabled = var.activity_tracker_read_data_events || var.activity_tracker_write_data_events || var.activity_tracker_crn != null ? [1] : []
+ at_enabled = var.activity_tracker_read_data_events || var.activity_tracker_write_data_events ? [1] : []
metrics_enabled = var.request_metrics_enabled || var.usage_metrics_enabled ? [1] : []
archive_enabled = var.archive_days == null ? [] : [1]
expire_enabled = var.expire_days == null ? [] : [1]
@@ -179,10 +179,9 @@ resource "ibm_cos_bucket" "cos_bucket" {
dynamic "activity_tracking" {
for_each = local.at_enabled
content {
- read_data_events = var.activity_tracker_read_data_events
- write_data_events = var.activity_tracker_write_data_events
- management_events = var.activity_tracker_management_events # NOTE: The value of this is ignored if consumer passes value for `activity_tracker_crn`
- activity_tracker_crn = var.activity_tracker_crn
+ read_data_events = var.activity_tracker_read_data_events
+ write_data_events = var.activity_tracker_write_data_events
+ management_events = var.activity_tracker_management_events
}
}
## This for_each block is NOT a loop to attach to multiple Sysdig instances.
@@ -258,10 +257,9 @@ resource "ibm_cos_bucket" "cos_bucket1" {
dynamic "activity_tracking" {
for_each = local.at_enabled
content {
- read_data_events = var.activity_tracker_read_data_events
- write_data_events = var.activity_tracker_write_data_events
- management_events = var.activity_tracker_management_events # NOTE: The value of this is ignored if consumer passes value for `activity_tracker_crn`
- activity_tracker_crn = var.activity_tracker_crn
+ read_data_events = var.activity_tracker_read_data_events
+ write_data_events = var.activity_tracker_write_data_events
+ management_events = var.activity_tracker_management_events
}
}
## This for_each block is NOT a loop to attach to multiple Sysdig instances.
diff --git a/modules/buckets/README.md b/modules/buckets/README.md
index 6765020a..7801ef34 100644
--- a/modules/buckets/README.md
+++ b/modules/buckets/README.md
@@ -82,7 +82,7 @@ You need the following permissions to run this module.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [bucket\_configs](#input\_bucket\_configs) | The Object Storage bucket configurations. | list(object({
access_tags = optional(list(string), [])
add_bucket_name_suffix = optional(bool, false)
bucket_name = string
kms_encryption_enabled = optional(bool, true)
kms_guid = optional(string, null)
kms_key_crn = optional(string, null)
skip_iam_authorization_policy = optional(bool, false)
management_endpoint_type = optional(string, "public")
cross_region_location = optional(string, null)
storage_class = optional(string, "smart")
region_location = optional(string, null)
resource_instance_id = string
force_delete = optional(bool, true)
single_site_location = optional(string, null)
hard_quota = optional(number, null)
object_locking_enabled = optional(bool, false)
object_lock_duration_days = optional(number, 0)
object_lock_duration_years = optional(number, 0)
activity_tracking = optional(object({
read_data_events = optional(bool, true)
write_data_events = optional(bool, true)
management_events = optional(bool, true)
activity_tracker_crn = optional(string, null)
}))
archive_rule = optional(object({
enable = optional(bool, false)
days = optional(number, 20)
type = optional(string, "Glacier")
}))
expire_rule = optional(object({
enable = optional(bool, false)
days = optional(number, 365)
}))
metrics_monitoring = optional(object({
usage_metrics_enabled = optional(bool, true)
request_metrics_enabled = optional(bool, true)
metrics_monitoring_crn = optional(string, null)
}))
object_versioning = optional(object({
enable = optional(bool, false)
}))
retention_rule = optional(object({
default = optional(number, 90)
maximum = optional(number, 350)
minimum = optional(number, 90)
permanent = optional(bool, false)
}))
cbr_rules = optional(list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
tags = optional(list(object({
name = string
value = string
})), [])
operations = optional(list(object({
api_types = list(object({
api_type_id = string
}))
})))
})), [])
})) | n/a | yes |
+| [bucket\_configs](#input\_bucket\_configs) | The Object Storage bucket configurations. | list(object({
access_tags = optional(list(string), [])
add_bucket_name_suffix = optional(bool, false)
bucket_name = string
kms_encryption_enabled = optional(bool, true)
kms_guid = optional(string, null)
kms_key_crn = optional(string, null)
skip_iam_authorization_policy = optional(bool, false)
management_endpoint_type = optional(string, "public")
cross_region_location = optional(string, null)
storage_class = optional(string, "smart")
region_location = optional(string, null)
resource_instance_id = string
force_delete = optional(bool, true)
single_site_location = optional(string, null)
hard_quota = optional(number, null)
object_locking_enabled = optional(bool, false)
object_lock_duration_days = optional(number, 0)
object_lock_duration_years = optional(number, 0)
activity_tracking = optional(object({
read_data_events = optional(bool, true)
write_data_events = optional(bool, true)
management_events = optional(bool, true)
}))
archive_rule = optional(object({
enable = optional(bool, false)
days = optional(number, 20)
type = optional(string, "Glacier")
}))
expire_rule = optional(object({
enable = optional(bool, false)
days = optional(number, 365)
}))
metrics_monitoring = optional(object({
usage_metrics_enabled = optional(bool, true)
request_metrics_enabled = optional(bool, true)
metrics_monitoring_crn = optional(string, null)
}))
object_versioning = optional(object({
enable = optional(bool, false)
}))
retention_rule = optional(object({
default = optional(number, 90)
maximum = optional(number, 350)
minimum = optional(number, 90)
permanent = optional(bool, false)
}))
cbr_rules = optional(list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
tags = optional(list(object({
name = string
value = string
})), [])
operations = optional(list(object({
api_types = list(object({
api_type_id = string
}))
})))
})), [])
})) | n/a | yes |
### Outputs
diff --git a/modules/buckets/main.tf b/modules/buckets/main.tf
index fe83952e..c1197c83 100644
--- a/modules/buckets/main.tf
+++ b/modules/buckets/main.tf
@@ -67,7 +67,6 @@ module "buckets" {
activity_tracker_read_data_events = can(each.value.activity_tracking.read_data_events) ? each.value.activity_tracking.read_data_events : true
activity_tracker_write_data_events = can(each.value.activity_tracking.write_data_events) ? each.value.activity_tracking.write_data_events : true
activity_tracker_management_events = can(each.value.activity_tracking.management_events) ? each.value.activity_tracking.management_events : true
- activity_tracker_crn = can(each.value.activity_tracking.activity_tracker_crn) ? each.value.activity_tracking.activity_tracker_crn : null
archive_days = can(each.value.archive_rule.days) ? (each.value.archive_rule.enable ? each.value.archive_rule.days : null) : null
archive_type = can(each.value.archive_rule.type) ? each.value.archive_rule.type : "Glacier"
diff --git a/modules/buckets/variables.tf b/modules/buckets/variables.tf
index 376b6c88..9ff377e0 100644
--- a/modules/buckets/variables.tf
+++ b/modules/buckets/variables.tf
@@ -27,10 +27,9 @@ variable "bucket_configs" {
object_lock_duration_years = optional(number, 0)
activity_tracking = optional(object({
- read_data_events = optional(bool, true)
- write_data_events = optional(bool, true)
- management_events = optional(bool, true)
- activity_tracker_crn = optional(string, null)
+ read_data_events = optional(bool, true)
+ write_data_events = optional(bool, true)
+ management_events = optional(bool, true)
}))
archive_rule = optional(object({
enable = optional(bool, false)
diff --git a/modules/fscloud/README.md b/modules/fscloud/README.md
index 221c243b..ffc15a12 100644
--- a/modules/fscloud/README.md
+++ b/modules/fscloud/README.md
@@ -27,9 +27,6 @@ module "cos_fscloud" {
kms_guid = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
kms_key_crn = "crn:v1:bluemix:public:kms:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxxxxx-XXXX-XXXX-XXXX-xxxxxx:key:xxxxxx-XXXX-XXXX-XXXX-xxxxxx"
management_endpoint_type = "private"
- activity_tracking = {
- activity_tracker_crn = "crn:v1:bluemix:public:logdnaat:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX::"
- }
metrics_monitoring = {
metrics_monitoring_crn = "crn:v1:bluemix:public:sysdig-monitor:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX::"
}
@@ -108,7 +105,7 @@ No resources.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [access\_tags](#input\_access\_tags) | A list of access tags to apply to the Object Storage instance created by the module. [Learn more](https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial). | `list(string)` | `[]` | no |
-| [bucket\_configs](#input\_bucket\_configs) | Object Storage bucket configurations | list(object({
access_tags = optional(list(string), [])
add_bucket_name_suffix = optional(bool, false)
bucket_name = string
kms_encryption_enabled = optional(bool, true)
kms_guid = optional(string, null)
kms_key_crn = string
skip_iam_authorization_policy = optional(bool, false)
management_endpoint_type = string
cross_region_location = optional(string, null)
storage_class = optional(string, "smart")
region_location = optional(string, null)
resource_instance_id = optional(string, null)
force_delete = optional(bool, true)
single_site_location = optional(string, null)
hard_quota = optional(number, null)
object_locking_enabled = optional(bool, false)
object_lock_duration_days = optional(number, 0)
object_lock_duration_years = optional(number, 0)
activity_tracking = optional(object({
read_data_events = optional(bool, true)
write_data_events = optional(bool, true)
management_events = optional(bool, true)
activity_tracker_crn = optional(string, null)
}))
archive_rule = optional(object({
enable = optional(bool, false)
days = optional(number, 20)
type = optional(string, "Glacier")
}))
expire_rule = optional(object({
enable = optional(bool, false)
days = optional(number, 365)
}))
metrics_monitoring = optional(object({
usage_metrics_enabled = optional(bool, true)
request_metrics_enabled = optional(bool, true)
metrics_monitoring_crn = optional(string, null)
}))
object_versioning = optional(object({
enable = optional(bool, false)
}))
retention_rule = optional(object({
default = optional(number, 90)
maximum = optional(number, 350)
minimum = optional(number, 90)
permanent = optional(bool, false)
}))
cbr_rules = optional(list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
tags = optional(list(object({
name = string
value = string
})), [])
operations = optional(list(object({
api_types = list(object({
api_type_id = string
}))
})))
})), [])
})) | `[]` | no |
+| [bucket\_configs](#input\_bucket\_configs) | Object Storage bucket configurations | list(object({
access_tags = optional(list(string), [])
add_bucket_name_suffix = optional(bool, false)
bucket_name = string
kms_encryption_enabled = optional(bool, true)
kms_guid = optional(string, null)
kms_key_crn = string
skip_iam_authorization_policy = optional(bool, false)
management_endpoint_type = string
cross_region_location = optional(string, null)
storage_class = optional(string, "smart")
region_location = optional(string, null)
resource_instance_id = optional(string, null)
force_delete = optional(bool, true)
single_site_location = optional(string, null)
hard_quota = optional(number, null)
object_locking_enabled = optional(bool, false)
object_lock_duration_days = optional(number, 0)
object_lock_duration_years = optional(number, 0)
activity_tracking = optional(object({
read_data_events = optional(bool, true)
write_data_events = optional(bool, true)
management_events = optional(bool, true)
}))
archive_rule = optional(object({
enable = optional(bool, false)
days = optional(number, 20)
type = optional(string, "Glacier")
}))
expire_rule = optional(object({
enable = optional(bool, false)
days = optional(number, 365)
}))
metrics_monitoring = optional(object({
usage_metrics_enabled = optional(bool, true)
request_metrics_enabled = optional(bool, true)
metrics_monitoring_crn = optional(string, null)
}))
object_versioning = optional(object({
enable = optional(bool, false)
}))
retention_rule = optional(object({
default = optional(number, 90)
maximum = optional(number, 350)
minimum = optional(number, 90)
permanent = optional(bool, false)
}))
cbr_rules = optional(list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
tags = optional(list(object({
name = string
value = string
})), [])
operations = optional(list(object({
api_types = list(object({
api_type_id = string
}))
})))
})), [])
})) | `[]` | no |
| [cos\_instance\_name](#input\_cos\_instance\_name) | The name to give the Object Storage instance provisioned by this module. Applies only if `create_cos_instance` is true. | `string` | `null` | no |
| [cos\_plan](#input\_cos\_plan) | The plan to use when Object Storage instances are created. Possible values: `standard`. Applies only if `create_cos_instance` is true. | `string` | `"standard"` | no |
| [cos\_tags](#input\_cos\_tags) | The list of tags to add to the Object Storage instance. Applies only if `create_cos_instance` is true. | `list(string)` | `[]` | no |
diff --git a/modules/fscloud/main.tf b/modules/fscloud/main.tf
index 22cbb142..1ead86d2 100644
--- a/modules/fscloud/main.tf
+++ b/modules/fscloud/main.tf
@@ -4,7 +4,6 @@ locals {
for bucket in var.bucket_configs : {
validate_at_set1 = can(bucket.activity_tracking.activity_tracker_read_data_events) ? bucket.activity_tracking.activity_tracker_read_data_events == false ? tobool("'activity_tracker_read_data_events' must be set to true") : null : null,
validate_at_set2 = can(bucket.activity_tracking.activity_tracker_write_data_events) ? bucket.activity_tracking.activity_tracker_write_data_events == false ? tobool("'activity_tracker_write_data_events' must be set to true") : null : null,
- validate_at_set3 = can(bucket.activity_tracking.activity_tracker_management_events) ? bucket.activity_tracking.activity_tracker_management_events == false && bucket.activity_tracking.activity_tracker_crn == null ? tobool("'activity_tracker_management_events' must be set to true if not passing a value for 'activity_tracker_crn'") : null : null,
validate_monitoring_set1 = can(bucket.metrics_monitoring.request_metrics_enabled) ? bucket.metrics_monitoring.request_metrics_enabled == false ? tobool("'request_metrics_enabled' must be set to true") : null : null,
validate_monitoring_set2 = can(bucket.metrics_monitoring.usage_metrics_enabled) ? bucket.metrics_monitoring.usage_metrics_enabled == false ? tobool("'usage_metrics_enabled' must be set to true") : null : null,
validate_hpcs_instance_guid = bucket.skip_iam_authorization_policy == false && bucket.kms_guid == null ? tobool("'kms_guid' must be provided if 'skip_iam_authorization_policy' is set to false") : null,
diff --git a/modules/fscloud/variables.tf b/modules/fscloud/variables.tf
index 9c300e4a..bf135e0a 100644
--- a/modules/fscloud/variables.tf
+++ b/modules/fscloud/variables.tf
@@ -81,10 +81,9 @@ variable "bucket_configs" {
object_lock_duration_years = optional(number, 0)
activity_tracking = optional(object({
- read_data_events = optional(bool, true)
- write_data_events = optional(bool, true)
- management_events = optional(bool, true)
- activity_tracker_crn = optional(string, null)
+ read_data_events = optional(bool, true)
+ write_data_events = optional(bool, true)
+ management_events = optional(bool, true)
}))
archive_rule = optional(object({
enable = optional(bool, false)
diff --git a/solutions/secure-cross-regional-bucket/main.tf b/solutions/secure-cross-regional-bucket/main.tf
index 0287b8f2..7b1b1003 100644
--- a/solutions/secure-cross-regional-bucket/main.tf
+++ b/solutions/secure-cross-regional-bucket/main.tf
@@ -35,10 +35,9 @@ locals {
object_lock_duration_years = var.object_lock_duration_years
activity_tracking = {
- read_data_events = true
- write_data_events = true
- management_events = true
- activity_tracker_crn = var.activity_tracker_crn
+ read_data_events = true
+ write_data_events = true
+ management_events = true
}
expire_rule = var.expire_days != null ? {
enable = true
diff --git a/solutions/secure-cross-regional-bucket/variables.tf b/solutions/secure-cross-regional-bucket/variables.tf
index 84e2a1b3..dc1ed354 100644
--- a/solutions/secure-cross-regional-bucket/variables.tf
+++ b/solutions/secure-cross-regional-bucket/variables.tf
@@ -110,12 +110,6 @@ variable "hard_quota" {
default = null
}
-variable "activity_tracker_crn" {
- type = string
- description = "The CRN of an Activity Tracker instance to send Object Storage bucket events to. If no value passed, events are sent to the instance associated to the container's location unless otherwise specified in the Activity Tracker Event Routing service configuration."
- default = null
-}
-
variable "expire_days" {
description = "The number of days before the expire rule action takes effect."
type = number
diff --git a/solutions/secure-regional-bucket/main.tf b/solutions/secure-regional-bucket/main.tf
index e89a8f49..9e79e384 100644
--- a/solutions/secure-regional-bucket/main.tf
+++ b/solutions/secure-regional-bucket/main.tf
@@ -35,9 +35,8 @@ locals {
object_lock_duration_years = var.object_lock_duration_years
activity_tracking = {
- read_data_events = true
- write_data_events = true
- activity_tracker_crn = var.activity_tracker_crn
+ read_data_events = true
+ write_data_events = true
}
archive_rule = var.archive_days != null ? {
enable = true
diff --git a/solutions/secure-regional-bucket/variables.tf b/solutions/secure-regional-bucket/variables.tf
index 767e9174..171dda3f 100644
--- a/solutions/secure-regional-bucket/variables.tf
+++ b/solutions/secure-regional-bucket/variables.tf
@@ -111,12 +111,6 @@ variable "hard_quota" {
default = null
}
-variable "activity_tracker_crn" {
- type = string
- description = "The CRN of an Activity Tracker instance to send Object Storage bucket events to. If no value passed, events are sent to the instance associated to the container's location unless otherwise specified in the Activity Tracker Event Routing service configuration."
- default = null
-}
-
variable "archive_days" {
description = "The number of days before the `archive_type` rule action takes effect."
type = number
diff --git a/tests/pr_test.go b/tests/pr_test.go
index 242e21a5..cb5c1687 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -68,8 +68,7 @@ func setupOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptio
ResourceGroup: resourceGroup,
Region: region,
TerraformVars: map[string]interface{}{
- "existing_at_instance_crn": permanentResources["activityTrackerFrankfurtCrn"],
- "access_tags": permanentResources["accessTags"],
+ "access_tags": permanentResources["accessTags"],
},
})
// below dirs do not implement Activity Tracker functionality
diff --git a/variables.tf b/variables.tf
index 6ae62201..5b8fe654 100644
--- a/variables.tf
+++ b/variables.tf
@@ -273,16 +273,10 @@ variable "activity_tracker_write_data_events" {
variable "activity_tracker_management_events" {
type = bool
- description = "If set to true, all Object Storage management events will be sent to Activity Tracker. Only applies if `activity_tracker_crn` is not populated."
+ description = "If set to true, all Object Storage management events will be sent to Activity Tracker."
default = true
}
-variable "activity_tracker_crn" {
- type = string
- description = "The CRN of an Activity Tracker instance to send Object Storage bucket events to. If no value passed, events are sent to the instance associated to the container's location unless otherwise specified in the Activity Tracker Event Routing service configuration. Bucket management events are always enabled if a value is passed, regardless of the value of `activity_tracker_management_events`."
- default = null
-}
-
variable "force_delete" {
type = bool
description = "Whether to delete all the objects in the Object Storage bucket before the bucket is deleted."