Is there an option to avoid giving an API key and directly provide the resource with IBM IAM tokens ?

[nicholas-bn]

Hi,

Is there a way to use the provider by giving the IAM tokens directly instead of passing an API key that'll generate those tokens ?

Thank you very much.

[dbonf]

Hi, you can skip using the ibm_monitor_ parameters and you can pass IBMInstanceID via extra_headers, example:

provider "sysdig" {
  sysdig_monitor_url = "https://eu-gb.monitoring.cloud.ibm.com"
  sysdig_monitor_api_token = "your temporary iam token"
  extra_headers = {
    IBMInstanceID = "xxx"
  }
}

For example, you can generate temporary iam token with the resource ibm_iam_auth_token of the ibm terraform provider and use this:

provider "ibm" {
  ibmcloud_api_key = "xxxx"
}

data "ibm_iam_auth_token" "tokendata" {}

provider "sysdig" {
  sysdig_monitor_url       = "https://eu-gb.monitoring.cloud.ibm.com"
  sysdig_monitor_api_token = trimprefix(data.ibm_iam_auth_token.tokendata.iam_access_token, "Bearer ")
  extra_headers = {
    IBMInstanceID = "xxxx"
  }
}

You can also just use extra_headers but, since ibm_monitor_api_key or sysdig_monitor_api_token is required, you need to add dummy values there and the Authorization header will be replaced, example:

provider "ibm" {
  ibmcloud_api_key = "xxx"
}

data "ibm_iam_auth_token" "tokendata" {}

provider "sysdig" {
  sysdig_monitor_url       = "https://eu-gb.monitoring.cloud.ibm.com"
  sysdig_monitor_api_token = "dummy"
  extra_headers = {
    IBMInstanceID = "xxx"
    Authorization = data.ibm_iam_auth_token.tokendata.iam_access_token
  }
}