diff --git a/solutions/instances/README.md b/solutions/instances/README.md index f13bf41..a67877f 100644 --- a/solutions/instances/README.md +++ b/solutions/instances/README.md @@ -3,6 +3,7 @@ This deployable architecture creates observability instances in IBM Cloud and supports provisioning the following resources: * A resource group, if one is not passed in. + * Optionally create a resource group for provisioning audit resources, or use an existing audit resource group if one is not passed in * An IBM Cloud Log Analysis instance. * An IBM Cloud Monitoring instance. * An IBM Cloud Object Storage instance, if one does not exist. diff --git a/solutions/instances/main.tf b/solutions/instances/main.tf index 8c7444f..435bd6e 100644 --- a/solutions/instances/main.tf +++ b/solutions/instances/main.tf @@ -96,6 +96,14 @@ module "resource_group" { existing_resource_group_name = var.use_existing_resource_group == true ? var.resource_group_name : null } +module "audit_resource_group" { + count = var.enable_audit_resource_group ? 1 : 0 + source = "terraform-ibm-modules/resource-group/ibm" + version = "1.1.5" + resource_group_name = var.use_existing_audit_resource_group == false ? (var.prefix != null ? "${var.prefix}-${var.audit_resource_group_name}" : var.audit_resource_group_name) : null + existing_resource_group_name = var.use_existing_audit_resource_group == true ? var.audit_resource_group_name : null +} + ####################################################################################################################### # Observability Instance ####################################################################################################################### diff --git a/solutions/instances/variables.tf b/solutions/instances/variables.tf index 3d5bee5..538c33a 100644 --- a/solutions/instances/variables.tf +++ b/solutions/instances/variables.tf @@ -8,17 +8,35 @@ variable "ibmcloud_api_key" { sensitive = true } +variable "enable_audit_resource_group" { + type = bool + description = "Whether to use a separate resource group for audit resources." + default = false +} + variable "use_existing_resource_group" { type = bool description = "Whether to use an existing resource group." default = false } +variable "use_existing_audit_resource_group" { + type = bool + description = "Whether to use an existing resource group." + default = false +} + variable "resource_group_name" { type = string description = "The name of a new or existing resource group to provision resources to. If a prefix input variable is passed, it is prefixed to the value in the `-value` format." } +variable "audit_resource_group_name" { + type = string + description = "(Optional) The name of a new or an existing resource group in which to provision audit resources to. If prefix input variable is passed then it will get prefixed infront of the value in the format of '-value'. If no value is provided, the value for `observability_resource_group_name` is used." + default = null +} + variable "region" { description = "The region where observability resources are created." type = string diff --git a/tests/pr_test.go b/tests/pr_test.go index a643699..cad9005 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -79,6 +79,7 @@ func TestInstancesInSchematics(t *testing.T) { options.TerraformVars = []testschematic.TestSchematicTerraformVar{ {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, {Name: "resource_group_name", Value: options.Prefix, DataType: "string"}, + {Name: "audit_resource_group_name", Value: fmt.Sprintf("%s-%s", options.Prefix, "audit"), DataType: "string"}, {Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"}, {Name: "cos_region", Value: region, DataType: "string"}, {Name: "cos_instance_tags", Value: options.Tags, DataType: "list(string)"}, @@ -109,6 +110,7 @@ func TestRunUpgradeSolutionInstances(t *testing.T) { options.TerraformVars = map[string]interface{}{ "resource_group_name": options.Prefix, + "audit_resource_group_name": fmt.Sprintf("%s-%s", options.Prefix, "audit"), "cos_instance_access_tags": permanentResources["accessTags"], "existing_kms_instance_crn": permanentResources["hpcs_south_crn"], "kms_endpoint_type": "public",