terraform-ibm-modules · MatthewLemmond · May 14, 2024 · May 14, 2024 · May 18, 2024 · May 18, 2024
@@ -3,6 +3,7 @@
 This deployable architecture creates observability instances in IBM Cloud and supports provisioning the following resources:
 
 * A resource group, if one is not passed in.
+  * Optionally create a resource group for provisioning audit resources, or use an existing audit resource group if one is not passed in
 * An IBM Cloud Log Analysis instance.
 * An IBM Cloud Monitoring instance.
 * An IBM Cloud Object Storage instance, if one does not exist.

@@ -96,6 +96,14 @@ module "resource_group" {
   existing_resource_group_name = var.use_existing_resource_group == true ? var.resource_group_name : null
 }
 
+module "audit_resource_group" {
+  count                        = var.enable_audit_resource_group ? 1 : 0
+  source                       = "terraform-ibm-modules/resource-group/ibm"
+  version                      = "1.1.5"
+  resource_group_name          = var.use_existing_audit_resource_group == false ? (var.prefix != null ? "${var.prefix}-${var.audit_resource_group_name}" : var.audit_resource_group_name) : null
+  existing_resource_group_name = var.use_existing_audit_resource_group == true ? var.audit_resource_group_name : null
+}
+
 #######################################################################################################################
 # Observability Instance
 #######################################################################################################################

@@ -8,17 +8,35 @@ variable "ibmcloud_api_key" {
   sensitive   = true
 }
 
+variable "enable_audit_resource_group" {
+  type        = bool
+  description = "Whether to use a separate resource group for audit resources."
+  default     = false
+}
+
 variable "use_existing_resource_group" {
   type        = bool
   description = "Whether to use an existing resource group."
   default     = false
 }
 
+variable "use_existing_audit_resource_group" {
+  type        = bool
+  description = "Whether to use an existing resource group."
+  default     = false
+}
+
 variable "resource_group_name" {
   type        = string
   description = "The name of a new or existing resource group to provision resources to. If a prefix input variable is passed, it is prefixed to the value in the `<prefix>-value` format."
 }
 
+variable "audit_resource_group_name" {
+  type        = string
+  description = "(Optional) The name of a new or an existing resource group in which to provision audit resources to. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'. If no value is provided, the value for `observability_resource_group_name` is used."
+  default     = null
+}
+
 variable "region" {
   description = "The region where observability resources are created."
   type        = string

@@ -79,6 +79,7 @@ func TestInstancesInSchematics(t *testing.T) {
 	options.TerraformVars = []testschematic.TestSchematicTerraformVar{
 		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
 		{Name: "resource_group_name", Value: options.Prefix, DataType: "string"},
+		{Name: "audit_resource_group_name", Value: fmt.Sprintf("%s-%s", options.Prefix, "audit"), DataType: "string"},
 		{Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"},
 		{Name: "cos_region", Value: region, DataType: "string"},
 		{Name: "cos_instance_tags", Value: options.Tags, DataType: "list(string)"},
@@ -109,6 +110,7 @@ func TestRunUpgradeSolutionInstances(t *testing.T) {
 
 	options.TerraformVars = map[string]interface{}{
 		"resource_group_name":                     options.Prefix,
+		"audit_resource_group_name":               fmt.Sprintf("%s-%s", options.Prefix, "audit"),
 		"cos_instance_access_tags":                permanentResources["accessTags"],
 		"existing_kms_instance_crn":               permanentResources["hpcs_south_crn"],
 		"kms_endpoint_type":                       "public",