feat: initial release

Author: jor2

.github/settings.yml

@@ -15,11 +15,11 @@ repository:
   # By changing this field, you rename the repository.
 
   # Uncomment this name property and set the name to the current repo name.
-  # name: ""
+  name: "terraform-ibm-event-streams"
 
   # The description is displayed under the repository name on the
   # organization page and in the 'About' section of the repository.
 
   # Uncomment this description property
   # and update the description to the current repo description.
-  # description: ""
+  description: "Implements an event streams instance with topics and schema."

.github/workflows/ci.yml

@@ -7,6 +7,7 @@ on:
     branches: [main]
   pull_request:
     branches: [main]
+    types: [opened, synchronize, reopened, ready_for_review]
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
@@ -16,5 +17,7 @@ jobs:
     uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/[email protected]
     secrets: inherit
     with:
-      craTarget: "examples/default"
-      craGoalIgnoreFile: "cra-tf-validate-ignore-goals.json"
+      craSCCv2: true
+      craTarget: "examples/complete"
+      craRuleIgnoreFile: "cra-tf-validate-ignore-rules.json"
+      craEnvironmentVariables: "TF_VAR_existing_at_instance_crn=${{ vars.AT_INSTANCE_CRN }}"

.gitmodules

@@ -1,4 +1,3 @@
 [submodule "common-dev-assets"]
 	path = common-dev-assets
-	url = https://github.com/terraform-ibm-modules/common-dev-assets
-	branch = main
+	url = https://github.com/terraform-ibm-modules/common-dev-assets.git

.secrets.baseline

@@ -3,17 +3,14 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-05-05T07:42:59Z",
+  "generated_at": "2023-05-05T09:58:47Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
     },
     {
       "name": "ArtifactoryDetector"
     },
-    {
-      "name": "AzureStorageKeyDetector"
-    },
     {
       "base64_limit": 4.5,
       "name": "Base64HighEntropyString"
@@ -31,9 +28,6 @@
       "ghe_instance": "github.ibm.com",
       "name": "GheDetector"
     },
-    {
-      "name": "GitHubTokenDetector"
-    },
     {
       "hex_limit": 3,
       "name": "HexHighEntropyString"
@@ -54,9 +48,6 @@
     {
       "name": "MailchimpDetector"
     },
-    {
-      "name": "NpmDetector"
-    },
     {
       "name": "PrivateKeyDetector"
     },
@@ -66,9 +57,6 @@
     {
       "name": "SoftlayerDetector"
     },
-    {
-      "name": "SquareOAuthDetector"
-    },
     {
       "name": "StripeDetector"
     },

README.md

@@ -0,0 +1,10 @@
+{
+    "scc_rules": [
+        {
+            "scc_rule_id": "rule-3b2768e5-d783-4b0c-a47f-81479af34689",
+            "description": " Check whether Event Streams is accessible only by using private endpoints Found in: resource_address: module.event_streams.ibm_resource_instance.es_instance",
+            "ignore_reason": "Private endpoint option is not available in Standard plan which the complete example uses. When we create an FSCloud profile example for this module, the CRA scan will be done against that, and that should use private endpoint only. (Tracked at https://github.com/terraform-ibm-modules/terraform-ibm-event-streams/issues/5)",
+            "is_valid": true
+          }
+        ]
+  }

common-dev-assets

@@ -0,0 +1,8 @@
+# Complete example with key protect
+
+An end-to-end example that creates an event streams instance with key protect.
+This example uses the IBM Cloud terraform provider to:
+ - Create a new resource group if one is not passed in.
+ - Create a new event streams instance with topics and schemas provided, and a new key protect instance in the resource group and region provided.
+
+<!-- Add your example and link to it from the module's main readme file. -->

cra-tf-validate-ignore-goals.json

@@ -0,0 +1,41 @@
+##############################################################################
+# Resource Group
+##############################################################################
+
+module "resource_group" {
+  source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-resource-group.git?ref=v1.0.5"
+  # if an existing resource group is not set (null) create a new one using prefix
+  resource_group_name          = var.resource_group == null ? "${var.prefix}-resource-group" : null
+  existing_resource_group_name = var.resource_group
+}
+
+##############################################################################
+# Key Protect All Inclusive
+##############################################################################
+
+module "key_protect_all_inclusive" {
+  source                    = "git::https://github.com/terraform-ibm-modules/terraform-ibm-key-protect-all-inclusive.git?ref=v4.0.0"
+  key_protect_instance_name = "${var.prefix}-kp"
+  resource_group_id         = module.resource_group.resource_group_id
+  region                    = var.region
+  resource_tags             = var.resource_tags
+  key_map                   = { "es" = ["${var.prefix}-es"] }
+  enable_metrics            = false
+}
+
+##############################################################################
+# Events-streams-instance
+##############################################################################
+
+module "event_streams" {
+  source                     = "../../"
+  resource_group_id          = module.resource_group.resource_group_id
+  es_name                    = "${var.prefix}-es"
+  plan                       = var.plan
+  kms_key_crn                = module.key_protect_all_inclusive.keys["es.${var.prefix}-es"].crn
+  existing_kms_instance_guid = module.key_protect_all_inclusive.key_protect_guid
+  schemas                    = var.schemas
+  tags                       = var.resource_tags
+  topics                     = var.topics
+  service_endpoints          = var.service_endpoints
+}

cra-tf-validate-ignore-rules.json

@@ -0,0 +1,33 @@
+##############################################################################
+# Outputs
+##############################################################################
+
+output "resource_group_name" {
+  description = "Resource group name"
+  value       = module.resource_group.resource_group_name
+}
+
+output "resource_group_id" {
+  description = "Resource group ID"
+  value       = module.resource_group.resource_group_id
+}
+
+output "crn" {
+  description = "Event Streams instance crn"
+  value       = module.event_streams.crn
+}
+
+output "guid" {
+  description = "Event Streams instance guid"
+  value       = module.event_streams.guid
+}
+
+output "kafka_brokers_sasl" {
+  description = "(Array of Strings) Kafka brokers use for interacting with Kafka native API"
+  value       = module.event_streams.kafka_brokers_sasl
+}
+
+output "kafka_http_url" {
+  description = "The API endpoint to interact with Event Streams REST API"
+  value       = module.event_streams.kafka_http_url
+}

examples/complete/README.md

@@ -0,0 +1,109 @@
+variable "ibmcloud_api_key" {
+  type        = string
+  description = "The IBM Cloud API Key"
+  sensitive   = true
+}
+
+variable "region" {
+  type        = string
+  description = "Region to provision all resources created by this example"
+  default     = "us-south"
+}
+
+variable "plan" {
+  type        = string
+  description = "Plan for the event stream instance. lite, standard or enterprise-3nodes-2tb"
+  default     = "standard"
+}
+
+variable "prefix" {
+  type        = string
+  description = "Prefix to append to all resources created by this example"
+  default     = "event_streams"
+}
+
+variable "resource_group" {
+  type        = string
+  description = "An existing resource group name to use for this example, if unset a new resource group will be created"
+  default     = null
+}
+
+variable "resource_tags" {
+  type        = list(string)
+  description = "List of tags associated with the Event Steams instance"
+  default     = []
+}
+
+variable "service_endpoints" {
+  type        = string
+  description = "The type of service endpoint(public,private or public-and-private) to be used for connection. Default is public for Standard and lite plans"
+  default     = "public"
+}
+
+variable "schemas" {
+  type = list(object(
+    {
+      schema_id = string
+      schema = object({
+        type = string
+        name = string
+      })
+    }
+  ))
+  description = "The list of schema object which contains schema id and format of the schema"
+  default = [{
+    schema_id = "my-es-schema_1"
+    schema = {
+      type = "string"
+      name = "name_1"
+    }
+    },
+    {
+      schema_id = "my-es-schema_2"
+      schema = {
+        type = "string"
+        name = "name_2"
+      }
+    },
+    {
+      schema_id = "my-es-schema_3"
+      schema = {
+        type = "string"
+        name = "name_3"
+      }
+    }
+  ]
+}
+
+variable "topics" {
+  type = list(object(
+    {
+      name       = string
+      partitions = number
+      config     = object({})
+    }
+  ))
+  description = "List of topics. For lite plan only one topic is allowed."
+  default = [
+    {
+      name       = "topic-1"
+      partitions = 1
+      config = {
+        "cleanup.policy"  = "delete"
+        "retention.ms"    = "86400000"
+        "retention.bytes" = "10485760"
+        "segment.bytes"   = "10485760"
+      }
+    },
+    {
+      name       = "topic-2"
+      partitions = 1
+      config = {
+        "cleanup.policy"  = "compact,delete"
+        "retention.ms"    = "86400000"
+        "retention.bytes" = "1073741824"
+        "segment.bytes"   = "536870912"
+      }
+    }
+  ]
+}

examples/complete/main.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.3.0"
+  required_providers {
+    ibm = {
+      source  = "IBM-Cloud/ibm"
+      version = "1.49.0"
+    }
+  }
+}

examples/complete/outputs.tf

@@ -1,8 +1,8 @@
-# Default example
+# Default example using the modules default inputs
 
-An end-to-end example that uses the module's default variable values.
+An end-to-end example that creates an event streams instance.
 This example uses the IBM Cloud terraform provider to:
  - Create a new resource group if one is not passed in.
- - Create a new Cloud Object Storage instance.
+ - Create a new event streams instance with default inputs in the resource group and region provided.
 
 <!-- Add your example and link to it from the module's main readme file. -->

examples/existing-resources/provider.tf examples/complete/provider.tf

@@ -9,11 +9,14 @@ module "resource_group" {
   existing_resource_group_name = var.resource_group
 }
 
-resource "ibm_resource_instance" "cos_instance" {
-  name              = "${var.prefix}-cos"
-  resource_group_id = module.resource_group.resource_group_id
-  service           = "cloud-object-storage"
-  plan              = "standard"
-  location          = "global"
-  tags              = var.resource_tags
+##############################################################################
+# Events-streams-instance
+##############################################################################
+
+module "event_streams" {
+  source                        = "../../"
+  resource_group_id             = module.resource_group.resource_group_id
+  es_name                       = "${var.prefix}-es"
+  tags                          = var.resource_tags
+  skip_iam_authorization_policy = true
 }

examples/complete/variables.tf

@@ -2,11 +2,6 @@
 # Outputs
 ##############################################################################
 
-output "cos_instance_id" {
-  description = "COS instance id"
-  value       = ibm_resource_instance.cos_instance.id
-}
-
 output "resource_group_name" {
   description = "Resource group name"
   value       = module.resource_group.resource_group_name
@@ -16,3 +11,23 @@ output "resource_group_id" {
   description = "Resource group ID"
   value       = module.resource_group.resource_group_id
 }
+
+output "crn" {
+  description = "Event Streams instance crn"
+  value       = module.event_streams.crn
+}
+
+output "guid" {
+  description = "Event Streams instance guid"
+  value       = module.event_streams.guid
+}
+
+output "kafka_brokers_sasl" {
+  description = "(Array of Strings) Kafka brokers use for interacting with Kafka native API"
+  value       = module.event_streams.kafka_brokers_sasl
+}
+
+output "kafka_http_url" {
+  description = "The API endpoint to interact with Event Streams REST API"
+  value       = module.event_streams.kafka_http_url
+}

examples/complete/version.tf

@@ -13,7 +13,7 @@ variable "region" {
 variable "prefix" {
   type        = string
   description = "Prefix to append to all resources created by this example"
-  default     = "terraform"
+  default     = "event_streams"
 }
 
 variable "resource_group" {
@@ -24,6 +24,6 @@ variable "resource_group" {
 
 variable "resource_tags" {
   type        = list(string)
-  description = "Optional list of tags to be added to created resources"
+  description = "List of tags associated with the Event Steams instance"
   default     = []
 }