You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Validation (approach based on https://github.com/hashicorp/terraform/issues/25609#issuecomment-1057614400)
7
-
8
-
# tflint-ignore: terraform_unused_declarations
9
-
validate_kms_plan=var.plan!="enterprise-3nodes-2tb"&& var.kms_key_crn!=null?tobool("KMS encryption is only supported for enterprise plan.") :true
10
-
# tflint-ignore: terraform_unused_declarations
11
-
validate_metrics=var.plan!="enterprise-3nodes-2tb"&&length(var.metrics) >0?tobool("Metrics are only supported for enterprise plan.") :true
12
-
# tflint-ignore: terraform_unused_declarations
13
-
validate_quotas=var.plan!="enterprise-3nodes-2tb"&&length(var.quotas) >0?tobool("Quotas are only supported for enterprise plan.") :true
14
-
# tflint-ignore: terraform_unused_declarations
15
-
validate_schema_global_rule=var.plan!="enterprise-3nodes-2tb"&& var.schema_global_rule!=null?tobool("Schema global rule is only supported for enterprise plan.") :true
16
-
17
-
# tflint-ignore: terraform_unused_declarations
18
-
validate_kms_values=!var.kms_encryption_enabled&& var.kms_key_crn!=null?tobool("When passing values for var.kms_key_crn, you must set var.kms_encryption_enabled to true. Otherwise unset them to use default encryption.") :true
19
-
# tflint-ignore: terraform_unused_declarations
20
-
validate_kms_vars=var.kms_encryption_enabled&& var.kms_key_crn==null?tobool("When setting var.kms_encryption_enabled to true, a value must be passed for var.kms_key_crn and/or var.backup_encryption_key_crn.") :true
21
-
# tflint-ignore: terraform_unused_declarations
22
-
validate_auth_policy=var.kms_encryption_enabled&& var.skip_kms_iam_authorization_policy==false&& var.kms_key_crn==null?tobool("When var.skip_kms_iam_authorization_policy is set to false, and var.kms_encryption_enabled to true, a value must be passed for var.kms_key_crn in order to create the auth policy.") :true
23
-
# tflint-ignore: terraform_unused_declarations
24
-
validate_throughput_lite_standard=((var.plan=="lite"|| var.plan=="standard") && var.throughput!=150) ?tobool("Throughput value cannot be changed in lite and standard plan. Default value is 150.") :true
25
-
# tflint-ignore: terraform_unused_declarations
26
-
validate_storage_size_lite_standard=((var.plan=="lite"|| var.plan=="standard") && var.storage_size!=2048) ?tobool("Storage size value cannot be changed in lite and standard plan. Default value is 2048.") :true
27
-
# tflint-ignore: terraform_unused_declarations
28
-
validate_service_end_points_lite_standard=((var.plan=="lite"|| var.plan=="standard") && var.service_endpoints!="public") ?tobool("Service endpoint cannot be changed in lite and standard plan. Default is public.") :true
29
-
# tflint-ignore: terraform_unused_declarations
30
-
validate_mirroring_topics=var.mirroring==null&& var.mirroring_topic_patterns!=null?tobool("When passing values for var.mirroring_topic_patterns, values must also be passed for var.mirroring.") :true
31
-
# tflint-ignore: terraform_unused_declarations
32
-
validate_mirroring_config=var.mirroring!=null&& var.mirroring_topic_patterns==null?tobool("When passing values for var.mirroring, values must also be passed for var.mirroring_topic_patterns.") :true
33
-
# tflint-ignore: terraform_unused_declarations
34
-
validate_iam_token_only=var.plan!="enterprise-3nodes-2tb"&& var.iam_token_only?tobool("iam_token_only is only supported for enterprise plan") :true
Copy file name to clipboardexpand all lines: solutions/enterprise/DA-types.md
+70
Original file line number
Diff line number
Diff line change
@@ -3,13 +3,16 @@
3
3
Several optional input variables in the IBM Cloud Event Streams deployable architecture use complex object types. You specify these inputs when you configure you deployable architecture.
## Service credentials <aname="svc-credential-name"></a>
10
11
11
12
You can specify a set of IAM credentials to connect to the instance with the `service_credential_names` input variable. Include a credential name and IAM service role for each key-value pair. Each role provides a specific level of access to the instance. For more information, see [Adding and viewing credentials](https://cloud.ibm.com/docs/account?topic=account-service_credentials&interface=ui).
12
13
14
+
If you want to add service credentials to secret manager and to allow secret manager to manage it, you should use `service_credential_secrets` , see [Service credential secrets](#service-credential-secrets).
15
+
13
16
- Variable name: `service_credential_names`.
14
17
- Type: A map. The key is the name of the service credential. The value is the role that is assigned to that credential.
15
18
- Default value: An empty map (`{}`).
@@ -29,6 +32,73 @@ You can specify a set of IAM credentials to connect to the instance with the `se
29
32
}
30
33
```
31
34
35
+
## Service credential secrets <aname="service-credential-secrets"></a>
36
+
37
+
When you add an IBM Event Streams deployable architecture from the IBM Cloud catalog to IBM Cloud Project, you can configure service credentials. In edit mode for the projects configuration, from the configure panel click the optional tab.
38
+
39
+
To enter a custom value, use the edit action to open the "Edit Array" panel. Add the service credential secrets configurations to the array here.
40
+
41
+
In the configuration, specify the secret group name, whether it already exists or will be created and include all the necessary service credential secrets that need to be created within that secret group.
42
+
43
+
[Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-getting-started#getting-started) about service credential secrets.
44
+
45
+
- Variable name: `service_credential_secrets`.
46
+
- Type: A list of objects that represent service credential secret groups and secrets
47
+
- Default value: An empty list (`[]`)
48
+
49
+
### Options for service_credential_secrets
50
+
51
+
-`secret_group_name` (required): A unique human-readable name that identifies this service credential secret group.
52
+
-`secret_group_description` (optional, default = `null`): A human-readable description for this secret group.
53
+
-`existing_secret_group`: (optional, default = `false`): Set to true, if secret group name provided in the variable `secret_group_name` already exists.
54
+
-`service_credentials`: (required): A list of object that represents a service credential secret.
55
+
56
+
#### Options for service_credentials
57
+
58
+
-`secret_name`: (required): A unique human-readable name of the secret to create.
59
+
-`service_credentials_source_service_role_crn`: (required): The CRN of the role to give the service credential in the IBM Cloud Database service. Service credentials role CRNs can be found at https://cloud.ibm.com/iam/roles, select the IBM Cloud Database and select the role.
60
+
-`secret_labels`: (optional, default = `[]`): Labels of the secret to create. Up to 30 labels can be created. Labels can be 2 - 30 characters, including spaces. Special characters that are not permitted include the angled brackets (<>), comma (,), colon (:), ampersand (&), and vertical pipe character (|).
61
+
-`secret_auto_rotation`: (optional, default = `true`): Whether to configure automatic rotation of service credential.
62
+
-`secret_auto_rotation_unit`: (optional, default = `day`): Specifies the unit of time for rotation of a secret. Acceptable values are `day` or `month`.
63
+
-`secret_auto_rotation_interval`: (optional, default = `89`): Specifies the rotation interval for the rotation unit.
64
+
-`service_credentials_ttl`: (optional, default = `7776000`): The time-to-live (TTL) to assign to generated service credentials (in seconds).
65
+
-`service_credential_secret_description`: (optional, default = `null`): Description of the secret to create.
66
+
67
+
The following example includes all the configuration options for four service credentials and two secret groups.
You can set quotas of an Event Streams service instance. Both the default quota and user quotas may be managed. Quotas are only available on Event Streams Enterprise plan service instances. For more information, see [Event Streams Quotas](https://cloud.ibm.com/docs/EventStreams?topic=EventStreams-enabling_kafka_quotas).
0 commit comments