' | `string` | `null` | no |
| [cloud\_logs\_plan](#input\_cloud\_logs\_plan) | The IBM Cloud Logs plan to provision. Available: standard | `string` | `"standard"` | no |
| [cloud\_logs\_provision](#input\_cloud\_logs\_provision) | Provision a IBM Cloud Logs instance? | `bool` | `true` | no |
-| [cloud\_logs\_region](#input\_cloud\_logs\_region) | The IBM Cloud region where Cloud Logs instances will be created. | `string` | `null` | no |
-| [cloud\_logs\_retention\_period](#input\_cloud\_logs\_retention\_period) | The number of days IBM Cloud Logs will retain the logs data in Priority insights. | `number` | `7` | no |
+| [cloud\_logs\_retention\_period](#input\_cloud\_logs\_retention\_period) | The number of days IBM Cloud Logs will retain the logs data in Priority insights. Allowed values: 7, 14, 30, 60, 90. | `number` | `7` | no |
| [cloud\_logs\_service\_endpoints](#input\_cloud\_logs\_service\_endpoints) | The type of the service endpoint that will be set for the IBM Cloud Logs instance. | `string` | `"public-and-private"` | no |
| [cloud\_logs\_tags](#input\_cloud\_logs\_tags) | Tags associated with the IBM Cloud Logs instance (Optional, array of strings). | `list(string)` | `[]` | no |
| [cloud\_monitoring\_access\_tags](#input\_cloud\_monitoring\_access\_tags) | A list of access tags to apply to the Cloud Monitoring instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. | `list(string)` | `[]` | no |
@@ -245,7 +244,7 @@ No resources.
| [cloud\_monitoring\_manager\_key\_tags](#input\_cloud\_monitoring\_manager\_key\_tags) | Tags associated with the IBM Cloud Monitoring manager key. | `list(string)` | `[]` | no |
| [cloud\_monitoring\_plan](#input\_cloud\_monitoring\_plan) | The IBM Cloud Monitoring plan to provision. Available: lite, graduated-tier | `string` | `"lite"` | no |
| [cloud\_monitoring\_provision](#input\_cloud\_monitoring\_provision) | Provision a IBM cloud monitoring instance? | `bool` | `true` | no |
-| [cloud\_monitoring\_service\_endpoints](#input\_cloud\_monitoring\_service\_endpoints) | The type of the service endpoint that will be set for the IBM cloud monitoring instance. | `string` | `"public-and-private"` | no |
+| [cloud\_monitoring\_service\_endpoints](#input\_cloud\_monitoring\_service\_endpoints) | The type of the service endpoint that will be set for the IBM Cloud Logs instance. Allowed values: public-and-private | `string` | `"public-and-private"` | no |
| [cloud\_monitoring\_tags](#input\_cloud\_monitoring\_tags) | Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | `list(string)` | `[]` | no |
| [enable\_platform\_logs](#input\_enable\_platform\_logs) | Receive platform logs in the provisioned IBM Cloud Logging instance. | `bool` | `true` | no |
| [enable\_platform\_metrics](#input\_enable\_platform\_metrics) | Receive platform metrics in the provisioned IBM Cloud Monitoring instance. | `bool` | `true` | no |
@@ -264,8 +263,10 @@ No resources.
| [log\_analysis\_resource\_key\_role](#input\_log\_analysis\_resource\_key\_role) | Role assigned to provide the IBM Cloud Logging key. | `string` | `"Manager"` | no |
| [log\_analysis\_service\_endpoints](#input\_log\_analysis\_service\_endpoints) | The type of the service endpoint that will be set for the Log Analysis instance. | `string` | `"public-and-private"` | no |
| [log\_analysis\_tags](#input\_log\_analysis\_tags) | Tags associated with the IBM Cloud Logging instance (Optional, array of strings). | `list(string)` | `[]` | no |
+| [logs\_routing\_tenant\_regions](#input\_logs\_routing\_tenant\_regions) | Pass a list of regions to create a tenant for that is targetted to the Cloud Logs instance created by this module. To manage platform logs that are generated by IBM Cloud® services in a region of IBM Cloud, you must create a tenant in each region that you operate. Leave the list empty if you don't want to create any tenants. | `list(any)` | `[]` | no |
| [region](#input\_region) | The IBM Cloud region where instances will be created. | `string` | `"us-south"` | no |
| [resource\_group\_id](#input\_resource\_group\_id) | The id of the IBM Cloud resource group where the instance(s) will be created. | `string` | n/a | yes |
+| [skip\_logs\_routing\_auth\_policy](#input\_skip\_logs\_routing\_auth\_policy) | Whether to create an IAM authorization policy that permits Logs Routing Sender access to the IBM Cloud Logs. | `bool` | `false` | no |
### Outputs
diff --git a/examples/advanced/main.tf b/examples/advanced/main.tf
index c5c062f4..b835b94f 100644
--- a/examples/advanced/main.tf
+++ b/examples/advanced/main.tf
@@ -175,6 +175,7 @@ module "observability_instance_creation" {
activity_tracker_plan = "7-day"
cloud_logs_plan = "standard"
log_analysis_tags = var.resource_tags
+ activity_tracker_provision = var.activity_tracker_provision
cloud_monitoring_tags = var.resource_tags
activity_tracker_tags = var.resource_tags
log_analysis_manager_key_tags = var.resource_tags
@@ -256,7 +257,6 @@ module "observability_instance_creation" {
}
cloud_logs_retention_period = 14
- cloud_logs_region = "eu-es"
cloud_logs_data_storage = {
logs_data = {
enabled = true
@@ -273,4 +273,6 @@ module "observability_instance_creation" {
en_instance_id = module.event_notification.guid
en_region = var.en_region
}]
+ # Only 1 account level tenant can be created per region, so to prevent tests from clashing, not creating any tenants until https://github.ibm.com/GoldenEye/issues/issues/10676 is implemented
+ # logs_routing_tenant_regions = [var.region]
}
diff --git a/examples/advanced/providers.tf b/examples/advanced/providers.tf
index 1dc5e434..67c51d8b 100644
--- a/examples/advanced/providers.tf
+++ b/examples/advanced/providers.tf
@@ -1,5 +1,6 @@
provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
+ region = var.region
}
locals {
diff --git a/examples/advanced/variables.tf b/examples/advanced/variables.tf
index 4b6724a5..f707ea6e 100644
--- a/examples/advanced/variables.tf
+++ b/examples/advanced/variables.tf
@@ -19,6 +19,7 @@ variable "prefix" {
variable "region" {
description = "Region where resources will be created"
type = string
+ default = "us-south"
}
variable "resource_group" {
@@ -76,3 +77,9 @@ variable "en_region" {
description = "Region where event notification will be created"
default = "au-syd"
}
+
+variable "activity_tracker_provision" {
+ type = bool
+ description = "Whether to provision an Activity Tracker instance"
+ default = true
+}
diff --git a/examples/advanced/version.tf b/examples/advanced/version.tf
index ebe95646..e7529087 100644
--- a/examples/advanced/version.tf
+++ b/examples/advanced/version.tf
@@ -5,7 +5,7 @@ terraform {
required_providers {
ibm = {
source = "ibm-cloud/ibm"
- version = ">= 1.67.1"
+ version = ">= 1.69.2"
}
logdna = {
source = "logdna/logdna"
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
index 3be5ca18..4be941b1 100644
--- a/examples/basic/main.tf
+++ b/examples/basic/main.tf
@@ -39,5 +39,4 @@ module "test_observability_instance_creation" {
cloud_monitoring_access_tags = var.access_tags
activity_tracker_access_tags = var.access_tags
cloud_logs_access_tags = var.access_tags
- cloud_logs_region = "eu-es"
}
diff --git a/examples/basic/providers.tf b/examples/basic/providers.tf
index 7cde4aab..c782e368 100644
--- a/examples/basic/providers.tf
+++ b/examples/basic/providers.tf
@@ -1,5 +1,6 @@
provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
+ region = var.region
}
locals {
diff --git a/examples/basic/version.tf b/examples/basic/version.tf
index a6a88a56..91f37e52 100644
--- a/examples/basic/version.tf
+++ b/examples/basic/version.tf
@@ -5,7 +5,7 @@ terraform {
# module's version.tf (basic), and 1 example that will always use the latest provider version.
ibm = {
source = "ibm-cloud/ibm"
- version = "1.67.1"
+ version = "1.69.2"
}
logdna = {
source = "logdna/logdna"
diff --git a/main.tf b/main.tf
index 61c1ead0..075cf3b8 100644
--- a/main.tf
+++ b/main.tf
@@ -76,16 +76,18 @@ module "cloud_monitoring" {
# IBM Cloud Logs
module "cloud_logs" {
- count = var.cloud_logs_provision ? 1 : 0
- source = "./modules/cloud_logs"
- region = var.cloud_logs_region != null ? var.cloud_logs_region : var.region
- resource_group_id = var.resource_group_id
- instance_name = var.cloud_logs_instance_name
- plan = var.cloud_logs_plan
- resource_tags = var.cloud_logs_tags
- access_tags = var.cloud_logs_access_tags
- retention_period = var.cloud_logs_retention_period
- data_storage = var.cloud_logs_data_storage
- service_endpoints = var.cloud_logs_service_endpoints
- existing_en_instances = var.cloud_logs_existing_en_instances
+ count = var.cloud_logs_provision ? 1 : 0
+ source = "./modules/cloud_logs"
+ region = var.region
+ resource_group_id = var.resource_group_id
+ instance_name = var.cloud_logs_instance_name
+ plan = var.cloud_logs_plan
+ resource_tags = var.cloud_logs_tags
+ access_tags = var.cloud_logs_access_tags
+ retention_period = var.cloud_logs_retention_period
+ data_storage = var.cloud_logs_data_storage
+ service_endpoints = var.cloud_logs_service_endpoints
+ existing_en_instances = var.cloud_logs_existing_en_instances
+ skip_logs_routing_auth_policy = var.skip_logs_routing_auth_policy
+ logs_routing_tenant_regions = var.logs_routing_tenant_regions
}
diff --git a/modules/activity_tracker/README.md b/modules/activity_tracker/README.md
index f2b4c421..737e592a 100644
--- a/modules/activity_tracker/README.md
+++ b/modules/activity_tracker/README.md
@@ -45,7 +45,7 @@ module "activity_tracker" {
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
-| [ibm](#requirement\_ibm) | >= 1.67.1, < 2.0.0 |
+| [ibm](#requirement\_ibm) | >= 1.69.2, < 2.0.0 |
| [logdna](#requirement\_logdna) | >= 1.14.2, < 2.0.0 |
| [time](#requirement\_time) | >= 0.9.1, < 1.0.0 |
diff --git a/modules/activity_tracker/version.tf b/modules/activity_tracker/version.tf
index fb462895..4ef7414c 100644
--- a/modules/activity_tracker/version.tf
+++ b/modules/activity_tracker/version.tf
@@ -4,7 +4,7 @@ terraform {
# Use "greater than or equal to" range in modules
ibm = {
source = "ibm-cloud/ibm"
- version = ">= 1.67.1, < 2.0.0"
+ version = ">= 1.69.2, < 2.0.0"
}
logdna = {
source = "logdna/logdna"
diff --git a/modules/cloud_logs/README.md b/modules/cloud_logs/README.md
index 797878b0..79a33555 100644
--- a/modules/cloud_logs/README.md
+++ b/modules/cloud_logs/README.md
@@ -32,7 +32,8 @@ module "cloud_logs" {
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
-| [ibm](#requirement\_ibm) | >= 1.67.1, < 2.0.0 |
+| [ibm](#requirement\_ibm) | >= 1.69.2, < 2.0.0 |
+| [random](#requirement\_random) | >= 3.5.1, < 4.0.0 |
| [time](#requirement\_time) | >= 0.9.1, < 1.0.0 |
### Modules
@@ -45,9 +46,12 @@ No modules.
|------|------|
| [ibm_iam_authorization_policy.cos_policy](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource |
| [ibm_iam_authorization_policy.en_policy](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource |
+| [ibm_iam_authorization_policy.logs_routing_policy](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource |
| [ibm_logs_outgoing_webhook.en_integration](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/logs_outgoing_webhook) | resource |
+| [ibm_logs_router_tenant.logs_router_tenant_instances](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/logs_router_tenant) | resource |
| [ibm_resource_instance.cloud_logs](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_instance) | resource |
| [ibm_resource_tag.cloud_logs_tag](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_tag) | resource |
+| [random_string.random_tenant_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
| [time_sleep.wait_for_en_authorization_policy](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
| [ibm_iam_account_settings.iam_account_settings](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/iam_account_settings) | data source |
@@ -59,12 +63,14 @@ No modules.
| [data\_storage](#input\_data\_storage) | A logs data bucket and a metrics bucket in IBM Cloud Object Storage to store your IBM Cloud Logs data for long term storage, search, analysis and alerting. | object({
logs_data = optional(object({
enabled = optional(bool, false)
bucket_crn = optional(string)
bucket_endpoint = optional(string)
skip_cos_auth_policy = optional(bool, false)
}), {})
metrics_data = optional(object({
enabled = optional(bool, false)
bucket_crn = optional(string)
bucket_endpoint = optional(string)
skip_cos_auth_policy = optional(bool, false)
}), {})
}
) | {
"logs_data": null,
"metrics_data": null
} | no |
| [existing\_en\_instances](#input\_existing\_en\_instances) | List of Event Notifications instance details for routing critical events that occur in your IBM Cloud Logs | list(object({
en_instance_id = string
en_region = string
en_integration_name = optional(string)
skip_en_auth_policy = optional(bool, false)
})) | `[]` | no |
| [instance\_name](#input\_instance\_name) | The name of the IBM Cloud Logs instance to create. Defaults to 'cloud-logs-' | `string` | `null` | no |
+| [logs\_routing\_tenant\_regions](#input\_logs\_routing\_tenant\_regions) | Pass a list of regions to create a tenant for that is targetted to the Cloud Logs instance created by this module. To manage platform logs that are generated by IBM Cloud® services in a region of IBM Cloud, you must create a tenant in each region that you operate. Leave the list empty if you don't want to create any tenants. | `list(any)` | `[]` | no |
| [plan](#input\_plan) | The IBM Cloud Logs plan to provision. Available: standard | `string` | `"standard"` | no |
-| [region](#input\_region) | The region where observability resources are created. | `string` | `"eu-es"` | no |
-| [resource\_group\_id](#input\_resource\_group\_id) | The id of the IBM Cloud resource group where the instance(s) will be created. | `string` | `null` | no |
+| [region](#input\_region) | The IBM Cloud region where Cloud logs instance will be created. | `string` | `"us-south"` | no |
+| [resource\_group\_id](#input\_resource\_group\_id) | The id of the IBM Cloud resource group where the instance will be created. | `string` | `null` | no |
| [resource\_tags](#input\_resource\_tags) | Tags associated with the IBM Cloud Logs instance (Optional, array of strings). | `list(string)` | `[]` | no |
-| [retention\_period](#input\_retention\_period) | The number of days IBM Cloud Logs will retain the logs data in Priority insights. | `number` | `7` | no |
-| [service\_endpoints](#input\_service\_endpoints) | The type of the service endpoint that will be set for the IBM Cloud Logs instance. | `string` | `"public-and-private"` | no |
+| [retention\_period](#input\_retention\_period) | The number of days IBM Cloud Logs will retain the logs data in Priority insights. Allowed values: 7, 14, 30, 60, 90. | `number` | `7` | no |
+| [service\_endpoints](#input\_service\_endpoints) | The type of the service endpoint that will be set for the IBM Cloud Logs instance. Allowed values: public-and-private | `string` | `"public-and-private"` | no |
+| [skip\_logs\_routing\_auth\_policy](#input\_skip\_logs\_routing\_auth\_policy) | Whether to create an IAM authorization policy that permits the Logs Routing server 'Sender' access to the IBM Cloud Logs instance created by this module. | `bool` | `false` | no |
### Outputs
diff --git a/modules/cloud_logs/main.tf b/modules/cloud_logs/main.tf
index 89d64d91..8d46be15 100644
--- a/modules/cloud_logs/main.tf
+++ b/modules/cloud_logs/main.tf
@@ -106,3 +106,55 @@ resource "ibm_logs_outgoing_webhook" "en_integration" {
region_id = each.value.en_region
}
}
+
+##############################################################################
+# Logs Routing
+##############################################################################
+
+# Create required auth policy to allow log routing service to send logs to the cloud logs instance
+resource "ibm_iam_authorization_policy" "logs_routing_policy" {
+ count = !var.skip_logs_routing_auth_policy ? 1 : 0
+ source_service_name = "logs-router"
+ roles = ["Sender"]
+ description = "Allow Logs Routing `Sender` access to the IBM Cloud Logs with ID ${ibm_resource_instance.cloud_logs.guid}."
+
+ resource_attributes {
+ name = "serviceName"
+ operator = "stringEquals"
+ value = "logs"
+ }
+
+ resource_attributes {
+ name = "accountId"
+ operator = "stringEquals"
+ value = data.ibm_iam_account_settings.iam_account_settings.account_id
+ }
+
+ resource_attributes {
+ name = "serviceInstance"
+ operator = "stringEquals"
+ value = ibm_resource_instance.cloud_logs.guid
+ }
+}
+
+resource "random_string" "random_tenant_suffix" {
+ length = 4
+ numeric = true
+ upper = false
+ lower = false
+ special = false
+}
+
+resource "ibm_logs_router_tenant" "logs_router_tenant_instances" {
+ for_each = toset(var.logs_routing_tenant_regions)
+ name = "${each.key}-${random_string.random_tenant_suffix.result}"
+ region = each.key
+ targets {
+ log_sink_crn = ibm_resource_instance.cloud_logs.crn
+ name = local.instance_name
+ parameters {
+ host = ibm_resource_instance.cloud_logs.extensions.external_ingress
+ port = 443
+ }
+ }
+}
diff --git a/modules/cloud_logs/variables.tf b/modules/cloud_logs/variables.tf
index 1a94ddbd..266a401b 100644
--- a/modules/cloud_logs/variables.tf
+++ b/modules/cloud_logs/variables.tf
@@ -1,12 +1,12 @@
variable "region" {
- description = "The region where observability resources are created."
+ description = "The IBM Cloud region where Cloud logs instance will be created."
type = string
- default = "eu-es"
+ default = "us-south"
}
variable "resource_group_id" {
type = string
- description = "The id of the IBM Cloud resource group where the instance(s) will be created."
+ description = "The id of the IBM Cloud resource group where the instance will be created."
default = null
}
@@ -25,7 +25,7 @@ variable "plan" {
condition = anytrue([
var.plan == "standard",
])
- error_message = "The cloud_logs_plan value must be one of the following: standard."
+ error_message = "The plan value must be one of the following: standard."
}
}
@@ -43,8 +43,13 @@ variable "access_tags" {
variable "retention_period" {
type = number
- description = "The number of days IBM Cloud Logs will retain the logs data in Priority insights."
+ description = "The number of days IBM Cloud Logs will retain the logs data in Priority insights. Allowed values: 7, 14, 30, 60, 90."
default = 7
+
+ validation {
+ condition = contains([7, 14, 30, 60, 90], var.retention_period)
+ error_message = "Valid values 'retention_period' are: 7, 14, 30, 60, 90"
+ }
}
variable "data_storage" {
@@ -99,12 +104,12 @@ variable "data_storage" {
}
variable "service_endpoints" {
- description = "The type of the service endpoint that will be set for the IBM Cloud Logs instance."
+ description = "The type of the service endpoint that will be set for the IBM Cloud Logs instance. Allowed values: public-and-private"
type = string
default = "public-and-private"
validation {
- condition = contains(["public", "private", "public-and-private"], var.service_endpoints)
- error_message = "The specified service_endpoints is not a valid selection"
+ condition = contains(["public-and-private"], var.service_endpoints)
+ error_message = "The specified service_endpoints is not a valid selection. Allowed values: public-and-private"
}
}
@@ -122,3 +127,20 @@ variable "existing_en_instances" {
default = []
description = "List of Event Notifications instance details for routing critical events that occur in your IBM Cloud Logs"
}
+
+##############################################################################
+# Logs Routing
+##############################################################################
+
+variable "logs_routing_tenant_regions" {
+ type = list(any)
+ default = []
+ description = "Pass a list of regions to create a tenant for that is targetted to the Cloud Logs instance created by this module. To manage platform logs that are generated by IBM Cloud® services in a region of IBM Cloud, you must create a tenant in each region that you operate. Leave the list empty if you don't want to create any tenants."
+ nullable = false
+}
+
+variable "skip_logs_routing_auth_policy" {
+ description = "Whether to create an IAM authorization policy that permits the Logs Routing server 'Sender' access to the IBM Cloud Logs instance created by this module."
+ type = bool
+ default = false
+}
diff --git a/modules/cloud_logs/version.tf b/modules/cloud_logs/version.tf
index 12050f70..71bc8f62 100644
--- a/modules/cloud_logs/version.tf
+++ b/modules/cloud_logs/version.tf
@@ -4,11 +4,15 @@ terraform {
# Use "greater than or equal to" range in modules
ibm = {
source = "ibm-cloud/ibm"
- version = ">= 1.67.1, < 2.0.0"
+ version = ">= 1.69.2, < 2.0.0"
}
time = {
source = "hashicorp/time"
version = ">= 0.9.1, < 1.0.0"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 3.5.1, < 4.0.0"
+ }
}
}
diff --git a/modules/cloud_monitoring/README.md b/modules/cloud_monitoring/README.md
index db23432c..d77f1a67 100644
--- a/modules/cloud_monitoring/README.md
+++ b/modules/cloud_monitoring/README.md
@@ -26,7 +26,7 @@ module "cloud_monitoring" {
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
-| [ibm](#requirement\_ibm) | >= 1.67.1, < 2.0.0 |
+| [ibm](#requirement\_ibm) | >= 1.69.2, < 2.0.0 |
### Modules
diff --git a/modules/cloud_monitoring/version.tf b/modules/cloud_monitoring/version.tf
index 74d0aa24..7a2edbdb 100644
--- a/modules/cloud_monitoring/version.tf
+++ b/modules/cloud_monitoring/version.tf
@@ -4,7 +4,7 @@ terraform {
# Use "greater than or equal to" range in modules
ibm = {
source = "ibm-cloud/ibm"
- version = ">= 1.67.1, < 2.0.0"
+ version = ">= 1.69.2, < 2.0.0"
}
}
}
diff --git a/modules/log_analysis/README.md b/modules/log_analysis/README.md
index c3bf0aaa..9a5b6c70 100644
--- a/modules/log_analysis/README.md
+++ b/modules/log_analysis/README.md
@@ -45,7 +45,7 @@ module "log_analysis" {
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
-| [ibm](#requirement\_ibm) | >= 1.67.1, < 2.0.0 |
+| [ibm](#requirement\_ibm) | >= 1.69.2, < 2.0.0 |
| [logdna](#requirement\_logdna) | >= 1.14.2, < 2.0.0 |
### Modules
diff --git a/modules/log_analysis/version.tf b/modules/log_analysis/version.tf
index 161d7f95..1be94e3c 100644
--- a/modules/log_analysis/version.tf
+++ b/modules/log_analysis/version.tf
@@ -4,7 +4,7 @@ terraform {
# Use "greater than or equal to" range in modules
ibm = {
source = "ibm-cloud/ibm"
- version = ">= 1.67.1, < 2.0.0"
+ version = ">= 1.69.2, < 2.0.0"
}
logdna = {
source = "logdna/logdna"
diff --git a/tests/pr_test.go b/tests/pr_test.go
index 344f1d25..5ef2bb94 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -90,6 +90,9 @@ func TestRunAdvanceExampleInSchematics(t *testing.T) {
Tags: []string{"test-schematic"},
DeleteWorkspaceOnFail: false,
WaitJobCompleteMinutes: 60,
+ CloudInfoService: sharedInfoSvc,
+ // Support being tracked in https://github.ibm.com/GoldenEye/issues/issues/10723
+ // ExcludeActivityTrackerRegions: true,
})
options.TerraformVars = []testschematic.TestSchematicTerraformVar{
@@ -97,6 +100,8 @@ func TestRunAdvanceExampleInSchematics(t *testing.T) {
{Name: "prefix", Value: options.Prefix, DataType: "string"},
{Name: "region", Value: options.Region, DataType: "string"},
{Name: "atracker_target_region", Value: validRegions[rand.Intn(len(validRegions))], DataType: "string"},
+ // Disable AT provisioning in this test until ExcludeActivityTrackerRegions is supported (https://github.ibm.com/GoldenEye/issues/issues/10723)
+ {Name: "activity_tracker_provision", Value: false, DataType: "bool"},
}
err := options.RunSchematicTest()
diff --git a/variables.tf b/variables.tf
index 423239d9..89930eb4 100644
--- a/variables.tf
+++ b/variables.tf
@@ -198,12 +198,12 @@ variable "enable_platform_metrics" {
}
variable "cloud_monitoring_service_endpoints" {
- description = "The type of the service endpoint that will be set for the IBM cloud monitoring instance."
+ description = "The type of the service endpoint that will be set for the IBM Cloud Logs instance. Allowed values: public-and-private"
type = string
default = "public-and-private"
validation {
- condition = contains(["public", "private", "public-and-private"], var.cloud_monitoring_service_endpoints)
- error_message = "The specified service_endpoints is not a valid selection"
+ condition = contains(["public-and-private"], var.cloud_monitoring_service_endpoints)
+ error_message = "The specified service_endpoints is not a valid selection. Allowed values: public-and-private"
}
}
@@ -397,12 +397,6 @@ variable "cloud_logs_plan" {
default = "standard"
}
-variable "cloud_logs_region" {
- description = "The IBM Cloud region where Cloud Logs instances will be created."
- type = string
- default = null
-}
-
variable "cloud_logs_tags" {
type = list(string)
description = "Tags associated with the IBM Cloud Logs instance (Optional, array of strings)."
@@ -427,15 +421,20 @@ variable "cloud_logs_service_endpoints" {
type = string
default = "public-and-private"
validation {
- condition = contains(["public", "private", "public-and-private"], var.cloud_logs_service_endpoints)
+ condition = contains(["public-and-private"], var.cloud_logs_service_endpoints)
error_message = "The specified service_endpoints is not a valid selection"
}
}
variable "cloud_logs_retention_period" {
type = number
- description = "The number of days IBM Cloud Logs will retain the logs data in Priority insights."
+ description = "The number of days IBM Cloud Logs will retain the logs data in Priority insights. Allowed values: 7, 14, 30, 60, 90."
default = 7
+
+ validation {
+ condition = contains([7, 14, 30, 60, 90], var.cloud_logs_retention_period)
+ error_message = "Valid values 'cloud_logs_retention_period' are: 7, 14, 30, 60, 90"
+ }
}
variable "cloud_logs_existing_en_instances" {
@@ -471,4 +470,18 @@ variable "cloud_logs_data_storage" {
}
description = "A logs data bucket and a metrics bucket in IBM Cloud Object Storage to store your IBM Cloud Logs data for long term storage, search, analysis and alerting."
}
+
+variable "skip_logs_routing_auth_policy" {
+ description = "Whether to create an IAM authorization policy that permits Logs Routing Sender access to the IBM Cloud Logs."
+ type = bool
+ default = false
+}
+
+variable "logs_routing_tenant_regions" {
+ type = list(any)
+ default = []
+ description = "Pass a list of regions to create a tenant for that is targetted to the Cloud Logs instance created by this module. To manage platform logs that are generated by IBM Cloud® services in a region of IBM Cloud, you must create a tenant in each region that you operate. Leave the list empty if you don't want to create any tenants."
+ nullable = false
+}
+
##############################################################################
diff --git a/version.tf b/version.tf
index ab817f93..0757048d 100644
--- a/version.tf
+++ b/version.tf
@@ -5,7 +5,7 @@ terraform {
# tflint-ignore: terraform_unused_required_providers
ibm = {
source = "ibm-cloud/ibm"
- version = ">= 1.67.1, < 2.0.0"
+ version = ">= 1.69.2, < 2.0.0"
}
logdna = {
source = "logdna/logdna"