terraform-ibm-modules · ocofaigh · Sep 11, 2024 · Sep 9, 2024 · Sep 9, 2024 · Sep 9, 2024
@@ -25,6 +25,7 @@ See in particular the [fscloud module](./modules/fscloud/) that enables creating
     * [Multi resource rule example](./examples/multi-resource-rule)
     * [Multi-zone example](./examples/multizone-rule)
     * [Pre-wired CBR configuration for FS Cloud example](./examples/fscloud)
+    * [Zone example](./examples/update-existing-zone-addresses)
     * [Zone example](./examples/zone)
 * [Contributing](#contributing)
 <!-- END OVERVIEW HOOK -->
@@ -103,7 +104,7 @@ You need the following permissions to run this module.
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.65.0, < 2.0.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.69.0, < 2.0.0 |
 
 ### Modules
 

@@ -5,7 +5,7 @@ terraform {
     # module's version.tf (zone or multi zone rule), and 1 example that will always use the latest provider version (fscloud multi service profile and multi resource rule).
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">= 1.65.0"
+      version = ">= 1.69.0"
 
     }
   }

@@ -5,7 +5,7 @@ terraform {
     # module's version.tf (zone or multi zone rule), and 1 example that will always use the latest provider version (fscloud multi service profile and multi resource rule).
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.65.0"
+      version = "1.69.0"
     }
   }
 }
@@ -0,0 +1,9 @@
+# Zone example
+
+Example that creates a zone for context-based restrictions. This example uses the IBM Cloud Provider to automate the following infrastructure:
+
+- Creates 2 VPCs.
+- Creates 2 Public Gateways.
+- Creates 2 VPC Subnets.
+- Creates a CBR Zone for the VPC.
+- Updates an existing CBR Zone created above with a new addresses containing a new VPC and a `compliance` serviceRef.
@@ -0,0 +1,108 @@
+##############################################################################
+# Get Cloud Account ID
+##############################################################################
+
+data "ibm_iam_account_settings" "iam_account_settings" {
+}
+
+##############################################################################
+# Resource Group
+##############################################################################
+
+module "resource_group" {
+  source  = "terraform-ibm-modules/resource-group/ibm"
+  version = "1.1.6"
+  # if an existing resource group is not set (null) create a new one using prefix
+  resource_group_name          = var.resource_group == null ? "${var.prefix}-resource-group" : null
+  existing_resource_group_name = var.resource_group
+}
+
+##############################################################################
+# VPCs
+##############################################################################
+resource "ibm_is_vpc" "example_vpc" {
+  name           = "${var.prefix}-vpc"
+  resource_group = module.resource_group.resource_group_id
+  tags           = var.resource_tags
+}
+
+resource "ibm_is_public_gateway" "testacc_gateway" {
+  name           = "${var.prefix}-pgateway"
+  vpc            = ibm_is_vpc.example_vpc.id
+  zone           = "${var.region}-1"
+  resource_group = module.resource_group.resource_group_id
+}
+
+resource "ibm_is_subnet" "testacc_subnet" {
+  name                     = "${var.prefix}-subnet"
+  vpc                      = ibm_is_vpc.example_vpc.id
+  zone                     = "${var.region}-1"
+  public_gateway           = ibm_is_public_gateway.testacc_gateway.id
+  total_ipv4_address_count = 256
+  resource_group           = module.resource_group.resource_group_id
+}
+
+resource "ibm_is_vpc" "example_new_vpc" {
+  name           = "${var.prefix}-new-vpc"
+  resource_group = module.resource_group.resource_group_id
+  tags           = var.resource_tags
+}
+
+resource "ibm_is_public_gateway" "testacc_new_gateway" {
+  name           = "${var.prefix}-new-pgateway"
+  vpc            = ibm_is_vpc.example_new_vpc.id
+  zone           = "${var.region}-1"
+  resource_group = module.resource_group.resource_group_id
+}
+
+resource "ibm_is_subnet" "testacc_new_subnet" {
+  name                     = "${var.prefix}-new-subnet"
+  vpc                      = ibm_is_vpc.example_new_vpc.id
+  zone                     = "${var.region}-1"
+  public_gateway           = ibm_is_public_gateway.testacc_new_gateway.id
+  total_ipv4_address_count = 256
+  resource_group           = module.resource_group.resource_group_id
+}
+
+##############################################################################
+# CBR zone & rule creation
+##############################################################################
+
+locals {
+  zone_address_details = [{
+    type  = "vpc", # to bind a specific vpc to the zone
+    value = resource.ibm_is_vpc.example_vpc.crn,
+    }, {
+    type = "serviceRef" # to bind a service reference type should be 'serviceRef'
+    ref = {
+      account_id   = data.ibm_iam_account_settings.iam_account_settings.account_id
+      service_name = "secrets-manager" # secrets manager service reference.
+    }
+  }]
+
+  new_zone_address_details = [{
+    type  = "vpc", # to bind a specific vpc to the zone
+    value = resource.ibm_is_vpc.example_new_vpc.crn,
+    }, {
+    type = "serviceRef" # to bind a service reference type should be 'serviceRef'
+    ref = {
+      account_id   = data.ibm_iam_account_settings.iam_account_settings.account_id
+      service_name = "compliance" # SCC service reference.
+    }
+  }]
+}
+
+module "ibm_cbr_zone" {
+  source           = "../../modules/cbr-zone-module"
+  name             = "${var.prefix}-cbr-zone"
+  account_id       = data.ibm_iam_account_settings.iam_account_settings.account_id
+  zone_description = var.zone_description
+  addresses        = local.zone_address_details
+}
+
+module "update_cbr_zone" {
+  source                = "../../modules/cbr-zone-module"
+  use_existing_cbr_zone = true
+  zone_id               = module.ibm_cbr_zone.zone_id
+  addresses             = local.new_zone_address_details
+}
@@ -0,0 +1,53 @@
+# # ##############################################################################
+# # # Outputs
+# # ##############################################################################
+
+output "vpc_id" {
+  value       = resource.ibm_is_vpc.example_vpc.id
+  description = "VPC id"
+}
+
+output "new_vpc_id" {
+  value       = resource.ibm_is_vpc.example_new_vpc.id
+  description = "New VPC id"
+}
+
+output "vpc_crn" {
+  value       = resource.ibm_is_vpc.example_vpc.crn
+  description = "VPC crn"
+}
+
+output "new_vpc_crn" {
+  value       = resource.ibm_is_vpc.example_new_vpc.crn
+  description = "New VPC crn"
+}
+
+output "account_id" {
+  description = "account id"
+  value       = data.ibm_iam_account_settings.iam_account_settings.id
+}
+
+output "zone_name" {
+  value       = module.ibm_cbr_zone.zone_names
+  description = "cbr_zone resource instance name"
+}
+
+output "zone_description" {
+  value       = module.ibm_cbr_zone.zone_description
+  description = "cbr_zone resource instance description"
+}
+
+output "zone_id" {
+  value       = module.ibm_cbr_zone.zone_id
+  description = "cbr_zone resource instance id"
+}
+
+output "zone_crn" {
+  value       = module.ibm_cbr_zone.zone_crn
+  description = "cbr_zone resource instance crn"
+}
+
+output "zone_href" {
+  value       = module.ibm_cbr_zone.zone_href
+  description = "cbr_zone resource instance href"
+}
@@ -0,0 +1,4 @@
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+  region           = var.region
+}
@@ -0,0 +1,37 @@
+variable "ibmcloud_api_key" {
+  type        = string
+  description = "The IBM Cloud API Key"
+  sensitive   = true
+}
+
+variable "prefix" {
+  type        = string
+  description = "Prefix to append to all resources created by this example"
+}
+
+variable "region" {
+  description = "Name of the Region to deploy into"
+  type        = string
+}
+
+variable "resource_group" {
+  type        = string
+  description = "An existing resource group name to use for this example, if unset a new resource group will be created"
+  default     = null
+}
+
+variable "resource_tags" {
+  type        = list(string)
+  description = "Optional list of tags to be added to created resources"
+  default     = []
+}
+
+##############################################################
+# CBR
+##############################################################
+
+variable "zone_description" {
+  type        = string
+  description = "(Optional, String) The description of the zone"
+  default     = "Zone from automation"
+}
@@ -0,0 +1,11 @@
+terraform {
+  required_version = ">= 1.3.0"
+  required_providers {
+    # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
+    # module's version.tf (zone or multi zone rule), and 1 example that will always use the latest provider version (fscloud multi service profile and multi resource rule).
+    ibm = {
+      source  = "IBM-Cloud/ibm"
+      version = "1.69.0"
+    }
+  }
+}
@@ -5,7 +5,7 @@ terraform {
     # module's version.tf (zone or multi zone rule), and 1 example that will always use the latest provider version (fscloud multi service profile and multi resource rule).
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.65.0"
+      version = "1.69.0"
     }
   }
 }
@@ -81,8 +81,8 @@ No modules.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_rule_crn"></a> [rule\_crn](#output\_rule\_crn) | CBR rule resource instance crn |
-| <a name="output_rule_description"></a> [rule\_description](#output\_rule\_description) | CBR rule resource instance description |
+| <a name="output_rule_crn"></a> [rule\_crn](#output\_rule\_crn) | CBR rule resource crn |
+| <a name="output_rule_description"></a> [rule\_description](#output\_rule\_description) | CBR rule resource description |
 | <a name="output_rule_href"></a> [rule\_href](#output\_rule\_href) | CBR rule resource href |
-| <a name="output_rule_id"></a> [rule\_id](#output\_rule\_id) | CBR rule resource instance id |
+| <a name="output_rule_id"></a> [rule\_id](#output\_rule\_id) | CBR rule resource id |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -4,17 +4,17 @@
 
 output "rule_description" {
   value       = ibm_cbr_rule.cbr_rule.description
-  description = "CBR rule resource instance description"
+  description = "CBR rule resource description"
 }
 
 output "rule_id" {
   value       = ibm_cbr_rule.cbr_rule.id
-  description = "CBR rule resource instance id"
+  description = "CBR rule resource id"
 }
 
 output "rule_crn" {
   value       = ibm_cbr_rule.cbr_rule.crn
-  description = "CBR rule resource instance crn"
+  description = "CBR rule resource crn"
 }
 
 output "rule_href" {

@@ -1,10 +1,11 @@
 # CBR Zone Module
 
-Creates a zone for Context Based Restrictions
+Creates a zone for Context Based Restrictions or updates an addresses in an existing zone.
 
 ### Usage
 
 ```hcl
+# Creates a new zone
 module "ibm_cbr" "zone" {
   source           = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module"
   version          = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
@@ -15,13 +16,24 @@ module "ibm_cbr" "zone" {
 }
 ```
 
+```hcl
+# Updates an existing zone with a new addresses
+module "ibm_cbr" "zone" {
+  source           = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module"
+  version          = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific
+  use_existing_cbr_zone = true
+  zone_id          = "7714beceb512dffef0746cd0e4105309" # pragma: allowlist secret
+  addresses        = [{type  = "vpc",value = "vpc_crn"}]
+}
+```
+
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ### Requirements
 
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.65.0, < 2.0.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.69.0, < 2.0.0 |
 
 ### Modules
 
@@ -32,6 +44,7 @@ No modules.
 | Name | Type |
 |------|------|
 | [ibm_cbr_zone.cbr_zone](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cbr_zone) | resource |
+| [ibm_cbr_zone_addresses.update_cbr_zone_address](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cbr_zone_addresses) | resource |
 
 ### Inputs
 
@@ -41,15 +54,17 @@ No modules.
 | <a name="input_addresses"></a> [addresses](#input\_addresses) | (List) The list of addresses in the zone | <pre>list(object({<br>    type  = optional(string)<br>    value = optional(string)<br>    ref = optional(object({<br>      account_id       = string<br>      location         = optional(string)<br>      service_instance = optional(string)<br>      service_name     = optional(string)<br>      service_type     = optional(string)<br>    }))<br>  }))</pre> | `[]` | no |
 | <a name="input_excluded_addresses"></a> [excluded\_addresses](#input\_excluded\_addresses) | (Optional, List) The list of excluded addresses in the zone | <pre>list(object({<br>    type  = optional(string)<br>    value = optional(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_name"></a> [name](#input\_name) | (Optional, String) The name of the zone | `string` | `null` | no |
+| <a name="input_use_existing_cbr_zone"></a> [use\_existing\_cbr\_zone](#input\_use\_existing\_cbr\_zone) | Whether to update CBR zone using existing zone ID | `bool` | `false` | no |
 | <a name="input_zone_description"></a> [zone\_description](#input\_zone\_description) | (Optional, String) The description of the zone | `string` | `null` | no |
+| <a name="input_zone_id"></a> [zone\_id](#input\_zone\_id) | Provide an existing CBR zone ID | `string` | `null` | no |
 
 ### Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_zone_crn"></a> [zone\_crn](#output\_zone\_crn) | CBR zone resource instance crn |
-| <a name="output_zone_description"></a> [zone\_description](#output\_zone\_description) | CBR zone resource instance description |
-| <a name="output_zone_href"></a> [zone\_href](#output\_zone\_href) | CBR zone resource instance link |
-| <a name="output_zone_id"></a> [zone\_id](#output\_zone\_id) | CBR zone resource instance id |
-| <a name="output_zone_names"></a> [zone\_names](#output\_zone\_names) | CBR zone resource instance name |
+| <a name="output_zone_crn"></a> [zone\_crn](#output\_zone\_crn) | CBR zone resource crn |
+| <a name="output_zone_description"></a> [zone\_description](#output\_zone\_description) | CBR zone resource description |
+| <a name="output_zone_href"></a> [zone\_href](#output\_zone\_href) | CBR zone resource link |
+| <a name="output_zone_id"></a> [zone\_id](#output\_zone\_id) | CBR zone resource id |
+| <a name="output_zone_names"></a> [zone\_names](#output\_zone\_names) | CBR zone resource name |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->