From 30a3ea5f2541fec0a6a59481d3f634f70157e23c Mon Sep 17 00:00:00 2001
From: Chris Waddington <104161708+chrisw-ibm@users.noreply.github.com>
Date: Wed, 4 Dec 2024 13:25:16 -0500
Subject: [PATCH] change to using a serviceRef instead of ipRange
---
README.md | 2 +-
main.tf | 27 --------------------------
modules/encrypted_cos_bucket/README.md | 2 +-
3 files changed, 2 insertions(+), 29 deletions(-)
diff --git a/README.md b/README.md
index 4af4e03..89281da 100644
--- a/README.md
+++ b/README.md
@@ -159,13 +159,13 @@ statement instead the previous block.
| [enable\_billing\_exports](#input\_enable\_billing\_exports) | Whether billing exports should be enabled | `bool` | `true` | no |
| [enable\_cloudability\_access](#input\_enable\_cloudability\_access) | Whether to grant cloudability access to read the billing reports | `bool` | `true` | no |
| [enterprise\_id](#input\_enterprise\_id) | The ID of the enterprise. If `__NULL__` then it is automatically retrieved if `is_enterprise_account` is `true`. Providing this value reduces the access policies that are required to run the DA. | `string` | `null` | no |
+| [existing\_allowed\_cbr\_bucket\_zone\_id](#input\_existing\_allowed\_cbr\_bucket\_zone\_id) | An extra CBR zone ID which is permitted to access the bucket. This zone typically represents the ip addresses for your company or workstation to allow access to view the contents of the bucket. It can be used as an alternative to `additional_allowed_cbr_bucket_ip_addresses` in the case that a zone exists. | `string` | `null` | no |
| [existing\_cos\_instance\_id](#input\_existing\_cos\_instance\_id) | The ID of an existing Cloud Object Storage instance. Required if 'var.create\_cos\_instance' is false. | `string` | `null` | no |
| [existing\_kms\_instance\_crn](#input\_existing\_kms\_instance\_crn) | The CRN of an existing Key Protect or Hyper Protect Crypto Services instance. Required if 'create\_key\_protect\_instance' is false. | `string` | `null` | no |
| [expire\_days](#input\_expire\_days) | Specifies the number of days when the expire rule action takes effect. | `number` | `3` | no |
| [frontdoor\_public\_key](#input\_frontdoor\_public\_key) | The public key that is used along with the `frontdoor_secret_key` to authenticate requests to Cloudability. Only required if `cloudability_auth_type` is `frontdoor`. See [acquiring an Access Administration API key](/docs/track-spend-with-cloudability?topic=track-spend-with-cloudability-planning#frontdoor-api-key) for steps to create your credentials. | `string` | `null` | no |
| [frontdoor\_secret\_key](#input\_frontdoor\_secret\_key) | The secret key that is used along with the `frontdoor_public_key` to authenticate requests to Cloudability. Only required if `cloudability_auth_type` is `frontdoor`. See [acquiring an Access Administration API key](/docs/track-spend-with-cloudability?topic=track-spend-with-cloudability-planning#frontdoor-api-key) for steps to create your credentials. | `string` | `null` | no |
| [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | The IBM Cloud API key corresponding to the cloud account that will be added to Cloudability. For enterprise accounts this should be the primary enterprise account | `string` | n/a | yes |
-| [instance\_cbr\_rules](#input\_instance\_cbr\_rules) | (Optional, list) List of CBR rules to create for the instance | list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
tags = optional(list(object({
name = string
value = string
})), [])
operations = optional(list(object({
api_types = list(object({
api_type_id = string
}))
})))
})) | `[]` | no |
| [is\_enterprise\_account](#input\_is\_enterprise\_account) | Whether the account corresponding to the `ibmcloud_api_key` is an enterprise account and, if so, is the primary account within the enterprise | `bool` | `false` | no |
| [key\_name](#input\_key\_name) | Name of the Object Storage bucket encryption key | `string` | `null` | no |
| [key\_protect\_allowed\_network](#input\_key\_protect\_allowed\_network) | The type of the allowed network to be set for the Key Protect instance. Possible values are 'private-only', or 'public-and-private'. Only used if 'create\_key\_protect\_instance' is true. | `string` | `"public-and-private"` | no |
diff --git a/main.tf b/main.tf
index 7459691..55f960a 100644
--- a/main.tf
+++ b/main.tf
@@ -49,25 +49,6 @@ module "cbr_zone_ibmcloud_billing" {
service_name = "billing"
}
}
- # {
- # type = "ipRange",
- # value = "169.47.98.0-169.47.98.255"
- # }, {
- # type = "ipRange",
- # value = "169.60.75.0-169.60.75.255"
- # },
- # {
- # type = "ipRange",
- # value = "169.61.58.0-169.61.58.255"
- # },
- # {
- # type = "ipRange",
- # value = "169.62.146.0-169.62.146.255"
- # },
- # {
- # type = "ipRange",
- # value = "169.63.133.0-169.63.133.255"
- # }
]
}
@@ -86,14 +67,6 @@ module "cbr_zone_cloudability" {
service_name = "cloudability"
}
}
- # {
- # type = "ipRange",
- # value = "103.195.128.0-103.195.128.255"
- # },
- # {
- # type = "ipRange",
- # value = "103.195.130.0-103.195.130.255"
- # }
]
}
diff --git a/modules/encrypted_cos_bucket/README.md b/modules/encrypted_cos_bucket/README.md
index 9ba6658..eb3a435 100644
--- a/modules/encrypted_cos_bucket/README.md
+++ b/modules/encrypted_cos_bucket/README.md
@@ -93,7 +93,6 @@ No resources.
| [bucket\_name](#input\_bucket\_name) | The name to give the newly provisioned Object Storage bucket. | `string` | `"snapshots"` | no |
| [bucket\_storage\_class](#input\_bucket\_storage\_class) | the storage class of the newly provisioned Object Storage bucket. Supported values are 'standard', 'vault', 'cold', 'smart' and `onerate_active`. | `string` | `"standard"` | no |
| [cos\_bucket\_cbr\_rules](#input\_cos\_bucket\_cbr\_rules) | (Optional, list) List of CBR rules to create for the bucket | list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
tags = optional(list(object({
name = string
value = string
})), [])
operations = optional(list(object({
api_types = list(object({
api_type_id = string
}))
})))
})) | `[]` | no |
-| [cos\_instance\_cbr\_rules](#input\_cos\_instance\_cbr\_rules) | (Optional, list) List of CBR rules to create for the instance | list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
tags = optional(list(object({
name = string
value = string
})), [])
operations = optional(list(object({
api_types = list(object({
api_type_id = string
}))
})))
})) | `[]` | no |
| [cos\_instance\_name](#input\_cos\_instance\_name) | The name to give the Cloud Object Storage instance that will be provisioned by this module. Only required if 'create\_cos\_instance' is true. | `string` | `"billing_snapshots"` | no |
| [cos\_plan](#input\_cos\_plan) | Plan to be used for creating Cloud Object Storage instance. Only used if 'create\_cos\_instance' it true. | `string` | `"standard"` | no |
| [create\_cos\_instance](#input\_create\_cos\_instance) | Set as true to create a new Cloud Object Storage instance. | `bool` | `true` | no |
@@ -102,6 +101,7 @@ No resources.
| [existing\_cos\_instance\_id](#input\_existing\_cos\_instance\_id) | The ID of an existing Cloud Object Storage instance. Required if 'var.create\_cos\_instance' is false. | `string` | `null` | no |
| [existing\_kms\_instance\_crn](#input\_existing\_kms\_instance\_crn) | The CRN of an existing Key Protect or Hyper Protect Crypto Services instance. Required if 'create\_key\_protect\_instance' is false. | `string` | `null` | no |
| [expire\_days](#input\_expire\_days) | Specifies the number of days when the expire rule action takes effect. | `number` | `null` | no |
+| [instance\_cbr\_rules](#input\_instance\_cbr\_rules) | (Optional, list) List of CBR rules to create for the instance | list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
tags = optional(list(object({
name = string
value = string
})), [])
operations = optional(list(object({
api_types = list(object({
api_type_id = string
}))
})))
})) | `[]` | no |
| [key\_endpoint\_type](#input\_key\_endpoint\_type) | The type of endpoint to be used for creating keys. Accepts 'public' or 'private' | `string` | `"public"` | no |
| [key\_name](#input\_key\_name) | Name of the Object Storage bucket encryption key | `string` | `null` | no |
| [key\_protect\_allowed\_network](#input\_key\_protect\_allowed\_network) | The type of the allowed network to be set for the Key Protect instance. Possible values are 'private-only', or 'public-and-private'. Only used if 'create\_key\_protect\_instance' is true. | `string` | `"public-and-private"` | no |