feat: added support to the cbr-zone-module to use existing zone using new inputs existing_zone_id and use_existing_cbr_zone (#530)

Author: Ak-sky

README.md

@@ -25,6 +25,7 @@ See in particular the [fscloud module](./modules/fscloud/) that enables creating
     * [Multi resource rule example](./examples/multi-resource-rule)
     * [Multi-zone example](./examples/multizone-rule)
     * [Pre-wired CBR configuration for FS Cloud example](./examples/fscloud)
+    * [Zone example](./examples/update-existing-zone-addresses)
     * [Zone example](./examples/zone)
 * [Contributing](#contributing)
 <!-- END OVERVIEW HOOK -->
@@ -103,7 +104,7 @@ You need the following permissions to run this module.
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.65.0, < 2.0.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.69.0, < 2.0.0 |
 
 ### Modules
 
@@ -136,12 +137,12 @@ You need the following permissions to run this module.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_rule_crn"></a> [rule\_crn](#output\_rule\_crn) | CBR rule resource instance crn |
-| <a name="output_rule_href"></a> [rule\_href](#output\_rule\_href) | CBR rule resource href |
-| <a name="output_rule_id"></a> [rule\_id](#output\_rule\_id) | CBR rule resource instance id |
-| <a name="output_zone_crn"></a> [zone\_crn](#output\_zone\_crn) | cbr\_zone resource instance crn |
-| <a name="output_zone_href"></a> [zone\_href](#output\_zone\_href) | cbr\_zone resource instance link |
-| <a name="output_zone_id"></a> [zone\_id](#output\_zone\_id) | cbr\_zone resource instance id |
+| <a name="output_rule_crn"></a> [rule\_crn](#output\_rule\_crn) | CBR rule crn |
+| <a name="output_rule_href"></a> [rule\_href](#output\_rule\_href) | CBR rule href |
+| <a name="output_rule_id"></a> [rule\_id](#output\_rule\_id) | CBR rule id |
+| <a name="output_zone_crn"></a> [zone\_crn](#output\_zone\_crn) | cbr\_zone crn |
+| <a name="output_zone_href"></a> [zone\_href](#output\_zone\_href) | cbr\_zone link |
+| <a name="output_zone_id"></a> [zone\_id](#output\_zone\_id) | cbr\_zone id |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 <!-- Leave this section as is so that your module has a link to local development environment set up steps for contributors to follow -->

examples/multi-service-profile/outputs.tf

@@ -4,7 +4,7 @@
 
 output "zone_ids" {
   value       = module.cbr_rule_multi_service_profile[*].zone_ids
-  description = "CBR zone resource instance id(s)"
+  description = "CBR zone id(s)"
 }
 
 output "zone_crns" {
@@ -24,12 +24,12 @@ output "rule_ids" {
 
 output "rule_crns" {
   value       = module.cbr_rule_multi_service_profile[*].rule_crns
-  description = "CBR rule resource instance crn(s)"
+  description = "CBR rule crn(s)"
 }
 
 output "rule_hrefs" {
   value       = module.cbr_rule_multi_service_profile[*].rule_hrefs
-  description = "CBR rule resource instance href(s)"
+  description = "CBR rule href(s)"
 }
 
 output "vpc_crn" {

examples/multi-service-profile/version.tf

@@ -5,7 +5,7 @@ terraform {
     # module's version.tf (zone or multi zone rule), and 1 example that will always use the latest provider version (fscloud multi service profile and multi resource rule).
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">= 1.65.0"
+      version = ">= 1.69.0"
 
     }
   }

examples/multizone-rule/outputs.tf

@@ -4,17 +4,17 @@
 
 output "zone_id" {
   value       = module.cbr_zone[*].zone_id
-  description = "CBR zone resource instance id"
+  description = "CBR zone id"
 }
 
 output "zone_crn" {
   value       = module.cbr_zone[*].zone_crn
-  description = "CBR zone resource instance crn"
+  description = "CBR zone crn"
 }
 
 output "zone_href" {
   value       = module.cbr_zone[*].zone_href
-  description = "CBR zone resource instance href"
+  description = "CBR zone href"
 }
 
 output "cos_guid" {
@@ -34,7 +34,7 @@ output "resource_group_id" {
 
 output "rule_id" {
   value       = module.cbr_rule.rule_id
-  description = "CBR rule resource instance id"
+  description = "CBR rule id"
 }
 
 output "rule_description" {
@@ -44,10 +44,10 @@ output "rule_description" {
 
 output "rule_crn" {
   value       = module.cbr_rule.rule_crn
-  description = "CBR rule resource instance crn"
+  description = "CBR rule crn"
 }
 
 output "rule_href" {
   value       = module.cbr_rule.rule_href
-  description = "CBR rule resource instance href"
+  description = "CBR rule href"
 }

examples/multizone-rule/version.tf

@@ -5,7 +5,7 @@ terraform {
     # module's version.tf (zone or multi zone rule), and 1 example that will always use the latest provider version (fscloud multi service profile and multi resource rule).
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.65.0"
+      version = "1.69.0"
     }
   }
 }

examples/update-existing-zone-addresses/README.md

@@ -0,0 +1,9 @@
+# Zone example
+
+Example that creates a zone for context-based restrictions. This example uses the IBM Cloud Provider to automate the following infrastructure:
+
+- Creates 2 VPCs.
+- Creates 2 Public Gateways.
+- Creates 2 VPC Subnets.
+- Creates a CBR Zone for the VPC.
+- Updates an existing CBR Zone created above with new addresses containing another VPC created above and a `compliance` serviceRef.

examples/update-existing-zone-addresses/main.tf

@@ -0,0 +1,108 @@
+##############################################################################
+# Get Cloud Account ID
+##############################################################################
+
+data "ibm_iam_account_settings" "iam_account_settings" {
+}
+
+##############################################################################
+# Resource Group
+##############################################################################
+
+module "resource_group" {
+  source  = "terraform-ibm-modules/resource-group/ibm"
+  version = "1.1.6"
+  # if an existing resource group is not set (null) create a new one using prefix
+  resource_group_name          = var.resource_group == null ? "${var.prefix}-resource-group" : null
+  existing_resource_group_name = var.resource_group
+}
+
+##############################################################################
+# VPCs
+##############################################################################
+resource "ibm_is_vpc" "example_vpc" {
+  name           = "${var.prefix}-vpc"
+  resource_group = module.resource_group.resource_group_id
+  tags           = var.resource_tags
+}
+
+resource "ibm_is_public_gateway" "testacc_gateway" {
+  name           = "${var.prefix}-pgateway"
+  vpc            = ibm_is_vpc.example_vpc.id
+  zone           = "${var.region}-1"
+  resource_group = module.resource_group.resource_group_id
+}
+
+resource "ibm_is_subnet" "testacc_subnet" {
+  name                     = "${var.prefix}-subnet"
+  vpc                      = ibm_is_vpc.example_vpc.id
+  zone                     = "${var.region}-1"
+  public_gateway           = ibm_is_public_gateway.testacc_gateway.id
+  total_ipv4_address_count = 256
+  resource_group           = module.resource_group.resource_group_id
+}
+
+resource "ibm_is_vpc" "example_new_vpc" {
+  name           = "${var.prefix}-new-vpc"
+  resource_group = module.resource_group.resource_group_id
+  tags           = var.resource_tags
+}
+
+resource "ibm_is_public_gateway" "testacc_new_gateway" {
+  name           = "${var.prefix}-new-pgateway"
+  vpc            = ibm_is_vpc.example_new_vpc.id
+  zone           = "${var.region}-1"
+  resource_group = module.resource_group.resource_group_id
+}
+
+resource "ibm_is_subnet" "testacc_new_subnet" {
+  name                     = "${var.prefix}-new-subnet"
+  vpc                      = ibm_is_vpc.example_new_vpc.id
+  zone                     = "${var.region}-1"
+  public_gateway           = ibm_is_public_gateway.testacc_new_gateway.id
+  total_ipv4_address_count = 256
+  resource_group           = module.resource_group.resource_group_id
+}
+
+##############################################################################
+# CBR zone & rule creation
+##############################################################################
+
+locals {
+  zone_address_details = [{
+    type  = "vpc", # to bind a specific vpc to the zone
+    value = resource.ibm_is_vpc.example_vpc.crn,
+    }, {
+    type = "serviceRef" # to bind a service reference type should be 'serviceRef'
+    ref = {
+      account_id   = data.ibm_iam_account_settings.iam_account_settings.account_id
+      service_name = "secrets-manager" # secrets manager service reference.
+    }
+  }]
+
+  new_zone_address_details = [{
+    type  = "vpc", # to bind a specific vpc to the zone
+    value = resource.ibm_is_vpc.example_new_vpc.crn,
+    }, {
+    type = "serviceRef" # to bind a service reference type should be 'serviceRef'
+    ref = {
+      account_id   = data.ibm_iam_account_settings.iam_account_settings.account_id
+      service_name = "compliance" # SCC service reference.
+    }
+  }]
+}
+
+module "ibm_cbr_zone" {
+  source           = "../../modules/cbr-zone-module"
+  name             = "${var.prefix}-cbr-zone"
+  account_id       = data.ibm_iam_account_settings.iam_account_settings.account_id
+  zone_description = var.zone_description
+  addresses        = local.zone_address_details
+}
+
+module "update_cbr_zone" {
+  source                = "../../modules/cbr-zone-module"
+  use_existing_cbr_zone = true
+  existing_zone_id      = module.ibm_cbr_zone.zone_id
+  addresses             = local.new_zone_address_details
+}

examples/update-existing-zone-addresses/outputs.tf

@@ -0,0 +1,53 @@
+# # ##############################################################################
+# # # Outputs
+# # ##############################################################################
+
+output "vpc_id" {
+  value       = resource.ibm_is_vpc.example_vpc.id
+  description = "VPC id"
+}
+
+output "new_vpc_id" {
+  value       = resource.ibm_is_vpc.example_new_vpc.id
+  description = "New VPC id"
+}
+
+output "vpc_crn" {
+  value       = resource.ibm_is_vpc.example_vpc.crn
+  description = "VPC crn"
+}
+
+output "new_vpc_crn" {
+  value       = resource.ibm_is_vpc.example_new_vpc.crn
+  description = "New VPC crn"
+}
+
+output "account_id" {
+  description = "account id"
+  value       = data.ibm_iam_account_settings.iam_account_settings.id
+}
+
+output "zone_name" {
+  value       = module.ibm_cbr_zone.zone_names
+  description = "cbr_zone name"
+}
+
+output "zone_description" {
+  value       = module.ibm_cbr_zone.zone_description
+  description = "cbr_zone description"
+}
+
+output "zone_id" {
+  value       = module.ibm_cbr_zone.zone_id
+  description = "cbr_zone id"
+}
+
+output "zone_crn" {
+  value       = module.ibm_cbr_zone.zone_crn
+  description = "cbr_zone crn"
+}
+
+output "zone_href" {
+  value       = module.ibm_cbr_zone.zone_href
+  description = "cbr_zone href"
+}

examples/update-existing-zone-addresses/provider.tf

@@ -0,0 +1,4 @@
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+  region           = var.region
+}

examples/update-existing-zone-addresses/variables.tf

@@ -0,0 +1,37 @@
+variable "ibmcloud_api_key" {
+  type        = string
+  description = "The IBM Cloud API Key"
+  sensitive   = true
+}
+
+variable "prefix" {
+  type        = string
+  description = "Prefix to append to all resources created by this example"
+}
+
+variable "region" {
+  description = "Name of the Region to deploy into"
+  type        = string
+}
+
+variable "resource_group" {
+  type        = string
+  description = "An existing resource group name to use for this example, if unset a new resource group will be created"
+  default     = null
+}
+
+variable "resource_tags" {
+  type        = list(string)
+  description = "Optional list of tags to be added to created resources"
+  default     = []
+}
+
+##############################################################
+# CBR
+##############################################################
+
+variable "zone_description" {
+  type        = string
+  description = "(Optional, String) The description of the zone"
+  default     = "Zone from automation"
+}