feat: add support to secrets manager DA solution to create event notifications destinations, topics and subscriptions (#135)

tyao117 · web-flow · commit e5070486ac9b · 2024-06-18T15:57:37.000+01:00
diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
@@ -148,3 +148,47 @@ data "ibm_resource_instance" "existing_sm" {
   count      = var.existing_secrets_manager_crn == null ? 0 : 1
   identifier = var.existing_secrets_manager_crn
 }
+
+#######################################################################################################################
+# Secrets Manager Event Notifications Configuration
+#######################################################################################################################
+
+locals {
+  parsed_existing_en_instance_crn = var.existing_event_notification_instance_crn != null ? split(":", var.existing_event_notification_instance_crn) : []
+  existing_en_guid                = length(local.parsed_existing_en_instance_crn) > 0 ? local.parsed_existing_en_instance_crn[7] : null
+}
+
+data "ibm_en_destinations" "en_destinations" {
+  count         = var.existing_event_notification_instance_crn != null ? 1 : 0
+  instance_guid = local.existing_en_guid
+}
+
+resource "ibm_en_topic" "en_topic" {
+  count         = var.existing_event_notification_instance_crn != null ? 1 : 0
+  instance_guid = local.existing_en_guid
+  name          = "Secrets Manager Topic"
+  description   = "Topic for Secrets Manager events routing"
+  sources {
+    id = local.secrets_manager_crn
+    rules {
+      enabled           = true
+      event_type_filter = "$.*"
+    }
+  }
+}
+
+resource "ibm_en_subscription_email" "email_subscription" {
+  count          = var.existing_event_notification_instance_crn != null && length(var.sm_en_email_list) > 0 ? 1 : 0
+  instance_guid  = local.existing_en_guid
+  name           = "Email for Secrets Manager Subscription"
+  description    = "Subscription for Secret Manager Events"
+  destination_id = [for s in toset(data.ibm_en_destinations.en_destinations[count.index].destinations) : s.id if s.type == "smtp_ibm"][0]
+  topic_id       = ibm_en_topic.en_topic[count.index].topic_id
+  attributes {
+    add_notification_payload = true
+    reply_to_mail            = var.sm_en_reply_to_email
+    reply_to_name            = "Secret Manager Event Notifications Bot"
+    from_name                = var.sm_en_from_email
+    invited                  = var.sm_en_email_list
+  }
+}
diff --git a/solutions/standard/variables.tf b/solutions/standard/variables.tf
@@ -240,3 +240,21 @@ variable "skip_event_notification_iam_authorization_policy" {
   description = "If set to true, this skips the creation of a service to service authorization from Secrets Manager to Event Notifications. If false, the service to service authorization is created."
   default     = false
 }
+
+variable "sm_en_email_list" {
+  type        = list(string)
+  description = "The list of email address to target out when Secrets Manager triggers an event"
+  default     = []
+}
+
+variable "sm_en_from_email" {
+  type        = string
+  description = "The email address in the used in the 'from' of any Secret Manager event coming from Event Notifications"
+  default     = "compliancealert@ibm.com"
+}
+
+variable "sm_en_reply_to_email" {
+  type        = string
+  description = "The email address used in the 'reply_to' of any Secret Manager event coming from Event Notifications"
+  default     = "no-reply@ibm.com"
+}
