diff --git a/examples/ibm-cos-bucket/README.md b/examples/ibm-cos-bucket/README.md index 1b658cc4bf..f35a9e2ab5 100644 --- a/examples/ibm-cos-bucket/README.md +++ b/examples/ibm-cos-bucket/README.md @@ -62,16 +62,31 @@ resource "ibm_cos_bucket" "standard-ams03" { single_site_location = var.single_site_loc storage_class = var.standard_storage_class hard_quota = var.quota + + allowed_ip = ["223.196.168.27", "223.196.161.38", "192.168.0.1"] +} + +resource "ibm_cos_bucket" "new_activity_tracker_bucket" { + bucket_name = "bucket-name" + resource_instance_id = ibm_resource_instance.cos_instance.id + region_location = var.regional_loc + storage_class = var.standard_storage_class activity_tracking { - read_data_events = true - write_data_events = true - management_events = true + read_data_events = true + write_data_events = true + management_events = true } +} + +resource "ibm_cos_bucket" "new_metrics_monitoring_enabled_bucket" { + bucket_name = "bucket-name" + resource_instance_id = ibm_resource_instance.cos_instance.id + region_location = var.regional_loc + storage_class = var.standard_storage_class metrics_monitoring { - usage_metrics_enabled = true + usage_metrics_enabled = true request_metrics_enabled = true } - allowed_ip = ["223.196.168.27", "223.196.161.38", "192.168.0.1"] } resource "ibm_cos_bucket" "archive_expire_rule_cos" { @@ -544,86 +559,86 @@ resource "ibm_cos_bucket_lifecycle_configuration" "lifecycle" { ## Requirements -| Name | Version | -|------|---------| +| Name | Version | +| --------- | ------------- | | terraform | >=1.0.0, <2.0 | ## Providers | Name | Version | -|------|---------| -| ibm | Latest | +| ---- | ------- | +| ibm | Latest | ## Inputs -| Name | Description | Type | Required | -|------|-------------|------|---------| -| bucket_name | Name of the bucket. | `string` | yes | -| resource_group_name | Name of the resource group. | `string` | yes | -| satellite_location_id | satellite location. | `string` | no | -| storage | The storage class that you want to use for the bucket. Supported values are **standard, vault, cold, flex, and smart**.| `string` | no | -| region | The location for a cross-regional bucket. Supported values are **us, eu, and ap**. | `string` | no | -| read_data_events | If set to **true**, all object read events (i.e. downloads) will be sent to Activity Tracker. | `bool` | no -| write_data_events | If set to **true**, all object write events (i.e. uploads) will be sent to Activity Tracker. | `bool` | no -| management_events |If set to **true**, all bucket management events will be sent to Activity Tracker.This field only applies if `activity_tracker_crn` is not populated. | `bool` | no -| activity_tracker_crn |When the `activity_tracker_crn` is not populated, then enabled events are sent to the Activity Tracker instance associated to the container's location unless otherwise specified in the Activity Tracker Event Routing service configuration.If `activity_tracker_crn` is populated, then enabled events are sent to the Activity Tracker instance specified and bucket management events are always enabled. | `string` | no -| usage_metrics_enabled |If set to **true**, all usage metrics (i.e. `bytes_used`) will be sent to the monitoring service.| `bool` | no -| request_metrics_enabled | If set to **true**, all request metrics (i.e. `rest.object.head`) will be sent to the monitoring service. | `bool` | no -| metrics_monitoring_crn | When the `metrics_monitoring_crn` is not populated, then enabled metrics are sent to the monitoring instance associated to the container's location unless otherwise specified in the Metrics Router service configuration.If `metrics_monitoring_crn` is populated, then enabled events are sent to the Metrics Monitoring instance specified. | `string` | no -| regional_loc | The location for a regional bucket. Supported values are **au-syd, eu-de, eu-gb, jp-tok, us-east, or us-south**. | `string` | no -| type | Specifies the archive type to which you want the object to transition. Supported values are **Glacier or Accelerated**. | `string` |yes -| rule_id | Unique identifier for the rule. | `string` | no -| days | Specifies the number of days when the specific expire rule action takes effect. | `int` | no -| date | After the specifies date , the current version of objects in your bucket expires. | `string` | no -| expired_object_delete_marker | Expired object delete markers can be automatically cleaned up to improve performance in bucket. This cannot be used alongside version expiration. | `bool` | no -| prefix | Specifies a prefix filter to apply to only a subset of objects with names that match the prefix. | `string` | no -| noncurrent_days | Configuration parameter in your policy that says how long to retain a non-current version before deleting it. | `int` | no -| days_after_initiation | Specifies the number of days that govern the automatic cancellation of part upload. Clean up incomplete multi-part uploads after a period of time. | `int` | no -| default | Specifies a default retention period to apply in all objects in the bucket. | `int` | yes -| maximum | Specifies maximum duration of time an object can be kept unmodified in the bucket. | `int` | yes -| minimum | Specifies minimum duration of time an object must be kept unmodified in the bucket. | `int` | yes -| permanent | Specifies a permanent retention status either enable or disable for a bucket. | `bool` | no -| enable | Specifies Versioning status either **enable or suspended** for an objects in the bucket. | `bool` | no -| hard_quota | sets a maximum amount of storage (in bytes) available for a bucket. | `int` | no -| object_lock | enables Object Lock on a bucket. | `bool` | no -| bucket\_crn | The CRN of the source COS bucket. | `string` | yes | -| bucket\_location | The location of the source COS bucket. | `string` | yes | -| destination_bucket_crn | The CRN of your destination bucket that you want to replicate to. | `string` | yes -| deletemarker_replication_status | Specifies whether Object storage replicates delete markers. Specify true for Enabling it or false for Disabling it. | `string` | no -| status | Specifies whether the rule is enabled. Specify true for Enabling it or false for Disabling it. | `string` | yes -| rule_id | The rule id. | `string` | no -| priority | A priority is associated with each rule. The rule will be applied in a higher priority if there are multiple rules configured. The higher the number, the higher the priority | `string` | no -| prefix | An object key name prefix that identifies the subset of objects to which the rule applies. | `string` | no -| bucket_crn | The CRN of the COS bucket on which Object Lock is enabled or should be enabled. | `string` | yes -| bucket_location | Location of the COS bucket. | `string` | yes -| endpoint_type | Endpoint types of the COS bucket. | `string` | no -| object_lock_enabled | Enable Object Lock on an existing COS bucket. | `string` | yes -| mode | Retention mode for the Object Lock configuration. | `string` | yes -| years | Retention period in terms of years after which the object can be deleted. | `int` | no -| days | Retention period in terms of days after which the object can be deleted. | `int` | no -| key | Object key name to use when a 4XX class error occurs given as error document. | `string` | no -| suffix | The home or default page of the website when static web hosting configuration is added. | `string` | Yes -| hostname | Name of the host where requests are redirected. | `string` | Yes -| protocol | Protocol to use when redirecting requests. The default is the protocol that is used in the original request. | `string` | No -| http_error_code_returned_equals | HTTP error code when the redirect is applied. | `string` | No -| key_prefix_equals | Object key name prefix when the redirect is applied. | `string` | No -| host_name | Host name to use in the redirect request. | `string` | Yes -| protocol | Protocol to use when redirecting requests. | `string` | No -| http_redirect_code | HTTP redirect code to use on the response. | `string` | No -| replace_key_with | Specific object key to use in the redirect request. | `string` | No -| replace_key_prefix_with | Object key prefix to use in the redirect request. | `string` | No -| days | Days after which the lifecycle rule expiration will be applied on the object. | `int` | No -| date | Date after which the lifecycle rule expiration will be applied on the object. | `int` | No -| expire_object_delete_marker | Indicates whether ibm will remove a delete marker with no noncurrent versions. | `bool` | No -| days | Days after which the lifecycle rule transition will be applied on the object. | `int` | No -| date | Date after which the lifecycle rule transition will be applied on the object. | `int` | No -| storage_class | Class of storage used to store the object. | `string` | No -| noncurrent_days | Number of days an object is noncurrent before lifecycle action is performed. | `int` | No -| days_after_initiatiob | Number of days after which incomplete multipart uploads are aborted. | `int` | No -| id | Unique identifier for lifecycle rule. | `int` | Yes -| status | Whether the rule is currently being applied. | `int` | Yes -| object_size_greater_than | Expiration rule will be applicable to the objects having size greater than specified value of his argument. | `int` | No -| object_size_less_than | Expiration rule will be applicable to the objects having size lesser than specified value of his argument. | `int` | No -| tag | Expiration rule will be applicable to the objects having the key-value tags specified by this attribute. | `object` | Yes +| Name | Description | Type | Required | +| ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | -------- | +| bucket_name | Name of the bucket. | `string` | yes | +| resource_group_name | Name of the resource group. | `string` | yes | +| satellite_location_id | satellite location. | `string` | no | +| storage | The storage class that you want to use for the bucket. Supported values are **standard, vault, cold, flex, and smart**. | `string` | no | +| region | The location for a cross-regional bucket. Supported values are **us, eu, and ap**. | `string` | no | +| read_data_events | If set to **true**, all object read events (i.e. downloads) will be sent to Activity Tracker. | `bool` | no | +| write_data_events | If set to **true**, all object write events (i.e. uploads) will be sent to Activity Tracker. | `bool` | no | +| management_events | If set to **true**, all bucket management events will be sent to Activity Tracker.This field only applies if `activity_tracker_crn` is not populated. | `bool` | no | +| activity_tracker_crn | When the `activity_tracker_crn` is not populated, then enabled events are sent to the Activity Tracker instance associated to the container's location unless otherwise specified in the Activity Tracker Event Routing service configuration.If `activity_tracker_crn` is populated, then enabled events are sent to the Activity Tracker instance specified and bucket management events are always enabled.It is recommended to not use `activity_tracker_crn` | `string` | no | +| usage_metrics_enabled | If set to **true**, all usage metrics (i.e. `bytes_used`) will be sent to the monitoring service. | `bool` | no | +| request_metrics_enabled | If set to **true**, all request metrics (i.e. `rest.object.head`) will be sent to the monitoring service. | `bool` | no | +| metrics_monitoring_crn | When the `metrics_monitoring_crn` is not populated, then enabled metrics are sent to the monitoring instance associated to the container's location unless otherwise specified in the Metrics Router service configuration.If `metrics_monitoring_crn` is populated, then enabled events are sent to the Metrics Monitoring instance specified.It is recommended to not use `metrics_monitoring_crn` | `string` | no | +| regional_loc | The location for a regional bucket. Supported values are **au-syd, eu-de, eu-gb, jp-tok, us-east, or us-south**. | `string` | no | +| type | Specifies the archive type to which you want the object to transition. Supported values are **Glacier or Accelerated**. | `string` | yes | +| rule_id | Unique identifier for the rule. | `string` | no | +| days | Specifies the number of days when the specific expire rule action takes effect. | `int` | no | +| date | After the specifies date , the current version of objects in your bucket expires. | `string` | no | +| expired_object_delete_marker | Expired object delete markers can be automatically cleaned up to improve performance in bucket. This cannot be used alongside version expiration. | `bool` | no | +| prefix | Specifies a prefix filter to apply to only a subset of objects with names that match the prefix. | `string` | no | +| noncurrent_days | Configuration parameter in your policy that says how long to retain a non-current version before deleting it. | `int` | no | +| days_after_initiation | Specifies the number of days that govern the automatic cancellation of part upload. Clean up incomplete multi-part uploads after a period of time. | `int` | no | +| default | Specifies a default retention period to apply in all objects in the bucket. | `int` | yes | +| maximum | Specifies maximum duration of time an object can be kept unmodified in the bucket. | `int` | yes | +| minimum | Specifies minimum duration of time an object must be kept unmodified in the bucket. | `int` | yes | +| permanent | Specifies a permanent retention status either enable or disable for a bucket. | `bool` | no | +| enable | Specifies Versioning status either **enable or suspended** for an objects in the bucket. | `bool` | no | +| hard_quota | sets a maximum amount of storage (in bytes) available for a bucket. | `int` | no | +| object_lock | enables Object Lock on a bucket. | `bool` | no | +| bucket\_crn | The CRN of the source COS bucket. | `string` | yes | +| bucket\_location | The location of the source COS bucket. | `string` | yes | +| destination_bucket_crn | The CRN of your destination bucket that you want to replicate to. | `string` | yes | +| deletemarker_replication_status | Specifies whether Object storage replicates delete markers. Specify true for Enabling it or false for Disabling it. | `string` | no | +| status | Specifies whether the rule is enabled. Specify true for Enabling it or false for Disabling it. | `string` | yes | +| rule_id | The rule id. | `string` | no | +| priority | A priority is associated with each rule. The rule will be applied in a higher priority if there are multiple rules configured. The higher the number, the higher the priority | `string` | no | +| prefix | An object key name prefix that identifies the subset of objects to which the rule applies. | `string` | no | +| bucket_crn | The CRN of the COS bucket on which Object Lock is enabled or should be enabled. | `string` | yes | +| bucket_location | Location of the COS bucket. | `string` | yes | +| endpoint_type | Endpoint types of the COS bucket. | `string` | no | +| object_lock_enabled | Enable Object Lock on an existing COS bucket. | `string` | yes | +| mode | Retention mode for the Object Lock configuration. | `string` | yes | +| years | Retention period in terms of years after which the object can be deleted. | `int` | no | +| days | Retention period in terms of days after which the object can be deleted. | `int` | no | +| key | Object key name to use when a 4XX class error occurs given as error document. | `string` | no | +| suffix | The home or default page of the website when static web hosting configuration is added. | `string` | Yes | +| hostname | Name of the host where requests are redirected. | `string` | Yes | +| protocol | Protocol to use when redirecting requests. The default is the protocol that is used in the original request. | `string` | No | +| http_error_code_returned_equals | HTTP error code when the redirect is applied. | `string` | No | +| key_prefix_equals | Object key name prefix when the redirect is applied. | `string` | No | +| host_name | Host name to use in the redirect request. | `string` | Yes | +| protocol | Protocol to use when redirecting requests. | `string` | No | +| http_redirect_code | HTTP redirect code to use on the response. | `string` | No | +| replace_key_with | Specific object key to use in the redirect request. | `string` | No | +| replace_key_prefix_with | Object key prefix to use in the redirect request. | `string` | No | +| days | Days after which the lifecycle rule expiration will be applied on the object. | `int` | No | +| date | Date after which the lifecycle rule expiration will be applied on the object. | `int` | No | +| expire_object_delete_marker | Indicates whether ibm will remove a delete marker with no noncurrent versions. | `bool` | No | +| days | Days after which the lifecycle rule transition will be applied on the object. | `int` | No | +| date | Date after which the lifecycle rule transition will be applied on the object. | `int` | No | +| storage_class | Class of storage used to store the object. | `string` | No | +| noncurrent_days | Number of days an object is noncurrent before lifecycle action is performed. | `int` | No | +| days_after_initiatiob | Number of days after which incomplete multipart uploads are aborted. | `int` | No | +| id | Unique identifier for lifecycle rule. | `int` | Yes | +| status | Whether the rule is currently being applied. | `int` | Yes | +| object_size_greater_than | Expiration rule will be applicable to the objects having size greater than specified value of his argument. | `int` | No | +| object_size_less_than | Expiration rule will be applicable to the objects having size lesser than specified value of his argument. | `int` | No | +| tag | Expiration rule will be applicable to the objects having the key-value tags specified by this attribute. | `object` | Yes | {: caption="inputs"} diff --git a/examples/ibm-cos-bucket/main.tf b/examples/ibm-cos-bucket/main.tf index 33d8bfe566..f589b2c639 100644 --- a/examples/ibm-cos-bucket/main.tf +++ b/examples/ibm-cos-bucket/main.tf @@ -8,40 +8,58 @@ resource "ibm_resource_instance" "cos_instance" { service = "cloud-object-storage" plan = "standard" location = "global" -} +} resource "ibm_resource_instance" "activity_tracker" { name = "activity_tracker" resource_group_id = data.ibm_resource_group.cos_group.id service = "logdnaat" plan = "lite" - location = var.regional_loc -} + location = var.regional_loc +} resource "ibm_resource_instance" "metrics_monitor" { name = "metrics_monitor" resource_group_id = data.ibm_resource_group.cos_group.id service = "sysdig-monitor" plan = "graduated-tier" location = var.regional_loc - parameters = { + parameters = { default_receiver = true } -} +} resource "ibm_cos_bucket" "standard-ams03" { - bucket_name = var.bucket_name - resource_instance_id = ibm_resource_instance.cos_instance.id - single_site_location = var.single_site_loc - storage_class = var.standard_storage_class - hard_quota = var.quota + bucket_name = var.bucket_name + resource_instance_id = ibm_resource_instance.cos_instance.id + single_site_location = var.single_site_loc + storage_class = var.standard_storage_class + hard_quota = var.quota + allowed_ip = ["223.196.168.27", "223.196.161.38", "192.168.0.1"] +} + +#COS bucket with activity tracking enabled + +resource "ibm_cos_bucket" "new_activity_tracker_bucket" { + bucket_name = "bucket-name" + resource_instance_id = ibm_resource_instance.cos_instance.id + region_location = var.regional_loc + storage_class = var.standard_storage_class activity_tracking { - read_data_events = true - write_data_events = true - management_events = true + read_data_events = true + write_data_events = true + management_events = true } +} + + +# COS bucket with metrics monitoring enabled +resource "ibm_cos_bucket" "new_metrics_monitoring_enabled_bucket" { + bucket_name = "bucket-name" + resource_instance_id = ibm_resource_instance.cos_instance.id + region_location = var.regional_loc + storage_class = var.standard_storage_class metrics_monitoring { - usage_metrics_enabled = true + usage_metrics_enabled = true request_metrics_enabled = true } - allowed_ip = ["223.196.168.27", "223.196.161.38", "192.168.0.1"] } resource "ibm_cos_bucket" "lifecycle_rule_cos" { @@ -63,26 +81,26 @@ resource "ibm_cos_bucket" "lifecycle_rule_cos" { prefix = var.expire_prefix } retention_rule { - default = var.default_retention - maximum = var.maximum_retention - minimum = var.minimum_retention + default = var.default_retention + maximum = var.maximum_retention + minimum = var.minimum_retention permanent = false } } resource "ibm_cos_bucket" "cos_bucket" { - bucket_name = var.bucket_name - resource_instance_id = ibm_resource_instance.cos_instance.id - region_location = var.regional_loc - storage_class = var.standard_storage_class - hard_quota = var.quota + bucket_name = var.bucket_name + resource_instance_id = ibm_resource_instance.cos_instance.id + region_location = var.regional_loc + storage_class = var.standard_storage_class + hard_quota = var.quota object_versioning { - enable = true + enable = true } abort_incomplete_multipart_upload_days { - rule_id = var.abort_mpu_ruleid - enable = true - prefix = var.abort_mpu_prefix + rule_id = var.abort_mpu_ruleid + enable = true + prefix = var.abort_mpu_prefix days_after_initiation = var.abort_mpu_days_init } expire_rule { @@ -92,9 +110,9 @@ resource "ibm_cos_bucket" "cos_bucket" { prefix = var.expire_prefix } noncurrent_version_expiration { - rule_id = var.nc_exp_ruleid - enable = true - prefix = var.nc_exp_prefix + rule_id = var.nc_exp_ruleid + enable = true + prefix = var.nc_exp_prefix noncurrent_days = var.nc_exp_days } } @@ -108,12 +126,12 @@ resource "ibm_resource_instance" "cos_instance_source" { } resource "ibm_cos_bucket" "cos_bucket_source" { - bucket_name = "sourcetest" + bucket_name = "sourcetest" resource_instance_id = ibm_resource_instance.cos_instance_source.id region_location = var.regional_loc - storage_class = var.standard_storage_class + storage_class = var.standard_storage_class object_versioning { - enable = true + enable = true } } @@ -126,28 +144,28 @@ resource "ibm_resource_instance" "cos_instance_destination" { } resource "ibm_cos_bucket" "cos_bucket_destination" { - bucket_name = "desttest" + bucket_name = "desttest" resource_instance_id = ibm_resource_instance.cos_instance_destination.id region_location = var.regional_loc - storage_class = var.standard_storage_class + storage_class = var.standard_storage_class object_versioning { - enable = true + enable = true } } resource "ibm_cos_bucket" "cos_bucket_destination_1" { - bucket_name = "desttest01" + bucket_name = "desttest01" resource_instance_id = ibm_resource_instance.cos_instance_destination.id region_location = var.regional_loc - storage_class = var.standard_storage_class + storage_class = var.standard_storage_class object_versioning { - enable = true + enable = true } } resource "ibm_iam_authorization_policy" "policy" { - roles = [ - "Writer", + roles = [ + "Writer", ] subject_attributes { name = "accountId" @@ -179,26 +197,26 @@ resource "ibm_iam_authorization_policy" "policy" { operator = "stringEquals" value = "cloud-object-storage" } - resource_attributes { - name = "serviceInstance" + resource_attributes { + name = "serviceInstance" operator = "stringEquals" - value = ibm_resource_instance.cos_instance_destination.guid + value = ibm_resource_instance.cos_instance_destination.guid } - resource_attributes { - name = "resource" + resource_attributes { + name = "resource" operator = "stringEquals" - value = ibm_cos_bucket.cos_bucket_destination.bucket_name + value = ibm_cos_bucket.cos_bucket_destination.bucket_name } - resource_attributes { - name = "resourceType" + resource_attributes { + name = "resourceType" operator = "stringEquals" - value = "bucket" + value = "bucket" } } resource "ibm_iam_authorization_policy" "policy1" { - roles = [ - "Writer", + roles = [ + "Writer", ] subject_attributes { name = "accountId" @@ -230,55 +248,55 @@ resource "ibm_iam_authorization_policy" "policy1" { operator = "stringEquals" value = "cloud-object-storage" } - resource_attributes { - name = "serviceInstance" + resource_attributes { + name = "serviceInstance" operator = "stringEquals" - value = ibm_resource_instance.cos_instance_destination.guid + value = ibm_resource_instance.cos_instance_destination.guid } - resource_attributes { - name = "resource" + resource_attributes { + name = "resource" operator = "stringEquals" - value = ibm_cos_bucket.cos_bucket_destination_1.bucket_name + value = ibm_cos_bucket.cos_bucket_destination_1.bucket_name } - resource_attributes { - name = "resourceType" + resource_attributes { + name = "resourceType" operator = "stringEquals" - value = "bucket" + value = "bucket" } } resource "ibm_cos_bucket_replication_rule" "cos_bucket_repl" { depends_on = [ - ibm_iam_authorization_policy.policy, ibm_iam_authorization_policy.policy1 + ibm_iam_authorization_policy.policy, ibm_iam_authorization_policy.policy1 ] bucket_crn = ibm_cos_bucket.cos_bucket_source.crn bucket_location = ibm_cos_bucket.cos_bucket_source.region_location replication_rule { - enable = true - prefix = var.replicate_prefix - priority = var.replicate_priority + enable = true + prefix = var.replicate_prefix + priority = var.replicate_priority deletemarker_replication_status = var.delmarkerrep_status - destination_bucket_crn = ibm_cos_bucket.cos_bucket_destination.crn + destination_bucket_crn = ibm_cos_bucket.cos_bucket_destination.crn } replication_rule { - enable = true - priority = "2" + enable = true + priority = "2" deletemarker_replication_status = var.delmarkerrep_status - destination_bucket_crn = ibm_cos_bucket.cos_bucket_destination_1.crn + destination_bucket_crn = ibm_cos_bucket.cos_bucket_destination_1.crn } } //HPCS - standard plan -resource ibm_hpcs hpcs { +resource "ibm_hpcs" "hpcs" { location = var.location name = "hpcs-instance" plan = var.hpcs_plan units = var.units signature_threshold = var.signature_threshold revocation_threshold = var.revocation_threshold - dynamic admins { - for_each = var.admins + dynamic "admins" { + for_each = var.hpcs_crypto_unit_admins content { name = admins.value.name key = admins.value.key @@ -304,8 +322,8 @@ resource "ibm_cos_bucket" "hpcs-enable" { depends_on = [ibm_iam_authorization_policy.policy2] bucket_name = var.bucket_name resource_instance_id = ibm_resource_instance.cos_instance.id - region_location = var.regional_loc - storage_class = var.standard_storage_class + region_location = var.regional_loc + storage_class = var.standard_storage_class kms_key_crn = ibm_kms_key.key.id } @@ -314,9 +332,9 @@ resource "ibm_cos_bucket" "hpcs-uko-enable" { depends_on = [ibm_iam_authorization_policy.policy2] bucket_name = var.bucket_name resource_instance_id = ibm_resource_instance.cos_instance.id - region_location = var.regional_loc - storage_class = var.standard_storage_class - kms_key_crn = var.hpcs_uko_rootkeycrn + region_location = var.regional_loc + storage_class = var.standard_storage_class + kms_key_crn = var.hpcs_uko_rootkeycrn } resource "ibm_cos_bucket_object" "plaintext" { @@ -337,9 +355,9 @@ resource "ibm_cos_bucket_object" "base64" { resource "ibm_cos_bucket" "cos_bucket_sat" { bucket_name = var.bucket_name resource_instance_id = "crn:v1:bluemix:public:cloud-object-storage:satloc_wdc_c8jh7hfw0ppoapdqrmpg:a/d0c259a490e4488c83b62707ad3f5182:756ad6b6-72a6-4e55-8c94-b02e51e708b3::" - satellite_location_id = var.satellite_location_id + satellite_location_id = var.satellite_location_id object_versioning { - enable = true + enable = true } expire_rule { rule_id = "bucket-tf-rule1" @@ -360,12 +378,12 @@ resource "ibm_resource_instance" "cos_instance_onerate" { } resource "ibm_cos_bucket" "cos_bucket_onerate" { - bucket_name = var.bucket_name - resource_instance_id = ibm_resource_instance.cos_instance_onerate.id - region_location = var.regional_loc - storage_class = var.onerate_storage_class - } - + bucket_name = var.bucket_name + resource_instance_id = ibm_resource_instance.cos_instance_onerate.id + region_location = var.regional_loc + storage_class = var.onerate_storage_class +} + #COS Object Lock resource "ibm_resource_instance" "cos_instance2" { @@ -377,23 +395,23 @@ resource "ibm_resource_instance" "cos_instance2" { } resource "ibm_cos_bucket" "bucket" { - bucket_name = var.bucket_name - resource_instance_id = ibm_resource_instance.cos_instance2.id - region_location = var.regional_loc - storage_class = var.standard_storage_class + bucket_name = var.bucket_name + resource_instance_id = ibm_resource_instance.cos_instance2.id + region_location = var.regional_loc + storage_class = var.standard_storage_class object_versioning { - enable = true + enable = true } object_lock = true } -resource ibm_cos_bucket_object_lock_configuration "objectlock" { - bucket_crn = ibm_cos_bucket.bucket.crn - bucket_location = var.regional_loc - object_lock_configuration{ - object_lock_enable = "Enabled" - object_lock_rule{ - default_retention{ +resource "ibm_cos_bucket_object_lock_configuration" "objectlock" { + bucket_crn = ibm_cos_bucket.bucket.crn + bucket_location = var.regional_loc + object_lock_configuration { + object_lock_enable = "Enabled" + object_lock_rule { + default_retention { mode = "COMPLIANCE" days = 6 } @@ -408,10 +426,10 @@ resource ibm_cos_bucket_object_lock_configuration "objectlock" { # Create a bucket resource "ibm_cos_bucket" "cos_bucket_website_configuration" { - bucket_name = var.bucket_name - resource_instance_id = ibm_resource_instance.cos_instance.id - region_location = var.regional_loc - storage_class = var.standard_storage_class + bucket_name = var.bucket_name + resource_instance_id = ibm_resource_instance.cos_instance.id + region_location = var.regional_loc + storage_class = var.standard_storage_class } @@ -420,55 +438,55 @@ data "ibm_iam_access_group" "public_access_group" { } # Give public access to above mentioned bucket -resource "ibm_iam_access_group_policy" "policy" { - depends_on = [ibm_cos_bucket.cos_bucket_website_configuration] - access_group_id = data.ibm_iam_access_group.public_access_group.groups[0].id - roles = ["Object Reader"] - - resources { - service = "cloud-object-storage" - resource_type = "bucket" - resource_instance_id = "COS instance guid" # eg : 94xxxxxx-3xxx-4xxx-8xxx-7xxxxxxxxx7 - resource = ibm_cos_bucket.cos_bucket_website_configuration.bucket_name - } -} +resource "ibm_iam_access_group_policy" "policy" { + depends_on = [ibm_cos_bucket.cos_bucket_website_configuration] + access_group_id = data.ibm_iam_access_group.public_access_group.groups[0].id + roles = ["Object Reader"] + + resources { + service = "cloud-object-storage" + resource_type = "bucket" + resource_instance_id = "COS instance guid" # eg : 94xxxxxx-3xxx-4xxx-8xxx-7xxxxxxxxx7 + resource = ibm_cos_bucket.cos_bucket_website_configuration.bucket_name + } +} # Add basic website configuration on a COS bucket -resource ibm_cos_bucket_website_configuration "website_configuration" { - bucket_crn = "bucket_crn" +resource "ibm_cos_bucket_website_configuration" "website_configuration" { + bucket_crn = "bucket_crn" bucket_location = data.ibm_cos_bucket.cos_bucket_website_configuration.regional_location website_configuration { - error_document{ + error_document { key = "error.html" } - index_document{ + index_document { suffix = "index.html" } } } # Add a request redirect website configuration on a COS bucket -resource ibm_cos_bucket_website_configuration "website_configuration" { - bucket_crn = "bucket_crn" +resource "ibm_cos_bucket_website_configuration" "website_configuration" { + bucket_crn = "bucket_crn" bucket_location = data.ibm_cos_bucket.cos_bucket_website_configuration.regional_location website_configuration { - redirect_all_requests_to{ - host_name = "exampleBucketName" - protocol = "https" - } + redirect_all_requests_to { + host_name = "exampleBucketName" + protocol = "https" + } } } # Add a website configuration on a COS bucket with routing rule -resource ibm_cos_bucket_website_configuration "website_configuration" { - bucket_crn = "bucket_crn" +resource "ibm_cos_bucket_website_configuration" "website_configuration" { + bucket_crn = "bucket_crn" bucket_location = data.ibm_cos_bucket.cos_bucket_website_configuration.regional_location website_configuration { - error_document{ + error_document { key = "error.html" } - index_document{ + index_document { suffix = "index.html" } routing_rule { @@ -483,17 +501,17 @@ resource ibm_cos_bucket_website_configuration "website_configuration" { } # Add a website configuration on a COS bucket with JSON routing rule -resource ibm_cos_bucket_website_configuration "website_configuration" { - bucket_crn = "bucket_crn" +resource "ibm_cos_bucket_website_configuration" "website_configuration" { + bucket_crn = "bucket_crn" bucket_location = data.ibm_cos_bucket.cos_bucket_website_configuration.regional_location website_configuration { - error_document{ + error_document { key = "error.html" - } - index_document{ + } + index_document { suffix = "index.html" } - routing_rules = <:a/:::` +If CRN is set, management event and opt-in data event are sent to the AT CRN location. + +### New behavior: +The CRN of the activity tracker becomes optional.If CRN is not set, management events (if enabled) and data events (if enabled) are sent to the AT endpoint mapped to the bucket location.If CRN is set, legacy behavior is followed. + +## Example usage + +```terraform +resource "ibm_cos_bucket" "new_activity_tracker_bucket" { + bucket_name = "bucket-name" + resource_instance_id = ibm_resource_instance.cos_instance.id + region_location = "us-south" + storage_class = "smart" + activity_tracking { + read_data_events = true + write_data_events = true + management_events = true + } +} +``` +### Switch to new behavior: +Customer can remove the crn key-value pair by setting the value to empty string + + **Note:** + + CRN can be set if previously (i.e. legacy behavior) not provided when at least one of `read_data_events` or `write_data_events` or `management_events` is set to true. In this case, subsequentevents shall be sent to the AT CRN's location instead ofbased on the bucket's location. Although it is not recommended to switch back to legacy behavior + +## Example usage + +```terraform +resource "ibm_cos_bucket" "activity_tracker_transition_bucket" { + bucket_name = "bucket-name" + resource_instance_id = ibm_resource_instance.cos_instance.id + region_location = "us-south" + storage_class = "smart" + activity_tracking { + read_data_events = true + write_data_events = true + management_events = true + activity_tracker_crn = "" + } +} +``` + +# Transition from metrics_monitoring legacy usage to new usage + +### Legacy Behavior: +It represents the CRN of the metrics monitoring service instance, associated to the bucket, which receives the management event and opt-indata event. It follows the format `crn:v1:bluemix:public:sysdig::a/:::` +If Metrics Monitoring CRN is set, enabled metrics are sent to the CRN location. + +### New behavior: +The metrics monitoring crn becomes optional.If CRN is not set, enabled metrics are sent to Metrics enpoint mapped bucket location.If the CRN is set then legacy behvaior is followed. + +## Example usage + +```terraform + +resource "ibm_cos_bucket" "new_metrics_monitoring_enabled_bucket" { + bucket_name = "bucket-name" + resource_instance_id = ibm_resource_instance.cos_instance.id + region_location = "us-south" + storage_class = "smart" + metrics_monitoring { + usage_metrics_enabled = true + request_metrics_enabled = true + } +} +``` +### Switch to new behavior: +Customer can remove the crn key-value pair by setting the value to empty string + + **Note:** + + CRN can be setif previously not set when atleast one metric is already enabled. In this case, subsequent metrics shall be sent to theMetrics CRN's location instead of based on the bucket'slocation. Although it is not recommended to switch back to legacy behavior + +## Example usage + +```terraform + +resource "ibm_cos_bucket" "metrics_monitoring_transition_bucket" { + bucket_name = "bucket-name" + resource_instance_id = ibm_resource_instance.cos_instance.id + single_site_location = "sjc04" + storage_class = "smart" + metrics_monitoring { + usage_metrics_enabled = true + request_metrics_enabled = true + metrics_monitoring_crn = "" + } +} +``` + + + # ibm_cos_object_lock_configuration COS Object Lock feature enables user to store the object in a bucket with an extra layer of protection against object changes and deletion.Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely by setting up retention period and legal hold for an object. diff --git a/website/docs/r/cos_bucket_object_lock_configuration.html.markdown b/website/docs/r/cos_bucket_object_lock_configuration.html.markdown index e1f0759a99..862a5b1f7e 100644 --- a/website/docs/r/cos_bucket_object_lock_configuration.html.markdown +++ b/website/docs/r/cos_bucket_object_lock_configuration.html.markdown @@ -122,6 +122,8 @@ Review the argument references that you can specify for your resource. - `days`- (Int) Specifies number of days after which the object can be deleted from the COS bucket. - `years`- (Int) Specifies number of years after which the object can be deleted from the COS bucket. +**Note:** + The parameter `days` and `years` are mutually exclusive please provide only one of them. ## Attribute reference In addition to all argument reference list, you can access the following attribute reference after your resource is created.