feat: added a new buckets submodule which supports creating multiple …

…buckets (#265)

.secrets.baseline

@@ -3,14 +3,17 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-05-05T07:44:09Z",
+  "generated_at": "2023-07-11T14:04:13Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
     },
     {
       "name": "ArtifactoryDetector"
     },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
     {
       "base64_limit": 4.5,
       "name": "Base64HighEntropyString"
@@ -28,6 +31,9 @@
       "ghe_instance": "github.ibm.com",
       "name": "GheDetector"
     },
+    {
+      "name": "GitHubTokenDetector"
+    },
     {
       "hex_limit": 3,
       "name": "HexHighEntropyString"
@@ -48,6 +54,9 @@
     {
       "name": "MailchimpDetector"
     },
+    {
+      "name": "NpmDetector"
+    },
     {
       "name": "PrivateKeyDetector"
     },
@@ -57,6 +66,9 @@
     {
       "name": "SoftlayerDetector"
     },
+    {
+      "name": "SquareOAuthDetector"
+    },
     {
       "name": "StripeDetector"
     },
@@ -65,7 +77,7 @@
     }
   ],
   "results": {},
-  "version": "0.13.1+ibm.60.dss",
+  "version": "0.13.1+ibm.61.dss",
   "word_list": {
     "file": null,
     "hash": null

README.md

@@ -7,14 +7,13 @@
 [![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-cos?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-cos/releases/latest)
 [![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/)
 
-You can use this module to provision and configure an [IBM Cloud Object Storage](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-getting-started-cloud-object-storage) instance or bucket.
+You can use this module to provision and configure a [Cloud Object Storage](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-getting-started-cloud-object-storage) instance and bucket.
 
 You can configure the following aspects of your instances:
-
 - [Bucket encryption](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-tutorial-kp-encrypt-bucket) - based on Key Protect keys
 - [Activity tracking](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-tracking-cos-events) and auditing
 - [Monitoring](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-monitoring-cos)
-- Data retention, [lifecycle](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-archive), and archiving options
+- Data retention, [lifecycle](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-archive) and archiving options
 
 ## Usage
 
@@ -26,31 +25,72 @@ provider "ibm" {
 
 # Creates:
 # - COS instance
-# - COS bucket with retention, encryption, monitoring and activity tracking
+# - COS buckets with retention, encryption, monitoring and activity tracking
 module "cos_module" {
-  source  = "terraform-ibm-modules/cos/ibm"
-  version = "latest" # Replace "latest" with a release version to lock into a specific release
-  resource_group_id                  = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
-  region                             = "us-south"
-  cos_instance_name                  = "my-cos-instance"
-  bucket_name                        = "my-cos-bucket"
+  source                     = "terraform-ibm-modules/cos/ibm"
+  version                    = "latest" # Replace "latest" with a release version to lock into a specific release
+  resource_group_id          = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
+  region                     = "us-south"
+  cos_instance_name          = "my-cos-instance"
+  bucket_name                = "my-cos-bucket"
   existing_kms_instance_guid = "xxxxxxxx-XXXX-XXXX-XXXX-xxxxxxxx"
   kms_key_crn                = "crn:v1:bluemix:public:kms:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxxxxx-XXXX-XXXX-XXXX-xxxxxx:key:xxxxxx-XXXX-XXXX-XXXX-xxxxxx"
   sysdig_crn                 = "crn:v1:bluemix:public:sysdig-monitor:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX::"
   activity_tracker_crn       = "crn:v1:bluemix:public:logdnaat:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX::"
 }
 
-# Creates additional bucket in instance created above:
+# Creates additional buckets in existing instance:
 module "additional_cos_bucket" {
-  source  = "terraform-ibm-modules/cos/ibm"
+  source                   = "terraform-ibm-modules/cos/ibm"
+  version                  = "latest" # Replace "latest" with a release version to lock into a specific release
+  resource_group_id        = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
+  region                   = "us-south"
+  create_cos_instance      = false
+  sysdig_crn               = "crn:v1:bluemix:public:sysdig-monitor:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX::"
+  activity_tracker_crn     = "crn:v1:bluemix:public:logdnaat:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX::"
+  existing_cos_instance_id = module.cos_module.cos_instance_id
+  kms_key_crn              = "crn:v1:bluemix:public:kms:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxxxxx-XXXX-XXXX-XXXX-xxxxxx:key:xxxxxx-XXXX-XXXX-XXXX-xxxxxx"
+}
+
+# Creates additional Cloud Object Storage buckets using the buckets sub module
+module "cos_buckets" {
+  source  = "terraform-ibm-modules/cos/ibm//modules/buckets"
   version = "latest" # Replace "latest" with a release version to lock into a specific release
-  bucket_name                        = "additional-bucket"
-  resource_group_id                  = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
-  region                             = "us-south"
-  sysdig_crn                         = "crn:v1:bluemix:public:sysdig-monitor:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX::"
-  activity_tracker_crn               = "crn:v1:bluemix:public:logdnaat:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX::"
-  existing_cos_instance_id           = module.cos_module.cos_instance_id
-  kms_key_crn                = "crn:v1:bluemix:public:kms:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxxxxx-XXXX-XXXX-XXXX-xxxxxx:key:xxxxxx-XXXX-XXXX-XXXX-xxxxxx"
+  bucket_configs = [
+    {
+      bucket_name          = "my-encrypted-bucket"
+      kms_key_crn          = "crn:v1:bluemix:public:kms:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxxxxx-XXXX-XXXX-XXXX-xxxxxx:key:xxxxxx-XXXX-XXXX-XXXX-xxxxxx"
+      region_location      = "us-south"
+      resource_group_id    = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
+      resource_instance_id = module.cos_module.cos_instance_id
+    },
+    {
+      bucket_name            = "my-versioned-bucket"
+      kms_encryption_enabled = false
+      region_location        = "us-south"
+      resource_group_id      = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
+      resource_instance_id   = module.cos_module.cos_instance_id
+      object_versioning = {
+        enable = true
+      }
+    },
+    {
+      bucket_name            = "my-archive-bucket"
+      kms_encryption_enabled = false
+      region_location        = "us-south"
+      resource_group_id      = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
+      resource_instance_id   = module.cos_module.cos_instance_id
+      archive_rule = {
+        days   = 90
+        enable = true
+        type   = "Accelerated"
+      }
+      expire_rule = {
+        days   = 90
+        enable = true
+      }
+    }
+  ]
 }
 ```
 
@@ -86,7 +126,7 @@ You need the following permissions to run this module.
 
 - [ Basic Example](examples/basic)
 - [ Complete Example (multiple COS Buckets with retention, encryption, tracking and monitoring enabled)](examples/complete)
-- [ COS Bucket without encryption using an existing COS instance and Key Protect instance + Keys](examples/existing-resources)
+- [ Create Cloud Object Storage instance and a bucket](examples/existing-resources)
 - [ Financial Services Cloud Profile example](examples/fscloud)
 - [ One Rate Plan Example (COS Bucket with One Rate Plan)](examples/one-rate-plan)
 - [ Cloud Object Storage replication example](examples/replication)
@@ -141,13 +181,13 @@ You need the following permissions to run this module.
 | <a name="input_create_hmac_key"></a> [create\_hmac\_key](#input\_create\_hmac\_key) | Set as true to create a new HMAC key for the Cloud Object Storage instance. | `bool` | `true` | no |
 | <a name="input_cross_region_location"></a> [cross\_region\_location](#input\_cross\_region\_location) | Specify the cross-regional bucket location. Supported values are 'us', 'eu', and 'ap'. If you pass a value for this, ensure to set the value of var.region to null. | `string` | `null` | no |
 | <a name="input_existing_cos_instance_id"></a> [existing\_cos\_instance\_id](#input\_existing\_cos\_instance\_id) | The ID of an existing cloud object storage instance. Required if 'var.create\_cos\_instance' is false. | `string` | `null` | no |
-| <a name="input_existing_kms_instance_guid"></a> [existing\_kms\_instance\_guid](#input\_existing\_kms\_instance\_guid) | The GUID of the Key Protect or Hyper Protect instance in which the key specified in var.kms\_key\_crn is coming from. Required if var.skip\_iam\_authorization\_policy is false in order to create an IAM Access Policy to allow Key protect or Hyper Protect to access the newly created COS instance. | `string` | `null` | no |
+| <a name="input_existing_kms_instance_guid"></a> [existing\_kms\_instance\_guid](#input\_existing\_kms\_instance\_guid) | The GUID of the Key Protect or Hyper Protect instance in which the key specified in var.kms\_key\_crn is coming from. Required if var.skip\_iam\_authorization\_policy is false in order to create an IAM Access Policy to allow Key Protect or Hyper Protect to access the newly created COS instance. | `string` | `null` | no |
 | <a name="input_expire_days"></a> [expire\_days](#input\_expire\_days) | Specifies the number of days when the expire rule action takes effect. Only used if 'create\_cos\_bucket' is true. | `number` | `365` | no |
 | <a name="input_hmac_key_name"></a> [hmac\_key\_name](#input\_hmac\_key\_name) | The name of the hmac key to be created. | `string` | `"hmac-cos-key"` | no |
 | <a name="input_hmac_key_role"></a> [hmac\_key\_role](#input\_hmac\_key\_role) | The role you want to be associated with your new hmac key. Valid roles are 'Writer', 'Reader', 'Manager', 'Content Reader', 'Object Reader', 'Object Writer'. | `string` | `"Manager"` | no |
 | <a name="input_instance_cbr_rules"></a> [instance\_cbr\_rules](#input\_instance\_cbr\_rules) | (Optional, list) List of CBR rules to create for the instance | <pre>list(object({<br>    description = string<br>    account_id  = string<br>    rule_contexts = list(object({<br>      attributes = optional(list(object({<br>        name  = string<br>        value = string<br>    }))) }))<br>    enforcement_mode = string<br>    tags = optional(list(object({<br>      name  = string<br>      value = string<br>    })), [])<br>    operations = optional(list(object({<br>      api_types = list(object({<br>        api_type_id = string<br>      }))<br>    })))<br>  }))</pre> | `[]` | no |
 | <a name="input_kms_encryption_enabled"></a> [kms\_encryption\_enabled](#input\_kms\_encryption\_enabled) | Set as true to use KMS key encryption to encrypt data in COS bucket (only applicable when var.create\_cos\_bucket is true). | `bool` | `true` | no |
-| <a name="input_kms_key_crn"></a> [kms\_key\_crn](#input\_kms\_key\_crn) | CRN of the KMS Key to use to encrypt the data in the COS Bucket. Required if var.encryption\_enabled and var.create\_cos\_bucket are true. | `string` | `null` | no |
+| <a name="input_kms_key_crn"></a> [kms\_key\_crn](#input\_kms\_key\_crn) | CRN of the KMS key to use to encrypt the data in the COS bucket. Required if var.encryption\_enabled and var.create\_cos\_bucket are true. | `string` | `null` | no |
 | <a name="input_management_endpoint_type_for_bucket"></a> [management\_endpoint\_type\_for\_bucket](#input\_management\_endpoint\_type\_for\_bucket) | The type of endpoint for the IBM terraform provider to use to manage the bucket. (public, private, direct) | `string` | `"public"` | no |
 | <a name="input_object_versioning_enabled"></a> [object\_versioning\_enabled](#input\_object\_versioning\_enabled) | Enable object versioning to keep multiple versions of an object in a bucket. Cannot be used with retention rule. Only used if 'create\_cos\_bucket' is true. | `bool` | `false` | no |
 | <a name="input_region"></a> [region](#input\_region) | The region to provision the bucket. If you pass a value for this, do not pass one for var.cross\_region\_location. | `string` | `"us-south"` | no |
@@ -167,11 +207,11 @@ You need the following permissions to run this module.
 |------|-------------|
 | <a name="output_bucket_crn"></a> [bucket\_crn](#output\_bucket\_crn) | Bucket CRN |
 | <a name="output_bucket_id"></a> [bucket\_id](#output\_bucket\_id) | Bucket id |
-| <a name="output_bucket_name"></a> [bucket\_name](#output\_bucket\_name) | Bucket Name |
+| <a name="output_bucket_name"></a> [bucket\_name](#output\_bucket\_name) | Bucket name |
 | <a name="output_bucket_storage_class"></a> [bucket\_storage\_class](#output\_bucket\_storage\_class) | Bucket Storage Class |
 | <a name="output_cos_instance_guid"></a> [cos\_instance\_guid](#output\_cos\_instance\_guid) | The GUID of the Cloud Object Storage Instance where the buckets are created |
 | <a name="output_cos_instance_id"></a> [cos\_instance\_id](#output\_cos\_instance\_id) | The ID of the Cloud Object Storage Instance where the buckets are created |
-| <a name="output_kms_key_crn"></a> [kms\_key\_crn](#output\_kms\_key\_crn) | The CRN of the KMS Key used to encrypt the COS Bucket |
+| <a name="output_kms_key_crn"></a> [kms\_key\_crn](#output\_kms\_key\_crn) | The CRN of the KMS key used to encrypt the COS bucket |
 | <a name="output_resource_group_id"></a> [resource\_group\_id](#output\_resource\_group\_id) | Resource Group ID |
 | <a name="output_s3_endpoint_direct"></a> [s3\_endpoint\_direct](#output\_s3\_endpoint\_direct) | S3 direct endpoint |
 | <a name="output_s3_endpoint_private"></a> [s3\_endpoint\_private](#output\_s3\_endpoint\_private) | S3 private endpoint |

examples/basic/README.md

@@ -1,5 +1,5 @@
 # Basic Example
 
-An example that will:
-- Create a new resource group (if existing one is not passed in).
-- Create a new Cloud Object Storage instance and a bucket.
+This example creates the following infrastructure:
+- A new resource group, if one is not passed in.
+- A new Cloud Object Storage instance and a bucket in a resource group and region.

examples/basic/main.tf

@@ -11,10 +11,10 @@ module "resource_group" {
 }
 
 ##############################################################################
-# Create COS
+# Create Cloud Object Storage instance and a bucket
 ##############################################################################
 
-module "cos_bucket" {
+module "cos" {
   source            = "../../"
   resource_group_id = module.resource_group.resource_group_id
   region            = var.region
@@ -25,3 +25,20 @@ module "cos_bucket" {
   retention_enabled      = false
   kms_encryption_enabled = false
 }
+
+##############################################################################
+# Create Cloud Object Storage bucket using sub module
+##############################################################################
+
+module "buckets" {
+  source = "../../modules/buckets"
+  bucket_configs = [
+    {
+      bucket_name            = "${var.prefix}-bucket-module"
+      kms_encryption_enabled = false
+      region_location        = var.region
+      resource_group_id      = module.resource_group.resource_group_id
+      resource_instance_id   = module.cos.cos_instance_id
+    }
+  ]
+}

examples/basic/outputs.tf

@@ -1,14 +1,19 @@
 output "bucket_name" {
-  description = "Bucket Name"
-  value       = module.cos_bucket.bucket_name
+  description = "Bucket name"
+  value       = module.cos.bucket_name
 }
 
 output "bucket_crn" {
   description = "Bucket CRN"
-  value       = module.cos_bucket.bucket_crn
+  value       = module.cos.bucket_crn
 }
 
 output "bucket_id" {
   description = "Bucket id"
-  value       = module.cos_bucket.bucket_id
+  value       = module.cos.bucket_id
+}
+
+output "buckets" {
+  description = "Bucket from sub module"
+  value       = module.buckets.buckets
 }

examples/complete/README.md

@@ -1,19 +1,19 @@
 # Complete Example (multiple COS Buckets with retention, encryption, tracking and monitoring enabled)
 
-An end-to-end example that will:
-- Create a new resource group (if existing one is not passed in).
-- Create Sysdig and Activity Tracker instances in the given resource group and region.
-- Create a new Key Protect instance (with metrics enabled), Key Ring, and Key in the given resource group and region.
-- Create a new Cloud Object Storage instance in the given resource group and region.
-- Create an IAM Access Policy to allow Key Protect to access COS instance.
-- Create COS bucket-1 with:
+This example creates the following infrastructure:
+- A new resource group, if one is not passed in.
+- A Sysdig and Activity Tracker instances in a resource group and region.
+- A new Key Protect instance (with metrics enabled), Key Ring, and Key in a resource group and region.
+- A new Cloud Object Storage instance in a resource group and region.
+- An IAM Access Policy to allow Key Protect to access COS instance.
+- COS bucket-1 with:
   - Encryption
   - Monitoring
   - Activity Tracking
-- Create COS bucket-2 with:
+- COS bucket-2 with:
   - Cross Region Location
   - Encryption
   - Monitoring
   - Activity Tracking
-- Create a Sample VPC.
-- Create Context Based Restriction(CBR) to only allow buckets to be accessible from the VPC.
+- A sample VPC.
+- A Context Based Restriction(CBR) to only allow buckets to be accessible from the VPC.

examples/complete/main.tf

@@ -103,7 +103,7 @@ module "cbr_zone" {
   }]
 }
 
-# Create COS instance and Key protect instance.
+# Create COS instance and Key Protect instance.
 # Create COS bucket-1 with:
 # - Encryption
 # - Monitoring

examples/complete/outputs.tf

@@ -1,9 +1,9 @@
 output "bucket_name1" {
-  description = "Bucket Name"
+  description = "Bucket name"
   value       = module.cos_bucket1.bucket_name
 }
 
 output "bucket_name2" {
-  description = "Bucket Name"
+  description = "Bucket name"
   value       = module.cos_bucket2.bucket_name
 }

examples/existing-resources/README.md

@@ -1,8 +1,9 @@
-# COS Bucket without encryption using an existing COS instance and Key Protect instance + Keys
+# Create Cloud Object Storage instance and a bucket
 
-An end-to-end example that will:
-- Create a new resource group (if existing one is not passed in).
-- Create a new Key Protect instance, Key Ring, and Key in the given resource group and region.
-- Using the terraform-ibm-cos module, create a new Cloud Object Storage instance in the given resource group and region (with no buckets).
-- Create an IAM Access Policy to allow Key Protect to access COS instance (outside of the terraform-ibm-cos module).
-- Using the terraform-ibm-cos module, create a COS Bucket without encryption using the existing COS instance, Key Protect instance + Keys created at the start of this example.
+This example creates the following infrastructure:
+- A new resource group, if one is not passed in.
+- A Key Protect instance, key ring, and key in a resource group and region.
+- An IAM access policy to allow Cloud Object Storage to access Key Protect for the encryption key.
+- A Cloud Object Storage instance with no buckets in a resource group and region.
+    This example uses the code in the root `terraform-ibm-cos` module.
+- Cloud Object Storage buckets with encryption, versioning and archiving respectively.