diff --git a/.secrets.baseline b/.secrets.baseline index bbfbc18f..fcab9952 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2023-12-10T06:39:44Z", + "generated_at": "2023-12-11T06:39:44Z", "plugins_used": [ { "name": "AWSKeyDetector" diff --git a/solutions/agents/main.tf b/solutions/agents/main.tf index 7363a997..0a47ef7b 100644 --- a/solutions/agents/main.tf +++ b/solutions/agents/main.tf @@ -16,21 +16,7 @@ module "observability_agents" { cluster_resource_group_id = var.cluster_resource_group_id cluster_config_endpoint_type = var.cluster_config_endpoint_type # Log Analysis Agent - log_analysis_enabled = var.log_analysis_enabled - log_analysis_agent_name = var.prefix != null ? "${var.prefix}-${var.log_analysis_agent_name}" : var.log_analysis_agent_name - log_analysis_agent_namespace = var.log_analysis_agent_namespace - log_analysis_instance_region = var.log_analysis_instance_region - log_analysis_ingestion_key = var.log_analysis_ingestion_key - log_analysis_secret_name = var.prefix != null ? "${var.prefix}-${var.log_analysis_secret_name}" : var.log_analysis_secret_name - log_analysis_agent_tolerations = var.log_analysis_agent_tolerations - log_analysis_agent_tags = var.log_analysis_agent_tags - log_analysis_endpoint_type = var.log_analysis_endpoint_type - log_analysis_add_cluster_name = var.log_analysis_add_cluster_name - # Log Analysis agent custom settings to setup Kubernetes metadata logs filtering by setting - # LOGDNA_K8S_METADATA_LINE_INCLUSION and LOGDNA_K8S_METADATA_LINE_EXCLUSION in the agent daemonset definition - # Ref https://github.com/logdna/logdna-agent-v2/blob/3.8/docs/KUBERNETES.md#configuration-for-kubernetes-metadata-filtering - log_analysis_agent_custom_line_exclusion = var.log_analysis_agent_custom_line_inclusion - log_analysis_agent_custom_line_inclusion = var.log_analysis_agent_custom_line_exclusion + log_analysis_enabled = false # Cloud Monitoring (Sysdig) Agent cloud_monitoring_enabled = var.cloud_monitoring_enabled cloud_monitoring_agent_name = var.prefix != null ? "${var.prefix}-${var.cloud_monitoring_agent_name}" : var.cloud_monitoring_agent_name diff --git a/solutions/agents/variables.tf b/solutions/agents/variables.tf index 0dba08da..52417a21 100644 --- a/solutions/agents/variables.tf +++ b/solutions/agents/variables.tf @@ -63,100 +63,6 @@ variable "wait_till_timeout" { default = 90 } -############################################################################## -# Log Analysis variables -############################################################################## - -variable "log_analysis_enabled" { - type = bool - description = "DEPRECATED: Whether to deploy the IBM Cloud logging agent." - default = false -} - - -variable "log_analysis_agent_tags" { - type = list(string) - description = "DEPRECATED: The list of tags to associate with all log records collected by the agent so that you can quickly identify the agent’s data in the logging UI. To add the cluster name as a tag, use the `log_analysis_add_cluster_name` variable." - default = [] - nullable = false -} - -variable "log_analysis_add_cluster_name" { - type = bool - description = "DEPRECATED: Whether to attach the cluster name to log messages. Set to `true` to configure the IBM Log Analysis agent to tag all log messages with the name." - default = true -} - -variable "log_analysis_ingestion_key" { - type = string - description = "DEPRECATED: The ingestion key that is used by the IBM Cloud logging agent to communicate with the instance." - sensitive = true - default = null -} - -variable "log_analysis_secret_name" { - type = string - description = "DEPRECATED: The name of the secret that stores the ingestion key. If a prefix input variable is specified, the secret name is prefixed to the value in the `-` format." - default = "logdna-agent" - nullable = false -} - -variable "log_analysis_instance_region" { - type = string - description = "DEPRECATED: The name of the region where the IBM Log Analysis instance is created. The value is used in the ingestion endpoint in the format `api..logging.cloud.ibm.com`." - default = null -} - -variable "log_analysis_endpoint_type" { - type = string - description = "DEPRECATED: Specify the IBM Log Analysis instance endpoint type to use to construct the ingestion endpoint. Possible values: `public` or `private`." - default = "private" - validation { - error_message = "The specified `endpoint_type` can be `private` or `public` only." - condition = contains(["private", "public"], var.log_analysis_endpoint_type) - } -} - -variable "log_analysis_agent_custom_line_inclusion" { - description = "DEPRECATED: The custom configuration of the IBM Log Analysis agent for the `LOGDNA_K8S_METADATA_LINE_INCLUSION` line inclusion setting. [Learn more](https://github.com/logdna/logdna-agent-v2/blob/master/docs/KUBERNETES.md#configuration-for-kubernetes-metadata-filtering)" - type = string - default = null # "namespace:default" -} - -variable "log_analysis_agent_custom_line_exclusion" { - description = "DEPRECATED: The custom configuration of the IBM Log Analysis agent for the `LOGDNA_K8S_METADATA_LINE_INCLUSION` line exclusion setting. [Learn more](https://github.com/logdna/logdna-agent-v2/blob/master/docs/KUBERNETES.md#configuration-for-kubernetes-metadata-filtering)" - type = string - default = null # "label.app.kubernetes.io/name:sample-app\\, annotation.user:sample-user" -} - -variable "log_analysis_agent_name" { - description = "DEPRECATED: The name of the IBM Log Analysis agent that is used to name the Kubernetes and Helm resources on the cluster. If a prefix input variable is passed, the name of the IBM Log Analysis agent is prefixed to the value in the `-` format." - type = string - default = "logdna-agent" - nullable = false -} - -variable "log_analysis_agent_namespace" { - type = string - description = "DEPRECATED: The namespace to deploy the IBM Log Analysis agent in. The default value of the namespace is `ibm-observe`." - default = "ibm-observe" - nullable = false -} - -variable "log_analysis_agent_tolerations" { - description = "DEPRECATED: The list of tolerations to apply to the IBM Log Analysis agent. Because the default value is the `Exists` operator, this variable will match any taint on any node. [Learn more](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)" - type = list(object({ - key = optional(string) - operator = optional(string) - value = optional(string) - effect = optional(string) - tolerationSeconds = optional(number) - })) - default = [{ - operator = "Exists" - }] -} - ############################################################################## # Cloud Monitoring variables ############################################################################## diff --git a/solutions/instances/README.md b/solutions/instances/README.md index 1cfb01e2..359af9ff 100644 --- a/solutions/instances/README.md +++ b/solutions/instances/README.md @@ -3,7 +3,6 @@ This deployable architecture creates observability instances in IBM Cloud and supports provisioning the following resources: * A resource group, if one is not passed in. -* An IBM Cloud Log Analysis instance (Disabled by default as service is deprecated) * An IBM Cloud Monitoring instance. * An IBM Cloud Logs instance. * An IBM Cloud Object Storage instance, if one does not exist. diff --git a/solutions/instances/main.tf b/solutions/instances/main.tf index 481ab5af..8a2a3aae 100644 --- a/solutions/instances/main.tf +++ b/solutions/instances/main.tf @@ -4,14 +4,11 @@ locals { - # tflint-ignore: terraform_unused_declarations - validate_log_analysis_provision = var.enable_at_event_routing_to_log_analysis && var.log_analysis_provision == false ? tobool("log_analysis_provision can't be false if enable_at_event_routing_to_log_analysis is true") : true # tflint-ignore: terraform_unused_declarations validate_existing_cloud_monitoring = var.cloud_monitoring_provision && var.existing_cloud_monitoring_crn != null ? tobool("if cloud_monitoring_provision is set to true, then existing_cloud_monitoring_crn should be null and vice versa") : true # tflint-ignore: terraform_unused_declarations validate_cos_resource_group = var.existing_cos_instance_crn == null ? var.ibmcloud_cos_api_key != null && var.cos_resource_group_name == null ? tobool("if value for `ibmcloud_cos_api_key` is set, then `cos_resource_group_name` cannot be null") : true : true - archive_api_key = var.log_archive_api_key == null ? var.ibmcloud_api_key : var.log_archive_api_key default_cos_region = var.cos_region != null ? var.cos_region : var.region cos_key_ring_name = var.prefix != null ? "${var.prefix}-${var.cos_key_ring_name}" : var.cos_key_ring_name @@ -19,24 +16,20 @@ locals { log_archive_cos_bucket_name = var.prefix != null ? "${var.prefix}-${var.log_archive_cos_bucket_name}" : var.log_archive_cos_bucket_name at_cos_target_bucket_name = var.prefix != null ? "${var.prefix}-${var.at_cos_target_bucket_name}" : var.at_cos_target_bucket_name - cos_instance_crn = var.existing_cos_instance_crn != null ? var.existing_cos_instance_crn : length(module.cos_instance) != 0 ? module.cos_instance[0].cos_instance_crn : null - existing_kms_guid = ((var.existing_cloud_logs_metrics_bucket_crn != null && var.existing_cloud_logs_data_bucket_crn != null && var.existing_log_archive_cos_bucket_name != null && var.existing_at_cos_target_bucket_name != null) || (!var.manage_log_archive_cos_bucket && !var.log_analysis_provision && !var.enable_at_event_routing_to_cos_bucket && !var.cloud_logs_provision)) ? null : var.existing_kms_instance_crn != null ? element(split(":", var.existing_kms_instance_crn), length(split(":", var.existing_kms_instance_crn)) - 3) : tobool("The CRN of the existing KMS is not provided.") - cos_instance_guid = var.existing_cos_instance_crn == null ? length(module.cos_instance) != 0 ? module.cos_instance[0].cos_instance_guid : null : element(split(":", var.existing_cos_instance_crn), length(split(":", var.existing_cos_instance_crn)) - 3) - archive_cos_bucket_name = var.existing_log_archive_cos_bucket_name != null ? var.existing_log_archive_cos_bucket_name : (var.log_analysis_provision && var.log_analysis_enable_archive) || var.manage_log_archive_cos_bucket ? module.cos_bucket[0].buckets[local.log_archive_cos_bucket_name].bucket_name : null - archive_cos_bucket_endpoint = var.existing_log_archive_cos_bucket_endpoint != null ? var.existing_log_archive_cos_bucket_endpoint : (var.log_analysis_provision && var.log_analysis_enable_archive) || var.manage_log_archive_cos_bucket ? module.cos_bucket[0].buckets[local.log_archive_cos_bucket_name].s3_endpoint_private : null - cos_kms_key_crn = var.existing_cos_kms_key_crn != null ? var.existing_cos_kms_key_crn : length(coalesce(local.buckets_config, [])) != 0 ? module.kms[0].keys[format("%s.%s", local.cos_key_ring_name, local.cos_key_name)].crn : null + cos_instance_crn = var.existing_cos_instance_crn != null ? var.existing_cos_instance_crn : length(module.cos_instance) != 0 ? module.cos_instance[0].cos_instance_crn : null + existing_kms_guid = ((var.existing_cloud_logs_metrics_bucket_crn != null && var.existing_cloud_logs_data_bucket_crn != null && var.existing_at_cos_target_bucket_name != null) || (!var.manage_log_archive_cos_bucket && !var.enable_at_event_routing_to_cos_bucket && !var.cloud_logs_provision)) ? null : var.existing_kms_instance_crn != null ? element(split(":", var.existing_kms_instance_crn), length(split(":", var.existing_kms_instance_crn)) - 3) : tobool("The CRN of the existing KMS is not provided.") + cos_instance_guid = var.existing_cos_instance_crn == null ? length(module.cos_instance) != 0 ? module.cos_instance[0].cos_instance_guid : null : element(split(":", var.existing_cos_instance_crn), length(split(":", var.existing_cos_instance_crn)) - 3) + cos_kms_key_crn = var.existing_cos_kms_key_crn != null ? var.existing_cos_kms_key_crn : length(coalesce(local.buckets_config, [])) != 0 ? module.kms[0].keys[format("%s.%s", local.cos_key_ring_name, local.cos_key_name)].crn : null cos_target_bucket_name = var.existing_at_cos_target_bucket_name != null ? var.existing_at_cos_target_bucket_name : var.enable_at_event_routing_to_cos_bucket ? module.cos_bucket[0].buckets[local.at_cos_target_bucket_name].bucket_name : null cos_resource_group_id = var.cos_resource_group_name != null ? module.cos_resource_group[0].resource_group_id : module.resource_group.resource_group_id cos_target_bucket_endpoint = var.existing_at_cos_target_bucket_endpoint != null ? var.existing_at_cos_target_bucket_endpoint : var.enable_at_event_routing_to_cos_bucket ? module.cos_bucket[0].buckets[local.at_cos_target_bucket_name].s3_endpoint_private : null cos_target_name = var.prefix != null ? "${var.prefix}-cos-target" : "cos-target" - log_analysis_target_name = var.prefix != null ? "${var.prefix}-log-analysis-target" : "log-analysis-target" cloud_logs_target_name = var.prefix != null ? "${var.prefix}-cloud-logs-target" : "cloud-logs-target" at_cos_route_name = var.prefix != null ? "${var.prefix}-at-cos-route" : "at-cos-route" - at_log_analysis_route_name = var.prefix != null ? "${var.prefix}-at-log-analysis-route" : "at-log-analysis-route" at_cloud_logs_route_name = var.prefix != null ? "${var.prefix}-at-cloud-logs-route" : "at-cloud-logs-route" - archive_bucket_config = var.existing_log_archive_cos_bucket_name == null && ((var.log_analysis_provision && var.log_analysis_enable_archive) || var.manage_log_archive_cos_bucket) ? { + archive_bucket_config = var.manage_log_archive_cos_bucket ? { class = var.log_archive_cos_bucket_class name = local.log_archive_cos_bucket_name tag = var.archive_bucket_access_tags @@ -67,14 +60,13 @@ locals { local.cloud_log_metrics_bucket_config != null ? [local.cloud_log_metrics_bucket_config] : [] ) - - archive_rule = (var.existing_log_archive_cos_bucket_name == null || var.existing_at_cos_target_bucket_name == null) ? { + archive_rule = var.existing_at_cos_target_bucket_name == null ? { enable = true days = 90 type = "Glacier" } : null - expire_rule = (var.existing_log_archive_cos_bucket_name == null || var.existing_at_cos_target_bucket_name == null) ? { + expire_rule = var.existing_at_cos_target_bucket_name == null ? { enable = true days = 366 } : null @@ -92,19 +84,13 @@ locals { target_ids = [module.observability_instance.activity_tracker_targets[local.cos_target_name].id] }] : [] - at_log_analysis_route = var.enable_at_event_routing_to_log_analysis ? [{ - route_name = local.at_log_analysis_route_name - locations = ["*", "global"] - target_ids = [module.observability_instance.activity_tracker_targets[local.log_analysis_target_name].id] - }] : [] - at_cloud_logs_route = var.enable_at_event_routing_to_cloud_logs ? [{ route_name = local.at_cloud_logs_route_name locations = ["*", "global"] target_ids = [module.observability_instance.activity_tracker_targets[local.cloud_logs_target_name].id] }] : [] apply_auth_policy = (var.skip_cos_kms_auth_policy || (length(coalesce(local.buckets_config, [])) == 0)) ? 0 : 1 - at_routes = concat(local.at_cos_route, local.at_log_analysis_route, local.at_cloud_logs_route) + at_routes = concat(local.at_cos_route, local.at_cloud_logs_route) # Cloud Logs data bucket @@ -155,13 +141,11 @@ module "cos_resource_group" { locals { parsed_existing_cloud_monitoring_crn = var.existing_cloud_monitoring_crn != null ? split(":", var.existing_cloud_monitoring_crn) : [] existing_cloud_monitoring_guid = length(local.parsed_existing_cloud_monitoring_crn) > 0 ? local.parsed_existing_cloud_monitoring_crn[7] : null - - log_analysis_instance_name = var.prefix != null ? "${var.prefix}-${var.log_analysis_instance_name}" : var.log_analysis_instance_name - cloud_monitoring_instance_name = var.prefix != null ? "${var.prefix}-${var.cloud_monitoring_instance_name}" : var.cloud_monitoring_instance_name - cloud_logs_instance_name = var.prefix != null ? "${var.prefix}-cloud-logs" : var.cloud_logs_instance_name - cloud_logs_data_bucket_crn = var.existing_cloud_logs_data_bucket_crn != null ? var.existing_cloud_logs_data_bucket_crn : module.cos_bucket[0].buckets[local.cloud_log_data_bucket].bucket_crn - cloud_log_metrics_bucket_crn = var.existing_cloud_logs_metrics_bucket_crn != null ? var.existing_cloud_logs_metrics_bucket_crn : module.cos_bucket[0].buckets[local.cloud_log_metrics_bucket].bucket_crn - cloud_logs_buckets = [local.cloud_logs_data_bucket_crn, local.cloud_log_metrics_bucket_crn] + cloud_monitoring_instance_name = var.prefix != null ? "${var.prefix}-${var.cloud_monitoring_instance_name}" : var.cloud_monitoring_instance_name + cloud_logs_instance_name = var.prefix != null ? "${var.prefix}-cloud-logs" : var.cloud_logs_instance_name + cloud_logs_data_bucket_crn = var.existing_cloud_logs_data_bucket_crn != null ? var.existing_cloud_logs_data_bucket_crn : module.cos_bucket[0].buckets[local.cloud_log_data_bucket].bucket_crn + cloud_log_metrics_bucket_crn = var.existing_cloud_logs_metrics_bucket_crn != null ? var.existing_cloud_logs_metrics_bucket_crn : module.cos_bucket[0].buckets[local.cloud_log_metrics_bucket].bucket_crn + cloud_logs_buckets = [local.cloud_logs_data_bucket_crn, local.cloud_log_metrics_bucket_crn] } data "ibm_iam_account_settings" "iam_account_settings" { @@ -214,27 +198,12 @@ module "en_crn_parser" { } module "observability_instance" { - depends_on = [time_sleep.wait_for_atracker_cos_authorization_policy] - source = "terraform-ibm-modules/observability-instances/ibm" - version = "2.19.1" - providers = { - logdna.at = logdna.at - logdna.ld = logdna.ld - } - region = var.region - resource_group_id = module.resource_group.resource_group_id - log_analysis_enable_archive = var.log_analysis_enable_archive - ibmcloud_api_key = local.archive_api_key - # Log Analysis - log_analysis_provision = var.log_analysis_provision - log_analysis_instance_name = local.log_analysis_instance_name - log_analysis_plan = var.log_analysis_plan - log_analysis_tags = var.log_analysis_tags - log_analysis_service_endpoints = var.log_analysis_service_endpoints - log_analysis_cos_instance_id = local.cos_instance_crn - log_analysis_cos_bucket_name = local.archive_cos_bucket_name - log_analysis_cos_bucket_endpoint = local.archive_cos_bucket_endpoint - enable_platform_logs = var.enable_platform_logs + depends_on = [time_sleep.wait_for_atracker_cos_authorization_policy] + source = "terraform-ibm-modules/observability-instances/ibm" + version = "3.0.2" + region = var.region + resource_group_id = module.resource_group.resource_group_id + # IBM Cloud Monitoring cloud_monitoring_provision = var.cloud_monitoring_provision cloud_monitoring_instance_name = local.cloud_monitoring_instance_name @@ -247,6 +216,7 @@ module "observability_instance" { cloud_logs_provision = var.cloud_logs_provision cloud_logs_instance_name = local.cloud_logs_instance_name cloud_logs_plan = "standard" + enable_platform_logs = var.enable_platform_logs cloud_logs_access_tags = var.cloud_logs_access_tags cloud_logs_tags = var.cloud_logs_tags cloud_logs_service_endpoints = "public-and-private" @@ -259,7 +229,7 @@ module "observability_instance" { skip_cos_auth_policy = var.ibmcloud_cos_api_key != null ? true : var.skip_cloud_logs_cos_auth_policy }, metrics_data = { - enabled = true # Support of routing config is tracked in https://github.com/terraform-ibm-modules/terraform-ibm-observability-da/issues/170 + enabled = true bucket_crn = local.cloud_log_metrics_bucket_crn bucket_endpoint = var.existing_cloud_logs_metrics_bucket_endpoint != null ? var.existing_cloud_logs_metrics_bucket_endpoint : module.cos_bucket[0].buckets[local.cloud_log_metrics_bucket].s3_endpoint_direct skip_cos_auth_policy = var.ibmcloud_cos_api_key != null ? true : var.skip_cloud_logs_cos_auth_policy @@ -275,7 +245,6 @@ module "observability_instance" { logs_routing_tenant_regions = var.logs_routing_tenant_regions # Activity Tracker - activity_tracker_provision = false at_cos_targets = var.enable_at_event_routing_to_cos_bucket ? [ { bucket_name = local.cos_target_bucket_name @@ -287,14 +256,6 @@ module "observability_instance" { service_to_service_enabled = true } ] : [] - at_log_analysis_targets = var.enable_at_event_routing_to_log_analysis ? [ - { - instance_id = module.observability_instance.log_analysis_crn - ingestion_key = module.observability_instance.log_analysis_ingestion_key - target_region = var.region - target_name = local.log_analysis_target_name - } - ] : [] at_cloud_logs_targets = var.enable_at_event_routing_to_cloud_logs ? [ { diff --git a/solutions/instances/outputs.tf b/solutions/instances/outputs.tf index 249060a4..1d360211 100644 --- a/solutions/instances/outputs.tf +++ b/solutions/instances/outputs.tf @@ -29,28 +29,6 @@ output "cloud_logs_name" { description = "The name of the provisioned Cloud Logs instance." } -## Log analysis -output "log_analysis_name" { - value = var.log_analysis_provision ? module.observability_instance.log_analysis_name : null - description = "The name of the provisioned Log Analysis instance." -} - -output "log_analysis_crn" { - value = var.log_analysis_provision ? module.observability_instance.log_analysis_crn : null - description = "The id of the provisioned Log Analysis instance." -} - -output "log_analysis_guid" { - value = var.log_analysis_provision ? module.observability_instance.log_analysis_guid : null - description = "vaThe guid of the provisioned Log Analysis instance." -} - -output "log_analysis_ingestion_key" { - value = var.log_analysis_provision ? module.observability_instance.log_analysis_ingestion_key : null - description = "Log Analysis ingest key for agents to use" - sensitive = true -} - ## Cloud Monitoring output "cloud_monitoring_name" { value = var.cloud_monitoring_provision ? module.observability_instance.cloud_monitoring_name : null @@ -96,7 +74,7 @@ output "cos_instance_crn" { ## COS Buckets output "log_archive_cos_bucket_name" { - value = var.existing_log_archive_cos_bucket_name == null ? (var.log_analysis_provision && var.log_analysis_enable_archive) || var.manage_log_archive_cos_bucket ? module.cos_bucket[0].buckets[local.log_archive_cos_bucket_name].bucket_name : null : var.existing_log_archive_cos_bucket_name + value = var.manage_log_archive_cos_bucket ? module.cos_bucket[0].buckets[local.log_archive_cos_bucket_name].bucket_name : null description = "The name of log archive COS bucket" } diff --git a/solutions/instances/provider.tf b/solutions/instances/provider.tf index f0c3099c..a940eb9d 100644 --- a/solutions/instances/provider.tf +++ b/solutions/instances/provider.tf @@ -7,22 +7,6 @@ provider "ibm" { region = var.region } -locals { - at_endpoint = var.log_analysis_service_endpoints == "private" ? "https://api.${var.log_analysis_service_endpoints}.${var.region}.logging.cloud.ibm.com" : "https://api.${var.region}.logging.cloud.ibm.com" -} - -provider "logdna" { - alias = "at" - servicekey = module.observability_instance.activity_tracker_resource_key != null ? module.observability_instance.activity_tracker_resource_key : "" - url = local.at_endpoint -} - -provider "logdna" { - alias = "ld" - servicekey = module.observability_instance.log_analysis_resource_key != null ? module.observability_instance.log_analysis_resource_key : "" - url = local.at_endpoint -} - provider "ibm" { alias = "cos" ibmcloud_api_key = var.ibmcloud_cos_api_key != null ? var.ibmcloud_cos_api_key : var.ibmcloud_api_key diff --git a/solutions/instances/variables.tf b/solutions/instances/variables.tf index 79f87f58..7dd8cb96 100644 --- a/solutions/instances/variables.tf +++ b/solutions/instances/variables.tf @@ -22,7 +22,6 @@ variable "ibmcloud_cos_api_key" { default = null } - variable "use_existing_resource_group" { type = bool description = "Whether to use an existing resource group." @@ -211,7 +210,7 @@ variable "skip_logs_routing_auth_policy" { variable "enable_platform_logs" { type = bool - description = "Setting this to true will create a tenant in the same region that the Cloud Logs instance is provisioned to enable platform logs for that region. To send platform logs from other regions, you can explicitially specify a list of regions using the `logs_routing_tenant_regions` input. NOTE: You can only have 1 tenant per region in an account. If `log_analysis_provision` is set to true, this variable will also enable platform logs for the Log analysis instance." + description = "Setting this to true will create a tenant in the same region that the Cloud Logs instance is provisioned to enable platform logs for that region. To send platform logs from other regions, you can explicitially specify a list of regions using the `logs_routing_tenant_regions` input. NOTE: You can only have 1 tenant per region in an account." default = true } @@ -222,66 +221,10 @@ variable "logs_routing_tenant_regions" { nullable = false } -############################################################################## -# Log Analysis Variables -############################################################################## - -variable "log_analysis_provision" { - description = "DEPRECATED: Set it to true to provision an IBM Cloud Logging instance. IBM Cloud Log Analysis is now deprecated and new instances cannot be provisioned after November 30, 2024, and all existing instances will be destroyed on March 30, 2025. For more information, see https://cloud.ibm.com/docs/log-analysis?topic=log-analysis-getting-started" - type = bool - default = false -} - -variable "log_analysis_instance_name" { - type = string - description = "DEPRECATED: The name of the IBM Cloud Log Analysis instance to create. If a prefix input variable is specified, it's added to the value in the -value format." - default = "log-analysis" -} - -variable "log_analysis_plan" { - type = string - description = "DEPRECATED: The Log Analysis plan to provision. Possible values: `7-day`, `14-day`, `30-day`, and `hipaa-30-day`." - default = "7-day" - - validation { - condition = can(regex("^lite$|^7-day$|^14-day$|^30-day$|^hipaa-30-day$", var.log_analysis_plan)) - error_message = "Specify one of the following values for the `log_analysis_plan`: `lite`, `7-day`, `14-day`, `30-day`, or `hipaa-30-day`." - } -} - -variable "log_analysis_service_endpoints" { - description = "DEPRECATED: The type of endpoint for the Log Analysis instance. Possible values: `public`, `private`, `public-and-private`." - type = string - default = "private" - validation { - condition = contains(["public", "private", "public-and-private"], var.log_analysis_service_endpoints) - error_message = "The specified service endpoint is not valid. Specify a valid service endpoint to set for the IBM Log Analysis instance." - } -} - -variable "log_analysis_tags" { - type = list(string) - description = "DEPRECATED: The tags that are associated with the IBM Cloud Logging instance (`Optional`, `array of strings`)." - default = [] -} - -variable "log_analysis_enable_archive" { - type = bool - description = "DEPRECATED: Whether to enable archiving on Log Analysis instances. If set to true, `log_analysis_provision` must also be set to true." - default = true -} - -variable "log_archive_api_key" { - type = string - description = "DEPRECATED: The API key to use to configure archiving from Log Analysis to Object Storage. If not specified, the API key value in ibmcloud_api_key is used." - sensitive = true - default = null -} - variable "manage_log_archive_cos_bucket" { type = bool default = false - description = "Log Analysis has been deprecated, however you can continue to manage the COS bucket that was used for Log Analysis log archiving by setting this input to true, even if `log_analysis_provision` or `log_analysis_enable_archive` have been set to false." + description = "Log Analysis has been deprecated, and can no longer be deployed wuth this solution, however you can continue to manage the COS bucket that may have been in older versions for Log Analysis log archiving by setting this input to true." } ############################################################################## @@ -294,12 +237,6 @@ variable "enable_at_event_routing_to_cos_bucket" { default = true } -variable "enable_at_event_routing_to_log_analysis" { - type = bool - description = "Whether to enable event routing from Activity Tracker to Log Analysis. IBM Cloud Log Analysis is now deprecated and new instances cannot be provisioned after November 30, 2024, and all existing instances will be destroyed on March 30, 2025." - default = false -} - variable "enable_at_event_routing_to_cloud_logs" { type = bool description = "Whether to enable event routing from Activity Tracker to Cloud Log." @@ -357,7 +294,7 @@ variable "enable_platform_metrics" { variable "add_bucket_name_suffix" { type = bool - description = "Add a randomly generated suffix that is 4 characters in length, to the name of the newly provisioned Cloud Object Storage bucket. Do not use this suffix if you are passing the existing Cloud Object Storage bucket. To manage the name of the Cloud Object Storage bucket manually, use the `log_archive_cos_bucket_name` and `at_cos_target_bucket_name` variables." + description = "Add a randomly generated suffix that is 4 characters in length, to the name of the newly provisioned Cloud Object Storage bucket. Do not use this suffix if you are passing the existing Cloud Object Storage bucket. To manage the name of the Cloud Object Storage bucket manually, use the `cloud_log_data_bucket_name`, `cloud_log_metrics_bucket_name`, `at_cos_target_bucket_name` and `log_archive_cos_bucket_name` variables." default = true } @@ -400,7 +337,7 @@ variable "at_cos_target_bucket_name" { variable "archive_bucket_access_tags" { type = list(string) default = [] - description = "A list of optional tags to add to the log archive Cloud Object Storage bucket." + description = "A list of optional tags to add to the Log Analysis log archive Cloud Object Storage bucket." } variable "at_cos_bucket_access_tags" { @@ -436,13 +373,6 @@ variable "existing_cos_instance_crn" { description = "The CRN of an existing Cloud Object Storage instance. If a CRN is not specified, a new instance of Cloud Object Storage is created." } -variable "existing_log_archive_cos_bucket_name" { - type = string - nullable = true - default = null - description = "The name of an existing bucket within the Cloud Object Storage instance in which to store log archive files. If an existing Cloud Object Storage bucket is not specified, a bucket is created." -} - variable "existing_at_cos_target_bucket_name" { type = string nullable = true @@ -450,13 +380,6 @@ variable "existing_at_cos_target_bucket_name" { description = "The name of an existing bucket within the Cloud Object Storage instance in which to store IBM Cloud Activity Tracker Event Routing. If an existing Cloud Object Storage bucket is not specified, a bucket is created." } -variable "existing_log_archive_cos_bucket_endpoint" { - type = string - nullable = true - default = null - description = "The name of an existing Cloud Object Storage bucket endpoint to use for storing the log archive file. If an existing endpoint is not specified, the endpoint of the new Cloud Object Storage bucket is used." -} - variable "existing_at_cos_target_bucket_endpoint" { type = string nullable = true @@ -505,7 +428,7 @@ variable "existing_kms_instance_crn" { variable "existing_cos_kms_key_crn" { type = string default = null - description = "Optional. The CRN of an existing key management service (KMS) key to use to encrypt the Cloud Object Storage buckets that this solution creates. To create a key ring and key, pass a value for the `existing_kms_instance_crn` input variable. To use existing Cloud Object Storage buckets, pass a value for the `existing_log_archive_cos_bucket_name` and `existing_at_cos_target_bucket_name` input variables." + description = "Optional. The CRN of an existing key management service (KMS) key to use to encrypt the Cloud Object Storage buckets that this solution creates. To create a key ring and key, pass a value for the `existing_kms_instance_crn` input variable. To use existing Cloud Object Storage buckets, pass a value for the `existing_cloud_logs_data_bucket_crn`, `existing_cloud_logs_metrics_bucket_crn`, and `existing_at_cos_target_bucket_name` input variables." } variable "kms_endpoint_type" { diff --git a/solutions/instances/version.tf b/solutions/instances/version.tf index c65beb4f..88e375d6 100644 --- a/solutions/instances/version.tf +++ b/solutions/instances/version.tf @@ -6,10 +6,6 @@ terraform { source = "ibm-cloud/ibm" version = "1.70.0" } - logdna = { - source = "logdna/logdna" - version = "1.16.0" - } time = { source = "hashicorp/time" version = "0.12.1" diff --git a/tests/pr_test.go b/tests/pr_test.go index 80c9a479..56f5d6f3 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -82,18 +82,14 @@ func TestInstancesInSchematics(t *testing.T) { {Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"}, {Name: "cos_region", Value: region, DataType: "string"}, {Name: "cos_instance_tags", Value: options.Tags, DataType: "list(string)"}, - {Name: "log_analysis_provision", Value: true, DataType: "bool"}, - {Name: "log_analysis_tags", Value: options.Tags, DataType: "list(string)"}, {Name: "cloud_logs_tags", Value: options.Tags, DataType: "list(string)"}, {Name: "enable_platform_logs", Value: false, DataType: "bool"}, {Name: "cloud_monitoring_tags", Value: options.Tags, DataType: "list(string)"}, {Name: "enable_platform_metrics", Value: false, DataType: "bool"}, {Name: "cos_instance_access_tags", Value: permanentResources["accessTags"], DataType: "list(string)"}, - {Name: "archive_bucket_access_tags", Value: permanentResources["accessTags"], DataType: "list(string)"}, {Name: "at_cos_bucket_access_tags", Value: permanentResources["accessTags"], DataType: "list(string)"}, {Name: "cloud_log_data_bucket_access_tag", Value: permanentResources["accessTags"], DataType: "list(string)"}, {Name: "prefix", Value: options.Prefix, DataType: "string"}, - {Name: "enable_at_event_routing_to_log_analysis", Value: true, DataType: "bool"}, } err := options.RunSchematicTest() @@ -111,17 +107,15 @@ func TestRunUpgradeSolutionInstances(t *testing.T) { }) options.TerraformVars = map[string]interface{}{ - "prefix": options.Prefix, - "resource_group_name": options.Prefix, - "cos_instance_access_tags": permanentResources["accessTags"], - "existing_kms_instance_crn": permanentResources["hpcs_south_crn"], - "kms_endpoint_type": "public", - "management_endpoint_type_for_bucket": "public", - "log_analysis_provision": "true", - "log_analysis_service_endpoints": "public-and-private", - "enable_platform_logs": "false", - "enable_platform_metrics": "false", - "enable_at_event_routing_to_log_analysis": "true", + "prefix": options.Prefix, + "resource_group_name": options.Prefix, + "cos_instance_access_tags": permanentResources["accessTags"], + "existing_kms_instance_crn": permanentResources["hpcs_south_crn"], + "kms_endpoint_type": "public", + "management_endpoint_type_for_bucket": "public", + "log_analysis_service_endpoints": "public-and-private", + "enable_platform_logs": "false", + "enable_platform_metrics": "false", } output, err := options.RunTestUpgrade() @@ -261,13 +255,11 @@ func TestRunExistingResourcesInstances(t *testing.T) { ImplicitRequired: false, Region: region, TerraformVars: map[string]interface{}{ + "prefix": prefix, "cos_region": region, "resource_group_name": terraform.Output(t, existingTerraformOptions, "resource_group_name"), "use_existing_resource_group": true, - "log_analysis_provision": true, - "existing_log_archive_cos_bucket_name": terraform.Output(t, existingTerraformOptions, "bucket_name"), "existing_at_cos_target_bucket_name": terraform.Output(t, existingTerraformOptions, "bucket_name_at"), - "existing_log_archive_cos_bucket_endpoint": terraform.Output(t, existingTerraformOptions, "bucket_endpoint"), "existing_at_cos_target_bucket_endpoint": terraform.Output(t, existingTerraformOptions, "bucket_endpoint_at"), "existing_cos_instance_crn": terraform.Output(t, existingTerraformOptions, "cos_crn"), "existing_cloud_logs_data_bucket_crn": terraform.Output(t, existingTerraformOptions, "data_bucket_crn"), @@ -275,16 +267,16 @@ func TestRunExistingResourcesInstances(t *testing.T) { "existing_cloud_logs_metrics_bucket_crn": terraform.Output(t, existingTerraformOptions, "metrics_bucket_crn"), "existing_cloud_logs_metrics_bucket_endpoint": terraform.Output(t, existingTerraformOptions, "metrics_bucket_endpoint"), "existing_en_instance_crn": terraform.Output(t, existingTerraformOptions, "en_crn_1"), - "cloud_logs_existing_en_instances": []map[string]interface{}{ - { - "instance_crn": terraform.Output(t, existingTerraformOptions, "en_crn_2"), - }, - }, - "management_endpoint_type_for_bucket": "public", - "log_analysis_service_endpoints": "public", - "enable_platform_metrics": "false", - "enable_at_event_routing_to_log_analysis": "true", - "enable_platform_logs": "false", + // temporarily disabled until https://github.ibm.com/GoldenEye/issues/issues/11159 is resolved + // "cloud_logs_existing_en_instances": []map[string]interface{}{ + // { + // "instance_crn": terraform.Output(t, existingTerraformOptions, "en_crn_2"), + // "integration_name": "en-2", + // }, + // }, + "management_endpoint_type_for_bucket": "public", + "enable_platform_metrics": "false", + "enable_platform_logs": "false", }, }) @@ -302,6 +294,7 @@ func TestRunExistingResourcesInstances(t *testing.T) { // Do not hard fail the test if the implicit destroy steps fail to allow a full destroy of resource to occur ImplicitRequired: false, TerraformVars: map[string]interface{}{ + "prefix": prefix, "cos_region": region, "resource_group_name": terraform.Output(t, existingTerraformOptions, "resource_group_name"), "use_existing_resource_group": true, @@ -309,9 +302,8 @@ func TestRunExistingResourcesInstances(t *testing.T) { "kms_endpoint_type": "public", "existing_cos_instance_crn": terraform.Output(t, existingTerraformOptions, "cos_crn"), "management_endpoint_type_for_bucket": "public", - "log_analysis_provision": "true", - "log_analysis_service_endpoints": "public", "enable_platform_metrics": "false", + "enable_platform_logs": "false", }, }) diff --git a/tests/resources/main.tf b/tests/resources/main.tf index 9465dd0e..0a071416 100644 --- a/tests/resources/main.tf +++ b/tests/resources/main.tf @@ -80,12 +80,8 @@ locals { } module "observability_instances" { - source = "terraform-ibm-modules/observability-instances/ibm" - version = "2.19.1" - providers = { - logdna.at = logdna.at - logdna.ld = logdna.ld - } + source = "terraform-ibm-modules/observability-instances/ibm" + version = "3.0.2" resource_group_id = local.cluster_resource_group_id region = var.region cloud_monitoring_plan = "graduated-tier" diff --git a/tests/resources/provider.tf b/tests/resources/provider.tf index bb22ddff..df45ef50 100644 --- a/tests/resources/provider.tf +++ b/tests/resources/provider.tf @@ -2,19 +2,3 @@ provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region } - -locals { - at_endpoint = "https://api.private.${var.region}.logging.cloud.ibm.com" -} - -provider "logdna" { - alias = "at" - servicekey = module.observability_instances.activity_tracker_resource_key != null ? module.observability_instances.activity_tracker_resource_key : "" - url = local.at_endpoint -} - -provider "logdna" { - alias = "ld" - servicekey = module.observability_instances.log_analysis_resource_key != null ? module.observability_instances.log_analysis_resource_key : "" - url = local.at_endpoint -} diff --git a/tests/resources/version.tf b/tests/resources/version.tf index 025cee21..050d0fcc 100644 --- a/tests/resources/version.tf +++ b/tests/resources/version.tf @@ -5,9 +5,5 @@ terraform { source = "ibm-cloud/ibm" version = ">= 1.49.0, < 2.0.0" } - logdna = { - source = "logdna/logdna" - version = ">= 1.14.2" - } } }