feat: added the ability to optionally specify resource group in the `…

…block_storage_volumes` variable. If not specified, it will use the value of the `resource_group_id` variable. Previously it was defaulting to the Default namespace. (#507)
terraform-ibm-modules · Aug 18, 2023 · 9ea08ab · 9ea08ab
1 parent 2029707
commit 9ea08ab
Show file tree

Hide file tree

Showing 6 changed files with 22 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -149,7 +149,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_access_tags"></a> [access\_tags](#input\_access\_tags) | A list of access tags to apply to the VSI resources created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. | `list(string)` | `[]` | no |
 | <a name="input_allow_ip_spoofing"></a> [allow\_ip\_spoofing](#input\_allow\_ip\_spoofing) | Allow IP spoofing on the primary network interface | `bool` | `false` | no |
-| <a name="input_block_storage_volumes"></a> [block\_storage\_volumes](#input\_block\_storage\_volumes) | List describing the block storage volumes that will be attached to each vsi | <pre>list(<br>    object({<br>      name           = string<br>      profile        = string<br>      capacity       = optional(number)<br>      iops           = optional(number)<br>      encryption_key = optional(string)<br>    })<br>  )</pre> | `[]` | no |
+| <a name="input_block_storage_volumes"></a> [block\_storage\_volumes](#input\_block\_storage\_volumes) | List describing the block storage volumes that will be attached to each vsi | <pre>list(<br>    object({<br>      name              = string<br>      profile           = string<br>      capacity          = optional(number)<br>      iops              = optional(number)<br>      encryption_key    = optional(string)<br>      resource_group_id = optional(string)<br>    })<br>  )</pre> | `[]` | no |
 | <a name="input_boot_volume_encryption_key"></a> [boot\_volume\_encryption\_key](#input\_boot\_volume\_encryption\_key) | CRN of boot volume encryption key | `string` | `null` | no |
 | <a name="input_create_security_group"></a> [create\_security\_group](#input\_create\_security\_group) | Create security group for VSI. If this is passed as false, the default will be used | `bool` | n/a | yes |
 | <a name="input_enable_floating_ip"></a> [enable\_floating\_ip](#input\_enable\_floating\_ip) | Create a floating IP for each virtual server created | `bool` | `false` | no |
@@ -159,7 +159,7 @@ No modules.
 | <a name="input_load_balancers"></a> [load\_balancers](#input\_load\_balancers) | Load balancers to add to VSI | <pre>list(<br>    object({<br>      name              = string<br>      type              = string<br>      listener_port     = number<br>      listener_protocol = string<br>      connection_limit  = number<br>      algorithm         = string<br>      protocol          = string<br>      health_delay      = number<br>      health_retries    = number<br>      health_timeout    = number<br>      health_type       = string<br>      pool_member_port  = string<br>      security_group = optional(<br>        object({<br>          name = string<br>          rules = list(<br>            object({<br>              name      = string<br>              direction = string<br>              source    = string<br>              tcp = optional(<br>                object({<br>                  port_max = number<br>                  port_min = number<br>                })<br>              )<br>              udp = optional(<br>                object({<br>                  port_max = number<br>                  port_min = number<br>                })<br>              )<br>              icmp = optional(<br>                object({<br>                  type = number<br>                  code = number<br>                })<br>              )<br>            })<br>          )<br>        })<br>      )<br>    })<br>  )</pre> | `[]` | no |
 | <a name="input_machine_type"></a> [machine\_type](#input\_machine\_type) | VSI machine type. Run 'ibmcloud is instance-profiles' to get a list of regional profiles | `string` | n/a | yes |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | The IBM Cloud platform API key needed to deploy IAM enabled resources | `string` | n/a | yes |
-| <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | id of resource group to create VPC | `string` | n/a | yes |
+| <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | ID of resource group to create VSI and block storage volumes. If you wish to create the block storage volumes in a different resource group, you can optionally set that directly in the 'block\_storage\_volumes' variable. | `string` | n/a | yes |
 | <a name="input_secondary_allow_ip_spoofing"></a> [secondary\_allow\_ip\_spoofing](#input\_secondary\_allow\_ip\_spoofing) | Allow IP spoofing on additional network interfaces | `bool` | `false` | no |
 | <a name="input_secondary_floating_ips"></a> [secondary\_floating\_ips](#input\_secondary\_floating\_ips) | List of secondary interfaces to add floating ips | `list(string)` | `[]` | no |
 | <a name="input_secondary_security_groups"></a> [secondary\_security\_groups](#input\_secondary\_security\_groups) | IDs of additional security groups to be added to VSI deployment secondary interfaces. A VSI interface can have a maximum of 5 security groups. | <pre>list(<br>    object({<br>      security_group_id = string<br>      interface_name    = string<br>    })<br>  )</pre> | `[]` | no |

diff --git a/module-metadata.json b/module-metadata.json
@@ -35,7 +35,7 @@
     },
     "block_storage_volumes": {
       "name": "block_storage_volumes",
-      "type": "list(\n    object({\n      name           = string\n      profile        = string\n      capacity       = optional(number)\n      iops           = optional(number)\n      encryption_key = optional(string)\n    })\n  )",
+      "type": "list(\n    object({\n      name              = string\n      profile           = string\n      capacity          = optional(number)\n      iops              = optional(number)\n      encryption_key    = optional(string)\n      resource_group_id = optional(string)\n    })\n  )",
       "description": "List describing the block storage volumes that will be attached to each vsi",
       "default": [],
       "source": [
@@ -127,7 +127,7 @@
       "default": [],
       "pos": {
         "filename": "variables.tf",
-        "line": 225
+        "line": 226
       }
     },
     "machine_type": {
@@ -164,7 +164,7 @@
     "resource_group_id": {
       "name": "resource_group_id",
       "type": "string",
-      "description": "id of resource group to create VPC",
+      "description": "ID of resource group to create VSI and block storage volumes. If you wish to create the block storage volumes in a different resource group, you can optionally set that directly in the 'block_storage_volumes' variable.",
       "required": true,
       "source": [
         "ibm_is_instance.vsi.resource_group",
@@ -186,7 +186,7 @@
       "default": false,
       "pos": {
         "filename": "variables.tf",
-        "line": 391
+        "line": 392
       }
     },
     "secondary_floating_ips": {
@@ -199,7 +199,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 380
+        "line": 381
       }
     },
     "secondary_security_groups": {
@@ -209,7 +209,7 @@
       "default": [],
       "pos": {
         "filename": "variables.tf",
-        "line": 359
+        "line": 360
       }
     },
     "secondary_subnets": {
@@ -219,7 +219,7 @@
       "default": [],
       "pos": {
         "filename": "variables.tf",
-        "line": 340
+        "line": 341
       }
     },
     "secondary_use_vsi_security_group": {
@@ -229,7 +229,7 @@
       "default": false,
       "pos": {
         "filename": "variables.tf",
-        "line": 353
+        "line": 354
       }
     },
     "security_group": {
@@ -600,7 +600,7 @@
       },
       "pos": {
         "filename": "storage.tf",
-        "line": 41
+        "line": 42
       }
     },
     "time_sleep.wait_for_authorization_policy": {

diff --git a/profiles/fscloud/README.md b/profiles/fscloud/README.md
@@ -35,7 +35,7 @@ No resources.
 | <a name="input_load_balancers"></a> [load\_balancers](#input\_load\_balancers) | Load balancers to add to VSI | <pre>list(<br>    object({<br>      name              = string<br>      type              = string<br>      listener_port     = number<br>      listener_protocol = string<br>      connection_limit  = number<br>      algorithm         = string<br>      protocol          = string<br>      health_delay      = number<br>      health_retries    = number<br>      health_timeout    = number<br>      health_type       = string<br>      pool_member_port  = string<br>      security_group = optional(<br>        object({<br>          name = string<br>          rules = list(<br>            object({<br>              name      = string<br>              direction = string<br>              source    = string<br>              tcp = optional(<br>                object({<br>                  port_max = number<br>                  port_min = number<br>                })<br>              )<br>              udp = optional(<br>                object({<br>                  port_max = number<br>                  port_min = number<br>                })<br>              )<br>              icmp = optional(<br>                object({<br>                  type = number<br>                  code = number<br>                })<br>              )<br>            })<br>          )<br>        })<br>      )<br>    })<br>  )</pre> | `[]` | no |
 | <a name="input_machine_type"></a> [machine\_type](#input\_machine\_type) | VSI machine type. Run 'ibmcloud is instance-profiles' to get a list of regional profiles | `string` | n/a | yes |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | The prefix that you would like to append to your resources | `string` | n/a | yes |
-| <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | id of resource group to create VPC | `string` | n/a | yes |
+| <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | ID of resource group to create VSI and block storage volumes. If you wish to create the block storage volumes in a different resource group, you can optionally set that directly in the 'block\_storage\_volumes' variable. | `string` | n/a | yes |
 | <a name="input_security_group"></a> [security\_group](#input\_security\_group) | Security group created for VSI | <pre>object({<br>    name = string<br>    rules = list(<br>      object({<br>        name      = string<br>        direction = string<br>        source    = string<br>        tcp = optional(<br>          object({<br>            port_max = number<br>            port_min = number<br>          })<br>        )<br>        udp = optional(<br>          object({<br>            port_max = number<br>            port_min = number<br>          })<br>        )<br>        icmp = optional(<br>          object({<br>            type = number<br>            code = number<br>          })<br>        )<br>      })<br>    )<br>  })</pre> | n/a | yes |
 | <a name="input_security_group_ids"></a> [security\_group\_ids](#input\_security\_group\_ids) | IDs of additional security groups to be added to VSI deployment primary interface. A VSI interface can have a maximum of 5 security groups. | `list(string)` | `[]` | no |
 | <a name="input_skip_iam_authorization_policy"></a> [skip\_iam\_authorization\_policy](#input\_skip\_iam\_authorization\_policy) | Set to true to skip the creation of an IAM authorization policy that permits all Storage Blocks to read the encryption key from the KMS instance. If set to false, pass in a value for the KMS instance in the existing\_kms\_instance\_guid variable. In addition, no policy is created if var.kms\_encryption\_enabled is set to false. | `bool` | `false` | no |

diff --git a/profiles/fscloud/variables.tf b/profiles/fscloud/variables.tf
@@ -3,7 +3,7 @@
 ##############################################################################
 
 variable "resource_group_id" {
-  description = "id of resource group to create VPC"
+  description = "ID of resource group to create VSI and block storage volumes. If you wish to create the block storage volumes in a different resource group, you can optionally set that directly in the 'block_storage_volumes' variable."
   type        = string
 }
 

diff --git a/storage.tf b/storage.tf
@@ -20,6 +20,7 @@ locals {
           vsi_name       = "${var.prefix}-${(subnet) * (var.vsi_per_subnet) + count + 1}"
           iops           = volume.iops
           encryption_key = var.kms_encryption_enabled ? var.boot_volume_encryption_key : volume.encryption_key
+          resource_group = volume.resource_group_id != null ? volume.resource_group_id : var.resource_group_id
         }
       ]
     ]
@@ -46,6 +47,7 @@ resource "ibm_is_volume" "volume" {
   iops           = each.value.iops
   capacity       = each.value.capacity
   encryption_key = each.value.encryption_key
+  resource_group = each.value.resource_group
   tags           = var.tags
   access_tags    = var.access_tags
 }

diff --git a/variables.tf b/variables.tf
@@ -3,7 +3,7 @@
 ##############################################################################
 
 variable "resource_group_id" {
-  description = "id of resource group to create VPC"
+  description = "ID of resource group to create VSI and block storage volumes. If you wish to create the block storage volumes in a different resource group, you can optionally set that directly in the 'block_storage_volumes' variable."
   type        = string
 }
 
@@ -207,11 +207,12 @@ variable "block_storage_volumes" {
   description = "List describing the block storage volumes that will be attached to each vsi"
   type = list(
     object({
-      name           = string
-      profile        = string
-      capacity       = optional(number)
-      iops           = optional(number)
-      encryption_key = optional(string)
+      name              = string
+      profile           = string
+      capacity          = optional(number)
+      iops              = optional(number)
+      encryption_key    = optional(string)
+      resource_group_id = optional(string)
     })
   )
   default = []