feat: added support to specify the exact IBM Cloud Monitoring instance to monitoring the Object Storage bucket when enabling failed events in the DA using new input existing_monitoring_crn (#446)

Author: whoffler

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2025-05-07T17:56:08Z",
+  "generated_at": "2025-05-12T16:40:05Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -92,7 +92,7 @@
         "hashed_secret": "99046450b7d19bfd57bfe3773719f57af84c7f12",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 91,
+        "line_number": 92,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -102,7 +102,7 @@
         "hashed_secret": "99046450b7d19bfd57bfe3773719f57af84c7f12",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 67,
+        "line_number": 68,
         "type": "Secret Keyword",
         "verified_result": null
       }

ibm_catalog.json

@@ -126,6 +126,9 @@
               "key": "kms_endpoint_url",
               "required": true
             },
+            {
+              "key": "existing_monitoring_crn"
+            },
             {
               "key": "event_notifications_instance_name"
             },
@@ -303,6 +306,9 @@
                 }
               ]
             },
+            {
+              "key": "existing_monitoring_crn"
+            },
             {
               "key": "event_notifications_instance_name"
             },

solutions/fully-configurable/README.md

@@ -75,6 +75,7 @@ When `existing_en_instance_crn` is passed, this solution ignores ALL other input
 | <a name="input_existing_event_notifications_instance_crn"></a> [existing\_event\_notifications\_instance\_crn](#input\_existing\_event\_notifications\_instance\_crn) | The CRN of existing Event Notifications instance. If not supplied, a new instance is created. | `string` | `null` | no |
 | <a name="input_existing_kms_instance_crn"></a> [existing\_kms\_instance\_crn](#input\_existing\_kms\_instance\_crn) | The CRN of the KMS instance (Hyper Protect Crypto Services or Key Protect instance). If the KMS instance is in different account you must also provide a value for `ibmcloud_kms_api_key`. To use an existing kms instance you must also provide a value for 'kms\_endpoint\_url' and 'existing\_kms\_root\_key\_crn' should be null. A value should not be passed passing existing EN instance using the `existing_event_notifications_instance_crn` input. | `string` | `null` | no |
 | <a name="input_existing_kms_root_key_crn"></a> [existing\_kms\_root\_key\_crn](#input\_existing\_kms\_root\_key\_crn) | The key CRN of a root key which will be used to encrypt the data. To use an existing key you must also provide a value for 'kms\_endpoint\_url' and 'existing\_kms\_instance\_crn' should be null. If no value passed, a new key will be created in the instance provided in the `existing_kms_instance_crn` input. | `string` | `null` | no |
+| <a name="input_existing_monitoring_crn"></a> [existing\_monitoring\_crn](#input\_existing\_monitoring\_crn) | The CRN of an IBM Cloud Monitoring instance used to monitor the IBM Cloud Object Storage bucket that is used for storing failed events. If no value passed, metrics are sent to the instance associated to the container's location unless otherwise specified in the Metrics Router service configuration. | `string` | `null` | no |
 | <a name="input_existing_resource_group_name"></a> [existing\_resource\_group\_name](#input\_existing\_resource\_group\_name) | The name of an existing resource group to provision the resources. | `string` | `"Default"` | no |
 | <a name="input_existing_secrets_manager_endpoint_type"></a> [existing\_secrets\_manager\_endpoint\_type](#input\_existing\_secrets\_manager\_endpoint\_type) | The endpoint type to use if `existing_secrets_manager_instance_crn` is specified. Possible values: public, private. | `string` | `"private"` | no |
 | <a name="input_existing_secrets_manager_instance_crn"></a> [existing\_secrets\_manager\_instance\_crn](#input\_existing\_secrets\_manager\_instance\_crn) | The CRN of existing secrets manager to use to create service credential secrets for Event Notification instance. | `string` | `null` | no |

solutions/fully-configurable/main.tf

@@ -219,7 +219,10 @@ locals {
     storage_class                 = var.cos_bucket_class
     resource_instance_id          = var.existing_cos_instance_crn
     region_location               = local.cos_bucket_region
-    force_delete                  = true
+    metrics_monitoring = {
+      metrics_monitoring_crn = var.existing_monitoring_crn
+    }
+    force_delete = true
   }]
 }
 

solutions/fully-configurable/variables.tf

@@ -30,6 +30,13 @@ variable "region" {
   default     = "us-south"
 }
 
+variable "existing_monitoring_crn" {
+  type        = string
+  nullable    = true
+  default     = null
+  description = "The CRN of an IBM Cloud Monitoring instance used to monitor the IBM Cloud Object Storage bucket that is used for storing failed events. If no value passed, metrics are sent to the instance associated to the container's location unless otherwise specified in the Metrics Router service configuration."
+}
+
 variable "prefix" {
   type        = string
   description = "Prefix to add to all resources created by this solution. To not use any prefix value, you can set this value to `null` or an empty string."

solutions/security-enforced/README.md

@@ -56,6 +56,7 @@ No resources.
 | <a name="input_existing_event_notifications_instance_crn"></a> [existing\_event\_notifications\_instance\_crn](#input\_existing\_event\_notifications\_instance\_crn) | The CRN of existing Event Notifications instance. If not supplied, a new instance is created. | `string` | `null` | no |
 | <a name="input_existing_kms_instance_crn"></a> [existing\_kms\_instance\_crn](#input\_existing\_kms\_instance\_crn) | The CRN of the KMS instance (Hyper Protect Crypto Services or Key Protect instance). If the KMS instance is in different account you must also provide a value for `ibmcloud_kms_api_key`. To use an existing kms instance you must also provide a value for 'kms\_endpoint\_url' and 'existing\_kms\_root\_key\_crn' should be null. A value should not be passed passing existing EN instance using the `existing_event_notifications_instance_crn` input. | `string` | `null` | no |
 | <a name="input_existing_kms_root_key_crn"></a> [existing\_kms\_root\_key\_crn](#input\_existing\_kms\_root\_key\_crn) | The key CRN of a root key which will be used to encrypt the data. To use an existing key you must also provide a value for 'kms\_endpoint\_url' and 'existing\_kms\_instance\_crn' should be null. If no value passed, a new key will be created in the instance provided in the `existing_kms_instance_crn` input. | `string` | `null` | no |
+| <a name="input_existing_monitoring_crn"></a> [existing\_monitoring\_crn](#input\_existing\_monitoring\_crn) | The CRN of an IBM Cloud Monitoring instance used to monitor the IBM Cloud Object Storage bucket that is used for storing failed events. If no value passed, metrics are sent to the instance associated to the container's location unless otherwise specified in the Metrics Router service configuration. | `string` | `null` | no |
 | <a name="input_existing_resource_group_name"></a> [existing\_resource\_group\_name](#input\_existing\_resource\_group\_name) | The name of an existing resource group to provision the resources. | `string` | `"Default"` | no |
 | <a name="input_existing_secrets_manager_instance_crn"></a> [existing\_secrets\_manager\_instance\_crn](#input\_existing\_secrets\_manager\_instance\_crn) | The CRN of existing secrets manager to use to create service credential secrets for Event Notification instance. | `string` | `null` | no |
 | <a name="input_ibmcloud_api_key"></a> [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | The API key to use for IBM Cloud. | `string` | n/a | yes |

solutions/security-enforced/main.tf

@@ -5,6 +5,7 @@ module "event_notifications" {
   ibmcloud_api_key                          = var.ibmcloud_api_key
   provider_visibility                       = "private"
   region                                    = var.region
+  existing_monitoring_crn                   = var.existing_monitoring_crn
   prefix                                    = var.prefix
   service_credential_names                  = var.service_credential_names
   event_notifications_instance_name         = var.event_notifications_instance_name

solutions/security-enforced/variables.tf

@@ -20,6 +20,13 @@ variable "region" {
   default     = "us-south"
 }
 
+variable "existing_monitoring_crn" {
+  type        = string
+  nullable    = true
+  default     = null
+  description = "The CRN of an IBM Cloud Monitoring instance used to monitor the IBM Cloud Object Storage bucket that is used for storing failed events. If no value passed, metrics are sent to the instance associated to the container's location unless otherwise specified in the Metrics Router service configuration."
+}
+
 variable "prefix" {
   type        = string
   description = "Prefix to add to all resources created by this solution. To not use any prefix value, you can set this value to `null` or an empty string."