terraform-ibm-modules
diff --git a/‎.github/workflows/test.yml‎
Lines changed: 48 additions & 0 deletions b/‎.github/workflows/test.yml‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 4 additions & 3 deletions b/‎README.md‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎examples/activity-tracker-logdna-instance/README.md‎
Lines changed: 8 additions & 0 deletions b/‎examples/activity-tracker-logdna-instance/README.md‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎examples/logging-logdna-hippa-instance/README.md‎
Lines changed: 13 additions & 0 deletions b/‎examples/logging-logdna-hippa-instance/README.md‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎examples/logging-logdna-hippa-instance/variables.tf‎
Lines changed: 5 additions & 2 deletions b/‎examples/logging-logdna-hippa-instance/variables.tf‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎examples/logging-logdna-instance/README.md‎
Lines changed: 17 additions & 1 deletion b/‎examples/logging-logdna-instance/README.md‎
Lines changed: 17 additions & 1 deletion
diff --git a/‎examples/logging-logdna-instance/variables.tf‎
Lines changed: 5 additions & 2 deletions b/‎examples/logging-logdna-instance/variables.tf‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎examples/sysdig-downtime-alert/README.md‎
Lines changed: 8 additions & 6 deletions b/‎examples/sysdig-downtime-alert/README.md‎
Lines changed: 8 additions & 6 deletions
diff --git a/‎examples/sysdig-iam-integration/README.md‎
Lines changed: 83 additions & 44 deletions b/‎examples/sysdig-iam-integration/README.md‎
Lines changed: 83 additions & 44 deletions
@@ -0,0 +1,48 @@
+name: "test-scheduler"
+
+on:
+  workflow_dispatch:
+
+
+  schedule:
+    - cron:  '*/30 5 * * *'    # triggers the workflow every day at 5:30 UTC
+
+# ┌───────────── minute (0 - 59)
+# │ ┌───────────── hour (0 - 23)
+# │ │ ┌───────────── day of the month (1 - 31)
+# │ │ │ ┌───────────── month (1 - 12 or JAN-DEC)
+# │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
+# │ │ │ │ │
+# │ │ │ │ │
+# │ │ │ │ │
+# * * * * *
+
+jobs:
+  continuous-tests:
+    name: Run Test cases
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: checkout                      # action checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it.
+        uses: actions/checkout@v2
+
+      - uses: actions/setup-go@v2
+        with:
+          go-version: 1.15
+
+      - name: Install dependencies
+        run: |
+         go get -u "github.com/gruntwork-io/terratest/modules/random"
+         go get -u "github.com/gruntwork-io/terratest/modules/terraform"
+
+      -
+        name: setup terraform
+        uses: hashicorp/setup-terraform@v1  # sets up Terraform CLI in your GitHub Actions workflow
+        with:
+          terraform_version: 0.13.0
+
+      - name: Run Test
+        working-directory: test
+        run: go test -v ./...
+        env:
+          IC_API_KEY: ${{ secrets.ACCESS_KEY }}
@@ -1,9 +1,10 @@
 # IBM Cloud Observability - Terraform Module
 
 This is a collection of modules that make it easier to provision observability services like logging, monitor and activity tracker on IBM Cloud Platform:
-* [logging-logdna](modules/logging-logdna)
-* [monitoring-sysdig](modules/monitoring-sysdig)
-* [activity-tracker-logdna](modules/activity-tracker-logdna)
+
+* logging-logdna
+* monitoring-sysdig
+* activity-tracker-logdna
 
 ## Compatibility
 
 
@@ -46,4 +46,12 @@ module "activity-tracker_instance" {
 
 NOTE: We can set the create, update and delete timeouts as string. For e.g say we want to set 15 minutes timeout then the value should be "15m".
 
+## Usage
 
+To create an infrastructure run the following command
+
+  `terraform apply -var-file="input.tfvars"`
+
+Similarly to remove an infrastructure run the following command
+
+   `terraform destroy -var-file="input.tfvars"`
@@ -45,3 +45,16 @@ module "logdna_instance" {
 | tags               | Tags that should be applied to the service                       | list(string) | n/a     | no       |
 | resource_key_tags  | Tags that should be applied to the resource key                  | list(string) | n/a     | no       |
 
+## NOTE
+
+To attach a key to logdna instance enable it by setting `bind_resource_key` argument to true (which is by default false). And set the `resource_key_name` and `role` parameters accordingly (which are by deafult empty) in variables.tf file.
+
+## Usage
+
+To create an infrastructure run the following command
+
+  `terraform apply`
+
+Similarly to remove an infrastructure run the following command
+
+   `terraform destroy`
@@ -4,8 +4,9 @@
 #####################################################
 
 variable "bind_resource_key" {
-  description = "Bool(0/1) Flag indicating that logdna instance key should be bind to logdna instance"
+  description = "Flag indicating that key should be bind to logdna hippa instance"
   type        = bool
+  default     = false
 }
 
 variable "service_name" {
@@ -45,11 +46,13 @@ variable "resource_key_tags" {
 variable "resource_key_name" {
   description = "Name of the instance key"
   type        = string
+  default     = ""
 }
 
 variable "role" {
-  description = "plan type"
+  description = "Type of role"
   type        = string
+  default     = ""
 }
 
 variable "resource_group" {
 
@@ -53,4 +53,20 @@ module "logdna_instance" {
 | delete_timeout     | Timeout duration for delete                                      | string       | n/a     | no       |
 
 
-NOTE: We can set the create, update and delete timeouts as string. For e.g say we want to set 15 minutes timeout then the value should be "15m".
+## NOTE:
+
+We can set the create, update and delete timeouts as string. For e.g say we want to set 15 minutes timeout then the value should be "15m".
+
+## NOTE
+
+To attach a key to logdna instance enable it by setting `bind_resource_key` argument to true (which is by default false). And set the `resource_key_name` and `role` parameters accordingly (which are by deafult empty) in variables.tf file.
+
+## Usage
+
+To create an infrastructure run the following command
+
+  `terraform apply -var-file="input.tfvars"`
+
+Similarly to remove an infrastructure run the following command
+
+   `terraform destroy -var-file="input.tfvars"`
@@ -4,8 +4,9 @@
 #####################################################
 
 variable "bind_resource_key" {
-  description = "Flag(0/1) indicating that logdna instance key should be bind to logdna instance"
+  description = "Flag indicating that key should be bind to logdna instance"
   type        = bool
+  default     = false
 }
 
 variable "service_name" {
@@ -69,11 +70,13 @@ variable "resource_key_tags" {
 variable "resource_key_name" {
   description = "Name of the instance key"
   type        = string
+  default     = ""
 }
 
 variable "role" {
-  description = "plan type"
+  description = "Type of role"
   type        = string
+  default     = ""
 }
 
 variable "resource_group" {
 
@@ -39,14 +39,16 @@ resource "sysdig_monitor_alert_downtime" "sample" {
 | trigger_time        | Threshold of time for status to stabilize until alert is fired.  | number       | n/a     | yes      |
 | pct                 | Below of this percentage of downtime the alert will be triggered.| number       | 100     | no       |
 
-## To Create
+## Note
 
-terraform apply -var-file="input.tfvars"
+All optional fields are given value `null` in varaible.tf file. User can configure the same by overwriting with appropriate values.
 
-## To Destroy
+## Usage
 
-terraform destroy -var-file="input.tfvars"
+To create an infrastructure run the following command
 
-## Note
+  `terraform apply -var-file="input.tfvars"`
+
+Similarly to remove an infrastructure run the following command
 
-All optional fields are given value `null` in varaible.tf file. User can configure the same by overwriting with appropriate values.
+   `terraform destroy -var-file="input.tfvars"`
@@ -2,70 +2,109 @@
 
 This module is used to grant a user or service ID permissions to work with the IBM Cloud Monitoring with Sysdig service:
 
+
 ## Example Usage
 ```
 provider "ibm" {
 }
 
 module "access_group" {
-  source  = "terraform-ibm-modules/iam/ibm//modules/access-group"
+  // Uncomment following line to point the source to registry level module
+  //source = "terraform-ibm-modules/iam/ibm//modules/access-group"
 
-  name         = var.name
-  tags         = var.ag_tags
-  description  = var.description
-}
+  source = "../../modules/access-group"
 
-module "access_group_policy" {
-  source               = "terraform-ibm-modules/iam/ibm//modules/access-group-policy"
-  access_group_id      = module.access_group.access_group_id
-  roles                = var.roles
-  tags                 = var.ag_policy_tags
-  resources            = var.resources
-  account_management   = var.account_management
-}
+  ######### access group ######################
+  name        = var.name
+  tags        = var.tags
+  description = var.description
+  provision   = var.provision
+
+  ######### access group members ##############
+  ibm_ids     = var.ibm_ids
+  service_ids = var.service_ids
+
+  ######### access group policy ###############
+  policies = var.policies
 
-module "access_group_members" {
-  source            = "terraform-ibm-modules/iam/ibm//modules/access-group-members"
-  access_group_id   = module.access_group.access_group_id
-  ibm_ids           = var.ibm_ids
-  service_ids       = var.service_ids
+  ######### access group dynamic rule #########
+  dynamic_rules = var.dynamic_rules
 }
+
 ```
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## NOTE:
+
+If we want to make use of a particular version of module, then set the argument "version" to respective module version.
+
 ## Inputs
 
+| Name                      | Description                                                      | Type         | Default | Required |
+|---------------------------|------------------------------------------------------------------|:-------------|:------- |:---------|
+| name                      | A descriptive name used to identify the access group             | string       | n/a     | yes      |
+| provision                 | Used to decide whether to create a new access group or not       | bool         | true    | no       |
+| description               | The description of the access group.                             | string       | n/a     | no       |
+| tags                      | Tags that should be applied to the service                       | list(string) | n/a     | no       |
+| service_ids               | List of service IDS add to  access group.                        | string       | n/a     | no       |
+| ibm_ids                   | IBM IDs that you want to add to or remove from the access group. | list(string) | n/a     | no       |
+| policies                  | List of access group of policies.                                | list(any)    | n/a     | yes      |
+| dynamic_rules             | List of dynamic rules to add to access group.                    | list(any)    | n/a     | yes      |
+
+
+## policies inputs
+
+| Name                | Description                                                      | Type         | Default | Required |
+|---------------------|------------------------------------------------------------------|:-------------|:------- :--------- |
+| roles               | list of roles.                                                   | list(string) | n/a     | yes      |
+| tags                | list of tags that you want to add to the access group policy.    | list(string) | n/a     | no       |
+| account_management  | Gives access to all account management services if set to true   | bool         | false   | no       |
+| resources           | A nested block describes the resource of this policy             | string       | n/a     | no       |
+| resource_attributes | A nested block describes the resource attributes of the policy   | string       | n/a     | no       |
+
+
+## resources inputs
+
+| Name                          | Description                                                      | Type         | Default | Required|
+|-------------------------------|------------------------------------------------------------------|:-------------|:------- :---------|
+| service                       | service name that you want to include in your policy definition  | string       | n/a     | no      |
+| resource_instance_id          | ID of resource instance of the policy definition.                | string       | n/a     | no      |
+| region                        | Region of the policy definition                                  | string       | n/a     | no      |
+| resource_type                 | Resource type of the policy definition.                          | string       | n/a     | no      |
+| resource                      | Resource of the policy definition.                               | string       | n/a     | no      |
+| resource_group_id             | ID of the resource group                                         | string       | n/a     | no      |
+| attributes                    | Set resource attributes in the form of name=value,name=value     | string       | n/a     | no      |
+
+## resource_attributes inputs
+
+| Name                          | Description                                                      | Type    | Default     | Required|
+|-------------------------------|------------------------------------------------------------------|:--------|:------------|:--------|
+| name                          | Name of the Attribute.                                           | string  | n/a         | yes     |
+| value                         | Value of the Attribute.                                          | string  | n/a         | yes     |
+| operator                      | Operator of the Attribute                                        | string  | stringEquals| no      |
+
+## dynamic_rules inputs
+
+| name                 | Key of a map taken as name of the rule                                 | string       | n/a     | yes      |
+| expiration           | The expiration in hours.                                               | number       | n/a     | yes      |
+| identity_provider    | URI for your identity provider..                                       | string       | n/a     | yes      |
+| conditions           | A nested block containes list of conditions that the rule must satisfy | list(map)    | n/a     | yes      |
+
+## conditions Inputs
+
+| Name                 | Description                                                      | Type     | Default | Required |
+|----------------------|------------------------------------------------------------------|----------|---------|----------|
+| claim                | The key value to evaluate the condition against.                 | String   | n/a     | yes      |
+| operator             | The operation to perform on the claim.                           | String   | n/a     | yes      |
+| value                | Value that the claim is compared by using the conditions.operator| String   | n/a     | yes      |
 
-| Name               | Description                                                      | Type         | Default | Required |
-|--------------------|------------------------------------------------------------------|:-------------|:------- |:---------|
-| name               | A descriptive name used to identify the access group             | string       | n/a     | yes      |
-| description        | The description of the access group.                             | string       | n/a     | no       |
-| ag_tags            | Tags that should be applied to the service                       | list(string) | n/a     | no       |
-| roles              | list of roles.                                                   | list(string) | n/a     | yes      |
-| ag_policy_tags     | list of tags that you want to add to the access group policy.    | list(string) | n/a     | no       |
-| account_management | Gives access to all account management services if set to true   | bool         | false   | no       |
-| resources          | A nested block describes the resource of this policy             | string       | n/a     | no       |
-| service_ids        | List of service IDS add to  access group.                        | string       | n/a     | no       |
-| ibm_ids            | IBM IDs that you want to add to or remove from the access group. | list(string) | n/a     | no       |
-
-## Resources Inputs
-
-| Name                          | Description                                                      | Type         | Default | Required |
-|-------------------------------|------------------------------------------------------------------|:-------------|:------- |:---------|
-| service                       | service name that you want to include in your policy definition  | string       | n/a     | no       |
-| resource_instance_id          | ID of resource instance of the policy definition.                | string       | n/a     | no       |
-| region                        | Region of the policy definition                                  | string       | n/a     | no       |
-| resource_type                 | Resource type of the policy definition.                          | string       | n/a     | no       |
-| resource                      | Resource of the policy definition.                               | string       | n/a     | no       |
-| resource_group_id             | ID of the resource group                                         | string       | n/a     | no       |
-| attributes                    | Set resource attributes in the form of name=value,name=value     | string       | n/a     | no       |
+Note: For more information on input varaibles refer https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_access_group_policy
 
 ## Usage
 
-To create access members group run the following command
+To create an infrastructure run the following command
 
   `terraform apply -var-file="input.tfvars"`
 
-Similarly to to remove the access group members run the command
+Similarly to remove an infrastructure run the following command
 
    `terraform destroy -var-file="input.tfvars"`