$ terraform version
Terraform v1.4.5
on darwin_arm64
+ provider registry.terraform.io/hashicorp/random v3.5.1
+ provider registry.terraform.io/ibm-cloud/ibm v1.53.0-beta0
+ provider registry.terraform.io/logdna/logdna v1.14.2
provider.tf
terraform {
required_providers {
ibm = {
source = "IBM-Cloud/ibm"
version = "1.53.0-beta0"
}
logdna = {
source = "logdna/logdna"
version = "1.14.2"
}
}
}
provider "ibm" {
region = var.region
}Here is what I used to test.
module.observability_instances.logdna_ingestion_keyis a sensitive value by default.- I also used the CRN of a VPC instance that was part of the same deploynent to pass in to the templatefile function.
Since logdna_ingestion_key is sensitive by default, I figured a good way to test was with some random attribute from another resource I knew wouldn't be marked as sensitive by default.
main.tf
resource "ibm_compute_vm_instance" "classic" {
hostname = "${local.prefix}-classic"
domain = var.domain
os_reference_code = var.os_reference_code
datacenter = "dal12"
network_speed = 1000
hourly_billing = true
local_disk = true
private_network_only = false
flavor_key_name = "BL2_2X8X100"
tags = local.tags
public_vlan_id = data.ibm_network_vlan.public.id
private_vlan_id = data.ibm_network_vlan.private.id
dedicated_acct_host_only = false
ipv6_enabled = true
ssh_key_ids = [data.ibm_compute_ssh_key.sshkey.id]
user_metadata = templatefile("${path.module}/init.tftpl", {
logdna_key = module.observability_instances.logdna_ingestion_key
secret_key = ibm_is_instance.test.crn
})
}init.tftpl
#!/usr/bin/env bash
set -e
echo "Grabbing ingestion and secret keys"
echo ${logdna_key} | tee -a /tmp/logdna.key
echo ${secret_key} | tee -a /tmp/secret.keyPlan
$ terraform plan -out "$(terraform workspace show).tfplan"
data.ibm_is_ssh_key.ssh_key: Reading...
data.ibm_compute_ssh_key.sshkey: Reading...
data.ibm_is_image.base: Reading...
module.resource_group.data.ibm_resource_group.existing_resource_group[0]: Reading...
data.ibm_is_zones.regional: Reading...
data.ibm_network_vlan.public: Reading...
data.ibm_is_vpc.existing: Reading...
data.ibm_network_vlan.private: Reading...
data.ibm_compute_ssh_key.sshkey: Read complete after 0s [id=2175662]
data.ibm_is_zones.regional: Read complete after 0s [id=2023-05-12 20:40:19.359579 +0000 UTC]
data.ibm_network_vlan.public: Read complete after 0s [name=public-dal12-vlan]
data.ibm_network_vlan.private: Read complete after 0s [name=private-dal12-vlan]
module.resource_group.data.ibm_resource_group.existing_resource_group[0]: Read complete after 0s [id=ac83304b2fb6492e95995812da85b653]
data.ibm_is_image.base: Read complete after 1s [id=r038-b2ef5b38-7074-4119-9253-5fe81abe4842]
data.ibm_is_ssh_key.ssh_key: Read complete after 1s [id=r038-441f040d-e836-4d5f-ad3f-8ea475652ce2]
data.ibm_is_vpc.existing: Read complete after 2s [id=r038-a8827d69-a5ff-4571-8345-c7901e812a06]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# ibm_compute_vm_instance.classic will be created
+ resource "ibm_compute_vm_instance" "classic" {
+ block_storage_ids = (known after apply)
+ cores = (known after apply)
+ datacenter = "dal12"
+ dedicated_acct_host_only = false
+ disks = (known after apply)
+ domain = "ryantiffany.com"
+ file_storage_ids = (known after apply)
+ flavor_key_name = "BL2_2X8X100"
+ hostname = "scrt-test-classic"
+ hourly_billing = true
+ id = (known after apply)
+ ip_address_id = (known after apply)
+ ip_address_id_private = (known after apply)
+ ipv4_address = (known after apply)
+ ipv4_address_private = (known after apply)
+ ipv6_address = (known after apply)
+ ipv6_address_id = (known after apply)
+ ipv6_enabled = true
+ ipv6_static_enabled = false
+ local_disk = true
+ memory = (known after apply)
+ network_speed = 1000
+ os_reference_code = "UBUNTU_20_64"
+ private_interface_id = (known after apply)
+ private_network_only = false
+ private_security_group_ids = (known after apply)
+ private_subnet = (known after apply)
+ private_subnet_id = (known after apply)
+ private_vlan_id = 2603447
+ public_bandwidth_limited = (known after apply)
+ public_bandwidth_unlimited = false
+ public_interface_id = (known after apply)
+ public_ipv6_subnet = (known after apply)
+ public_ipv6_subnet_id = (known after apply)
+ public_security_group_ids = (known after apply)
+ public_subnet = (known after apply)
+ public_subnet_id = (known after apply)
+ public_vlan_id = 2603445
+ resource_controller_url = (known after apply)
+ resource_name = (known after apply)
+ resource_status = (known after apply)
+ secondary_ip_addresses = (known after apply)
+ ssh_key_ids = [
+ 2175662,
]
+ tags = [
+ "owner:ryantiffany",
+ "provider:ibm",
+ "region:ca-tor",
+ "tfworkspace:default",
+ "vpc:scrt-test-vpc",
]
+ user_metadata = (sensitive value)
+ wait_time_minutes = 90
}
# ibm_is_instance.test will be created
+ resource "ibm_is_instance" "test" {
+ access_tags = (known after apply)
+ availability_policy_host_failure = (known after apply)
+ bandwidth = (known after apply)
+ crn = (known after apply)
+ default_trusted_profile_auto_link = (known after apply)
+ disks = (known after apply)
+ force_action = false
+ gpu = (known after apply)
+ id = (known after apply)
+ image = "r038-b2ef5b38-7074-4119-9253-5fe81abe4842"
+ keys = [
+ "r038-441f040d-e836-4d5f-ad3f-8ea475652ce2",
]
+ lifecycle_reasons = (known after apply)
+ lifecycle_state = (known after apply)
+ memory = (known after apply)
+ metadata_service_enabled = (known after apply)
+ name = "scrt-test-instance"
+ placement_target = (known after apply)
+ profile = "cx2-2x4"
+ resource_controller_url = (known after apply)
+ resource_crn = (known after apply)
+ resource_group = "ac83304b2fb6492e95995812da85b653"
+ resource_group_name = (known after apply)
+ resource_name = (known after apply)
+ resource_status = (known after apply)
+ status = (known after apply)
+ status_reasons = (known after apply)
+ tags = [
+ "owner:ryantiffany",
+ "provider:ibm",
+ "region:ca-tor",
+ "tfworkspace:default",
+ "vpc:scrt-test-vpc",
+ "zone:ca-tor-1",
]
+ total_network_bandwidth = (known after apply)
+ total_volume_bandwidth = (known after apply)
+ user_data = (sensitive value)
+ vcpu = (known after apply)
+ volume_attachments = (known after apply)
+ vpc = "r038-a8827d69-a5ff-4571-8345-c7901e812a06"
+ wait_before_delete = true
+ zone = "ca-tor-1"
+ boot_volume {
+ auto_delete_volume = true
+ encryption = (known after apply)
+ iops = (known after apply)
+ name = "scrt-test-boot"
+ profile = (known after apply)
+ size = (known after apply)
+ snapshot = (known after apply)
+ tags = (known after apply)
+ volume_id = (known after apply)
}
+ metadata_service {
+ enabled = true
+ protocol = (known after apply)
+ response_hop_limit = (known after apply)
}
+ network_interfaces {
+ allow_ip_spoofing = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ primary_ipv4_address = (known after apply)
+ security_groups = (known after apply)
+ subnet = (known after apply)
+ primary_ip {
+ address = (known after apply)
+ auto_delete = (known after apply)
+ href = (known after apply)
+ name = (known after apply)
+ reserved_ip = (known after apply)
+ resource_type = (known after apply)
}
}
+ primary_network_interface {
+ allow_ip_spoofing = false
+ id = (known after apply)
+ name = (known after apply)
+ port_speed = (known after apply)
+ primary_ipv4_address = (known after apply)
+ security_groups = [
+ "r038-c9953e03-b1ce-4860-9525-0167c0b207f6",
]
+ subnet = "02q7-0f04b713-58ef-40ab-81c4-b43f5debf5c2"
+ primary_ip {
+ address = (known after apply)
+ auto_delete = (known after apply)
+ href = (known after apply)
+ name = (known after apply)
+ reserved_ip = (known after apply)
+ resource_type = (known after apply)
}
}
}
# random_string.secret will be created
+ resource "random_string" "secret" {
+ id = (known after apply)
+ length = 12
+ lower = true
+ min_lower = 0
+ min_numeric = 0
+ min_special = 0
+ min_upper = 0
+ number = true
+ numeric = true
+ result = (known after apply)
+ special = true
+ upper = false
}
# module.observability_instances.module.logdna.ibm_resource_instance.logdna[0] will be created
+ resource "ibm_resource_instance" "logdna" {
+ account_id = (known after apply)
+ allow_cleanup = (known after apply)
+ created_at = (known after apply)
+ created_by = (known after apply)
+ crn = (known after apply)
+ dashboard_url = (known after apply)
+ deleted_at = (known after apply)
+ deleted_by = (known after apply)
+ extensions = (known after apply)
+ guid = (known after apply)
+ id = (known after apply)
+ last_operation = (known after apply)
+ location = "ca-tor"
+ locked = (known after apply)
+ name = "scrt-test-logging-instance"
+ parameters = {
+ "default_receiver" = "true"
}
+ plan = "7-day"
+ plan_history = (known after apply)
+ resource_aliases_url = (known after apply)
+ resource_bindings_url = (known after apply)
+ resource_controller_url = (known after apply)
+ resource_crn = (known after apply)
+ resource_group_crn = (known after apply)
+ resource_group_id = "ac83304b2fb6492e95995812da85b653"
+ resource_group_name = (known after apply)
+ resource_id = (known after apply)
+ resource_keys_url = (known after apply)
+ resource_name = (known after apply)
+ resource_plan_id = (known after apply)
+ resource_status = (known after apply)
+ restored_at = (known after apply)
+ restored_by = (known after apply)
+ scheduled_reclaim_at = (known after apply)
+ scheduled_reclaim_by = (known after apply)
+ service = "logdna"
+ service_endpoints = "public-and-private"
+ state = (known after apply)
+ status = (known after apply)
+ sub_type = (known after apply)
+ tags = [
+ "owner:ryantiffany",
+ "provider:ibm",
+ "region:ca-tor",
+ "tfworkspace:default",
+ "vpc:scrt-test-vpc",
]
+ target_crn = (known after apply)
+ type = (known after apply)
+ update_at = (known after apply)
+ update_by = (known after apply)
}
# module.observability_instances.module.logdna.ibm_resource_key.resource_key[0] will be created
+ resource "ibm_resource_key" "resource_key" {
+ account_id = (known after apply)
+ created_at = (known after apply)
+ created_by = (known after apply)
+ credentials = (sensitive value)
+ credentials_json = (sensitive value)
+ crn = (known after apply)
+ deleted_at = (known after apply)
+ deleted_by = (known after apply)
+ guid = (known after apply)
+ iam_compatible = (known after apply)
+ id = (known after apply)
+ name = "LogDnaManagerKey"
+ resource_group_id = (known after apply)
+ resource_instance_id = (known after apply)
+ resource_instance_url = (known after apply)
+ role = "Manager"
+ source_crn = (known after apply)
+ state = (known after apply)
+ status = (known after apply)
+ updated_at = (known after apply)
+ updated_by = (known after apply)
+ url = (known after apply)
}
Plan: 5 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ logdna_ingestion_key = (sensitive value)
Apply
$ terraform apply "default.tfplan"
random_string.secret: Creating...
random_string.secret: Creation complete after 0s [id=w:}%f50&9z3:]
module.observability_instances.module.logdna.ibm_resource_instance.logdna[0]: Creating...
module.observability_instances.module.logdna.ibm_resource_instance.logdna[0]: Still creating... [10s elapsed]
module.observability_instances.module.logdna.ibm_resource_instance.logdna[0]: Creation complete after 14s [id=crn:v1:bluemix:public:logdna:ca-tor:a/6c27214690345bfb75bb1f2b28a20504:a546db72-8e4f-462b-8762-2eaca8a9b2bc::]
module.observability_instances.module.logdna.ibm_resource_key.resource_key[0]: Creating...
module.observability_instances.module.logdna.ibm_resource_key.resource_key[0]: Creation complete after 2s [id=crn:v1:bluemix:public:logdna:ca-tor:a/6c27214690345bfb75bb1f2b28a20504:a546db72-8e4f-462b-8762-2eaca8a9b2bc:resource-key:ac9d9b73-c397-4a99-ae8d-6d32640537d8]
ibm_is_instance.test: Creating...
ibm_is_instance.test: Still creating... [10s elapsed]
ibm_is_instance.test: Creation complete after 17s [id=02q7_36fa07c0-c9eb-4b0c-8fe7-832d87c034b9]
ibm_compute_vm_instance.classic: Creating...
ibm_compute_vm_instance.classic: Still creating... [10s elapsed]
ibm_compute_vm_instance.classic: Still creating... [20s elapsed]
ibm_compute_vm_instance.classic: Still creating... [30s elapsed]
ibm_compute_vm_instance.classic: Still creating... [40s elapsed]
ibm_compute_vm_instance.classic: Still creating... [50s elapsed]
ibm_compute_vm_instance.classic: Still creating... [1m0s elapsed]
ibm_compute_vm_instance.classic: Still creating... [1m10s elapsed]
ibm_compute_vm_instance.classic: Still creating... [1m20s elapsed]
ibm_compute_vm_instance.classic: Still creating... [1m30s elapsed]
ibm_compute_vm_instance.classic: Creation complete after 1m39s [id=137403360]
Apply complete! Resources: 5 added, 0 changed, 0 destroyed.
Outputs:
logdna_ingestion_key = <sensitive>