Adding support to add a target to an existing logs router tenant

[ocofaigh]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

There is a use case where it is required to add a new target to an existing tenant. There is currently no way to do this using the terraform provider because the ibm_logs_router_tenant resource only supports creating both. This seems to be possible to do using the api directly: https://cloud.ibm.com/docs/logs-router?topic=logs-router-tenant-add-target&interface=api

New or Affected Resource(s)

Proposed new resource:

• ibm_logs_router_target

Potential Terraform Configuration

resource "ibm_logs_router_target" "ibm_logs_router_target" {
  tenant_id = "xxxxxxxxxxx" # existing tenant ID
  endpoint_type = "public" # the logs-router endpoint type to use (public or private)
  log_sink_crn = ibm_resource_instance.logs_instance.target_crn
  name = "my-cloud-logs-target"
  parameters {
      host = ibm_resource_instance.logs_instance.extensions.external_ingress_private
      port = 443
  }
}

References

• #0000

[ianre]

Hello @ocofaigh , thank you for the suggestion.
Suppose there is an existing tenant with 1 target. For example

{
  "name": "example tenant",
  "id": "4435ffe5-99de-44cb-87df-d011a1b633e0",
  "crn": "crn:v1:bluemix:public:logs-router:au-syd:a/c7d9a58998f64d75ae0d6b5137283e7f:4435ffe5-99de-44cb-87df-d011a1b633e0::",
  "targets": [
    {
      "name": "logdna-target",
      "id": "f6c48c63-67a2-4426-9a65-c14ec1714901",
      "type": "logdna",
      "log_sink_crn": "crn:v1:bluemix:public:logdna:au-syd:a/c7d9a58998f64d75ae0d6b5137283e7f:af10d6cc-f957-4af8-9556-54b43eb72d69::",
      "parameters": {
        "host": "logs.au-syd.logging.cloud.ibm.com",
        "port": 443
      }
    }
  ]
}

You want to use terraform to create and manage a Cloud Logs target in this tenant, but you do not want terraform to manage the existing tenant or its existing target?

If so, you're correct. This is not possible now. What we need is a target resource. Adding this resource is not part of our plan, however I think we should add this and it would not be a huge amount of effort.

[ocofaigh]

@ianre yes what you have mentioned above is exactly the use case. Tenant and target seem to be too tighly coupled. Other resources support this kind of use case already. For example:

• ibm_cbr_zone_addresses supports adding a network zone address to an existing network zone
• ibm_is_network_acl_rule supports adding an ACL rule to ACL