search

IBM-Cloud / terraform-provider-ibm

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs
Mozilla Public License 2.0
336 stars 645 forks source link

Ability to share private offerings with target account #5437

Open pauljegouic opened 1 week ago

pauljegouic commented 1 week ago

Hello there, I'd like the ability to manage the lifecycle of the offering sharing with other accounts in a Private Catalog.


variable "iz_products_programmatic_names" {
  description = "list of service/products to share with target account"
  type        = list(string)
  default     = ["cloud-internet-services", "cloud-object-storage", "mongodb", "openshift-dnsrecords-addon", "openshift-namespace-mngt-addon", "openshift-svc-credentials-addon", "openshift-cos-volume-addon", "openshift-cluster", "openshift-workerpool-mngt-addon", "postgresql", "qiskit", "redis", "elasticsearch"]
}

resource "null_resource" "share_iz_products_to_account" {
  depends_on = [null_resource.accept_catalog_request]
  triggers = {
    iz_products_programmatic_names = jsonencode(var.iz_products_programmatic_names)
    iz_admin_api_key               = var.iz_admin_api_key
    target_account_id              = data.ibm_iam_account_settings.iam_account_settings.account_id
    iz_admin_catalog_id            = data.ibm_cm_catalog.iz_admin_catalog_id.id

  }
  provisioner "local-exec" {
    command = <<EOT
         #0. Setup variables
         export APIKEY=${self.triggers.iz_admin_api_key}
         export OFFERS=$(echo '${self.triggers.iz_products_programmatic_names}' | tr -d "\"" | tr -d "[" | tr -d "]" | sed "s/,/\ /g" )

         ibmcloud login -r eu-fr2 --apikey $APIKEY

         for offer in $OFFERS
         do
            echo "share of $offer"
            ibmcloud catalog offering publish allowlist --catalog ${self.triggers.iz_admin_catalog_id} --offering "$offer" --account-ids ${self.triggers.target_account_id}
        done
        EOT
  }
  provisioner "local-exec" {
    when    = destroy
    command = <<EOT

         export APIKEY=${self.triggers.iz_admin_api_key}
         export OFFERS=$(echo '${self.triggers.iz_products_programmatic_names}' | tr -d "\"" | tr -d "[" | tr -d "]" | sed "s/,/\ /g" )

         ibmcloud login -r eu-fr2 --apikey $APIKEY

         for offer in $OFFERS
         do
            echo "unshare of $offer"
            ibmcloud catalog offering unpublish allowlist --catalog ${self.triggers.iz_admin_catalog_id} --offering "$offer" --account-ids ${self.triggers.target_account_id}
        done
    EOT
  }
}
benbuchanan commented 1 week ago

@pauljegouic Have you tried the share_with_access_list argument on the ibm_cm_offering resource? It lets you share your offering with a list of provided accounts.

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cm_offering#share_with_access_list

pauljegouic commented 1 week ago

Interesting @benbuchanan, I have not seen this. But I fear that this won't be compatible as my offering are not currently handled through Terraform.

Let me think about that, thanks for the info.