IBM-Cloud
diff --git a/‎go.mod‎
Lines changed: 2 additions & 2 deletions b/‎go.mod‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎go.sum‎
Lines changed: 4 additions & 6 deletions b/‎go.sum‎
Lines changed: 4 additions & 6 deletions
diff --git a/‎ibm/conns/config.go‎
Lines changed: 125 additions & 123 deletions b/‎ibm/conns/config.go‎
Lines changed: 125 additions & 123 deletions
@@ -3,7 +3,7 @@ module github.com/IBM-Cloud/terraform-provider-ibm
 go 1.24.2
 
 require (
-	github.com/IBM-Cloud/bluemix-go v0.0.0-20250912140913-e279174fe80b
+	github.com/IBM-Cloud/bluemix-go v0.0.0-20250925065941-e1953cea5812
 	github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20240725064144-454a2ae23113
 	github.com/IBM-Cloud/power-go-client v1.13.0
 	github.com/IBM/appconfiguration-go-admin-sdk v0.5.1
@@ -206,7 +206,7 @@ require (
 	golang.org/x/net v0.43.0 // indirect
 	golang.org/x/oauth2 v0.27.0 // indirect
 	golang.org/x/sync v0.16.0 // indirect
-	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/sys v0.36.0 // indirect
 	golang.org/x/term v0.34.0 // indirect
 	golang.org/x/text v0.28.0 // indirect
 	golang.org/x/time v0.9.0 // indirect
 
@@ -90,8 +90,8 @@ github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0
 github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/IBM-Cloud/bluemix-go v0.0.0-20250912140913-e279174fe80b h1:KvUKPR6fCkByNcaXf1DWoWDjjqK5zj9f6gzhK1cc4PQ=
-github.com/IBM-Cloud/bluemix-go v0.0.0-20250912140913-e279174fe80b/go.mod h1:uqxINL7UuXasMI5Y3yGBh5izcsIksdIGxgQ78oM+5Dk=
+github.com/IBM-Cloud/bluemix-go v0.0.0-20250925065941-e1953cea5812 h1:f6jfPxYeSWh5u3ZM7cIz5kDlSILtuN6LAGgnS9TUbvg=
+github.com/IBM-Cloud/bluemix-go v0.0.0-20250925065941-e1953cea5812/go.mod h1:lU1/3aolIs4y062yTTokFEiIEssAZqqjdj/5qvkBeq8=
 github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20240725064144-454a2ae23113 h1:f2Erqfea1dKpaTFagTJM6W/wnD3JGq/Vn9URh8nuRwk=
 github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20240725064144-454a2ae23113/go.mod h1:xUQL9SGAjoZFd4GNjrjjtEpjpkgU7RFXRyHesbKTjiY=
 github.com/IBM-Cloud/power-go-client v1.13.0 h1:TqxPlkJe0VkNdV9hYOD5NRepxEFhhyKXWXfg22x2zhU=
@@ -169,8 +169,6 @@ github.com/IBM/vmware-go-sdk v0.1.5 h1:aQbwcJBceaaauuIoJ0OJn+ttwjb+QTX6XV9Jbrdpj
 github.com/IBM/vmware-go-sdk v0.1.5/go.mod h1:OyQKRInGGsBaOyE5LIZCqH7b1DZ01BvIYa8BgGy+wWo=
 github.com/IBM/vpc-beta-go-sdk v0.8.0 h1:cEPpv4iw3Ba5W2d0AWg3TIbKeJ8y1nPuUuibR5Jt9eE=
 github.com/IBM/vpc-beta-go-sdk v0.8.0/go.mod h1:hORgIyTFRzXrZIK9IohaWmCRBBlYiDRagsufi7M6akE=
-github.com/IBM/vpc-go-sdk v0.72.0 h1:3Pj7nNuYmlaRPiMyC/5Uro3+5hzNBM6v2Lrq5UABBkQ=
-github.com/IBM/vpc-go-sdk v0.72.0/go.mod h1:K3vVlje72PYE3ZRt1iouE+jSIq+vCyYzT1HiFC06hUA=
 github.com/IBM/vpc-go-sdk v0.73.0 h1:gMVR6NSzw8Y7pCkcDa92+heQTzu5X64q8bnBBpLJpFE=
 github.com/IBM/vpc-go-sdk v0.73.0/go.mod h1:K3vVlje72PYE3ZRt1iouE+jSIq+vCyYzT1HiFC06hUA=
 github.com/Logicalis/asn1 v0.0.0-20190312173541-d60463189a56 h1:vuquMR410psHNax14XKNWa0Ae/kYgWJcXi0IFuX60N0=
@@ -1603,8 +1601,8 @@ golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
-golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 
@@ -140,6 +140,8 @@ import (
 // RetryAPIDelay - retry api delay
 const RetryAPIDelay = 5 * time.Second
 
+const IAMURL = iamidentity.DefaultServiceURL
+
 // BluemixRegion ...
 var BluemixRegion string
 
@@ -198,9 +200,15 @@ type Config struct {
 	// IAM Token
 	IAMToken string
 
-	// TrustedProfileToken Token
+	// TrustedProfileID
 	IAMTrustedProfileID string
 
+	// TrustedProfileName
+	IAMTrustedProfileName string
+
+	// Account
+	Account string
+
 	// IAM Refresh Token
 	IAMRefreshToken string
 
@@ -1449,62 +1457,22 @@ func (c *Config) ClientSession() (interface{}, error) {
 		return session, nil
 	}
 
-	if sess.BluemixSession.Config.BluemixAPIKey != "" && c.IAMTrustedProfileID == "" {
-		err = authenticateAPIKey(sess.BluemixSession)
-		if err != nil {
-			for count := c.RetryCount; count >= 0; count-- {
-				if err == nil || !isRetryable(err) {
-					break
-				}
-				time.Sleep(c.RetryDelay)
-				log.Printf("Retrying IAM Authentication %d", count)
-				err = authenticateAPIKey(sess.BluemixSession)
-			}
-			if err != nil {
-				session.bmxUserFetchErr = fmt.Errorf("[ERROR] Error occured while fetching auth key for account user details: %q", err)
-				session.functionConfigErr = fmt.Errorf("[ERROR] Error occured while fetching auth key for function: %q", err)
+	err = fetchAuthorizationData(sess.BluemixSession)
+	if err != nil {
+		for count := c.RetryCount; count >= 0; count-- {
+			if err == nil || !isRetryable(err) {
+				break
 			}
+			time.Sleep(c.RetryDelay)
+			log.Printf("Retrying IAM Authentication %d", count)
+			err = fetchAuthorizationData(sess.BluemixSession)
 		}
-
-		session.functionConfigErr = fmt.Errorf("[ERROR] Error occured while fetching auth key for function: %q", err)
-	}
-
-	if sess.BluemixSession.Config.BluemixAPIKey != "" && c.IAMTrustedProfileID != "" {
-		err = authenticateAssume(sess.BluemixSession)
 		if err != nil {
-			for count := c.RetryCount; count >= 0; count-- {
-				if err == nil || !isRetryable(err) {
-					break
-				}
-				time.Sleep(c.RetryDelay)
-				log.Printf("Retrying IAM Authentication %d", count)
-				err = authenticateAssume(sess.BluemixSession)
-			}
-			if err != nil {
-				session.bmxUserFetchErr = fmt.Errorf("[ERROR] Error occured while fetching auth key for account user details: %q", err)
-				session.functionConfigErr = fmt.Errorf("[ERROR] Error occured while fetching auth key for function: %q", err)
-			}
+			session.bmxUserFetchErr = fmt.Errorf("[ERROR] Error occured while fetching auth key for account user details: %q", err)
+			session.functionConfigErr = fmt.Errorf("[ERROR] Error occured while fetching auth key for function: %q", err)
 		}
-
-		session.functionConfigErr = fmt.Errorf("[ERROR] Error occured while fetching auth key for function: %q", err)
 	}
 
-	if c.IAMTrustedProfileID == "" && sess.BluemixSession.Config.BluemixAPIKey == "" && sess.BluemixSession.Config.IAMAccessToken != "" && sess.BluemixSession.Config.IAMRefreshToken != "" {
-		err := RefreshToken(sess.BluemixSession)
-		if err != nil {
-			for count := c.RetryCount; count >= 0; count-- {
-				if err == nil || !isRetryable(err) {
-					break
-				}
-				time.Sleep(c.RetryDelay)
-				log.Printf("Retrying refresh token %d", count)
-				err = RefreshToken(sess.BluemixSession)
-			}
-			if err != nil {
-				return nil, fmt.Errorf("[ERROR] Error occured while refreshing the token: %q", err)
-			}
-		}
-	}
 	userConfig, err := fetchUserDetails(sess.BluemixSession, c.RetryCount, c.RetryDelay)
 	if err != nil {
 		session.bmxUserFetchErr = fmt.Errorf("[ERROR] Error occured while fetching account user details: %q", err)
@@ -1601,7 +1569,8 @@ func (c *Config) ClientSession() (interface{}, error) {
 	}
 	session.kpAPI = kpAPIclient
 
-	iamURL := iamidentity.DefaultServiceURL
+	iamURL := EnvFallBack([]string{"IBMCLOUD_IAM_API_ENDPOINT"}, IAMURL)
+
 	if c.Visibility == "private" || c.Visibility == "public-and-private" {
 		if c.Region == "us-south" || c.Region == "us-east" {
 			iamURL = ContructEndpoint(fmt.Sprintf("private.%s.iam", c.Region), cloudEndpoint)
@@ -1647,13 +1616,25 @@ func (c *Config) ClientSession() (interface{}, error) {
 
 	var authenticator core.Authenticator
 
-	if (c.BluemixAPIKey != "") && c.IAMTrustedProfileID != "" {
-		authenticator, err = core.NewIamAssumeAuthenticatorBuilder().
-			SetApiKey(c.BluemixAPIKey).
-			SetIAMProfileID(c.IAMTrustedProfileID).
-			Build()
-		if err != nil {
-			log.Fatalf("Error in authenticating using NewIamAssumeAuthenticatorBuilder. Error: %s", err)
+	if (c.BluemixAPIKey != "") && (c.IAMTrustedProfileID != "" || c.IAMTrustedProfileName != "") {
+		if c.IAMTrustedProfileID != "" {
+			authenticator, err = core.NewIamAssumeAuthenticatorBuilder().
+				SetApiKey(c.BluemixAPIKey).
+				SetIAMProfileID(c.IAMTrustedProfileID).
+				Build()
+			if err != nil {
+				log.Fatalf("Error in authenticating using NewIamAssumeAuthenticatorBuilder. Error: %s", err)
+			}
+		} else {
+			authenticator, err = core.NewIamAssumeAuthenticatorBuilder().
+				SetApiKey(c.BluemixAPIKey).
+				SetIAMProfileName(c.IAMTrustedProfileName).
+				SetIAMAccountID(c.Account).
+				Build()
+			if err != nil {
+				log.Fatalf("Error in authenticating using NewIamAssumeAuthenticatorBuilder with trusted profile name. Error: %s", err)
+			}
+
 		}
 	} else if c.BluemixAPIKey != "" || sess.BluemixSession.Config.IAMRefreshToken != "" {
 		if c.BluemixAPIKey != "" {
@@ -3799,67 +3780,83 @@ func newSession(c *Config) (*Session, error) {
 	softlayerSession.AppendUserAgent(fmt.Sprintf("terraform-provider-ibm/%s", version.Version))
 	ibmSession.SoftLayerSession = softlayerSession
 
-	/*if c.IAMTrustedProfileID == "" && (c.IAMToken != "" && c.IAMRefreshToken == "") || (c.IAMToken == "" && c.IAMRefreshToken != "") {
-		return nil, fmt.Errorf("iam_token and iam_refresh_token must be provided")
-	}
-	if c.IAMTrustedProfileID != "" && c.IAMToken == "" {
-		return nil, fmt.Errorf("iam_token and iam_profile_id must be provided")
-	}*/
-
-	if c.IAMToken != "" {
-		log.Println("Configuring IBM Cloud Session with token")
-		var sess *bxsession.Session
-		bmxConfig := &bluemix.Config{
-			IAMAccessToken:  c.IAMToken,
-			IAMRefreshToken: c.IAMRefreshToken,
-			// Comment out debug mode for v0.12
-			Debug:               os.Getenv("TF_LOG") != "",
-			HTTPTimeout:         c.BluemixTimeout,
-			Region:              c.Region,
-			ResourceGroup:       c.ResourceGroup,
-			RetryDelay:          &c.RetryDelay,
-			MaxRetries:          &c.RetryCount,
-			Visibility:          c.Visibility,
-			PrivateEndpointType: c.PrivateEndpointType,
-			EndpointsFile:       c.EndpointsFile,
-			UserAgent:           fmt.Sprintf("terraform-provider-ibm/%s", version.Version),
+	var authenticator core.Authenticator
+	var err error
+	iamURL := EnvFallBack([]string{"IBMCLOUD_IAM_API_ENDPOINT"}, IAMURL)
+	if (c.BluemixAPIKey != "") && (c.IAMTrustedProfileID != "" || c.IAMTrustedProfileName != "") {
+		if c.IAMTrustedProfileID != "" {
+			authenticator, err = core.NewIamAssumeAuthenticatorBuilder().
+				SetApiKey(c.BluemixAPIKey).
+				SetIAMProfileID(c.IAMTrustedProfileID).
+				SetURL(iamURL).
+				Build()
+			if err != nil {
+				log.Fatalf("Error in authenticating using NewIamAssumeAuthenticatorBuilder. Error: %s", err)
+			}
+		} else {
+			authenticator, err = core.NewIamAssumeAuthenticatorBuilder().
+				SetApiKey(c.BluemixAPIKey).
+				SetIAMProfileName(c.IAMTrustedProfileName).
+				SetIAMAccountID(c.Account).
+				SetURL(iamURL).
+				Build()
+			if err != nil {
+				log.Fatalf("Error in authenticating using NewIamAssumeAuthenticatorBuilder with trusted profile name. Error: %s", err)
+			}
 		}
-		sess, err := bxsession.New(bmxConfig)
-		if err != nil {
-			return nil, err
+	} else if c.BluemixAPIKey != "" || c.IAMRefreshToken != "" {
+		if c.BluemixAPIKey != "" {
+			authenticator = &core.IamAuthenticator{
+				ApiKey: c.BluemixAPIKey,
+				URL:    iamURL,
+			}
+		} else {
+			// Construct the IamAuthenticator with the IAM refresh token.
+			authenticator = &core.IamAuthenticator{
+				RefreshToken: c.IAMRefreshToken,
+				ClientId:     "bx",
+				ClientSecret: "bx",
+				URL:          iamURL,
+			}
 		}
-		ibmSession.BluemixSession = sess
-	}
-
-	if c.BluemixAPIKey != "" {
-		log.Println("Configuring IBM Cloud Session with API key")
-		var sess *bxsession.Session
-		bmxConfig := &bluemix.Config{
-			BluemixAPIKey: c.BluemixAPIKey,
-			// Comment out debug mode for v0.12
-			Debug:               os.Getenv("TF_LOG") != "",
-			HTTPTimeout:         c.BluemixTimeout,
-			Region:              c.Region,
-			ResourceGroup:       c.ResourceGroup,
-			RetryDelay:          &c.RetryDelay,
-			MaxRetries:          &c.RetryCount,
-			Visibility:          c.Visibility,
-			PrivateEndpointType: c.PrivateEndpointType,
-			EndpointsFile:       c.EndpointsFile,
-			UserAgent:           fmt.Sprintf("terraform-provider-ibm/%s", version.Version),
-			IAMTrustedProfileID: c.IAMTrustedProfileID,
+	} else if strings.HasPrefix(c.IAMToken, "Bearer") {
+		authenticator = &core.BearerTokenAuthenticator{
+			BearerToken: c.IAMToken[7:],
 		}
-		sess, err := bxsession.New(bmxConfig)
-		if err != nil {
-			return nil, err
+	} else {
+		authenticator = &core.BearerTokenAuthenticator{
+			BearerToken: c.IAMToken,
 		}
-		ibmSession.BluemixSession = sess
 	}
 
+	var sess *bxsession.Session
+	bmxConfig := &bluemix.Config{
+		IAMAccessToken:  c.IAMToken,
+		IAMRefreshToken: c.IAMRefreshToken,
+		BluemixAPIKey:   c.BluemixAPIKey,
+		// Comment out debug mode for v0.12
+		Debug:               os.Getenv("TF_LOG") != "",
+		HTTPTimeout:         c.BluemixTimeout,
+		Region:              c.Region,
+		ResourceGroup:       c.ResourceGroup,
+		RetryDelay:          &c.RetryDelay,
+		MaxRetries:          &c.RetryCount,
+		Visibility:          c.Visibility,
+		PrivateEndpointType: c.PrivateEndpointType,
+		EndpointsFile:       c.EndpointsFile,
+		UserAgent:           fmt.Sprintf("terraform-provider-ibm/%s", version.Version),
+		Authenticator:       authenticator,
+	}
+	sess, err = bxsession.New(bmxConfig)
+	if err != nil {
+		return nil, err
+	}
+	ibmSession.BluemixSession = sess
+
 	return ibmSession, nil
 }
 
-func authenticateAPIKey(sess *bxsession.Session) error {
+/*func authenticateAPIKey(sess *bxsession.Session) error {
 	config := sess.Config
 	tokenRefresher, err := authentication.NewIAMAuthRepository(config, &rest.Client{
 		DefaultHeader: gohttp.Header{
@@ -3885,6 +3882,20 @@ func authenticateAssume(sess *bxsession.Session) error {
 		return err
 	}
 	return tokenRefresher.AuthenticateAssume(config.BluemixAPIKey, config.IAMTrustedProfileID)
+}*/
+
+func fetchAuthorizationData(sess *bxsession.Session) error {
+	config := sess.Config
+	tokenRefresher, err := authentication.NewIAMAuthRepository(config, &rest.Client{
+		DefaultHeader: gohttp.Header{
+			"User-Agent":            []string{http.UserAgent()},
+			"X-Original-User-Agent": []string{config.UserAgent},
+		},
+	})
+	if err != nil {
+		return err
+	}
+	return tokenRefresher.FetchAuthorizationData(config.Authenticator)
 }
 
 func fetchUserDetails(sess *bxsession.Session, retries int, retryDelay time.Duration) (*UserConfig, error) {
@@ -3904,18 +3915,9 @@ func fetchUserDetails(sess *bxsession.Session, retries int, retryDelay time.Dura
 	// TODO validate with key
 	if err != nil && !strings.Contains(err.Error(), "key is of invalid type") {
 		if retries > 0 {
-			if config.BluemixAPIKey != "" && config.IAMTrustedProfileID == "" {
-				time.Sleep(retryDelay)
-				log.Printf("Retrying authentication for user details %d", retries)
-				_ = authenticateAPIKey(sess)
-				return fetchUserDetails(sess, retries-1, retryDelay)
-			} else if config.BluemixAPIKey != "" && config.IAMTrustedProfileID != "" {
-				time.Sleep(retryDelay)
-				log.Printf("Retrying authentication for user details %d", retries)
-				_ = authenticateAssume(sess)
-				return fetchUserDetails(sess, retries-1, retryDelay)
-
-			}
+			time.Sleep(retryDelay)
+			log.Printf("Retrying authentication for user details %d", retries)
+			_ = fetchAuthorizationData(sess)
 		}
 		return &user, err
 	}