addressed some more review comments

Author: Vipin Kumar

README.md

@@ -300,9 +300,9 @@ Optionally, you need the following permissions to attach Access Management tags
 | <a name="input_disable_public_endpoint"></a> [disable\_public\_endpoint](#input\_disable\_public\_endpoint) | Whether access to the public service endpoint is disabled when the cluster is created. Does not affect existing clusters. You can't disable a public endpoint on an existing cluster, so you can't convert a public cluster to a private cluster. To change a public endpoint to private, create another cluster with this input set to `true`. | `bool` | `false` | no |
 | <a name="input_enable_ocp_console"></a> [enable\_ocp\_console](#input\_enable\_ocp\_console) | Flag to specify whether to enable or disable the OpenShift console. If set to `null` the module will not modify the setting currently set on the cluster. Bare in mind when setting this to `true` or `false` on a cluster with private only endpoint enabled, the runtime must be able to access the private endpoint. | `bool` | `null` | no |
 | <a name="input_enable_registry_storage"></a> [enable\_registry\_storage](#input\_enable\_registry\_storage) | Set to `true` to enable IBM Cloud Object Storage for the Red Hat OpenShift internal image registry. Set to `false` only for new cluster deployments in an account that is allowlisted for this feature. | `bool` | `true` | no |
-| <a name="input_enable_secrets_manager_integration"></a> [enable\_secrets\_manager\_integration](#input\_enable\_secrets\_manager\_integration) | Enable integration with IBM Cloud Secrets Manager so you can centrally manage Ingress subdomain certificates and other secrets. [Learn more](https://cloud.ibm.com/docs/containers?topic=containers-secrets-mgr) | `bool` | `false` | no |
+| <a name="input_enable_secrets_manager_integration"></a> [enable\_secrets\_manager\_integration](#input\_enable\_secrets\_manager\_integration) | Integrate with IBM Cloud Secrets Manager so you can centrally manage Ingress subdomain certificates and other secrets. [Learn more](https://cloud.ibm.com/docs/containers?topic=containers-secrets-mgr) | `bool` | `false` | no |
 | <a name="input_existing_cos_id"></a> [existing\_cos\_id](#input\_existing\_cos\_id) | The COS id of an already existing COS instance to use for OpenShift internal registry storage. Only required if 'enable\_registry\_storage' and 'use\_existing\_cos' are true. | `string` | `null` | no |
-| <a name="input_existing_secrets_manager_instance_crn"></a> [existing\_secrets\_manager\_instance\_crn](#input\_existing\_secrets\_manager\_instance\_crn) | CRN of secrets manager instance where ingress certificate secrets will be stored. | `string` | `null` | no |
+| <a name="input_existing_secrets_manager_instance_crn"></a> [existing\_secrets\_manager\_instance\_crn](#input\_existing\_secrets\_manager\_instance\_crn) | CRN of the Secrets Manager instance where Ingress certificate secrets will be stored. | `string` | `null` | no |
 | <a name="input_force_delete_storage"></a> [force\_delete\_storage](#input\_force\_delete\_storage) | Flag indicating whether or not to delete attached storage when destroying the cluster - Default: false | `bool` | `false` | no |
 | <a name="input_ignore_worker_pool_size_changes"></a> [ignore\_worker\_pool\_size\_changes](#input\_ignore\_worker\_pool\_size\_changes) | Enable if using worker autoscaling. Stops Terraform managing worker count | `bool` | `false` | no |
 | <a name="input_kms_config"></a> [kms\_config](#input\_kms\_config) | Use to attach a KMS instance to the cluster. If account\_id is not provided, defaults to the account in use. | <pre>object({<br/>    crk_id           = string<br/>    instance_id      = string<br/>    private_endpoint = optional(bool, true) # defaults to true<br/>    account_id       = optional(string)     # To attach KMS instance from another account<br/>    wait_for_apply   = optional(bool, true) # defaults to true so terraform will wait until the KMS is applied to the master, ready and deployed<br/>  })</pre> | `null` | no |
@@ -334,7 +334,6 @@ Optionally, you need the following permissions to attach Access Management tags
 | <a name="output_cluster_name"></a> [cluster\_name](#output\_cluster\_name) | Name of the created cluster |
 | <a name="output_cos_crn"></a> [cos\_crn](#output\_cos\_crn) | CRN of the COS instance |
 | <a name="output_ingress_hostname"></a> [ingress\_hostname](#output\_ingress\_hostname) | The hostname that was assigned to your Ingress subdomain. |
-| <a name="output_ingress_secrets_group"></a> [ingress\_secrets\_group](#output\_ingress\_secrets\_group) | Info of secrets group for storing ingress certificates |
 | <a name="output_kms_config"></a> [kms\_config](#output\_kms\_config) | KMS configuration details |
 | <a name="output_master_status"></a> [master\_status](#output\_master\_status) | The status of the Kubernetes master. |
 | <a name="output_master_url"></a> [master\_url](#output\_master\_url) | The URL of the Kubernetes master. |
@@ -346,6 +345,7 @@ Optionally, you need the following permissions to attach Access Management tags
 | <a name="output_region"></a> [region](#output\_region) | Region cluster is deployed in |
 | <a name="output_registry_vpe"></a> [registry\_vpe](#output\_registry\_vpe) | Info about the registry VPE, if it exists. For more info about schema, see https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_virtual_endpoint_gateway |
 | <a name="output_resource_group_id"></a> [resource\_group\_id](#output\_resource\_group\_id) | Resource group ID the cluster is deployed in |
+| <a name="output_secrets_manager_integration_config"></a> [secrets\_manager\_integration\_config](#output\_secrets\_manager\_integration\_config) | Info of secrets group for storing ingress certificates |
 | <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | ID of the clusters VPC |
 | <a name="output_vpe_url"></a> [vpe\_url](#output\_vpe\_url) | The virtual private endpoint URL of the Kubernetes cluster. |
 | <a name="output_workerpools"></a> [workerpools](#output\_workerpools) | Worker pools created |

outputs.tf

@@ -105,7 +105,7 @@ output "registry_vpe" {
   value       = local.registry_vpe_id
 }
 
-output "ingress_secrets_group" {
+output "secrets_manager_integration_config" {
   description = "Info of secrets group for storing ingress certificates"
   value       = var.enable_secrets_manager_integration ? ibm_container_ingress_instance.instance[0] : null
 }

solutions/fully-configurable/README.md

@@ -71,13 +71,13 @@ The following resources are provisioned by this example:
 | <a name="input_disable_public_endpoint"></a> [disable\_public\_endpoint](#input\_disable\_public\_endpoint) | Whether access to the public service endpoint is disabled when the cluster is created. Does not affect existing clusters. You can't disable a public endpoint on an existing cluster, so you can't convert a public cluster to a private cluster. To change a public endpoint to private, create another cluster with this input set to `true`. | `bool` | `true` | no |
 | <a name="input_enable_autoscaling_for_default_pool"></a> [enable\_autoscaling\_for\_default\_pool](#input\_enable\_autoscaling\_for\_default\_pool) | Set `true` to enable automatic scaling of worker based on workload demand. | `bool` | `false` | no |
 | <a name="input_enable_ocp_console"></a> [enable\_ocp\_console](#input\_enable\_ocp\_console) | Flag to specify whether to enable or disable the OpenShift console. If set to `null` the module will not modify the setting currently set on the cluster. Bare in mind when setting this to `true` or `false` on a cluster with private only endpoint enabled, the runtime must be able to access the private endpoint. | `bool` | `null` | no |
-| <a name="input_enable_secrets_manager_integration"></a> [enable\_secrets\_manager\_integration](#input\_enable\_secrets\_manager\_integration) | Enable integration with IBM Cloud Secrets Manager so you can centrally manage Ingress subdomain certificates and other secrets. [Learn more](https://cloud.ibm.com/docs/containers?topic=containers-secrets-mgr) | `bool` | `false` | no |
+| <a name="input_enable_secrets_manager_integration"></a> [enable\_secrets\_manager\_integration](#input\_enable\_secrets\_manager\_integration) | Integrate with IBM Cloud Secrets Manager so you can centrally manage Ingress subdomain certificates and other secrets. [Learn more](https://cloud.ibm.com/docs/containers?topic=containers-secrets-mgr) | `bool` | `false` | no |
 | <a name="input_existing_boot_volume_kms_key_crn"></a> [existing\_boot\_volume\_kms\_key\_crn](#input\_existing\_boot\_volume\_kms\_key\_crn) | The CRN of an existing KMS key to use to encrypt the the block storage volumes for VPC. If no value is set for this variable, specify a value for either the `existing_kms_instance_crn` variable to create a key ring and key. | `string` | `null` | no |
 | <a name="input_existing_cluster_kms_key_crn"></a> [existing\_cluster\_kms\_key\_crn](#input\_existing\_cluster\_kms\_key\_crn) | The CRN of an existing KMS key to use for encrypting the Object Storage of the Cluster. If no value is set for this variable, please specify a value for `existing_kms_instance_crn` variable to create a key ring and key. | `string` | `null` | no |
 | <a name="input_existing_cos_instance_crn"></a> [existing\_cos\_instance\_crn](#input\_existing\_cos\_instance\_crn) | The CRN of an already existing Object Storage instance to use for OpenShift internal registry storage. | `string` | n/a | yes |
 | <a name="input_existing_kms_instance_crn"></a> [existing\_kms\_instance\_crn](#input\_existing\_kms\_instance\_crn) | The CRN of an existing KMS instance (Hyper Protect Crypto Services or Key Protect). If the KMS instance is in different account you must also provide a value for `ibmcloud_kms_api_key`. | `string` | `null` | no |
 | <a name="input_existing_resource_group_name"></a> [existing\_resource\_group\_name](#input\_existing\_resource\_group\_name) | The name of an existing resource group to provision the cluster. | `string` | `"Default"` | no |
-| <a name="input_existing_secrets_manager_instance_crn"></a> [existing\_secrets\_manager\_instance\_crn](#input\_existing\_secrets\_manager\_instance\_crn) | CRN of secrets manager instance where ingress certificate secrets will be stored. | `string` | `null` | no |
+| <a name="input_existing_secrets_manager_instance_crn"></a> [existing\_secrets\_manager\_instance\_crn](#input\_existing\_secrets\_manager\_instance\_crn) | CRN of the Secrets Manager instance where Ingress certificate secrets will be stored. | `string` | `null` | no |
 | <a name="input_existing_subnet_ids"></a> [existing\_subnet\_ids](#input\_existing\_subnet\_ids) | The list of IDs of existing subnets where the default worker pool nodes of the cluster will be provisioned. | `list(string)` | `[]` | no |
 | <a name="input_existing_vpc_crn"></a> [existing\_vpc\_crn](#input\_existing\_vpc\_crn) | The CRN of an existing VPC. If the user provides only the `existing_vpc_crn` the default worker pool will be provisioned across all the subnets in the VPC. | `string` | n/a | yes |
 | <a name="input_ibmcloud_api_key"></a> [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | The IBM Cloud api key. | `string` | n/a | yes |
@@ -109,7 +109,6 @@ The following resources are provisioned by this example:
 | <a name="output_cluster_name"></a> [cluster\_name](#output\_cluster\_name) | The name of the provisioned OpenShift cluster. |
 | <a name="output_cos_crn"></a> [cos\_crn](#output\_cos\_crn) | The Cloud Resource Name (CRN) of the Object Storage instance associated with the cluster. |
 | <a name="output_ingress_hostname"></a> [ingress\_hostname](#output\_ingress\_hostname) | The hostname assigned to the Cluster's Ingress subdomain for external access. |
-| <a name="output_ingress_secrets_group"></a> [ingress\_secrets\_group](#output\_ingress\_secrets\_group) | Info of secrets group for storing ingress certificates |
 | <a name="output_kms_config"></a> [kms\_config](#output\_kms\_config) | Configuration details for Key Management Service (KMS) used for encryption in the cluster. |
 | <a name="output_master_status"></a> [master\_status](#output\_master\_status) | The current status of the Kubernetes master node in the cluster. |
 | <a name="output_master_url"></a> [master\_url](#output\_master\_url) | The API endpoint URL for the Kubernetes master node of the cluster. |
@@ -121,6 +120,7 @@ The following resources are provisioned by this example:
 | <a name="output_region"></a> [region](#output\_region) | The IBM Cloud region where the cluster is deployed. |
 | <a name="output_registry_vpe"></a> [registry\_vpe](#output\_registry\_vpe) | Details of the registry Virtual Private Endpoint (VPE), if it exists. For more info about schema, see https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_virtual_endpoint_gateway |
 | <a name="output_resource_group_id"></a> [resource\_group\_id](#output\_resource\_group\_id) | The ID of the resource group where the cluster is deployed. |
+| <a name="output_secrets_manager_integration_config"></a> [secrets\_manager\_integration\_config](#output\_secrets\_manager\_integration\_config) | Info of secrets group for storing ingress certificates |
 | <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the Virtual Private Cloud (VPC) in which the cluster is deployed. |
 | <a name="output_vpe_url"></a> [vpe\_url](#output\_vpe\_url) | The Virtual Private Endpoint (VPE) URL used for private network access to the cluster. |
 | <a name="output_workerpools"></a> [workerpools](#output\_workerpools) | A list of worker pools associated with the provisioned cluster |

solutions/fully-configurable/outputs.tf

@@ -102,7 +102,7 @@ output "registry_vpe" {
   value       = module.ocp_base.registry_vpe
 }
 
-output "ingress_secrets_group" {
+output "secrets_manager_integration_config" {
   description = "Info of secrets group for storing ingress certificates"
-  value       = module.ocp_base.ingress_secrets_group
+  value       = module.ocp_base.secrets_manager_integration_config
 }

solutions/fully-configurable/variables.tf

@@ -483,7 +483,7 @@ variable "cbr_rules" {
 
 variable "enable_secrets_manager_integration" {
   type        = bool
-  description = "Enable integration with IBM Cloud Secrets Manager so you can centrally manage Ingress subdomain certificates and other secrets. [Learn more](https://cloud.ibm.com/docs/containers?topic=containers-secrets-mgr)"
+  description = "Integrate with IBM Cloud Secrets Manager so you can centrally manage Ingress subdomain certificates and other secrets. [Learn more](https://cloud.ibm.com/docs/containers?topic=containers-secrets-mgr)"
   default     = false
   nullable    = false
   validation {
@@ -497,7 +497,7 @@ variable "enable_secrets_manager_integration" {
 
 variable "existing_secrets_manager_instance_crn" {
   type        = string
-  description = "CRN of secrets manager instance where ingress certificate secrets will be stored."
+  description = "CRN of the Secrets Manager instance where Ingress certificate secrets will be stored."
   default     = null
 }
 

variables.tf

@@ -407,7 +407,7 @@ variable "cbr_rules" {
 
 variable "enable_secrets_manager_integration" {
   type        = bool
-  description = "Enable integration with IBM Cloud Secrets Manager so you can centrally manage Ingress subdomain certificates and other secrets. [Learn more](https://cloud.ibm.com/docs/containers?topic=containers-secrets-mgr)"
+  description = "Integrate with IBM Cloud Secrets Manager so you can centrally manage Ingress subdomain certificates and other secrets. [Learn more](https://cloud.ibm.com/docs/containers?topic=containers-secrets-mgr)"
   default     = false
   nullable    = false
   validation {
@@ -421,7 +421,7 @@ variable "enable_secrets_manager_integration" {
 
 variable "existing_secrets_manager_instance_crn" {
   type        = string
-  description = "CRN of secrets manager instance where ingress certificate secrets will be stored."
+  description = "CRN of the Secrets Manager instance where Ingress certificate secrets will be stored."
   default     = null
 }