From 7dc125e839c7020e06c638f0d534ae6d3bb56264 Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Mon, 30 Jun 2025 17:52:42 +0530
Subject: [PATCH 01/26] enabling kube-audit

---
 ibm_catalog.json                          | 15 ++++++++
 solutions/fully-configurable/README.md    |  8 +++++
 solutions/fully-configurable/main.tf      | 13 +++++++
 solutions/fully-configurable/provider.tf  | 14 ++++++++
 solutions/fully-configurable/variables.tf | 44 +++++++++++++++++++++++
 solutions/fully-configurable/version.tf   |  8 +++++
 tests/pr_test.go                          |  2 +-
 7 files changed, 103 insertions(+), 1 deletion(-)

diff --git a/ibm_catalog.json b/ibm_catalog.json
index 395c5a0d..0a93f621 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -405,6 +405,21 @@
             },
             {
               "key": "skip_ocp_secrets_manager_iam_auth_policy"
+            },
+            {
+              "key": "audit_deployment_name"
+            },
+            {
+              "key": "audit_log_policy"
+            },
+            {
+              "key": "audit_namespace"
+            },
+            {
+              "key": "audit_webhook_listener_image"
+            },
+            {
+              "key": "audit_webhook_listener_image_version"
             }
           ],
           "dependencies": [
diff --git a/solutions/fully-configurable/README.md b/solutions/fully-configurable/README.md
index 53f0f6dc..c9ca8a97 100644
--- a/solutions/fully-configurable/README.md
+++ b/solutions/fully-configurable/README.md
@@ -17,7 +17,9 @@ The following resources are provisioned by this example:
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >=1.9.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.15.0, <3.0.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.78.4 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.16.1 |
 
 ### Modules
 
@@ -29,6 +31,7 @@ The following resources are provisioned by this example:
 | <a name="module_existing_secrets_manager_instance_parser"></a> [existing\_secrets\_manager\_instance\_parser](#module\_existing\_secrets\_manager\_instance\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.1.0 |
 | <a name="module_existing_vpc_crn_parser"></a> [existing\_vpc\_crn\_parser](#module\_existing\_vpc\_crn\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.1.0 |
 | <a name="module_kms"></a> [kms](#module\_kms) | terraform-ibm-modules/kms-all-inclusive/ibm | 5.1.7 |
+| <a name="module_kube_audit"></a> [kube\_audit](#module\_kube\_audit) | ../../modules/kube-audit | n/a |
 | <a name="module_ocp_base"></a> [ocp\_base](#module\_ocp\_base) | ../.. | n/a |
 | <a name="module_resource_group"></a> [resource\_group](#module\_resource\_group) | terraform-ibm-modules/resource-group/ibm | 1.2.0 |
 | <a name="module_secret_group"></a> [secret\_group](#module\_secret\_group) | terraform-ibm-modules/secrets-manager-secret-group/ibm | 1.3.7 |
@@ -53,6 +56,11 @@ The following resources are provisioned by this example:
 | <a name="input_addons"></a> [addons](#input\_addons) | Map of OCP cluster add-on versions to install (NOTE: The 'vpc-block-csi-driver' add-on is installed by default for VPC clusters and 'ibm-storage-operator' is installed by default in OCP 4.15 and later, however you can explicitly specify it here if you wish to choose a later version than the default one). For full list of all supported add-ons and versions, see https://cloud.ibm.com/docs/containers?topic=containers-supported-cluster-addon-versions. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/fully-configurable/DA_docs.md#options-with-addons) | <pre>object({<br/>    debug-tool = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    image-key-synchronizer = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    openshift-data-foundation = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    vpc-file-csi-driver = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    static-route = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    cluster-autoscaler = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    vpc-block-csi-driver = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    ibm-storage-operator = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    openshift-ai = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>  })</pre> | `{}` | no |
 | <a name="input_allow_default_worker_pool_replacement"></a> [allow\_default\_worker\_pool\_replacement](#input\_allow\_default\_worker\_pool\_replacement) | Set to true to allow the module to recreate a default worker pool. Only use in the case where you are getting an error indicating that the default worker pool cannot be replaced on apply. Once the default worker pool is handled separately, if you wish to make any change to the default worker pool which requires the re-creation of the default pool set this variable to true. | `bool` | `false` | no |
 | <a name="input_attach_ibm_managed_security_group"></a> [attach\_ibm\_managed\_security\_group](#input\_attach\_ibm\_managed\_security\_group) | Specify whether to attach the IBM-defined default security group (whose name is kube-<clusterid>) to all worker nodes. Only applicable if `custom_security_group_ids` is set. | `bool` | `true` | no |
+| <a name="input_audit_deployment_name"></a> [audit\_deployment\_name](#input\_audit\_deployment\_name) | The name of log collection deployement and service. | `string` | `"ibmcloud-kube-audit"` | no |
+| <a name="input_audit_log_policy"></a> [audit\_log\_policy](#input\_audit\_log\_policy) | Specify the amount of information that is logged to the API server audit logs by choosing the audit log policy profile to use. Supported values are `default` and `WriteRequestBodies`. | `string` | `"default"` | no |
+| <a name="input_audit_namespace"></a> [audit\_namespace](#input\_audit\_namespace) | The name of the namespace where log collection service and a deployment will be created. | `string` | `"ibm-kube-audit"` | no |
+| <a name="input_audit_webhook_listener_image"></a> [audit\_webhook\_listener\_image](#input\_audit\_webhook\_listener\_image) | The audit webhook listener image reference in the format of `[registry-url]/[namespace]/[image]`.The sub-module uses the `icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs` image to forward logs to IBM Cloud Logs. This image is for demonstration purposes only. For a production solution, configure and maintain your own log forwarding image. | `string` | `"icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs"` | no |
+| <a name="input_audit_webhook_listener_image_version"></a> [audit\_webhook\_listener\_image\_version](#input\_audit\_webhook\_listener\_image\_version) | The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`. | `string` | `"deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144"` | no |
 | <a name="input_boot_volume_key_name"></a> [boot\_volume\_key\_name](#input\_boot\_volume\_key\_name) | The name for the key created for the block storage volumes. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"boot-volume-key"` | no |
 | <a name="input_boot_volume_key_ring_name"></a> [boot\_volume\_key\_ring\_name](#input\_boot\_volume\_key\_ring\_name) | The name for the key ring created for the block storage volumes key. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"boot-volume-key-ring"` | no |
 | <a name="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules) | The list of context-based restriction rules to create. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/fully-configurable/DA_docs.md#options-with-cbr) | <pre>list(object({<br/>    description = string<br/>    account_id  = string<br/>    rule_contexts = list(object({<br/>      attributes = optional(list(object({<br/>        name  = string<br/>        value = string<br/>    }))) }))<br/>    enforcement_mode = string<br/>    tags = optional(list(object({<br/>      name  = string<br/>      value = string<br/>    })), [])<br/>    operations = optional(list(object({<br/>      api_types = list(object({<br/>        api_type_id = string<br/>      }))<br/>    })))<br/>  }))</pre> | `[]` | no |
diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf
index 6ffe05b6..798a2456 100644
--- a/solutions/fully-configurable/main.tf
+++ b/solutions/fully-configurable/main.tf
@@ -277,3 +277,16 @@ module "secret_group" {
   secret_group_description = "Secret group for storing ingress certificates for cluster ${var.cluster_name} with id: ${module.ocp_base.cluster_id}"
   endpoint_type            = var.secrets_manager_endpoint_type
 }
+
+module "kube_audit" {
+  ibmcloud_api_key                     = var.ibmcloud_api_key
+  source                               = "../../modules/kube-audit"
+  cluster_id                           = module.ocp_base.cluster_id
+  cluster_resource_group_id            = module.ocp_base.resource_group_id
+  region                               = module.ocp_base.region
+  audit_log_policy                     = var.audit_log_policy
+  audit_namespace                      = var.audit_namespace
+  audit_deployment_name                = var.audit_deployment_name
+  audit_webhook_listener_image         = var.audit_webhook_listener_image
+  audit_webhook_listener_image_version = var.audit_webhook_listener_image_version
+}
diff --git a/solutions/fully-configurable/provider.tf b/solutions/fully-configurable/provider.tf
index ebbc8672..d95bf052 100644
--- a/solutions/fully-configurable/provider.tf
+++ b/solutions/fully-configurable/provider.tf
@@ -21,3 +21,17 @@ provider "ibm" {
   region           = var.enable_secrets_manager_integration ? module.existing_secrets_manager_instance_parser[0].region : local.vpc_region
   visibility       = var.provider_visibility
 }
+
+provider "helm" {
+  kubernetes {
+    host                   = data.ibm_container_cluster_config.cluster_config[0].host
+    token                  = data.ibm_container_cluster_config.cluster_config[0].token
+    cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config[0].ca_certificate
+  }
+}
+
+provider "kubernetes" {
+  host                   = data.ibm_container_cluster_config.cluster_config[0].host
+  token                  = data.ibm_container_cluster_config.cluster_config[0].token
+  cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config[0].ca_certificate
+}
diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index 31e4ec1d..27d7b270 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -543,3 +543,47 @@ variable "skip_ocp_secrets_manager_iam_auth_policy" {
   description = "To skip creating auth policy that allows OCP cluster 'Manager' role access in the existing Secrets Manager instance for managing ingress certificates."
   default     = false
 }
+
+##############################################################
+# Kube Audit
+##############################################################
+
+variable "audit_log_policy" {
+  type        = string
+  description = "Specify the amount of information that is logged to the API server audit logs by choosing the audit log policy profile to use. Supported values are `default` and `WriteRequestBodies`."
+  default     = "default"
+
+  validation {
+    error_message = "Invalid Audit log policy Type! Valid values are 'default' or 'WriteRequestBodies'"
+    condition     = contains(["default", "WriteRequestBodies"], var.audit_log_policy)
+  }
+}
+
+variable "audit_namespace" {
+  type        = string
+  description = "The name of the namespace where log collection service and a deployment will be created."
+  default     = "ibm-kube-audit"
+}
+
+variable "audit_deployment_name" {
+  type        = string
+  description = "The name of log collection deployement and service."
+  default     = "ibmcloud-kube-audit"
+}
+
+variable "audit_webhook_listener_image" {
+  type        = string
+  description = "The audit webhook listener image reference in the format of `[registry-url]/[namespace]/[image]`.The sub-module uses the `icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs` image to forward logs to IBM Cloud Logs. This image is for demonstration purposes only. For a production solution, configure and maintain your own log forwarding image."
+  default     = "icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs"
+}
+
+variable "audit_webhook_listener_image_version" {
+  type        = string
+  description = "The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`."
+  nullable    = false
+  default     = "deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144" # See, https://github.ibm.com/GoldenEye/issues/issues/13371
+  validation {
+    condition     = can(regex("^[a-f0-9]{40}@sha256:[a-f0-9]{64}$", var.audit_webhook_listener_image_version))
+    error_message = "The value of the audit webhook listener image version must match the tag and sha256 image digest format"
+  }
+}
diff --git a/solutions/fully-configurable/version.tf b/solutions/fully-configurable/version.tf
index c102b901..530e4edf 100644
--- a/solutions/fully-configurable/version.tf
+++ b/solutions/fully-configurable/version.tf
@@ -7,5 +7,13 @@ terraform {
       source  = "IBM-Cloud/ibm"
       version = "1.78.4"
     }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.15.0, <3.0.0"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.16.1"
+    }
   }
 }
diff --git a/tests/pr_test.go b/tests/pr_test.go
index 89151e68..0579dabd 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -105,7 +105,7 @@ func TestRunFullyConfigurableInSchematics(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "ocp-fc",
-		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md"},
+		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/**"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,

From 3c06be568d6f22d6bf3b0397e11ba3acf35496a3 Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Mon, 30 Jun 2025 17:52:42 +0530
Subject: [PATCH 02/26] enabling kube-audit

---
 ibm_catalog.json                          | 15 ++++++++
 solutions/fully-configurable/main.tf      | 22 ++++++++++++
 solutions/fully-configurable/provider.tf  | 14 ++++++++
 solutions/fully-configurable/variables.tf | 44 +++++++++++++++++++++++
 solutions/fully-configurable/version.tf   |  8 +++++
 tests/pr_test.go                          |  2 +-
 6 files changed, 104 insertions(+), 1 deletion(-)

diff --git a/ibm_catalog.json b/ibm_catalog.json
index 5fbb538f..fdc8de11 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -738,6 +738,21 @@
                 }
               ],
               "hidden": true
+            },
+            {
+              "key": "audit_deployment_name"
+            },
+            {
+              "key": "audit_log_policy"
+            },
+            {
+              "key": "audit_namespace"
+            },
+            {
+              "key": "audit_webhook_listener_image"
+            },
+            {
+              "key": "audit_webhook_listener_image_version"
             }
           ],
           "dependencies": [
diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf
index 6039ac07..3976bd61 100644
--- a/solutions/fully-configurable/main.tf
+++ b/solutions/fully-configurable/main.tf
@@ -277,3 +277,25 @@ module "secret_group" {
   secret_group_description = "Secret group for storing ingress certificates for cluster ${var.cluster_name} with id: ${module.ocp_base.cluster_id}"
   endpoint_type            = var.secrets_manager_endpoint_type
 }
+
+data "ibm_container_cluster_config" "cluster_config" {
+  count             = var.enable_ocp_console != null || var.verify_worker_network_readiness || lookup(var.addons, "cluster-autoscaler", null) != null ? 1 : 0
+  cluster_name_id   = module.ocp_base.cluster_id
+  config_dir        = "${path.module}/kubeconfig"
+  admin             = true
+  resource_group_id = module.ocp_base.resource_group_id
+  endpoint_type     = var.cluster_config_endpoint_type != "default" ? var.cluster_config_endpoint_type : null
+}
+
+module "kube_audit" {
+  ibmcloud_api_key                     = var.ibmcloud_api_key
+  source                               = "../../modules/kube-audit"
+  cluster_id                           = module.ocp_base.cluster_id
+  cluster_resource_group_id            = module.ocp_base.resource_group_id
+  region                               = module.ocp_base.region
+  audit_log_policy                     = var.audit_log_policy
+  audit_namespace                      = var.audit_namespace
+  audit_deployment_name                = var.audit_deployment_name
+  audit_webhook_listener_image         = var.audit_webhook_listener_image
+  audit_webhook_listener_image_version = var.audit_webhook_listener_image_version
+}
diff --git a/solutions/fully-configurable/provider.tf b/solutions/fully-configurable/provider.tf
index a476e329..3ff173c3 100644
--- a/solutions/fully-configurable/provider.tf
+++ b/solutions/fully-configurable/provider.tf
@@ -24,3 +24,17 @@ provider "ibm" {
   visibility            = var.provider_visibility
   private_endpoint_type = (var.provider_visibility == "private" && local.vpc_region == "ca-mon") ? "vpe" : null
 }
+
+provider "helm" {
+  kubernetes {
+    host                   = data.ibm_container_cluster_config.cluster_config[0].host
+    token                  = data.ibm_container_cluster_config.cluster_config[0].token
+    cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config[0].ca_certificate
+  }
+}
+
+provider "kubernetes" {
+  host                   = data.ibm_container_cluster_config.cluster_config[0].host
+  token                  = data.ibm_container_cluster_config.cluster_config[0].token
+  cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config[0].ca_certificate
+}
diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index edde3860..968bc059 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -556,3 +556,47 @@ variable "skip_ocp_secrets_manager_iam_auth_policy" {
   description = "To skip creating auth policy that allows OCP cluster 'Manager' role access in the existing Secrets Manager instance for managing ingress certificates."
   default     = false
 }
+
+##############################################################
+# Kube Audit
+##############################################################
+
+variable "audit_log_policy" {
+  type        = string
+  description = "Specify the amount of information that is logged to the API server audit logs by choosing the audit log policy profile to use. Supported values are `default` and `WriteRequestBodies`."
+  default     = "default"
+
+  validation {
+    error_message = "Invalid Audit log policy Type! Valid values are 'default' or 'WriteRequestBodies'"
+    condition     = contains(["default", "WriteRequestBodies"], var.audit_log_policy)
+  }
+}
+
+variable "audit_namespace" {
+  type        = string
+  description = "The name of the namespace where log collection service and a deployment will be created."
+  default     = "ibm-kube-audit"
+}
+
+variable "audit_deployment_name" {
+  type        = string
+  description = "The name of log collection deployement and service."
+  default     = "ibmcloud-kube-audit"
+}
+
+variable "audit_webhook_listener_image" {
+  type        = string
+  description = "The audit webhook listener image reference in the format of `[registry-url]/[namespace]/[image]`.The sub-module uses the `icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs` image to forward logs to IBM Cloud Logs. This image is for demonstration purposes only. For a production solution, configure and maintain your own log forwarding image."
+  default     = "icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs"
+}
+
+variable "audit_webhook_listener_image_version" {
+  type        = string
+  description = "The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`."
+  nullable    = false
+  default     = "deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144" # See, https://github.ibm.com/GoldenEye/issues/issues/13371
+  validation {
+    condition     = can(regex("^[a-f0-9]{40}@sha256:[a-f0-9]{64}$", var.audit_webhook_listener_image_version))
+    error_message = "The value of the audit webhook listener image version must match the tag and sha256 image digest format"
+  }
+}
diff --git a/solutions/fully-configurable/version.tf b/solutions/fully-configurable/version.tf
index b19fb1da..a988c521 100644
--- a/solutions/fully-configurable/version.tf
+++ b/solutions/fully-configurable/version.tf
@@ -7,5 +7,13 @@ terraform {
       source  = "IBM-Cloud/ibm"
       version = "1.79.2"
     }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.15.0, <3.0.0"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.16.1"
+    }
   }
 }
diff --git a/tests/pr_test.go b/tests/pr_test.go
index 89151e68..0579dabd 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -105,7 +105,7 @@ func TestRunFullyConfigurableInSchematics(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "ocp-fc",
-		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md"},
+		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/**"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,

From 13af97617ef1a3c1a71eec0eea94ec568d43d0f8 Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Tue, 1 Jul 2025 11:33:28 +0530
Subject: [PATCH 03/26] Fixes

---
 ibm_catalog.json                          | 3 +++
 solutions/fully-configurable/main.tf      | 7 +++++++
 solutions/fully-configurable/variables.tf | 6 ++++++
 solutions/fully-configurable/version.tf   | 4 ++++
 4 files changed, 20 insertions(+)

diff --git a/ibm_catalog.json b/ibm_catalog.json
index fdc8de11..35b5e417 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -739,6 +739,9 @@
               ],
               "hidden": true
             },
+            {
+              "key":"enable_kube_audit"
+            },
             {
               "key": "audit_deployment_name"
             },
diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf
index 3976bd61..fc600ec3 100644
--- a/solutions/fully-configurable/main.tf
+++ b/solutions/fully-configurable/main.tf
@@ -287,7 +287,14 @@ data "ibm_container_cluster_config" "cluster_config" {
   endpoint_type     = var.cluster_config_endpoint_type != "default" ? var.cluster_config_endpoint_type : null
 }
 
+# Wait time to allow cluster refreshes components after provisioning
+resource "time_sleep" "wait_45_seconds" {
+  depends_on      = [data.ibm_container_cluster_config.cluster_config]
+  create_duration = "45s"
+}
+
 module "kube_audit" {
+  count                                = var.enable_kube_audit ? 1 : 0
   ibmcloud_api_key                     = var.ibmcloud_api_key
   source                               = "../../modules/kube-audit"
   cluster_id                           = module.ocp_base.cluster_id
diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index 968bc059..5c50459c 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -561,6 +561,12 @@ variable "skip_ocp_secrets_manager_iam_auth_policy" {
 # Kube Audit
 ##############################################################
 
+variable "enable_kube_audit" {
+  type        = bool
+  description = "Set true to enable kube audit by default."
+  default     = true
+}
+
 variable "audit_log_policy" {
   type        = string
   description = "Specify the amount of information that is logged to the API server audit logs by choosing the audit log policy profile to use. Supported values are `default` and `WriteRequestBodies`."
diff --git a/solutions/fully-configurable/version.tf b/solutions/fully-configurable/version.tf
index a988c521..0d7a6ade 100644
--- a/solutions/fully-configurable/version.tf
+++ b/solutions/fully-configurable/version.tf
@@ -15,5 +15,9 @@ terraform {
       source  = "hashicorp/kubernetes"
       version = ">= 2.16.1"
     }
+    time = {
+      source  = "hashicorp/time"
+      version = "= 0.9.1"
+    }
   }
 }

From d3a464bc0e1976ae483132e289ee99745000a45e Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Tue, 1 Jul 2025 14:43:57 +0530
Subject: [PATCH 04/26] fixes

---
 solutions/fully-configurable/README.md | 144 ++++++++++++++++++++++++-
 1 file changed, 142 insertions(+), 2 deletions(-)

diff --git a/solutions/fully-configurable/README.md b/solutions/fully-configurable/README.md
index d9cdd771..0ee632ca 100644
--- a/solutions/fully-configurable/README.md
+++ b/solutions/fully-configurable/README.md
@@ -1,3 +1,143 @@
-# Cloud automation for Red Hat OpenShift Container Platform on VPC (Fully configurable)
+# Fully-configurable OCP VPC cluster
 
-:exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).
+This architecture creates a fully-configurable OCP VPC cluster. Also the outbound traffic is allowed, which is required for accessing the Operator Hub.
+
+The following resources are provisioned by this example:
+
+- OCP VPC cluster.
+- Cluster keys if an existing KMS instance is passed.
+
+
+![ocp-cluster](../../reference-architecture/deployable-architecture-ocp-cluster.svg)
+
+<!-- Below content is automatically populated via pre-commit hook -->
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+### Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >=1.9.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.15.0, <3.0.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.79.2 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.16.1 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | = 0.9.1 |
+
+### Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_existing_boot_volume_kms_key_crn_parser"></a> [existing\_boot\_volume\_kms\_key\_crn\_parser](#module\_existing\_boot\_volume\_kms\_key\_crn\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.2.0 |
+| <a name="module_existing_cluster_kms_key_crn_parser"></a> [existing\_cluster\_kms\_key\_crn\_parser](#module\_existing\_cluster\_kms\_key\_crn\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.2.0 |
+| <a name="module_existing_kms_crn_parser"></a> [existing\_kms\_crn\_parser](#module\_existing\_kms\_crn\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.2.0 |
+| <a name="module_existing_secrets_manager_instance_parser"></a> [existing\_secrets\_manager\_instance\_parser](#module\_existing\_secrets\_manager\_instance\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.2.0 |
+| <a name="module_existing_vpc_crn_parser"></a> [existing\_vpc\_crn\_parser](#module\_existing\_vpc\_crn\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.2.0 |
+| <a name="module_kms"></a> [kms](#module\_kms) | terraform-ibm-modules/kms-all-inclusive/ibm | 5.1.8 |
+| <a name="module_kube_audit"></a> [kube\_audit](#module\_kube\_audit) | ../../modules/kube-audit | n/a |
+| <a name="module_ocp_base"></a> [ocp\_base](#module\_ocp\_base) | ../.. | n/a |
+| <a name="module_resource_group"></a> [resource\_group](#module\_resource\_group) | terraform-ibm-modules/resource-group/ibm | 1.2.1 |
+| <a name="module_secret_group"></a> [secret\_group](#module\_secret\_group) | terraform-ibm-modules/secrets-manager-secret-group/ibm | 1.3.8 |
+
+### Resources
+
+| Name | Type |
+|------|------|
+| [terraform_data.delete_secrets](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
+| [time_sleep.wait_45_seconds](https://registry.terraform.io/providers/hashicorp/time/0.9.1/docs/resources/sleep) | resource |
+| [ibm_container_cluster_config.cluster_config](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.79.2/docs/data-sources/container_cluster_config) | data source |
+| [ibm_is_subnet.subnets](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.79.2/docs/data-sources/is_subnet) | data source |
+| [ibm_is_subnets.vpc_subnets](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.79.2/docs/data-sources/is_subnets) | data source |
+
+### Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_access_tags"></a> [access\_tags](#input\_access\_tags) | A list of access tags to apply to the resources created by the module. | `list(string)` | `[]` | no |
+| <a name="input_additional_lb_security_group_ids"></a> [additional\_lb\_security\_group\_ids](#input\_additional\_lb\_security\_group\_ids) | Additional security groups to add to the load balancers associated with the cluster. Ensure that the `number_of_lbs` is set to the number of LBs associated with the cluster. This comes in addition to the IBM maintained security group. | `list(string)` | `[]` | no |
+| <a name="input_additional_security_group_ids"></a> [additional\_security\_group\_ids](#input\_additional\_security\_group\_ids) | A list of security group IDs that are attached to the worker nodes for additional network security controls. | `list(string)` | `[]` | no |
+| <a name="input_additional_vpe_security_group_ids"></a> [additional\_vpe\_security\_group\_ids](#input\_additional\_vpe\_security\_group\_ids) | Additional security groups to add to all existing load balancers. This comes in addition to the IBM maintained security group. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/fully-configurable/DA_docs.md#options-with-additional-vpe-security-group-ids) | <pre>object({<br/>    master   = optional(list(string), [])<br/>    registry = optional(list(string), [])<br/>    api      = optional(list(string), [])<br/>  })</pre> | `{}` | no |
+| <a name="input_additional_worker_pools"></a> [additional\_worker\_pools](#input\_additional\_worker\_pools) | List of additional worker pools. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/fully-configurable/DA_docs.md#options-with-worker-pools) | <pre>list(object({<br/>    vpc_subnets = optional(list(object({<br/>      id         = string<br/>      zone       = string<br/>      cidr_block = string<br/>    })), [])<br/>    pool_name                     = string<br/>    machine_type                  = string<br/>    workers_per_zone              = number<br/>    operating_system              = string<br/>    labels                        = optional(map(string))<br/>    minSize                       = optional(number)<br/>    secondary_storage             = optional(string)<br/>    maxSize                       = optional(number)<br/>    enableAutoscaling             = optional(bool)<br/>    additional_security_group_ids = optional(list(string))<br/>  }))</pre> | `[]` | no |
+| <a name="input_addons"></a> [addons](#input\_addons) | Map of OCP cluster add-on versions to install (NOTE: The 'vpc-block-csi-driver' add-on is installed by default for VPC clusters and 'ibm-storage-operator' is installed by default in OCP 4.15 and later, however you can explicitly specify it here if you wish to choose a later version than the default one). [Check supported addons and versions here](https://cloud.ibm.com/docs/containers?topic=containers-supported-cluster-addon-versions). [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/fully-configurable/DA_docs.md#options-with-addons) | <pre>object({<br/>    debug-tool = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    image-key-synchronizer = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    openshift-data-foundation = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    vpc-file-csi-driver = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    static-route = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    cluster-autoscaler = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    vpc-block-csi-driver = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    ibm-storage-operator = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    openshift-ai = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>  })</pre> | `{}` | no |
+| <a name="input_allow_default_worker_pool_replacement"></a> [allow\_default\_worker\_pool\_replacement](#input\_allow\_default\_worker\_pool\_replacement) | Set to true to allow the module to recreate a default worker pool. Only use in the case where you are getting an error indicating that the default worker pool cannot be replaced on apply. Once the default worker pool is handled separately, if you wish to make any change to the default worker pool which requires the re-creation of the default pool set this variable to true. | `bool` | `false` | no |
+| <a name="input_attach_ibm_managed_security_group"></a> [attach\_ibm\_managed\_security\_group](#input\_attach\_ibm\_managed\_security\_group) | Specify whether to attach the IBM-defined default security group (whose name is kube-<clusterid>) to all worker nodes. Only applicable if `custom_security_group_ids` is set. | `bool` | `true` | no |
+| <a name="input_audit_deployment_name"></a> [audit\_deployment\_name](#input\_audit\_deployment\_name) | The name of log collection deployement and service. | `string` | `"ibmcloud-kube-audit"` | no |
+| <a name="input_audit_log_policy"></a> [audit\_log\_policy](#input\_audit\_log\_policy) | Specify the amount of information that is logged to the API server audit logs by choosing the audit log policy profile to use. Supported values are `default` and `WriteRequestBodies`. | `string` | `"default"` | no |
+| <a name="input_audit_namespace"></a> [audit\_namespace](#input\_audit\_namespace) | The name of the namespace where log collection service and a deployment will be created. | `string` | `"ibm-kube-audit"` | no |
+| <a name="input_audit_webhook_listener_image"></a> [audit\_webhook\_listener\_image](#input\_audit\_webhook\_listener\_image) | The audit webhook listener image reference in the format of `[registry-url]/[namespace]/[image]`.The sub-module uses the `icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs` image to forward logs to IBM Cloud Logs. This image is for demonstration purposes only. For a production solution, configure and maintain your own log forwarding image. | `string` | `"icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs"` | no |
+| <a name="input_audit_webhook_listener_image_version"></a> [audit\_webhook\_listener\_image\_version](#input\_audit\_webhook\_listener\_image\_version) | The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`. | `string` | `"deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144"` | no |
+| <a name="input_boot_volume_kms_key_name"></a> [boot\_volume\_kms\_key\_name](#input\_boot\_volume\_kms\_key\_name) | The name for the key created for the block storage volumes. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"boot-volume-key"` | no |
+| <a name="input_boot_volume_kms_key_ring_name"></a> [boot\_volume\_kms\_key\_ring\_name](#input\_boot\_volume\_kms\_key\_ring\_name) | The name for the key ring created for the block storage volumes key. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"boot-volume-key-ring"` | no |
+| <a name="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules) | The list of context-based restriction rules to create. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/fully-configurable/DA_docs.md#options-with-cbr) | <pre>list(object({<br/>    description = string<br/>    account_id  = string<br/>    rule_contexts = list(object({<br/>      attributes = optional(list(object({<br/>        name  = string<br/>        value = string<br/>    }))) }))<br/>    enforcement_mode = string<br/>    tags = optional(list(object({<br/>      name  = string<br/>      value = string<br/>    })), [])<br/>    operations = optional(list(object({<br/>      api_types = list(object({<br/>        api_type_id = string<br/>      }))<br/>    })))<br/>  }))</pre> | `[]` | no |
+| <a name="input_cluster_config_endpoint_type"></a> [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for cluster config access: 'default', 'private', 'vpe', 'link'. A 'default' value uses the default endpoint of the cluster. | `string` | `"default"` | no |
+| <a name="input_cluster_kms_key_name"></a> [cluster\_kms\_key\_name](#input\_cluster\_kms\_key\_name) | The name of the key to be created for the cluster's Object Storage bucket encryption. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"cluster-key"` | no |
+| <a name="input_cluster_kms_key_ring_name"></a> [cluster\_kms\_key\_ring\_name](#input\_cluster\_kms\_key\_ring\_name) | The name of the key ring to be created for the cluster's Object Storage bucket encryption key. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"cluster-key-ring"` | no |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the new IBM Cloud OpenShift Cluster. If a `prefix` input variable is specified, it is added to this name in the `<prefix>-value` format. | `string` | `"openshift"` | no |
+| <a name="input_cluster_ready_when"></a> [cluster\_ready\_when](#input\_cluster\_ready\_when) | The cluster is ready based on one of the following:: MasterNodeReady (not recommended), OneWorkerNodeReady, Normal, IngressReady. | `string` | `"IngressReady"` | no |
+| <a name="input_cluster_resource_tags"></a> [cluster\_resource\_tags](#input\_cluster\_resource\_tags) | Metadata labels describing this cluster deployment, i.e. test. | `list(string)` | `[]` | no |
+| <a name="input_custom_security_group_ids"></a> [custom\_security\_group\_ids](#input\_custom\_security\_group\_ids) | Security groups to add to all worker nodes. This comes in addition to the IBM maintained security group if `attach_ibm_managed_security_group` is set to true. If this variable is set, the default VPC security group is NOT assigned to the worker nodes. | `list(string)` | `null` | no |
+| <a name="input_default_pool_maximum_number_of_nodes"></a> [default\_pool\_maximum\_number\_of\_nodes](#input\_default\_pool\_maximum\_number\_of\_nodes) | The maximum number of worker nodes allowed in the pool, preventing the pool from exceeding three workers. | `number` | `3` | no |
+| <a name="input_default_pool_minimum_number_of_nodes"></a> [default\_pool\_minimum\_number\_of\_nodes](#input\_default\_pool\_minimum\_number\_of\_nodes) | The minimum number of worker nodes allowed in the pool, ensuring at least one worker is always running. | `number` | `1` | no |
+| <a name="input_default_worker_pool_labels"></a> [default\_worker\_pool\_labels](#input\_default\_worker\_pool\_labels) | A set of key-value labels assigned to the worker pool for identification. For Example: { env = "prod", team = "devops" } | `map(string)` | `{}` | no |
+| <a name="input_default_worker_pool_machine_type"></a> [default\_worker\_pool\_machine\_type](#input\_default\_worker\_pool\_machine\_type) | The machine type for worker nodes.[Learn more](https://cloud.ibm.com/docs/openshift?topic=openshift-vpc-flavors) | `string` | `"bx2.8x32"` | no |
+| <a name="input_default_worker_pool_operating_system"></a> [default\_worker\_pool\_operating\_system](#input\_default\_worker\_pool\_operating\_system) | The operating system installed on the worker nodes. [Learn more](https://cloud.ibm.com/docs/openshift?topic=openshift-vpc-flavors) | `string` | `"RHEL_9_64"` | no |
+| <a name="input_default_worker_pool_workers_per_zone"></a> [default\_worker\_pool\_workers\_per\_zone](#input\_default\_worker\_pool\_workers\_per\_zone) | Number of worker nodes in each zone of the cluster. | `number` | `2` | no |
+| <a name="input_disable_outbound_traffic_protection"></a> [disable\_outbound\_traffic\_protection](#input\_disable\_outbound\_traffic\_protection) | Whether to allow public outbound access from the cluster workers. This is only applicable for OCP 4.15 and later. | `bool` | `false` | no |
+| <a name="input_disable_public_endpoint"></a> [disable\_public\_endpoint](#input\_disable\_public\_endpoint) | Whether access to the public service endpoint is disabled when the cluster is created. Does not affect existing clusters. You can't disable a public endpoint on an existing cluster, so you can't convert a public cluster to a private cluster. To change a public endpoint to private, create another cluster with this input set to `true`. | `bool` | `true` | no |
+| <a name="input_enable_autoscaling_for_default_pool"></a> [enable\_autoscaling\_for\_default\_pool](#input\_enable\_autoscaling\_for\_default\_pool) | Set `true` to enable automatic scaling of worker based on workload demand. | `bool` | `false` | no |
+| <a name="input_enable_kube_audit"></a> [enable\_kube\_audit](#input\_enable\_kube\_audit) | Set true to enable kube audit by default. | `bool` | `true` | no |
+| <a name="input_enable_ocp_console"></a> [enable\_ocp\_console](#input\_enable\_ocp\_console) | Flag to specify whether to enable or disable the OpenShift console. If set to `null` the module does not modify the current setting on the cluster. Keep in mind that when this input is set to `true` or `false` on a cluster with private only endpoint enabled, the runtime must be able to access the private endpoint. | `bool` | `null` | no |
+| <a name="input_enable_secrets_manager_integration"></a> [enable\_secrets\_manager\_integration](#input\_enable\_secrets\_manager\_integration) | Integrate with IBM Cloud Secrets Manager so you can centrally manage Ingress subdomain certificates and other secrets. [Learn more](https://cloud.ibm.com/docs/containers?topic=containers-secrets-mgr) | `bool` | `false` | no |
+| <a name="input_existing_boot_volume_kms_key_crn"></a> [existing\_boot\_volume\_kms\_key\_crn](#input\_existing\_boot\_volume\_kms\_key\_crn) | The CRN of an existing KMS key to use to encrypt the the block storage volumes for VPC. If no value is set for this variable, specify a value for either the `existing_kms_instance_crn` variable to create a key ring and key. | `string` | `null` | no |
+| <a name="input_existing_cluster_kms_key_crn"></a> [existing\_cluster\_kms\_key\_crn](#input\_existing\_cluster\_kms\_key\_crn) | The CRN of an existing KMS key to use for encrypting the Object Storage of the Cluster. If no value is set for this variable, specify a value for `existing_kms_instance_crn` variable to create a key ring and key. | `string` | `null` | no |
+| <a name="input_existing_cos_instance_crn"></a> [existing\_cos\_instance\_crn](#input\_existing\_cos\_instance\_crn) | The CRN of an already existing Object Storage instance to use for OpenShift internal registry storage. | `string` | n/a | yes |
+| <a name="input_existing_kms_instance_crn"></a> [existing\_kms\_instance\_crn](#input\_existing\_kms\_instance\_crn) | The CRN of an existing KMS instance (Hyper Protect Crypto Services or Key Protect). If the KMS instance is in different account you must also provide a value for `ibmcloud_kms_api_key`. | `string` | `null` | no |
+| <a name="input_existing_resource_group_name"></a> [existing\_resource\_group\_name](#input\_existing\_resource\_group\_name) | The name of an existing resource group to provision the cluster. | `string` | `"Default"` | no |
+| <a name="input_existing_secrets_manager_instance_crn"></a> [existing\_secrets\_manager\_instance\_crn](#input\_existing\_secrets\_manager\_instance\_crn) | CRN of the Secrets Manager instance where Ingress certificate secrets are stored. If 'enable\_secrets\_manager\_integration' is set to true then this value is required. | `string` | `null` | no |
+| <a name="input_existing_subnet_ids"></a> [existing\_subnet\_ids](#input\_existing\_subnet\_ids) | The list of IDs of existing subnets where the default worker pool nodes of the cluster are provisioned. | `list(string)` | `[]` | no |
+| <a name="input_existing_vpc_crn"></a> [existing\_vpc\_crn](#input\_existing\_vpc\_crn) | The CRN of an existing VPC. If the user provides only the `existing_vpc_crn` the default worker pool is provisioned across all the subnets in the VPC. | `string` | n/a | yes |
+| <a name="input_ibmcloud_api_key"></a> [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | The IBM Cloud api key. | `string` | n/a | yes |
+| <a name="input_ibmcloud_kms_api_key"></a> [ibmcloud\_kms\_api\_key](#input\_ibmcloud\_kms\_api\_key) | The IBM Cloud API key that can create a root key and key ring in the key management service (KMS) instance for the cluster. If not specified, the 'ibmcloud\_api\_key' variable is used. Specify this key if the KMS instance in `existing_kms_instance_crn` is in an account that is different from the cluster's account. Leave this input empty if both the cluster and the KMS instance are in the same account. | `string` | `null` | no |
+| <a name="input_ignore_worker_pool_size_changes"></a> [ignore\_worker\_pool\_size\_changes](#input\_ignore\_worker\_pool\_size\_changes) | Enable if using worker autoscaling. Stops Terraform managing worker count. | `bool` | `false` | no |
+| <a name="input_kms_encryption_enabled_boot_volume"></a> [kms\_encryption\_enabled\_boot\_volume](#input\_kms\_encryption\_enabled\_boot\_volume) | Set this to true to control the encryption keys used to encrypt the data that for the block storage volumes for VPC. If set to false, the data is encrypted by using randomly generated keys. For more info on encrypting block storage volumes, see https://cloud.ibm.com/docs/vpc?topic=vpc-creating-instances-byok | `bool` | `false` | no |
+| <a name="input_kms_encryption_enabled_cluster"></a> [kms\_encryption\_enabled\_cluster](#input\_kms\_encryption\_enabled\_cluster) | Set to true to enable KMS encryption for the cluster's Object Storage bucket. When set to true, a value must be passed for either `existing_cluster_kms_key_crn` or `existing_kms_instance_crn`. | `bool` | `false` | no |
+| <a name="input_kms_endpoint_type"></a> [kms\_endpoint\_type](#input\_kms\_endpoint\_type) | The endpoint for communicating with the KMS instance. Possible values: `public`, `private`. Applies only if `kms_encryption_enabled_cluster` is true | `string` | `"private"` | no |
+| <a name="input_manage_all_addons"></a> [manage\_all\_addons](#input\_manage\_all\_addons) | Instructs deployable architecture to manage all cluster addons, even if addons were installed outside of the module. If set to 'true' this deployable architecture destroys any addons that were installed by other sources. | `bool` | `false` | no |
+| <a name="input_number_of_lbs"></a> [number\_of\_lbs](#input\_number\_of\_lbs) | The number of LBs to associated the `additional_lb_security_group_names` security group with. | `number` | `1` | no |
+| <a name="input_ocp_entitlement"></a> [ocp\_entitlement](#input\_ocp\_entitlement) | Value that is applied to the entitlements for OCP cluster provisioning. | `string` | `null` | no |
+| <a name="input_ocp_version"></a> [ocp\_version](#input\_ocp\_version) | Version of the OCP cluster to provision. | `string` | `"4.17"` | no |
+| <a name="input_pod_subnet_cidr"></a> [pod\_subnet\_cidr](#input\_pod\_subnet\_cidr) | Specify a custom subnet CIDR to provide private IP addresses for pods. The subnet must have a CIDR of at least `/23` or larger. Default value is `172.30.0.0/16` when the variable is set to `null`. | `string` | `null` | no |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-0405-ocp. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md). | `string` | n/a | yes |
+| <a name="input_provider_visibility"></a> [provider\_visibility](#input\_provider\_visibility) | Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints). | `string` | `"private"` | no |
+| <a name="input_secrets_manager_endpoint_type"></a> [secrets\_manager\_endpoint\_type](#input\_secrets\_manager\_endpoint\_type) | The type of endpoint (public or private) to connect to the Secrets Manager API. The Terraform provider uses this endpoint type to interact with the Secrets Manager API. | `string` | `"private"` | no |
+| <a name="input_secrets_manager_secret_group_id"></a> [secrets\_manager\_secret\_group\_id](#input\_secrets\_manager\_secret\_group\_id) | Secret group ID where Ingress secrets are stored in the Secrets Manager instance. If 'enable\_secrets\_manager\_integration' is set to true and 'secrets\_manager\_secret\_group\_id' is not provided, a new group will be created with the same name as cluster\_id. | `string` | `null` | no |
+| <a name="input_service_subnet_cidr"></a> [service\_subnet\_cidr](#input\_service\_subnet\_cidr) | Specify a custom subnet CIDR to provide private IP addresses for services. The subnet must be at least `/24` or larger. Default value is `172.21.0.0/16` when the variable is set to `null`. | `string` | `null` | no |
+| <a name="input_skip_ocp_secrets_manager_iam_auth_policy"></a> [skip\_ocp\_secrets\_manager\_iam\_auth\_policy](#input\_skip\_ocp\_secrets\_manager\_iam\_auth\_policy) | To skip creating auth policy that allows OCP cluster 'Manager' role access in the existing Secrets Manager instance for managing ingress certificates. | `bool` | `false` | no |
+| <a name="input_use_private_endpoint"></a> [use\_private\_endpoint](#input\_use\_private\_endpoint) | Set this to true to force all API calls to use the IBM Cloud private endpoints. | `bool` | `true` | no |
+| <a name="input_verify_worker_network_readiness"></a> [verify\_worker\_network\_readiness](#input\_verify\_worker\_network\_readiness) | By setting this to true, a script runs kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, set this value to false. | `bool` | `true` | no |
+| <a name="input_worker_pools_taints"></a> [worker\_pools\_taints](#input\_worker\_pools\_taints) | Optional, Map of lists containing node taints by node-pool name. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/fully-configurable/DA_docs.md#options-with-worker-pools-taints) | `map(list(object({ key = string, value = string, effect = string })))` | `null` | no |
+
+### Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_api_vpe"></a> [api\_vpe](#output\_api\_vpe) | Details of the API Virtual Private Endpoint (VPE), if it exists. For more info about schema, see https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_virtual_endpoint_gateway |
+| <a name="output_cluster_crn"></a> [cluster\_crn](#output\_cluster\_crn) | The Cloud Resource Name (CRN) of the provisioned OpenShift cluster. |
+| <a name="output_cluster_id"></a> [cluster\_id](#output\_cluster\_id) | The unique identifier assigned to the provisioned OpenShift cluster. |
+| <a name="output_cluster_name"></a> [cluster\_name](#output\_cluster\_name) | The name of the provisioned OpenShift cluster. |
+| <a name="output_cos_crn"></a> [cos\_crn](#output\_cos\_crn) | The Cloud Resource Name (CRN) of the Object Storage instance associated with the cluster. |
+| <a name="output_ingress_hostname"></a> [ingress\_hostname](#output\_ingress\_hostname) | The hostname assigned to the Cluster's Ingress subdomain for external access. |
+| <a name="output_kms_config"></a> [kms\_config](#output\_kms\_config) | Configuration details for Key Management Service (KMS) used for encryption in the cluster. |
+| <a name="output_master_status"></a> [master\_status](#output\_master\_status) | The current status of the Kubernetes master node in the cluster. |
+| <a name="output_master_url"></a> [master\_url](#output\_master\_url) | The API endpoint URL for the Kubernetes master node of the cluster. |
+| <a name="output_master_vpe"></a> [master\_vpe](#output\_master\_vpe) | Details of the master, or default Virtual Private Endpoint (VPE). For more info about schema, see https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_virtual_endpoint_gateway |
+| <a name="output_ocp_version"></a> [ocp\_version](#output\_ocp\_version) | The version of OpenShift running on the provisioned cluster. |
+| <a name="output_operating_system"></a> [operating\_system](#output\_operating\_system) | The operating system used by the worker nodes in the default worker pool. |
+| <a name="output_private_service_endpoint_url"></a> [private\_service\_endpoint\_url](#output\_private\_service\_endpoint\_url) | The Private service endpoint URL for accessing the cluster over a private network. |
+| <a name="output_public_service_endpoint_url"></a> [public\_service\_endpoint\_url](#output\_public\_service\_endpoint\_url) | The public service endpoint URL for accessing the cluster over the internet. |
+| <a name="output_region"></a> [region](#output\_region) | The IBM Cloud region where the cluster is deployed. |
+| <a name="output_registry_vpe"></a> [registry\_vpe](#output\_registry\_vpe) | Details of the registry Virtual Private Endpoint (VPE), if it exists. For more info about schema, see https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_virtual_endpoint_gateway |
+| <a name="output_resource_group_id"></a> [resource\_group\_id](#output\_resource\_group\_id) | The ID of the resource group where the cluster is deployed. |
+| <a name="output_secrets_manager_integration_config"></a> [secrets\_manager\_integration\_config](#output\_secrets\_manager\_integration\_config) | Information about the Secrets Manager instance that is used to store the Ingress certificates. |
+| <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the Virtual Private Cloud (VPC) in which the cluster is deployed. |
+| <a name="output_vpe_url"></a> [vpe\_url](#output\_vpe\_url) | The Virtual Private Endpoint (VPE) URL used for private network access to the cluster. |
+| <a name="output_workerpools"></a> [workerpools](#output\_workerpools) | A list of worker pools associated with the provisioned cluster |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

From 3e532e2ec461ff2e53c6dd7c6a0452a9c8578259 Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Tue, 1 Jul 2025 14:50:38 +0530
Subject: [PATCH 05/26] update version

---
 solutions/fully-configurable/version.tf | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/solutions/fully-configurable/version.tf b/solutions/fully-configurable/version.tf
index 2cc145c8..0d7a6ade 100644
--- a/solutions/fully-configurable/version.tf
+++ b/solutions/fully-configurable/version.tf
@@ -19,13 +19,5 @@ terraform {
       source  = "hashicorp/time"
       version = "= 0.9.1"
     }
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">= 2.15.0, <3.0.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.16.1"
-    }
   }
 }

From c76d56b0ead91f522ab8841ef12282d2c70b8b07 Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Tue, 1 Jul 2025 15:32:55 +0530
Subject: [PATCH 06/26] fixed pre-commit

---
 solutions/fully-configurable/README.md   |  4 ++--
 solutions/fully-configurable/provider.tf | 14 --------------
 solutions/fully-configurable/version.tf  |  4 ++--
 3 files changed, 4 insertions(+), 18 deletions(-)

diff --git a/solutions/fully-configurable/README.md b/solutions/fully-configurable/README.md
index 0ee632ca..64fec0d6 100644
--- a/solutions/fully-configurable/README.md
+++ b/solutions/fully-configurable/README.md
@@ -17,9 +17,9 @@ The following resources are provisioned by this example:
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >=1.9.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.15.0, <3.0.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | 2.17.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.79.2 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.16.1 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | 2.37.0 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | = 0.9.1 |
 
 ### Modules
diff --git a/solutions/fully-configurable/provider.tf b/solutions/fully-configurable/provider.tf
index a1b13742..3ff173c3 100644
--- a/solutions/fully-configurable/provider.tf
+++ b/solutions/fully-configurable/provider.tf
@@ -38,17 +38,3 @@ provider "kubernetes" {
   token                  = data.ibm_container_cluster_config.cluster_config[0].token
   cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config[0].ca_certificate
 }
-
-provider "helm" {
-  kubernetes {
-    host                   = data.ibm_container_cluster_config.cluster_config[0].host
-    token                  = data.ibm_container_cluster_config.cluster_config[0].token
-    cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config[0].ca_certificate
-  }
-}
-
-provider "kubernetes" {
-  host                   = data.ibm_container_cluster_config.cluster_config[0].host
-  token                  = data.ibm_container_cluster_config.cluster_config[0].token
-  cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config[0].ca_certificate
-}
diff --git a/solutions/fully-configurable/version.tf b/solutions/fully-configurable/version.tf
index 0d7a6ade..acc81462 100644
--- a/solutions/fully-configurable/version.tf
+++ b/solutions/fully-configurable/version.tf
@@ -9,11 +9,11 @@ terraform {
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.15.0, <3.0.0"
+      version = "2.17.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = ">= 2.16.1"
+      version = "2.37.0"
     }
     time = {
       source  = "hashicorp/time"

From 4d86c48875c3a05e084786632264749b8957f9d2 Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Wed, 2 Jul 2025 11:42:39 +0530
Subject: [PATCH 07/26] fixes

---
 logs.txt                                      | 69 +++++++++++++++++++
 solutions/fully-configurable/README.md        |  6 +-
 .../fully-configurable/kubeconfig/.gitignore  |  6 ++
 .../fully-configurable/kubeconfig/README.md   |  2 +
 solutions/fully-configurable/version.tf       |  4 +-
 5 files changed, 82 insertions(+), 5 deletions(-)
 create mode 100644 logs.txt
 create mode 100644 solutions/fully-configurable/kubeconfig/.gitignore
 create mode 100644 solutions/fully-configurable/kubeconfig/README.md

diff --git a/logs.txt b/logs.txt
new file mode 100644
index 00000000..4845f415
--- /dev/null
+++ b/logs.txt
@@ -0,0 +1,69 @@
+cd tests && go test -run TestRunFullyConfigurableInSchematics -count=1 -v -timeout 600m
+=== RUN   TestRunFullyConfigurableInSchematics
+=== PAUSE TestRunFullyConfigurableInSchematics
+=== CONT  TestRunFullyConfigurableInSchematics
+2025/07/02 11:26:35 Region au-syd VPC count: 12
+2025/07/02 11:26:35 --- new best region is au-syd
+2025/07/02 11:26:38 Region ca-tor VPC count: 10
+2025/07/02 11:26:38 --- new best region is ca-tor
+2025/07/02 11:26:41 Region br-sao VPC count: 9
+2025/07/02 11:26:41 --- new best region is br-sao
+2025/07/02 11:26:44 Region eu-de VPC count: 16
+2025/07/02 11:26:47 Region eu-es VPC count: 9
+2025/07/02 11:26:50 Region eu-gb VPC count: 12
+2025/07/02 11:26:52 Region us-east VPC count: 9
+2025/07/02 11:26:54 Region us-south VPC count: 15
+2025/07/02 11:26:57 Region jp-osa VPC count: 9
+2025/07/02 11:26:59 Region jp-tok VPC count: 10
+2025/07/02 11:26:59 Best region was found!: br-sao
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 retry.go:91: terraform [workspace list]
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: Running command terraform with args [workspace list]
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: ╷
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │ Error: Required plugins are not installed
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │ 
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │ The installed provider plugins are not consistent with the packages
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │ selected in the dependency lock file:
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │   - registry.terraform.io/hashicorp/time: there is no package for registry.terraform.io/hashicorp/time 0.13.1 cached in .terraform/providers
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │   - registry.terraform.io/ibm-cloud/ibm: there is no package for registry.terraform.io/ibm-cloud/ibm 1.79.2 cached in .terraform/providers
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │   - registry.terraform.io/hashicorp/random: there is no package for registry.terraform.io/hashicorp/random 3.7.2 cached in .terraform/providers
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │ 
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │ Terraform uses external plugins to integrate with a variety of different
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │ infrastructure services. To download the plugins required for this
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │ configuration, run:
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │   terraform init
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: ╵
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 retry.go:99: Returning due to fatal error: FatalError{Underlying: error while running command: exit status 1; ╷
+│ Error: Required plugins are not installed
+│ 
+│ The installed provider plugins are not consistent with the packages
+│ selected in the dependency lock file:
+│   - registry.terraform.io/hashicorp/time: there is no package for registry.terraform.io/hashicorp/time 0.13.1 cached in .terraform/providers
+│   - registry.terraform.io/ibm-cloud/ibm: there is no package for registry.terraform.io/ibm-cloud/ibm 1.79.2 cached in .terraform/providers
+│   - registry.terraform.io/hashicorp/random: there is no package for registry.terraform.io/hashicorp/random 3.7.2 cached in .terraform/providers
+│ 
+│ Terraform uses external plugins to integrate with a variety of different
+│ infrastructure services. To download the plugins required for this
+│ configuration, run:
+│   terraform init
+╵
+}
+    workspace.go:16: FatalError{Underlying: error while running command: exit status 1; ╷
+        │ Error: Required plugins are not installed
+        │ 
+        │ The installed provider plugins are not consistent with the packages
+        │ selected in the dependency lock file:
+        │   - registry.terraform.io/hashicorp/time: there is no package for registry.terraform.io/hashicorp/time 0.13.1 cached in .terraform/providers
+        │   - registry.terraform.io/ibm-cloud/ibm: there is no package for registry.terraform.io/ibm-cloud/ibm 1.79.2 cached in .terraform/providers
+        │   - registry.terraform.io/hashicorp/random: there is no package for registry.terraform.io/hashicorp/random 3.7.2 cached in .terraform/providers
+        │ 
+        │ Terraform uses external plugins to integrate with a variety of different
+        │ infrastructure services. To download the plugins required for this
+        │ configuration, run:
+        │   terraform init
+        ╵
+        }
+--- FAIL: TestRunFullyConfigurableInSchematics (34.49s)
+FAIL
+exit status 1
+FAIL	github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc	35.343s
diff --git a/solutions/fully-configurable/README.md b/solutions/fully-configurable/README.md
index 64fec0d6..d6ea85ce 100644
--- a/solutions/fully-configurable/README.md
+++ b/solutions/fully-configurable/README.md
@@ -19,8 +19,8 @@ The following resources are provisioned by this example:
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >=1.9.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | 2.17.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.79.2 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | 2.37.0 |
-| <a name="requirement_time"></a> [time](#requirement\_time) | = 0.9.1 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | 2.37.1 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | = 0.13.1 |
 
 ### Modules
 
@@ -42,7 +42,7 @@ The following resources are provisioned by this example:
 | Name | Type |
 |------|------|
 | [terraform_data.delete_secrets](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
-| [time_sleep.wait_45_seconds](https://registry.terraform.io/providers/hashicorp/time/0.9.1/docs/resources/sleep) | resource |
+| [time_sleep.wait_45_seconds](https://registry.terraform.io/providers/hashicorp/time/0.13.1/docs/resources/sleep) | resource |
 | [ibm_container_cluster_config.cluster_config](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.79.2/docs/data-sources/container_cluster_config) | data source |
 | [ibm_is_subnet.subnets](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.79.2/docs/data-sources/is_subnet) | data source |
 | [ibm_is_subnets.vpc_subnets](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.79.2/docs/data-sources/is_subnets) | data source |
diff --git a/solutions/fully-configurable/kubeconfig/.gitignore b/solutions/fully-configurable/kubeconfig/.gitignore
new file mode 100644
index 00000000..632a28fb
--- /dev/null
+++ b/solutions/fully-configurable/kubeconfig/.gitignore
@@ -0,0 +1,6 @@
+# Ignore everything
+*
+
+# But not these files...
+!.gitignore
+!README.md
diff --git a/solutions/fully-configurable/kubeconfig/README.md b/solutions/fully-configurable/kubeconfig/README.md
new file mode 100644
index 00000000..e85afee8
--- /dev/null
+++ b/solutions/fully-configurable/kubeconfig/README.md
@@ -0,0 +1,2 @@
+This directory must exist in source control so the `ibm_container_cluster_config` data lookup can use it to place the
+config.yml used to connect to a kubernetes cluster.
diff --git a/solutions/fully-configurable/version.tf b/solutions/fully-configurable/version.tf
index acc81462..c28987af 100644
--- a/solutions/fully-configurable/version.tf
+++ b/solutions/fully-configurable/version.tf
@@ -13,11 +13,11 @@ terraform {
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = "2.37.0"
+      version = "2.37.1"
     }
     time = {
       source  = "hashicorp/time"
-      version = "= 0.9.1"
+      version = "= 0.13.1"
     }
   }
 }

From bf413ce86ee2b4f321440b765e78b51255c42ccb Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Wed, 2 Jul 2025 17:26:53 +0530
Subject: [PATCH 08/26] fixed:pre-commit

---
 logs.txt | 69 --------------------------------------------------------
 1 file changed, 69 deletions(-)
 delete mode 100644 logs.txt

diff --git a/logs.txt b/logs.txt
deleted file mode 100644
index 4845f415..00000000
--- a/logs.txt
+++ /dev/null
@@ -1,69 +0,0 @@
-cd tests && go test -run TestRunFullyConfigurableInSchematics -count=1 -v -timeout 600m
-=== RUN   TestRunFullyConfigurableInSchematics
-=== PAUSE TestRunFullyConfigurableInSchematics
-=== CONT  TestRunFullyConfigurableInSchematics
-2025/07/02 11:26:35 Region au-syd VPC count: 12
-2025/07/02 11:26:35 --- new best region is au-syd
-2025/07/02 11:26:38 Region ca-tor VPC count: 10
-2025/07/02 11:26:38 --- new best region is ca-tor
-2025/07/02 11:26:41 Region br-sao VPC count: 9
-2025/07/02 11:26:41 --- new best region is br-sao
-2025/07/02 11:26:44 Region eu-de VPC count: 16
-2025/07/02 11:26:47 Region eu-es VPC count: 9
-2025/07/02 11:26:50 Region eu-gb VPC count: 12
-2025/07/02 11:26:52 Region us-east VPC count: 9
-2025/07/02 11:26:54 Region us-south VPC count: 15
-2025/07/02 11:26:57 Region jp-osa VPC count: 9
-2025/07/02 11:26:59 Region jp-tok VPC count: 10
-2025/07/02 11:26:59 Best region was found!: br-sao
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 retry.go:91: terraform [workspace list]
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: Running command terraform with args [workspace list]
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: ╷
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │ Error: Required plugins are not installed
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │ 
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │ The installed provider plugins are not consistent with the packages
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │ selected in the dependency lock file:
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │   - registry.terraform.io/hashicorp/time: there is no package for registry.terraform.io/hashicorp/time 0.13.1 cached in .terraform/providers
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │   - registry.terraform.io/ibm-cloud/ibm: there is no package for registry.terraform.io/ibm-cloud/ibm 1.79.2 cached in .terraform/providers
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │   - registry.terraform.io/hashicorp/random: there is no package for registry.terraform.io/hashicorp/random 3.7.2 cached in .terraform/providers
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │ 
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │ Terraform uses external plugins to integrate with a variety of different
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │ infrastructure services. To download the plugins required for this
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │ configuration, run:
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: │   terraform init
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: ╵
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-02T11:26:59+05:30 retry.go:99: Returning due to fatal error: FatalError{Underlying: error while running command: exit status 1; ╷
-│ Error: Required plugins are not installed
-│ 
-│ The installed provider plugins are not consistent with the packages
-│ selected in the dependency lock file:
-│   - registry.terraform.io/hashicorp/time: there is no package for registry.terraform.io/hashicorp/time 0.13.1 cached in .terraform/providers
-│   - registry.terraform.io/ibm-cloud/ibm: there is no package for registry.terraform.io/ibm-cloud/ibm 1.79.2 cached in .terraform/providers
-│   - registry.terraform.io/hashicorp/random: there is no package for registry.terraform.io/hashicorp/random 3.7.2 cached in .terraform/providers
-│ 
-│ Terraform uses external plugins to integrate with a variety of different
-│ infrastructure services. To download the plugins required for this
-│ configuration, run:
-│   terraform init
-╵
-}
-    workspace.go:16: FatalError{Underlying: error while running command: exit status 1; ╷
-        │ Error: Required plugins are not installed
-        │ 
-        │ The installed provider plugins are not consistent with the packages
-        │ selected in the dependency lock file:
-        │   - registry.terraform.io/hashicorp/time: there is no package for registry.terraform.io/hashicorp/time 0.13.1 cached in .terraform/providers
-        │   - registry.terraform.io/ibm-cloud/ibm: there is no package for registry.terraform.io/ibm-cloud/ibm 1.79.2 cached in .terraform/providers
-        │   - registry.terraform.io/hashicorp/random: there is no package for registry.terraform.io/hashicorp/random 3.7.2 cached in .terraform/providers
-        │ 
-        │ Terraform uses external plugins to integrate with a variety of different
-        │ infrastructure services. To download the plugins required for this
-        │ configuration, run:
-        │   terraform init
-        ╵
-        }
---- FAIL: TestRunFullyConfigurableInSchematics (34.49s)
-FAIL
-exit status 1
-FAIL	github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc	35.343s

From edc7a9e8ed98e41f4194d0de299f370f089ebfd3 Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Thu, 3 Jul 2025 19:40:53 +0530
Subject: [PATCH 09/26] fix

---
 tests/pr_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/pr_test.go b/tests/pr_test.go
index 0ae74f88..cd840484 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -105,7 +105,7 @@ func TestRunFullyConfigurableInSchematics(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "ocp-fc",
-		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/**"},
+		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/**", fullyConfigurableTerraformDir + "/kubeconfig/README.md"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,
@@ -141,7 +141,7 @@ func TestRunUpgradeFullyConfigurable(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "fc-upg",
-		TarIncludePatterns:    []string{"*.tf", "scripts/*.sh", "kubeconfig/README.md", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*"},
+		TarIncludePatterns:    []string{"*.tf", "scripts/*.sh", "kubeconfig/README.md", "kubeconfig/.gitignore", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,

From b69bea4c321ff3ef9aa317e3b46843391b086116 Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Fri, 4 Jul 2025 12:05:16 +0530
Subject: [PATCH 10/26] fixes

---
 tests/pr_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/pr_test.go b/tests/pr_test.go
index cd840484..2a249c39 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -105,7 +105,7 @@ func TestRunFullyConfigurableInSchematics(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "ocp-fc",
-		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/**", fullyConfigurableTerraformDir + "/kubeconfig/README.md"},
+		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/kubeconfig/README.md", fullyConfigurableTerraformDir + "/kubeconfig/README.md"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,

From ec12c438b45482f979b4312cfbfcf558de3def0e Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Fri, 4 Jul 2025 21:00:43 +0530
Subject: [PATCH 11/26] fixes

---
 tests/pr_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/pr_test.go b/tests/pr_test.go
index 2a249c39..7c93e575 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -105,7 +105,7 @@ func TestRunFullyConfigurableInSchematics(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "ocp-fc",
-		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/kubeconfig/README.md", fullyConfigurableTerraformDir + "/kubeconfig/README.md"},
+		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/kubeconfig/README.md", "modules/kube-audit/scripts/*.*", fullyConfigurableTerraformDir + "/kubeconfig/README.md"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,
@@ -141,7 +141,7 @@ func TestRunUpgradeFullyConfigurable(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "fc-upg",
-		TarIncludePatterns:    []string{"*.tf", "scripts/*.sh", "kubeconfig/README.md", "kubeconfig/.gitignore", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*"},
+		TarIncludePatterns:    []string{"*.tf", "scripts/*.sh", "kubeconfig/README.md", "kubeconfig/.gitignore", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/scripts/*.*"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,

From 40d35b5532e19c17c2375d8df7ecbbbada493952 Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Sun, 6 Jul 2025 14:14:50 +0530
Subject: [PATCH 12/26] fixes

---
 tests/pr_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/pr_test.go b/tests/pr_test.go
index 7c93e575..26e2d935 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -105,7 +105,7 @@ func TestRunFullyConfigurableInSchematics(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "ocp-fc",
-		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/kubeconfig/README.md", "modules/kube-audit/scripts/*.*", fullyConfigurableTerraformDir + "/kubeconfig/README.md"},
+		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/kubeconfig/README.md", "modules/kube-audit/scripts/*.*", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*", "modules/kube-audit/helm-charts/kube-audit/values.yaml"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,
@@ -141,7 +141,7 @@ func TestRunUpgradeFullyConfigurable(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "fc-upg",
-		TarIncludePatterns:    []string{"*.tf", "scripts/*.sh", "kubeconfig/README.md", "kubeconfig/.gitignore", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/scripts/*.*"},
+		TarIncludePatterns:    []string{"*.tf", "scripts/*.sh", "kubeconfig/README.md", "kubeconfig/.gitignore", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/scripts/*.*", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*", "modules/kube-audit/helm-charts/kube-audit/values.yaml"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,

From d1605ad511bd76e6b82921e3f5cdd78ea259da18 Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Mon, 7 Jul 2025 14:17:41 +0530
Subject: [PATCH 13/26] fix

---
 solutions/fully-configurable/README.md | 144 +------------------------
 1 file changed, 2 insertions(+), 142 deletions(-)

diff --git a/solutions/fully-configurable/README.md b/solutions/fully-configurable/README.md
index d6ea85ce..d9cdd771 100644
--- a/solutions/fully-configurable/README.md
+++ b/solutions/fully-configurable/README.md
@@ -1,143 +1,3 @@
-# Fully-configurable OCP VPC cluster
+# Cloud automation for Red Hat OpenShift Container Platform on VPC (Fully configurable)
 
-This architecture creates a fully-configurable OCP VPC cluster. Also the outbound traffic is allowed, which is required for accessing the Operator Hub.
-
-The following resources are provisioned by this example:
-
-- OCP VPC cluster.
-- Cluster keys if an existing KMS instance is passed.
-
-
-![ocp-cluster](../../reference-architecture/deployable-architecture-ocp-cluster.svg)
-
-<!-- Below content is automatically populated via pre-commit hook -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-### Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >=1.9.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | 2.17.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.79.2 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | 2.37.1 |
-| <a name="requirement_time"></a> [time](#requirement\_time) | = 0.13.1 |
-
-### Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_existing_boot_volume_kms_key_crn_parser"></a> [existing\_boot\_volume\_kms\_key\_crn\_parser](#module\_existing\_boot\_volume\_kms\_key\_crn\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.2.0 |
-| <a name="module_existing_cluster_kms_key_crn_parser"></a> [existing\_cluster\_kms\_key\_crn\_parser](#module\_existing\_cluster\_kms\_key\_crn\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.2.0 |
-| <a name="module_existing_kms_crn_parser"></a> [existing\_kms\_crn\_parser](#module\_existing\_kms\_crn\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.2.0 |
-| <a name="module_existing_secrets_manager_instance_parser"></a> [existing\_secrets\_manager\_instance\_parser](#module\_existing\_secrets\_manager\_instance\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.2.0 |
-| <a name="module_existing_vpc_crn_parser"></a> [existing\_vpc\_crn\_parser](#module\_existing\_vpc\_crn\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.2.0 |
-| <a name="module_kms"></a> [kms](#module\_kms) | terraform-ibm-modules/kms-all-inclusive/ibm | 5.1.8 |
-| <a name="module_kube_audit"></a> [kube\_audit](#module\_kube\_audit) | ../../modules/kube-audit | n/a |
-| <a name="module_ocp_base"></a> [ocp\_base](#module\_ocp\_base) | ../.. | n/a |
-| <a name="module_resource_group"></a> [resource\_group](#module\_resource\_group) | terraform-ibm-modules/resource-group/ibm | 1.2.1 |
-| <a name="module_secret_group"></a> [secret\_group](#module\_secret\_group) | terraform-ibm-modules/secrets-manager-secret-group/ibm | 1.3.8 |
-
-### Resources
-
-| Name | Type |
-|------|------|
-| [terraform_data.delete_secrets](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
-| [time_sleep.wait_45_seconds](https://registry.terraform.io/providers/hashicorp/time/0.13.1/docs/resources/sleep) | resource |
-| [ibm_container_cluster_config.cluster_config](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.79.2/docs/data-sources/container_cluster_config) | data source |
-| [ibm_is_subnet.subnets](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.79.2/docs/data-sources/is_subnet) | data source |
-| [ibm_is_subnets.vpc_subnets](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.79.2/docs/data-sources/is_subnets) | data source |
-
-### Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_access_tags"></a> [access\_tags](#input\_access\_tags) | A list of access tags to apply to the resources created by the module. | `list(string)` | `[]` | no |
-| <a name="input_additional_lb_security_group_ids"></a> [additional\_lb\_security\_group\_ids](#input\_additional\_lb\_security\_group\_ids) | Additional security groups to add to the load balancers associated with the cluster. Ensure that the `number_of_lbs` is set to the number of LBs associated with the cluster. This comes in addition to the IBM maintained security group. | `list(string)` | `[]` | no |
-| <a name="input_additional_security_group_ids"></a> [additional\_security\_group\_ids](#input\_additional\_security\_group\_ids) | A list of security group IDs that are attached to the worker nodes for additional network security controls. | `list(string)` | `[]` | no |
-| <a name="input_additional_vpe_security_group_ids"></a> [additional\_vpe\_security\_group\_ids](#input\_additional\_vpe\_security\_group\_ids) | Additional security groups to add to all existing load balancers. This comes in addition to the IBM maintained security group. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/fully-configurable/DA_docs.md#options-with-additional-vpe-security-group-ids) | <pre>object({<br/>    master   = optional(list(string), [])<br/>    registry = optional(list(string), [])<br/>    api      = optional(list(string), [])<br/>  })</pre> | `{}` | no |
-| <a name="input_additional_worker_pools"></a> [additional\_worker\_pools](#input\_additional\_worker\_pools) | List of additional worker pools. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/fully-configurable/DA_docs.md#options-with-worker-pools) | <pre>list(object({<br/>    vpc_subnets = optional(list(object({<br/>      id         = string<br/>      zone       = string<br/>      cidr_block = string<br/>    })), [])<br/>    pool_name                     = string<br/>    machine_type                  = string<br/>    workers_per_zone              = number<br/>    operating_system              = string<br/>    labels                        = optional(map(string))<br/>    minSize                       = optional(number)<br/>    secondary_storage             = optional(string)<br/>    maxSize                       = optional(number)<br/>    enableAutoscaling             = optional(bool)<br/>    additional_security_group_ids = optional(list(string))<br/>  }))</pre> | `[]` | no |
-| <a name="input_addons"></a> [addons](#input\_addons) | Map of OCP cluster add-on versions to install (NOTE: The 'vpc-block-csi-driver' add-on is installed by default for VPC clusters and 'ibm-storage-operator' is installed by default in OCP 4.15 and later, however you can explicitly specify it here if you wish to choose a later version than the default one). [Check supported addons and versions here](https://cloud.ibm.com/docs/containers?topic=containers-supported-cluster-addon-versions). [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/fully-configurable/DA_docs.md#options-with-addons) | <pre>object({<br/>    debug-tool = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    image-key-synchronizer = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    openshift-data-foundation = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    vpc-file-csi-driver = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    static-route = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    cluster-autoscaler = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    vpc-block-csi-driver = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    ibm-storage-operator = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>    openshift-ai = optional(object({<br/>      version         = optional(string)<br/>      parameters_json = optional(string)<br/>    }))<br/>  })</pre> | `{}` | no |
-| <a name="input_allow_default_worker_pool_replacement"></a> [allow\_default\_worker\_pool\_replacement](#input\_allow\_default\_worker\_pool\_replacement) | Set to true to allow the module to recreate a default worker pool. Only use in the case where you are getting an error indicating that the default worker pool cannot be replaced on apply. Once the default worker pool is handled separately, if you wish to make any change to the default worker pool which requires the re-creation of the default pool set this variable to true. | `bool` | `false` | no |
-| <a name="input_attach_ibm_managed_security_group"></a> [attach\_ibm\_managed\_security\_group](#input\_attach\_ibm\_managed\_security\_group) | Specify whether to attach the IBM-defined default security group (whose name is kube-<clusterid>) to all worker nodes. Only applicable if `custom_security_group_ids` is set. | `bool` | `true` | no |
-| <a name="input_audit_deployment_name"></a> [audit\_deployment\_name](#input\_audit\_deployment\_name) | The name of log collection deployement and service. | `string` | `"ibmcloud-kube-audit"` | no |
-| <a name="input_audit_log_policy"></a> [audit\_log\_policy](#input\_audit\_log\_policy) | Specify the amount of information that is logged to the API server audit logs by choosing the audit log policy profile to use. Supported values are `default` and `WriteRequestBodies`. | `string` | `"default"` | no |
-| <a name="input_audit_namespace"></a> [audit\_namespace](#input\_audit\_namespace) | The name of the namespace where log collection service and a deployment will be created. | `string` | `"ibm-kube-audit"` | no |
-| <a name="input_audit_webhook_listener_image"></a> [audit\_webhook\_listener\_image](#input\_audit\_webhook\_listener\_image) | The audit webhook listener image reference in the format of `[registry-url]/[namespace]/[image]`.The sub-module uses the `icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs` image to forward logs to IBM Cloud Logs. This image is for demonstration purposes only. For a production solution, configure and maintain your own log forwarding image. | `string` | `"icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs"` | no |
-| <a name="input_audit_webhook_listener_image_version"></a> [audit\_webhook\_listener\_image\_version](#input\_audit\_webhook\_listener\_image\_version) | The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`. | `string` | `"deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144"` | no |
-| <a name="input_boot_volume_kms_key_name"></a> [boot\_volume\_kms\_key\_name](#input\_boot\_volume\_kms\_key\_name) | The name for the key created for the block storage volumes. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"boot-volume-key"` | no |
-| <a name="input_boot_volume_kms_key_ring_name"></a> [boot\_volume\_kms\_key\_ring\_name](#input\_boot\_volume\_kms\_key\_ring\_name) | The name for the key ring created for the block storage volumes key. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"boot-volume-key-ring"` | no |
-| <a name="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules) | The list of context-based restriction rules to create. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/fully-configurable/DA_docs.md#options-with-cbr) | <pre>list(object({<br/>    description = string<br/>    account_id  = string<br/>    rule_contexts = list(object({<br/>      attributes = optional(list(object({<br/>        name  = string<br/>        value = string<br/>    }))) }))<br/>    enforcement_mode = string<br/>    tags = optional(list(object({<br/>      name  = string<br/>      value = string<br/>    })), [])<br/>    operations = optional(list(object({<br/>      api_types = list(object({<br/>        api_type_id = string<br/>      }))<br/>    })))<br/>  }))</pre> | `[]` | no |
-| <a name="input_cluster_config_endpoint_type"></a> [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for cluster config access: 'default', 'private', 'vpe', 'link'. A 'default' value uses the default endpoint of the cluster. | `string` | `"default"` | no |
-| <a name="input_cluster_kms_key_name"></a> [cluster\_kms\_key\_name](#input\_cluster\_kms\_key\_name) | The name of the key to be created for the cluster's Object Storage bucket encryption. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"cluster-key"` | no |
-| <a name="input_cluster_kms_key_ring_name"></a> [cluster\_kms\_key\_ring\_name](#input\_cluster\_kms\_key\_ring\_name) | The name of the key ring to be created for the cluster's Object Storage bucket encryption key. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"cluster-key-ring"` | no |
-| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the new IBM Cloud OpenShift Cluster. If a `prefix` input variable is specified, it is added to this name in the `<prefix>-value` format. | `string` | `"openshift"` | no |
-| <a name="input_cluster_ready_when"></a> [cluster\_ready\_when](#input\_cluster\_ready\_when) | The cluster is ready based on one of the following:: MasterNodeReady (not recommended), OneWorkerNodeReady, Normal, IngressReady. | `string` | `"IngressReady"` | no |
-| <a name="input_cluster_resource_tags"></a> [cluster\_resource\_tags](#input\_cluster\_resource\_tags) | Metadata labels describing this cluster deployment, i.e. test. | `list(string)` | `[]` | no |
-| <a name="input_custom_security_group_ids"></a> [custom\_security\_group\_ids](#input\_custom\_security\_group\_ids) | Security groups to add to all worker nodes. This comes in addition to the IBM maintained security group if `attach_ibm_managed_security_group` is set to true. If this variable is set, the default VPC security group is NOT assigned to the worker nodes. | `list(string)` | `null` | no |
-| <a name="input_default_pool_maximum_number_of_nodes"></a> [default\_pool\_maximum\_number\_of\_nodes](#input\_default\_pool\_maximum\_number\_of\_nodes) | The maximum number of worker nodes allowed in the pool, preventing the pool from exceeding three workers. | `number` | `3` | no |
-| <a name="input_default_pool_minimum_number_of_nodes"></a> [default\_pool\_minimum\_number\_of\_nodes](#input\_default\_pool\_minimum\_number\_of\_nodes) | The minimum number of worker nodes allowed in the pool, ensuring at least one worker is always running. | `number` | `1` | no |
-| <a name="input_default_worker_pool_labels"></a> [default\_worker\_pool\_labels](#input\_default\_worker\_pool\_labels) | A set of key-value labels assigned to the worker pool for identification. For Example: { env = "prod", team = "devops" } | `map(string)` | `{}` | no |
-| <a name="input_default_worker_pool_machine_type"></a> [default\_worker\_pool\_machine\_type](#input\_default\_worker\_pool\_machine\_type) | The machine type for worker nodes.[Learn more](https://cloud.ibm.com/docs/openshift?topic=openshift-vpc-flavors) | `string` | `"bx2.8x32"` | no |
-| <a name="input_default_worker_pool_operating_system"></a> [default\_worker\_pool\_operating\_system](#input\_default\_worker\_pool\_operating\_system) | The operating system installed on the worker nodes. [Learn more](https://cloud.ibm.com/docs/openshift?topic=openshift-vpc-flavors) | `string` | `"RHEL_9_64"` | no |
-| <a name="input_default_worker_pool_workers_per_zone"></a> [default\_worker\_pool\_workers\_per\_zone](#input\_default\_worker\_pool\_workers\_per\_zone) | Number of worker nodes in each zone of the cluster. | `number` | `2` | no |
-| <a name="input_disable_outbound_traffic_protection"></a> [disable\_outbound\_traffic\_protection](#input\_disable\_outbound\_traffic\_protection) | Whether to allow public outbound access from the cluster workers. This is only applicable for OCP 4.15 and later. | `bool` | `false` | no |
-| <a name="input_disable_public_endpoint"></a> [disable\_public\_endpoint](#input\_disable\_public\_endpoint) | Whether access to the public service endpoint is disabled when the cluster is created. Does not affect existing clusters. You can't disable a public endpoint on an existing cluster, so you can't convert a public cluster to a private cluster. To change a public endpoint to private, create another cluster with this input set to `true`. | `bool` | `true` | no |
-| <a name="input_enable_autoscaling_for_default_pool"></a> [enable\_autoscaling\_for\_default\_pool](#input\_enable\_autoscaling\_for\_default\_pool) | Set `true` to enable automatic scaling of worker based on workload demand. | `bool` | `false` | no |
-| <a name="input_enable_kube_audit"></a> [enable\_kube\_audit](#input\_enable\_kube\_audit) | Set true to enable kube audit by default. | `bool` | `true` | no |
-| <a name="input_enable_ocp_console"></a> [enable\_ocp\_console](#input\_enable\_ocp\_console) | Flag to specify whether to enable or disable the OpenShift console. If set to `null` the module does not modify the current setting on the cluster. Keep in mind that when this input is set to `true` or `false` on a cluster with private only endpoint enabled, the runtime must be able to access the private endpoint. | `bool` | `null` | no |
-| <a name="input_enable_secrets_manager_integration"></a> [enable\_secrets\_manager\_integration](#input\_enable\_secrets\_manager\_integration) | Integrate with IBM Cloud Secrets Manager so you can centrally manage Ingress subdomain certificates and other secrets. [Learn more](https://cloud.ibm.com/docs/containers?topic=containers-secrets-mgr) | `bool` | `false` | no |
-| <a name="input_existing_boot_volume_kms_key_crn"></a> [existing\_boot\_volume\_kms\_key\_crn](#input\_existing\_boot\_volume\_kms\_key\_crn) | The CRN of an existing KMS key to use to encrypt the the block storage volumes for VPC. If no value is set for this variable, specify a value for either the `existing_kms_instance_crn` variable to create a key ring and key. | `string` | `null` | no |
-| <a name="input_existing_cluster_kms_key_crn"></a> [existing\_cluster\_kms\_key\_crn](#input\_existing\_cluster\_kms\_key\_crn) | The CRN of an existing KMS key to use for encrypting the Object Storage of the Cluster. If no value is set for this variable, specify a value for `existing_kms_instance_crn` variable to create a key ring and key. | `string` | `null` | no |
-| <a name="input_existing_cos_instance_crn"></a> [existing\_cos\_instance\_crn](#input\_existing\_cos\_instance\_crn) | The CRN of an already existing Object Storage instance to use for OpenShift internal registry storage. | `string` | n/a | yes |
-| <a name="input_existing_kms_instance_crn"></a> [existing\_kms\_instance\_crn](#input\_existing\_kms\_instance\_crn) | The CRN of an existing KMS instance (Hyper Protect Crypto Services or Key Protect). If the KMS instance is in different account you must also provide a value for `ibmcloud_kms_api_key`. | `string` | `null` | no |
-| <a name="input_existing_resource_group_name"></a> [existing\_resource\_group\_name](#input\_existing\_resource\_group\_name) | The name of an existing resource group to provision the cluster. | `string` | `"Default"` | no |
-| <a name="input_existing_secrets_manager_instance_crn"></a> [existing\_secrets\_manager\_instance\_crn](#input\_existing\_secrets\_manager\_instance\_crn) | CRN of the Secrets Manager instance where Ingress certificate secrets are stored. If 'enable\_secrets\_manager\_integration' is set to true then this value is required. | `string` | `null` | no |
-| <a name="input_existing_subnet_ids"></a> [existing\_subnet\_ids](#input\_existing\_subnet\_ids) | The list of IDs of existing subnets where the default worker pool nodes of the cluster are provisioned. | `list(string)` | `[]` | no |
-| <a name="input_existing_vpc_crn"></a> [existing\_vpc\_crn](#input\_existing\_vpc\_crn) | The CRN of an existing VPC. If the user provides only the `existing_vpc_crn` the default worker pool is provisioned across all the subnets in the VPC. | `string` | n/a | yes |
-| <a name="input_ibmcloud_api_key"></a> [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | The IBM Cloud api key. | `string` | n/a | yes |
-| <a name="input_ibmcloud_kms_api_key"></a> [ibmcloud\_kms\_api\_key](#input\_ibmcloud\_kms\_api\_key) | The IBM Cloud API key that can create a root key and key ring in the key management service (KMS) instance for the cluster. If not specified, the 'ibmcloud\_api\_key' variable is used. Specify this key if the KMS instance in `existing_kms_instance_crn` is in an account that is different from the cluster's account. Leave this input empty if both the cluster and the KMS instance are in the same account. | `string` | `null` | no |
-| <a name="input_ignore_worker_pool_size_changes"></a> [ignore\_worker\_pool\_size\_changes](#input\_ignore\_worker\_pool\_size\_changes) | Enable if using worker autoscaling. Stops Terraform managing worker count. | `bool` | `false` | no |
-| <a name="input_kms_encryption_enabled_boot_volume"></a> [kms\_encryption\_enabled\_boot\_volume](#input\_kms\_encryption\_enabled\_boot\_volume) | Set this to true to control the encryption keys used to encrypt the data that for the block storage volumes for VPC. If set to false, the data is encrypted by using randomly generated keys. For more info on encrypting block storage volumes, see https://cloud.ibm.com/docs/vpc?topic=vpc-creating-instances-byok | `bool` | `false` | no |
-| <a name="input_kms_encryption_enabled_cluster"></a> [kms\_encryption\_enabled\_cluster](#input\_kms\_encryption\_enabled\_cluster) | Set to true to enable KMS encryption for the cluster's Object Storage bucket. When set to true, a value must be passed for either `existing_cluster_kms_key_crn` or `existing_kms_instance_crn`. | `bool` | `false` | no |
-| <a name="input_kms_endpoint_type"></a> [kms\_endpoint\_type](#input\_kms\_endpoint\_type) | The endpoint for communicating with the KMS instance. Possible values: `public`, `private`. Applies only if `kms_encryption_enabled_cluster` is true | `string` | `"private"` | no |
-| <a name="input_manage_all_addons"></a> [manage\_all\_addons](#input\_manage\_all\_addons) | Instructs deployable architecture to manage all cluster addons, even if addons were installed outside of the module. If set to 'true' this deployable architecture destroys any addons that were installed by other sources. | `bool` | `false` | no |
-| <a name="input_number_of_lbs"></a> [number\_of\_lbs](#input\_number\_of\_lbs) | The number of LBs to associated the `additional_lb_security_group_names` security group with. | `number` | `1` | no |
-| <a name="input_ocp_entitlement"></a> [ocp\_entitlement](#input\_ocp\_entitlement) | Value that is applied to the entitlements for OCP cluster provisioning. | `string` | `null` | no |
-| <a name="input_ocp_version"></a> [ocp\_version](#input\_ocp\_version) | Version of the OCP cluster to provision. | `string` | `"4.17"` | no |
-| <a name="input_pod_subnet_cidr"></a> [pod\_subnet\_cidr](#input\_pod\_subnet\_cidr) | Specify a custom subnet CIDR to provide private IP addresses for pods. The subnet must have a CIDR of at least `/23` or larger. Default value is `172.30.0.0/16` when the variable is set to `null`. | `string` | `null` | no |
-| <a name="input_prefix"></a> [prefix](#input\_prefix) | The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-0405-ocp. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md). | `string` | n/a | yes |
-| <a name="input_provider_visibility"></a> [provider\_visibility](#input\_provider\_visibility) | Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints). | `string` | `"private"` | no |
-| <a name="input_secrets_manager_endpoint_type"></a> [secrets\_manager\_endpoint\_type](#input\_secrets\_manager\_endpoint\_type) | The type of endpoint (public or private) to connect to the Secrets Manager API. The Terraform provider uses this endpoint type to interact with the Secrets Manager API. | `string` | `"private"` | no |
-| <a name="input_secrets_manager_secret_group_id"></a> [secrets\_manager\_secret\_group\_id](#input\_secrets\_manager\_secret\_group\_id) | Secret group ID where Ingress secrets are stored in the Secrets Manager instance. If 'enable\_secrets\_manager\_integration' is set to true and 'secrets\_manager\_secret\_group\_id' is not provided, a new group will be created with the same name as cluster\_id. | `string` | `null` | no |
-| <a name="input_service_subnet_cidr"></a> [service\_subnet\_cidr](#input\_service\_subnet\_cidr) | Specify a custom subnet CIDR to provide private IP addresses for services. The subnet must be at least `/24` or larger. Default value is `172.21.0.0/16` when the variable is set to `null`. | `string` | `null` | no |
-| <a name="input_skip_ocp_secrets_manager_iam_auth_policy"></a> [skip\_ocp\_secrets\_manager\_iam\_auth\_policy](#input\_skip\_ocp\_secrets\_manager\_iam\_auth\_policy) | To skip creating auth policy that allows OCP cluster 'Manager' role access in the existing Secrets Manager instance for managing ingress certificates. | `bool` | `false` | no |
-| <a name="input_use_private_endpoint"></a> [use\_private\_endpoint](#input\_use\_private\_endpoint) | Set this to true to force all API calls to use the IBM Cloud private endpoints. | `bool` | `true` | no |
-| <a name="input_verify_worker_network_readiness"></a> [verify\_worker\_network\_readiness](#input\_verify\_worker\_network\_readiness) | By setting this to true, a script runs kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, set this value to false. | `bool` | `true` | no |
-| <a name="input_worker_pools_taints"></a> [worker\_pools\_taints](#input\_worker\_pools\_taints) | Optional, Map of lists containing node taints by node-pool name. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/fully-configurable/DA_docs.md#options-with-worker-pools-taints) | `map(list(object({ key = string, value = string, effect = string })))` | `null` | no |
-
-### Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_api_vpe"></a> [api\_vpe](#output\_api\_vpe) | Details of the API Virtual Private Endpoint (VPE), if it exists. For more info about schema, see https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_virtual_endpoint_gateway |
-| <a name="output_cluster_crn"></a> [cluster\_crn](#output\_cluster\_crn) | The Cloud Resource Name (CRN) of the provisioned OpenShift cluster. |
-| <a name="output_cluster_id"></a> [cluster\_id](#output\_cluster\_id) | The unique identifier assigned to the provisioned OpenShift cluster. |
-| <a name="output_cluster_name"></a> [cluster\_name](#output\_cluster\_name) | The name of the provisioned OpenShift cluster. |
-| <a name="output_cos_crn"></a> [cos\_crn](#output\_cos\_crn) | The Cloud Resource Name (CRN) of the Object Storage instance associated with the cluster. |
-| <a name="output_ingress_hostname"></a> [ingress\_hostname](#output\_ingress\_hostname) | The hostname assigned to the Cluster's Ingress subdomain for external access. |
-| <a name="output_kms_config"></a> [kms\_config](#output\_kms\_config) | Configuration details for Key Management Service (KMS) used for encryption in the cluster. |
-| <a name="output_master_status"></a> [master\_status](#output\_master\_status) | The current status of the Kubernetes master node in the cluster. |
-| <a name="output_master_url"></a> [master\_url](#output\_master\_url) | The API endpoint URL for the Kubernetes master node of the cluster. |
-| <a name="output_master_vpe"></a> [master\_vpe](#output\_master\_vpe) | Details of the master, or default Virtual Private Endpoint (VPE). For more info about schema, see https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_virtual_endpoint_gateway |
-| <a name="output_ocp_version"></a> [ocp\_version](#output\_ocp\_version) | The version of OpenShift running on the provisioned cluster. |
-| <a name="output_operating_system"></a> [operating\_system](#output\_operating\_system) | The operating system used by the worker nodes in the default worker pool. |
-| <a name="output_private_service_endpoint_url"></a> [private\_service\_endpoint\_url](#output\_private\_service\_endpoint\_url) | The Private service endpoint URL for accessing the cluster over a private network. |
-| <a name="output_public_service_endpoint_url"></a> [public\_service\_endpoint\_url](#output\_public\_service\_endpoint\_url) | The public service endpoint URL for accessing the cluster over the internet. |
-| <a name="output_region"></a> [region](#output\_region) | The IBM Cloud region where the cluster is deployed. |
-| <a name="output_registry_vpe"></a> [registry\_vpe](#output\_registry\_vpe) | Details of the registry Virtual Private Endpoint (VPE), if it exists. For more info about schema, see https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_virtual_endpoint_gateway |
-| <a name="output_resource_group_id"></a> [resource\_group\_id](#output\_resource\_group\_id) | The ID of the resource group where the cluster is deployed. |
-| <a name="output_secrets_manager_integration_config"></a> [secrets\_manager\_integration\_config](#output\_secrets\_manager\_integration\_config) | Information about the Secrets Manager instance that is used to store the Ingress certificates. |
-| <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the Virtual Private Cloud (VPC) in which the cluster is deployed. |
-| <a name="output_vpe_url"></a> [vpe\_url](#output\_vpe\_url) | The Virtual Private Endpoint (VPE) URL used for private network access to the cluster. |
-| <a name="output_workerpools"></a> [workerpools](#output\_workerpools) | A list of worker pools associated with the provisioned cluster |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+:exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).

From 0f02897c6f1d593a86e998a7c08e04d3d6dd9eed Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Wed, 9 Jul 2025 11:50:04 +0530
Subject: [PATCH 14/26] resolved commnts

---
 modules/kube-audit/README.md              |  2 +-
 modules/kube-audit/main.tf                |  6 +++++-
 modules/kube-audit/variables.tf           |  6 +++---
 solutions/fully-configurable/main.tf      |  2 +-
 solutions/fully-configurable/variables.tf | 12 +-----------
 solutions/fully-configurable/version.tf   |  2 +-
 tests/pr_test.go                          |  2 +-
 7 files changed, 13 insertions(+), 19 deletions(-)

diff --git a/modules/kube-audit/README.md b/modules/kube-audit/README.md
index c7a543c2..307fa9a5 100644
--- a/modules/kube-audit/README.md
+++ b/modules/kube-audit/README.md
@@ -84,7 +84,7 @@ No modules.
 | <a name="input_audit_log_policy"></a> [audit\_log\_policy](#input\_audit\_log\_policy) | Specify the amount of information that is logged to the API server audit logs by choosing the audit log policy profile to use. Supported values are `default` and `WriteRequestBodies`. | `string` | `"default"` | no |
 | <a name="input_audit_namespace"></a> [audit\_namespace](#input\_audit\_namespace) | The name of the namespace where log collection service and a deployment will be created. | `string` | `"ibm-kube-audit"` | no |
 | <a name="input_audit_webhook_listener_image"></a> [audit\_webhook\_listener\_image](#input\_audit\_webhook\_listener\_image) | The audit webhook listener image reference in the format of `[registry-url]/[namespace]/[image]`.The sub-module uses the `icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs` image to forward logs to IBM Cloud Logs. This image is for demonstration purposes only. For a production solution, configure and maintain your own log forwarding image. | `string` | `"icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs"` | no |
-| <a name="input_audit_webhook_listener_image_version"></a> [audit\_webhook\_listener\_image\_version](#input\_audit\_webhook\_listener\_image\_version) | The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`. | `string` | `"deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144"` | no |
+| <a name="input_audit_webhook_listener_image_version"></a> [audit\_webhook\_listener\_image\_version](#input\_audit\_webhook\_listener\_image\_version) | The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`. | `string` | `null` | no |
 | <a name="input_cluster_config_endpoint_type"></a> [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for for cluster config access: 'default', 'private', 'vpe', 'link'. 'default' value will use the default endpoint of the cluster. | `string` | `"default"` | no |
 | <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | The ID of the cluster to deploy the log collection service in. | `string` | n/a | yes |
 | <a name="input_cluster_resource_group_id"></a> [cluster\_resource\_group\_id](#input\_cluster\_resource\_group\_id) | The resource group ID of the cluster. | `string` | n/a | yes |
diff --git a/modules/kube-audit/main.tf b/modules/kube-audit/main.tf
index ba79caf9..7888582d 100644
--- a/modules/kube-audit/main.tf
+++ b/modules/kube-audit/main.tf
@@ -18,6 +18,10 @@ locals {
   validate_existing_vpc_id = tonumber(regex("^([0-9]+\\.[0-9]+)", data.ibm_container_vpc_cluster.cluster.kube_version)[0]) > "4.14" ? true : tobool("Kubernetes API server audit logs forwarding is only supported in ocp versions 4.15 and later.")
 }
 
+locals {
+  audit_webhook_listener_image_version = var.audit_webhook_listener_image_version != null ? var.audit_webhook_listener_image_version : "deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144"
+}
+
 resource "null_resource" "set_audit_log_policy" {
   triggers = {
     audit_log_policy = var.audit_log_policy
@@ -68,7 +72,7 @@ resource "helm_release" "kube_audit" {
   set {
     name  = "image.tag"
     type  = "string"
-    value = var.audit_webhook_listener_image_version
+    value = local.audit_webhook_listener_image_version
   }
 
   provisioner "local-exec" {
diff --git a/modules/kube-audit/variables.tf b/modules/kube-audit/variables.tf
index 3173fdd5..f476eb4b 100644
--- a/modules/kube-audit/variables.tf
+++ b/modules/kube-audit/variables.tf
@@ -94,10 +94,10 @@ variable "audit_webhook_listener_image" {
 variable "audit_webhook_listener_image_version" {
   type        = string
   description = "The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`."
-  nullable    = false
-  default     = "deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144" # See, https://github.ibm.com/GoldenEye/issues/issues/13371
+  nullable    = true
+  default     = null
   validation {
-    condition     = can(regex("^[a-f0-9]{40}@sha256:[a-f0-9]{64}$", var.audit_webhook_listener_image_version))
+    condition     = var.audit_webhook_listener_image_version == null || can(regex("^[a-f0-9]{40}@sha256:[a-f0-9]{64}$", var.audit_webhook_listener_image_version))
     error_message = "The value of the audit webhook listener image version must match the tag and sha256 image digest format"
   }
 }
diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf
index fc600ec3..b092e16f 100644
--- a/solutions/fully-configurable/main.tf
+++ b/solutions/fully-configurable/main.tf
@@ -279,7 +279,7 @@ module "secret_group" {
 }
 
 data "ibm_container_cluster_config" "cluster_config" {
-  count             = var.enable_ocp_console != null || var.verify_worker_network_readiness || lookup(var.addons, "cluster-autoscaler", null) != null ? 1 : 0
+  count             = var.enable_kube_audit ? 1 : 0
   cluster_name_id   = module.ocp_base.cluster_id
   config_dir        = "${path.module}/kubeconfig"
   admin             = true
diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index 5c50459c..9b4d6490 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -571,11 +571,6 @@ variable "audit_log_policy" {
   type        = string
   description = "Specify the amount of information that is logged to the API server audit logs by choosing the audit log policy profile to use. Supported values are `default` and `WriteRequestBodies`."
   default     = "default"
-
-  validation {
-    error_message = "Invalid Audit log policy Type! Valid values are 'default' or 'WriteRequestBodies'"
-    condition     = contains(["default", "WriteRequestBodies"], var.audit_log_policy)
-  }
 }
 
 variable "audit_namespace" {
@@ -599,10 +594,5 @@ variable "audit_webhook_listener_image" {
 variable "audit_webhook_listener_image_version" {
   type        = string
   description = "The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`."
-  nullable    = false
-  default     = "deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144" # See, https://github.ibm.com/GoldenEye/issues/issues/13371
-  validation {
-    condition     = can(regex("^[a-f0-9]{40}@sha256:[a-f0-9]{64}$", var.audit_webhook_listener_image_version))
-    error_message = "The value of the audit webhook listener image version must match the tag and sha256 image digest format"
-  }
+  default     = null
 }
diff --git a/solutions/fully-configurable/version.tf b/solutions/fully-configurable/version.tf
index c28987af..b8ea9442 100644
--- a/solutions/fully-configurable/version.tf
+++ b/solutions/fully-configurable/version.tf
@@ -17,7 +17,7 @@ terraform {
     }
     time = {
       source  = "hashicorp/time"
-      version = "= 0.13.1"
+      version = "0.13.1"
     }
   }
 }
diff --git a/tests/pr_test.go b/tests/pr_test.go
index 26e2d935..3ebcebd9 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -141,7 +141,7 @@ func TestRunUpgradeFullyConfigurable(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "fc-upg",
-		TarIncludePatterns:    []string{"*.tf", "scripts/*.sh", "kubeconfig/README.md", "kubeconfig/.gitignore", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/scripts/*.*", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*", "modules/kube-audit/helm-charts/kube-audit/values.yaml"},
+		TarIncludePatterns:    []string{"*.tf", "scripts/*.sh", "kubeconfig/README.md", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/scripts/*.*", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*", "modules/kube-audit/helm-charts/kube-audit/values.yaml", "modules/kube-audit/*.*", "modules/kube-audit/kubeconfig/README.md"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,

From 137e1d05c2d1305a437811ea26c3918f6fdbdb0e Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Thu, 10 Jul 2025 14:17:00 +0530
Subject: [PATCH 15/26] fixes

---
 modules/kube-audit/README.md              | 2 +-
 modules/kube-audit/main.tf                | 6 +-----
 modules/kube-audit/variables.tf           | 4 ++--
 solutions/fully-configurable/variables.tf | 2 +-
 4 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/modules/kube-audit/README.md b/modules/kube-audit/README.md
index 307fa9a5..c7a543c2 100644
--- a/modules/kube-audit/README.md
+++ b/modules/kube-audit/README.md
@@ -84,7 +84,7 @@ No modules.
 | <a name="input_audit_log_policy"></a> [audit\_log\_policy](#input\_audit\_log\_policy) | Specify the amount of information that is logged to the API server audit logs by choosing the audit log policy profile to use. Supported values are `default` and `WriteRequestBodies`. | `string` | `"default"` | no |
 | <a name="input_audit_namespace"></a> [audit\_namespace](#input\_audit\_namespace) | The name of the namespace where log collection service and a deployment will be created. | `string` | `"ibm-kube-audit"` | no |
 | <a name="input_audit_webhook_listener_image"></a> [audit\_webhook\_listener\_image](#input\_audit\_webhook\_listener\_image) | The audit webhook listener image reference in the format of `[registry-url]/[namespace]/[image]`.The sub-module uses the `icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs` image to forward logs to IBM Cloud Logs. This image is for demonstration purposes only. For a production solution, configure and maintain your own log forwarding image. | `string` | `"icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs"` | no |
-| <a name="input_audit_webhook_listener_image_version"></a> [audit\_webhook\_listener\_image\_version](#input\_audit\_webhook\_listener\_image\_version) | The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`. | `string` | `null` | no |
+| <a name="input_audit_webhook_listener_image_version"></a> [audit\_webhook\_listener\_image\_version](#input\_audit\_webhook\_listener\_image\_version) | The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`. | `string` | `"deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144"` | no |
 | <a name="input_cluster_config_endpoint_type"></a> [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for for cluster config access: 'default', 'private', 'vpe', 'link'. 'default' value will use the default endpoint of the cluster. | `string` | `"default"` | no |
 | <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | The ID of the cluster to deploy the log collection service in. | `string` | n/a | yes |
 | <a name="input_cluster_resource_group_id"></a> [cluster\_resource\_group\_id](#input\_cluster\_resource\_group\_id) | The resource group ID of the cluster. | `string` | n/a | yes |
diff --git a/modules/kube-audit/main.tf b/modules/kube-audit/main.tf
index 7888582d..ba79caf9 100644
--- a/modules/kube-audit/main.tf
+++ b/modules/kube-audit/main.tf
@@ -18,10 +18,6 @@ locals {
   validate_existing_vpc_id = tonumber(regex("^([0-9]+\\.[0-9]+)", data.ibm_container_vpc_cluster.cluster.kube_version)[0]) > "4.14" ? true : tobool("Kubernetes API server audit logs forwarding is only supported in ocp versions 4.15 and later.")
 }
 
-locals {
-  audit_webhook_listener_image_version = var.audit_webhook_listener_image_version != null ? var.audit_webhook_listener_image_version : "deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144"
-}
-
 resource "null_resource" "set_audit_log_policy" {
   triggers = {
     audit_log_policy = var.audit_log_policy
@@ -72,7 +68,7 @@ resource "helm_release" "kube_audit" {
   set {
     name  = "image.tag"
     type  = "string"
-    value = local.audit_webhook_listener_image_version
+    value = var.audit_webhook_listener_image_version
   }
 
   provisioner "local-exec" {
diff --git a/modules/kube-audit/variables.tf b/modules/kube-audit/variables.tf
index f476eb4b..f9e4a688 100644
--- a/modules/kube-audit/variables.tf
+++ b/modules/kube-audit/variables.tf
@@ -94,8 +94,8 @@ variable "audit_webhook_listener_image" {
 variable "audit_webhook_listener_image_version" {
   type        = string
   description = "The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`."
-  nullable    = true
-  default     = null
+  nullable    = false
+  default     = "deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144"
   validation {
     condition     = var.audit_webhook_listener_image_version == null || can(regex("^[a-f0-9]{40}@sha256:[a-f0-9]{64}$", var.audit_webhook_listener_image_version))
     error_message = "The value of the audit webhook listener image version must match the tag and sha256 image digest format"
diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index 9b4d6490..9829e9d6 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -594,5 +594,5 @@ variable "audit_webhook_listener_image" {
 variable "audit_webhook_listener_image_version" {
   type        = string
   description = "The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`."
-  default     = null
+  default     = "deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144"
 }

From ea69dfcde302162fd7407d5226e072355a557ec8 Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Thu, 10 Jul 2025 14:20:54 +0530
Subject: [PATCH 16/26] resolved commnts

---
 modules/kube-audit/variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/kube-audit/variables.tf b/modules/kube-audit/variables.tf
index f9e4a688..876d5c6e 100644
--- a/modules/kube-audit/variables.tf
+++ b/modules/kube-audit/variables.tf
@@ -97,7 +97,7 @@ variable "audit_webhook_listener_image_version" {
   nullable    = false
   default     = "deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144"
   validation {
-    condition     = var.audit_webhook_listener_image_version == null || can(regex("^[a-f0-9]{40}@sha256:[a-f0-9]{64}$", var.audit_webhook_listener_image_version))
+    condition     = can(regex("^[a-f0-9]{40}@sha256:[a-f0-9]{64}$", var.audit_webhook_listener_image_version))
     error_message = "The value of the audit webhook listener image version must match the tag and sha256 image digest format"
   }
 }

From ccece14f183dfdb08807575835dea6b99e95393a Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Fri, 18 Jul 2025 11:13:35 +0530
Subject: [PATCH 17/26] resolved comments

---
 modules/kube-audit/README.md            |  8 +++++++-
 modules/kube-audit/outputs.tf           | 25 +++++++++++++++++++++++++
 solutions/fully-configurable/outputs.tf | 25 +++++++++++++++++++++++++
 3 files changed, 57 insertions(+), 1 deletion(-)

diff --git a/modules/kube-audit/README.md b/modules/kube-audit/README.md
index c7a543c2..cb6fc04a 100644
--- a/modules/kube-audit/README.md
+++ b/modules/kube-audit/README.md
@@ -96,5 +96,11 @@ No modules.
 
 ### Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_audit_deployment_name"></a> [audit\_deployment\_name](#output\_audit\_deployment\_name) | The name of the audit webhook listener deployment. |
+| <a name="output_audit_log_policy"></a> [audit\_log\_policy](#output\_audit\_log\_policy) | The audit log policy configuration applied to the webhook listener. |
+| <a name="output_audit_namespace"></a> [audit\_namespace](#output\_audit\_namespace) | The namespace where the audit webhook is deployed. |
+| <a name="output_webhook_listener_image"></a> [webhook\_listener\_image](#output\_webhook\_listener\_image) | The image used for the audit webhook listener. |
+| <a name="output_webhook_listener_image_version"></a> [webhook\_listener\_image\_version](#output\_webhook\_listener\_image\_version) | The version of the audit webhook listener image. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kube-audit/outputs.tf b/modules/kube-audit/outputs.tf
index e9e12ece..c1c59e0b 100644
--- a/modules/kube-audit/outputs.tf
+++ b/modules/kube-audit/outputs.tf
@@ -1,3 +1,28 @@
 ########################################################################################################################
 # Outputs
 ########################################################################################################################
+
+output "audit_namespace" {
+  description = "The namespace where the audit webhook is deployed."
+  value       = var.audit_namespace
+}
+
+output "audit_deployment_name" {
+  description = "The name of the audit webhook listener deployment."
+  value       = var.audit_deployment_name
+}
+
+output "webhook_listener_image" {
+  description = "The image used for the audit webhook listener."
+  value       = var.audit_webhook_listener_image
+}
+
+output "webhook_listener_image_version" {
+  description = "The version of the audit webhook listener image."
+  value       = var.audit_webhook_listener_image_version
+}
+
+output "audit_log_policy" {
+  description = "The audit log policy configuration applied to the webhook listener."
+  value       = var.audit_log_policy
+}
diff --git a/solutions/fully-configurable/outputs.tf b/solutions/fully-configurable/outputs.tf
index 242dddaa..1e21e20e 100644
--- a/solutions/fully-configurable/outputs.tf
+++ b/solutions/fully-configurable/outputs.tf
@@ -106,3 +106,28 @@ output "secrets_manager_integration_config" {
   description = "Information about the Secrets Manager instance that is used to store the Ingress certificates."
   value       = module.ocp_base.secrets_manager_integration_config
 }
+
+output "kube_audit_namespace" {
+  description = "The namespace where the audit webhook is deployed."
+  value       = module.kube_audit[0].audit_namespace
+}
+
+output "kube_audit_deployment_name" {
+  description = "The name of the audit webhook listener deployment."
+  value       = module.kube_audit[0].audit_deployment_name
+}
+
+output "kube_audit_webhook_listener_image" {
+  description = "The image used for the audit webhook listener."
+  value       = module.kube_audit[0].webhook_listener_image
+}
+
+output "kube_audit_webhook_listener_image_version" {
+  description = "The version of the audit webhook listener image."
+  value       = module.kube_audit[0].webhook_listener_image_version
+}
+
+output "kube_audit_log_policy" {
+  description = "The audit log policy configuration applied to the webhook listener."
+  value       = module.kube_audit[0].audit_log_policy
+}

From cf047e63f623526a454534db460f2b48c7cceeef Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Fri, 18 Jul 2025 16:14:21 +0530
Subject: [PATCH 18/26] resolved comments

---
 ibm_catalog.json                          |  6 ++++++
 modules/kube-audit/README.md              |  8 +-------
 modules/kube-audit/outputs.tf             | 25 -----------------------
 solutions/fully-configurable/main.tf      |  4 ++++
 solutions/fully-configurable/outputs.tf   | 25 -----------------------
 solutions/fully-configurable/variables.tf | 12 +++++++++++
 6 files changed, 23 insertions(+), 57 deletions(-)

diff --git a/ibm_catalog.json b/ibm_catalog.json
index ed3a9119..5239d8dd 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -774,6 +774,12 @@
             },
             {
               "key": "audit_webhook_listener_image_version"
+            },
+            {
+              "key":"wait_till"
+            },
+            {
+              "key":"wait_till_timeout"
             }
           ],
           "dependencies": [
diff --git a/modules/kube-audit/README.md b/modules/kube-audit/README.md
index cb6fc04a..c7a543c2 100644
--- a/modules/kube-audit/README.md
+++ b/modules/kube-audit/README.md
@@ -96,11 +96,5 @@ No modules.
 
 ### Outputs
 
-| Name | Description |
-|------|-------------|
-| <a name="output_audit_deployment_name"></a> [audit\_deployment\_name](#output\_audit\_deployment\_name) | The name of the audit webhook listener deployment. |
-| <a name="output_audit_log_policy"></a> [audit\_log\_policy](#output\_audit\_log\_policy) | The audit log policy configuration applied to the webhook listener. |
-| <a name="output_audit_namespace"></a> [audit\_namespace](#output\_audit\_namespace) | The namespace where the audit webhook is deployed. |
-| <a name="output_webhook_listener_image"></a> [webhook\_listener\_image](#output\_webhook\_listener\_image) | The image used for the audit webhook listener. |
-| <a name="output_webhook_listener_image_version"></a> [webhook\_listener\_image\_version](#output\_webhook\_listener\_image\_version) | The version of the audit webhook listener image. |
+No outputs.
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kube-audit/outputs.tf b/modules/kube-audit/outputs.tf
index c1c59e0b..e9e12ece 100644
--- a/modules/kube-audit/outputs.tf
+++ b/modules/kube-audit/outputs.tf
@@ -1,28 +1,3 @@
 ########################################################################################################################
 # Outputs
 ########################################################################################################################
-
-output "audit_namespace" {
-  description = "The namespace where the audit webhook is deployed."
-  value       = var.audit_namespace
-}
-
-output "audit_deployment_name" {
-  description = "The name of the audit webhook listener deployment."
-  value       = var.audit_deployment_name
-}
-
-output "webhook_listener_image" {
-  description = "The image used for the audit webhook listener."
-  value       = var.audit_webhook_listener_image
-}
-
-output "webhook_listener_image_version" {
-  description = "The version of the audit webhook listener image."
-  value       = var.audit_webhook_listener_image_version
-}
-
-output "audit_log_policy" {
-  description = "The audit log policy configuration applied to the webhook listener."
-  value       = var.audit_log_policy
-}
diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf
index 3a125ac7..bc364798 100644
--- a/solutions/fully-configurable/main.tf
+++ b/solutions/fully-configurable/main.tf
@@ -307,6 +307,10 @@ module "kube_audit" {
   cluster_id                           = module.ocp_base.cluster_id
   cluster_resource_group_id            = module.ocp_base.resource_group_id
   region                               = module.ocp_base.region
+  wait_till                            = var.wait_till
+  wait_till_timeout                    = var.wait_till_timeout
+  use_private_endpoint                 = var.use_private_endpoint
+  cluster_config_endpoint_type         = var.cluster_config_endpoint_type
   audit_log_policy                     = var.audit_log_policy
   audit_namespace                      = var.audit_namespace
   audit_deployment_name                = var.audit_deployment_name
diff --git a/solutions/fully-configurable/outputs.tf b/solutions/fully-configurable/outputs.tf
index 1e21e20e..242dddaa 100644
--- a/solutions/fully-configurable/outputs.tf
+++ b/solutions/fully-configurable/outputs.tf
@@ -106,28 +106,3 @@ output "secrets_manager_integration_config" {
   description = "Information about the Secrets Manager instance that is used to store the Ingress certificates."
   value       = module.ocp_base.secrets_manager_integration_config
 }
-
-output "kube_audit_namespace" {
-  description = "The namespace where the audit webhook is deployed."
-  value       = module.kube_audit[0].audit_namespace
-}
-
-output "kube_audit_deployment_name" {
-  description = "The name of the audit webhook listener deployment."
-  value       = module.kube_audit[0].audit_deployment_name
-}
-
-output "kube_audit_webhook_listener_image" {
-  description = "The image used for the audit webhook listener."
-  value       = module.kube_audit[0].webhook_listener_image
-}
-
-output "kube_audit_webhook_listener_image_version" {
-  description = "The version of the audit webhook listener image."
-  value       = module.kube_audit[0].webhook_listener_image_version
-}
-
-output "kube_audit_log_policy" {
-  description = "The audit log policy configuration applied to the webhook listener."
-  value       = module.kube_audit[0].audit_log_policy
-}
diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index 0016c218..7f1bed6a 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -561,6 +561,18 @@ variable "skip_ocp_secrets_manager_iam_auth_policy" {
 # Kube Audit
 ##############################################################
 
+variable "wait_till" {
+  description = "To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, `IngressReady` and `Normal`"
+  type        = string
+  default     = "IngressReady"
+}
+
+variable "wait_till_timeout" {
+  description = "Timeout for wait_till in minutes."
+  type        = number
+  default     = 90
+}
+
 variable "enable_kube_audit" {
   type        = bool
   description = "Set true to enable kube audit by default."

From e3243d3124fd9305e03ccf23759e64a2f522da9b Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Mon, 21 Jul 2025 13:58:19 +0530
Subject: [PATCH 19/26] resolved comments

---
 ibm_catalog.json                          |  6 ------
 solutions/fully-configurable/main.tf      |  4 +---
 solutions/fully-configurable/variables.tf | 16 ++--------------
 3 files changed, 3 insertions(+), 23 deletions(-)

diff --git a/ibm_catalog.json b/ibm_catalog.json
index 5239d8dd..ed3a9119 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -774,12 +774,6 @@
             },
             {
               "key": "audit_webhook_listener_image_version"
-            },
-            {
-              "key":"wait_till"
-            },
-            {
-              "key":"wait_till_timeout"
             }
           ],
           "dependencies": [
diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf
index bc364798..a7e2123a 100644
--- a/solutions/fully-configurable/main.tf
+++ b/solutions/fully-configurable/main.tf
@@ -307,13 +307,11 @@ module "kube_audit" {
   cluster_id                           = module.ocp_base.cluster_id
   cluster_resource_group_id            = module.ocp_base.resource_group_id
   region                               = module.ocp_base.region
-  wait_till                            = var.wait_till
-  wait_till_timeout                    = var.wait_till_timeout
   use_private_endpoint                 = var.use_private_endpoint
   cluster_config_endpoint_type         = var.cluster_config_endpoint_type
   audit_log_policy                     = var.audit_log_policy
   audit_namespace                      = var.audit_namespace
-  audit_deployment_name                = var.audit_deployment_name
+  audit_deployment_name                = "${var.prefix}-${var.audit_deployment_name}"
   audit_webhook_listener_image         = var.audit_webhook_listener_image
   audit_webhook_listener_image_version = var.audit_webhook_listener_image_version
 }
diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index 7f1bed6a..86f83a7d 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -561,21 +561,9 @@ variable "skip_ocp_secrets_manager_iam_auth_policy" {
 # Kube Audit
 ##############################################################
 
-variable "wait_till" {
-  description = "To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, `IngressReady` and `Normal`"
-  type        = string
-  default     = "IngressReady"
-}
-
-variable "wait_till_timeout" {
-  description = "Timeout for wait_till in minutes."
-  type        = number
-  default     = 90
-}
-
 variable "enable_kube_audit" {
   type        = bool
-  description = "Set true to enable kube audit by default."
+  description = "Kubernetes audit logging provides a chronological record of operations performed on the cluster, including by users, administrators, and system components.It is useful for compliance, security monitoring, and forensic investigations. Set true to enable kube audit by default. [Learn more](https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/)"
   default     = true
 }
 
@@ -599,7 +587,7 @@ variable "audit_deployment_name" {
 
 variable "audit_webhook_listener_image" {
   type        = string
-  description = "The audit webhook listener image reference in the format of `[registry-url]/[namespace]/[image]`.The sub-module uses the `icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs` image to forward logs to IBM Cloud Logs. This image is for demonstration purposes only. For a production solution, configure and maintain your own log forwarding image."
+  description = "The audit webhook listener image reference in the format of `[registry-url]/[namespace]/[image]`.This solution uses the `icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs` image to forward logs to IBM Cloud Logs. This image is for demonstration purposes only. For a production solution, configure and maintain your own log forwarding image."
   default     = "icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs"
 }
 

From cbc316d83ee486949e1b827530b08bd632110b5f Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Mon, 21 Jul 2025 14:02:30 +0530
Subject: [PATCH 20/26] resolved comments

---
 solutions/fully-configurable/main.tf    | 6 ------
 solutions/fully-configurable/version.tf | 4 ----
 2 files changed, 10 deletions(-)

diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf
index a7e2123a..41393441 100644
--- a/solutions/fully-configurable/main.tf
+++ b/solutions/fully-configurable/main.tf
@@ -294,12 +294,6 @@ data "ibm_container_cluster_config" "cluster_config" {
   endpoint_type     = var.cluster_config_endpoint_type != "default" ? var.cluster_config_endpoint_type : null
 }
 
-# Wait time to allow cluster refreshes components after provisioning
-resource "time_sleep" "wait_45_seconds" {
-  depends_on      = [data.ibm_container_cluster_config.cluster_config]
-  create_duration = "45s"
-}
-
 module "kube_audit" {
   count                                = var.enable_kube_audit ? 1 : 0
   ibmcloud_api_key                     = var.ibmcloud_api_key
diff --git a/solutions/fully-configurable/version.tf b/solutions/fully-configurable/version.tf
index ca04073e..064ae8d2 100644
--- a/solutions/fully-configurable/version.tf
+++ b/solutions/fully-configurable/version.tf
@@ -15,9 +15,5 @@ terraform {
       source  = "hashicorp/kubernetes"
       version = "2.37.1"
     }
-    time = {
-      source  = "hashicorp/time"
-      version = "0.13.1"
-    }
   }
 }

From fc5ef191b0b78be69b67ee68d68274170ae5504a Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Mon, 21 Jul 2025 21:11:20 +0530
Subject: [PATCH 21/26] minor changes

---
 solutions/fully-configurable/variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index 86f83a7d..44c615ea 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -563,7 +563,7 @@ variable "skip_ocp_secrets_manager_iam_auth_policy" {
 
 variable "enable_kube_audit" {
   type        = bool
-  description = "Kubernetes audit logging provides a chronological record of operations performed on the cluster, including by users, administrators, and system components.It is useful for compliance, security monitoring, and forensic investigations. Set true to enable kube audit by default. [Learn more](https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/)"
+  description = "Kubernetes audit logging provides a chronological record of operations performed on the cluster, including by users, administrators, and system components. It is useful for compliance, and security monitoring. Set true to enable kube audit by default. [Learn more](https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/)"
   default     = true
 }
 

From 30dbc7e87d9ae5490b17eedcdfc901537568e465 Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Thu, 24 Jul 2025 13:57:48 +0530
Subject: [PATCH 22/26] resolved comments

---
 ibm_catalog.json                          | 18 ++++++++++++++--
 modules/kube-audit/README.md              |  2 +-
 modules/kube-audit/main.tf                |  2 +-
 modules/kube-audit/variables.tf           |  5 +++--
 solutions/fully-configurable/main.tf      | 26 +++++++++++------------
 solutions/fully-configurable/variables.tf | 16 +++++++++++---
 tests/pr_test.go                          |  4 ++--
 7 files changed, 49 insertions(+), 24 deletions(-)

diff --git a/ibm_catalog.json b/ibm_catalog.json
index ed3a9119..83748599 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -55,6 +55,10 @@
         {
           "title": "Observability",
           "description": "This solution can leverage [Cloud automation for Observability](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-observability-a3137d28-79e0-479d-8a24-758ebd5a0eab-global) that supports configuring resources for logging, monitoring and activity tracker event routing (optional)."
+        },
+        {
+          "title": "Kube Audit",
+          "description": "Deploys the Kube Audit solution to monitor and log Kubernetes API server activity. It captures events such as user actions, configuration changes, and access attempts, helping meet security and compliance requirements through centralized [audit logging](https://cloud.ibm.com/docs/containers?topic=containers-health-audit#audit-api-server)."
         }
       ],
       "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues, please open an issue in the repository [here](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/issues). Please note this product is not supported via the IBM Cloud Support Center.",
@@ -764,7 +768,17 @@
               "key": "audit_deployment_name"
             },
             {
-              "key": "audit_log_policy"
+              "key": "audit_log_policy",
+              "options": [
+                {
+                  "displayname": "Default",
+                  "value": "default"
+                },
+                {
+                  "displayname": "Write Request Bodies",
+                  "value": "WriteRequestBodies"
+                }
+              ]
             },
             {
               "key": "audit_namespace"
@@ -773,7 +787,7 @@
               "key": "audit_webhook_listener_image"
             },
             {
-              "key": "audit_webhook_listener_image_version"
+              "key": "audit_webhook_listener_image_tag_digest"
             }
           ],
           "dependencies": [
diff --git a/modules/kube-audit/README.md b/modules/kube-audit/README.md
index c7a543c2..da3dbc4d 100644
--- a/modules/kube-audit/README.md
+++ b/modules/kube-audit/README.md
@@ -84,7 +84,7 @@ No modules.
 | <a name="input_audit_log_policy"></a> [audit\_log\_policy](#input\_audit\_log\_policy) | Specify the amount of information that is logged to the API server audit logs by choosing the audit log policy profile to use. Supported values are `default` and `WriteRequestBodies`. | `string` | `"default"` | no |
 | <a name="input_audit_namespace"></a> [audit\_namespace](#input\_audit\_namespace) | The name of the namespace where log collection service and a deployment will be created. | `string` | `"ibm-kube-audit"` | no |
 | <a name="input_audit_webhook_listener_image"></a> [audit\_webhook\_listener\_image](#input\_audit\_webhook\_listener\_image) | The audit webhook listener image reference in the format of `[registry-url]/[namespace]/[image]`.The sub-module uses the `icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs` image to forward logs to IBM Cloud Logs. This image is for demonstration purposes only. For a production solution, configure and maintain your own log forwarding image. | `string` | `"icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs"` | no |
-| <a name="input_audit_webhook_listener_image_version"></a> [audit\_webhook\_listener\_image\_version](#input\_audit\_webhook\_listener\_image\_version) | The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`. | `string` | `"deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144"` | no |
+| <a name="input_audit_webhook_listener_image_tag_digest"></a> [audit\_webhook\_listener\_image\_tag\_digest](#input\_audit\_webhook\_listener\_image\_tag\_digest) | The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`. | `string` | `"deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144"` | no |
 | <a name="input_cluster_config_endpoint_type"></a> [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for for cluster config access: 'default', 'private', 'vpe', 'link'. 'default' value will use the default endpoint of the cluster. | `string` | `"default"` | no |
 | <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | The ID of the cluster to deploy the log collection service in. | `string` | n/a | yes |
 | <a name="input_cluster_resource_group_id"></a> [cluster\_resource\_group\_id](#input\_cluster\_resource\_group\_id) | The resource group ID of the cluster. | `string` | n/a | yes |
diff --git a/modules/kube-audit/main.tf b/modules/kube-audit/main.tf
index ba79caf9..ae0d7757 100644
--- a/modules/kube-audit/main.tf
+++ b/modules/kube-audit/main.tf
@@ -68,7 +68,7 @@ resource "helm_release" "kube_audit" {
   set {
     name  = "image.tag"
     type  = "string"
-    value = var.audit_webhook_listener_image_version
+    value = var.audit_webhook_listener_image_tag_digest
   }
 
   provisioner "local-exec" {
diff --git a/modules/kube-audit/variables.tf b/modules/kube-audit/variables.tf
index 876d5c6e..a9e5a7f1 100644
--- a/modules/kube-audit/variables.tf
+++ b/modules/kube-audit/variables.tf
@@ -91,13 +91,14 @@ variable "audit_webhook_listener_image" {
   default     = "icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs"
 }
 
-variable "audit_webhook_listener_image_version" {
+variable "audit_webhook_listener_image_tag_digest" {
   type        = string
   description = "The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`."
   nullable    = false
   default     = "deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144"
+
   validation {
-    condition     = can(regex("^[a-f0-9]{40}@sha256:[a-f0-9]{64}$", var.audit_webhook_listener_image_version))
+    condition     = can(regex("^[a-f0-9]{40}@sha256:[a-f0-9]{64}$", var.audit_webhook_listener_image_tag_digest))
     error_message = "The value of the audit webhook listener image version must match the tag and sha256 image digest format"
   }
 }
diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf
index 949b0e15..2ae7df6f 100644
--- a/solutions/fully-configurable/main.tf
+++ b/solutions/fully-configurable/main.tf
@@ -295,17 +295,17 @@ data "ibm_container_cluster_config" "cluster_config" {
 }
 
 module "kube_audit" {
-  count                                = var.enable_kube_audit ? 1 : 0
-  ibmcloud_api_key                     = var.ibmcloud_api_key
-  source                               = "../../modules/kube-audit"
-  cluster_id                           = module.ocp_base.cluster_id
-  cluster_resource_group_id            = module.ocp_base.resource_group_id
-  region                               = module.ocp_base.region
-  use_private_endpoint                 = var.use_private_endpoint
-  cluster_config_endpoint_type         = var.cluster_config_endpoint_type
-  audit_log_policy                     = var.audit_log_policy
-  audit_namespace                      = var.audit_namespace
-  audit_deployment_name                = "${var.prefix}-${var.audit_deployment_name}"
-  audit_webhook_listener_image         = var.audit_webhook_listener_image
-  audit_webhook_listener_image_version = var.audit_webhook_listener_image_version
+  count                                   = var.enable_kube_audit ? 1 : 0
+  ibmcloud_api_key                        = var.ibmcloud_api_key
+  source                                  = "../../modules/kube-audit"
+  cluster_id                              = module.ocp_base.cluster_id
+  cluster_resource_group_id               = module.ocp_base.resource_group_id
+  region                                  = module.ocp_base.region
+  use_private_endpoint                    = var.use_private_endpoint
+  cluster_config_endpoint_type            = var.cluster_config_endpoint_type
+  audit_log_policy                        = var.audit_log_policy
+  audit_namespace                         = var.audit_namespace
+  audit_deployment_name                   = var.audit_deployment_name
+  audit_webhook_listener_image            = var.audit_webhook_listener_image
+  audit_webhook_listener_image_tag_digest = var.audit_webhook_listener_image_tag_digest
 }
diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index 44c615ea..fe04e6ad 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -563,7 +563,7 @@ variable "skip_ocp_secrets_manager_iam_auth_policy" {
 
 variable "enable_kube_audit" {
   type        = bool
-  description = "Kubernetes audit logging provides a chronological record of operations performed on the cluster, including by users, administrators, and system components. It is useful for compliance, and security monitoring. Set true to enable kube audit by default. [Learn more](https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/)"
+  description = "Kubernetes audit logging provides a chronological record of operations performed on the cluster, including by users, administrators, and system components. It is useful for compliance, and security monitoring. Set true to enable kube audit by default. [Learn more](https://cloud.ibm.com/docs/containers?topic=containers-health-audit#audit-api-server)"
   default     = true
 }
 
@@ -571,6 +571,11 @@ variable "audit_log_policy" {
   type        = string
   description = "Specify the amount of information that is logged to the API server audit logs by choosing the audit log policy profile to use. Supported values are `default` and `WriteRequestBodies`."
   default     = "default"
+
+  validation {
+    error_message = "Invalid Audit log policy Type! Valid values are 'default' or 'WriteRequestBodies'"
+    condition     = contains(["default", "WriteRequestBodies"], var.audit_log_policy)
+  }
 }
 
 variable "audit_namespace" {
@@ -587,12 +592,17 @@ variable "audit_deployment_name" {
 
 variable "audit_webhook_listener_image" {
   type        = string
-  description = "The audit webhook listener image reference in the format of `[registry-url]/[namespace]/[image]`.This solution uses the `icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs` image to forward logs to IBM Cloud Logs. This image is for demonstration purposes only. For a production solution, configure and maintain your own log forwarding image."
+  description = "The audit webhook listener image reference in the format of `[registry-url]/[namespace]/[image]`. This solution uses the `icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs` image to forward logs to IBM Cloud Logs. This image is for demonstration purposes only. For a production solution, configure and maintain your own log forwarding image."
   default     = "icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs"
 }
 
-variable "audit_webhook_listener_image_version" {
+variable "audit_webhook_listener_image_tag_digest" {
   type        = string
   description = "The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`."
   default     = "deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144"
+
+  validation {
+    condition     = can(regex("^[a-f0-9]{40}@sha256:[a-f0-9]{64}$", var.audit_webhook_listener_image_tag_digest))
+    error_message = "The value of the audit webhook listener image version must match the tag and sha256 image digest format"
+  }
 }
diff --git a/tests/pr_test.go b/tests/pr_test.go
index 3ebcebd9..a446968b 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -105,7 +105,7 @@ func TestRunFullyConfigurableInSchematics(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "ocp-fc",
-		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/kubeconfig/README.md", "modules/kube-audit/scripts/*.*", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*", "modules/kube-audit/helm-charts/kube-audit/values.yaml"},
+		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/scripts/*.sh", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,
@@ -141,7 +141,7 @@ func TestRunUpgradeFullyConfigurable(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "fc-upg",
-		TarIncludePatterns:    []string{"*.tf", "scripts/*.sh", "kubeconfig/README.md", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/scripts/*.*", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*", "modules/kube-audit/helm-charts/kube-audit/values.yaml", "modules/kube-audit/*.*", "modules/kube-audit/kubeconfig/README.md"},
+		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/kubeconfig/README.md", "modules/kube-audit/scripts/*.sh", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,

From 9a924dd66ec332a33b08caf766b4db66f7a05ff0 Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Sun, 27 Jul 2025 19:58:08 +0530
Subject: [PATCH 23/26] fixes

---
 tests/pr_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/pr_test.go b/tests/pr_test.go
index a446968b..aca68c07 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -105,7 +105,7 @@ func TestRunFullyConfigurableInSchematics(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "ocp-fc",
-		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/scripts/*.sh", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*"},
+		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/scripts/*.sh", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*", "modules/kube-audit/kubeconfig/README.md"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,

From a1f32259212ebfc5b38d7b77872827fed432e5fc Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Sun, 27 Jul 2025 22:19:16 +0530
Subject: [PATCH 24/26] fixes

---
 tests/pr_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/pr_test.go b/tests/pr_test.go
index aca68c07..e0fa6ab8 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -105,7 +105,7 @@ func TestRunFullyConfigurableInSchematics(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "ocp-fc",
-		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/scripts/*.sh", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*", "modules/kube-audit/kubeconfig/README.md"},
+		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/**/*"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,
@@ -141,7 +141,7 @@ func TestRunUpgradeFullyConfigurable(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "fc-upg",
-		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/kubeconfig/README.md", "modules/kube-audit/scripts/*.sh", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*"},
+		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/**/*"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,

From 3dab2ba8f1c32adfdbd5d400fadc5065c8b565d7 Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Tue, 29 Jul 2025 12:16:26 +0530
Subject: [PATCH 25/26] fixes

---
 logs.txt         | 530 +++++++++++++++++++++++++++++++++++++++++++++++
 tests/pr_test.go |   4 +-
 2 files changed, 532 insertions(+), 2 deletions(-)
 create mode 100644 logs.txt

diff --git a/logs.txt b/logs.txt
new file mode 100644
index 00000000..84fa264c
--- /dev/null
+++ b/logs.txt
@@ -0,0 +1,530 @@
+cd tests && go test -run TestRunFullyConfigurableInSchematics -count=1 -v -timeout 600m
+=== RUN   TestRunFullyConfigurableInSchematics
+=== PAUSE TestRunFullyConfigurableInSchematics
+=== CONT  TestRunFullyConfigurableInSchematics
+2025/07/29 11:14:18 Region au-syd VPC count: 9
+2025/07/29 11:14:18 --- new best region is au-syd
+2025/07/29 11:14:22 Region ca-tor VPC count: 8
+2025/07/29 11:14:22 --- new best region is ca-tor
+2025/07/29 11:14:27 Region br-sao VPC count: 15
+2025/07/29 11:14:33 Region eu-de VPC count: 12
+2025/07/29 11:14:39 Region eu-es VPC count: 8
+2025/07/29 11:14:44 Region eu-gb VPC count: 8
+2025/07/29 11:14:48 Region us-east VPC count: 27
+2025/07/29 11:14:54 Region us-south VPC count: 25
+2025/07/29 11:14:59 Region jp-osa VPC count: 8
+2025/07/29 11:15:04 Region jp-tok VPC count: 8
+2025/07/29 11:15:04 Best region was found!: ca-tor
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 retry.go:91: terraform [workspace list]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: Running command terraform with args [workspace list]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: * default
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 retry.go:91: terraform [workspace new ocp-fc-j7yffx]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: Running command terraform with args [workspace new ocp-fc-j7yffx]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: Created and switched to workspace "ocp-fc-j7yffx"!
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: You're now on a new, empty workspace. Workspaces isolate their state,
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: so if you run "terraform plan" Terraform will not see any existing state
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: for this configuration.
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 retry.go:91: terraform [workspace show]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: Running command terraform with args [workspace show]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: ocp-fc-j7yffx
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 retry.go:91: terraform [init -upgrade=true]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: Running command terraform with args [init -upgrade=true]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: Initializing the backend...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: Upgrading modules...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:05+05:30 logger.go:67: Downloading registry.terraform.io/terraform-ibm-modules/cos/ibm 8.21.25 for cos...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:07+05:30 logger.go:67: - cos in .terraform/modules/cos
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:07+05:30 logger.go:67: Downloading registry.terraform.io/terraform-ibm-modules/cbr/ibm 1.31.0 for cos.bucket_cbr_rule...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:10+05:30 logger.go:67: - cos.bucket_cbr_rule in .terraform/modules/cos.bucket_cbr_rule/modules/cbr-rule-module
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:10+05:30 logger.go:67: Downloading registry.terraform.io/terraform-ibm-modules/cbr/ibm 1.31.0 for cos.instance_cbr_rule...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:10+05:30 logger.go:67: - cos.instance_cbr_rule in .terraform/modules/cos.instance_cbr_rule/modules/cbr-rule-module
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:10+05:30 logger.go:67: Downloading registry.terraform.io/terraform-ibm-modules/resource-group/ibm 1.2.1 for resource_group...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:12+05:30 logger.go:67: - resource_group in .terraform/modules/resource_group
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:12+05:30 logger.go:67: Downloading registry.terraform.io/terraform-ibm-modules/landing-zone-vpc/ibm 7.25.12 for vpc...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc in .terraform/modules/vpc
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc.dynamic_values in .terraform/modules/vpc/dynamic_values
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc.dynamic_values.address_prefixes in .terraform/modules/vpc/dynamic_values/config_modules/list_to_map
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc.dynamic_values.prefix_map in .terraform/modules/vpc/dynamic_values/config_modules/list_to_map
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc.dynamic_values.routes in .terraform/modules/vpc/dynamic_values/config_modules/list_to_map
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc.unit_tests in .terraform/modules/vpc/dynamic_values
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc.unit_tests.address_prefixes in .terraform/modules/vpc/dynamic_values/config_modules/list_to_map
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc.unit_tests.prefix_map in .terraform/modules/vpc/dynamic_values/config_modules/list_to_map
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc.unit_tests.routes in .terraform/modules/vpc/dynamic_values/config_modules/list_to_map
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: Initializing provider plugins...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - Finding ibm-cloud/ibm versions matching ">= 1.64.1, >= 1.70.0, >= 1.76.0, >= 1.79.0, < 2.0.0"...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - Finding hashicorp/time versions matching ">= 0.9.1, < 1.0.0"...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - Finding hashicorp/random versions matching ">= 3.5.1, < 4.0.0"...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:16+05:30 logger.go:67: - Installing ibm-cloud/ibm v1.80.4...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:20+05:30 logger.go:67: - Installed ibm-cloud/ibm v1.80.4 (self-signed, key ID AAD3B791C49CC253)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:20+05:30 logger.go:67: - Installing hashicorp/time v0.13.1...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:21+05:30 logger.go:67: - Installed hashicorp/time v0.13.1 (signed by HashiCorp)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:21+05:30 logger.go:67: - Installing hashicorp/random v3.7.2...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: - Installed hashicorp/random v3.7.2 (signed by HashiCorp)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: Partner and community providers are signed by their developers.
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: If you'd like to know more about provider signing, you can read about it here:
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: https://developer.hashicorp.com/terraform/cli/plugins/signing
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: Terraform has created a lock file .terraform.lock.hcl to record the provider
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: selections it made above. Include this file in your version control repository
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: so that Terraform can guarantee to make the same selections by default when
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: you run "terraform init" in the future.
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: Terraform has been successfully initialized!
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: You may now begin working with Terraform. Try running "terraform plan" to see
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: any changes that are required for your infrastructure. All Terraform commands
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: should now work.
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: If you ever set or change modules or backend configuration for Terraform,
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: rerun this command to reinitialize your working directory. If you forget, other
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: commands will detect it and remind you to do so if necessary.
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 retry.go:91: terraform [apply -input=false -auto-approve -var prefix=ocp-fc-j7yffx -var region=ca-tor -lock=false]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: Running command terraform with args [apply -input=false -auto-approve -var prefix=ocp-fc-j7yffx -var region=ca-tor -lock=false]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:25+05:30 logger.go:67: module.vpc.data.ibm_iam_account_settings.iam_account_settings: Reading...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:26+05:30 logger.go:67: module.vpc.data.ibm_iam_account_settings.iam_account_settings: Read complete after 2s [id=abac0df06b644a9cabc6e44f55b3880e]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: Terraform used the selected providers to generate the following execution
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: plan. Resource actions are indicated with the following symbols:
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + create
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:  <= read (data resources)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: Terraform will perform the following actions:
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.cos.ibm_cos_bucket.cos_bucket1[0] will be created
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_cos_bucket" "cos_bucket1" {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + bucket_name          = "ocp-fc-j7yffx-bucket"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + crn                  = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + endpoint_type        = "public"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + force_delete         = true
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id                   = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + region_location      = "ca-tor"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_instance_id = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + s3_endpoint_direct   = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + s3_endpoint_private  = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + s3_endpoint_public   = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + storage_class        = "standard"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + activity_tracking {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + management_events = true
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + read_data_events  = true
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + write_data_events = true
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:         }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + metrics_monitoring {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + request_metrics_enabled = true
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + usage_metrics_enabled   = true
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:         }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.cos.ibm_cos_bucket_lifecycle_configuration.cos_bucket_lifecycle[0] will be created
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_cos_bucket_lifecycle_configuration" "cos_bucket_lifecycle" {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + bucket_crn      = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + bucket_location = "ca-tor"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + endpoint_type   = "public"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + lifecycle_rule {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + rule_id = "expiry-rule"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + status  = "enable"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + expiration {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:               + days                         = 365
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:               + expired_object_delete_marker = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:             }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + filter {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:                 # (1 unchanged attribute hidden)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:             }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:         }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + lifecycle_rule {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + rule_id = "archive-rule"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + status  = "enable"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + filter {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:                 # (1 unchanged attribute hidden)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:             }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + transition {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:               + days          = 90
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:               + storage_class = "GLACIER"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:             }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:         }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.cos.ibm_resource_instance.cos_instance[0] will be created
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_resource_instance" "cos_instance" {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + account_id              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + allow_cleanup           = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + created_at              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + created_by              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + crn                     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + dashboard_url           = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + deleted_at              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + deleted_by              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + extensions              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + guid                    = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id                      = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + last_operation          = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + location                = "global"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + locked                  = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + name                    = "ocp-fc-j7yffx-cos"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + onetime_credentials     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + plan                    = "standard"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + plan_history            = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_aliases_url    = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_bindings_url   = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_controller_url = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_crn            = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group_crn      = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group_id       = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group_name     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_id             = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_keys_url       = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_name           = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_plan_id        = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_status         = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + restored_at             = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + restored_by             = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + scheduled_reclaim_at    = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + scheduled_reclaim_by    = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + service                 = "cloud-object-storage"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + service_endpoints       = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + state                   = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + status                  = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + sub_type                = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + tags                    = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + target_crn              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + type                    = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + update_at               = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + update_by               = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0] will be created
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "time_sleep" "wait_for_cos_bucket_lifecycle" {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + create_duration = "90s"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.resource_group.ibm_resource_group.resource_group[0] will be created
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_resource_group" "resource_group" {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + created_at          = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + crn                 = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default             = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id                  = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + name                = "ocp-fc-j7yffx-resource-group"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + payment_methods_url = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + quota_id            = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + quota_url           = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_linkages   = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + state               = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + teams_url           = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + updated_at          = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.vpc.data.ibm_is_vpc.vpc will be read during apply
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # (config refers to values not yet known)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:  <= data "ibm_is_vpc" "vpc" {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + access_tags                 = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + classic_access              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + crn                         = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + cse_source_addresses        = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_address_prefixes    = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_network_acl         = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_network_acl_crn     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_network_acl_name    = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_routing_table       = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_routing_table_name  = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_security_group      = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_security_group_crn  = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_security_group_name = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + dns                         = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + health_reasons              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + health_state                = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id                          = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + identifier                  = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_controller_url     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_crn                = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group_name         = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_name               = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_status             = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + security_group              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + status                      = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + subnets                     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + tags                        = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.vpc.data.ibm_is_vpc_address_prefixes.get_address_prefixes will be read during apply
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # (config refers to values not yet known)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:  <= data "ibm_is_vpc_address_prefixes" "get_address_prefixes" {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + address_prefixes = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id               = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + vpc              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.vpc.ibm_is_network_acl.network_acl["vpc-acl"] will be created
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_is_network_acl" "network_acl" {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + access_tags             = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + crn                     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id                      = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + name                    = "ocp-fc-j7yffx-vpc-acl"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_controller_url = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_crn            = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group          = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group_name     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_name           = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + tags                    = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + vpc                     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + rules (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.vpc.ibm_is_public_gateway.gateway["zone-1"] will be created
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_is_public_gateway" "gateway" {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + access_tags             = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + crn                     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + floating_ip             = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id                      = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + name                    = "ocp-fc-j7yffx-vpc-public-gateway-zone-1"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_controller_url = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_crn            = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group          = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group_name     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_name           = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_status         = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + status                  = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + tags                    = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + vpc                     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + zone                    = "ca-tor-1"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.vpc.ibm_is_subnet.subnet["ocp-fc-j7yffx-vpc-subnet-a"] will be created
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_is_subnet" "subnet" {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + access_tags                  = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + available_ipv4_address_count = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + crn                          = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id                           = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + ip_version                   = "ipv4"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + ipv4_cidr_block              = "10.10.10.0/24"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + name                         = "ocp-fc-j7yffx-vpc-subnet-a"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + network_acl                  = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + public_gateway               = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_controller_url      = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_crn                 = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group               = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group_name          = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_name                = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_status              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + routing_table                = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + routing_table_crn            = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + status                       = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + tags                         = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + total_ipv4_address_count     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + vpc                          = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + zone                         = "ca-tor-1"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.vpc.ibm_is_vpc.vpc[0] will be created
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_is_vpc" "vpc" {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + access_tags                 = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + address_prefix_management   = "manual"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + classic_access              = false
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + crn                         = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + cse_source_addresses        = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_address_prefixes    = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_network_acl         = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_network_acl_crn     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_network_acl_name    = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_routing_table       = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_routing_table_crn   = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_routing_table_name  = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_security_group      = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_security_group_crn  = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_security_group_name = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + health_reasons              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + health_state                = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id                          = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + name                        = "ocp-fc-j7yffx-vpc"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + no_sg_acl_rules             = false
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_controller_url     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_crn                = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group_name         = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_name               = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_status             = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + security_group              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + status                      = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + subnets                     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + tags                        = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + dns {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + enable_hub               = false
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + resolution_binding_count = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + resolver (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:         }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.vpc.ibm_is_vpc_address_prefix.subnet_prefix["ocp-fc-j7yffx-vpc-subnet-a"] will be created
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_is_vpc_address_prefix" "subnet_prefix" {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + address_prefix = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + cidr           = "10.10.10.0/24"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + has_subnets    = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id             = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + is_default     = false
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + name           = "ocp-fc-j7yffx-vpc-subnet-a"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + related_crn    = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + vpc            = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + zone           = "ca-tor-1"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.vpc.time_sleep.wait_for_vpc_creation_data[0] will be created
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "time_sleep" "wait_for_vpc_creation_data" {
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + create_duration = "30s"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: Plan: 11 to add, 0 to change, 0 to destroy.
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: Changes to Outputs:
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + cos_crn             = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + cos_instance_id     = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource_group_id   = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource_group_name = "ocp-fc-j7yffx-resource-group"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + vpc_crn             = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + vpc_id              = (known after apply)
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Creating...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:29+05:30 logger.go:67: module.resource_group.ibm_resource_group.resource_group[0]: Creating...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:34+05:30 logger.go:67: module.resource_group.ibm_resource_group.resource_group[0]: Creation complete after 5s [id=4885fb8717464a0aa03e08a301865bda]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:34+05:30 logger.go:67: module.cos.ibm_resource_instance.cos_instance[0]: Creating...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:34+05:30 logger.go:67: module.vpc.ibm_is_vpc.vpc[0]: Creating...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:38+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Still creating... [00m10s elapsed]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:44+05:30 logger.go:67: module.cos.ibm_resource_instance.cos_instance[0]: Still creating... [00m10s elapsed]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:44+05:30 logger.go:67: module.vpc.ibm_is_vpc.vpc[0]: Still creating... [00m10s elapsed]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:48+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Still creating... [00m20s elapsed]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:50+05:30 logger.go:67: module.cos.ibm_resource_instance.cos_instance[0]: Creation complete after 17s [id=crn:v1:bluemix:public:cloud-object-storage:global:a/abac0df06b644a9cabc6e44f55b3880e:e9514e57-86dd-4caf-bdfc-d1303be9f832::]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:51+05:30 logger.go:67: module.cos.ibm_cos_bucket.cos_bucket1[0]: Creating...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:54+05:30 logger.go:67: module.vpc.ibm_is_vpc.vpc[0]: Still creating... [00m20s elapsed]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:15:58+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Still creating... [00m30s elapsed]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:00+05:30 logger.go:67: module.cos.ibm_cos_bucket.cos_bucket1[0]: Creation complete after 9s [id=crn:v1:bluemix:public:cloud-object-storage:global:a/abac0df06b644a9cabc6e44f55b3880e:e9514e57-86dd-4caf-bdfc-d1303be9f832:bucket:ocp-fc-j7yffx-bucket:meta:rl:ca-tor:public]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:00+05:30 logger.go:67: module.vpc.ibm_is_vpc.vpc[0]: Creation complete after 25s [id=r038-af957598-165f-4c76-a6b1-58e4aaf202ce]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:00+05:30 logger.go:67: module.vpc.ibm_is_public_gateway.gateway["zone-1"]: Creating...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:08+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Still creating... [00m40s elapsed]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:10+05:30 logger.go:67: module.vpc.ibm_is_public_gateway.gateway["zone-1"]: Still creating... [00m10s elapsed]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:14+05:30 logger.go:67: module.vpc.ibm_is_public_gateway.gateway["zone-1"]: Creation complete after 14s [id=r038-2b952bfe-c031-437c-b939-2bc6ad31ecdc]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:14+05:30 logger.go:67: module.vpc.ibm_is_vpc_address_prefix.subnet_prefix["ocp-fc-j7yffx-vpc-subnet-a"]: Creating...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:17+05:30 logger.go:67: module.vpc.ibm_is_vpc_address_prefix.subnet_prefix["ocp-fc-j7yffx-vpc-subnet-a"]: Creation complete after 3s [id=r038-af957598-165f-4c76-a6b1-58e4aaf202ce/r038-d2bbbc38-da04-4588-a64f-c18d70439325]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:17+05:30 logger.go:67: module.vpc.data.ibm_is_vpc_address_prefixes.get_address_prefixes: Reading...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:17+05:30 logger.go:67: module.vpc.data.ibm_is_vpc_address_prefixes.get_address_prefixes: Read complete after 0s [id=2025-07-29 05:46:17.938353 +0000 UTC]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:18+05:30 logger.go:67: module.vpc.ibm_is_network_acl.network_acl["vpc-acl"]: Creating...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:18+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Still creating... [00m50s elapsed]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:25+05:30 logger.go:67: module.vpc.ibm_is_network_acl.network_acl["vpc-acl"]: Creation complete after 7s [id=r038-92002815-37a3-438b-9da0-182781ee8ece]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:25+05:30 logger.go:67: module.vpc.ibm_is_subnet.subnet["ocp-fc-j7yffx-vpc-subnet-a"]: Creating...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:28+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Still creating... [01m00s elapsed]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:35+05:30 logger.go:67: module.vpc.ibm_is_subnet.subnet["ocp-fc-j7yffx-vpc-subnet-a"]: Still creating... [00m10s elapsed]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:38+05:30 logger.go:67: module.vpc.ibm_is_subnet.subnet["ocp-fc-j7yffx-vpc-subnet-a"]: Creation complete after 13s [id=02q7-dfd9da00-89b3-462c-9393-ae3ef12e19f0]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:38+05:30 logger.go:67: module.vpc.time_sleep.wait_for_vpc_creation_data[0]: Creating...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:38+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Still creating... [01m10s elapsed]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:48+05:30 logger.go:67: module.vpc.time_sleep.wait_for_vpc_creation_data[0]: Still creating... [00m10s elapsed]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:48+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Still creating... [01m20s elapsed]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:58+05:30 logger.go:67: module.vpc.time_sleep.wait_for_vpc_creation_data[0]: Still creating... [00m20s elapsed]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:58+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Creation complete after 1m30s [id=2025-07-29T05:46:58Z]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:16:58+05:30 logger.go:67: module.cos.ibm_cos_bucket_lifecycle_configuration.cos_bucket_lifecycle[0]: Creating...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:17:01+05:30 logger.go:67: module.cos.ibm_cos_bucket_lifecycle_configuration.cos_bucket_lifecycle[0]: Creation complete after 2s [id=crn:v1:bluemix:public:cloud-object-storage:global:a/abac0df06b644a9cabc6e44f55b3880e:e9514e57-86dd-4caf-bdfc-d1303be9f832:bucket:ocp-fc-j7yffx-bucket:meta:ca-tor:public]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:17:08+05:30 logger.go:67: module.vpc.time_sleep.wait_for_vpc_creation_data[0]: Still creating... [00m30s elapsed]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:17:08+05:30 logger.go:67: module.vpc.time_sleep.wait_for_vpc_creation_data[0]: Creation complete after 30s [id=2025-07-29T05:47:08Z]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:17:08+05:30 logger.go:67: module.vpc.data.ibm_is_vpc.vpc: Reading...
+TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: module.vpc.data.ibm_is_vpc.vpc: Read complete after 5s [id=r038-af957598-165f-4c76-a6b1-58e4aaf202ce]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: Apply complete! Resources: 11 added, 0 changed, 0 destroyed.
+TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: Outputs:
+TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: 
+TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: cos_crn = "crn:v1:bluemix:public:cloud-object-storage:global:a/abac0df06b644a9cabc6e44f55b3880e:e9514e57-86dd-4caf-bdfc-d1303be9f832::"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: cos_instance_id = "crn:v1:bluemix:public:cloud-object-storage:global:a/abac0df06b644a9cabc6e44f55b3880e:e9514e57-86dd-4caf-bdfc-d1303be9f832::"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: resource_group_id = "4885fb8717464a0aa03e08a301865bda"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: resource_group_name = "ocp-fc-j7yffx-resource-group"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: vpc_crn = "crn:v1:bluemix:public:is:ca-tor:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r038-af957598-165f-4c76-a6b1-58e4aaf202ce"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: vpc_id = "r038-af957598-165f-4c76-a6b1-58e4aaf202ce"
+2025/07/29 11:17:24 Region au-syd VPC count: 9
+2025/07/29 11:17:24 --- new best region is au-syd
+2025/07/29 11:17:28 Region ca-tor VPC count: 9
+2025/07/29 11:17:34 Region br-sao VPC count: 15
+2025/07/29 11:17:39 Region eu-de VPC count: 12
+2025/07/29 11:17:44 Region eu-es VPC count: 8
+2025/07/29 11:17:44 --- new best region is eu-es
+2025/07/29 11:17:49 Region eu-gb VPC count: 8
+2025/07/29 11:17:53 Region us-east VPC count: 27
+2025/07/29 11:17:57 Region us-south VPC count: 25
+2025/07/29 11:18:02 Region jp-osa VPC count: 8
+2025/07/29 11:18:07 Region jp-tok VPC count: 8
+2025/07/29 11:18:07 Best region was found!: eu-es
+TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 retry.go:91: terraform [output -no-color -json resource_group_name]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 logger.go:67: Running command terraform with args [output -no-color -json resource_group_name]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 logger.go:67: "ocp-fc-j7yffx-resource-group"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 retry.go:91: terraform [output -no-color -json cos_instance_id]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 logger.go:67: Running command terraform with args [output -no-color -json cos_instance_id]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 logger.go:67: "crn:v1:bluemix:public:cloud-object-storage:global:a/abac0df06b644a9cabc6e44f55b3880e:e9514e57-86dd-4caf-bdfc-d1303be9f832::"
+TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 retry.go:91: terraform [output -no-color -json vpc_crn]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 logger.go:67: Running command terraform with args [output -no-color -json vpc_crn]
+TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 logger.go:67: "crn:v1:bluemix:public:is:ca-tor:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r038-af957598-165f-4c76-a6b1-58e4aaf202ce"
+    tests.go:347: [SCHEMATICS] Random Workspace region chosen: us
+    schematics.go:137: [SCHEMATICS] Schematics API for region us: https://us.schematics.cloud.ibm.com
+    tests.go:101: [SCHEMATICS] Creating Test Workspace
+    tests.go:107: [SCHEMATICS] Workspace Created: ocp-fc-kum (us-east.workspace.ocp-fc-kum.e3c2c4ce)
+    tests.go:124: Starting with variable validation for branch: issue-13896 
+    schematics.go:234: [SCHEMATICS] Creating TAR file
+    schematics.go:240: [SCHEMATICS] Uploading TAR file
+    schematics.go:558: [SCHEMATICS] ... still waiting for job TAR_WORKSPACE_UPLOAD to complete: 1 minutes
+    schematics.go:567: [SCHEMATICS] The status of job TAR_WORKSPACE_UPLOAD is: COMPLETED
+    tests.go:146: [SCHEMATICS] Updating Workspace Variablestore
+    tests.go:162: [SCHEMATICS] Starting PLAN job ...
+    schematics.go:558: [SCHEMATICS] ... still waiting for job PLAN to complete: 1 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job PLAN to complete: 2 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job PLAN to complete: 3 minutes
+    schematics.go:567: [SCHEMATICS] The status of job PLAN is: COMPLETED
+    tests.go:196: [SCHEMATICS] Starting APPLY job ...
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 1 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 2 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 3 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 4 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 5 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 6 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 7 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 8 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 9 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 10 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 11 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 12 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 13 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 14 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 15 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 16 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 17 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 18 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 19 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 20 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 21 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 22 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 23 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 24 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 25 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 26 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 27 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 28 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 29 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 30 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 31 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 32 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 33 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 34 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 35 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 36 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 37 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 38 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 39 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 40 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 41 minutes
+    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 42 minutes
+signal: interrupt
+FAIL	github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc	3084.898s
diff --git a/tests/pr_test.go b/tests/pr_test.go
index e0fa6ab8..e547dd32 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -105,7 +105,7 @@ func TestRunFullyConfigurableInSchematics(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "ocp-fc",
-		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/**/*"},
+		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/kubeconfig/README.md", "modules/kube-audit/scripts/*.sh", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,
@@ -141,7 +141,7 @@ func TestRunUpgradeFullyConfigurable(t *testing.T) {
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing:               t,
 		Prefix:                "fc-upg",
-		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/**/*"},
+		TarIncludePatterns:    []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/kubeconfig/README.md", "modules/kube-audit/scripts/*.sh", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*"},
 		TemplateFolder:        fullyConfigurableTerraformDir,
 		Tags:                  []string{"test-schematic"},
 		DeleteWorkspaceOnFail: false,

From d73cf098ed7fbfdcbb012e582bdbc9915b0a58a5 Mon Sep 17 00:00:00 2001
From: aatreyee257 <mukherjeeaatreyee25@gmail.com>
Date: Tue, 29 Jul 2025 12:16:54 +0530
Subject: [PATCH 26/26] fixes

---
 logs.txt | 530 -------------------------------------------------------
 1 file changed, 530 deletions(-)
 delete mode 100644 logs.txt

diff --git a/logs.txt b/logs.txt
deleted file mode 100644
index 84fa264c..00000000
--- a/logs.txt
+++ /dev/null
@@ -1,530 +0,0 @@
-cd tests && go test -run TestRunFullyConfigurableInSchematics -count=1 -v -timeout 600m
-=== RUN   TestRunFullyConfigurableInSchematics
-=== PAUSE TestRunFullyConfigurableInSchematics
-=== CONT  TestRunFullyConfigurableInSchematics
-2025/07/29 11:14:18 Region au-syd VPC count: 9
-2025/07/29 11:14:18 --- new best region is au-syd
-2025/07/29 11:14:22 Region ca-tor VPC count: 8
-2025/07/29 11:14:22 --- new best region is ca-tor
-2025/07/29 11:14:27 Region br-sao VPC count: 15
-2025/07/29 11:14:33 Region eu-de VPC count: 12
-2025/07/29 11:14:39 Region eu-es VPC count: 8
-2025/07/29 11:14:44 Region eu-gb VPC count: 8
-2025/07/29 11:14:48 Region us-east VPC count: 27
-2025/07/29 11:14:54 Region us-south VPC count: 25
-2025/07/29 11:14:59 Region jp-osa VPC count: 8
-2025/07/29 11:15:04 Region jp-tok VPC count: 8
-2025/07/29 11:15:04 Best region was found!: ca-tor
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 retry.go:91: terraform [workspace list]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: Running command terraform with args [workspace list]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: * default
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 retry.go:91: terraform [workspace new ocp-fc-j7yffx]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: Running command terraform with args [workspace new ocp-fc-j7yffx]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: Created and switched to workspace "ocp-fc-j7yffx"!
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: You're now on a new, empty workspace. Workspaces isolate their state,
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: so if you run "terraform plan" Terraform will not see any existing state
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: for this configuration.
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 retry.go:91: terraform [workspace show]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: Running command terraform with args [workspace show]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: ocp-fc-j7yffx
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 retry.go:91: terraform [init -upgrade=true]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: Running command terraform with args [init -upgrade=true]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: Initializing the backend...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:04+05:30 logger.go:67: Upgrading modules...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:05+05:30 logger.go:67: Downloading registry.terraform.io/terraform-ibm-modules/cos/ibm 8.21.25 for cos...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:07+05:30 logger.go:67: - cos in .terraform/modules/cos
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:07+05:30 logger.go:67: Downloading registry.terraform.io/terraform-ibm-modules/cbr/ibm 1.31.0 for cos.bucket_cbr_rule...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:10+05:30 logger.go:67: - cos.bucket_cbr_rule in .terraform/modules/cos.bucket_cbr_rule/modules/cbr-rule-module
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:10+05:30 logger.go:67: Downloading registry.terraform.io/terraform-ibm-modules/cbr/ibm 1.31.0 for cos.instance_cbr_rule...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:10+05:30 logger.go:67: - cos.instance_cbr_rule in .terraform/modules/cos.instance_cbr_rule/modules/cbr-rule-module
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:10+05:30 logger.go:67: Downloading registry.terraform.io/terraform-ibm-modules/resource-group/ibm 1.2.1 for resource_group...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:12+05:30 logger.go:67: - resource_group in .terraform/modules/resource_group
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:12+05:30 logger.go:67: Downloading registry.terraform.io/terraform-ibm-modules/landing-zone-vpc/ibm 7.25.12 for vpc...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc in .terraform/modules/vpc
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc.dynamic_values in .terraform/modules/vpc/dynamic_values
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc.dynamic_values.address_prefixes in .terraform/modules/vpc/dynamic_values/config_modules/list_to_map
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc.dynamic_values.prefix_map in .terraform/modules/vpc/dynamic_values/config_modules/list_to_map
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc.dynamic_values.routes in .terraform/modules/vpc/dynamic_values/config_modules/list_to_map
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc.unit_tests in .terraform/modules/vpc/dynamic_values
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc.unit_tests.address_prefixes in .terraform/modules/vpc/dynamic_values/config_modules/list_to_map
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc.unit_tests.prefix_map in .terraform/modules/vpc/dynamic_values/config_modules/list_to_map
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - vpc.unit_tests.routes in .terraform/modules/vpc/dynamic_values/config_modules/list_to_map
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: Initializing provider plugins...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - Finding ibm-cloud/ibm versions matching ">= 1.64.1, >= 1.70.0, >= 1.76.0, >= 1.79.0, < 2.0.0"...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - Finding hashicorp/time versions matching ">= 0.9.1, < 1.0.0"...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:15+05:30 logger.go:67: - Finding hashicorp/random versions matching ">= 3.5.1, < 4.0.0"...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:16+05:30 logger.go:67: - Installing ibm-cloud/ibm v1.80.4...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:20+05:30 logger.go:67: - Installed ibm-cloud/ibm v1.80.4 (self-signed, key ID AAD3B791C49CC253)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:20+05:30 logger.go:67: - Installing hashicorp/time v0.13.1...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:21+05:30 logger.go:67: - Installed hashicorp/time v0.13.1 (signed by HashiCorp)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:21+05:30 logger.go:67: - Installing hashicorp/random v3.7.2...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: - Installed hashicorp/random v3.7.2 (signed by HashiCorp)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: Partner and community providers are signed by their developers.
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: If you'd like to know more about provider signing, you can read about it here:
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: https://developer.hashicorp.com/terraform/cli/plugins/signing
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: Terraform has created a lock file .terraform.lock.hcl to record the provider
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: selections it made above. Include this file in your version control repository
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: so that Terraform can guarantee to make the same selections by default when
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: you run "terraform init" in the future.
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: Terraform has been successfully initialized!
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: You may now begin working with Terraform. Try running "terraform plan" to see
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: any changes that are required for your infrastructure. All Terraform commands
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: should now work.
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: If you ever set or change modules or backend configuration for Terraform,
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: rerun this command to reinitialize your working directory. If you forget, other
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: commands will detect it and remind you to do so if necessary.
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 retry.go:91: terraform [apply -input=false -auto-approve -var prefix=ocp-fc-j7yffx -var region=ca-tor -lock=false]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:22+05:30 logger.go:67: Running command terraform with args [apply -input=false -auto-approve -var prefix=ocp-fc-j7yffx -var region=ca-tor -lock=false]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:25+05:30 logger.go:67: module.vpc.data.ibm_iam_account_settings.iam_account_settings: Reading...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:26+05:30 logger.go:67: module.vpc.data.ibm_iam_account_settings.iam_account_settings: Read complete after 2s [id=abac0df06b644a9cabc6e44f55b3880e]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: Terraform used the selected providers to generate the following execution
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: plan. Resource actions are indicated with the following symbols:
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + create
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:  <= read (data resources)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: Terraform will perform the following actions:
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.cos.ibm_cos_bucket.cos_bucket1[0] will be created
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_cos_bucket" "cos_bucket1" {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + bucket_name          = "ocp-fc-j7yffx-bucket"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + crn                  = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + endpoint_type        = "public"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + force_delete         = true
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id                   = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + region_location      = "ca-tor"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_instance_id = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + s3_endpoint_direct   = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + s3_endpoint_private  = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + s3_endpoint_public   = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + storage_class        = "standard"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + activity_tracking {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + management_events = true
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + read_data_events  = true
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + write_data_events = true
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:         }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + metrics_monitoring {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + request_metrics_enabled = true
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + usage_metrics_enabled   = true
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:         }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.cos.ibm_cos_bucket_lifecycle_configuration.cos_bucket_lifecycle[0] will be created
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_cos_bucket_lifecycle_configuration" "cos_bucket_lifecycle" {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + bucket_crn      = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + bucket_location = "ca-tor"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + endpoint_type   = "public"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + lifecycle_rule {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + rule_id = "expiry-rule"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + status  = "enable"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + expiration {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:               + days                         = 365
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:               + expired_object_delete_marker = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:             }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + filter {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:                 # (1 unchanged attribute hidden)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:             }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:         }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + lifecycle_rule {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + rule_id = "archive-rule"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + status  = "enable"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + filter {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:                 # (1 unchanged attribute hidden)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:             }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + transition {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:               + days          = 90
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:               + storage_class = "GLACIER"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:             }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:         }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.cos.ibm_resource_instance.cos_instance[0] will be created
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_resource_instance" "cos_instance" {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + account_id              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + allow_cleanup           = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + created_at              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + created_by              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + crn                     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + dashboard_url           = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + deleted_at              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + deleted_by              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + extensions              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + guid                    = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id                      = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + last_operation          = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + location                = "global"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + locked                  = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + name                    = "ocp-fc-j7yffx-cos"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + onetime_credentials     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + plan                    = "standard"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + plan_history            = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_aliases_url    = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_bindings_url   = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_controller_url = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_crn            = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group_crn      = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group_id       = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group_name     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_id             = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_keys_url       = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_name           = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_plan_id        = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_status         = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + restored_at             = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + restored_by             = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + scheduled_reclaim_at    = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + scheduled_reclaim_by    = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + service                 = "cloud-object-storage"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + service_endpoints       = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + state                   = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + status                  = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + sub_type                = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + tags                    = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + target_crn              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + type                    = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + update_at               = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + update_by               = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0] will be created
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "time_sleep" "wait_for_cos_bucket_lifecycle" {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + create_duration = "90s"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.resource_group.ibm_resource_group.resource_group[0] will be created
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_resource_group" "resource_group" {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + created_at          = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + crn                 = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default             = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id                  = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + name                = "ocp-fc-j7yffx-resource-group"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + payment_methods_url = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + quota_id            = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + quota_url           = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_linkages   = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + state               = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + teams_url           = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + updated_at          = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.vpc.data.ibm_is_vpc.vpc will be read during apply
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # (config refers to values not yet known)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:  <= data "ibm_is_vpc" "vpc" {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + access_tags                 = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + classic_access              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + crn                         = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + cse_source_addresses        = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_address_prefixes    = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_network_acl         = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_network_acl_crn     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_network_acl_name    = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_routing_table       = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_routing_table_name  = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_security_group      = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_security_group_crn  = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_security_group_name = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + dns                         = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + health_reasons              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + health_state                = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id                          = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + identifier                  = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_controller_url     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_crn                = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group_name         = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_name               = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_status             = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + security_group              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + status                      = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + subnets                     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + tags                        = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.vpc.data.ibm_is_vpc_address_prefixes.get_address_prefixes will be read during apply
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # (config refers to values not yet known)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:  <= data "ibm_is_vpc_address_prefixes" "get_address_prefixes" {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + address_prefixes = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id               = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + vpc              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.vpc.ibm_is_network_acl.network_acl["vpc-acl"] will be created
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_is_network_acl" "network_acl" {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + access_tags             = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + crn                     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id                      = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + name                    = "ocp-fc-j7yffx-vpc-acl"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_controller_url = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_crn            = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group          = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group_name     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_name           = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + tags                    = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + vpc                     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + rules (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.vpc.ibm_is_public_gateway.gateway["zone-1"] will be created
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_is_public_gateway" "gateway" {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + access_tags             = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + crn                     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + floating_ip             = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id                      = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + name                    = "ocp-fc-j7yffx-vpc-public-gateway-zone-1"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_controller_url = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_crn            = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group          = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group_name     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_name           = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_status         = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + status                  = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + tags                    = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + vpc                     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + zone                    = "ca-tor-1"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.vpc.ibm_is_subnet.subnet["ocp-fc-j7yffx-vpc-subnet-a"] will be created
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_is_subnet" "subnet" {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + access_tags                  = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + available_ipv4_address_count = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + crn                          = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id                           = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + ip_version                   = "ipv4"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + ipv4_cidr_block              = "10.10.10.0/24"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + name                         = "ocp-fc-j7yffx-vpc-subnet-a"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + network_acl                  = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + public_gateway               = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_controller_url      = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_crn                 = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group               = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group_name          = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_name                = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_status              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + routing_table                = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + routing_table_crn            = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + status                       = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + tags                         = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + total_ipv4_address_count     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + vpc                          = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + zone                         = "ca-tor-1"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.vpc.ibm_is_vpc.vpc[0] will be created
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_is_vpc" "vpc" {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + access_tags                 = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + address_prefix_management   = "manual"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + classic_access              = false
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + crn                         = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + cse_source_addresses        = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_address_prefixes    = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_network_acl         = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_network_acl_crn     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_network_acl_name    = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_routing_table       = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_routing_table_crn   = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_routing_table_name  = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_security_group      = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_security_group_crn  = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + default_security_group_name = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + health_reasons              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + health_state                = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id                          = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + name                        = "ocp-fc-j7yffx-vpc"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + no_sg_acl_rules             = false
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_controller_url     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_crn                = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_group_name         = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_name               = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + resource_status             = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + security_group              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + status                      = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + subnets                     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + tags                        = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + dns {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + enable_hub               = false
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + resolution_binding_count = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:           + resolver (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:         }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.vpc.ibm_is_vpc_address_prefix.subnet_prefix["ocp-fc-j7yffx-vpc-subnet-a"] will be created
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "ibm_is_vpc_address_prefix" "subnet_prefix" {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + address_prefix = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + cidr           = "10.10.10.0/24"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + has_subnets    = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id             = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + is_default     = false
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + name           = "ocp-fc-j7yffx-vpc-subnet-a"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + related_crn    = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + vpc            = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + zone           = "ca-tor-1"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   # module.vpc.time_sleep.wait_for_vpc_creation_data[0] will be created
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource "time_sleep" "wait_for_vpc_creation_data" {
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + create_duration = "30s"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:       + id              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:     }
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: Plan: 11 to add, 0 to change, 0 to destroy.
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: Changes to Outputs:
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + cos_crn             = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + cos_instance_id     = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource_group_id   = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + resource_group_name = "ocp-fc-j7yffx-resource-group"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + vpc_crn             = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67:   + vpc_id              = (known after apply)
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:28+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Creating...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:29+05:30 logger.go:67: module.resource_group.ibm_resource_group.resource_group[0]: Creating...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:34+05:30 logger.go:67: module.resource_group.ibm_resource_group.resource_group[0]: Creation complete after 5s [id=4885fb8717464a0aa03e08a301865bda]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:34+05:30 logger.go:67: module.cos.ibm_resource_instance.cos_instance[0]: Creating...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:34+05:30 logger.go:67: module.vpc.ibm_is_vpc.vpc[0]: Creating...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:38+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Still creating... [00m10s elapsed]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:44+05:30 logger.go:67: module.cos.ibm_resource_instance.cos_instance[0]: Still creating... [00m10s elapsed]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:44+05:30 logger.go:67: module.vpc.ibm_is_vpc.vpc[0]: Still creating... [00m10s elapsed]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:48+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Still creating... [00m20s elapsed]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:50+05:30 logger.go:67: module.cos.ibm_resource_instance.cos_instance[0]: Creation complete after 17s [id=crn:v1:bluemix:public:cloud-object-storage:global:a/abac0df06b644a9cabc6e44f55b3880e:e9514e57-86dd-4caf-bdfc-d1303be9f832::]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:51+05:30 logger.go:67: module.cos.ibm_cos_bucket.cos_bucket1[0]: Creating...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:54+05:30 logger.go:67: module.vpc.ibm_is_vpc.vpc[0]: Still creating... [00m20s elapsed]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:15:58+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Still creating... [00m30s elapsed]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:00+05:30 logger.go:67: module.cos.ibm_cos_bucket.cos_bucket1[0]: Creation complete after 9s [id=crn:v1:bluemix:public:cloud-object-storage:global:a/abac0df06b644a9cabc6e44f55b3880e:e9514e57-86dd-4caf-bdfc-d1303be9f832:bucket:ocp-fc-j7yffx-bucket:meta:rl:ca-tor:public]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:00+05:30 logger.go:67: module.vpc.ibm_is_vpc.vpc[0]: Creation complete after 25s [id=r038-af957598-165f-4c76-a6b1-58e4aaf202ce]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:00+05:30 logger.go:67: module.vpc.ibm_is_public_gateway.gateway["zone-1"]: Creating...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:08+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Still creating... [00m40s elapsed]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:10+05:30 logger.go:67: module.vpc.ibm_is_public_gateway.gateway["zone-1"]: Still creating... [00m10s elapsed]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:14+05:30 logger.go:67: module.vpc.ibm_is_public_gateway.gateway["zone-1"]: Creation complete after 14s [id=r038-2b952bfe-c031-437c-b939-2bc6ad31ecdc]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:14+05:30 logger.go:67: module.vpc.ibm_is_vpc_address_prefix.subnet_prefix["ocp-fc-j7yffx-vpc-subnet-a"]: Creating...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:17+05:30 logger.go:67: module.vpc.ibm_is_vpc_address_prefix.subnet_prefix["ocp-fc-j7yffx-vpc-subnet-a"]: Creation complete after 3s [id=r038-af957598-165f-4c76-a6b1-58e4aaf202ce/r038-d2bbbc38-da04-4588-a64f-c18d70439325]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:17+05:30 logger.go:67: module.vpc.data.ibm_is_vpc_address_prefixes.get_address_prefixes: Reading...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:17+05:30 logger.go:67: module.vpc.data.ibm_is_vpc_address_prefixes.get_address_prefixes: Read complete after 0s [id=2025-07-29 05:46:17.938353 +0000 UTC]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:18+05:30 logger.go:67: module.vpc.ibm_is_network_acl.network_acl["vpc-acl"]: Creating...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:18+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Still creating... [00m50s elapsed]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:25+05:30 logger.go:67: module.vpc.ibm_is_network_acl.network_acl["vpc-acl"]: Creation complete after 7s [id=r038-92002815-37a3-438b-9da0-182781ee8ece]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:25+05:30 logger.go:67: module.vpc.ibm_is_subnet.subnet["ocp-fc-j7yffx-vpc-subnet-a"]: Creating...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:28+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Still creating... [01m00s elapsed]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:35+05:30 logger.go:67: module.vpc.ibm_is_subnet.subnet["ocp-fc-j7yffx-vpc-subnet-a"]: Still creating... [00m10s elapsed]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:38+05:30 logger.go:67: module.vpc.ibm_is_subnet.subnet["ocp-fc-j7yffx-vpc-subnet-a"]: Creation complete after 13s [id=02q7-dfd9da00-89b3-462c-9393-ae3ef12e19f0]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:38+05:30 logger.go:67: module.vpc.time_sleep.wait_for_vpc_creation_data[0]: Creating...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:38+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Still creating... [01m10s elapsed]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:48+05:30 logger.go:67: module.vpc.time_sleep.wait_for_vpc_creation_data[0]: Still creating... [00m10s elapsed]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:48+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Still creating... [01m20s elapsed]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:58+05:30 logger.go:67: module.vpc.time_sleep.wait_for_vpc_creation_data[0]: Still creating... [00m20s elapsed]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:58+05:30 logger.go:67: module.cos.time_sleep.wait_for_cos_bucket_lifecycle[0]: Creation complete after 1m30s [id=2025-07-29T05:46:58Z]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:16:58+05:30 logger.go:67: module.cos.ibm_cos_bucket_lifecycle_configuration.cos_bucket_lifecycle[0]: Creating...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:17:01+05:30 logger.go:67: module.cos.ibm_cos_bucket_lifecycle_configuration.cos_bucket_lifecycle[0]: Creation complete after 2s [id=crn:v1:bluemix:public:cloud-object-storage:global:a/abac0df06b644a9cabc6e44f55b3880e:e9514e57-86dd-4caf-bdfc-d1303be9f832:bucket:ocp-fc-j7yffx-bucket:meta:ca-tor:public]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:17:08+05:30 logger.go:67: module.vpc.time_sleep.wait_for_vpc_creation_data[0]: Still creating... [00m30s elapsed]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:17:08+05:30 logger.go:67: module.vpc.time_sleep.wait_for_vpc_creation_data[0]: Creation complete after 30s [id=2025-07-29T05:47:08Z]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:17:08+05:30 logger.go:67: module.vpc.data.ibm_is_vpc.vpc: Reading...
-TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: module.vpc.data.ibm_is_vpc.vpc: Read complete after 5s [id=r038-af957598-165f-4c76-a6b1-58e4aaf202ce]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: Apply complete! Resources: 11 added, 0 changed, 0 destroyed.
-TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: Outputs:
-TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: 
-TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: cos_crn = "crn:v1:bluemix:public:cloud-object-storage:global:a/abac0df06b644a9cabc6e44f55b3880e:e9514e57-86dd-4caf-bdfc-d1303be9f832::"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: cos_instance_id = "crn:v1:bluemix:public:cloud-object-storage:global:a/abac0df06b644a9cabc6e44f55b3880e:e9514e57-86dd-4caf-bdfc-d1303be9f832::"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: resource_group_id = "4885fb8717464a0aa03e08a301865bda"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: resource_group_name = "ocp-fc-j7yffx-resource-group"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: vpc_crn = "crn:v1:bluemix:public:is:ca-tor:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r038-af957598-165f-4c76-a6b1-58e4aaf202ce"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:17:13+05:30 logger.go:67: vpc_id = "r038-af957598-165f-4c76-a6b1-58e4aaf202ce"
-2025/07/29 11:17:24 Region au-syd VPC count: 9
-2025/07/29 11:17:24 --- new best region is au-syd
-2025/07/29 11:17:28 Region ca-tor VPC count: 9
-2025/07/29 11:17:34 Region br-sao VPC count: 15
-2025/07/29 11:17:39 Region eu-de VPC count: 12
-2025/07/29 11:17:44 Region eu-es VPC count: 8
-2025/07/29 11:17:44 --- new best region is eu-es
-2025/07/29 11:17:49 Region eu-gb VPC count: 8
-2025/07/29 11:17:53 Region us-east VPC count: 27
-2025/07/29 11:17:57 Region us-south VPC count: 25
-2025/07/29 11:18:02 Region jp-osa VPC count: 8
-2025/07/29 11:18:07 Region jp-tok VPC count: 8
-2025/07/29 11:18:07 Best region was found!: eu-es
-TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 retry.go:91: terraform [output -no-color -json resource_group_name]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 logger.go:67: Running command terraform with args [output -no-color -json resource_group_name]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 logger.go:67: "ocp-fc-j7yffx-resource-group"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 retry.go:91: terraform [output -no-color -json cos_instance_id]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 logger.go:67: Running command terraform with args [output -no-color -json cos_instance_id]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 logger.go:67: "crn:v1:bluemix:public:cloud-object-storage:global:a/abac0df06b644a9cabc6e44f55b3880e:e9514e57-86dd-4caf-bdfc-d1303be9f832::"
-TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 retry.go:91: terraform [output -no-color -json vpc_crn]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 logger.go:67: Running command terraform with args [output -no-color -json vpc_crn]
-TestRunFullyConfigurableInSchematics 2025-07-29T11:18:07+05:30 logger.go:67: "crn:v1:bluemix:public:is:ca-tor:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r038-af957598-165f-4c76-a6b1-58e4aaf202ce"
-    tests.go:347: [SCHEMATICS] Random Workspace region chosen: us
-    schematics.go:137: [SCHEMATICS] Schematics API for region us: https://us.schematics.cloud.ibm.com
-    tests.go:101: [SCHEMATICS] Creating Test Workspace
-    tests.go:107: [SCHEMATICS] Workspace Created: ocp-fc-kum (us-east.workspace.ocp-fc-kum.e3c2c4ce)
-    tests.go:124: Starting with variable validation for branch: issue-13896 
-    schematics.go:234: [SCHEMATICS] Creating TAR file
-    schematics.go:240: [SCHEMATICS] Uploading TAR file
-    schematics.go:558: [SCHEMATICS] ... still waiting for job TAR_WORKSPACE_UPLOAD to complete: 1 minutes
-    schematics.go:567: [SCHEMATICS] The status of job TAR_WORKSPACE_UPLOAD is: COMPLETED
-    tests.go:146: [SCHEMATICS] Updating Workspace Variablestore
-    tests.go:162: [SCHEMATICS] Starting PLAN job ...
-    schematics.go:558: [SCHEMATICS] ... still waiting for job PLAN to complete: 1 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job PLAN to complete: 2 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job PLAN to complete: 3 minutes
-    schematics.go:567: [SCHEMATICS] The status of job PLAN is: COMPLETED
-    tests.go:196: [SCHEMATICS] Starting APPLY job ...
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 1 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 2 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 3 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 4 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 5 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 6 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 7 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 8 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 9 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 10 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 11 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 12 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 13 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 14 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 15 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 16 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 17 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 18 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 19 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 20 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 21 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 22 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 23 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 24 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 25 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 26 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 27 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 28 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 29 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 30 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 31 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 32 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 33 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 34 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 35 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 36 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 37 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 38 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 39 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 40 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 41 minutes
-    schematics.go:558: [SCHEMATICS] ... still waiting for job APPLY to complete: 42 minutes
-signal: interrupt
-FAIL	github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc	3084.898s