diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml
index 3110933e..c6150d24 100644
--- a/.catalog-onboard-pipeline.yaml
+++ b/.catalog-onboard-pipeline.yaml
@@ -18,3 +18,7 @@ offerings:
- name: quickstart
mark_ready: true
install_type: fullstack
+ scc:
+ instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
+ region: us-south
+ scope_resource_group_var_name: existing_resource_group_name
diff --git a/common-dev-assets b/common-dev-assets
index 2ba5cc2c..abf631a1 160000
--- a/common-dev-assets
+++ b/common-dev-assets
@@ -1 +1 @@
-Subproject commit 2ba5cc2c867361e8bcf34bd95f7359cc03d82b25
+Subproject commit abf631a16a48a308e609896937e1eed16b4aae4e
diff --git a/ibm_catalog.json b/ibm_catalog.json
index a060b57f..022ca9c8 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -86,7 +86,7 @@
"crn:v1:bluemix:public:iam::::role:Viewer"
],
"service_name": "Resource group only",
- "notes":"Viewer access is required in the resource group you want to provision in."
+ "notes": "Viewer access is required in the resource group you want to provision in."
},
{
"role_crns": [
@@ -785,7 +785,7 @@
"key": "subnets",
"type": "object",
"default_value": "{\n zone-1 = [\n {\n name = \"subnet-a\"\n cidr = \"10.10.10.0/24\"\n public_gateway = true\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ],\n zone-2 = [\n {\n name = \"subnet-b\"\n cidr = \"10.20.10.0/24\"\n public_gateway = false\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ],\n zone-3 = [\n {\n name = \"subnet-c\"\n cidr = \"10.30.10.0/24\"\n public_gateway = false\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ]\n }",
- "description": "List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#subnets-).",
+ "description": "List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addresses. Public gateways will be enabled only in zones where a gateway has been created. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#subnets-).",
"required": false,
"virtual": true
},
@@ -1059,6 +1059,15 @@
"index": 1,
"install_type": "fullstack",
"working_directory": "solutions/quickstart",
+ "compliance": {
+ "authority": "scc-v3",
+ "profiles": [
+ {
+ "profile_name": "CIS IBM Cloud Foundations Benchmark v1.1.0",
+ "profile_version": "1.1.0"
+ }
+ ]
+ },
"iam_permissions": [
{
"service_name": "containers-kubernetes",
@@ -1084,19 +1093,19 @@
"notes": "Required for creating Virtual Private Cloud (VPC)."
},
{
- "service_name": "cloud-object-storage",
- "role_crns": [
- "crn:v1:bluemix:public:iam::::serviceRole:Manager",
- "crn:v1:bluemix:public:iam::::role:Editor"
- ],
- "notes": "Required for creating the OpenShift cluster's internal registry storage bucket."
+ "service_name": "cloud-object-storage",
+ "role_crns": [
+ "crn:v1:bluemix:public:iam::::serviceRole:Manager",
+ "crn:v1:bluemix:public:iam::::role:Editor"
+ ],
+ "notes": "Required for creating the OpenShift cluster's internal registry storage bucket."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Viewer"
],
"service_name": "Resource group only",
- "notes":"Viewer access is required in the resource group you want to provision in."
+ "notes": "Viewer access is required in the resource group you want to provision in."
}
],
"architecture": {
@@ -1246,7 +1255,7 @@
},
{
"key": "access_tags",
- "hidden":true,
+ "hidden": true,
"custom_config": {
"type": "array",
"grouping": "deployment",
@@ -1262,7 +1271,9 @@
{
"key": "disable_outbound_traffic_protection"
}
- ]
+ ],
+ "dependency_version_2": true,
+ "terraform_version": "1.10.5"
}
]
}
diff --git a/modules/kube-audit/README.md b/modules/kube-audit/README.md
index da3dbc4d..0cc061f3 100644
--- a/modules/kube-audit/README.md
+++ b/modules/kube-audit/README.md
@@ -80,7 +80,7 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [audit\_deployment\_name](#input\_audit\_deployment\_name) | The name of log collection deployement and service. | `string` | `"ibmcloud-kube-audit"` | no |
+| [audit\_deployment\_name](#input\_audit\_deployment\_name) | The name of log collection deployment and service. | `string` | `"ibmcloud-kube-audit"` | no |
| [audit\_log\_policy](#input\_audit\_log\_policy) | Specify the amount of information that is logged to the API server audit logs by choosing the audit log policy profile to use. Supported values are `default` and `WriteRequestBodies`. | `string` | `"default"` | no |
| [audit\_namespace](#input\_audit\_namespace) | The name of the namespace where log collection service and a deployment will be created. | `string` | `"ibm-kube-audit"` | no |
| [audit\_webhook\_listener\_image](#input\_audit\_webhook\_listener\_image) | The audit webhook listener image reference in the format of `[registry-url]/[namespace]/[image]`.The sub-module uses the `icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs` image to forward logs to IBM Cloud Logs. This image is for demonstration purposes only. For a production solution, configure and maintain your own log forwarding image. | `string` | `"icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs"` | no |
diff --git a/modules/kube-audit/scripts/set_webhook.sh b/modules/kube-audit/scripts/set_webhook.sh
index c65cccb4..483567ae 100755
--- a/modules/kube-audit/scripts/set_webhook.sh
+++ b/modules/kube-audit/scripts/set_webhook.sh
@@ -20,7 +20,7 @@ get_cloud_endpoint() {
get_cloud_endpoint
-# This is a workaround function added to retrive a new token, this can be removed once this issue(https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6107) is fixed.
+# This is a workaround function added to retrieve a new token, this can be removed once this issue(https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6107) is fixed.
fetch_token() {
if [ "$IBMCLOUD_IAM_API_ENDPOINT" = "iam.cloud.ibm.com" ]; then
if [ "$PRIVATE_ENV" = true ]; then
@@ -38,7 +38,7 @@ fetch_token() {
fetch_token
-# This is a workaround function added to retrive the CA cert, this can be removed once this issue(https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6068) is fixed.
+# This is a workaround function added to retrieve the CA cert, this can be removed once this issue(https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6068) is fixed.
get_ca_cert() {
if [ "$IBMCLOUD_CS_API_ENDPOINT" = "containers.cloud.ibm.com" ]; then
if [ "$PRIVATE_ENV" = true ]; then
diff --git a/modules/kube-audit/variables.tf b/modules/kube-audit/variables.tf
index a9e5a7f1..d8f71300 100644
--- a/modules/kube-audit/variables.tf
+++ b/modules/kube-audit/variables.tf
@@ -81,7 +81,7 @@ variable "audit_namespace" {
variable "audit_deployment_name" {
type = string
- description = "The name of log collection deployement and service."
+ description = "The name of log collection deployment and service."
default = "ibmcloud-kube-audit"
}
diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index cc91c826..68f9e80b 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -586,7 +586,7 @@ variable "audit_namespace" {
variable "audit_deployment_name" {
type = string
- description = "The name of log collection deployement and service."
+ description = "The name of log collection deployment and service."
default = "ibmcloud-kube-audit"
}