terraform-ibm-modules · ocofaigh · Sep 1, 2025 · Aug 13, 2025 · Aug 19, 2025 · Aug 19, 2025
@@ -18,3 +18,7 @@ offerings:
       - name: quickstart
         mark_ready: true
         install_type: fullstack
+        scc:
+          instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
+          region: us-south
+          scope_resource_group_var_name: existing_resource_group_name
@@ -86,7 +86,7 @@
                 "crn:v1:bluemix:public:iam::::role:Viewer"
               ],
               "service_name": "Resource group only",
-              "notes":"Viewer access is required in the resource group you want to provision in."
+              "notes": "Viewer access is required in the resource group you want to provision in."
             },
             {
               "role_crns": [
@@ -785,7 +785,7 @@
               "key": "subnets",
               "type": "object",
               "default_value": "{\n    zone-1 = [\n      {\n        name           = \"subnet-a\"\n        cidr           = \"10.10.10.0/24\"\n        public_gateway = true\n        acl_name       = \"vpc-acl\"\n        no_addr_prefix = false\n      }\n    ],\n    zone-2 = [\n      {\n        name           = \"subnet-b\"\n        cidr           = \"10.20.10.0/24\"\n        public_gateway = false\n        acl_name       = \"vpc-acl\"\n        no_addr_prefix = false\n      }\n    ],\n    zone-3 = [\n      {\n        name           = \"subnet-c\"\n        cidr           = \"10.30.10.0/24\"\n        public_gateway = false\n        acl_name       = \"vpc-acl\"\n        no_addr_prefix = false\n      }\n    ]\n  }",
-              "description": "List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#subnets-).",
+              "description": "List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addresses. Public gateways will be enabled only in zones where a gateway has been created. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#subnets-).",
               "required": false,
               "virtual": true
             },
@@ -1059,6 +1059,15 @@
           "index": 1,
           "install_type": "fullstack",
           "working_directory": "solutions/quickstart",
+          "compliance": {
+            "authority": "scc-v3",
+            "profiles": [
+              {
+                "profile_name": "CIS IBM Cloud Foundations Benchmark v1.1.0",
+                "profile_version": "1.1.0"
+              }
+            ]
+          },
           "iam_permissions": [
             {
               "service_name": "containers-kubernetes",
@@ -1084,19 +1093,19 @@
               "notes": "Required for creating Virtual Private Cloud (VPC)."
             },
             {
-                "service_name": "cloud-object-storage",
-                "role_crns": [
-                    "crn:v1:bluemix:public:iam::::serviceRole:Manager",
-                    "crn:v1:bluemix:public:iam::::role:Editor"
-                ],
-                "notes": "Required for creating the OpenShift cluster's internal registry storage bucket."
+              "service_name": "cloud-object-storage",
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::serviceRole:Manager",
+                "crn:v1:bluemix:public:iam::::role:Editor"
+              ],
+              "notes": "Required for creating the OpenShift cluster's internal registry storage bucket."
             },
             {
               "role_crns": [
                 "crn:v1:bluemix:public:iam::::role:Viewer"
               ],
               "service_name": "Resource group only",
-              "notes":"Viewer access is required in the resource group you want to provision in."
+              "notes": "Viewer access is required in the resource group you want to provision in."
             }
           ],
           "architecture": {
@@ -1246,7 +1255,7 @@
             },
             {
               "key": "access_tags",
-              "hidden":true,
+              "hidden": true,
               "custom_config": {
                 "type": "array",
                 "grouping": "deployment",
@@ -1262,7 +1271,9 @@
             {
               "key": "disable_outbound_traffic_protection"
             }
-          ]
+          ],
+          "dependency_version_2": true,
+          "terraform_version": "1.10.5"
         }
       ]
     }

@@ -80,7 +80,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_audit_deployment_name"></a> [audit\_deployment\_name](#input\_audit\_deployment\_name) | The name of log collection deployement and service. | `string` | `"ibmcloud-kube-audit"` | no |
+| <a name="input_audit_deployment_name"></a> [audit\_deployment\_name](#input\_audit\_deployment\_name) | The name of log collection deployment and service. | `string` | `"ibmcloud-kube-audit"` | no |
 | <a name="input_audit_log_policy"></a> [audit\_log\_policy](#input\_audit\_log\_policy) | Specify the amount of information that is logged to the API server audit logs by choosing the audit log policy profile to use. Supported values are `default` and `WriteRequestBodies`. | `string` | `"default"` | no |
 | <a name="input_audit_namespace"></a> [audit\_namespace](#input\_audit\_namespace) | The name of the namespace where log collection service and a deployment will be created. | `string` | `"ibm-kube-audit"` | no |
 | <a name="input_audit_webhook_listener_image"></a> [audit\_webhook\_listener\_image](#input\_audit\_webhook\_listener\_image) | The audit webhook listener image reference in the format of `[registry-url]/[namespace]/[image]`.The sub-module uses the `icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs` image to forward logs to IBM Cloud Logs. This image is for demonstration purposes only. For a production solution, configure and maintain your own log forwarding image. | `string` | `"icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs"` | no |

@@ -20,7 +20,7 @@ get_cloud_endpoint() {
 
 get_cloud_endpoint
 
-# This is a workaround function added to retrive a new token, this can be removed once this issue(https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6107) is fixed.
+# This is a workaround function added to retrieve a new token, this can be removed once this issue(https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6107) is fixed.
 fetch_token() {
     if [ "$IBMCLOUD_IAM_API_ENDPOINT" = "iam.cloud.ibm.com" ]; then
         if [ "$PRIVATE_ENV" = true ]; then
@@ -38,7 +38,7 @@ fetch_token() {
 
 fetch_token
 
-# This is a workaround function added to retrive the CA cert, this can be removed once this issue(https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6068) is fixed.
+# This is a workaround function added to retrieve the CA cert, this can be removed once this issue(https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6068) is fixed.
 get_ca_cert() {
     if [ "$IBMCLOUD_CS_API_ENDPOINT" = "containers.cloud.ibm.com" ]; then
         if [ "$PRIVATE_ENV" = true ]; then

@@ -81,7 +81,7 @@ variable "audit_namespace" {
 
 variable "audit_deployment_name" {
   type        = string
-  description = "The name of log collection deployement and service."
+  description = "The name of log collection deployment and service."
   default     = "ibmcloud-kube-audit"
 }
 

@@ -586,7 +586,7 @@ variable "audit_namespace" {
 
 variable "audit_deployment_name" {
   type        = string
-  description = "The name of log collection deployement and service."
+  description = "The name of log collection deployment and service."
   default     = "ibmcloud-kube-audit"
 }
+1 −1		.github/workflows/ci.yml
+1 −0		.gitignore
+30 −1		README.md
+2 −2		common-go-assets/common-permanent-resources.yaml
+19 −36		commonRenovateConfig.json
+67 −0		da-assets/da-dependency-updater/README.md
+5 −0		da-assets/da-dependency-updater/requirements.txt
+245 −0		da-assets/da-dependency-updater/update_da_dependencies.py
+1 −1		examples/Dockerfile
+24 −5		module-assets/.pre-commit-config.yaml
+4 −0		module-assets/ci/.typos.toml
+8 −8		module-assets/ci/install-deps.sh
+1 −1		module-assets/ci/run-cra-scc-v2.sh
+1 −1		module-assets/ci/run-cra.sh
+1 −1		module-assets/ci/run-tests.sh
+1 −1		module-assets/ci/submoduleVersionCheck.sh
+3 −3		module-assets/ci/terraformDocOverview.py
+1 −1		module-assets/ci/terraformDocsUtils.py
+48 −1		module-assets/ci/validateIbmCatalogJson.py
+1 −1		scripts/update-multiple-repos/updateRepos.sh
+1 −1		scripts/update-source/requirements.txt
+28 −0		shared-pipeline/report.sh
+27 −0		shared-pipeline/setup.sh
+2 −2		stack-assets/.pre-commit-config.yaml
+2 −2		stack-assets/stack-updater/requirements.txt
+1 −1		stack-assets/stack-updater/update_stack_definition.py