Merge branch 'main' into da_task_11723

vbontempi · web-flow · commit b0cab5bfc098 · 2025-06-03T17:33:55.000+02:00
diff --git a/README.md b/README.md
@@ -343,7 +343,7 @@ Labels:       app=raw
               release=apikeynspace1-es-docker-uc
 Annotations:  meta.helm.sh/release-name: apikeynspace1-es-docker-uc
               meta.helm.sh/release-namespace: apikeynspace1
-API Version:  external-secrets.io/v1beta1
+API Version:  external-secrets.io/v1
 Kind:         ExternalSecret
 Metadata:
   (...)
@@ -469,23 +469,10 @@ data:
 ## Usage
 
 ```hcl
-module "es_kubernetes_secret" {
-  source                     = "../modules/eso-external-secret"
-  es_kubernetes_secret_type = "dockerconfigjson"
-  sm_secret_type = "iam_credentials"
-  sm_secret_id = module.docker_config.serviceid_apikey_secret_id
-  eso_setup = true
-  es_kubernetes_namespaces = var.es_kubernetes_namespaces
-  es_docker_email = "terraform@ibm.com"
-  eso_generic_secret_apikey = data.ibm_secrets_manager_secret.secret_puller_secret.api_key # pragma: allowlist secret
-  secrets_manager_guid = module.secrets_manager_iam_configuration.secrets_manager_guid
-  region = "us-south"
-  es_kubernetes_secret_name = "dockerconfigjson-iam"
-  depends_on = [
-    kubernetes_namespace.cluster_namespaces
-  ]
-  es_kubernetes_secret_data_key = "apiKey"
-  es_helm_rls_name = "es-docker-iam"
+# Replace "master" with a GIT release version to lock into a specific release
+module "external_secrets_operator" {
+  source        = "git::https://github.com/terraform-ibm-modules/terraform-ibm-external-secrets-operator.git?ref=master"
+  eso_namespace = var.eso_namespace
 }
 ```
 
diff --git a/examples/all-combined/main.tf b/examples/all-combined/main.tf
@@ -186,7 +186,7 @@ module "network_acl" {
 # OCP CLUSTER creation
 module "ocp_base" {
   source               = "terraform-ibm-modules/base-ocp-vpc/ibm"
-  version              = "3.46.17"
+  version              = "3.48.3"
   cluster_name         = "${var.prefix}-vpc"
   resource_group_id    = module.resource_group.resource_group_id
   region               = var.region
diff --git a/examples/all-combined/privatecertificate.tf b/examples/all-combined/privatecertificate.tf
@@ -13,7 +13,7 @@ locals {
 # private certificate engine
 module "secrets_manager_private_secret_engine" {
   source                    = "terraform-ibm-modules/secrets-manager-private-cert-engine/ibm"
-  version                   = "1.4.0"
+  version                   = "1.5.2"
   secrets_manager_guid      = local.sm_guid
   region                    = local.sm_region
   root_ca_name              = var.pvt_ca_name != null ? var.pvt_ca_name : "pvt-${var.prefix}-project-root-ca"
diff --git a/examples/all-combined/secretsmanager.tf b/examples/all-combined/secretsmanager.tf
@@ -36,7 +36,7 @@ resource "ibm_resource_instance" "secrets_manager" {
 # create secrets group for secrets
 module "secrets_manager_group" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.3.5"
+  version                  = "1.3.7"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = "${var.prefix}-secret-group"                   #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
@@ -49,7 +49,7 @@ module "secrets_manager_group" {
 # additional secrets manager secret group for service level secrets
 module "secrets_manager_group_acct" {
   source               = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version              = "1.3.5"
+  version              = "1.3.7"
   region               = local.sm_region
   secrets_manager_guid = local.sm_guid
   #tfsec:ignore:general-secrets-no-plaintext-exposure
diff --git a/examples/all-combined/tpauth_cluster_sstore.tf b/examples/all-combined/tpauth_cluster_sstore.tf
@@ -7,7 +7,7 @@
 # creating a secrets group for clustersecretstore with trustedprofile auth
 module "tp_clusterstore_secrets_manager_group" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.3.5"
+  version                  = "1.3.7"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = "${var.prefix}-cpstore-tp-secret-group"                                           #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
diff --git a/examples/all-combined/tpauth_namespaced_sstore.tf b/examples/all-combined/tpauth_namespaced_sstore.tf
@@ -40,7 +40,7 @@ module "eso_tp_namespace_secretstores" {
 # creating a secrets group for each namespace to be used for namespaced secretstores with trustedprofile auth
 module "tp_secrets_manager_groups" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.3.5"
+  version                  = "1.3.7"
   count                    = length(var.es_namespaces_tp)
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
@@ -140,7 +140,7 @@ module "eso_tp_namespace_secretstore_multisg" {
 # creating two secrets groups for a single namespace to test trusted profile policy on multiple secrets groups
 module "tp_secrets_manager_group_multi_1" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.3.5"
+  version                  = "1.3.7"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = "${var.prefix}-tp-secret-group-multisg-1"                                                                #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
@@ -152,7 +152,7 @@ module "tp_secrets_manager_group_multi_1" {
 
 module "tp_secrets_manager_group_multi_2" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.3.5"
+  version                  = "1.3.7"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = "${var.prefix}-tp-secret-group-multisg-21"                                                               #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
@@ -285,7 +285,7 @@ module "eso_tp_namespace_secretstore_nosecgroup" {
 # creating secrets group for a single namespace to test trusted profile policy without any secret group in the TP policy
 module "tp_secrets_manager_group_not_for_policy" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.3.5"
+  version                  = "1.3.7"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = "${var.prefix}-tp-secret-group-not-for-policy"                                                        #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -198,7 +198,7 @@ module "network_acl" {
 # OCP CLUSTER creation
 module "ocp_base" {
   source               = "terraform-ibm-modules/base-ocp-vpc/ibm"
-  version              = "3.46.17"
+  version              = "3.48.3"
   cluster_name         = "${var.prefix}-vpc"
   resource_group_id    = module.resource_group.resource_group_id
   region               = var.region
@@ -267,7 +267,7 @@ resource "ibm_resource_instance" "secrets_manager" {
 # Additional Secrets-Manager Secret-Group for SERVICE level secrets
 module "secrets_manager_group_acct" {
   source               = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version              = "1.3.5"
+  version              = "1.3.7"
   region               = local.sm_region
   secrets_manager_guid = local.sm_guid
   #tfsec:ignore:general-secrets-no-plaintext-exposure
diff --git a/examples/basic/version.tf b/examples/basic/version.tf
@@ -15,7 +15,7 @@ terraform {
     }
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "= 1.76.0"
+      version = "= 1.78.2"
     }
     null = {
       source  = "hashicorp/null"
diff --git a/examples/trusted-profiles-authentication/main.tf b/examples/trusted-profiles-authentication/main.tf
@@ -41,7 +41,7 @@ resource "ibm_resource_instance" "secrets_manager" {
 
 module "secrets_manager_groups" {
   source               = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version              = "1.3.5"
+  version              = "1.3.7"
   count                = length(kubernetes_namespace.examples)
   region               = local.sm_region
   secrets_manager_guid = local.sm_guid
diff --git a/modules/eso-clusterstore/main.tf b/modules/eso-clusterstore/main.tf
@@ -36,7 +36,7 @@ resource "helm_release" "cluster_secret_store_apikey" {
   values = [
     <<-EOF
     resources:
-      - apiVersion: external-secrets.io/v1beta1
+      - apiVersion: external-secrets.io/v1
         kind: ClusterSecretStore
         metadata:
           name: "${var.clusterstore_name}"
@@ -70,7 +70,7 @@ resource "helm_release" "cluster_secret_store_tp" {
   values = [
     <<-EOF
     resources:
-      - apiVersion: external-secrets.io/v1beta1
+      - apiVersion: external-secrets.io/v1
         kind: ClusterSecretStore
         metadata:
           name: "${var.clusterstore_name}"
diff --git a/modules/eso-external-secret/main.tf b/modules/eso-external-secret/main.tf
@@ -112,7 +112,7 @@ resource "helm_release" "kubernetes_secret" {
   values = [
     <<-EOF
     resources:
-      - apiVersion: external-secrets.io/v1beta1
+      - apiVersion: external-secrets.io/v1
         kind: ExternalSecret
         metadata:
           name: "${var.es_kubernetes_secret_name}"
@@ -151,7 +151,7 @@ resource "helm_release" "kubernetes_secret_chain_list" {
   values = [
     <<-EOF
     resources:
-      - apiVersion: external-secrets.io/v1beta1
+      - apiVersion: external-secrets.io/v1
         kind: ExternalSecret
         metadata:
           name: "${var.es_kubernetes_secret_name}"
@@ -193,7 +193,7 @@ resource "helm_release" "kubernetes_secret_user_pw" {
   values = [
     <<-EOF
     resources:
-      - apiVersion: external-secrets.io/v1beta1
+      - apiVersion: external-secrets.io/v1
         kind: ExternalSecret
         metadata:
           name: "${var.es_kubernetes_secret_name}"
@@ -237,7 +237,7 @@ resource "helm_release" "kubernetes_secret_certificate" {
   values = [
     <<-EOF
     resources:
-      - apiVersion: external-secrets.io/v1beta1
+      - apiVersion: external-secrets.io/v1
         kind: ExternalSecret
         metadata:
           name: "${var.es_kubernetes_secret_name}"
@@ -274,7 +274,7 @@ resource "helm_release" "kubernetes_secret_kv_key" {
   values = [
     <<-EOF
     resources:
-      - apiVersion: external-secrets.io/v1beta1
+      - apiVersion: external-secrets.io/v1
         kind: ExternalSecret
         metadata:
           name: "${var.es_kubernetes_secret_name}"
@@ -314,7 +314,7 @@ resource "helm_release" "kubernetes_secret_kv_all" {
   values = [
     <<-EOF
     resources:
-      - apiVersion: external-secrets.io/v1beta1
+      - apiVersion: external-secrets.io/v1
         kind: ExternalSecret
         metadata:
           name: "${var.es_kubernetes_secret_name}"
diff --git a/modules/eso-secretstore/main.tf b/modules/eso-secretstore/main.tf
@@ -31,7 +31,7 @@ resource "helm_release" "external_secret_store_apikey" {
   values = [
     <<-EOF
     resources:
-      - apiVersion: external-secrets.io/v1beta1
+      - apiVersion: external-secrets.io/v1
         kind: SecretStore
         metadata:
           name: "${var.sstore_store_name}"
@@ -60,7 +60,7 @@ resource "helm_release" "external_secret_store_tp" {
   values = [
     <<-EOF
     resources:
-      - apiVersion: external-secrets.io/v1beta1
+      - apiVersion: external-secrets.io/v1
         kind: SecretStore
         metadata:
           name: "${var.sstore_store_name}"

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ terraform {`
`15`	`15`	`}`
`16`	`16`	`ibm = {`
`17`	`17`	`source = "IBM-Cloud/ibm"`
`18`		`- version = "= 1.76.0"`
	`18`	`+ version = "= 1.78.2"`
`19`	`19`	`}`
`20`	`20`	`null = {`
`21`	`21`	`source = "hashicorp/null"`