From 901366b49e0aa576eb3734cd0433896e0bd4ed26 Mon Sep 17 00:00:00 2001
From: Arya Girish K <arya.girish.k@ibm.com>
Date: Thu, 9 Oct 2025 14:39:18 +0530
Subject: [PATCH 1/2] refactor: Update iam_service_id to iam_id

---
 .trivyignore                                                  | 2 ++
 .../all-combined/imagepull-apikey-secrets-manager/main.tf     | 2 +-
 examples/all-combined/secretsmanager.tf                       | 2 +-
 examples/basic/main.tf                                        | 2 +-
 solutions/fully-configurable/main.tf                          | 4 ++--
 5 files changed, 7 insertions(+), 5 deletions(-)
 create mode 100644 .trivyignore

diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 00000000..54c4fba3
--- /dev/null
+++ b/.trivyignore
@@ -0,0 +1,2 @@
+# Ignore misconfigurations
+AVD-AZU-0012
\ No newline at end of file
diff --git a/examples/all-combined/imagepull-apikey-secrets-manager/main.tf b/examples/all-combined/imagepull-apikey-secrets-manager/main.tf
index f3b8419c..b4e8d26c 100644
--- a/examples/all-combined/imagepull-apikey-secrets-manager/main.tf
+++ b/examples/all-combined/imagepull-apikey-secrets-manager/main.tf
@@ -14,7 +14,7 @@ resource "ibm_iam_service_id" "image_secret_pull_service_id" {
 resource "ibm_iam_service_policy" "cr_policy" {
 
 
-  iam_service_id = ibm_iam_service_id.image_secret_pull_service_id.id
+  iam_id = ibm_iam_service_id.image_secret_pull_service_id.id
   roles          = ["Reader"]
 
   resources {
diff --git a/examples/all-combined/secretsmanager.tf b/examples/all-combined/secretsmanager.tf
index 0685bbb0..4b7e4218 100644
--- a/examples/all-combined/secretsmanager.tf
+++ b/examples/all-combined/secretsmanager.tf
@@ -72,7 +72,7 @@ resource "ibm_iam_service_id" "secret_puller" {
 
 # Create policy to allow new service id to pull secrets from secrets manager
 resource "ibm_iam_service_policy" "secret_puller_policy" {
-  iam_service_id = ibm_iam_service_id.secret_puller.id
+  iam_id = ibm_iam_service_id.secret_puller.id
   roles          = ["Viewer", "SecretsReader"]
 
   resources {
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
index 4bbc127d..61b576e8 100644
--- a/examples/basic/main.tf
+++ b/examples/basic/main.tf
@@ -290,7 +290,7 @@ resource "ibm_iam_service_id" "secret_puller" {
 
 # Create policy to allow new service id to pull secrets from secrets manager
 resource "ibm_iam_service_policy" "secret_puller_policy" {
-  iam_service_id = ibm_iam_service_id.secret_puller.id
+  iam_id = ibm_iam_service_id.secret_puller.id
   roles          = ["Viewer", "SecretsReader"]
 
   resources {
diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf
index 0012682a..1f4ab14f 100644
--- a/solutions/fully-configurable/main.tf
+++ b/solutions/fully-configurable/main.tf
@@ -279,7 +279,7 @@ locals {
 # Create policy to allow new service id to pull secrets from secrets manager
 resource "ibm_iam_service_policy" "cluster_secrets_store_secrets_puller_policy" {
   for_each       = local.cluster_secrets_stores_policies_to_create_map
-  iam_service_id = each.value.accountServiceID
+  iam_id = each.value.accountServiceID
   roles          = ["Viewer", "SecretsReader"]
   resources {
     service              = "secrets-manager"
@@ -538,7 +538,7 @@ locals {
 # Create policy to allow new service id to pull secrets from secrets manager
 resource "ibm_iam_service_policy" "secrets_store_secrets_puller_policy" {
   for_each       = local.secrets_stores_policies_to_create_map
-  iam_service_id = each.value.accountServiceID
+  iam_id = each.value.accountServiceID
   roles          = ["Viewer", "SecretsReader"]
   resources {
     service              = "secrets-manager"

From 9ecba96288835700d8efc5d4ab0771165e98bba1 Mon Sep 17 00:00:00 2001
From: Arya Girish K <arya.girish.k@ibm.com>
Date: Thu, 9 Oct 2025 14:59:26 +0530
Subject: [PATCH 2/2] refactor: Update iam_service_id to iam_id

---
 .trivyignore                                         |  2 +-
 .../imagepull-apikey-secrets-manager/main.tf         |  2 +-
 examples/all-combined/secretsmanager.tf              |  2 +-
 examples/basic/main.tf                               |  2 +-
 solutions/fully-configurable/main.tf                 | 12 ++++++------
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/.trivyignore b/.trivyignore
index 54c4fba3..5c1001e3 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -1,2 +1,2 @@
 # Ignore misconfigurations
-AVD-AZU-0012
\ No newline at end of file
+AVD-AZU-0012
diff --git a/examples/all-combined/imagepull-apikey-secrets-manager/main.tf b/examples/all-combined/imagepull-apikey-secrets-manager/main.tf
index b4e8d26c..609b7003 100644
--- a/examples/all-combined/imagepull-apikey-secrets-manager/main.tf
+++ b/examples/all-combined/imagepull-apikey-secrets-manager/main.tf
@@ -15,7 +15,7 @@ resource "ibm_iam_service_policy" "cr_policy" {
 
 
   iam_id = ibm_iam_service_id.image_secret_pull_service_id.id
-  roles          = ["Reader"]
+  roles  = ["Reader"]
 
   resources {
     service           = "container-registry"
diff --git a/examples/all-combined/secretsmanager.tf b/examples/all-combined/secretsmanager.tf
index 4b7e4218..8f55a84e 100644
--- a/examples/all-combined/secretsmanager.tf
+++ b/examples/all-combined/secretsmanager.tf
@@ -73,7 +73,7 @@ resource "ibm_iam_service_id" "secret_puller" {
 # Create policy to allow new service id to pull secrets from secrets manager
 resource "ibm_iam_service_policy" "secret_puller_policy" {
   iam_id = ibm_iam_service_id.secret_puller.id
-  roles          = ["Viewer", "SecretsReader"]
+  roles  = ["Viewer", "SecretsReader"]
 
   resources {
     service              = "secrets-manager"
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
index 61b576e8..94c1ef0e 100644
--- a/examples/basic/main.tf
+++ b/examples/basic/main.tf
@@ -291,7 +291,7 @@ resource "ibm_iam_service_id" "secret_puller" {
 # Create policy to allow new service id to pull secrets from secrets manager
 resource "ibm_iam_service_policy" "secret_puller_policy" {
   iam_id = ibm_iam_service_id.secret_puller.id
-  roles          = ["Viewer", "SecretsReader"]
+  roles  = ["Viewer", "SecretsReader"]
 
   resources {
     service              = "secrets-manager"
diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf
index 1f4ab14f..4ff725fa 100644
--- a/solutions/fully-configurable/main.tf
+++ b/solutions/fully-configurable/main.tf
@@ -278,9 +278,9 @@ locals {
 
 # Create policy to allow new service id to pull secrets from secrets manager
 resource "ibm_iam_service_policy" "cluster_secrets_store_secrets_puller_policy" {
-  for_each       = local.cluster_secrets_stores_policies_to_create_map
-  iam_id = each.value.accountServiceID
-  roles          = ["Viewer", "SecretsReader"]
+  for_each = local.cluster_secrets_stores_policies_to_create_map
+  iam_id   = each.value.accountServiceID
+  roles    = ["Viewer", "SecretsReader"]
   resources {
     service              = "secrets-manager"
     resource_instance_id = local.sm_guid
@@ -537,9 +537,9 @@ locals {
 
 # Create policy to allow new service id to pull secrets from secrets manager
 resource "ibm_iam_service_policy" "secrets_store_secrets_puller_policy" {
-  for_each       = local.secrets_stores_policies_to_create_map
-  iam_id = each.value.accountServiceID
-  roles          = ["Viewer", "SecretsReader"]
+  for_each = local.secrets_stores_policies_to_create_map
+  iam_id   = each.value.accountServiceID
+  roles    = ["Viewer", "SecretsReader"]
   resources {
     service              = "secrets-manager"
     resource_instance_id = local.sm_guid