diff --git a/common-dev-assets b/common-dev-assets index b0dd6f07..746dc8bd 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit b0dd6f071b908fbae907a7299b92d477dc8972f2 +Subproject commit 746dc8bdcd148e0a1eff04fdfc2da774dba4a784 diff --git a/examples/all-combined/README.md b/examples/all-combined/README.md index a000ff44..0218be17 100644 --- a/examples/all-combined/README.md +++ b/examples/all-combined/README.md @@ -42,7 +42,6 @@ This end-to-end example performs the following actions - Creates and deploys a key-value secret with single key-value couple - Creates and deploys a key-value secret with multiple key-value couples - In order to create the intermediate certificate the following parameters are needed: - imported_certificate_sm_id: Secrets Manager ID where the componenents for the imported certificate are stored - imported_certificate_sm_region: region of the Secrets Manager instance where the componenents for the imported certificate are stored diff --git a/examples/all-combined/main.tf b/examples/all-combined/main.tf index 52972b42..ef8d6ed0 100644 --- a/examples/all-combined/main.tf +++ b/examples/all-combined/main.tf @@ -186,7 +186,7 @@ module "network_acl" { # OCP CLUSTER creation module "ocp_base" { source = "terraform-ibm-modules/base-ocp-vpc/ibm" - version = "3.41.5" + version = "3.41.7" cluster_name = "${var.prefix}-vpc" resource_group_id = module.resource_group.resource_group_id region = var.region diff --git a/examples/all-combined/publiccertificate.tf b/examples/all-combined/publiccertificate.tf index 52a1ccaa..c866f24d 100644 --- a/examples/all-combined/publiccertificate.tf +++ b/examples/all-combined/publiccertificate.tf @@ -8,7 +8,7 @@ module "secrets_manager_public_cert_engine" { count = (var.acme_letsencrypt_private_key != null || (var.acme_letsencrypt_private_key_sm_id != null && var.acme_letsencrypt_private_key_secret_id != null && var.acme_letsencrypt_private_key_sm_region != null)) ? 1 : 0 source = "terraform-ibm-modules/secrets-manager-public-cert-engine/ibm" - version = "1.0.2" + version = "1.0.3" secrets_manager_guid = local.sm_guid region = local.sm_region internet_services_crn = data.ibm_cis.cis_instance.id @@ -36,7 +36,7 @@ module "secrets_manager_public_certificate" { count = (var.acme_letsencrypt_private_key != null || (var.acme_letsencrypt_private_key_sm_id != null && var.acme_letsencrypt_private_key_secret_id != null && var.acme_letsencrypt_private_key_sm_region != null)) ? 1 : 0 depends_on = [module.secrets_manager_public_cert_engine] source = "terraform-ibm-modules/secrets-manager-public-cert/ibm" - version = "1.2.1" + version = "1.2.2" cert_common_name = local.cert_common_name cert_description = "Certificate for ${local.cert_common_name}" cert_name = "${var.prefix}-sm-public-cert" diff --git a/examples/all-combined/secretsmanager.tf b/examples/all-combined/secretsmanager.tf index 66aea7d6..92e6244d 100644 --- a/examples/all-combined/secretsmanager.tf +++ b/examples/all-combined/secretsmanager.tf @@ -59,7 +59,7 @@ resource "ibm_resource_instance" "secrets_manager" { module "iam_secrets_engine" { count = var.existing_sm_instance_guid == null ? 1 : 0 source = "terraform-ibm-modules/secrets-manager-iam-engine/ibm" - version = "1.2.8" + version = "1.2.10" region = local.sm_region secrets_manager_guid = ibm_resource_instance.secrets_manager[0].guid iam_secret_generator_service_id_name = "${var.prefix}-sid:0.0.1:${ibm_resource_instance.secrets_manager[0].name}-iam-secret-generator:automated:simple-service:secret-manager:" @@ -76,7 +76,7 @@ module "iam_secrets_engine" { # create secrets group for secrets module "secrets_manager_group" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.2.2" + version = "1.2.3" region = local.sm_region secrets_manager_guid = local.sm_guid secret_group_name = "${var.prefix}-secret-group" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value @@ -89,7 +89,7 @@ module "secrets_manager_group" { # additional secrets manager secret group for service level secrets module "secrets_manager_group_acct" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.2.2" + version = "1.2.3" count = var.existing_sm_instance_guid == null ? 0 : 1 region = local.sm_region secrets_manager_guid = local.sm_guid diff --git a/examples/all-combined/tpauth_cluster_sstore.tf b/examples/all-combined/tpauth_cluster_sstore.tf index 5a1fd6ad..51fb3189 100644 --- a/examples/all-combined/tpauth_cluster_sstore.tf +++ b/examples/all-combined/tpauth_cluster_sstore.tf @@ -7,7 +7,7 @@ # creating a secrets group for clustersecretstore with trustedprofile auth module "tp_clusterstore_secrets_manager_group" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.2.2" + version = "1.2.3" region = local.sm_region secrets_manager_guid = local.sm_guid secret_group_name = "${var.prefix}-cpstore-tp-secret-group" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value diff --git a/examples/all-combined/tpauth_namespaced_sstore.tf b/examples/all-combined/tpauth_namespaced_sstore.tf index 6c5fc91a..39823485 100644 --- a/examples/all-combined/tpauth_namespaced_sstore.tf +++ b/examples/all-combined/tpauth_namespaced_sstore.tf @@ -40,7 +40,7 @@ module "eso_tp_namespace_secretstores" { # creating a secrets group for each namespace to be used for namespaced secretstores with trustedprofile auth module "tp_secrets_manager_groups" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.2.2" + version = "1.2.3" count = length(var.es_namespaces_tp) region = local.sm_region secrets_manager_guid = local.sm_guid @@ -140,7 +140,7 @@ module "eso_tp_namespace_secretstore_multisg" { # creating two secrets groups for a single namespace to test trusted profile policy on multiple secrets groups module "tp_secrets_manager_group_multi_1" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.2.2" + version = "1.2.3" region = local.sm_region secrets_manager_guid = local.sm_guid secret_group_name = "${var.prefix}-tp-secret-group-multisg-1" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value @@ -152,7 +152,7 @@ module "tp_secrets_manager_group_multi_1" { module "tp_secrets_manager_group_multi_2" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.2.2" + version = "1.2.3" region = local.sm_region secrets_manager_guid = local.sm_guid secret_group_name = "${var.prefix}-tp-secret-group-multisg-21" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value @@ -285,7 +285,7 @@ module "eso_tp_namespace_secretstore_nosecgroup" { # creating secrets group for a single namespace to test trusted profile policy without any secret group in the TP policy module "tp_secrets_manager_group_not_for_policy" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.2.2" + version = "1.2.3" region = local.sm_region secrets_manager_guid = local.sm_guid secret_group_name = "${var.prefix}-tp-secret-group-not-for-policy" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value diff --git a/examples/all-combined/version.tf b/examples/all-combined/version.tf index 76387a83..5cc9cc6a 100644 --- a/examples/all-combined/version.tf +++ b/examples/all-combined/version.tf @@ -14,9 +14,8 @@ terraform { version = ">= 0.9.1" } ibm = { - source = "IBM-Cloud/ibm" - # version = ">= 1.62.0 - version = ">= 1.62.0, < 1.76.0" # locking terraform provider version to 1.75.2 due to issue https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6050 + source = "IBM-Cloud/ibm" + version = ">= 1.62.0" } null = { source = "hashicorp/null" diff --git a/examples/basic/main.tf b/examples/basic/main.tf index 646b77e9..1ef5e7dc 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -209,7 +209,7 @@ module "network_acl" { # OCP CLUSTER creation module "ocp_base" { source = "terraform-ibm-modules/base-ocp-vpc/ibm" - version = "3.41.5" + version = "3.41.7" cluster_name = "${var.prefix}-vpc" resource_group_id = module.resource_group.resource_group_id region = var.region @@ -278,7 +278,7 @@ resource "ibm_resource_instance" "secrets_manager" { # Additional Secrets-Manager Secret-Group for SERVICE level secrets module "secrets_manager_group_acct" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.2.2" + version = "1.2.3" count = var.existing_sm_instance_guid == null ? 0 : 1 region = local.sm_region secrets_manager_guid = local.sm_guid @@ -295,7 +295,7 @@ module "secrets_manager_group_acct" { module "iam_secrets_engine" { count = var.existing_sm_instance_guid == null ? 1 : 0 source = "terraform-ibm-modules/secrets-manager-iam-engine/ibm" - version = "1.2.8" + version = "1.2.10" region = local.sm_region secrets_manager_guid = ibm_resource_instance.secrets_manager[0].guid iam_secret_generator_service_id_name = "${var.prefix}-sid:0.0.1:${ibm_resource_instance.secrets_manager[0].name}-iam-secret-generator:automated:simple-service:secret-manager:" diff --git a/examples/basic/version.tf b/examples/basic/version.tf index c0de1ed2..8b012e1b 100644 --- a/examples/basic/version.tf +++ b/examples/basic/version.tf @@ -15,7 +15,7 @@ terraform { } ibm = { source = "IBM-Cloud/ibm" - version = "= 1.71.0" + version = "= 1.76.0" } null = { source = "hashicorp/null" diff --git a/examples/trusted-profiles-authentication/main.tf b/examples/trusted-profiles-authentication/main.tf index 4879c715..f87e4550 100644 --- a/examples/trusted-profiles-authentication/main.tf +++ b/examples/trusted-profiles-authentication/main.tf @@ -60,7 +60,7 @@ resource "ibm_resource_instance" "secrets_manager" { module "secrets_manager_groups" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.2.2" + version = "1.2.3" count = length(kubernetes_namespace.examples) region = local.sm_region secrets_manager_guid = local.sm_guid diff --git a/tests/pr_test.go b/tests/pr_test.go index c867f9af..597da4b4 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -139,6 +139,11 @@ var ignoreUpdates = []string{ "module.external_secret_usr_pass.helm_release.kubernetes_secret_user_pw[0]", "module.external_secret_tp_nosg.helm_release.kubernetes_secret[0]", "module.sdnlb_eso_secret.helm_release.sdnlb_external_secret", + // ignoring updates on trusted_profile due to issue https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6050 + // the issue is a workaround for update on trusted_profile resource history field + // to remove when solved + "module.external_secrets_trusted_profiles[0].ibm_iam_trusted_profile.trusted_profile", + "module.external_secrets_trusted_profiles[1].ibm_iam_trusted_profile.trusted_profile", } func setupOptions(t *testing.T, prefix string, terraformDir string, terraformVars map[string]interface{}) *testhelper.TestOptions {