terraform-ibm-modules · ocofaigh · Mar 24, 2025 · Mar 23, 2025 · Mar 23, 2025 · Mar 24, 2025
@@ -42,7 +42,6 @@ This end-to-end example performs the following actions
   - Creates and deploys a key-value secret with single key-value couple
   - Creates and deploys a key-value secret with multiple key-value couples
 
-
 In order to create the intermediate certificate the following parameters are needed:
 - imported_certificate_sm_id: Secrets Manager ID where the componenents for the imported certificate are stored
 - imported_certificate_sm_region: region of the Secrets Manager instance where the componenents for the imported certificate are stored

@@ -186,7 +186,7 @@ module "network_acl" {
 # OCP CLUSTER creation
 module "ocp_base" {
   source               = "terraform-ibm-modules/base-ocp-vpc/ibm"
-  version              = "3.41.5"
+  version              = "3.41.7"
   cluster_name         = "${var.prefix}-vpc"
   resource_group_id    = module.resource_group.resource_group_id
   region               = var.region

@@ -8,7 +8,7 @@
 module "secrets_manager_public_cert_engine" {
   count                                     = (var.acme_letsencrypt_private_key != null || (var.acme_letsencrypt_private_key_sm_id != null && var.acme_letsencrypt_private_key_secret_id != null && var.acme_letsencrypt_private_key_sm_region != null)) ? 1 : 0
   source                                    = "terraform-ibm-modules/secrets-manager-public-cert-engine/ibm"
-  version                                   = "1.0.2"
+  version                                   = "1.0.3"
   secrets_manager_guid                      = local.sm_guid
   region                                    = local.sm_region
   internet_services_crn                     = data.ibm_cis.cis_instance.id
@@ -36,7 +36,7 @@ module "secrets_manager_public_certificate" {
   count                             = (var.acme_letsencrypt_private_key != null || (var.acme_letsencrypt_private_key_sm_id != null && var.acme_letsencrypt_private_key_secret_id != null && var.acme_letsencrypt_private_key_sm_region != null)) ? 1 : 0
   depends_on                        = [module.secrets_manager_public_cert_engine]
   source                            = "terraform-ibm-modules/secrets-manager-public-cert/ibm"
-  version                           = "1.2.1"
+  version                           = "1.2.2"
   cert_common_name                  = local.cert_common_name
   cert_description                  = "Certificate for ${local.cert_common_name}"
   cert_name                         = "${var.prefix}-sm-public-cert"

@@ -59,7 +59,7 @@ resource "ibm_resource_instance" "secrets_manager" {
 module "iam_secrets_engine" {
   count                                   = var.existing_sm_instance_guid == null ? 1 : 0
   source                                  = "terraform-ibm-modules/secrets-manager-iam-engine/ibm"
-  version                                 = "1.2.8"
+  version                                 = "1.2.10"
   region                                  = local.sm_region
   secrets_manager_guid                    = ibm_resource_instance.secrets_manager[0].guid
   iam_secret_generator_service_id_name    = "${var.prefix}-sid:0.0.1:${ibm_resource_instance.secrets_manager[0].name}-iam-secret-generator:automated:simple-service:secret-manager:"
@@ -76,7 +76,7 @@ module "iam_secrets_engine" {
 # create secrets group for secrets
 module "secrets_manager_group" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.2.2"
+  version                  = "1.2.3"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = "${var.prefix}-secret-group"                   #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
@@ -89,7 +89,7 @@ module "secrets_manager_group" {
 # additional secrets manager secret group for service level secrets
 module "secrets_manager_group_acct" {
   source               = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version              = "1.2.2"
+  version              = "1.2.3"
   count                = var.existing_sm_instance_guid == null ? 0 : 1
   region               = local.sm_region
   secrets_manager_guid = local.sm_guid

@@ -7,7 +7,7 @@
 # creating a secrets group for clustersecretstore with trustedprofile auth
 module "tp_clusterstore_secrets_manager_group" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.2.2"
+  version                  = "1.2.3"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = "${var.prefix}-cpstore-tp-secret-group"                                           #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value

@@ -40,7 +40,7 @@ module "eso_tp_namespace_secretstores" {
 # creating a secrets group for each namespace to be used for namespaced secretstores with trustedprofile auth
 module "tp_secrets_manager_groups" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.2.2"
+  version                  = "1.2.3"
   count                    = length(var.es_namespaces_tp)
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
@@ -140,7 +140,7 @@ module "eso_tp_namespace_secretstore_multisg" {
 # creating two secrets groups for a single namespace to test trusted profile policy on multiple secrets groups
 module "tp_secrets_manager_group_multi_1" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.2.2"
+  version                  = "1.2.3"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = "${var.prefix}-tp-secret-group-multisg-1"                                                                #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
@@ -152,7 +152,7 @@ module "tp_secrets_manager_group_multi_1" {
 
 module "tp_secrets_manager_group_multi_2" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.2.2"
+  version                  = "1.2.3"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = "${var.prefix}-tp-secret-group-multisg-21"                                                               #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
@@ -285,7 +285,7 @@ module "eso_tp_namespace_secretstore_nosecgroup" {
 # creating secrets group for a single namespace to test trusted profile policy without any secret group in the TP policy
 module "tp_secrets_manager_group_not_for_policy" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.2.2"
+  version                  = "1.2.3"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = "${var.prefix}-tp-secret-group-not-for-policy"                                                        #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value

@@ -14,9 +14,8 @@ terraform {
       version = ">= 0.9.1"
     }
     ibm = {
-      source = "IBM-Cloud/ibm"
-      # version = ">= 1.62.0
-      version = ">= 1.62.0, < 1.76.0" # locking terraform provider version to 1.75.2 due to issue https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6050
+      source  = "IBM-Cloud/ibm"
+      version = ">= 1.62.0"
     }
     null = {
       source  = "hashicorp/null"

@@ -209,7 +209,7 @@ module "network_acl" {
 # OCP CLUSTER creation
 module "ocp_base" {
   source               = "terraform-ibm-modules/base-ocp-vpc/ibm"
-  version              = "3.41.5"
+  version              = "3.41.7"
   cluster_name         = "${var.prefix}-vpc"
   resource_group_id    = module.resource_group.resource_group_id
   region               = var.region
@@ -278,7 +278,7 @@ resource "ibm_resource_instance" "secrets_manager" {
 # Additional Secrets-Manager Secret-Group for SERVICE level secrets
 module "secrets_manager_group_acct" {
   source               = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version              = "1.2.2"
+  version              = "1.2.3"
   count                = var.existing_sm_instance_guid == null ? 0 : 1
   region               = local.sm_region
   secrets_manager_guid = local.sm_guid
@@ -295,7 +295,7 @@ module "secrets_manager_group_acct" {
 module "iam_secrets_engine" {
   count                                   = var.existing_sm_instance_guid == null ? 1 : 0
   source                                  = "terraform-ibm-modules/secrets-manager-iam-engine/ibm"
-  version                                 = "1.2.8"
+  version                                 = "1.2.10"
   region                                  = local.sm_region
   secrets_manager_guid                    = ibm_resource_instance.secrets_manager[0].guid
   iam_secret_generator_service_id_name    = "${var.prefix}-sid:0.0.1:${ibm_resource_instance.secrets_manager[0].name}-iam-secret-generator:automated:simple-service:secret-manager:"

@@ -15,7 +15,7 @@ terraform {
     }
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "= 1.71.0"
+      version = "= 1.76.0"
     }
     null = {
       source  = "hashicorp/null"

@@ -60,7 +60,7 @@ resource "ibm_resource_instance" "secrets_manager" {
 
 module "secrets_manager_groups" {
   source               = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version              = "1.2.2"
+  version              = "1.2.3"
   count                = length(kubernetes_namespace.examples)
   region               = local.sm_region
   secrets_manager_guid = local.sm_guid

@@ -139,6 +139,11 @@ var ignoreUpdates = []string{
 	"module.external_secret_usr_pass.helm_release.kubernetes_secret_user_pw[0]",
 	"module.external_secret_tp_nosg.helm_release.kubernetes_secret[0]",
 	"module.sdnlb_eso_secret.helm_release.sdnlb_external_secret",
+	// ignoring updates on trusted_profile due to issue https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6050
+	// the issue is a workaround for update on trusted_profile resource history field
+	// to remove when solved
+	"module.external_secrets_trusted_profiles[0].ibm_iam_trusted_profile.trusted_profile",
+	"module.external_secrets_trusted_profiles[1].ibm_iam_trusted_profile.trusted_profile",
 }
 
 func setupOptions(t *testing.T, prefix string, terraformDir string, terraformVars map[string]interface{}) *testhelper.TestOptions {
+1 −1		module-assets/.pre-commit-config.yaml
+1 −1		stack-assets/.pre-commit-config.yaml