feat: remove all code to create a secrets manager instance - use the [terraform-ibm-secrets-manager](https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager) module instead (#660)

Co-authored-by: Conall Ó Cofaigh <[email protected]>

Author: Aashiq-J

README.md

@@ -885,13 +885,11 @@ module "cluster_pattern" {
 | [ibm_resource_group.resource_groups](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_group) | resource |
 | [ibm_resource_instance.appid](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |
 | [ibm_resource_instance.cos](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |
-| [ibm_resource_instance.secrets_manager](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |
 | [ibm_resource_key.appid_key](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key) | resource |
 | [ibm_resource_key.key](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key) | resource |
 | [ibm_resource_tag.bucket_tag](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_tag) | resource |
 | [ibm_resource_tag.cluster_tag](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_tag) | resource |
 | [ibm_resource_tag.cos_tag](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_tag) | resource |
-| [ibm_resource_tag.secrets_manager_tag](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_tag) | resource |
 | [ibm_tg_connection.connection](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/tg_connection) | resource |
 | [ibm_tg_gateway.transit_gateway](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/tg_gateway) | resource |
 | [random_string.random_cos_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
@@ -922,7 +920,6 @@ module "cluster_pattern" {
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | A unique identifier for resources. Must begin with a letter and end with a letter or number. This prefix will be prepended to any resources provisioned by this template. Prefixes must be 16 or fewer characters. | `string` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions. | `string` | n/a | yes |
 | <a name="input_resource_groups"></a> [resource\_groups](#input\_resource\_groups) | Object describing resource groups to create or reference | <pre>list(<br>    object({<br>      name       = string<br>      create     = optional(bool)<br>      use_prefix = optional(bool)<br>    })<br>  )</pre> | n/a | yes |
-| <a name="input_secrets_manager"></a> [secrets\_manager](#input\_secrets\_manager) | Map describing an optional secrets manager deployment | <pre>object({<br>    use_secrets_manager = bool<br>    name                = optional(string)<br>    kms_key_name        = optional(string)<br>    resource_group      = optional(string)<br>    access_tags         = optional(list(string), [])<br>  })</pre> | <pre>{<br>  "use_secrets_manager": false<br>}</pre> | no |
 | <a name="input_security_groups"></a> [security\_groups](#input\_security\_groups) | Security groups for VPC | <pre>list(<br>    object({<br>      name           = string<br>      vpc_name       = string<br>      resource_group = optional(string)<br>      access_tags    = optional(list(string), [])<br>      rules = list(<br>        object({<br>          name      = string<br>          direction = string<br>          source    = string<br>          tcp = optional(<br>            object({<br>              port_max = number<br>              port_min = number<br>            })<br>          )<br>          udp = optional(<br>            object({<br>              port_max = number<br>              port_min = number<br>            })<br>          )<br>          icmp = optional(<br>            object({<br>              type = number<br>              code = number<br>            })<br>          )<br>        })<br>      )<br>    })<br>  )</pre> | `[]` | no |
 | <a name="input_service_endpoints"></a> [service\_endpoints](#input\_service\_endpoints) | Service endpoints. Can be `public`, `private`, or `public-and-private` | `string` | `"private"` | no |
 | <a name="input_ssh_keys"></a> [ssh\_keys](#input\_ssh\_keys) | SSH keys to use to provision a VSI. Must be an RSA key with a key size of either 2048 bits or 4096 bits (recommended). If `public_key` is not provided, the named key will be looked up from data. If a resource group name is added, it must be included in `var.resource_groups`. See https://cloud.ibm.com/docs/vpc?topic=vpc-ssh-keys. | <pre>list(<br>    object({<br>      name           = string<br>      public_key     = optional(string)<br>      resource_group = optional(string)<br>    })<br>  )</pre> | n/a | yes |
@@ -966,7 +963,6 @@ module "cluster_pattern" {
 | <a name="output_placement_groups"></a> [placement\_groups](#output\_placement\_groups) | List of placement groups. |
 | <a name="output_resource_group_data"></a> [resource\_group\_data](#output\_resource\_group\_data) | List of resource groups data used within landing zone. |
 | <a name="output_resource_group_names"></a> [resource\_group\_names](#output\_resource\_group\_names) | List of resource groups names used within landing zone. |
-| <a name="output_secrets_manager_data"></a> [secrets\_manager\_data](#output\_secrets\_manager\_data) | Secrets manager instance |
 | <a name="output_security_group_data"></a> [security\_group\_data](#output\_security\_group\_data) | List of security group data |
 | <a name="output_security_group_names"></a> [security\_group\_names](#output\_security\_group\_names) | List of security group names |
 | <a name="output_service_authorization_data"></a> [service\_authorization\_data](#output\_service\_authorization\_data) | List of service authorization data |

dynamic_values.tf

@@ -30,7 +30,6 @@ module "dynamic_values" {
   teleport_domain           = tostring(var.teleport_config_data.domain)
   f5_vsi                    = var.f5_vsi
   f5_template_data          = var.f5_template_data
-  secrets_manager           = var.secrets_manager
   add_kms_block_storage_s2s = var.add_kms_block_storage_s2s
   atracker_cos_bucket       = var.atracker.add_route == true ? var.atracker.collector_bucket_name : null
 }

dynamic_values/config_modules/service_authorizations/service_authorizations.tf

@@ -18,10 +18,6 @@ variable "cos" {
   description = "COS variable"
 }
 
-variable "secrets_manager" {
-  description = "Secrets Manager config"
-}
-
 variable "add_kms_block_storage_s2s" {
   description = "Add kms to block storage s2s"
 }
@@ -93,22 +89,6 @@ module "flow_logs_to_cos" {
   ]
 }
 
-module "secrets_manager_to_cos" {
-  source = "../list_to_map"
-  list = [
-    for instance in(var.secrets_manager.use_secrets_manager ? ["secrets-manager-to-kms"] : []) :
-    {
-      name                        = instance
-      source_service_name         = "secrets-manager"
-      source_resource_group_id    = var.secrets_manager.resource_group
-      description                 = "Allow secrets manager to read from Key Management"
-      roles                       = ["Reader"]
-      target_service_name         = local.target_key_management_service
-      target_resource_instance_id = var.key_management_guid
-    } if local.target_key_management_service != null
-  ]
-}
-
 ##############################################################################
 
 ##############################################################################
@@ -150,7 +130,6 @@ output "authorizations" {
     module.kms_to_block_storage.value,
     module.cos_to_key_management.value,
     module.flow_logs_to_cos.value,
-    module.secrets_manager_to_cos.value,
     module.atracker_to_cos.value
   )
 }

dynamic_values/service_authorizations.tf

@@ -8,7 +8,6 @@ module "service_authorizations" {
   key_management_guid       = var.key_management_guid
   cos                       = var.cos
   cos_instance_ids          = local.cos_instance_ids
-  secrets_manager           = var.secrets_manager
   add_kms_block_storage_s2s = var.add_kms_block_storage_s2s
   atracker_cos_bucket       = var.atracker_cos_bucket
 }

dynamic_values/variables.tf

@@ -186,16 +186,6 @@ variable "f5_template_data" {
 
 ##############################################################################
 
-##############################################################################
-# Secrets Manager Variables
-##############################################################################
-
-variable "secrets_manager" {
-  description = "Direct reference to secrets manager variable"
-}
-
-##############################################################################
-
 ##############################################################################
 # Service Authorization Variables
 ##############################################################################

examples/one-vpc-one-vsi/override.json

@@ -94,13 +94,6 @@
         "use_prefix": true
       }
     ],
-    "secrets_manager": {
-      "access_tags": [],
-      "kms_key_name": null,
-      "name": null,
-      "resource_group": null,
-      "use_secrets_manager": false
-    },
     "network_cidr": "10.0.0.0/8",
     "vpcs": [
       {

examples/override-example/override.json

@@ -168,13 +168,6 @@
         "use_prefix": true
       }
     ],
-    "secrets_manager": {
-      "access_tags": [],
-      "kms_key_name": null,
-      "name": null,
-      "resource_group": null,
-      "use_secrets_manager": false
-    },
     "network_cidr": "10.0.0.0/8",
     "vpcs": [
       {

ibm_catalog.json

@@ -265,10 +265,6 @@
               "hidden": true,
               "key": "tgstandby_url"
             },
-            {
-              "key": "create_secrets_manager",
-              "hidden": true
-            },
             {
               "hidden": true,
               "key": "f5_image_name"
@@ -849,10 +845,6 @@
               "key": "teleport_admin_email",
               "hidden": true
             },
-            {
-              "key": "create_secrets_manager",
-              "hidden": true
-            },
             {
               "key": "override",
               "hidden": true
@@ -1212,10 +1204,7 @@
               "hidden": true,
               "key": "use_existing_appid"
             },
-            {
-              "key": "create_secrets_manager",
-              "hidden": true
-            },
+
             {
               "hidden": true,
               "key": "teleport_version"

outputs.tf

@@ -253,16 +253,6 @@ output "resource_group_data" {
   value       = local.resource_groups
 }
 
-##############################################################################
-
-##############################################################################
-# Secrets Manager Outputs
-##############################################################################
-
-output "secrets_manager_data" {
-  description = "Secrets manager instance"
-  value       = var.secrets_manager.use_secrets_manager ? ibm_resource_instance.secrets_manager[0] : null
-}
 
 ##############################################################################
 

patterns/mixed/config.tf

@@ -239,19 +239,6 @@ locals {
 
     ##############################################################################
 
-    ##############################################################################
-    # Secrets Manager Config
-    ##############################################################################
-
-    secrets_manager = {
-      use_secrets_manager = var.create_secrets_manager
-      name                = var.create_secrets_manager ? "${var.prefix}-secrets-manager" : null
-      resource_group      = var.create_secrets_manager ? "${var.prefix}-service-rg" : null
-      kms_key_name        = var.create_secrets_manager ? "${var.prefix}-slz-key" : null
-    }
-
-    ##############################################################################
-
     ##############################################################################
     # Teleport Config Data
     ##############################################################################
@@ -306,7 +293,6 @@ locals {
     iam_account_settings           = lookup(local.override[local.override_type], "iam_account_settings", local.config.iam_account_settings)
     access_groups                  = lookup(local.override[local.override_type], "access_groups", local.config.access_groups)
     appid                          = lookup(local.override[local.override_type], "appid", local.config.appid)
-    secrets_manager                = lookup(local.override[local.override_type], "secrets_manager", local.config.secrets_manager)
     f5_vsi                         = lookup(local.override[local.override_type], "f5_vsi", local.config.f5_deployments)
     f5_template_data = {
       tmos_admin_password     = lookup(local.override[local.override_type], "f5_template_data", null) == null ? var.tmos_admin_password : lookup(local.override[local.override_type].f5_template_data, "tmos_admin_password", var.tmos_admin_password)