terraform-ibm-modules · toddgiguere · Sep 30, 2025 · Sep 11, 2025 · Sep 11, 2025 · Sep 11, 2025
@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-12-16T18:26:42Z",
+  "generated_at": "2023-12-16T18:26:41Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

@@ -930,7 +930,7 @@ module "cluster_pattern" {
 | <a name="input_service_endpoints"></a> [service\_endpoints](#input\_service\_endpoints) | Service endpoints for the App ID resource when created by the module. Can be `public`, `private`, or `public-and-private` | `string` | `"public-and-private"` | no |
 | <a name="input_skip_all_s2s_auth_policies"></a> [skip\_all\_s2s\_auth\_policies](#input\_skip\_all\_s2s\_auth\_policies) | Whether to skip the creation of all of the service-to-service authorization policies. If setting to true, policies must be in place on the account before provisioning. | `bool` | `false` | no |
 | <a name="input_skip_kms_block_storage_s2s_auth_policy"></a> [skip\_kms\_block\_storage\_s2s\_auth\_policy](#input\_skip\_kms\_block\_storage\_s2s\_auth\_policy) | Whether to skip the creation of a service-to-service authorization policy between block storage and the key management service. | `bool` | `false` | no |
-| <a name="input_skip_kms_kube_s2s_auth_policy"></a> [skip\_kms\_kube\_s2s\_auth\_policy](#input\_skip\_kms\_kube\_s2s\_auth\_policy) | Whether to skip the creation of a service-to-serivce authorization policy between kubernetes and the key management service. | `bool` | `false` | no |
+| <a name="input_skip_kms_kube_s2s_auth_policy"></a> [skip\_kms\_kube\_s2s\_auth\_policy](#input\_skip\_kms\_kube\_s2s\_auth\_policy) | Whether to skip the creation of a service-to-service authorization policy between kubernetes and the key management service. | `bool` | `false` | no |
 | <a name="input_ssh_keys"></a> [ssh\_keys](#input\_ssh\_keys) | SSH keys to use to provision a VSI. Must be an RSA key with a key size of either 2048 bits or 4096 bits (recommended). If `public_key` is not provided, the named key will be looked up from data. If a resource group name is added, it must be included in `var.resource_groups`. See https://cloud.ibm.com/docs/vpc?topic=vpc-ssh-keys. | <pre>list(<br/>    object({<br/>      name           = string<br/>      public_key     = optional(string)<br/>      resource_group = optional(string)<br/>    })<br/>  )</pre> | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | List of resource tags to apply to resources created by this module. | `list(string)` | `[]` | no |
 | <a name="input_teleport_config_data"></a> [teleport\_config\_data](#input\_teleport\_config\_data) | Teleport config data. This is used to create a single template for all teleport instances to use. Creating a single template allows for values to remain sensitive | <pre>object({<br/>    teleport_license   = optional(string)<br/>    https_cert         = optional(string)<br/>    https_key          = optional(string)<br/>    domain             = optional(string)<br/>    cos_bucket_name    = optional(string)<br/>    cos_key_name       = optional(string)<br/>    teleport_version   = optional(string)<br/>    message_of_the_day = optional(string)<br/>    hostname           = optional(string)<br/>    app_id_key_name    = optional(string)<br/>    claims_to_roles = optional(<br/>      list(<br/>        object({<br/>          email = string<br/>          roles = list(string)<br/>        })<br/>      )<br/>    )<br/>  })</pre> | `null` | no |
@@ -957,7 +957,7 @@ module "cluster_pattern" {
 | <a name="output_bastion_host_names"></a> [bastion\_host\_names](#output\_bastion\_host\_names) | List of bastion host names |
 | <a name="output_cluster_data"></a> [cluster\_data](#output\_cluster\_data) | List of cluster data |
 | <a name="output_cluster_names"></a> [cluster\_names](#output\_cluster\_names) | List of create cluster names |
-| <a name="output_cos_bucket_data"></a> [cos\_bucket\_data](#output\_cos\_bucket\_data) | List of data for COS buckets creaed |
+| <a name="output_cos_bucket_data"></a> [cos\_bucket\_data](#output\_cos\_bucket\_data) | List of data for COS buckets created |
 | <a name="output_cos_bucket_names"></a> [cos\_bucket\_names](#output\_cos\_bucket\_names) | List of names for COS buckets created |
 | <a name="output_cos_data"></a> [cos\_data](#output\_cos\_data) | List of Cloud Object Storage instance data |
 | <a name="output_cos_key_credentials_map"></a> [cos\_key\_credentials\_map](#output\_cos\_key\_credentials\_map) | Map of resource key credentials created for COS instances, organized by the key name supplied in the `cos.keys[]` input variable. Contains sensitive output including API keys and HMAC credentials. |

@@ -195,7 +195,7 @@ locals {
     )
   }
 
-  # for each cluster in the clusters_map, get the addons and their versions and create an addons map including the corosponding csi_driver_version
+  # for each cluster in the clusters_map, get the addons and their versions and create an addons map including the corresponding csi_driver_version
   cluster_addons = {
     for cluster in local.clusters_map : "${var.prefix}-${cluster.name}" => {
       id                = ibm_container_vpc_cluster.cluster["${var.prefix}-${cluster.name}"].id

@@ -88,7 +88,7 @@ locals {
   target_key_management_service = lookup(var.key_management, "name", null) != null ? lookup(var.key_management, "use_hs_crypto", false) == true ? "hs-crypto" : "kms" : null
 
   # create a list of keys used for all buckets, since we are going to scope the auth policy to keys.
-  # doing this in a local first becase it needs a distinct to get rid of duplicates from same keys used
+  # doing this in a local first because it needs a distinct to get rid of duplicates from same keys used
   # on multiple buckets, and a distinct on the final map may error in terraform for_each before first apply.
   cos_bucket_key_list_distinct = distinct(
     flatten([

@@ -82,7 +82,7 @@ module "ut_nest_to_map" {
 
 locals {
   actual_netested_map    = module.ut_nest_to_map.value
-  assert_2_childen       = regex("child-1;child-2", join(";", keys(local.actual_netested_map)))
+  assert_2_children      = regex("child-1;child-2", join(";", keys(local.actual_netested_map)))
   assert_children_groups = regex("ut-parent-name", local.actual_netested_map["child-1"].group)
   assert_children_test   = regex("test-field", local.actual_netested_map["child-2"].test)
 }
@@ -137,7 +137,7 @@ module "ut_nest_to_map_prepend" {
 locals {
   actual_add_prefix_netested_map    = module.ut_nest_to_map_prepend.value
   prefix_join                       = join(";", keys(local.actual_add_prefix_netested_map))
-  assert_add_prefix_2_childen       = regex("parent-name-child-1;parent-name-child-2", local.prefix_join)
+  assert_add_prefix_2_children      = regex("parent-name-child-1;parent-name-child-2", local.prefix_join)
   assert_add_prefix_children_groups = regex("ut-parent-name", local.actual_add_prefix_netested_map["parent-name-child-1"].group)
   assert_add_prefix_children_test   = regex("test-field", local.actual_add_prefix_netested_map["parent-name-child-2"].test)
   assert_child_2_has_parameters     = regex("true", local.actual_add_prefix_netested_map["parent-name-child-2"].parameters.HMAC)

@@ -1161,7 +1161,7 @@
                   "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vpc.drawio.svg",
                   "type": "image/svg+xml"
                 },
-                "description": "This deployable architecture deploys a simple Virtual Private Cloud (VPC) infrastructure without any compute resources. You can use this architecture as a base on which to deploy compute resources. This variation uses two Virtual Private Clouds (VPC) - a Management VPC and a Workload VPC - to manage the environment and the deployed workload. Each VPC is a multi-zoned, multi-subnet implementation that keeps your workloads secure. A transit gateway connects the VPCs to each other and Virtual Private Endpoints are used connect to IBM Cloud services.<br><br> This variation integrates <b>key mangement services</b> to enhance security. It also leverages <b>Activity Tracker and Flow Logs</b> to collect and store Internet Protocol (IP) traffic information.<br><br> It securely connects to multiple networks with a <b>site-to-site</b> virtual private network and uses an <b>edge VPC</b> for secure access through the public internet . It configures <b>CBR (Context-based restrictions)</b> rules to allow traffic to flow only from the landing zone VPCs to specific cloud services. <br><br>This deployable architecture simplifies risk management and demonstrates regulatory compliance with Financial Services."
+                "description": "This deployable architecture deploys a simple Virtual Private Cloud (VPC) infrastructure without any compute resources. You can use this architecture as a base on which to deploy compute resources. This variation uses two Virtual Private Clouds (VPC) - a Management VPC and a Workload VPC - to manage the environment and the deployed workload. Each VPC is a multi-zoned, multi-subnet implementation that keeps your workloads secure. A transit gateway connects the VPCs to each other and Virtual Private Endpoints are used connect to IBM Cloud services.<br><br> This variation integrates <b>key management services</b> to enhance security. It also leverages <b>Activity Tracker and Flow Logs</b> to collect and store Internet Protocol (IP) traffic information.<br><br> It securely connects to multiple networks with a <b>site-to-site</b> virtual private network and uses an <b>edge VPC</b> for secure access through the public internet . It configures <b>CBR (Context-based restrictions)</b> rules to allow traffic to flow only from the landing zone VPCs to specific cloud services. <br><br>This deployable architecture simplifies risk management and demonstrates regulatory compliance with Financial Services."
               }
             ]
           },

@@ -171,7 +171,7 @@ output "cos_bucket_names" {
 }
 
 output "cos_bucket_data" {
-  description = "List of data for COS buckets creaed"
+  description = "List of data for COS buckets created"
   value = [
     for instance in ibm_cos_bucket.buckets :
     instance

@@ -51,7 +51,7 @@ variable "teleport_instance_profile" {
 }
 
 variable "teleport_vsi_image_name" {
-  description = "Teleport VSI image name. Use the IBM Cloud CLI command `ibmcloud is images` to see availabled images."
+  description = "Teleport VSI image name. Use the IBM Cloud CLI command `ibmcloud is images` to see available images."
   type        = string
 }
 

@@ -44,7 +44,7 @@ variable "provision_teleport_in_f5" {
 locals {
   # Bastion if provisioning teleport in f5, otherwise empty array
   bastion_subnet_tiers = var.provision_teleport_in_f5 == true ? ["bastion"] : []
-  # List of network tiers, if firewall type is null empty, otherwsie list of tiers
+  # List of network tiers, if firewall type is null empty, otherwise list of tiers
   f5_network_tiers = var.vpn_firewall_type == null ? [] : var.vpn_firewall_types[var.vpn_firewall_type]
   vpn_tiers        = var.vpn_firewall_type == "waf" || var.vpn_firewall_type == null ? [] : ["vpn-1", "vpn-2"]
 }

@@ -1,5 +1,5 @@
 ##############################################################################
-# [Unit Test] F5 on Managment
+# [Unit Test] F5 on Management
 ##############################################################################
 
 module "ut_f5_on_management_cidr" {

@@ -15,6 +15,7 @@ variable "prefix" {
 variable "region" {
   description = "Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions."
   type        = string
+  default     = "us-south"
 }
 
 ##############################################################################
@@ -302,7 +303,7 @@ variable "teleport_instance_profile" {
 }
 
 variable "teleport_vsi_image_name" {
-  description = "Teleport VSI image name. Use the IBM Cloud CLI command `ibmcloud is images` to see availabled images."
+  description = "Teleport VSI image name. Use the IBM Cloud CLI command `ibmcloud is images` to see available images."
   type        = string
 }