fix: review of module

README.md

@@ -930,7 +930,7 @@ module "cluster_pattern" {
 | <a name="input_service_endpoints"></a> [service\_endpoints](#input\_service\_endpoints) | Service endpoints for the App ID resource when created by the module. Can be `public`, `private`, or `public-and-private` | `string` | `"public-and-private"` | no |
 | <a name="input_skip_all_s2s_auth_policies"></a> [skip\_all\_s2s\_auth\_policies](#input\_skip\_all\_s2s\_auth\_policies) | Whether to skip the creation of all of the service-to-service authorization policies. If setting to true, policies must be in place on the account before provisioning. | `bool` | `false` | no |
 | <a name="input_skip_kms_block_storage_s2s_auth_policy"></a> [skip\_kms\_block\_storage\_s2s\_auth\_policy](#input\_skip\_kms\_block\_storage\_s2s\_auth\_policy) | Whether to skip the creation of a service-to-service authorization policy between block storage and the key management service. | `bool` | `false` | no |
-| <a name="input_skip_kms_kube_s2s_auth_policy"></a> [skip\_kms\_kube\_s2s\_auth\_policy](#input\_skip\_kms\_kube\_s2s\_auth\_policy) | Whether to skip the creation of a service-to-serivce authorization policy between kubernetes and the key management service. | `bool` | `false` | no |
+| <a name="input_skip_kms_kube_s2s_auth_policy"></a> [skip\_kms\_kube\_s2s\_auth\_policy](#input\_skip\_kms\_kube\_s2s\_auth\_policy) | Whether to skip the creation of a service-to-service authorization policy between kubernetes and the key management service. | `bool` | `false` | no |
 | <a name="input_ssh_keys"></a> [ssh\_keys](#input\_ssh\_keys) | SSH keys to use to provision a VSI. Must be an RSA key with a key size of either 2048 bits or 4096 bits (recommended). If `public_key` is not provided, the named key will be looked up from data. If a resource group name is added, it must be included in `var.resource_groups`. See https://cloud.ibm.com/docs/vpc?topic=vpc-ssh-keys. | <pre>list(<br/>    object({<br/>      name           = string<br/>      public_key     = optional(string)<br/>      resource_group = optional(string)<br/>    })<br/>  )</pre> | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | List of resource tags to apply to resources created by this module. | `list(string)` | `[]` | no |
 | <a name="input_teleport_config_data"></a> [teleport\_config\_data](#input\_teleport\_config\_data) | Teleport config data. This is used to create a single template for all teleport instances to use. Creating a single template allows for values to remain sensitive | <pre>object({<br/>    teleport_license   = optional(string)<br/>    https_cert         = optional(string)<br/>    https_key          = optional(string)<br/>    domain             = optional(string)<br/>    cos_bucket_name    = optional(string)<br/>    cos_key_name       = optional(string)<br/>    teleport_version   = optional(string)<br/>    message_of_the_day = optional(string)<br/>    hostname           = optional(string)<br/>    app_id_key_name    = optional(string)<br/>    claims_to_roles = optional(<br/>      list(<br/>        object({<br/>          email = string<br/>          roles = list(string)<br/>        })<br/>      )<br/>    )<br/>  })</pre> | `null` | no |
@@ -957,7 +957,7 @@ module "cluster_pattern" {
 | <a name="output_bastion_host_names"></a> [bastion\_host\_names](#output\_bastion\_host\_names) | List of bastion host names |
 | <a name="output_cluster_data"></a> [cluster\_data](#output\_cluster\_data) | List of cluster data |
 | <a name="output_cluster_names"></a> [cluster\_names](#output\_cluster\_names) | List of create cluster names |
-| <a name="output_cos_bucket_data"></a> [cos\_bucket\_data](#output\_cos\_bucket\_data) | List of data for COS buckets creaed |
+| <a name="output_cos_bucket_data"></a> [cos\_bucket\_data](#output\_cos\_bucket\_data) | List of data for COS buckets created |
 | <a name="output_cos_bucket_names"></a> [cos\_bucket\_names](#output\_cos\_bucket\_names) | List of names for COS buckets created |
 | <a name="output_cos_data"></a> [cos\_data](#output\_cos\_data) | List of Cloud Object Storage instance data |
 | <a name="output_cos_key_credentials_map"></a> [cos\_key\_credentials\_map](#output\_cos\_key\_credentials\_map) | Map of resource key credentials created for COS instances, organized by the key name supplied in the `cos.keys[]` input variable. Contains sensitive output including API keys and HMAC credentials. |

cluster.tf

@@ -195,7 +195,7 @@ locals {
     )
   }
 
-  # for each cluster in the clusters_map, get the addons and their versions and create an addons map including the corosponding csi_driver_version
+  # for each cluster in the clusters_map, get the addons and their versions and create an addons map including the corresponding csi_driver_version
   cluster_addons = {
     for cluster in local.clusters_map : "${var.prefix}-${cluster.name}" => {
       id                = ibm_container_vpc_cluster.cluster["${var.prefix}-${cluster.name}"].id

dynamic_values/config_modules/service_authorizations/service_authorizations.tf

@@ -88,7 +88,7 @@ locals {
   target_key_management_service = lookup(var.key_management, "name", null) != null ? lookup(var.key_management, "use_hs_crypto", false) == true ? "hs-crypto" : "kms" : null
 
   # create a list of keys used for all buckets, since we are going to scope the auth policy to keys.
-  # doing this in a local first becase it needs a distinct to get rid of duplicates from same keys used
+  # doing this in a local first because it needs a distinct to get rid of duplicates from same keys used
   # on multiple buckets, and a distinct on the final map may error in terraform for_each before first apply.
   cos_bucket_key_list_distinct = distinct(
     flatten([

dynamic_values/unit_tests.tf

@@ -82,7 +82,7 @@ module "ut_nest_to_map" {
 
 locals {
   actual_netested_map    = module.ut_nest_to_map.value
-  assert_2_childen       = regex("child-1;child-2", join(";", keys(local.actual_netested_map)))
+  assert_2_children      = regex("child-1;child-2", join(";", keys(local.actual_netested_map)))
   assert_children_groups = regex("ut-parent-name", local.actual_netested_map["child-1"].group)
   assert_children_test   = regex("test-field", local.actual_netested_map["child-2"].test)
 }
@@ -137,7 +137,7 @@ module "ut_nest_to_map_prepend" {
 locals {
   actual_add_prefix_netested_map    = module.ut_nest_to_map_prepend.value
   prefix_join                       = join(";", keys(local.actual_add_prefix_netested_map))
-  assert_add_prefix_2_childen       = regex("parent-name-child-1;parent-name-child-2", local.prefix_join)
+  assert_add_prefix_2_children      = regex("parent-name-child-1;parent-name-child-2", local.prefix_join)
   assert_add_prefix_children_groups = regex("ut-parent-name", local.actual_add_prefix_netested_map["parent-name-child-1"].group)
   assert_add_prefix_children_test   = regex("test-field", local.actual_add_prefix_netested_map["parent-name-child-2"].test)
   assert_child_2_has_parameters     = regex("true", local.actual_add_prefix_netested_map["parent-name-child-2"].parameters.HMAC)

ibm_catalog.json

@@ -233,7 +233,8 @@
             },
             {
               "key": "ssh_public_key",
-              "required": true
+              "required": true,
+              "default_value": "__NOT_SET__"
             },
             {
               "key": "ibmcloud_api_key"
@@ -242,7 +243,8 @@
               "key": "prefix"
             },
             {
-              "key": "existing_ssh_key_name"
+              "key": "existing_ssh_key_name",
+              "default_value": "__NOT_SET__"
             },
             {
               "key": "tags",
@@ -270,10 +272,12 @@
               "key": "add_atracker_route"
             },
             {
-              "key": "hs_crypto_instance_name"
+              "key": "hs_crypto_instance_name",
+              "default_value": "__NOT_SET__"
             },
             {
-              "key": "hs_crypto_resource_group"
+              "key": "hs_crypto_resource_group",
+              "default_value": "__NOT_SET__"
             },
             {
               "key": "use_random_cos_suffix"
@@ -500,7 +504,8 @@
               "key": "IC_SCHEMATICS_WORKSPACE_ID"
             },
             {
-              "key": "existing_vpc_cbr_zone_id"
+              "key": "existing_vpc_cbr_zone_id",
+              "default_value": "__NOT_SET__"
             }
           ],
           "iam_permissions": [
@@ -638,7 +643,8 @@
           "configuration": [
             {
               "key": "ssh_public_key",
-              "required": true
+              "required": true,
+              "default_value": "__NOT_SET__"
             },
             {
               "custom_config": {
@@ -650,7 +656,8 @@
                 "type": "vpc_region"
               },
               "key": "region",
-              "required": true
+              "required": true,
+              "default_value": "__NOT_SET__"
             },
             {
               "key": "ibmcloud_api_key"
@@ -662,7 +669,8 @@
               "key": "vpc_id"
             },
             {
-              "key": "existing_ssh_key_name"
+              "key": "existing_ssh_key_name",
+              "default_value": "__NOT_SET__"
             },
             {
               "key": "resource_tags",
@@ -894,10 +902,12 @@
               "key": "add_atracker_route"
             },
             {
-              "key": "hs_crypto_instance_name"
+              "key": "hs_crypto_instance_name",
+              "default_value": "__NOT_SET__"
             },
             {
-              "key": "hs_crypto_resource_group"
+              "key": "hs_crypto_resource_group",
+              "default_value": "__NOT_SET__"
             },
             {
               "key": "use_random_cos_suffix"
@@ -920,7 +930,8 @@
             },
             {
               "key": "ssh_public_key",
-              "hidden": true
+              "hidden": true,
+              "default_value": "__NOT_SET__"
             },
             {
               "key": "f5_image_name",
@@ -1104,7 +1115,8 @@
               "key": "IC_SCHEMATICS_WORKSPACE_ID"
             },
             {
-              "key": "existing_vpc_cbr_zone_id"
+              "key": "existing_vpc_cbr_zone_id",
+              "default_value": "__NOT_SET__"
             }
           ],
           "iam_permissions": [
@@ -1168,7 +1180,7 @@
                   "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vpc.drawio.svg",
                   "type": "image/svg+xml"
                 },
-                "description": "This deployable architecture deploys a simple Virtual Private Cloud (VPC) infrastructure without any compute resources. You can use this architecture as a base on which to deploy compute resources. This variation uses two Virtual Private Clouds (VPC) - a Management VPC and a Workload VPC - to manage the environment and the deployed workload. Each VPC is a multi-zoned, multi-subnet implementation that keeps your workloads secure. A transit gateway connects the VPCs to each other and Virtual Private Endpoints are used connect to IBM Cloud services.<br><br> This variation integrates <b>key mangement services</b> to enhance security. It also leverages <b>Activity Tracker and Flow Logs</b> to collect and store Internet Protocol (IP) traffic information.<br><br> It securely connects to multiple networks with a <b>site-to-site</b> virtual private network and uses an <b>edge VPC</b> for secure access through the public internet . It configures <b>CBR (Context-based restrictions)</b> rules to allow traffic to flow only from the landing zone VPCs to specific cloud services. <br><br>This deployable architecture simplifies risk management and demonstrates regulatory compliance with Financial Services."
+                "description": "This deployable architecture deploys a simple Virtual Private Cloud (VPC) infrastructure without any compute resources. You can use this architecture as a base on which to deploy compute resources. This variation uses two Virtual Private Clouds (VPC) - a Management VPC and a Workload VPC - to manage the environment and the deployed workload. Each VPC is a multi-zoned, multi-subnet implementation that keeps your workloads secure. A transit gateway connects the VPCs to each other and Virtual Private Endpoints are used connect to IBM Cloud services.<br><br> This variation integrates <b>key management services</b> to enhance security. It also leverages <b>Activity Tracker and Flow Logs</b> to collect and store Internet Protocol (IP) traffic information.<br><br> It securely connects to multiple networks with a <b>site-to-site</b> virtual private network and uses an <b>edge VPC</b> for secure access through the public internet . It configures <b>CBR (Context-based restrictions)</b> rules to allow traffic to flow only from the landing zone VPCs to specific cloud services. <br><br>This deployable architecture simplifies risk management and demonstrates regulatory compliance with Financial Services."
               }
             ]
           },
@@ -1311,6 +1323,7 @@
             {
               "key": "flavor",
               "required": true,
+              "default_value": "__NOT_SET__",
               "options": [
                 {
                   "displayname": "bx2.16x64",
@@ -1618,6 +1631,7 @@
             {
               "key": "flavor",
               "required": true,
+              "default_value": "__NOT_SET__",
               "options": [
                 {
                   "displayname": "bx2.16x64",
@@ -1832,10 +1846,12 @@
               "key": "add_atracker_route"
             },
             {
-              "key": "hs_crypto_instance_name"
+              "key": "hs_crypto_instance_name",
+              "default_value": "__NOT_SET__"
             },
             {
-              "key": "hs_crypto_resource_group"
+              "key": "hs_crypto_resource_group",
+              "default_value": "__NOT_SET__"
             },
             {
               "key": "existing_kms_instance_name"
@@ -1921,11 +1937,13 @@
             },
             {
               "hidden": true,
-              "key": "ssh_public_key"
+              "key": "ssh_public_key",
+              "default_value": "__NOT_SET__"
             },
             {
               "hidden": true,
-              "key": "existing_ssh_key_name"
+              "key": "existing_ssh_key_name",
+              "default_value": "__NOT_SET__"
             },
             {
               "hidden": true,
@@ -2110,7 +2128,8 @@
               "key": "IC_SCHEMATICS_WORKSPACE_ID"
             },
             {
-              "key": "existing_vpc_cbr_zone_id"
+              "key": "existing_vpc_cbr_zone_id",
+              "default_value": "__NOT_SET__"
             }
           ],
           "iam_permissions": [

outputs.tf

@@ -171,7 +171,7 @@ output "cos_bucket_names" {
 }
 
 output "cos_bucket_data" {
-  description = "List of data for COS buckets creaed"
+  description = "List of data for COS buckets created"
   value = [
     for instance in ibm_cos_bucket.buckets :
     instance

patterns/dynamic_values/config_modules/bastion_vsi/bastion_vsi.tf

@@ -51,7 +51,7 @@ variable "teleport_instance_profile" {
 }
 
 variable "teleport_vsi_image_name" {
-  description = "Teleport VSI image name. Use the IBM Cloud CLI command `ibmcloud is images` to see availabled images."
+  description = "Teleport VSI image name. Use the IBM Cloud CLI command `ibmcloud is images` to see available images."
   type        = string
 }
 

patterns/dynamic_values/config_modules/f5_tiers/f5_tiers.tf

@@ -44,7 +44,7 @@ variable "provision_teleport_in_f5" {
 locals {
   # Bastion if provisioning teleport in f5, otherwise empty array
   bastion_subnet_tiers = var.provision_teleport_in_f5 == true ? ["bastion"] : []
-  # List of network tiers, if firewall type is null empty, otherwsie list of tiers
+  # List of network tiers, if firewall type is null empty, otherwise list of tiers
   f5_network_tiers = var.vpn_firewall_type == null ? [] : var.vpn_firewall_types[var.vpn_firewall_type]
   vpn_tiers        = var.vpn_firewall_type == "waf" || var.vpn_firewall_type == null ? [] : ["vpn-1", "vpn-2"]
 }

patterns/dynamic_values/config_modules/vpc/subnet_cidr.tf

@@ -1,5 +1,5 @@
 ##############################################################################
-# [Unit Test] F5 on Managment
+# [Unit Test] F5 on Management
 ##############################################################################
 
 module "ut_f5_on_management_cidr" {

patterns/dynamic_values/variables.tf

@@ -15,6 +15,7 @@ variable "prefix" {
 variable "region" {
   description = "Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions."
   type        = string
+  default     = "us-south"
 }
 
 ##############################################################################
@@ -302,7 +303,7 @@ variable "teleport_instance_profile" {
 }
 
 variable "teleport_vsi_image_name" {
-  description = "Teleport VSI image name. Use the IBM Cloud CLI command `ibmcloud is images` to see availabled images."
+  description = "Teleport VSI image name. Use the IBM Cloud CLI command `ibmcloud is images` to see available images."
   type        = string
 }