feat: required helm provider version updated to >= 3.0.0, <4.0.0<br>- logs agent version updated to 1.6.2 (#159)

Author: Aashiq-J

README.md

@@ -92,7 +92,7 @@ You need the following permissions to run this module.
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.15.0, <3.0.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 3.0.0, <4.0.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.80.2, <2.0.0 |
 
 ### Modules
@@ -124,14 +124,14 @@ No modules.
 | <a name="input_logs_agent_additional_metadata"></a> [logs\_agent\_additional\_metadata](#input\_logs\_agent\_additional\_metadata) | The list of additional metadata fields to add to the routed logs. | <pre>list(object({<br/>    key   = optional(string)<br/>    value = optional(string)<br/>  }))</pre> | `[]` | no |
 | <a name="input_logs_agent_chart"></a> [logs\_agent\_chart](#input\_logs\_agent\_chart) | The name of the Helm chart to deploy. | `string` | `"logs-agent-helm"` | no |
 | <a name="input_logs_agent_chart_location"></a> [logs\_agent\_chart\_location](#input\_logs\_agent\_chart\_location) | The location of the Logs agent helm chart. | `string` | `"oci://icr.io/ibm/observe"` | no |
-| <a name="input_logs_agent_chart_version"></a> [logs\_agent\_chart\_version](#input\_logs\_agent\_chart\_version) | The version of the Helm chart to deploy. | `string` | `"1.6.1"` | no |
+| <a name="input_logs_agent_chart_version"></a> [logs\_agent\_chart\_version](#input\_logs\_agent\_chart\_version) | The version of the Helm chart to deploy. | `string` | `"1.6.2"` | no |
 | <a name="input_logs_agent_enable_scc"></a> [logs\_agent\_enable\_scc](#input\_logs\_agent\_enable\_scc) | Whether to enable creation of Security Context Constraints in Openshift. When installing on an OpenShift cluster, this setting is mandatory to configure permissions for pods within your cluster. | `bool` | `true` | no |
 | <a name="input_logs_agent_exclude_log_source_paths"></a> [logs\_agent\_exclude\_log\_source\_paths](#input\_logs\_agent\_exclude\_log\_source\_paths) | The list of log sources to exclude. Specify the paths that the Logs agent ignores. | `list(string)` | `[]` | no |
 | <a name="input_logs_agent_iam_api_key"></a> [logs\_agent\_iam\_api\_key](#input\_logs\_agent\_iam\_api\_key) | The IBM Cloud API key for the Logs agent to authenticate and communicate with the IBM Cloud Logs. It is required if `logs_agent_iam_mode` is set to `IAMAPIKey`. | `string` | `null` | no |
 | <a name="input_logs_agent_iam_environment"></a> [logs\_agent\_iam\_environment](#input\_logs\_agent\_iam\_environment) | IAM authentication Environment: `Production` or `PrivateProduction` or `Staging` or `PrivateStaging`. `Production` specifies the public endpoint & `PrivateProduction` specifies the private endpoint. | `string` | `"PrivateProduction"` | no |
 | <a name="input_logs_agent_iam_mode"></a> [logs\_agent\_iam\_mode](#input\_logs\_agent\_iam\_mode) | IAM authentication mode: `TrustedProfile` or `IAMAPIKey`. | `string` | `"TrustedProfile"` | no |
-| <a name="input_logs_agent_image_version"></a> [logs\_agent\_image\_version](#input\_logs\_agent\_image\_version) | The version of the Logs agent image to deploy. | `string` | `"1.6.1@sha256:0265b85c698e74dfd9e21ad0332a430a3b398c4f0e590dad314c43b3cd796bce"` | no |
-| <a name="input_logs_agent_init_image_version"></a> [logs\_agent\_init\_image\_version](#input\_logs\_agent\_init\_image\_version) | The version of the Logs agent init container image to deploy. | `string` | `"1.6.1@sha256:d2c1bb5a97c0d8950d3dfee016cec4347a6cfa8a43123d9c2eecbdee70500f8b"` | no |
+| <a name="input_logs_agent_image_version"></a> [logs\_agent\_image\_version](#input\_logs\_agent\_image\_version) | The version of the Logs agent image to deploy. | `string` | `"1.6.2@sha256:dee214b548e063319f206c4c17e0015b57a9480031a89eb6125ce19a026bd116"` | no |
+| <a name="input_logs_agent_init_image_version"></a> [logs\_agent\_init\_image\_version](#input\_logs\_agent\_init\_image\_version) | The version of the Logs agent init container image to deploy. | `string` | `"1.6.2@sha256:d6f9964bbbe7c735b8e14a3496e30c403c067d3f729302eec6146626b117b515"` | no |
 | <a name="input_logs_agent_log_source_namespaces"></a> [logs\_agent\_log\_source\_namespaces](#input\_logs\_agent\_log\_source\_namespaces) | The list of namespaces from which logs should be forwarded by agent. If namespaces are not listed, logs from all namespaces will be sent. | `list(string)` | `[]` | no |
 | <a name="input_logs_agent_name"></a> [logs\_agent\_name](#input\_logs\_agent\_name) | The name of the Logs agent. The name is used in all Kubernetes and Helm resources in the cluster. | `string` | `"logs-agent"` | no |
 | <a name="input_logs_agent_namespace"></a> [logs\_agent\_namespace](#input\_logs\_agent\_namespace) | The namespace where the Logs agent is deployed. The default value is `ibm-observe`. | `string` | `"ibm-observe"` | no |

examples/logs-agent-iks/main.tf

@@ -129,7 +129,7 @@ resource "time_sleep" "wait_operators" {
 
 module "cloud_logs" {
   source            = "terraform-ibm-modules/cloud-logs/ibm"
-  version           = "1.6.4"
+  version           = "1.6.21"
   resource_group_id = module.resource_group.resource_group_id
   plan              = "standard"
   region            = var.region

examples/logs-agent-iks/provider.tf

@@ -4,17 +4,17 @@ provider "ibm" {
 }
 
 provider "helm" {
-  kubernetes {
+  kubernetes = {
     host                   = data.ibm_container_cluster_config.cluster_config.host
     token                  = data.ibm_container_cluster_config.cluster_config.token
     cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate
   }
   # IBM Cloud credentials are required to authenticate to the helm repo
-  registry {
+  registries = [{
     url      = "oci://icr.io/ibm/observe/logs-agent-helm"
     username = "iamapikey"
     password = var.ibmcloud_api_key
-  }
+  }]
 }
 
 provider "kubernetes" {

examples/logs-agent-iks/version.tf

@@ -10,7 +10,7 @@ terraform {
     }
     helm = {
       source  = "hashicorp/helm"
-      version = "2.15.0"
+      version = "3.0.2"
     }
     # The kubernetes provider is not actually required by the module itself, just this example, so OK to use ">=" here instead of locking into a version
     kubernetes = {

examples/logs-agent-ocp/main.tf

@@ -22,19 +22,21 @@ locals {
 
 module "trusted_profile" {
   source                      = "terraform-ibm-modules/trusted-profile/ibm"
-  version                     = "2.3.1"
+  version                     = "3.1.1"
   trusted_profile_name        = "${var.prefix}-profile"
   trusted_profile_description = "Logs agent Trusted Profile"
   # As a `Sender`, you can send logs to your IBM Cloud Logs service instance - but not query or tail logs. This role is meant to be used by agent and routers sending logs.
   trusted_profile_policies = [{
-    roles = ["Sender"]
+    roles             = ["Sender"]
+    unique_identifier = "logs-agent"
     resources = [{
       service = "logs"
     }]
   }]
   # Set up fine-grained authorization for `logs-agent` running in ROKS cluster in `ibm-observe` namespace.
   trusted_profile_links = [{
-    cr_type = "ROKS_SA"
+    cr_type           = "ROKS_SA"
+    unique_identifier = "logs-agent-link"
     links = [{
       crn       = module.ocp_base.cluster_crn
       namespace = local.logs_agent_namespace
@@ -104,7 +106,7 @@ locals {
 
 module "ocp_base" {
   source               = "terraform-ibm-modules/base-ocp-vpc/ibm"
-  version              = "3.54.5"
+  version              = "3.56.0"
   resource_group_id    = module.resource_group.resource_group_id
   region               = var.region
   tags                 = var.resource_tags
@@ -129,7 +131,7 @@ data "ibm_container_cluster_config" "cluster_config" {
 
 module "cloud_logs" {
   source            = "terraform-ibm-modules/cloud-logs/ibm"
-  version           = "1.6.4"
+  version           = "1.6.21"
   resource_group_id = module.resource_group.resource_group_id
   plan              = "standard"
   region            = var.region
@@ -145,7 +147,7 @@ data "ibm_is_security_groups" "vpc_security_groups" {
 # The below code creates a VPE for Cloud logs in the provisioned VPC which allows the agent to access the private Cloud Logs Ingress endpoint.
 module "vpe" {
   source   = "terraform-ibm-modules/vpe-gateway/ibm"
-  version  = "4.7.1"
+  version  = "4.7.6"
   region   = var.region
   prefix   = var.prefix
   vpc_id   = ibm_is_vpc.vpc.id

examples/logs-agent-ocp/provider.tf

@@ -4,17 +4,17 @@ provider "ibm" {
 }
 
 provider "helm" {
-  kubernetes {
+  kubernetes = {
     host                   = data.ibm_container_cluster_config.cluster_config.host
     token                  = data.ibm_container_cluster_config.cluster_config.token
     cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate
   }
   # IBM Cloud credentials are required to authenticate to the helm repo
-  registry {
+  registries = [{
     url      = "oci://icr.io/ibm/observe/logs-agent-helm"
     username = "iamapikey"
     password = var.ibmcloud_api_key
-  }
+  }]
 }
 
 provider "kubernetes" {

examples/logs-agent-ocp/version.tf

@@ -7,11 +7,11 @@ terraform {
   required_providers {
     ibm = {
       source  = "ibm-cloud/ibm"
-      version = "1.80.2"
+      version = "1.81.1"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.15.0"
+      version = ">= 3.0.0, <4.0.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

main.tf

@@ -47,92 +47,94 @@ resource "helm_release" "logs_agent" {
   recreate_pods    = true
   force_update     = true
 
-  set {
-    name  = "metadata.name"
-    type  = "string"
-    value = var.logs_agent_name
-  }
-  set {
-    name  = "image.version"
-    type  = "string"
-    value = split("@", var.logs_agent_image_version)[0]
-  }
-  set {
-    name  = "image.containerSha"
-    type  = "string"
-    value = strcontains(var.logs_agent_image_version, "@") ? split("@", var.logs_agent_image_version)[1] : ""
-  }
-  set {
-    name  = "image.initContainerSha"
-    type  = "string"
-    value = strcontains(var.logs_agent_init_image_version, "@") ? split("@", var.logs_agent_init_image_version)[1] : ""
-  }
-  set {
-    name  = "env.ingestionHost"
-    type  = "string"
-    value = local.cloud_logs_ingress_endpoint
-  }
-  set {
-    name  = "env.ingestionPort"
-    value = var.cloud_logs_ingress_port
-  }
-  set_sensitive {
+  set = [
+    {
+      name  = "metadata.name"
+      type  = "string"
+      value = var.logs_agent_name
+    },
+    {
+      name  = "image.version"
+      type  = "string"
+      value = split("@", var.logs_agent_image_version)[0]
+    },
+    {
+      name  = "image.containerSha"
+      type  = "string"
+      value = strcontains(var.logs_agent_image_version, "@") ? split("@", var.logs_agent_image_version)[1] : ""
+    },
+    {
+      name  = "image.initContainerSha"
+      type  = "string"
+      value = strcontains(var.logs_agent_init_image_version, "@") ? split("@", var.logs_agent_init_image_version)[1] : ""
+    },
+    {
+      name  = "env.ingestionHost"
+      type  = "string"
+      value = local.cloud_logs_ingress_endpoint
+    },
+    {
+      name  = "env.ingestionPort"
+      value = var.cloud_logs_ingress_port
+    },
+    {
+      name  = "env.trustedProfileID"
+      type  = "string"
+      value = local.logs_agent_trusted_profile_id
+    },
+    {
+      name  = "env.iamMode"
+      type  = "string"
+      value = var.logs_agent_iam_mode
+    },
+    {
+      name  = "env.iamEnvironment"
+      type  = "string"
+      value = var.logs_agent_iam_environment
+    },
+    {
+      name  = "systemLogs"
+      type  = "string"
+      value = join("\\,", var.logs_agent_system_logs)
+    },
+    {
+      name  = "excludeLogSourcePaths"
+      type  = "string"
+      value = join("\\,", var.logs_agent_exclude_log_source_paths)
+    },
+    {
+      name  = "selectedLogSourcePaths"
+      type  = "string"
+      value = join("\\,", local.logs_agent_selected_log_source_paths)
+    },
+    {
+      name  = "clusterName"
+      type  = "string"
+      value = local.cluster_name
+    },
+    {
+      name  = "scc.create"
+      value = var.logs_agent_enable_scc
+    },
+    {
+      name  = "enableMultiline"
+      value = var.enable_multiline
+    },
+    {
+      name  = "includeAnnotations"
+      value = var.enable_annotations
+    },
+    {
+      name  = "updateStrategy.maxUnavailable"
+      value = var.max_unavailable
+    }
+  ]
+
+  set_sensitive = [{
     name  = "secret.iamAPIKey"
     type  = "string"
     value = local.logs_agent_iam_api_key
-  }
-  set {
-    name  = "env.trustedProfileID"
-    type  = "string"
-    value = local.logs_agent_trusted_profile_id
-  }
-  set {
-    name  = "env.iamMode"
-    type  = "string"
-    value = var.logs_agent_iam_mode
-  }
-  set {
-    name  = "env.iamEnvironment"
-    type  = "string"
-    value = var.logs_agent_iam_environment
-  }
-  set {
-    name  = "systemLogs"
-    type  = "string"
-    value = join("\\,", var.logs_agent_system_logs)
-  }
-  set {
-    name  = "excludeLogSourcePaths"
-    type  = "string"
-    value = join("\\,", var.logs_agent_exclude_log_source_paths)
-  }
-  set {
-    name  = "selectedLogSourcePaths"
-    type  = "string"
-    value = join("\\,", local.logs_agent_selected_log_source_paths)
-  }
-  set {
-    name  = "clusterName"
-    type  = "string"
-    value = local.cluster_name
-  }
-  set {
-    name  = "scc.create"
-    value = var.logs_agent_enable_scc
-  }
-  set {
-    name  = "enableMultiline"
-    value = var.enable_multiline
-  }
-
-  set {
-    name  = "includeAnnotations"
-    value = var.enable_annotations
-  }
-  set {
-    name  = "updateStrategy.maxUnavailable"
-    value = var.max_unavailable
-  }
+  }]
 
   # dummy value hack to force update https://github.com/hashicorp/terraform-provider-helm/issues/515#issuecomment-813088122
   values = [

renovate.json

@@ -1,15 +1,30 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["github>terraform-ibm-modules/common-dev-assets:commonRenovateConfig"],
+  "extends": [
+    "github>terraform-ibm-modules/common-dev-assets:commonRenovateConfig"
+  ],
   "customManagers": [
     {
       "customType": "regex",
       "description": "Update agent version to the latest in variables.tf",
-      "fileMatch": ["variables.tf$"],
+      "fileMatch": [
+        "variables.tf$"
+      ],
       "datasourceTemplate": "docker",
       "matchStrings": [
         "default\\s*=\\s*\"(?<currentValue>[\\w.-]+)@(?<currentDigest>sha256:[a-f0-9]+)\"\\s*# datasource: (?<depName>[^\\s]+)"
       ]
+    },
+    {
+      "customType": "regex",
+      "description": "Update helm chart version to the latest in variables.tf",
+      "fileMatch": [
+        "variables.tf$"
+      ],
+      "datasourceTemplate": "docker",
+      "matchStrings": [
+        "default\\s*=\\s*\"(?<currentValue>.*)\"\\s*# datasource: (?<depName>[^\\s]+)"
+      ]
     }
   ]
 }

solutions/fully-configurable/provider.tf

@@ -10,17 +10,17 @@ provider "kubernetes" {
 }
 
 provider "helm" {
-  kubernetes {
+  kubernetes = {
     host                   = data.ibm_container_cluster_config.cluster_config.host
     token                  = data.ibm_container_cluster_config.cluster_config.token
     cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate
   }
   # IBM Cloud credentials are required to authenticate to the helm repo
-  registry {
+  registries = [{
     url      = "oci://icr.io/ibm/observe/logs-agent-helm"
     username = "iamapikey"
     password = var.ibmcloud_api_key
-  }
+  }]
 }
 
 # Retrieve information about an existing VPC cluster