Merge branch 'main' into Aashiq-J-patch-1

shemau · web-flow · commit a704a46ebf34 · 2025-02-14T12:54:09.000Z
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -7,7 +7,7 @@ on:
       - created
 jobs:
   call-terraform-ci-pipeline:
-    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-terraform-module-ci-v2.yml@v1.22.4
+    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-terraform-module-ci-v2.yml@v1.22.5
     secrets: inherit
     with:
       craSCCv2: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -8,5 +8,5 @@ on:
 
 jobs:
   call-terraform-release-pipeline:
-    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-release.yml@v1.22.4
+    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-release.yml@v1.22.5
     secrets: inherit
diff --git a/README.md b/README.md
@@ -96,7 +96,7 @@ You need the following permissions to run this module.
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.15.0, <3.0.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.69.2, <2.0.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.70.0, <2.0.0 |
 
 ### Modules
 
@@ -149,6 +149,8 @@ You need the following permissions to run this module.
 | <a name="input_logs_agent_selected_log_source_paths"></a> [logs\_agent\_selected\_log\_source\_paths](#input\_logs\_agent\_selected\_log\_source\_paths) | The list of specific log sources paths. Logs will only be collected from the specified log source paths. If no paths are specified, it will send logs from `/var/log/containers`. | `list(string)` | `[]` | no |
 | <a name="input_logs_agent_tolerations"></a> [logs\_agent\_tolerations](#input\_logs\_agent\_tolerations) | List of tolerations to apply to Logs agent. The default value means a pod will run on every node. | <pre>list(object({<br/>    key               = optional(string)<br/>    operator          = optional(string)<br/>    value             = optional(string)<br/>    effect            = optional(string)<br/>    tolerationSeconds = optional(number)<br/>  }))</pre> | <pre>[<br/>  {<br/>    "operator": "Exists"<br/>  }<br/>]</pre> | no |
 | <a name="input_logs_agent_trusted_profile"></a> [logs\_agent\_trusted\_profile](#input\_logs\_agent\_trusted\_profile) | The IBM Cloud trusted profile ID. Used only when `logs_agent_iam_mode` is set to `TrustedProfile`. The trusted profile must have an IBM Cloud Logs `Sender` role. | `string` | `null` | no |
+| <a name="input_wait_till"></a> [wait\_till](#input\_wait\_till) | To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, `IngressReady` and `Normal` | `string` | `"Normal"` | no |
+| <a name="input_wait_till_timeout"></a> [wait\_till\_timeout](#input\_wait\_till\_timeout) | Timeout for wait\_till in minutes. | `number` | `90` | no |
 
 ### Outputs
 
diff --git a/common-dev-assets b/common-dev-assets
@@ -1 +1 @@
-Subproject commit c87742a9c768c445f36aa83234fb2e016ad37e46
+Subproject commit a82b82a515e442958a736cae705b72891d6a60f4
diff --git a/examples/obs-agent-iks/main.tf b/examples/obs-agent-iks/main.tf
@@ -129,7 +129,7 @@ resource "time_sleep" "wait_operators" {
 
 module "observability_instances" {
   source                         = "terraform-ibm-modules/observability-instances/ibm"
-  version                        = "3.0.2"
+  version                        = "3.4.1"
   resource_group_id              = module.resource_group.resource_group_id
   region                         = var.region
   cloud_logs_plan                = "standard"
diff --git a/examples/obs-agent-iks/version.tf b/examples/obs-agent-iks/version.tf
@@ -6,7 +6,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "ibm-cloud/ibm"
-      version = "1.69.2"
+      version = "1.70.0"
     }
     helm = {
       source  = "hashicorp/helm"
diff --git a/examples/obs-agent-ocp/main.tf b/examples/obs-agent-ocp/main.tf
@@ -22,7 +22,7 @@ locals {
 
 module "trusted_profile" {
   source                      = "terraform-ibm-modules/trusted-profile/ibm"
-  version                     = "1.0.4"
+  version                     = "1.0.5"
   trusted_profile_name        = "${var.prefix}-profile"
   trusted_profile_description = "Logs agent Trusted Profile"
   # As a `Sender`, you can send logs to your IBM Cloud Logs service instance - but not query or tail logs. This role is meant to be used by agents and routers sending logs.
@@ -104,7 +104,7 @@ locals {
 
 module "ocp_base" {
   source                               = "terraform-ibm-modules/base-ocp-vpc/ibm"
-  version                              = "3.34.0"
+  version                              = "3.39.0"
   resource_group_id                    = module.resource_group.resource_group_id
   region                               = var.region
   tags                                 = var.resource_tags
@@ -130,7 +130,7 @@ data "ibm_container_cluster_config" "cluster_config" {
 
 module "observability_instances" {
   source                         = "terraform-ibm-modules/observability-instances/ibm"
-  version                        = "3.0.2"
+  version                        = "3.4.1"
   resource_group_id              = module.resource_group.resource_group_id
   region                         = var.region
   cloud_logs_plan                = "standard"
diff --git a/examples/obs-agent-ocp/version.tf b/examples/obs-agent-ocp/version.tf
@@ -6,7 +6,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "ibm-cloud/ibm"
-      version = ">= 1.69.2"
+      version = ">= 1.70.0"
     }
     helm = {
       source  = "hashicorp/helm"
diff --git a/main.tf b/main.tf
@@ -7,17 +7,21 @@ data "ibm_container_vpc_cluster" "cluster" {
   count             = var.is_vpc_cluster ? 1 : 0
   name              = var.cluster_id
   resource_group_id = var.cluster_resource_group_id
+  wait_till         = var.wait_till
+  wait_till_timeout = var.wait_till_timeout
 }
 
 data "ibm_container_cluster" "cluster" {
   count             = var.is_vpc_cluster ? 0 : 1
   name              = var.cluster_id
   resource_group_id = var.cluster_resource_group_id
+  wait_till         = var.wait_till
+  wait_till_timeout = var.wait_till_timeout
 }
 
 # Download cluster config which is required to connect to cluster
 data "ibm_container_cluster_config" "cluster_config" {
-  cluster_name_id   = var.cluster_id
+  cluster_name_id   = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].name : data.ibm_container_cluster.cluster[0].name
   resource_group_id = var.cluster_resource_group_id
   config_dir        = "${path.module}/kubeconfig"
   endpoint_type     = var.cluster_config_endpoint_type != "default" ? var.cluster_config_endpoint_type : null # null value represents default
@@ -27,7 +31,7 @@ locals {
   # LOCALS
   cluster_name                      = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publically documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485
   cloud_monitoring_chart_location   = "${path.module}/chart/sysdig-agent"
-  cloud_monitoring_image_tag_digest = "13.4.1@sha256:469f3eee8d00ce563041770e875555dbabf02daa57cc489d9e66010707cdc621" # datasource: icr.io/ext/sysdig/agent
+  cloud_monitoring_image_tag_digest = "13.7.2@sha256:660bba401573996b722587c5ebfe4ca41550312143913d45c87153530df18bd7" # datasource: icr.io/ext/sysdig/agent
   cloud_monitoring_agent_registry   = "icr.io/ext/sysdig/agent"
   cloud_monitoring_agent_tags       = var.cloud_monitoring_add_cluster_name ? concat(["ibm.containers-kubernetes.cluster.name:${local.cluster_name}"], var.cloud_monitoring_agent_tags) : var.cloud_monitoring_agent_tags
   cloud_monitoring_host             = var.cloud_monitoring_enabled ? var.cloud_monitoring_endpoint_type == "private" ? "ingest.private.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : "logs.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : null
@@ -144,5 +148,7 @@ module "logs_agent" {
   cloud_logs_ingress_endpoint            = var.cloud_logs_ingress_endpoint
   cloud_logs_ingress_port                = var.cloud_logs_ingress_port
   is_vpc_cluster                         = var.is_vpc_cluster
+  wait_till                              = var.wait_till
+  wait_till_timeout                      = var.wait_till_timeout
 }
 /** Logs Agent Configuration End **/
diff --git a/modules/logs-agent/README.md b/modules/logs-agent/README.md
@@ -99,6 +99,8 @@ No modules.
 | <a name="input_logs_agent_selected_log_source_paths"></a> [logs\_agent\_selected\_log\_source\_paths](#input\_logs\_agent\_selected\_log\_source\_paths) | The list of specific log sources paths. Logs will only be collected from the specified log source paths. If no paths are specified, it will send logs from `/var/log/containers`. | `list(string)` | `[]` | no |
 | <a name="input_logs_agent_tolerations"></a> [logs\_agent\_tolerations](#input\_logs\_agent\_tolerations) | List of tolerations to apply to Logs agent. The default value means a pod will run on every node. | <pre>list(object({<br/>    key               = optional(string)<br/>    operator          = optional(string)<br/>    value             = optional(string)<br/>    effect            = optional(string)<br/>    tolerationSeconds = optional(number)<br/>  }))</pre> | <pre>[<br/>  {<br/>    "operator": "Exists"<br/>  }<br/>]</pre> | no |
 | <a name="input_logs_agent_trusted_profile"></a> [logs\_agent\_trusted\_profile](#input\_logs\_agent\_trusted\_profile) | The IBM Cloud trusted profile ID. Used only when `logs_agent_iam_mode` is set to `TrustedProfile`. The trusted profile must have an IBM Cloud Logs `Sender` role. | `string` | `null` | no |
+| <a name="input_wait_till"></a> [wait\_till](#input\_wait\_till) | To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, `IngressReady` and `Normal` | `string` | `"Normal"` | no |
+| <a name="input_wait_till_timeout"></a> [wait\_till\_timeout](#input\_wait\_till\_timeout) | Timeout for wait\_till in minutes. | `number` | `90` | no |
 
 ### Outputs
 
diff --git a/modules/logs-agent/main.tf b/modules/logs-agent/main.tf
@@ -3,25 +3,29 @@ data "ibm_container_vpc_cluster" "cluster" {
   count             = var.is_vpc_cluster ? 1 : 0
   name              = var.cluster_id
   resource_group_id = var.cluster_resource_group_id
+  wait_till         = var.wait_till
+  wait_till_timeout = var.wait_till_timeout
 }
 
 data "ibm_container_cluster" "cluster" {
   count             = var.is_vpc_cluster ? 0 : 1
   name              = var.cluster_id
   resource_group_id = var.cluster_resource_group_id
+  wait_till         = var.wait_till
+  wait_till_timeout = var.wait_till_timeout
 }
 
 # Download cluster config which is required to connect to cluster
 data "ibm_container_cluster_config" "cluster_config" {
-  cluster_name_id   = var.cluster_id
+  cluster_name_id   = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].name : data.ibm_container_cluster.cluster[0].name
   resource_group_id = var.cluster_resource_group_id
   config_dir        = "${path.module}/kubeconfig"
   endpoint_type     = var.cluster_config_endpoint_type != "default" ? var.cluster_config_endpoint_type : null # null value represents default
 }
 
 locals {
   logs_agent_chart_location            = "oci://icr.io/ibm/observe/logs-agent-helm"
-  logs_agent_version                   = "1.3.2" # datasource: icr.io/ibm/observe/logs-agent-helm
+  logs_agent_version                   = "1.4.2" # datasource: icr.io/ibm/observe/logs-agent-helm
   logs_agent_selected_log_source_paths = distinct(concat([for namespace in var.logs_agent_log_source_namespaces : "/var/log/containers/*_${namespace}_*.log"], var.logs_agent_selected_log_source_paths))
   logs_agent_iam_api_key               = var.logs_agent_iam_api_key != null ? var.logs_agent_iam_api_key : ""
   logs_agent_trusted_profile           = var.logs_agent_trusted_profile != null ? var.logs_agent_trusted_profile : ""
diff --git a/modules/logs-agent/variables.tf b/modules/logs-agent/variables.tf
@@ -29,6 +29,28 @@ variable "is_vpc_cluster" {
   default     = true
 }
 
+variable "wait_till" {
+  description = "To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, `IngressReady` and `Normal`"
+  type        = string
+  default     = "Normal"
+
+  validation {
+    error_message = "`wait_till` value must be one of `MasterNodeReady`, `OneWorkerNodeReady`, `IngressReady` or `Normal`."
+    condition = contains([
+      "MasterNodeReady",
+      "OneWorkerNodeReady",
+      "IngressReady",
+      "Normal"
+    ], var.wait_till)
+  }
+}
+
+variable "wait_till_timeout" {
+  description = "Timeout for wait_till in minutes."
+  type        = number
+  default     = 90
+}
+
 ##############################################################################
 # Logs Agents variables
 ##############################################################################
diff --git a/renovate.json b/renovate.json
@@ -9,6 +9,14 @@
       ],
       "datasourceTemplate": "docker",
       "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
+    },
+    {
+      "fileMatch": ["\\.tf$"],
+      "matchStrings": [
+        "[\\w-]+_agent_version\\s*=\\s*\"(?<currentValue>[\\w.-]+)\"\\s*# datasource: (?<depName>[^\\s]+)\\s*( versioning=(?<versioning>.*?))?\\s.*?"
+      ],
+      "datasourceTemplate": "docker",
+      "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
     }
   ],
   "packageRules": [
diff --git a/tests/go.mod b/tests/go.mod
diff --git a/tests/go.sum b/tests/go.sum
diff --git a/tests/pr_test.go b/tests/pr_test.go
diff --git a/variables.tf b/variables.tf
diff --git a/version.tf b/version.tf

-Original file line number
+Diff line change
       - created
 jobs:
   call-terraform-ci-pipeline:
 -    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/[email protected].4
 +    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/[email protected].5
     secrets: inherit
     with:
       craSCCv2: true
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ terraform {`
`6`	`6`	`required_providers {`
`7`	`7`	`ibm = {`
`8`	`8`	`source = "ibm-cloud/ibm"`
`9`		`- version = "1.69.2"`
	`9`	`+ version = "1.70.0"`
`10`	`10`	`}`
`11`	`11`	`helm = {`
`12`	`12`	`source = "hashicorp/helm"`