diff --git a/.secrets.baseline b/.secrets.baseline
index 92cbce30..25859af7 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
"files": "go.sum|^.secrets.baseline$",
"lines": null
},
- "generated_at": "2025-05-19T21:33:07Z",
+ "generated_at": "2025-05-26T17:03:08Z",
"plugins_used": [
{
"name": "AWSKeyDetector"
@@ -144,7 +144,7 @@
"hashed_secret": "fa501f2ceec739604d621b521446b88d41a7f76b",
"is_secret": false,
"is_verified": false,
- "line_number": 80,
+ "line_number": 84,
"type": "Secret Keyword",
"verified_result": null
}
diff --git a/ibm_catalog.json b/ibm_catalog.json
index a2ce6332..7758e836 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -560,7 +560,7 @@
{
"diagram": {
"caption": "Power Virtual Server with VPC landing zone 'Standard Landscape' variation",
- "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v8.4.4/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.svg",
+ "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v8.4.5/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.svg",
"type": "image/svg+xml"
},
"description": "The Power Virtual Server with VPC landing zone as variation 'Create a new architecture' deploys VPC services and a Power Virtual Server workspace and interconnects them.\n \nRequired and optional management components are configured."
@@ -1218,7 +1218,7 @@
{
"diagram": {
"caption": "Power Virtual Server with VPC landing zone 'Quickstart' variation",
- "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v8.4.4/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.svg",
+ "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v8.4.5/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.svg",
"type": "image/svg+xml"
},
"description": "The Power Virtual Server with VPC landing zone as 'Quickstart' variation of 'Create a new architecture' option deploys VPC services and a Power Virtual Server workspace and interconnects them. It also creates one Power virtual server instance of chosen t-shirt size or custom configuration.\n \nRequired and optional management components are configured."
@@ -1545,7 +1545,7 @@
{
"diagram": {
"caption": "Power Virtual Server with VPC landing zone 'Extend Standard Landscape' variation",
- "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v8.4.4/reference-architectures/standard-extend/deploy-arch-ibm-pvs-inf-standard-extend.svg",
+ "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v8.4.5/reference-architectures/standard-extend/deploy-arch-ibm-pvs-inf-standard-extend.svg",
"type": "image/svg+xml"
},
"description": "The Power Virtual Server with VPC landing zone as variation 'Extend Power Virtual Server with VPC landing zone' creates an additional Power Virtual Server workspace and connects it with already created Power Virtual Server with VPC landing zone. It builds on existing Power Virtual Server with VPC landing zone deployed as a variation 'Create a new architecture'."
diff --git a/modules/powervs-vpc-landing-zone/README.md b/modules/powervs-vpc-landing-zone/README.md
index fc1605f3..c7a8428e 100644
--- a/modules/powervs-vpc-landing-zone/README.md
+++ b/modules/powervs-vpc-landing-zone/README.md
@@ -107,15 +107,16 @@ Creates VPC Landing Zone | Performs VPC VSI OS Config | Creates PowerVS Infrastr
| Name | Source | Version |
|------|--------|---------|
-| [client\_to\_site\_vpn](#module\_client\_to\_site\_vpn) | terraform-ibm-modules/client-to-site-vpn/ibm | 3.0.10 |
+| [app\_config](#module\_app\_config) | terraform-ibm-modules/app-configuration/ibm | 1.6.2 |
+| [client\_to\_site\_vpn](#module\_client\_to\_site\_vpn) | terraform-ibm-modules/client-to-site-vpn/ibm | 3.2.2 |
| [configure\_monitoring\_host](#module\_configure\_monitoring\_host) | ./submodules/ansible | n/a |
| [configure\_network\_services](#module\_configure\_network\_services) | ./submodules/ansible | n/a |
| [configure\_scc\_wp\_agent](#module\_configure\_scc\_wp\_agent) | ./submodules/ansible | n/a |
| [landing\_zone](#module\_landing\_zone) | terraform-ibm-modules/landing-zone/ibm//patterns//vsi//module | 7.5.0 |
| [powervs\_workspace](#module\_powervs\_workspace) | terraform-ibm-modules/powervs-workspace/ibm | 3.0.2 |
-| [private\_secret\_engine](#module\_private\_secret\_engine) | terraform-ibm-modules/secrets-manager-private-cert-engine/ibm | 1.5.1 |
-| [scc\_wp\_instance](#module\_scc\_wp\_instance) | terraform-ibm-modules/scc-workload-protection/ibm | 1.5.12 |
-| [secrets\_manager\_group](#module\_secrets\_manager\_group) | terraform-ibm-modules/secrets-manager-secret-group/ibm | 1.3.6 |
+| [private\_secret\_engine](#module\_private\_secret\_engine) | terraform-ibm-modules/secrets-manager-private-cert-engine/ibm | 1.5.2 |
+| [scc\_wp\_instance](#module\_scc\_wp\_instance) | terraform-ibm-modules/scc-workload-protection/ibm | 1.6.1 |
+| [secrets\_manager\_group](#module\_secrets\_manager\_group) | terraform-ibm-modules/secrets-manager-secret-group/ibm | 1.3.7 |
| [secrets\_manager\_private\_certificate](#module\_secrets\_manager\_private\_certificate) | terraform-ibm-modules/secrets-manager-private-cert/ibm | 1.3.3 |
| [vpc\_file\_share\_alb](#module\_vpc\_file\_share\_alb) | ./submodules/fileshare-alb | n/a |
diff --git a/modules/powervs-vpc-landing-zone/client2sitevpn.tf b/modules/powervs-vpc-landing-zone/client2sitevpn.tf
index ef25b4ba..6668ca81 100644
--- a/modules/powervs-vpc-landing-zone/client2sitevpn.tf
+++ b/modules/powervs-vpc-landing-zone/client2sitevpn.tf
@@ -77,7 +77,7 @@ resource "ibm_resource_instance" "secrets_manager" {
# Configure private cert engine if provisioning a new SM instance
module "private_secret_engine" {
source = "terraform-ibm-modules/secrets-manager-private-cert-engine/ibm"
- version = "1.5.1"
+ version = "1.5.2"
providers = { ibm = ibm.ibm-sm }
count = var.client_to_site_vpn.enable ? 1 : 0
depends_on = [ibm_resource_instance.secrets_manager]
@@ -94,7 +94,7 @@ module "private_secret_engine" {
# Create a secret group to place the certificate in
module "secrets_manager_group" {
source = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
- version = "1.3.6"
+ version = "1.3.7"
providers = { ibm = ibm.ibm-sm }
count = var.client_to_site_vpn.enable ? 1 : 0
@@ -127,7 +127,7 @@ module "secrets_manager_private_certificate" {
# Create client to site VPN Server
module "client_to_site_vpn" {
source = "terraform-ibm-modules/client-to-site-vpn/ibm"
- version = "3.0.10"
+ version = "3.2.2"
providers = { ibm = ibm.ibm-is }
count = var.client_to_site_vpn.enable ? 1 : 0
diff --git a/modules/powervs-vpc-landing-zone/main.tf b/modules/powervs-vpc-landing-zone/main.tf
index 1754560c..7ddc533f 100644
--- a/modules/powervs-vpc-landing-zone/main.tf
+++ b/modules/powervs-vpc-landing-zone/main.tf
@@ -56,9 +56,25 @@ locals {
# SCC Workload Protection Instance module
#################################################
+# Create new App Config instance
+module "app_config" {
+ source = "terraform-ibm-modules/app-configuration/ibm"
+ version = "1.6.2"
+ providers = { ibm = ibm.ibm-is }
+ count = var.enable_scc_wp ? 1 : 0
+
+ region = lookup(local.ibm_powervs_zone_cloud_region_map, var.powervs_zone, null)
+ resource_group_id = module.landing_zone.resource_group_data["${var.prefix}-slz-service-rg"]
+ app_config_plan = "basic"
+ app_config_name = "${var.prefix}-app-config"
+ app_config_tags = var.tags
+ enable_config_aggregator = true
+ config_aggregator_trusted_profile_name = "${var.prefix}-app-config-tp"
+}
+
module "scc_wp_instance" {
source = "terraform-ibm-modules/scc-workload-protection/ibm"
- version = "1.5.12"
+ version = "1.6.1"
providers = { ibm = ibm.ibm-is }
count = var.enable_scc_wp ? 1 : 0
@@ -70,6 +86,7 @@ module "scc_wp_instance" {
resource_key_name = "${var.prefix}-scc-wp-manager-key"
resource_key_tags = var.tags
cloud_monitoring_instance_crn = local.monitoring_instance.crn != "" ? local.monitoring_instance.crn : null
+ app_config_crn = var.enable_scc_wp ? module.app_config[0].app_config_crn : null
}
locals {
diff --git a/reference-architectures/standard-extend/deploy-arch-ibm-pvs-inf-standard-extend.md b/reference-architectures/standard-extend/deploy-arch-ibm-pvs-inf-standard-extend.md
index 66d7ccfb..2b81803b 100644
--- a/reference-architectures/standard-extend/deploy-arch-ibm-pvs-inf-standard-extend.md
+++ b/reference-architectures/standard-extend/deploy-arch-ibm-pvs-inf-standard-extend.md
@@ -1,7 +1,7 @@
---
copyright:
years: 2024, 2025
-lastupdated: "2025-05-23"
+lastupdated: "2025-05-26"
keywords:
subcollection: deployable-reference-architectures
authors:
@@ -15,7 +15,7 @@ image_source: https://github.com/terraform-ibm-modules/terraform-ibm-powervs-inf
use-case: ITServiceManagement
industry: Technology
content-type: reference-architecture
-version: v8.4.4
+version: v8.4.5
compliance: SAPCertified
---
@@ -28,7 +28,7 @@ compliance: SAPCertified
{: toc-industry="Technology"}
{: toc-use-case="ITServiceManagement"}
{: toc-compliance="SAPCertified"}
-{: toc-version="v8.4.4"}
+{: toc-version="v8.4.5"}
The Power Virtual Server with VPC landing zone as variation 'Extend Power Virtual Server with VPC landing zone' creates an additional Power Virtual Server workspace and connects it with the already created Power Virtual Server with VPC landing zone. It builds on the existing Power Virtual Server with VPC landing zone deployed as a variation 'Create a new architecture'.
diff --git a/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.md b/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.md
index e0d3d8d9..1b4f5c45 100644
--- a/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.md
+++ b/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.md
@@ -1,7 +1,7 @@
---
copyright:
years: 2024, 2025
-lastupdated: "2025-05-23"
+lastupdated: "2025-05-26"
keywords:
subcollection: deployable-reference-architectures
authors:
@@ -16,7 +16,7 @@ image_source: https://github.com/terraform-ibm-modules/terraform-ibm-powervs-inf
use-case: ITServiceManagement
industry: Technology
content-type: reference-architecture
-version: v8.4.4
+version: v8.4.5
compliance:
---
@@ -28,7 +28,7 @@ compliance:
{: toc-content-type="reference-architecture"}
{: toc-industry="Technology"}
{: toc-use-case="ITServiceManagement"}
-{: toc-version="v8.4.4"}
+{: toc-version="v8.4.5"}
Quickstart deployment of the Power Virtual Server with VPC landing zone creates VPC services, a Power Virtual Server workspace, and interconnects them. It also deploys a Power Virtual Server of chosen T-shirt size or custom configuration. Supported Os are Aix, IBM i, and Linux images.
diff --git a/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.md b/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.md
index 0083bbee..9942c064 100644
--- a/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.md
+++ b/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.md
@@ -1,7 +1,7 @@
---
copyright:
years: 2024, 2025
-lastupdated: "2025-05-23"
+lastupdated: "2025-05-26"
keywords:
subcollection: deployable-reference-architectures
authors:
@@ -15,7 +15,7 @@ image_source: https://github.com/terraform-ibm-modules/terraform-ibm-powervs-inf
use-case: ITServiceManagement
industry: Technology
content-type: reference-architecture
-version: v8.4.4
+version: v8.4.5
compliance: SAPCertified
---
@@ -28,7 +28,7 @@ compliance: SAPCertified
{: toc-industry="Technology"}
{: toc-use-case="ITServiceManagement"}
{: toc-compliance="SAPCertified"}
-{: toc-version="v8.4.4"}
+{: toc-version="v8.4.5"}
The Standard deployment of the Power Virtual Server with VPC landing zone creates VPC services and a Power Virtual Server workspace and interconnects them.
diff --git a/solutions/standard-extend/README.md b/solutions/standard-extend/README.md
index 0a9314e4..fc2376a8 100644
--- a/solutions/standard-extend/README.md
+++ b/solutions/standard-extend/README.md
@@ -36,7 +36,7 @@ If you do not have a PowerVS infrastructure that is the [Standard Landscape Vari
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.9 |
-| [ibm](#requirement\_ibm) | 1.78.2 |
+| [ibm](#requirement\_ibm) | 1.78.3 |
### Modules
@@ -48,8 +48,8 @@ If you do not have a PowerVS infrastructure that is the [Standard Landscape Vari
| Name | Type |
|------|------|
-| [ibm_schematics_output.schematics_output](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.78.2/docs/data-sources/schematics_output) | data source |
-| [ibm_schematics_workspace.schematics_workspace](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.78.2/docs/data-sources/schematics_workspace) | data source |
+| [ibm_schematics_output.schematics_output](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.78.3/docs/data-sources/schematics_output) | data source |
+| [ibm_schematics_workspace.schematics_workspace](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.78.3/docs/data-sources/schematics_workspace) | data source |
### Inputs
diff --git a/solutions/standard-extend/versions.tf b/solutions/standard-extend/versions.tf
index 79a594b6..31cf8d0c 100644
--- a/solutions/standard-extend/versions.tf
+++ b/solutions/standard-extend/versions.tf
@@ -7,7 +7,7 @@ terraform {
required_providers {
ibm = {
source = "IBM-Cloud/ibm"
- version = "1.78.2"
+ version = "1.78.3"
}
}
}
diff --git a/solutions/standard-plus-vsi/README.md b/solutions/standard-plus-vsi/README.md
index 540b24b9..b47ac2c3 100644
--- a/solutions/standard-plus-vsi/README.md
+++ b/solutions/standard-plus-vsi/README.md
@@ -47,7 +47,8 @@ This example sets up the following infrastructure:
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.9 |
-| [ibm](#requirement\_ibm) | 1.78.2 |
+| [ibm](#requirement\_ibm) | 1.78.3 |
+| [restapi](#requirement\_restapi) | 1.20.0 |
### Modules
@@ -60,7 +61,8 @@ This example sets up the following infrastructure:
| Name | Type |
|------|------|
-| [ibm_pi_catalog_images.catalog_images_ds](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.78.2/docs/data-sources/pi_catalog_images) | data source |
+| [ibm_iam_auth_token.auth_token](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.78.3/docs/data-sources/iam_auth_token) | data source |
+| [ibm_pi_catalog_images.catalog_images_ds](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.78.3/docs/data-sources/pi_catalog_images) | data source |
### Inputs
diff --git a/solutions/standard-plus-vsi/provider.tf b/solutions/standard-plus-vsi/provider.tf
index 54188d15..3f8f7515 100644
--- a/solutions/standard-plus-vsi/provider.tf
+++ b/solutions/standard-plus-vsi/provider.tf
@@ -69,3 +69,15 @@ provider "ibm" {
zone = var.powervs_zone
ibmcloud_api_key = var.ibmcloud_api_key != null ? var.ibmcloud_api_key : null
}
+
+data "ibm_iam_auth_token" "auth_token" {
+ provider = ibm.ibm-is
+}
+
+provider "restapi" {
+ uri = "https://resource-controller.cloud.ibm.com"
+ headers = {
+ Authorization = data.ibm_iam_auth_token.auth_token.iam_access_token
+ }
+ write_returns_object = true
+}
diff --git a/solutions/standard-plus-vsi/versions.tf b/solutions/standard-plus-vsi/versions.tf
index 67850b51..fe2eab06 100644
--- a/solutions/standard-plus-vsi/versions.tf
+++ b/solutions/standard-plus-vsi/versions.tf
@@ -7,7 +7,11 @@ terraform {
required_providers {
ibm = {
source = "IBM-Cloud/ibm"
- version = "1.78.2"
+ version = "1.78.3"
+ }
+ restapi = {
+ source = "Mastercard/restapi"
+ version = "1.20.0"
}
}
}
diff --git a/solutions/standard/README.md b/solutions/standard/README.md
index d122f897..70f7fe96 100644
--- a/solutions/standard/README.md
+++ b/solutions/standard/README.md
@@ -47,7 +47,8 @@ This example sets up the following infrastructure:
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.9 |
-| [ibm](#requirement\_ibm) | 1.78.2 |
+| [ibm](#requirement\_ibm) | 1.78.3 |
+| [restapi](#requirement\_restapi) | 1.20.0 |
### Modules
@@ -57,7 +58,9 @@ This example sets up the following infrastructure:
### Resources
-No resources.
+| Name | Type |
+|------|------|
+| [ibm_iam_auth_token.auth_token](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.78.3/docs/data-sources/iam_auth_token) | data source |
### Inputs
diff --git a/solutions/standard/provider.tf b/solutions/standard/provider.tf
index 54188d15..3f8f7515 100644
--- a/solutions/standard/provider.tf
+++ b/solutions/standard/provider.tf
@@ -69,3 +69,15 @@ provider "ibm" {
zone = var.powervs_zone
ibmcloud_api_key = var.ibmcloud_api_key != null ? var.ibmcloud_api_key : null
}
+
+data "ibm_iam_auth_token" "auth_token" {
+ provider = ibm.ibm-is
+}
+
+provider "restapi" {
+ uri = "https://resource-controller.cloud.ibm.com"
+ headers = {
+ Authorization = data.ibm_iam_auth_token.auth_token.iam_access_token
+ }
+ write_returns_object = true
+}
diff --git a/solutions/standard/versions.tf b/solutions/standard/versions.tf
index 8caf6958..f9adcc92 100644
--- a/solutions/standard/versions.tf
+++ b/solutions/standard/versions.tf
@@ -7,7 +7,11 @@ terraform {
required_providers {
ibm = {
source = "IBM-Cloud/ibm"
- version = "1.78.2"
+ version = "1.78.3"
+ }
+ restapi = {
+ source = "Mastercard/restapi"
+ version = "1.20.0"
}
}
}
diff --git a/tests/pr_test.go b/tests/pr_test.go
index 61db2dfe..54768bdb 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -61,6 +61,10 @@ func setupOptionsStandardSolution(t *testing.T, prefix string, powervs_zone stri
ResourceGroup: resourceGroup,
Region: powervs_zone,
ImplicitDestroy: []string{},
+ // workaround for https://github.com/terraform-ibm-modules/terraform-ibm-scc-workload-protection/issues/243
+ IgnoreAdds: testhelper.Exemptions{
+ List: []string{"module.standard.module.scc_wp_instance[0].restapi_object.cspm"},
+ },
})
options.TerraformVars = map[string]interface{}{