terraform-ibm-modules · terraform-ibm-modules-ops · Oct 3, 2025 · Oct 6, 2025
@@ -8,7 +8,7 @@ on:
 
 jobs:
   call-terraform-ci-pipeline:
-    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-terraform-module-ci-v2.yml@v1.22.5
+    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-terraform-module-ci-v2.yml@v1.23.2
     secrets: inherit
     with:
       craSCCv2: true

@@ -8,5 +8,5 @@ on:
 
 jobs:
   call-terraform-release-pipeline:
-    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-release.yml@v1.22.5
+    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-release.yml@v1.23.2
     secrets: inherit
@@ -63,29 +63,29 @@ variable "ansible_vault_password" {
   description = "Vault password to encrypt ansible variable file for SAP installation. Password requirements: 15-100 characters and at least one uppercase letter, one lowercase letter, one number, and one special character. Allowed characters: A-Z, a-z, 0-9, !#$%&()*+-.:;<=>?@[]_{|}~."
   type        = string
   sensitive   = true
-  default     = null
+  default     = ""
   validation {
-    condition     = var.ansible_vault_password == null ? true : (length(var.ansible_vault_password) >= 15 && length(var.ansible_vault_password) <= 100)
+    condition     = var.ansible_vault_password == "" ? true : (length(var.ansible_vault_password) >= 15 && length(var.ansible_vault_password) <= 100)
     error_message = "ansible_vault_password needs to be between 15 and 100 characters in length."
   }
   validation {
-    condition     = var.ansible_vault_password == null ? true : can(regex("[A-Z]", var.ansible_vault_password))
+    condition     = var.ansible_vault_password == "" ? true : can(regex("[A-Z]", var.ansible_vault_password))
     error_message = "ansible_vault_password needs to contain at least one uppercase character (A-Z)."
   }
   validation {
-    condition     = var.ansible_vault_password == null ? true : can(regex("[a-z]", var.ansible_vault_password))
+    condition     = var.ansible_vault_password == "" ? true : can(regex("[a-z]", var.ansible_vault_password))
     error_message = "ansible_vault_password needs to contain at least one lowercase character (a-z)."
   }
   validation {
-    condition     = var.ansible_vault_password == null ? true : can(regex("[0-9]", var.ansible_vault_password))
+    condition     = var.ansible_vault_password == "" ? true : can(regex("[0-9]", var.ansible_vault_password))
     error_message = "ansible_vault_password needs to contain at least one number (0-9)."
   }
   validation {
-    condition     = var.ansible_vault_password == null ? true : can(regex("[!#$%&()*+\\-.:;<=>?@[\\]_{|}~]", var.ansible_vault_password))
+    condition     = var.ansible_vault_password == "" ? true : can(regex("[!#$%&()*+\\-.:;<=>?@[\\]_{|}~]", var.ansible_vault_password))
     error_message = "ansible_vault_password needs to contain at least one of the following special characters: !#$%&()*+-.:;<=>?@[]_{|}~"
   }
   validation {
-    condition     = var.ansible_vault_password == null ? true : can(regex("^[A-Za-z0-9!#$%&()*+\\-.:;<=>?@[\\]_{|}~]+$", var.ansible_vault_password))
+    condition     = var.ansible_vault_password == "" ? true : can(regex("^[A-Za-z0-9!#$%&()*+\\-.:;<=>?@[\\]_{|}~]+$", var.ansible_vault_password))
     error_message = "ansible_vault_password contains illegal characters. Allowed characters: A-Z, a-z, 0-9, !#$%&()*+-.:;<=>?@[]_{|}~"
   }
 }

@@ -32,10 +32,10 @@ The Power Virtual Server for SAP module automates the following tasks:
 | <a name="module_ansible_pi_netweaver_secondary_instances_sapmnt_mount"></a> [ansible\_pi\_netweaver\_secondary\_instances\_sapmnt\_mount](#module\_ansible\_pi\_netweaver\_secondary\_instances\_sapmnt\_mount) | ../ansible | n/a |
 | <a name="module_ansible_sap_instance_init"></a> [ansible\_sap\_instance\_init](#module\_ansible\_sap\_instance\_init) | ../ansible | n/a |
 | <a name="module_configure_scc_wp_agent"></a> [configure\_scc\_wp\_agent](#module\_configure\_scc\_wp\_agent) | ../ansible | n/a |
-| <a name="module_pi_hana_instance"></a> [pi\_hana\_instance](#module\_pi\_hana\_instance) | terraform-ibm-modules/powervs-instance/ibm | 2.7.0 |
+| <a name="module_pi_hana_instance"></a> [pi\_hana\_instance](#module\_pi\_hana\_instance) | terraform-ibm-modules/powervs-instance/ibm | 2.8.1 |
 | <a name="module_pi_hana_storage_calculation"></a> [pi\_hana\_storage\_calculation](#module\_pi\_hana\_storage\_calculation) | ../pi-hana-storage-config | n/a |
-| <a name="module_pi_netweaver_primary_instance"></a> [pi\_netweaver\_primary\_instance](#module\_pi\_netweaver\_primary\_instance) | terraform-ibm-modules/powervs-instance/ibm | 2.7.0 |
-| <a name="module_pi_netweaver_secondary_instances"></a> [pi\_netweaver\_secondary\_instances](#module\_pi\_netweaver\_secondary\_instances) | terraform-ibm-modules/powervs-instance/ibm | 2.7.0 |
+| <a name="module_pi_netweaver_primary_instance"></a> [pi\_netweaver\_primary\_instance](#module\_pi\_netweaver\_primary\_instance) | terraform-ibm-modules/powervs-instance/ibm | 2.8.1 |
+| <a name="module_pi_netweaver_secondary_instances"></a> [pi\_netweaver\_secondary\_instances](#module\_pi\_netweaver\_secondary\_instances) | terraform-ibm-modules/powervs-instance/ibm | 2.8.1 |
 
 ### Resources
 
@@ -48,7 +48,7 @@ The Power Virtual Server for SAP module automates the following tasks:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_ansible_vault_password"></a> [ansible\_vault\_password](#input\_ansible\_vault\_password) | Vault password to encrypt OS registration parameters. Only required with customer provided linux subscription (pi\_os\_registration). Password requirements: 15-100 characters and at least one uppercase letter, one lowercase letter, one number, and one special character. Allowed characters: A-Z, a-z, 0-9, !#$%&()*+-.:;<=>?@[]\_{\|}~. | `string` | `null` | no |
+| <a name="input_ansible_vault_password"></a> [ansible\_vault\_password](#input\_ansible\_vault\_password) | Vault password to encrypt OS registration parameters. Only required with customer provided linux subscription (pi\_os\_registration). Password requirements: 15-100 characters and at least one uppercase letter, one lowercase letter, one number, and one special character. Allowed characters: A-Z, a-z, 0-9, !#$%&()*+-.:;<=>?@[]\_{\|}~. | `string` | `""` | no |
 | <a name="input_pi_hana_instance"></a> [pi\_hana\_instance](#input\_pi\_hana\_instance) | PowerVS SAP HANA instance hostname (non FQDN). Will get the form of <var.prefix>-<var.pi\_hana\_instance.name>. Max length of final hostname must be <= 13 characters.'sap\_profile\_id' Must be one of the supported profiles. See [here](https://cloud.ibm.com/docs/sap?topic=sap-hana-iaas-offerings-profiles-power-vs). File system sizes are automatically calculated. Override automatic calculation by setting values in optional 'pi\_hana\_instance\_custom\_storage\_config' parameter. 'additional\_storage\_config' additional File systems to be created and attached to PowerVS SAP HANA instance. 'size' is in GB. 'count' specify over how many storage volumes the file system will be striped. 'tier' specifies the storage tier in PowerVS workspace. 'mount' specifies the target mount point on OS. | <pre>object({<br/>    name           = string<br/>    image_id       = string<br/>    sap_profile_id = string<br/>    additional_storage_config = list(object({<br/>      name  = string<br/>      size  = string<br/>      count = string<br/>      tier  = string<br/>      mount = string<br/>    }))<br/>  })</pre> | <pre>{<br/>  "additional_storage_config": [<br/>    {<br/>      "count": "1",<br/>      "mount": "/usr/sap",<br/>      "name": "usrsap",<br/>      "size": "50",<br/>      "tier": "tier3"<br/>    }<br/>  ],<br/>  "image_id": "insert_value_here",<br/>  "name": "hana",<br/>  "sap_profile_id": "ush1-4x256"<br/>}</pre> | no |
 | <a name="input_pi_hana_instance_custom_storage_config"></a> [pi\_hana\_instance\_custom\_storage\_config](#input\_pi\_hana\_instance\_custom\_storage\_config) | Custom file systems to be created and attached to PowerVS SAP HANA instance. 'size' is in GB. 'count' specify over how many storage volumes the file system will be striped. 'tier' specifies the storage tier in PowerVS workspace. 'mount' specifies the target mount point on OS. | <pre>list(object({<br/>    name  = string<br/>    size  = string<br/>    count = string<br/>    tier  = string<br/>    mount = string<br/>  }))</pre> | <pre>[<br/>  {<br/>    "count": "",<br/>    "mount": "",<br/>    "name": "",<br/>    "size": "",<br/>    "tier": ""<br/>  }<br/>]</pre> | no |
 | <a name="input_pi_instance_init_linux"></a> [pi\_instance\_init\_linux](#input\_pi\_instance\_init\_linux) | Configures a PowerVS linux instance to have internet access by setting proxy on it, updates os and create filesystems using ansible collection [ibm.power\_linux\_sap collection](https://galaxy.ansible.com/ui/repo/published/ibm/power_linux_sap/) where 'bastion\_host\_ip' is public IP of bastion/jump host to access the 'ansible\_host\_or\_ip' private IP of ansible node. This ansible host must have access to the power virtual server instance and ansible host OS must be RHEL distribution. | <pre>object(<br/>    {<br/>      enable             = bool<br/>      bastion_host_ip    = string<br/>      ansible_host_or_ip = string<br/>      ssh_private_key    = string<br/>      custom_os_registration = optional(object({<br/>        username = string<br/>        password = string<br/>      }))<br/>    }<br/>  )</pre> | n/a | yes |

@@ -40,7 +40,7 @@ module "pi_hana_storage_calculation" {
 
 module "pi_hana_instance" {
   source  = "terraform-ibm-modules/powervs-instance/ibm"
-  version = "2.7.0"
+  version = "2.8.1"
 
   pi_workspace_guid          = var.pi_workspace_guid
   pi_instance_name           = local.pi_hana_instance_name
@@ -84,7 +84,7 @@ resource "time_sleep" "wait_1_min" {
 
 module "pi_netweaver_primary_instance" {
   source     = "terraform-ibm-modules/powervs-instance/ibm"
-  version    = "2.7.0"
+  version    = "2.8.1"
   count      = var.pi_netweaver_instance.instance_count > 0 ? 1 : 0
   depends_on = [time_sleep.wait_1_min]
 
@@ -132,7 +132,7 @@ module "ansible_pi_netweaver_primary_instance_exportfs" {
 
 module "pi_netweaver_secondary_instances" {
   source     = "terraform-ibm-modules/powervs-instance/ibm"
-  version    = "2.7.0"
+  version    = "2.8.1"
   count      = var.pi_netweaver_instance.instance_count > 1 ? var.pi_netweaver_instance.instance_count - 1 : 0
   depends_on = [time_sleep.wait_1_min]
 

@@ -44,7 +44,7 @@ variable "ansible_vault_password" {
 
   type      = string
   sensitive = true
-  default   = null
+  default   = ""
 }
 
 
@@ -210,7 +210,7 @@ variable "scc_wp_instance" {
   }
 
   validation {
-    condition     = var.scc_wp_instance.guid == "" || (var.ansible_vault_password != "" && var.ansible_vault_password != null)
-    error_message = "Ansible vault password must not be empty or null when SCC workload instance is enabled. Value must be set for ansible_vault_password variable."
+    condition     = var.scc_wp_instance.enable ? len(var.ansible_vault_password) > 0 : true
+    error_message = "Ansible vault password must be defined when SCC workload instance is enabled."
   }
 }
@@ -44,7 +44,7 @@ The end-to-end solution automates the following tasks:
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.82.1 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.83.1 |
 | <a name="requirement_restapi"></a> [restapi](#requirement\_restapi) | 2.0.1 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | 0.13.1 |
 
@@ -60,8 +60,8 @@ The end-to-end solution automates the following tasks:
 | Name | Type |
 |------|------|
 | [time_sleep.wait_15_mins](https://registry.terraform.io/providers/hashicorp/time/0.13.1/docs/resources/sleep) | resource |
-| [ibm_iam_auth_token.auth_token](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.82.1/docs/data-sources/iam_auth_token) | data source |
-| [ibm_pi_catalog_images.catalog_images_ds](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.82.1/docs/data-sources/pi_catalog_images) | data source |
+| [ibm_iam_auth_token.auth_token](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.83.1/docs/data-sources/iam_auth_token) | data source |
+| [ibm_pi_catalog_images.catalog_images_ds](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.83.1/docs/data-sources/pi_catalog_images) | data source |
 
 ### Inputs
 

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.82.1"
+      version = "1.83.1"
     }
     time = {
       source  = "hashicorp/time"

@@ -44,7 +44,7 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.82.1 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.83.1 |
 
 ### Modules
 
@@ -56,16 +56,16 @@
 
 | Name | Type |
 |------|------|
-| [ibm_pi_catalog_images.catalog_images_ds](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.82.1/docs/data-sources/pi_catalog_images) | data source |
-| [ibm_pi_image.custom_images](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.82.1/docs/data-sources/pi_image) | data source |
-| [ibm_schematics_output.schematics_output](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.82.1/docs/data-sources/schematics_output) | data source |
-| [ibm_schematics_workspace.schematics_workspace](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.82.1/docs/data-sources/schematics_workspace) | data source |
+| [ibm_pi_catalog_images.catalog_images_ds](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.83.1/docs/data-sources/pi_catalog_images) | data source |
+| [ibm_pi_image.custom_images](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.83.1/docs/data-sources/pi_image) | data source |
+| [ibm_schematics_output.schematics_output](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.83.1/docs/data-sources/schematics_output) | data source |
+| [ibm_schematics_workspace.schematics_workspace](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.83.1/docs/data-sources/schematics_workspace) | data source |
 
 ### Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_ansible_vault_password"></a> [ansible\_vault\_password](#input\_ansible\_vault\_password) | Vault password to encrypt ansible playbooks that contain sensitive information. Required with customer provided linux subscription (pi\_os\_registration) or when SCC workload protection instance is enabled. Password requirements: 15-100 characters and at least one uppercase letter, one lowercase letter, one number, and one special character. Allowed characters: A-Z, a-z, 0-9, !#$%&()*+-.:;<=>?@[]\_{\|}~. | `string` | `null` | no |
+| <a name="input_ansible_vault_password"></a> [ansible\_vault\_password](#input\_ansible\_vault\_password) | Vault password to encrypt ansible playbooks that contain sensitive information. Required with customer provided linux subscription (pi\_os\_registration) or when SCC workload protection instance is enabled. Password requirements: 15-100 characters and at least one uppercase letter, one lowercase letter, one number, and one special character. Allowed characters: A-Z, a-z, 0-9, !#$%&()*+-.:;<=>?@[]\_{\|}~. | `string` | `""` | no |
 | <a name="input_ibmcloud_api_key"></a> [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | IBM Cloud platform API key needed to deploy IAM enabled resources. | `string` | n/a | yes |
 | <a name="input_nfs_directory"></a> [nfs\_directory](#input\_nfs\_directory) | Target directory on which the file storage share from VPC will be mounted. | `string` | `"/nfs"` | no |
 | <a name="input_os_image_distro"></a> [os\_image\_distro](#input\_os\_image\_distro) | Image distribution to use for all instances(HANA, NetWeaver). OS release versions may be specified in 'powervs\_sap\_default\_images' optional parameters below. | `string` | n/a | yes |

@@ -188,7 +188,7 @@ variable "ansible_vault_password" {
   description = "Vault password to encrypt ansible playbooks that contain sensitive information. Required with customer provided linux subscription (pi_os_registration) or when SCC workload protection instance is enabled. Password requirements: 15-100 characters and at least one uppercase letter, one lowercase letter, one number, and one special character. Allowed characters: A-Z, a-z, 0-9, !#$%&()*+-.:;<=>?@[]_{|}~."
   type        = string
   sensitive   = true
-  default     = null
+  default     = ""
 }
 
 variable "powervs_os_registration_username" {

@@ -7,7 +7,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.82.1"
+      version = "1.83.1"
     }
   }
 }
@@ -128,7 +128,7 @@ S4HANA_2023
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.82.1 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.83.1 |
 
 ### Modules
 
@@ -146,10 +146,10 @@ S4HANA_2023
 
 | Name | Type |
 |------|------|
-| [ibm_pi_catalog_images.catalog_images_ds](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.82.1/docs/data-sources/pi_catalog_images) | data source |
-| [ibm_pi_image.custom_images](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.82.1/docs/data-sources/pi_image) | data source |
-| [ibm_schematics_output.schematics_output](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.82.1/docs/data-sources/schematics_output) | data source |
-| [ibm_schematics_workspace.schematics_workspace](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.82.1/docs/data-sources/schematics_workspace) | data source |
+| [ibm_pi_catalog_images.catalog_images_ds](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.83.1/docs/data-sources/pi_catalog_images) | data source |
+| [ibm_pi_image.custom_images](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.83.1/docs/data-sources/pi_image) | data source |
+| [ibm_schematics_output.schematics_output](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.83.1/docs/data-sources/schematics_output) | data source |
+| [ibm_schematics_workspace.schematics_workspace](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.83.1/docs/data-sources/schematics_workspace) | data source |
 
 ### Inputs
 

@@ -7,7 +7,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.82.1"
+      version = "1.83.1"
     }
   }
 }
+1 −1		commonRenovateConfig.json
+5 −5		da-assets/da-dependency-updater/README.md
+8 −3		da-assets/da-dependency-updater/update_da_dependencies.py
+222 −223		module-assets/.pre-commit-config.yaml
+1 −0		module-assets/ci/.typos.toml
+144 −12		module-assets/ci/install-deps.sh
+2 −2		module-assets/ci/terraformConfigInspect.py
+3 −5		module-assets/ci/terraformDocGoMod.py
+6 −8		module-assets/ci/terraformDocOverview.py
+3 −3		module-assets/ci/terraformDocs.py
+3 −3		module-assets/ci/terraformDocsUtils.py
+1 −1		module-assets/ci/validateIbmCatalogJson.py
+2 −4		module-assets/ci/validateJsonTemplate.py
+2 −2		scripts/update-source/run-update-src.py
+2 −0		stack-assets/.pre-commit-config.yaml
+3 −4		stack-assets/stack-updater/update_stack_definition.py