feat: Exposed new variable add_bucket_name_suffix in the DA with a default value of true to help ensure a unique bucket name gets created.<br>* Updated DA to use IBM provider version 1.63.0 which has a fix for known [provider bug](IBM-Cloud/terraform-provider-ibm#5131) (#18)

Author: ocofaigh

solutions/instances/README.md

@@ -7,16 +7,3 @@ This solution supports the following:
 - Provisioning and configuring of a Security and Compliance Center Workload Protection instance.
 
 **NB:** This solution is not intended to be called by one or more other modules since it contains a provider configurations, meaning it is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers)
-
-## Known limitations
-There is currently a known issue with the IBM provider (https://github.com/IBM-Cloud/terraform-provider-ibm/issues/5131) where the provider is always trying to use the `us-south` endpoint when trying to configure the SCC instance, even if the instance is not in `us-south`. You will see the following error on apply:
-```
-│ Error: UpdateSettingsWithContext failed The requested resource was not found
-```
-As a workaround, you can set the following environment variable before running apply:
-```
-export IBMCLOUD_SCC_API_ENDPOINT=https://REGION.compliance.cloud.ibm.com
-```
-where `REGION` is the value you have set for the modules `region` input variable.
-
-![scc](https://github.com/terraform-ibm-modules/terraform-ibm-scc-da/blob/main/reference-architecture/scc.svg)

solutions/instances/catalogValidationValues.json.template

@@ -2,6 +2,5 @@
   "ibmcloud_api_key": $VALIDATION_APIKEY,
   "resource_group_name": $PREFIX,
   "existing_kms_guid": $HPCS_US_SOUTH_GUID,
-  "kms_region": "us-south",
-  "scc_cos_bucket_name": $PREFIX
+  "kms_region": "us-south"
 }

solutions/instances/main.tf

@@ -26,8 +26,7 @@ module "kms" {
   }
   count                       = var.existing_scc_cos_kms_key_crn != null || var.existing_scc_cos_bucket_name != null ? 0 : 1 # no need to create any KMS resources if passing an existing key, or bucket
   source                      = "terraform-ibm-modules/kms-all-inclusive/ibm"
-  version                     = "4.8.1"
-  resource_group_id           = null # rg only needed if creating KP instance
+  version                     = "4.8.3"
   create_key_protect_instance = false
   region                      = var.kms_region
   existing_kms_instance_guid  = var.existing_kms_guid
@@ -79,7 +78,7 @@ module "cos" {
   }
   count                    = var.existing_scc_cos_bucket_name == null ? 1 : 0 # no need to call COS module if consumer is passing existing COS bucket
   source                   = "terraform-ibm-modules/cos/ibm//modules/fscloud"
-  version                  = "7.4.1"
+  version                  = "7.5.0"
   resource_group_id        = module.resource_group.resource_group_id
   create_cos_instance      = var.existing_cos_instance_crn == null ? true : false # don't create instance if existing one passed in
   create_resource_key      = false
@@ -90,6 +89,7 @@ module "cos" {
   cos_plan                 = "standard"
   bucket_configs = [{
     access_tags                   = var.scc_cos_bucket_access_tags
+    add_bucket_name_suffix        = var.add_bucket_name_suffix
     bucket_name                   = var.scc_cos_bucket_name
     kms_encryption_enabled        = true
     kms_guid                      = var.existing_kms_guid
@@ -112,7 +112,7 @@ module "cos" {
 
 module "scc" {
   source                            = "terraform-ibm-modules/scc/ibm"
-  version                           = "1.1.2"
+  version                           = "1.1.3"
   resource_group_id                 = module.resource_group.resource_group_id
   region                            = var.scc_region
   instance_name                     = var.scc_instance_name

solutions/instances/variables.tf

@@ -101,7 +101,13 @@ variable "cos_instance_access_tags" {
 variable "scc_cos_bucket_name" {
   type        = string
   default     = "base-security-services-bucket"
-  description = "The name to use when creating the SCC Cloud Object Storage bucket (NOTE: bucket names are globally unique)."
+  description = "The name to use when creating the SCC Cloud Object Storage bucket (NOTE: bucket names are globally unique). If 'add_bucket_name_suffix' is set to true, a random 4 characters will be added to this name to help ensure bucket name is globally unique."
+}
+
+variable "add_bucket_name_suffix" {
+  type        = bool
+  description = "Add random generated suffix (4 characters long) to the newly provisioned SCC COS bucket name. Only used if not passing existing bucket. set to false if you want full control over bucket naming using the 'scc_cos_bucket_name' variable."
+  default     = true
 }
 
 variable "scc_cos_bucket_access_tags" {

solutions/instances/version.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.62.0"
+      version = "1.63.0"
     }
   }
 }

tests/pr_test.go

@@ -59,17 +59,13 @@ func TestInstancesInSchematics(t *testing.T) {
 		WaitJobCompleteMinutes: 60,
 	})
 
-	// Workaround for https://github.com/IBM-Cloud/terraform-provider-ibm/issues/5131
-	options.AddWorkspaceEnvVar("IBMCLOUD_SCC_API_ENDPOINT", "https://private."+region+".compliance.cloud.ibm.com", false, false)
-
 	options.TerraformVars = []testschematic.TestSchematicTerraformVar{
 		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
 		{Name: "resource_group_name", Value: options.Prefix, DataType: "string"},
 		{Name: "existing_kms_guid", Value: permanentResources["hpcs_south"], DataType: "string"},
 		{Name: "kms_region", Value: "us-south", DataType: "string"}, // KMS instance is in us-south
 		{Name: "scc_region", Value: region, DataType: "string"},
 		{Name: "cos_region", Value: region, DataType: "string"},
-		{Name: "scc_cos_bucket_name", Value: options.Prefix, DataType: "string"},
 		{Name: "cos_instance_tags", Value: options.Tags, DataType: "list(string)"},
 		{Name: "scc_instance_tags", Value: options.Tags, DataType: "list(string)"},
 		{Name: "scc_wp_instance_tags", Value: options.Tags, DataType: "list(string)"},