chore(deps): update terraform-module to v1.29.0 - autoclosed

[terraform-ibm-modules-ops]

This PR contains the following updates:

Package	Type	Update	Change
github.com/terraform-ibm-modules/terraform-ibm-cbr	module	minor	v1.2.0 -> v1.29.0
terraform-ibm-modules/cbr/ibm (source)	module	minor	1.28.1 -> 1.29.0

---

Release Notes

terraform-ibm-modules/terraform-ibm-cbr (github.com/terraform-ibm-modules/terraform-ibm-cbr)

v1.29.0

Compare Source

Features

• added cloud logs support to the fscloud submodule profile (#​568)

v1.28.1

Compare Source

Bug Fixes

• deps: updated required provider version to >= 1.70.0 to pick up the fix for this provider issue: [ibm_cbr_zone] Error: Provider produced inconsistent result after apply(#​556) (93ea730)

v1.28.0

Compare Source

Features

• added two new inputs to the fscloud profile: allow_vpcs_to_iam_groups and allow_vpcs_to_iam_access_management. By setting these to true, the following FSCloud SCC rules will pass:
  - Check whether IAM access management can be accessed only thorugh a private endpoint (Context-based restrictions or service) and allowed IPs<br>- Check whether IAM access groups can be accessed only through a private endpoint (Context-based restrictions or service) and allowed IPs` (#​548) (10c5bc9)

v1.27.0

Compare Source

Features

• Enable traffic flow from SCC to COS is added (#​525) (789366a)

v1.26.0

Compare Source

Features

• added support to the cbr-zone-module to use existing zone using new inputs existing_zone_id and use_existing_cbr_zone (#​530) (3e25409)

v1.25.0

Compare Source

Features

• updated the target_service_details input in the fscloud submodule to support setting the geography option.
  NOTE: Both region and geography cannot be set simultaneously for the container registry service. (#​519) (4060786)

v1.24.1

Compare Source

Bug Fixes

• fixed icd-apitypes for global deny rule (#​522) (f6c2934)

v1.24.0

Compare Source

Features

• updated fscloud module to optionally take list of location for zones (#​472) (478f5fb)

v1.23.5

Compare Source

Bug Fixes

• Set enforcement mode as disabled for EN by default, as SMTP API does not support report mode.(#​497) (e76f4b4)

v1.23.4

Compare Source

Bug Fixes

• mqcloud is removed from default target service list and fscloud doc is updated (#​495) (5af76ee)

v1.23.3

Compare Source

Bug Fixes

• fixed bug where global deny target service details could potentially be missing consumer customizations (#​489) (e902247)

v1.23.2

Compare Source

Bug Fixes

• added fix to ensure only service-group-id should be specified when the pseudo service IAM is used (#​487) (8108e45)

v1.23.1

Compare Source

Bug Fixes

• Event Notifications introduced SMTP API that does not support report enforcement mode. By default report mode is set which excludes SMTP API. If enforcement mode is set to enabled, CBR will be applied to the SMTP API as well.
  - Added MQ segmentation to add data plane API type id (#​485) (fa554b3)

v1.23.0

Compare Source

Features

• Ability to add optional location for each serviceRef when creating zone (#​457) (3142064)

v1.22.3

Compare Source

Bug Fixes

• update required ibm provider version to >= 1.65.0, < 2.0.0 to ensure fix for known provider issue is included (#​467) (2e9cff1)

v1.22.2

Compare Source

Bug Fixes

• remove upper limit for required terraform version (#​458) (f388f0c)

v1.22.1

Compare Source

Bug Fixes

• only allow private COS endpoint access for all services except VPC which will use direct endpoint (#​453) (264dc92)

v1.22.0

Compare Source

Features (#​433) (81fec02)

• New serviceRefs are added which now supports CBR-
  • "cloudantnosqldb" (Cloudant)
  • "globalcatalog-collection" (Catalog Management)
  • "sysdig-monitor" (IBM Cloud Monitoring)
  • "sysdig-secure" (Security and Compliance Center Workload Protection)
  • "toolchain".
• "compliance" and "containers-kubernetes" serviceRefs now support restriction per location.

v1.21.0

Compare Source

Features

• added latest service targets (#​436) (803c097):

  • "IAM" (All IAM Account Management services)
  • "context-based-restrictions"
  • "globalcatalog-collection" (Catalog Management)
  • "logdna" (IBM Log Analysis)
  • "logdnaat" (IBM Cloud Activity Tracker)
  • "mqcloud" (MQ)
  • "sysdig-monitor" (IBM Cloud Monitoring)
  • "sysdig-secure" (Security and Compliance Center Workload Protection)

v1.20.1

Compare Source

Bug Fixes

• updated multiservice example (#​423)
  * This release fixes the multi-service-profile example with location update.
  * location variable of cbr-service-profile submodule is now required (no default) (4098bd6)

v1.20.0

Compare Source

Features

• create global 'deny' rule when more narrow scoped rules are created by the module (#​396)
  * minimum required provider version is 1.62.0.
  * Ability to scope a rule per region.
  * Support for multiple attributes per rule for a service.
  * Remove public default context set to 1.1.1.1
  * 0 context rule for services by default, which will deny all requests made to a service. (Note: By default enforcement mode is set to report-only).
  * option create a global 'deny' rule for all the scoped rule for a service. By default it is set to true. (512a33b)

v1.19.1

Compare Source

Bug Fixes

• extend the required terraform version to < 1.7 (#​407) (c62077d)

v1.19.0

Compare Source

Features

• added pre-wired rule for Event Notification (Messagehub) to HPCS (#​406) (acd3d60)

v1.18.1

Compare Source

Bug Fixes

• deps: updated required provider constraints to not allow major version updates (#​400) (ecacb57)

v1.18.0

Compare Source

Features

• Custom explicit naming option added for CBR rules and zones. (#​313) (2818c80)

v1.17.1

Compare Source

Bug Fixes

• update fscloud submodule to require >= 1.56.1 of ibm provider (#​366) (2d13504)

v1.17.0

Compare Source

Features

• Split containers-kubernetes rules in the secure-by-default submodule (#​336) (fab3300) . The module now supports the pseudo-service names containers-kubernetes-management and containers-kubernetes-cluster to distinguish between the cluster and management APIs.

v1.16.0

Compare Source

Features

• The KMS CBR context are now set to target HPCS in the fscloud module by default, starting with version 1.16.0, instead of Key Protect.

Important Changes:

• This update replaces the previous default Key Protect rule with HPCS. As a result, when you upgrade to v1.16.0, the context will no longer be the set for the key protect CBR rule.
• To maintain the behavior from previous versions when upgrading to v1.16.0, you should set the new variable kms_service_targeted_by_prewired_rules variable to include 'key-protect.' This ensures that the 'key-protect' CBR context continues to be set. For detailed instructions on configuring this variable, please refer to the fscloud module's variables.tf file.

v1.15.1

Compare Source

Bug Fixes

• updated usage section in readme for all the modules (#​321) (89e5cfe)

v1.15.0

Compare Source

Features

• added pre-wired rule for IS (VPC infra) -> COS in fscloud submodule (#​302) (2e8521d)

v1.14.0

Compare Source

Features

• added pre-wired rule for IKS -> IS (VPC infrastructure) in fscloud submodule (#​306) (4026d8c)

v1.13.0

Compare Source

Features

• update terraform version constraints to >= 1.3.0, <1.6.0 (#​319) (57f862a)

v1.12.2

Compare Source

Bug Fixes

• added extra validation to the existing_serviceref_zone and existing_cbr_zone_vpcs variables in the fscloud profile submodule (#​303) (f24ab4a)

v1.12.1

Compare Source

Bug Fixes

• added a default value for the operations variable to make it backward compatible with recent CBR service updates around api types (#​305) (2f89973)

v1.12.0

Compare Source

Features

• added pre-wired rule for icd-databases in fscloud submodule (#​294) (2d8d25b)

v1.11.0

Compare Source

Features

• add activity tracker and logdna to list of custom rules (fscloud submodule) (#​297) (3eb5aa7)

v1.10.0

Compare Source

Features

• add fscloud added pre-wired rule for AT -> COS (#​296) (0e10af6)

v1.9.2

Compare Source

Bug Fixes

• endpoint set to direct for VPC to COS in the fscloud submodule (#​283) (4467165)

v1.9.1

Compare Source

Bug Fixes

• update module references in README (#​284) (321229b)

v1.9.0

Compare Source

Features

• add regionality support in fscloud submodule (#​271) (66374b9)

v1.8.2

Compare Source

Bug Fixes

• update required ibm provider version to >= 1.56.1 (#​277) (e2dd42f)

v1.8.1

Compare Source

Bug Fixes

• added instance id support to the target_service_details variable in the fscloud profile (#​275) (8b84293)

v1.8.0

Compare Source

Features

• update required ibm provider version to >= 1.56.1 (#​276) (71bd929)

v1.7.1

Compare Source

Bug Fixes

• fix link in README.md (#​274) (80245e1)

v1.7.0

Compare Source

Refactor

• All the terraform submodules are now moved to the directory modules including FScloud profile. (#​273) (89ea824)

Features

• Added an option in the fscloud module to skip zone creation for specific service (#​273) (89ea824)

v1.6.1

Compare Source

Bug Fixes

• Minor fix to update some missing module documentation (#​272) (2be6082)

v1.6.0

Compare Source

Features

• adds regionality for services in zone (#​240) (ee9efc1)

v1.5.0

Compare Source

Features

• New sub-module under the directory profiles/fscloud . The module lays out a secure-by-default CBR topology at the account level.

v1.4.0

Compare Source

Features

• give flexibility on endpoint configuration in cbr service module (#​265) (4ec347e)

v1.3.2

Compare Source

Bug Fixes

• update prefix variable description in cbr-service-profile submodule (#​261) (139d98d)

v1.3.1

Compare Source

Bug Fixes

• Adjust multi-service-profile example to demonstrate a real-world scenario (#​258) (0f6de93)

v1.3.0

Compare Source

Features

• update list of supported services (#​264) (14ceabc)

v1.2.1

Compare Source

Bug Fixes

• update modules references to point to hashicorp module registry (#​231) (e6b3d34)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[shemau]

/run pipeline

[shemau]

This should be resolved after #160 is merged