From b96cca033ef9b473140c292d3d710c83b010f339 Mon Sep 17 00:00:00 2001
From: ocofaigh <ocofaigh@ie.ibm.com>
Date: Fri, 19 Sep 2025 12:51:56 +0100
Subject: [PATCH 1/3] fix(deps): update DA dependencies + example / tests
 cleanup

---
 common-dev-assets |  2 +-
 ibm_catalog.json  | 10 ++++-----
 tests/pr_test.go  | 56 ++++++++++++++++-------------------------------
 3 files changed, 25 insertions(+), 43 deletions(-)

diff --git a/common-dev-assets b/common-dev-assets
index 47c0edb..325cfd0 160000
--- a/common-dev-assets
+++ b/common-dev-assets
@@ -1 +1 @@
-Subproject commit 47c0edbc6d669874511116e4cb645097d10561b9
+Subproject commit 325cfd0d91902e08079644092bbf298c4872f388
diff --git a/ibm_catalog.json b/ibm_catalog.json
index 32a1027..b41c4fc 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -79,7 +79,7 @@
               ],
               "optional": true,
               "on_by_default": false,
-              "version": "v3.0.7"
+              "version": "v3.0.23"
             },
             {
               "name": "deploy-arch-ibm-apprapp",
@@ -89,7 +89,7 @@
               ],
               "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
               "id": "045c1169-d15a-4046-ae81-aa3d3348421f-global",
-              "version": "v1.10.2",
+              "version": "v1.11.2",
               "optional": true,
               "input_mapping": [
                 {
@@ -142,7 +142,7 @@
                 "fully-configurable"
               ],
               "id": "63d8ae58-fbf3-41ce-b844-0fb5b85882ab-global",
-              "version": "v1.6.11",
+              "version": "v1.6.28",
               "optional": true,
               "on_by_default": true,
               "input_mapping": [
@@ -167,7 +167,7 @@
               "name": "deploy-arch-ibm-cloud-monitoring",
               "description": "Configure IBM Cloud Monitoring to collect the platform metrics.",
               "id": "73debdbf-894f-4c14-81c7-5ece3a70b67d-global",
-              "version": "v1.6.4",
+              "version": "v1.7.2",
               "flavors": [
                 "fully-configurable"
               ],
@@ -200,7 +200,7 @@
               "name": "deploy-arch-ibm-activity-tracker",
               "description": "Configure Activity Tracker Event Routing to route the auditing events.",
               "id": "918453c3-4f97-4583-8c4a-83ef12fc7916-global",
-              "version": "v1.2.25",
+              "version": "v1.2.34",
               "flavors": [
                 "fully-configurable"
               ],
diff --git a/tests/pr_test.go b/tests/pr_test.go
index 8d28860..8f0ff43 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -22,15 +22,15 @@ import (
 	"github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testschematic"
 )
 
+/*
+Global variables
+*/
 const resourceGroup = "geretain-test-resources"
 const fullyConfigurableDADir = "solutions/fully-configurable"
-
-var existingResources = "./existing-resources"
-
-// Define a struct with fields that match the structure of the YAML data.
 const yamlLocation = "../common-dev-assets/common-go-assets/common-permanent-resources.yaml"
+const existingResources = "./existing-resources"
+const terraformVersion = "terraform_v1.10" // This should match the version in the ibm_catalog.json
 
-// Current supported SCC Workload Protection region
 var validRegions = []string{
 	"us-south",
 	"us-east",
@@ -43,7 +43,6 @@ var validRegions = []string{
 	"ca-tor",
 	"au-syd",
 }
-
 var permanentResources map[string]interface{}
 
 func TestMain(m *testing.M) {
@@ -107,9 +106,11 @@ func TestFullyConfigurable(t *testing.T) {
 			},
 			ResourceGroup:          resourceGroup,
 			TemplateFolder:         fullyConfigurableDADir,
-			Tags:                   []string{"test-schematic"},
+			Tags:                   []string{"test-schematic", "scc-wp-da-fc"},
 			DeleteWorkspaceOnFail:  false,
 			WaitJobCompleteMinutes: 60,
+			Region:                 region,
+			TerraformVersion:       terraformVersion,
 			// workaround for https://github.com/terraform-ibm-modules/terraform-ibm-scc-workload-protection/issues/243
 			IgnoreAdds: testhelper.Exemptions{
 				List: []string{"module.scc_wp.restapi_object.cspm"},
@@ -119,7 +120,7 @@ func TestFullyConfigurable(t *testing.T) {
 		options.TerraformVars = []testschematic.TestSchematicTerraformVar{
 			{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
 			{Name: "existing_resource_group_name", Value: resourceGroup, DataType: "string"},
-			{Name: "region", Value: region, DataType: "string"},
+			{Name: "region", Value: options.Region, DataType: "string"},
 			{Name: "scc_workload_protection_instance_tags", Value: options.Tags, DataType: "list(string)"},
 			{Name: "scc_workload_protection_resource_key_tags", Value: options.Tags, DataType: "list(string)"},
 			{Name: "scc_workload_protection_access_tags", Value: permanentResources["accessTags"], DataType: "list(string)"},
@@ -192,11 +193,14 @@ func TestFullyConfigurableUpgrade(t *testing.T) {
 				"*.tf",
 				fullyConfigurableDADir + "/*.tf",
 			},
-			ResourceGroup:          resourceGroup,
-			TemplateFolder:         fullyConfigurableDADir,
-			Tags:                   []string{"test-schematic"},
-			DeleteWorkspaceOnFail:  false,
-			WaitJobCompleteMinutes: 60,
+			ResourceGroup:              resourceGroup,
+			TemplateFolder:             fullyConfigurableDADir,
+			Tags:                       []string{"test-schematic"},
+			DeleteWorkspaceOnFail:      false,
+			WaitJobCompleteMinutes:     60,
+			CheckApplyResultForUpgrade: true,
+			Region:                     region,
+			TerraformVersion:           terraformVersion,
 			// workaround for https://github.com/terraform-ibm-modules/terraform-ibm-scc-workload-protection/issues/243
 			IgnoreAdds: testhelper.Exemptions{
 				List: []string{"module.scc_wp.restapi_object.cspm"},
@@ -206,7 +210,7 @@ func TestFullyConfigurableUpgrade(t *testing.T) {
 		options.TerraformVars = []testschematic.TestSchematicTerraformVar{
 			{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
 			{Name: "existing_resource_group_name", Value: resourceGroup, DataType: "string"},
-			{Name: "region", Value: region, DataType: "string"},
+			{Name: "region", Value: options.Region, DataType: "string"},
 			{Name: "scc_workload_protection_instance_tags", Value: options.Tags, DataType: "list(string)"},
 			{Name: "scc_workload_protection_resource_key_tags", Value: options.Tags, DataType: "list(string)"},
 			{Name: "scc_workload_protection_access_tags", Value: permanentResources["accessTags"], DataType: "list(string)"},
@@ -233,7 +237,7 @@ func TestFullyConfigurableUpgrade(t *testing.T) {
 	}
 }
 
-func TestSccWpAddonDefaultConfiguration(t *testing.T) {
+func TestAddonDefaultConfiguration(t *testing.T) {
 	t.Parallel()
 
 	options := testaddons.TestAddonsOptionsDefault(&testaddons.TestAddonOptions{
@@ -256,25 +260,3 @@ func TestSccWpAddonDefaultConfiguration(t *testing.T) {
 	err := options.RunAddonTest()
 	require.NoError(t, err)
 }
-
-// TestDependencyPermutations runs dependency permutations for SCC WP and all its dependencies
-func TestSccWpDependencyPermutations(t *testing.T) {
-	// currently Permutation tests is not stable and the test wrapper framework must be updated. Skip tests for now
-	t.Skip()
-	t.Parallel()
-	options := testaddons.TestAddonsOptionsDefault(&testaddons.TestAddonOptions{
-		Testing: t,
-		Prefix:  "scc-per",
-		AddonConfig: cloudinfo.AddonConfig{
-			OfferingName:   "deploy-arch-ibm-scc-workload-protection",
-			OfferingFlavor: "fully-configurable",
-			Inputs: map[string]interface{}{
-				"prefix": "scc-per",
-				"region": validRegions[rand.Intn(len(validRegions))],
-			},
-		},
-	})
-
-	err := options.RunAddonPermutationTest()
-	assert.NoError(t, err, "Dependency permutation test should not fail")
-}

From 314e2e459142df12a2ece97b6988c9e68e119136 Mon Sep 17 00:00:00 2001
From: ocofaigh <ocofaigh@ie.ibm.com>
Date: Mon, 22 Sep 2025 12:23:20 +0100
Subject: [PATCH 2/3] fix: updated the default App Config plan to 'standard'

---
 ibm_catalog.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ibm_catalog.json b/ibm_catalog.json
index b41c4fc..f180224 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -317,7 +317,7 @@
                   "value": "enterprise"
                 }
               ],
-              "default_value": "basic",
+              "default_value": "standardv2",
               "description": "The plan to use for the App Configuration service instance."
             },
             {

From 2e360dc6477f5f5b9034f20c68a2e86b3a00c06e Mon Sep 17 00:00:00 2001
From: ocofaigh <ocofaigh@ie.ibm.com>
Date: Mon, 22 Sep 2025 17:42:05 +0100
Subject: [PATCH 3/3] default to enterprise App Config plan as it only support
 KMS

---
 ibm_catalog.json | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/ibm_catalog.json b/ibm_catalog.json
index f180224..e8e7faf 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -300,7 +300,6 @@
             },
             {
               "key": "app_config_plan",
-              "required": true,
               "virtual": true,
               "type": "string",
               "options": [
@@ -317,8 +316,8 @@
                   "value": "enterprise"
                 }
               ],
-              "default_value": "standardv2",
-              "description": "The plan to use for the App Configuration service instance."
+              "default_value": "enterprise",
+              "description": "The plan to use for the App Configuration service instance. If the Key Protect deployable architecture has been selected, 'enterprise' plan must be used."
             },
             {
               "key": "enable_platform_metrics",