From 1d8bcdc3b3d6da00a4521ed5ed915eae02193346 Mon Sep 17 00:00:00 2001 From: raagamounica Date: Fri, 21 Nov 2025 19:25:10 +0530 Subject: [PATCH 1/8] refactor: updating the lifecycle block to ignore cloud_monitoring_connected_instance --- main.tf | 3 ++- solutions/fully-configurable/variables.tf | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index d96eb86..4704119 100644 --- a/main.tf +++ b/main.tf @@ -24,7 +24,8 @@ resource "ibm_resource_instance" "scc_wp" { } lifecycle { ignore_changes = [ - parameters["cloud_monitoring_connected_instance"] + parameters["cloud_monitoring_connected_instance"] # Lifecycle ignore is added for cloud_monitoring_connected_instance because once SCC Workload Protection is connected to the monitoring instance, this value cannot be modified. + ] } } diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 7337a55..dd6802b 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -18,7 +18,7 @@ variable "existing_monitoring_crn" { type = string nullable = true default = null - description = "To collect and analyze metrics and security data on hosts using both Monitoring and Workload Protection, pass the CRN of an existing IBM Cloud Monitoring instance to create the connection. Once the connection is created, the Monitoring instance CRN cannot be changed. Learn more](https://www.ibm.com/products/cloud-monitoring)" + description = "To collect and analyze metrics and security data on hosts using both Monitoring and Workload Protection, pass the CRN of an existing IBM Cloud Monitoring instance to create the connection. Once the connection is created, the Monitoring instance CRN cannot be changed. [Learn more](https://cloud.ibm.com/docs/security-compliance?topic=security-compliance-known-issues&interface=ui)" validation { condition = anytrue([ @@ -141,7 +141,7 @@ variable "scc_workload_protection_service_plan" { ############################################################## variable "cspm_enabled" { - description = "Enable Cloud Security Posture Management (CSPM) for the Workload Protection instance. This will create a trusted profile associated with the SCC Workload Protection instance that has viewer / reader access to the App Config service and viewer access to the Enterprise service. [Learn more](https://cloud.ibm.com/docs/workload-protection?topic=workload-protection-about)." + description = "Enable Cloud Security Posture Management (CSPM) for the Workload Protection instance. This will create a trusted profile associated with the SCC Workload Protection instance that has viewer / reader access to the App Config service and viewer access to the Enterprise service. [Learn more](https://cloud.ibm.com/docs/workload-protection?topic=workload-protection-about)" type = bool default = true nullable = false From 80501845877b60951e026a986535843f62fc0e04 Mon Sep 17 00:00:00 2001 From: mounicatellabati <78633728+mounicatellabati@users.noreply.github.com> Date: Fri, 21 Nov 2025 19:35:56 +0530 Subject: [PATCH 2/8] Fix: CSPM variable description punctuation --- solutions/fully-configurable/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index dd6802b..e8fd619 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -141,7 +141,7 @@ variable "scc_workload_protection_service_plan" { ############################################################## variable "cspm_enabled" { - description = "Enable Cloud Security Posture Management (CSPM) for the Workload Protection instance. This will create a trusted profile associated with the SCC Workload Protection instance that has viewer / reader access to the App Config service and viewer access to the Enterprise service. [Learn more](https://cloud.ibm.com/docs/workload-protection?topic=workload-protection-about)" + description = "Enable Cloud Security Posture Management (CSPM) for the Workload Protection instance. This will create a trusted profile associated with the SCC Workload Protection instance that has viewer / reader access to the App Config service and viewer access to the Enterprise service. [Learn more](https://cloud.ibm.com/docs/workload-protection?topic=workload-protection-about)." type = bool default = true nullable = false From a14ef0541ba8a5e69feb10275010fa09571f117f Mon Sep 17 00:00:00 2001 From: mounicatellabati <78633728+mounicatellabati@users.noreply.github.com> Date: Fri, 21 Nov 2025 19:49:29 +0530 Subject: [PATCH 3/8] fix: added a code comment Add lifecycle ignore for cloud_monitoring_connected_instance. --- main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/main.tf b/main.tf index 4704119..4b24249 100644 --- a/main.tf +++ b/main.tf @@ -22,6 +22,7 @@ resource "ibm_resource_instance" "scc_wp" { parameters = { cloud_monitoring_connected_instance = var.cloud_monitoring_instance_crn } + # lifecycle ignores cloud_monitoring_conmected_instance as it can't change after scc-workload-protection instance connects. lifecycle { ignore_changes = [ parameters["cloud_monitoring_connected_instance"] # Lifecycle ignore is added for cloud_monitoring_connected_instance because once SCC Workload Protection is connected to the monitoring instance, this value cannot be modified. From e25a4bcf8e8208f833808752895bccba213492c1 Mon Sep 17 00:00:00 2001 From: mounicatellabati <78633728+mounicatellabati@users.noreply.github.com> Date: Fri, 21 Nov 2025 19:54:06 +0530 Subject: [PATCH 4/8] Fix: description punctuation in variables.tf --- solutions/fully-configurable/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index e8fd619..e00a8a9 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -18,7 +18,7 @@ variable "existing_monitoring_crn" { type = string nullable = true default = null - description = "To collect and analyze metrics and security data on hosts using both Monitoring and Workload Protection, pass the CRN of an existing IBM Cloud Monitoring instance to create the connection. Once the connection is created, the Monitoring instance CRN cannot be changed. [Learn more](https://cloud.ibm.com/docs/security-compliance?topic=security-compliance-known-issues&interface=ui)" + description = "To collect and analyze metrics and security data on hosts using both Monitoring and Workload Protection, pass the CRN of an existing IBM Cloud Monitoring instance to create the connection. Once the connection is created, the Monitoring instance CRN cannot be changed. [Learn more](https://cloud.ibm.com/docs/security-compliance?topic=security-compliance-known-issues&interface=ui)." validation { condition = anytrue([ From 8dd3ffccf19a4a104c2d04921dbf431b4da24ccc Mon Sep 17 00:00:00 2001 From: mounicatellabati <78633728+mounicatellabati@users.noreply.github.com> Date: Fri, 21 Nov 2025 20:06:08 +0530 Subject: [PATCH 5/8] fix: Remove comment from lifecycle ignore_changes --- main.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 4b24249..b4e0dfa 100644 --- a/main.tf +++ b/main.tf @@ -25,8 +25,7 @@ resource "ibm_resource_instance" "scc_wp" { # lifecycle ignores cloud_monitoring_conmected_instance as it can't change after scc-workload-protection instance connects. lifecycle { ignore_changes = [ - parameters["cloud_monitoring_connected_instance"] # Lifecycle ignore is added for cloud_monitoring_connected_instance because once SCC Workload Protection is connected to the monitoring instance, this value cannot be modified. - + parameters["cloud_monitoring_connected_instance"] ] } } From ba70822a09891f71a6aaf13a50da0dcdb69c22f5 Mon Sep 17 00:00:00 2001 From: mounicatellabati <78633728+mounicatellabati@users.noreply.github.com> Date: Wed, 26 Nov 2025 12:44:41 +0530 Subject: [PATCH 6/8] fix: "fixed" From cb181e32b1c4ee9a473e06a0ac5e783842cb871a Mon Sep 17 00:00:00 2001 From: raagamounica Date: Wed, 26 Nov 2025 15:05:44 +0530 Subject: [PATCH 7/8] fix: indentation issues --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index bf65709..fbedbaf 100644 --- a/main.tf +++ b/main.tf @@ -25,7 +25,7 @@ resource "ibm_resource_instance" "scc_wp" { # lifecycle ignores cloud_monitoring_conmected_instance as it can't change after scc-workload-protection instance connects. lifecycle { ignore_changes = [ - parameters["cloud_monitoring_connected_instance"] + parameters["cloud_monitoring_connected_instance"] ] } } From 502dde6dfe747c795ee2d8d9fbc2d1b6399a83e5 Mon Sep 17 00:00:00 2001 From: mounicatellabati <78633728+mounicatellabati@users.noreply.github.com> Date: Wed, 26 Nov 2025 17:33:14 +0530 Subject: [PATCH 8/8] fix: Update description for existing_monitoring_crn variable Removed the external link from the description of the existing_monitoring_crn variable. --- solutions/fully-configurable/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index e00a8a9..8d1b6f5 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -18,7 +18,7 @@ variable "existing_monitoring_crn" { type = string nullable = true default = null - description = "To collect and analyze metrics and security data on hosts using both Monitoring and Workload Protection, pass the CRN of an existing IBM Cloud Monitoring instance to create the connection. Once the connection is created, the Monitoring instance CRN cannot be changed. [Learn more](https://cloud.ibm.com/docs/security-compliance?topic=security-compliance-known-issues&interface=ui)." + description = "To collect and analyze metrics and security data on hosts using both Monitoring and Workload Protection, pass the CRN of an existing IBM Cloud Monitoring instance to create the connection. Once the connection is created, the Monitoring instance CRN cannot be changed." validation { condition = anytrue([