From 731d6e7a1bbaedc651947fea82626d4e9565bd09 Mon Sep 17 00:00:00 2001 From: shemau Date: Fri, 1 Nov 2024 14:06:04 +0000 Subject: [PATCH] fix(deps): bump secrets manager, CBR and IBM provider --- README.md | 2 +- examples/api_key_auth/main.tf | 8 +++++++- examples/api_key_auth/version.tf | 2 +- examples/iam_auth/main.tf | 2 +- examples/iam_auth/version.tf | 2 +- tests/pr_test.go | 35 +++++++++++++++++++++++++++----- version.tf | 2 +- 7 files changed, 42 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index b87b969..5e31583 100644 --- a/README.md +++ b/README.md @@ -163,7 +163,7 @@ You need the following permissions to run this module. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0 | -| [ibm](#requirement\_ibm) | >= 1.54.0, < 2.0.0 | +| [ibm](#requirement\_ibm) | >= 1.70.0, < 2.0.0 | | [time](#requirement\_time) | >= 0.9.1, < 1.0.0 | ### Modules diff --git a/examples/api_key_auth/main.tf b/examples/api_key_auth/main.tf index 5eee1a5..e1d6d68 100644 --- a/examples/api_key_auth/main.tf +++ b/examples/api_key_auth/main.tf @@ -13,12 +13,14 @@ module "resource_group" { module "secrets_manager" { source = "terraform-ibm-modules/secrets-manager/ibm" - version = "1.18.8" + version = "1.18.12" resource_group_id = module.resource_group.resource_group_id region = var.region secrets_manager_name = "${var.prefix}-secrets-manager" #tfsec:ignore:general-secrets-no-plaintext-exposure sm_service_plan = "trial" sm_tags = var.resource_tags + allowed_network = "private-only" + endpoint_type = "private" } # Best practise, use the secrets manager secret group module to create a secret group @@ -29,6 +31,7 @@ module "secrets_manager_secret_group" { secrets_manager_guid = module.secrets_manager.secrets_manager_guid secret_group_name = "${var.prefix}-certificates-secret-group" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value secret_group_description = "secret group used for public certificates" #tfsec:ignore:general-secrets-no-plaintext-exposure + endpoint_type = "private" } locals { @@ -52,6 +55,7 @@ module "public_secret_engine" { private_key_secrets_manager_instance_guid = var.private_key_secrets_manager_instance_guid private_key_secrets_manager_secret_id = var.private_key_secrets_manager_secret_id private_key_secrets_manager_region = var.private_key_secrets_manager_region + service_endpoints = "private" } # TODO: Uncomment the following block once the certificate module is published @@ -72,4 +76,6 @@ module "secrets_manager_public_certificate" { secrets_manager_guid = module.secrets_manager.secrets_manager_guid secrets_manager_region = var.region + + service_endpoints = "private" } diff --git a/examples/api_key_auth/version.tf b/examples/api_key_auth/version.tf index 5f6db1b..0037975 100644 --- a/examples/api_key_auth/version.tf +++ b/examples/api_key_auth/version.tf @@ -4,7 +4,7 @@ terraform { # Pin to the lowest provider version of the range defined in the main module to ensure lowest version still works ibm = { source = "IBM-Cloud/ibm" - version = ">= 1.54.0" + version = ">= 1.70.0" } } } diff --git a/examples/iam_auth/main.tf b/examples/iam_auth/main.tf index bd480d8..6898147 100644 --- a/examples/iam_auth/main.tf +++ b/examples/iam_auth/main.tf @@ -13,7 +13,7 @@ module "resource_group" { module "secrets_manager" { source = "terraform-ibm-modules/secrets-manager/ibm" - version = "1.18.8" + version = "1.18.12" resource_group_id = module.resource_group.resource_group_id region = var.region secrets_manager_name = "${var.prefix}-secrets-manager" #tfsec:ignore:general-secrets-no-plaintext-exposure diff --git a/examples/iam_auth/version.tf b/examples/iam_auth/version.tf index 5f6db1b..0037975 100644 --- a/examples/iam_auth/version.tf +++ b/examples/iam_auth/version.tf @@ -4,7 +4,7 @@ terraform { # Pin to the lowest provider version of the range defined in the main module to ensure lowest version still works ibm = { source = "IBM-Cloud/ibm" - version = ">= 1.54.0" + version = ">= 1.70.0" } } } diff --git a/tests/pr_test.go b/tests/pr_test.go index c401415..46e0f84 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -9,6 +9,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/common" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testhelper" + "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testschematic" ) // Define a struct with fields that match the structure of the YAML data @@ -21,6 +22,7 @@ const resourceGroup = "geretain-test-sm-pub-cert-eng" const keyExampleTerraformDir = "examples/api_key_auth" const IAMExampleTerraformDir = "examples/iam_auth" +const bestRegionYAMLPath = "../common-dev-assets/common-go-assets/cloudinfo-region-secmgr-prefs.yaml" // TestMain will be run before any parallel tests, used to read data from yaml for use with tests func TestMain(m *testing.M) { @@ -45,20 +47,43 @@ func setupOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptio "private_key_secrets_manager_secret_id": permanentResources["acme_letsencrypt_private_key_secret_id"], "private_key_secrets_manager_region": permanentResources["acme_letsencrypt_private_key_sm_region"], }, - BestRegionYAMLPath: "../common-dev-assets/common-go-assets/cloudinfo-region-secmgr-prefs.yaml", + BestRegionYAMLPath: bestRegionYAMLPath, }) return options } -func TestRunAPIKeyExample(t *testing.T) { +func TestPrivateInSchematics(t *testing.T) { t.Parallel() - options := setupOptions(t, "sm-public-cert-eng", keyExampleTerraformDir) + options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ + Testing: t, + Prefix: "sm-pub-crt-eng-prv", + TarIncludePatterns: []string{ + "*.tf", + keyExampleTerraformDir + "/*.tf", + }, + ResourceGroup: resourceGroup, + TemplateFolder: keyExampleTerraformDir, + Tags: []string{"test-schematic"}, + DeleteWorkspaceOnFail: false, + WaitJobCompleteMinutes: 80, + BestRegionYAMLPath: bestRegionYAMLPath, + }) - output, err := options.RunTestConsistency() + options.TerraformVars = []testschematic.TestSchematicTerraformVar{ + {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, + {Name: "resource_tags", Value: options.Tags, DataType: "list(string)"}, + {Name: "region", Value: options.Region, DataType: "string"}, + {Name: "prefix", Value: options.Prefix, DataType: "string"}, + {Name: "cis_id", Value: permanentResources["cisInstanceId"], DataType: "string"}, + {Name: "private_key_secrets_manager_instance_guid", Value: permanentResources["acme_letsencrypt_private_key_sm_id"], DataType: "string"}, + {Name: "private_key_secrets_manager_secret_id", Value: permanentResources["acme_letsencrypt_private_key_secret_id"], DataType: "string"}, + {Name: "private_key_secrets_manager_region", Value: permanentResources["acme_letsencrypt_private_key_sm_region"], DataType: "string"}, + } + + err := options.RunSchematicTest() assert.Nil(t, err, "This should not have errored") - assert.NotNil(t, output, "Expected some output") } func TestRunIAMExample(t *testing.T) { diff --git a/version.tf b/version.tf index 3b03a3a..becb082 100644 --- a/version.tf +++ b/version.tf @@ -4,7 +4,7 @@ terraform { # Use "greater than or equal to" range in modules ibm = { source = "IBM-Cloud/ibm" - version = ">= 1.54.0, < 2.0.0" + version = ">= 1.70.0, < 2.0.0" configuration_aliases = [ibm, ibm.secret-store] } time = {