terraform-ibm-modules · ocofaigh · Nov 4, 2024 · Nov 1, 2024 · Nov 4, 2024
@@ -163,7 +163,7 @@ You need the following permissions to run this module.
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.54.0, < 2.0.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.70.0, < 2.0.0 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.9.1, < 1.0.0 |
 
 ### Modules

@@ -19,6 +19,8 @@ module "secrets_manager" {
   secrets_manager_name = "${var.prefix}-secrets-manager" #tfsec:ignore:general-secrets-no-plaintext-exposure
   sm_service_plan      = "trial"
   sm_tags              = var.resource_tags
+  allowed_network      = "private-only"
+  endpoint_type        = "private"
 }
 
 # Best practise, use the secrets manager secret group module to create a secret group
@@ -29,6 +31,7 @@ module "secrets_manager_secret_group" {
   secrets_manager_guid     = module.secrets_manager.secrets_manager_guid
   secret_group_name        = "${var.prefix}-certificates-secret-group"   #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
   secret_group_description = "secret group used for public certificates" #tfsec:ignore:general-secrets-no-plaintext-exposure
+  endpoint_type            = "private"
 }
 
 locals {
@@ -52,6 +55,7 @@ module "public_secret_engine" {
   private_key_secrets_manager_instance_guid = var.private_key_secrets_manager_instance_guid
   private_key_secrets_manager_secret_id     = var.private_key_secrets_manager_secret_id
   private_key_secrets_manager_region        = var.private_key_secrets_manager_region
+  service_endpoints                         = "private"
 }
 
 # TODO: Uncomment the following block once the certificate module is published
@@ -72,4 +76,6 @@ module "secrets_manager_public_certificate" {
 
   secrets_manager_guid   = module.secrets_manager.secrets_manager_guid
   secrets_manager_region = var.region
+
+  service_endpoints = "private"
 }
@@ -4,7 +4,7 @@ terraform {
     # Pin to the lowest provider version of the range defined in the main module to ensure lowest version still works
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">= 1.54.0"
+      version = ">= 1.70.0"
     }
   }
 }
@@ -4,7 +4,7 @@ terraform {
     # Pin to the lowest provider version of the range defined in the main module to ensure lowest version still works
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">= 1.54.0"
+      version = ">= 1.70.0"
     }
   }
 }
@@ -9,6 +9,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/common"
 	"github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testhelper"
+	"github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testschematic"
 )
 
 // Define a struct with fields that match the structure of the YAML data
@@ -21,6 +22,7 @@ const resourceGroup = "geretain-test-sm-pub-cert-eng"
 
 const keyExampleTerraformDir = "examples/api_key_auth"
 const IAMExampleTerraformDir = "examples/iam_auth"
+const bestRegionYAMLPath = "../common-dev-assets/common-go-assets/cloudinfo-region-secmgr-prefs.yaml"
 
 // TestMain will be run before any parallel tests, used to read data from yaml for use with tests
 func TestMain(m *testing.M) {
@@ -45,20 +47,43 @@ func setupOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptio
 			"private_key_secrets_manager_secret_id":     permanentResources["acme_letsencrypt_private_key_secret_id"],
 			"private_key_secrets_manager_region":        permanentResources["acme_letsencrypt_private_key_sm_region"],
 		},
-		BestRegionYAMLPath: "../common-dev-assets/common-go-assets/cloudinfo-region-secmgr-prefs.yaml",
+		BestRegionYAMLPath: bestRegionYAMLPath,
 	})
 
 	return options
 }
 
-func TestRunAPIKeyExample(t *testing.T) {
+func TestPrivateInSchematics(t *testing.T) {
 	t.Parallel()
 
-	options := setupOptions(t, "sm-public-cert-eng", keyExampleTerraformDir)
+	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
+		Testing: t,
+		Prefix:  "sm-pub-crt-eng-prv",
+		TarIncludePatterns: []string{
+			"*.tf",
+			keyExampleTerraformDir + "/*.tf",
+		},
+		ResourceGroup:          resourceGroup,
+		TemplateFolder:         keyExampleTerraformDir,
+		Tags:                   []string{"test-schematic"},
+		DeleteWorkspaceOnFail:  false,
+		WaitJobCompleteMinutes: 80,
+		BestRegionYAMLPath:     bestRegionYAMLPath,
+	})
 
-	output, err := options.RunTestConsistency()
+	options.TerraformVars = []testschematic.TestSchematicTerraformVar{
+		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
+		{Name: "resource_tags", Value: options.Tags, DataType: "list(string)"},
+		{Name: "region", Value: options.Region, DataType: "string"},
+		{Name: "prefix", Value: options.Prefix, DataType: "string"},
+		{Name: "cis_id", Value: permanentResources["cisInstanceId"], DataType: "string"},
+		{Name: "private_key_secrets_manager_instance_guid", Value: permanentResources["acme_letsencrypt_private_key_sm_id"], DataType: "string"},
+		{Name: "private_key_secrets_manager_secret_id", Value: permanentResources["acme_letsencrypt_private_key_secret_id"], DataType: "string"},
+		{Name: "private_key_secrets_manager_region", Value: permanentResources["acme_letsencrypt_private_key_sm_region"], DataType: "string"},
+	}
+
+	err := options.RunSchematicTest()
 	assert.Nil(t, err, "This should not have errored")
-	assert.NotNil(t, output, "Expected some output")
 }
 
 func TestRunIAMExample(t *testing.T) {

@@ -4,7 +4,7 @@ terraform {
     # Use "greater than or equal to" range in modules
     ibm = {
       source                = "IBM-Cloud/ibm"
-      version               = ">= 1.54.0, < 2.0.0"
+      version               = ">= 1.70.0, < 2.0.0"
       configuration_aliases = [ibm, ibm.secret-store]
     }
     time = {