add missing skip_iam_authorization_policy

ocofaigh · ocofaigh · commit 6f9b280e7766 · 2025-04-02T10:38:11.000+01:00
diff --git a/ibm_catalog.json b/ibm_catalog.json
@@ -171,6 +171,9 @@
                 }
               ]
             },
+            {
+              "key": "skip_iam_authorization_policy"
+            },
             {
               "key": "iam_engine_enabled"
             },
diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
@@ -191,6 +191,7 @@ module "secrets_manager" {
   existing_en_instance_crn         = var.existing_event_notifications_instance_crn
   skip_en_iam_authorization_policy = var.skip_event_notifications_iam_authorization_policy
   cbr_rules                        = var.cbr_rules
+  skip_iam_authorization_policy    = var.skip_iam_authorization_policy
 }
 
 # Configure an IBM Secrets Manager IAM credentials engine for an existing IBM Secrets Manager instance.
diff --git a/solutions/standard/variables.tf b/solutions/standard/variables.tf
@@ -154,15 +154,21 @@ variable "private_cert_engine_config_template_name" {
 # IAM engine config
 ########################################################################################################################
 
+variable "skip_iam_authorization_policy" {
+  type        = bool
+  description = "Whether to skip the creation of the IAM authorization policies required to enable the IAM credentials engine. If set to false, policies will be created that grants the Secrets Manager instance 'Operator' access to the IAM identity service, and 'Groups Service Member Manage' access to the IAM groups service."
+  default     = false
+}
+
 variable "iam_engine_enabled" {
   type        = bool
-  description = "Set this to true to to configure a Secrets Manager IAM credentials engine. If set to false, no IAM engine will be configured for your instance."
+  description = "(LEGACY - recommend to use `skip_iam_authorization_policy` instead). Set this to true to to configure a Secrets Manager IAM credentials engine. If set to false, no IAM engine will be configured for your instance."
   default     = false
 }
 
 variable "iam_engine_name" {
   type        = string
-  description = "The name of the IAM engine used to configure a Secrets Manager IAM credentials engine. If the prefix input variable is passed it is attached before the value in the format of '<prefix>-value'."
+  description = "(LEGACY - recommend to use `skip_iam_authorization_policy` instead). The name of the IAM engine used to configure a Secrets Manager IAM credentials engine. If the prefix input variable is passed it is attached before the value in the format of '<prefix>-value'."
   default     = "iam-engine"
 }
 

Original file line number	Diff line number	Diff line change
`@@ -171,6 +171,9 @@`
`171`	`171`	`}`
`172`	`172`	`]`
`173`	`173`	`},`
	`174`	`+ {`
	`175`	`+ "key": "skip_iam_authorization_policy"`
	`176`	`+ },`
`174`	`177`	`{`
`175`	`178`	`"key": "iam_engine_enabled"`
`176`	`179`	`},`
Original file line number	Diff line number	Diff line change
`@@ -191,6 +191,7 @@ module "secrets_manager" {`
`191`	`191`	`existing_en_instance_crn = var.existing_event_notifications_instance_crn`
`192`	`192`	`skip_en_iam_authorization_policy = var.skip_event_notifications_iam_authorization_policy`
`193`	`193`	`cbr_rules = var.cbr_rules`
	`194`	`+ skip_iam_authorization_policy = var.skip_iam_authorization_policy`
`194`	`195`	`}`
`195`	`196`
`196`	`197`	`# Configure an IBM Secrets Manager IAM credentials engine for an existing IBM Secrets Manager instance.`