fix: updated the Secrets Manager instance to provision with public and private endpoints enabled (#69)

Author: akocbek

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-06-13T19:58:20Z",
+  "generated_at": "2024-06-14T19:58:20Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

common-dev-assets

@@ -233,28 +233,37 @@
           ],
           "iam_permissions": [
             {
-              "role_crns": ["crn:v1:bluemix:public:iam::::serviceRole:Manager"],
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::serviceRole:Manager"
+              ],
               "service_name": "cloud-object-storage"
             },
             {
-              "role_crns": ["crn:v1:bluemix:public:iam::::serviceRole:Manager"],
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::serviceRole:Manager"
+              ],
               "service_name": "hs-crypto"
             },
             {
-              "role_crns": ["crn:v1:bluemix:public:iam::::role:Administrator"],
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Administrator"
+              ],
               "service_name": "iam-identity"
             },
             {
-              "role_crns": ["crn:v1:bluemix:public:iam::::serviceRole:Manager"],
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::serviceRole:Manager"
+              ],
               "service_name": "kms"
             },
             {
-              "role_crns": ["crn:v1:bluemix:public:iam::::role:Administrator"],
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Administrator"
+              ],
               "service_name": "is.vpc"
             }
           ],
           "architecture": {
-            "descriptions": "",
             "features": [
               {
                 "title": "Separate VPC for management",

ibm_catalog.json

@@ -47,17 +47,20 @@ module "sm_resource_group" {
 
 # Create a new SM instance if not using an existing one
 resource "ibm_resource_instance" "secrets_manager" {
+  provider          = ibm.ibm-sm
   count             = (var.use_sm && var.existing_sm_instance_guid == null) ? 1 : 0
   name              = "${var.prefix}-sm-instance"
   service           = "secrets-manager"
   plan              = var.sm_service_plan
   location          = local.sm_region
   resource_group_id = local.sm_rg_id
   tags              = var.resource_tags
+  parameters = {
+    "allowed_network" = "public-and-private"
+  }
   timeouts {
     create = "20m" # Extending provisioning time to 20 minutes
   }
-  provider = ibm.ibm-sm
 }
 
 # Configure private cert engine if provisioning a new SM instance

solutions/e2e/main.tf

@@ -28,11 +28,17 @@ func TestMain(m *testing.M) {
 	rsaKeyPair, _ := ssh.GenerateRSAKeyPairE(tSsh, 4096)
 	sshPublicKey := strings.TrimSuffix(rsaKeyPair.PublicKey, "\n") // removing trailing new lines
 	sshPrivateKey := "<<EOF\n" + rsaKeyPair.PrivateKey + "EOF"
-	os.Setenv("TF_VAR_ssh_key", sshPublicKey)
-	os.Setenv("TF_VAR_ssh_private_key", sshPrivateKey)
+	if err := os.Setenv("TF_VAR_ssh_key", sshPublicKey); err != nil {
+		tSsh.Fatalf("failed to set TF_VAR_ssh_key: %v", err) // pragma: allowlist secret
+	}
+	if err := os.Setenv("TF_VAR_ssh_private_key", sshPrivateKey); err != nil {
+		tSsh.Fatalf("failed to set TF_VAR_ssh_private_key: %v", err) // pragma: allowlist secret
+	}
 
 	// use trial instance for tests
-	os.Setenv("TF_VAR_sm_service_plan", "trial")
+	if err := os.Setenv("TF_VAR_sm_service_plan", "trial"); err != nil {
+		tSsh.Fatalf("failed to set TF_VAR_sm_service_plan: %v", err)
+	}
 	os.Exit(m.Run())
 }