fix: update policies (#511)

huayuenh · web-flow · commit 44204d994482 · 2024-11-15T14:57:13.000Z
diff --git a/main.tf b/main.tf
@@ -994,7 +994,7 @@ module "devsecops_cc_toolchain" {
 # Random string for webhook token
 resource "random_string" "webhook_secret" {
   count      = (var.autostart) ? 1 : 0
-  depends_on = [module.devsecops_ci_toolchain[0].ci_pipeline_id, module.devsecops_ci_toolchain[0].app_repo_url]
+  depends_on = [module.devsecops_ci_toolchain[0].ci_pipeline_id, module.devsecops_ci_toolchain[0].app_repo_url, module.prereqs]
   length     = 48
   special    = false
   upper      = false
diff --git a/prereqs/main.tf b/prereqs/main.tf
@@ -106,19 +106,18 @@ resource "ibm_iam_service_policy" "cd_policy" {
 resource "ibm_iam_service_policy" "kube_policy" {
   count          = ((var.create_kubernetes_access_policy == true) && (local.create_pipeline_api_key == true)) ? 1 : 0
   iam_service_id = ibm_iam_service_id.pipeline_service_id[0].id
-  roles          = ["Editor"]
+  roles          = ["Manager", "Editor"]
   resources {
-    service           = "kubernetes"
-    resource_group_id = data.ibm_resource_group.resource_group.id
+    service = "containers-kubernetes"
   }
 }
 
 resource "ibm_iam_service_policy" "ce_policy" {
   count          = ((var.create_code_engine_access_policy) && (local.create_pipeline_api_key == true)) ? 1 : 0
   iam_service_id = ibm_iam_service_id.pipeline_service_id[0].id
-  roles          = ["Editor"]
+  roles          = ["Manager", "Editor"]
   resources {
-    service           = "code-engine"
+    service           = "codeengine"
     resource_group_id = data.ibm_resource_group.resource_group.id
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -106,19 +106,18 @@ resource "ibm_iam_service_policy" "cd_policy" {`
`106`	`106`	`resource "ibm_iam_service_policy" "kube_policy" {`
`107`	`107`	`count = ((var.create_kubernetes_access_policy == true) && (local.create_pipeline_api_key == true)) ? 1 : 0`
`108`	`108`	`iam_service_id = ibm_iam_service_id.pipeline_service_id[0].id`
`109`		`- roles = ["Editor"]`
	`109`	`+ roles = ["Manager", "Editor"]`
`110`	`110`	`resources {`
`111`		`- service = "kubernetes"`
`112`		`- resource_group_id = data.ibm_resource_group.resource_group.id`
	`111`	`+ service = "containers-kubernetes"`
`113`	`112`	`}`
`114`	`113`	`}`
`115`	`114`
`116`	`115`	`resource "ibm_iam_service_policy" "ce_policy" {`
`117`	`116`	`count = ((var.create_code_engine_access_policy) && (local.create_pipeline_api_key == true)) ? 1 : 0`
`118`	`117`	`iam_service_id = ibm_iam_service_id.pipeline_service_id[0].id`
`119`		`- roles = ["Editor"]`
	`118`	`+ roles = ["Manager", "Editor"]`
`120`	`119`	`resources {`
`121`		`- service = "code-engine"`
	`120`	`+ service = "codeengine"`
`122`	`121`	`resource_group_id = data.ibm_resource_group.resource_group.id`
`123`	`122`	`}`
`124`	`123`	`}`