diff --git a/common-dev-assets b/common-dev-assets
index 37f2eb4..191c3ec 160000
--- a/common-dev-assets
+++ b/common-dev-assets
@@ -1 +1 @@
-Subproject commit 37f2eb4d1f5286752b21be52d89e77ae1614570c
+Subproject commit 191c3ec328a8bc402b28104c9ed5249ee5fafab3
diff --git a/examples/all-combined/imagepull-apikey-secrets-manager/README.md b/examples/all-combined/imagepull-apikey-secrets-manager/README.md
index 49e9db4..2231f70 100644
--- a/examples/all-combined/imagepull-apikey-secrets-manager/README.md
+++ b/examples/all-combined/imagepull-apikey-secrets-manager/README.md
@@ -8,7 +8,7 @@ This module generate and store a service ID API key in IBM Cloud Secrets Manager
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= v1.0.0 |
-| [ibm](#requirement\_ibm) | >= 1.51.0, < 2.0.0 |
+| [ibm](#requirement\_ibm) | >= 1.83.0, < 2.0.0 |
| [time](#requirement\_time) | >= 0.9.1, < 1.0.0 |
### Modules
diff --git a/examples/all-combined/imagepull-apikey-secrets-manager/main.tf b/examples/all-combined/imagepull-apikey-secrets-manager/main.tf
index f3b8419..067395a 100644
--- a/examples/all-combined/imagepull-apikey-secrets-manager/main.tf
+++ b/examples/all-combined/imagepull-apikey-secrets-manager/main.tf
@@ -14,8 +14,8 @@ resource "ibm_iam_service_id" "image_secret_pull_service_id" {
resource "ibm_iam_service_policy" "cr_policy" {
- iam_service_id = ibm_iam_service_id.image_secret_pull_service_id.id
- roles = ["Reader"]
+ iam_id = ibm_iam_service_id.image_secret_pull_service_id.iam_id
+ roles = ["Reader"]
resources {
service = "container-registry"
diff --git a/examples/all-combined/imagepull-apikey-secrets-manager/version.tf b/examples/all-combined/imagepull-apikey-secrets-manager/version.tf
index 4f2be55..4c4e694 100644
--- a/examples/all-combined/imagepull-apikey-secrets-manager/version.tf
+++ b/examples/all-combined/imagepull-apikey-secrets-manager/version.tf
@@ -4,7 +4,7 @@ terraform {
# Use "greater than or equal to" range in modules
ibm = {
source = "IBM-Cloud/ibm"
- version = ">= 1.51.0, < 2.0.0"
+ version = ">= 1.83.0, < 2.0.0"
}
time = {
source = "hashicorp/time"
diff --git a/examples/all-combined/secretsmanager.tf b/examples/all-combined/secretsmanager.tf
index 991b709..d41dc18 100644
--- a/examples/all-combined/secretsmanager.tf
+++ b/examples/all-combined/secretsmanager.tf
@@ -72,8 +72,8 @@ resource "ibm_iam_service_id" "secret_puller" {
# Create policy to allow new service id to pull secrets from secrets manager
resource "ibm_iam_service_policy" "secret_puller_policy" {
- iam_service_id = ibm_iam_service_id.secret_puller.id
- roles = ["Viewer", "SecretsReader"]
+ iam_id = ibm_iam_service_id.secret_puller.iam_id
+ roles = ["Viewer", "SecretsReader"]
resources {
service = "secrets-manager"
diff --git a/examples/all-combined/version.tf b/examples/all-combined/version.tf
index 54a785c..de73d88 100644
--- a/examples/all-combined/version.tf
+++ b/examples/all-combined/version.tf
@@ -15,7 +15,7 @@ terraform {
}
ibm = {
source = "IBM-Cloud/ibm"
- version = ">= 1.62.0"
+ version = ">= 1.83.0"
}
null = {
source = "hashicorp/null"
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
index 791c04f..2da5cf0 100644
--- a/examples/basic/main.tf
+++ b/examples/basic/main.tf
@@ -290,8 +290,8 @@ resource "ibm_iam_service_id" "secret_puller" {
# Create policy to allow new service id to pull secrets from secrets manager
resource "ibm_iam_service_policy" "secret_puller_policy" {
- iam_service_id = ibm_iam_service_id.secret_puller.id
- roles = ["Viewer", "SecretsReader"]
+ iam_id = ibm_iam_service_id.secret_puller.iam_id
+ roles = ["Viewer", "SecretsReader"]
resources {
service = "secrets-manager"
diff --git a/examples/basic/version.tf b/examples/basic/version.tf
index f3de3ba..169c7b0 100644
--- a/examples/basic/version.tf
+++ b/examples/basic/version.tf
@@ -15,7 +15,7 @@ terraform {
}
ibm = {
source = "IBM-Cloud/ibm"
- version = "= 1.79.2"
+ version = "= 1.83.0"
}
null = {
source = "hashicorp/null"
diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf
index 755fdec..2d6329a 100644
--- a/solutions/fully-configurable/main.tf
+++ b/solutions/fully-configurable/main.tf
@@ -176,6 +176,29 @@ module "cluster_secrets_stores_account_secrets_groups" {
ibm = ibm.ibm-sm
}
}
+#data lookup for iam id
+data "ibm_iam_service_id" "existing_serviceid" {
+ for_each = {
+ for k, v in var.eso_secretsstores_configuration.cluster_secrets_stores :
+ k => v
+ if v.existing_serviceid_id != null && v.existing_serviceid_id != ""
+ }
+
+ name = each.value.serviceid_name
+
+}
+
+#data lookup for iam id
+data "ibm_iam_service_id" "existing_serviceid_secrets" {
+ for_each = {
+ for k, v in var.eso_secretsstores_configuration.secrets_stores :
+ k => v
+ if v.existing_serviceid_id != null && v.existing_serviceid_id != ""
+ }
+
+ name = each.value.serviceid_name
+
+}
locals {
# map of cluster secrets stores account secrets groups enriched with the created secrets groups details
@@ -252,7 +275,7 @@ locals {
for cluster_secrets_store_key, cluster_secrets_store in var.eso_secretsstores_configuration.cluster_secrets_stores :
cluster_secrets_store_key => {
# if the existing_serviceid_id is null it collects the service id created otherwise will use the existing one
- "accountServiceID" : (cluster_secrets_store.existing_serviceid_id == null || cluster_secrets_store.existing_serviceid_id == "") ? ibm_iam_service_id.cluster_secrets_stores_secret_puller[cluster_secrets_store_key].id : cluster_secrets_store.existing_serviceid_id
+ "accountServiceID" : (cluster_secrets_store.existing_serviceid_id == null || cluster_secrets_store.existing_serviceid_id == "") ? ibm_iam_service_id.cluster_secrets_stores_secret_puller[cluster_secrets_store_key].iam_id : data.ibm_iam_service_id.existing_serviceid[cluster_secrets_store_key].iam_id
"service_secrets_groups_IDs" : local.cluster_secrets_stores_service_secrets_groups_fulllist[cluster_secrets_store_key]
}
})
@@ -278,9 +301,9 @@ locals {
# Create policy to allow new service id to pull secrets from secrets manager
resource "ibm_iam_service_policy" "cluster_secrets_store_secrets_puller_policy" {
- for_each = local.cluster_secrets_stores_policies_to_create_map
- iam_service_id = each.value.accountServiceID
- roles = ["Viewer", "SecretsReader"]
+ for_each = local.cluster_secrets_stores_policies_to_create_map
+ iam_id = each.value.accountServiceID
+ roles = ["Viewer", "SecretsReader"]
resources {
service = "secrets-manager"
resource_instance_id = local.sm_guid
@@ -511,7 +534,7 @@ locals {
for secrets_store_key, secrets_store in var.eso_secretsstores_configuration.secrets_stores :
secrets_store_key => {
# if the existing_serviceid_id is null it collects the service id created otherwise will use the existing one
- "accountServiceID" : (secrets_store.existing_serviceid_id == null || secrets_store.existing_serviceid_id == "") ? ibm_iam_service_id.secrets_stores_secret_puller[secrets_store_key].id : secrets_store.existing_serviceid_id
+ "accountServiceID" : (secrets_store.existing_serviceid_id == null || secrets_store.existing_serviceid_id == "") ? ibm_iam_service_id.secrets_stores_secret_puller[secrets_store_key].iam_id : data.ibm_iam_service_id.existing_serviceid_secrets[secrets_store_key].iam_id
"service_secrets_groups_IDs" : local.secrets_stores_service_secrets_groups_fulllist[secrets_store_key]
}
})
@@ -537,9 +560,9 @@ locals {
# Create policy to allow new service id to pull secrets from secrets manager
resource "ibm_iam_service_policy" "secrets_store_secrets_puller_policy" {
- for_each = local.secrets_stores_policies_to_create_map
- iam_service_id = each.value.accountServiceID
- roles = ["Viewer", "SecretsReader"]
+ for_each = local.secrets_stores_policies_to_create_map
+ iam_id = each.value.accountServiceID
+ roles = ["Viewer", "SecretsReader"]
resources {
service = "secrets-manager"
resource_instance_id = local.sm_guid