Merge branch 'main' into 11571-issue

arya-girish-k · web-flow · commit 9dde2ad2e4fc · 2025-05-07T08:12:57.000+05:30
diff --git a/README.md b/README.md
diff --git a/bastion_host.tf b/bastion_host.tf
@@ -42,7 +42,7 @@ module "teleport_config" {
 
 module "bastion_host" {
   source                          = "terraform-ibm-modules/landing-zone-vsi/ibm"
-  version                         = "4.6.0"
+  version                         = "4.7.1"
   for_each                        = local.bastion_vsi_map
   resource_group_id               = each.value.resource_group == null ? null : local.resource_groups[each.value.resource_group]
   create_security_group           = each.value.security_group == null ? false : true
diff --git a/cbr.tf b/cbr.tf
@@ -3,7 +3,7 @@
 ##############################################################################
 module "update_cbr_vpc_zone" {
   source                = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module"
-  version               = "1.29.0"
+  version               = "1.31.0"
   count                 = var.existing_vpc_cbr_zone_id != null ? 1 : 0
   use_existing_cbr_zone = true
   existing_zone_id      = var.existing_vpc_cbr_zone_id
diff --git a/cluster.tf b/cluster.tf
@@ -244,7 +244,7 @@ module "cluster" {
     if cluster.kube_type == "openshift"
   }
   source             = "terraform-ibm-modules/base-ocp-vpc/ibm"
-  version            = "3.44.0"
+  version            = "3.46.14"
   resource_group_id  = local.resource_groups[each.value.resource_group]
   region             = var.region
   cluster_name       = each.value.cluster_name
diff --git a/examples/one-vpc-one-vsi/version.tf b/examples/one-vpc-one-vsi/version.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.76.3"
+      version = "1.78.0"
     }
   }
 }
diff --git a/examples/override-example/version.tf b/examples/override-example/version.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.76.3"
+      version = "1.78.0"
     }
   }
 }
diff --git a/f5_vsi.tf b/f5_vsi.tf
@@ -117,7 +117,7 @@ locals {
 
 module "f5_vsi" {
   source                        = "terraform-ibm-modules/landing-zone-vsi/ibm"
-  version                       = "4.6.0"
+  version                       = "4.7.1"
   for_each                      = local.f5_vsi_map
   resource_group_id             = each.value.resource_group == null ? null : local.resource_groups[each.value.resource_group]
   create_security_group         = each.value.security_group == null ? false : true
diff --git a/main.tf b/main.tf
@@ -33,7 +33,7 @@ locals {
 # Due to existing implicit dependencies we do not think this will be an issue, including auth policies for activity tracker.
 module "vpc" {
   source                      = "terraform-ibm-modules/landing-zone-vpc/ibm"
-  version                     = "7.22.8"
+  version                     = "7.23.5"
   for_each                    = local.vpc_map
   name                        = each.value.prefix
   existing_vpc_id             = each.value.existing_vpc_id
diff --git a/patterns/DA-cbr-tutorial.md b/patterns/DA-cbr-tutorial.md
@@ -0,0 +1,64 @@
+
+# Configuring Landing Zone with Cloud automation for account configuration to create CBR VPC Zone
+
+This tutorial provides step-by-step instructions for using the [Cloud automation for account configuration](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-account-infra-base-63641cec-6093-4b4f-b7b0-98d2f4185cd6-global?kind=terraform&format=terraform&version=93c7f855-881d-459b-8999-4567a4883f57-global) to provision a [Context-Based Restriction (CBR)](https://cloud.ibm.com/docs/account?topic=account-context-restrictions-whatis) VPC network [zone](https://cloud.ibm.com/docs/account?topic=account-context-restrictions-whatis#network-zones-whatis) and to configure `existing_vpc_cbr_zone_id` to add VPCs created by [Red Hat OpenShift Container Platform on VPC landing zone](https://cloud.ibm.com/catalog/architecture/deploy-arch-ibm-slz-ocp-95fccffc-ae3b-42df-b6d9-80be5914d852-global), a [VPC landing zone](https://cloud.ibm.com/catalog/architecture/deploy-arch-ibm-slz-vpc-9fc0fa64-27af-4fed-9dce-47b3640ba739-global), or a [VSI on VPC landing zone](https://cloud.ibm.com/catalog/architecture/deploy-arch-ibm-slz-vsi-ef663980-4c71-4fac-af4f-4a510a9bcf68-global) to the [CBR VPC network zone](https://cloud.ibm.com/docs/account?topic=account-context-restrictions-whatis#vpc-attribute). The Cloud automation for account configuration creates a predefined network zones (a zone for each [service](https://github.com/terraform-ibm-modules/terraform-ibm-cbr/blob/main/modules/fscloud/README.md#input_zone_service_ref_list)) and a [VPC zone](https://github.com/terraform-ibm-modules/terraform-ibm-cbr/blob/main/modules/fscloud/README.md#input_zone_vpc_crn_list), and the objective of this tutorial is to add the VPCs created and managed by landing zone automation to the predefined [CBR VPC zone]((https://github.com/terraform-ibm-modules/terraform-ibm-cbr/blob/main/modules/fscloud/README.md#input_zone_vpc_crn_list)).
+
+## Prerequisites
+- The Editor role on the [Projects]((https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understanding-projects)) service
+- The Editor and Manager role on the [Schematics](https://cloud.ibm.com/docs/schematics) service
+- The Viewer role on the resource group for the project
+
+For more information, see [Assigning users access to projects](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-access-project).
+
+## Step 1: Deploy the Cloud automation for account configuration
+
+1. Navigate to the IBM Cloud Catalog using this URL:
+   [Cloud automation for account configuration](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-account-infra-base-63641cec-6093-4b4f-b7b0-98d2f4185cd6-global?kind=terraform&format=terraform&version=93c7f855-881d-459b-8999-4567a4883f57-global)
+
+2. Click on **Add to [project](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understanding-projects)** to start the deployment process
+
+3. Configure the deployment parameters:
+   - Enter the name for the project
+   - Enter the description (optional)
+   - Enter the configuration name
+   - Select the region
+   - Select the resource group
+
+4. Review your configuration and click **Create**
+
+5. Configure the required variables present under **security**, **required** and **optional** sections.
+
+6. Click on deploy.
+
+## Step 2: Retrieve the CBR VPC Zone ID
+
+To access the **CBR VPC Zone ID**, which becomes available as an output after the Account Base DA deployment completes -
+
+1. Navigate to **Account Infrastructure Base** deployment and select the configuration as shown in the reference image below.
+
+   ![Projects Account Infrastructure Base Deployment](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/infra-base-deployed.png)
+
+2. In the **outputs** section, locate the output variable named `cbr_map_vpc_zoneid` and copy the `zone_id` value as illustrated below.
+
+   ![Projects Account Infrastructure Base Deployment CBR Zone VPC ID Output](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/infra-base-cbr-vpc-zone-id.png)
+
+## Step 3:  Configure Landing Zone with the CBR Zone ID
+
+To properly configure landing zone with the retrieved CBR Zone ID -
+
+1. Select the appropriate landing zone automation from one of the following options:
+   - [Red Hat OpenShift Container Platform on VPC landing zone](https://cloud.ibm.com/catalog/architecture/deploy-arch-ibm-slz-ocp-95fccffc-ae3b-42df-b6d9-80be5914d852-global)
+   - [VPC landing zone](https://cloud.ibm.com/catalog/architecture/deploy-arch-ibm-slz-vpc-9fc0fa64-27af-4fed-9dce-47b3640ba739-global)
+   - [VSI on VPC landing zone](https://cloud.ibm.com/catalog/architecture/deploy-arch-ibm-slz-vsi-ef663980-4c71-4fac-af4f-4a510a9bcf68-global)
+
+2. Configure the required variables present under **security**, **required** and **optional** sections.
+
+3. Within the **optional** section, locate the field labeled `existing_vpc_cbr_zone_id` and paste the `zone_id` value copied in step 2, as shown below.
+
+   ![Adding CBR VPC Zone ID](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/existing_vpc_cbr_zone_id.png)
+
+4. Click on deploy.
+
+5. Once deployed, CBR VPC zone will contain the required VPCs IDs as shown below.
+
+   ![CBR VPC zone containing required VPC IDs](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/cbr-vpc-zone.png)
diff --git a/patterns/mixed/versions.tf b/patterns/mixed/versions.tf
@@ -8,11 +8,11 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.76.3"
+      version = "1.78.0"
     }
     external = {
       source  = "hashicorp/external"
-      version = "2.3.4"
+      version = "2.3.5"
     }
   }
 }
diff --git a/patterns/roks-quickstart/version.tf b/patterns/roks-quickstart/version.tf
@@ -4,7 +4,7 @@ terraform {
     # renovate is set up to keep provider version at the latest for all DA solutions
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.76.3"
+      version = "1.78.0"
     }
   }
 }
diff --git a/patterns/roks/module/versions.tf b/patterns/roks/module/versions.tf
@@ -9,11 +9,11 @@ terraform {
     # tflint-ignore: terraform_unused_required_providers
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">= 1.76.3"
+      version = ">= 1.78.0"
     }
     external = {
       source  = "hashicorp/external"
-      version = ">= 2.3.4"
+      version = ">= 2.3.5"
     }
   }
 }
diff --git a/patterns/roks/variables.tf b/patterns/roks/variables.tf
@@ -696,7 +696,7 @@ variable "IC_SCHEMATICS_WORKSPACE_ID" {
 ##############################################################################
 variable "existing_vpc_cbr_zone_id" {
   type        = string
-  description = "ID of the existing CBR (Context-based restrictions) network zone, with context set to the VPC. This zone is used in a CBR rule, which allows traffic to flow only from the landing zone VPCs to specific cloud services."
+  description = "ID of the existing CBR (Context-based restrictions) network zone, with context set to the VPC. This zone is used in a CBR rule, which allows traffic to flow only from the landing zone VPCs to specific cloud services. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/DA-cbr-tutorial.md)."
   default     = null
 }
 
diff --git a/patterns/roks/versions.tf b/patterns/roks/versions.tf
@@ -8,12 +8,12 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.76.3"
+      version = "1.78.0"
     }
     # tflint-ignore: terraform_unused_required_providers
     external = {
       source  = "hashicorp/external"
-      version = "2.3.4"
+      version = "2.3.5"
     }
   }
 }
diff --git a/patterns/vpc/module/version.tf b/patterns/vpc/module/version.tf
@@ -9,11 +9,11 @@ terraform {
     # tflint-ignore: terraform_unused_required_providers
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">= 1.76.3"
+      version = ">= 1.78.0"
     }
     external = {
       source  = "hashicorp/external"
-      version = ">= 2.3.4"
+      version = ">= 2.3.5"
     }
   }
 }
diff --git a/patterns/vpc/variables.tf b/patterns/vpc/variables.tf
@@ -487,7 +487,7 @@ variable "IC_SCHEMATICS_WORKSPACE_ID" {
 ##############################################################################
 variable "existing_vpc_cbr_zone_id" {
   type        = string
-  description = "ID of the existing CBR (Context-based restrictions) network zone, with context set to the VPC. This zone is used in a CBR rule, which allows traffic to flow only from the landing zone VPCs to specific cloud services."
+  description = "ID of the existing CBR (Context-based restrictions) network zone, with context set to the VPC. This zone is used in a CBR rule, which allows traffic to flow only from the landing zone VPCs to specific cloud services. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/DA-cbr-tutorial.md)."
   default     = null
 }
 
diff --git a/patterns/vpc/version.tf b/patterns/vpc/version.tf
@@ -8,12 +8,12 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.76.3"
+      version = "1.78.0"
     }
     # tflint-ignore: terraform_unused_required_providers
     external = {
       source  = "hashicorp/external"
-      version = "2.3.4"
+      version = "2.3.5"
     }
   }
 }
diff --git a/patterns/vsi-extension/main.tf b/patterns/vsi-extension/main.tf
@@ -45,7 +45,7 @@ locals {
 
 module "vsi" {
   source                          = "terraform-ibm-modules/landing-zone-vsi/ibm"
-  version                         = "4.6.0"
+  version                         = "4.7.1"
   resource_group_id               = data.ibm_is_vpc.vpc_by_id.resource_group
   create_security_group           = true
   prefix                          = "${var.prefix}-vsi"
diff --git a/patterns/vsi-extension/version.tf b/patterns/vsi-extension/version.tf
@@ -8,12 +8,12 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.76.3"
+      version = "1.78.0"
     }
     # tflint-ignore: terraform_unused_required_providers
     external = {
       source  = "hashicorp/external"
-      version = "2.3.4"
+      version = "2.3.5"
     }
   }
 }
diff --git a/patterns/vsi-quickstart/version.tf b/patterns/vsi-quickstart/version.tf
@@ -4,7 +4,7 @@ terraform {
     # renovate is set up to keep provider version at the latest for all DA solutions
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.76.3"
+      version = "1.78.0"
     }
   }
 }
diff --git a/patterns/vsi/module/versions.tf b/patterns/vsi/module/versions.tf
@@ -9,11 +9,11 @@ terraform {
     # tflint-ignore: terraform_unused_required_providers
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">= 1.76.3"
+      version = ">= 1.78.0"
     }
     external = {
       source  = "hashicorp/external"
-      version = ">= 2.3.4"
+      version = ">= 2.3.5"
     }
   }
 }
diff --git a/patterns/vsi/variables.tf b/patterns/vsi/variables.tf
@@ -535,7 +535,7 @@ variable "IC_SCHEMATICS_WORKSPACE_ID" {
 
 variable "existing_vpc_cbr_zone_id" {
   type        = string
-  description = "ID of the existing CBR (Context-based restrictions) network zone, with context set to the VPC. This zone is used in a CBR rule, which allows traffic to flow only from the landing zone VPCs to specific cloud services."
+  description = "ID of the existing CBR (Context-based restrictions) network zone, with context set to the VPC. This zone is used in a CBR rule, which allows traffic to flow only from the landing zone VPCs to specific cloud services. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/DA-cbr-tutorial.md)."
   default     = null
 }
 
diff --git a/patterns/vsi/versions.tf b/patterns/vsi/versions.tf
@@ -8,12 +8,12 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.76.3"
+      version = "1.78.0"
     }
     # tflint-ignore: terraform_unused_required_providers
     external = {
       source  = "hashicorp/external"
-      version = "2.3.4"
+      version = "2.3.5"
     }
   }
 }
diff --git a/reference-architectures/cbr-vpc-zone.png b/reference-architectures/cbr-vpc-zone.png
diff --git a/reference-architectures/existing_vpc_cbr_zone_id.png b/reference-architectures/existing_vpc_cbr_zone_id.png
diff --git a/reference-architectures/infra-base-cbr-vpc-zone-id.png b/reference-architectures/infra-base-cbr-vpc-zone-id.png
diff --git a/reference-architectures/infra-base-deployed.png b/reference-architectures/infra-base-deployed.png
diff --git a/reference-architectures/roks.drawio.svg b/reference-architectures/roks.drawio.svg
diff --git a/reference-architectures/vpc.drawio.svg b/reference-architectures/vpc.drawio.svg
diff --git a/reference-architectures/vsi-vsi.drawio.svg b/reference-architectures/vsi-vsi.drawio.svg
diff --git a/variables.tf b/variables.tf
@@ -1374,7 +1374,7 @@ variable "skip_all_s2s_auth_policies" {
 ##############################################################################
 variable "existing_vpc_cbr_zone_id" {
   type        = string
-  description = "ID of the existing CBR (Context-based restrictions) network zone, with context set to the VPC. This zone is used in a CBR rule, which allows traffic to flow only from the landing zone VPCs to specific cloud services."
+  description = "ID of the existing CBR (Context-based restrictions) network zone, with context set to the VPC. This zone is used in a CBR rule, which allows traffic to flow only from the landing zone VPCs to specific cloud services. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/DA-cbr-tutorial.md)."
   default     = null
 }
 
diff --git a/version.tf b/version.tf
@@ -8,7 +8,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">= 1.71.0, < 2.0.0"
+      version = ">= 1.78.0, < 2.0.0"
     }
     random = {
       source  = "hashicorp/random"
diff --git a/virtual_servers.tf b/virtual_servers.tf
@@ -41,7 +41,7 @@ data "ibm_is_image" "image" {
 
 module "vsi" {
   source                          = "terraform-ibm-modules/landing-zone-vsi/ibm"
-  version                         = "4.6.0"
+  version                         = "4.7.1"
   for_each                        = local.vsi_map
   resource_group_id               = each.value.resource_group == null ? null : local.resource_groups[each.value.resource_group]
   create_security_group           = each.value.security_group == null ? false : true

Original file line number	Diff line number	Diff line change
`@@ -244,7 +244,7 @@ module "cluster" {`
`244`	`244`	`if cluster.kube_type == "openshift"`
`245`	`245`	`}`
`246`	`246`	`source = "terraform-ibm-modules/base-ocp-vpc/ibm"`
`247`		`- version = "3.44.0"`
	`247`	`+ version = "3.46.14"`
`248`	`248`	`resource_group_id = local.resource_groups[each.value.resource_group]`
`249`	`249`	`region = var.region`
`250`	`250`	`cluster_name = each.value.cluster_name`
Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ terraform {`
`3`	`3`	`required_providers {`
`4`	`4`	`ibm = {`
`5`	`5`	`source = "IBM-Cloud/ibm"`
`6`		`- version = "1.76.3"`
	`6`	`+ version = "1.78.0"`
`7`	`7`	`}`
`8`	`8`	`}`
`9`	`9`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8,11 +8,11 @@ terraform {`
`8`	`8`	`required_providers {`
`9`	`9`	`ibm = {`
`10`	`10`	`source = "IBM-Cloud/ibm"`
`11`		`- version = "1.76.3"`
	`11`	`+ version = "1.78.0"`
`12`	`12`	`}`
`13`	`13`	`external = {`
`14`	`14`	`source = "hashicorp/external"`
`15`		`- version = "2.3.4"`
	`15`	`+ version = "2.3.5"`
`16`	`16`	`}`
`17`	`17`	`}`
`18`	`18`	`}`