fix(deps): update terraform-module

[terraform-ibm-modules-ops]

This PR contains the following updates:

Package	Type	Update	Change
github.com/terraform-ibm-modules/terraform-ibm-resource-group	module	minor	v1.1.6 -> v1.2.0
terraform-ibm-modules/kms-all-inclusive/ibm (source)	module	minor	4.19.8 -> 4.21.8
terraform-ibm-modules/resource-group/ibm (source)	module	minor	1.1.6 -> 1.2.0
terraform-ibm-modules/secrets-manager/ibm (source)	module	minor	1.22.0 -> 1.26.4

---

Release Notes

terraform-ibm-modules/terraform-ibm-resource-group (github.com/terraform-ibm-modules/terraform-ibm-resource-group)

v1.2.0

Compare Source

Features

• improved user experience for validating input variable values
• updated required terraform to be >= 1.9.0

(#​706) (d2dbcd8)

terraform-ibm-modules/terraform-ibm-kms-all-inclusive (terraform-ibm-modules/kms-all-inclusive/ibm)

v4.21.8

Compare Source

Bug Fixes

• deps: update terraform ibm to latest for the deployable architecture solution (#​649) (08b38bb)

v4.21.7

Compare Source

Bug Fixes

• deps: update terraform terraform-ibm-modules/kms-key-ring/ibm to v2.6.0 (#​650) (050c3cb)

v4.21.6

Compare Source

Bug Fixes

• deps: update terraform-module (#​638) (34b4efc)

v4.21.5

Compare Source

Bug Fixes

• updated prefix variable description (#​645) (5de0478)

v4.21.4

Compare Source

Bug Fixes

• deps: update terraform ibm to latest for the deployable architecture solution (#​639) (55659a2)

v4.21.3

Compare Source

Bug Fixes

• deps: update terraform ibm to latest for the deployable architecture solution (#​634) (d301f5b)

v4.21.2

Compare Source

Bug Fixes

• deps: update terraform ibm to latest for the deployable architecture solution (#​627) (903964d)

v4.21.1

Compare Source

Bug Fixes

• deps: update IBM provider to 1.76.0 in the DA (#​626) (b217678)

v4.21.0

Compare Source

Features

• added support for cross-region-resiliency Key Protect instance plan.
  - updated the keys input to support kmip configuration. This input is now marked as a sensitive input since it can contain a private certificate value. (#​620) (3a93855)

v4.20.0

Compare Source

Features

(#​624) (115f845)

• The following DA input variables have been renamed:
  • resource_tags -> key_protect_resource_tags
  • access_tags -> key_protect_access_tags
  • cbr_rules -> key_protect_instance_cbr_rules
• The default value of key_protect_instance_name has changed from base-security-services-kms -> key-protect

terraform-ibm-modules/terraform-ibm-secrets-manager (terraform-ibm-modules/secrets-manager/ibm)

v1.26.4

Compare Source

Fixes

• added the missing input skip_iam_authorization_policy from the DA. Previously this was automatically set to false with no ability to override in the DA, meaning you might get an error if passing an existing Secrets Manager instance if the auth policy already exists. Exposing it now allows consumers to disable auth policy creation if it already exists.

v1.26.3

Compare Source

Fixes

• added a fix to KMS key validation that was causing the following error when passing an existing Secrets Manager instance:

  │ Error: Invalid function argument
  │ 
  │   on ../../main.tf line 21, in locals:
  │   21:   validate_is_hpcs_key = var.is_hpcs_key && local.kms_service_name != "hs-crypto" ? tobool("When is_hpcs_key is set to true then the key provided through kms_key_crn must be a Hyper Protect Crypto Services key") : true
  │     ├────────────────
  │     │ while calling tobool(v)
  │ 
  │ Invalid value for "v" parameter: cannot convert "When is_hpcs_key is set to true then the key provided through kms_key_crn must be a Hyper Protect Crypto Services key" to bool; only the strings
  │ "true" or "false" are allowed.
  

v1.26.2

Compare Source

Fixes

• added a fix for a missing moved block in the DA which can cause the following destroys to be seen when upgrading to version 1.23.0 or later:

module.secrets_manager.ibm_sm_en_registration.sm_en_registration[0] will be destroyed

v1.26.1

Compare Source

Fixes

• added a fix for a missing moved block in the DA which can cause the following destroys to be seen when upgrading to version 1.23.0 or later:

module.secrets_manager.ibm_iam_authorization_policy.en_policy[0] will be destroyed

module.secrets_manager.ibm_sm_en_registration.sm_en_registration[0] will be destroyed

v1.26.0

Compare Source

Features

(#​295) (a0cab06)

• The KMS auth policy has been updated so its now scoped to the exact KMS key. If upgrading from an older version this will recreate the auth policy, however it will create the new one before destroying the old one so there is no disruption to every day services.
• The kms_instance_guid input has been removed from the module. It is now programmatically determined from the value of kms_key_crn
• A new boolean input is_hpcs_key has been added to the module and should be set to true if the key specified in kms_key_crn is from a Hyper Protect instance. Leave it at false if using Key Protect. If set to true, a second auth policy is created which allows the Secrets Manager instance Viewer access to the HPCS instance.

v1.25.5

Compare Source

Bug Fixes

• deps: update terraform-module (#​306) (5c52795)

v1.25.4

Compare Source

Bug Fixes

• deps: update terraform ibm to latest for the deployable architecture solution (#​310) (c458399)

v1.25.3

Compare Source

Bug Fixes

• expose the skip_iam_authorization_policy in the fscloud submodule (#​301) (94db9b1)

v1.25.2

Compare Source

Bug Fixes

• deps: update required_provider to latest for the deployable architecture solution (#​305) (f12d4e9)

v1.25.1

Compare Source

Bug Fixes

• deps: update IBM provider to 1.76.0 (#​303) (190d59d)

v1.25.0

Compare Source

Features

• Added new input skip_iam_authorization_policy which defaults to false, meaning by default the module will now create the IAM authorization policies required to enable the IAM credentials engine by creating policies that grants the Secrets Manager instance 'Operator' access to the IAM identity service, and 'Groups Service Member Manage' access to the IAM groups service (#​237) (e5d4806)

v1.24.3

Compare Source

Bug Fixes

• deps: update terraform terraform-ibm-modules/event-notifications/ibm to v1.18.8 (#​298) (9249319)

v1.24.2

Compare Source

Bug Fixes

• deps: update terraform-module (#​296) (cfa265f)

v1.24.1

Compare Source

Bug Fixes

• deps: update terraform-module (#​293) (3b7f282)

v1.24.0

Compare Source

(#​290) (fef71c3)

Features

• updated DA input variable names:
  • secret_manager_tags --> secrets_manager_tags
  • public_engine_enabled --> public_cert_engine_enabled
  • cis_id --> public_cert_engine_internet_services_crn
  • dns_provider_name --> public_cert_engine_dns_provider_config_name
  • ca_name --> public_cert_engine_lets_encrypt_config_ca_name
  • private_engine_enabled --> private_cert_engine_enabled
  • root_ca_name --> private_cert_engine_config_root_ca_name
  • root_ca_common_name --> private_cert_engine_config_root_ca_common_name
  • root_ca_max_ttl --> private_cert_engine_config_root_ca_max_ttl
  • intermediate_ca_name --> private_cert_engine_config_intermediate_ca_name
  • certificate_template_name --> private_cert_engine_config_template_name
  • enable_event_notification --> enable_event_notifications
  • existing_event_notification_instance_crn --> existing_event_notifications_instance_crn
  • skip_event_notification_iam_authorization_policy --> skip_event_notifications_iam_authorization_policy
  • sm_en_email_list --> event_notifications_email_list
  • sm_en_from_email --> event_notifications_from_email
  • sm_en_reply_to_email --> event_notifications_reply_to_email
• The default value of kms_key_ring_name has been changed from "sm-cos-key-ring" --> "secrets-manager-key-ring"
• The default value of kms_key_name has been changed from "sm-cos-key" --> "secrets-manager-key"
• The default value of iam_engine_name has been changed from "base-sm-iam-engine" --> "iam-engine"
• The default value of secrets_manager_instance_name has been changed from "base-security-services-sm" --> "secrets-manager"

NOTE: If upgrading from a previous release, to prevent infrastructure being destroyed and recreated, you can override the defaults back to their original values.

v1.23.9

Compare Source

Bug Fixes

• deps: update terraform terraform-ibm-modules/kms-all-inclusive/ibm to v4.19.8 (#​292) (db0da54)

v1.23.8

Compare Source

Bug Fixes

• deps: update terraform-module (#​289) (5f5cc8b)

v1.23.7

Compare Source

Bug Fixes

• deps: update terraform ibm to latest for the deployable architecture solution (#​287) (d45e59b)

v1.23.6

Compare Source

Bug Fixes

• deps: update terraform-module (#​288) (aaec26b)

v1.23.5

Compare Source

Bug Fixes

• deps: update terraform-module (#​281) (af5d933)

v1.23.4

Compare Source

Bug Fixes

• stop enforcing hpcs encryption for fscloud module (#​286)
  - you can now supply key-protect or hyper-protect keys to the fscloud module for encryption (007f829)

v1.23.3

Compare Source

Bug Fixes

• deps: update terraform ibm to latest for the deployable architecture solution (#​267) (52a278d)

v1.23.2

Compare Source

Bug Fixes

• deps: update terraform-module (#​266) (e97c209)

v1.23.1

Compare Source

Bug Fixes

• update catalog validation to use us-south HPCS (#​279) (b4a8f6f)

v1.23.0

Compare Source

Features

• The DA has been locked down to only support private only instances. So the existing_secrets_endpoint_type and allowed_network inputs have been removed. (#​259) (cc1ef7f)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-dev]

/run pipeline

[terraform-ibm-modules-ops]

🎉 This PR is included in version 3.4.3 🎉

The release is available on:

• GitHub release
• v3.4.3

Your semantic-release bot 📦🚀