Skip to content

Commit 6bb43dc

Browse files
authored
feat: DA updates (#887)
BREAKING CHANGE: The DA no longer supports creating a new resource group. It only supports using existing resource group
1 parent 68ff24f commit 6bb43dc

File tree

21 files changed

+401
-190
lines changed

21 files changed

+401
-190
lines changed

.secrets.baseline

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
"files": "go.sum|^.secrets.baseline$",
44
"lines": null
55
},
6-
"generated_at": "2025-04-15T12:18:50Z",
6+
"generated_at": "2025-05-21T09:46:16Z",
77
"plugins_used": [
88
{
99
"name": "AWSKeyDetector"
@@ -90,7 +90,7 @@
9090
"hashed_secret": "a7c93faaa770c377154ea9d4d0d17a9056dbfa95",
9191
"is_secret": false,
9292
"is_verified": false,
93-
"line_number": 199,
93+
"line_number": 192,
9494
"type": "Secret Keyword",
9595
"verified_result": null
9696
}
@@ -123,13 +123,13 @@
123123
"verified_result": null
124124
}
125125
],
126-
"solutions/instance/DA-types.md": [
126+
"solutions/instance/DA-cbr_rules.md": [
127127
{
128-
"hashed_secret": "1e5c2f367f02e47a8c160cda1cd9d91decbac441",
128+
"hashed_secret": "91bd6d8889493222b850338327aa2f54b7ab25d0",
129129
"is_secret": false,
130130
"is_verified": false,
131-
"line_number": 99,
132-
"type": "Secret Keyword",
131+
"line_number": 51,
132+
"type": "Hex High Entropy String",
133133
"verified_result": null
134134
}
135135
],

README.md

Lines changed: 4 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -109,17 +109,10 @@ module "cos_buckets" {
109109

110110
You need the following permissions to run this module.
111111

112-
- Account Management
113-
- **Resource Group** service
114-
- `Viewer` platform access
115-
- IAM Services
116-
- **IBM Cloud Activity Tracker** service
117-
- `Editor` platform access
118-
- `Manager` service access
119-
- **IBM Cloud Monitoring** service
120-
- `Editor` platform access
121-
- `Manager` service access
122-
- **IBM Cloud Object Storage** service
112+
- Service
113+
- **Resource group only**
114+
- `Viewer` access on the specific resource group
115+
- **Cloud Object Storage** service
123116
- `Editor` platform access
124117
- `Manager` service access
125118

cra-config.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ CRA_TARGETS:
77
CRA_ENVIRONMENT_VARIABLES: # An optional map of environment variables for CRA, where the key is the variable name and value is the value. Useful for providing TF_VARs.
88
TF_VAR_resource_group_name: "terraform-ibm-cos"
99
TF_VAR_provider_visibility: "public"
10+
TF_VAR_prefix: "test"
1011
- CRA_TARGET: "solutions/secure-cross-regional-bucket" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
1112
CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
1213
PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3" # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile).
@@ -16,6 +17,7 @@ CRA_TARGETS:
1617
TF_VAR_bucket_name: "mock"
1718
TF_VAR_cross_region_location: us
1819
TF_VAR_provider_visibility: "public"
20+
TF_VAR_prefix: "test"
1921
- CRA_TARGET: "solutions/secure-regional-bucket" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
2022
CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
2123
PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3" # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile).
@@ -24,3 +26,4 @@ CRA_TARGETS:
2426
TF_VAR_existing_cos_instance_crn: "crn:v1:bluemix:public:cloud-object-storage:global:a/abac0df06b644a9cabc6e44f55b3880e:12345a67-12ab-1a23-abc1-1a2345abcde6::"
2527
TF_VAR_bucket_name: "mock"
2628
TF_VAR_provider_visibility: "public"
29+
TF_VAR_prefix: "test"

0 commit comments

Comments
 (0)