feat: DA updates (#887)

BREAKING CHANGE: The DA no longer supports creating a new resource group. It only supports using existing resource group

Author: ocofaigh

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2025-04-15T12:18:50Z",
+  "generated_at": "2025-05-21T09:46:16Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -90,7 +90,7 @@
         "hashed_secret": "a7c93faaa770c377154ea9d4d0d17a9056dbfa95",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 199,
+        "line_number": 192,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -123,13 +123,13 @@
         "verified_result": null
       }
     ],
-    "solutions/instance/DA-types.md": [
+    "solutions/instance/DA-cbr_rules.md": [
       {
-        "hashed_secret": "1e5c2f367f02e47a8c160cda1cd9d91decbac441",
+        "hashed_secret": "91bd6d8889493222b850338327aa2f54b7ab25d0",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 99,
-        "type": "Secret Keyword",
+        "line_number": 51,
+        "type": "Hex High Entropy String",
         "verified_result": null
       }
     ],

README.md

@@ -109,17 +109,10 @@ module "cos_buckets" {
 
 You need the following permissions to run this module.
 
-- Account Management
-    - **Resource Group** service
-        - `Viewer` platform access
-- IAM Services
-    - **IBM Cloud Activity Tracker** service
-        - `Editor` platform access
-        - `Manager` service access
-    - **IBM Cloud Monitoring** service
-        - `Editor` platform access
-        - `Manager` service access
-    - **IBM Cloud Object Storage** service
+- Service
+    - **Resource group only**
+        - `Viewer` access on the specific resource group
+    - **Cloud Object Storage** service
         - `Editor` platform access
         - `Manager` service access
 

cra-config.yaml

@@ -7,6 +7,7 @@ CRA_TARGETS:
     CRA_ENVIRONMENT_VARIABLES:  # An optional map of environment variables for CRA, where the key is the variable name and value is the value. Useful for providing TF_VARs.
       TF_VAR_resource_group_name: "terraform-ibm-cos"
       TF_VAR_provider_visibility: "public"
+      TF_VAR_prefix: "test"
   - CRA_TARGET: "solutions/secure-cross-regional-bucket"  # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
     CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
     PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3"  # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile).
@@ -16,6 +17,7 @@ CRA_TARGETS:
       TF_VAR_bucket_name: "mock"
       TF_VAR_cross_region_location: us
       TF_VAR_provider_visibility: "public"
+      TF_VAR_prefix: "test"
   - CRA_TARGET: "solutions/secure-regional-bucket"  # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
     CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
     PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3"  # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile).
@@ -24,3 +26,4 @@ CRA_TARGETS:
       TF_VAR_existing_cos_instance_crn: "crn:v1:bluemix:public:cloud-object-storage:global:a/abac0df06b644a9cabc6e44f55b3880e:12345a67-12ab-1a23-abc1-1a2345abcde6::"
       TF_VAR_bucket_name: "mock"
       TF_VAR_provider_visibility: "public"
+      TF_VAR_prefix: "test"