feat: The COS KMS auth policy created by the DA is now scoped to the exact KMS key. NOTE: When upgrading from an old version, the auth policy will be re-created, however it will be non disruptive as it will create the new policy before removing the old one (#324)

Author: ocofaigh

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-12-13T05:17:42Z",
+  "generated_at": "2023-12-14T05:17:42Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

solutions/standard/main.tf

@@ -249,7 +249,7 @@ locals {
 module "cos" {
   count                               = local.create_cos_bucket ? 1 : 0
   source                              = "terraform-ibm-modules/cos/ibm"
-  version                             = "8.12.0"
+  version                             = "8.14.1"
   create_cos_instance                 = var.existing_cos_instance_crn == null ? true : false
   create_cos_bucket                   = local.create_cos_bucket
   existing_cos_instance_id            = var.existing_cos_instance_crn

tests/pr_test.go

@@ -210,7 +210,8 @@ func TestRunUpgradeDASolution(t *testing.T) {
 		"resource_group_name":                 options.Prefix,
 		"region":                              region,
 		"existing_kms_instance_crn":           permanentResources["hpcs_south_crn"],
-		"kms_endpoint_url":                    permanentResources["hpcs_south_private_endpoint"],
+		"kms_endpoint_url":                    permanentResources["hpcs_south_public_endpoint"],
+		"kms_endpoint_type":                   "public",
 		"management_endpoint_type_for_bucket": "public",
 	}