Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: service credential source service role #304

Merged
merged 2 commits into from
Feb 5, 2025
Merged

fix: service credential source service role #304

merged 2 commits into from
Feb 5, 2025
+31 −36

Conversation

shemau
Copy link
Contributor

@shemau shemau commented Jan 27, 2025
edited
Loading

Description

Issue:

The logic for creating the service credential only worked for roles where the CRN service-name was 'iam'. Syncing this module with the secret manager module, to expose terraform-ibm-modules/terraform-ibm-secrets-manager#268 and the secret module, to expose terraform-ibm-modules/terraform-ibm-secrets-manager-secret#249.

Additional changes are included in pr_test.go to include a cloud-object-service serviceRole based service credential.

The DA does support secret creation and the internal structure of a complex variable has changed. Any consumer using this feature to create service credentials will have to replace the existing 'service_credentials_source_service_role' with the equivalent 'service_credentials_source_service_role_crn'.
This is a text input in the catalog, the content of the field will not be lost, but it will have to be updated.

Release required?

  • No release
  • Patch release (x.x.X)
  • Minor release (x.X.x)
  • Major release (X.x.x)
Release notes content

The service_credential_secrets variable that previously set 'service_credentials_source_service_role' property in an object, now needs to set 'service_credentials_source_service_role_crn'. The CRN for the role to give the service credential in the source service. These can be looked up at https://cloud.ibm.com/iam/roles, select the service and select the role to view the CRN for that role.

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

  • If relevant, a test for the change is included or updated with this PR.
  • If relevant, documentation for the change is included or updated with this PR.

For mergers

  • Use a conventional commit message to set the release level. Follow the guidelines.
  • Include information that users need to know about the PR in the commit message. The commit message becomes part of the GitHub release notes.
  • Use the Squash and merge option.

@shemau shemau requested a review from iamar7 as a code owner January 27, 2025 10:59
@shemau
Copy link
Contributor Author

shemau commented Jan 27, 2025

/run pipeline

iamar7
iamar7 approved these changes Jan 28, 2025
View reviewed changes
Copy link
Member

@iamar7 iamar7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@shemau
Copy link
Contributor Author

shemau commented Jan 31, 2025

/run pipeline

@ocofaigh ocofaigh merged commit 724a7de into main Feb 5, 2025
2 checks passed
@ocofaigh ocofaigh deleted the role-crn branch February 5, 2025 11:01
@terraform-ibm-modules-ops
Copy link
Contributor

🎉 This PR is included in version 1.15.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ocofaigh ocofaigh ocofaigh approved these changes

@iamar7 iamar7 iamar7 approved these changes

Assignees

@shemau shemau

Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@shemau @terraform-ibm-modules-ops @iamar7 @ocofaigh