SCC Update Jan 2024

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.mod|go.sum|.*.map|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-12-26T12:35:45Z",
+  "generated_at": "2024-01-16T23:03:03Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -760,23 +760,23 @@
         "hashed_secret": "731438016c5ab94431f61820f35e3ae5f8ad6004",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 428,
+        "line_number": 436,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "12da2e35d6b50c902c014f1ab9e3032650368df7",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 434,
+        "line_number": 442,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "813274ccae5b6b509379ab56982d862f7b5969b6",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1157,
+        "line_number": 1165,
         "type": "Base64 High Entropy String",
         "verified_result": null
       }
@@ -864,15 +864,15 @@
         "hashed_secret": "c8b6f5ef11b9223ac35a5663975a466ebe7ebba9",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1838,
+        "line_number": 1840,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "8abf4899c01104241510ba87685ad4de76b0c437",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1844,
+        "line_number": 1846,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -3105,36 +3105,6 @@
         "verified_result": null
       }
     ],
-    "ibm/service/scc/data_source_ibm_scc_provider_type_instance_test.go": [
-      {
-        "hashed_secret": "83747cea2b26d7652ed39218ddcdb1461c570535",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 79,
-        "type": "Hex High Entropy String",
-        "verified_result": null
-      }
-    ],
-    "ibm/service/scc/data_source_ibm_scc_provider_type_test.go": [
-      {
-        "hashed_secret": "83747cea2b26d7652ed39218ddcdb1461c570535",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 43,
-        "type": "Hex High Entropy String",
-        "verified_result": null
-      }
-    ],
-    "ibm/service/scc/resource_ibm_scc_provider_type_instance_test.go": [
-      {
-        "hashed_secret": "83747cea2b26d7652ed39218ddcdb1461c570535",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 94,
-        "type": "Hex High Entropy String",
-        "verified_result": null
-      }
-    ],
     "ibm/service/schematics/data_source_ibm_schematics_action.go": [
       {
         "hashed_secret": "49f3bb8f759241df51c899d3725d877bad58f66e",
@@ -3831,24 +3801,6 @@
         "verified_result": null
       }
     ],
-    "ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go": [
-      {
-        "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 190,
-        "type": "Secret Keyword",
-        "verified_result": null
-      },
-      {
-        "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 443,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
     "ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go": [
       {
         "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",

go.mod

@@ -27,7 +27,7 @@ require (
 	github.com/IBM/platform-services-go-sdk v0.55.0
 	github.com/IBM/project-go-sdk v0.1.6
 	github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5
-	github.com/IBM/scc-go-sdk/v5 v5.1.3
+	github.com/IBM/scc-go-sdk/v5 v5.1.4
 	github.com/IBM/schematics-go-sdk v0.2.3
 	github.com/IBM/secrets-manager-go-sdk/v2 v2.0.2
 	github.com/IBM/vpc-beta-go-sdk v0.6.0
@@ -210,7 +210,7 @@ require (
 	golang.org/x/net v0.19.0 // indirect
 	golang.org/x/oauth2 v0.7.0 // indirect
 	golang.org/x/sync v0.5.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
 	golang.org/x/term v0.15.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.3.0 // indirect

go.sum

@@ -166,8 +166,8 @@ github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5 h1:N
 github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5/go.mod h1:b07XHUVh0XYnQE9s2mqgjYST1h9buaQNqN4EcKhOsX0=
 github.com/IBM/sarama v1.41.2 h1:ZDBZfGPHAD4uuAtSv4U22fRZBgst0eEwGFzLj0fb85c=
 github.com/IBM/sarama v1.41.2/go.mod h1:xdpu7sd6OE1uxNdjYTSKUfY8FaKkJES9/+EyjSgiGQk=
-github.com/IBM/scc-go-sdk/v5 v5.1.3 h1:8zqJx/HgChTlMaC21HzthIR4HbFkuJ3dR/D68254jRg=
-github.com/IBM/scc-go-sdk/v5 v5.1.3/go.mod h1:YtAVlzq10bwR82QX4ZavhDIwa1s85RuVO9N/KmXVcuk=
+github.com/IBM/scc-go-sdk/v5 v5.1.4 h1:+HoeUJCyGAJpQv2hBskKdMC1I6K617zbHF5lpbK5VYI=
+github.com/IBM/scc-go-sdk/v5 v5.1.4/go.mod h1:YtAVlzq10bwR82QX4ZavhDIwa1s85RuVO9N/KmXVcuk=
 github.com/IBM/schematics-go-sdk v0.2.3 h1:lgTt0Sbudii3cuSk1YSQgrtiZAXDbBABAoVj3eQuBrU=
 github.com/IBM/schematics-go-sdk v0.2.3/go.mod h1:Tw2OSAPdpC69AxcwoyqcYYaGTTW6YpERF9uNEU+BFRQ=
 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.2 h1:+Svh1OmoFxMBnZQSOUtp2UUzrOGFsSQlE5TFL/ptJco=
@@ -1902,8 +1902,8 @@ golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

ibm/acctest/acctest.go

@@ -266,9 +266,13 @@ var Snapshot_month string
 // Secuity and Complinace Center
 var (
 	SccApiEndpoint            string
+	SccEventNotificationsCRN  string
+	SccInstanceID             string
+	SccObjectStorageCRN       string
+	SccObjectStorageBucket    string
 	SccProviderTypeAttributes string
+	SccProviderTypeID         string
 	SccReportID               string
-	SccInstanceID             string
 )
 
 // ROKS Cluster
@@ -1401,6 +1405,26 @@ func init() {
 		fmt.Println("[WARN] Set the environment variable IBMCLOUD_SCC_PROVIDER_TYPE_ATTRIBUTES with a VALID SCC PROVIDER TYPE ATTRIBUTE")
 	}
 
+	SccProviderTypeID = os.Getenv("IBMCLOUD_SCC_PROVIDER_TYPE_ID")
+	if SccProviderTypeID == "" {
+		fmt.Println("[WARN] Set the environment variable IBMCLOUD_SCC_PROVIDER_TYPE_ID with a VALID SCC PROVIDER TYPE ID")
+	}
+
+	SccEventNotificationsCRN = os.Getenv("IBMCLOUD_SCC_EVENT_NOTIFICATION_CRN")
+	if SccEventNotificationsCRN == "" {
+		fmt.Println("[WARN] Set the environment variable IBMCLOUD_SCC_EVENT_NOTIFICATION_CRN")
+	}
+
+	SccObjectStorageCRN = os.Getenv("IBMCLOUD_SCC_OBJECT_STORAGE_CRN")
+	if SccObjectStorageCRN == "" {
+		fmt.Println("[WARN] Set the environment variable IBMCLOUD_SCC_OBJECT_STORAGE_CRN with a valid cloud object storage crn")
+	}
+
+	SccObjectStorageBucket = os.Getenv("IBMCLOUD_SCC_OBJECT_STORAGE_BUCKET")
+	if SccObjectStorageBucket == "" {
+		fmt.Println("[WARN] Set the environment variable IBMCLOUD_SCC_OBJECT_STORAGE_BUCKET with a valid cloud object storage bucket")
+	}
+
 	HostPoolID = os.Getenv("IBM_CONTAINER_DEDICATEDHOST_POOL_ID")
 	if HostPoolID == "" {
 		fmt.Println("[INFO] Set the environment variable IBM_CONTAINER_DEDICATEDHOST_POOL_ID for ibm_container_vpc_cluster resource to test dedicated host functionality")
@@ -1820,15 +1844,31 @@ func TestAccPreCheckScc(t *testing.T) {
 	}
 
 	if SccProviderTypeAttributes == "" {
-		t.Fatal("IBMCLOUD_SCC_PROVIDER_TYPE_ATTRIBUTES missing. Set the environment variable IBMCLOUD_SCC_PROVIDER_TYPE_ATTRIBUTES with a VALID ATTRIBUTE")
+		t.Fatal("IBMCLOUD_SCC_PROVIDER_TYPE_ATTRIBUTES missing. Set the environment variable IBMCLOUD_SCC_PROVIDER_TYPE_ATTRIBUTES with a VALID SCC provider_type JSON object")
+	}
+
+	if SccProviderTypeID == "" {
+		t.Fatal("IBMCLOUD_SCC_PROVIDER_TYPE_ID missing. Set the environment variable IBMCLOUD_SCC_PROVIDER_TYPE_ID with a VALID SCC provider_type ID")
 	}
 
 	if SccInstanceID == "" {
 		t.Fatal("IBMCLOUD_SCC_INSTANCE_ID missing. Set the environment variable IBMCLOUD_SCC_INSTANCE_ID with a VALID SCC INSTANCE ID")
 	}
 
 	if SccReportID == "" {
-		t.Fatal("IBMCLOUD_SCC_REPORT_ID missing. Set the environment variable IBMCLOUD_SCC_REPORT_ID with a VALID REPORT_ID")
+		t.Fatal("IBMCLOUD_SCC_REPORT_ID missing. Set the environment variable IBMCLOUD_SCC_REPORT_ID with a VALID SCC REPORT_ID")
+	}
+
+	if SccEventNotificationsCRN == "" {
+		t.Fatal("IBMCLOUD_SCC_EVENT_NOTIFICATION_CRN missing. Set the environment variable IBMCLOUD_SCC_EVENT_NOTIFICATION_CRN with a valid EN CRN")
+	}
+
+	if SccObjectStorageCRN == "" {
+		t.Fatal("IBMCLOUD_SCC_OBJECT_STORAGE_CRN missing. Set the environment variable IBMCLOUD_SCC_OBJECT_STORAGE_CRN with a valid COS CRN")
+	}
+
+	if SccObjectStorageBucket == "" {
+		t.Fatal("IBMCLOUD_SCC_OBJECT_STORAGE_CRN missing. Set the environment variable IBMCLOUD_SCC_OBJECT_STORAGE_BUCKET with a valid COS bucket")
 	}
 }
 

ibm/provider/provider.go

@@ -1305,6 +1305,7 @@ func Provider() *schema.Provider {
 			"ibm_scc_template_attachment": scc.ResourceIBMSccTemplateAttachment(),
 
 			// Security and Compliance Center
+			"ibm_scc_instance_settings":      scc.ResourceIbmSccInstanceSettings(),
 			"ibm_scc_rule":                   scc.ResourceIbmSccRule(),
 			"ibm_scc_control_library":        scc.ResourceIbmSccControlLibrary(),
 			"ibm_scc_profile":                scc.ResourceIbmSccProfile(),
@@ -1576,6 +1577,7 @@ func Validator() validate.ValidatorDict {
 				"ibm_satellite_host":                      satellite.ResourceIBMSatelliteHostValidator(),
 
 				// Added for SCC
+				"ibm_scc_instance_settings":      scc.ResourceIbmSccInstanceSettingsValidator(),
 				"ibm_scc_rule":                   scc.ResourceIbmSccRuleValidator(),
 				"ibm_scc_control_library":        scc.ResourceIbmSccControlLibraryValidator(),
 				"ibm_scc_profile":                scc.ResourceIbmSccProfileValidator(),

ibm/service/scc/data_source_ibm_scc_provider_type.go

@@ -17,7 +17,7 @@ import (
 )
 
 func DataSourceIbmSccProviderType() *schema.Resource {
-	return &schema.Resource{
+	return AddSchemaData(&schema.Resource{
 		ReadContext: dataSourceIbmSccProviderTypeRead,
 
 		Schema: map[string]*schema.Schema{
@@ -109,7 +109,7 @@ func DataSourceIbmSccProviderType() *schema.Resource {
 				Description: "Time at which resource was updated.",
 			},
 		},
-	}
+	})
 }
 
 func dataSourceIbmSccProviderTypeRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
@@ -120,6 +120,7 @@ func dataSourceIbmSccProviderTypeRead(context context.Context, d *schema.Resourc
 
 	getProviderTypeByIdOptions := &securityandcompliancecenterapiv3.GetProviderTypeByIdOptions{}
 
+	getProviderTypeByIdOptions.SetInstanceID(d.Get("instance_id").(string))
 	getProviderTypeByIdOptions.SetProviderTypeID(d.Get("provider_type_id").(string))
 
 	providerTypeItem, response, err := securityAndComplianceCenterApIsClient.GetProviderTypeByIDWithContext(context, getProviderTypeByIdOptions)

ibm/service/scc/data_source_ibm_scc_provider_type_instance_test.go

@@ -20,7 +20,7 @@ func TestAccIbmSccProviderTypeInstanceDataSourceBasic(t *testing.T) {
 		Providers: acc.TestAccProviders,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccCheckIbmSccProviderTypeInstanceDataSourceConfigBasic(acc.SccInstanceID, providerTypeInstanceName, acc.SccProviderTypeAttributes),
+				Config: testAccCheckIbmSccProviderTypeInstanceDataSourceConfigBasic(acc.SccInstanceID, providerTypeInstanceName, acc.SccProviderTypeAttributes, acc.SccProviderTypeID),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrSet("data.ibm_scc_provider_type_instance.scc_provider_type_instance_tf", "id"),
 					resource.TestCheckResourceAttrSet("data.ibm_scc_provider_type_instance.scc_provider_type_instance_tf", "provider_type_id"),
@@ -39,7 +39,7 @@ func TestAccIbmSccProviderTypeInstanceDataSourceAllArgs(t *testing.T) {
 		Providers: acc.TestAccProviders,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccCheckIbmSccProviderTypeInstanceDataSourceConfig(acc.SccInstanceID, providerTypeInstanceName, acc.SccProviderTypeAttributes),
+				Config: testAccCheckIbmSccProviderTypeInstanceDataSourceConfig(acc.SccInstanceID, providerTypeInstanceName, acc.SccProviderTypeAttributes, acc.SccProviderTypeID),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrSet("data.ibm_scc_provider_type_instance.scc_provider_type_instance_tf", "id"),
 					resource.TestCheckResourceAttrSet("data.ibm_scc_provider_type_instance.scc_provider_type_instance_tf", "provider_type_id"),
@@ -55,11 +55,11 @@ func TestAccIbmSccProviderTypeInstanceDataSourceAllArgs(t *testing.T) {
 	})
 }
 
-func testAccCheckIbmSccProviderTypeInstanceDataSourceConfigBasic(instanceID string, providerTypeInstanceName string, providerTypeInstanceAttributes string) string {
+func testAccCheckIbmSccProviderTypeInstanceDataSourceConfigBasic(instanceID, providerTypeInstanceName, providerTypeInstanceAttributes, providerTypeInstanceID string) string {
 	return fmt.Sprintf(`
 		resource "ibm_scc_provider_type_instance" "scc_provider_type_instance" {
 			instance_id = "%s"
-			provider_type_id = "afa2476ecfa5f09af248492fe991b4d1"
+			provider_type_id = "%s"
 			name = "%s"
 			attributes = %s
 		}
@@ -69,14 +69,14 @@ func testAccCheckIbmSccProviderTypeInstanceDataSourceConfigBasic(instanceID stri
 			provider_type_id = ibm_scc_provider_type_instance.scc_provider_type_instance.provider_type_id
 			provider_type_instance_id = ibm_scc_provider_type_instance.scc_provider_type_instance.provider_type_instance_id
 		}
-	`, instanceID, providerTypeInstanceName, providerTypeInstanceAttributes)
+	`, instanceID, providerTypeInstanceID, providerTypeInstanceName, providerTypeInstanceAttributes)
 }
 
-func testAccCheckIbmSccProviderTypeInstanceDataSourceConfig(instanceID string, providerTypeInstanceName string, providerTypeInstanceAttributes string) string {
+func testAccCheckIbmSccProviderTypeInstanceDataSourceConfig(instanceID, providerTypeInstanceName, providerTypeInstanceAttributes, providerTypeInstanceID string) string {
 	return fmt.Sprintf(`
 		resource "ibm_scc_provider_type_instance" "scc_provider_type_instance" {
 			instance_id = "%s"
-			provider_type_id = "afa2476ecfa5f09af248492fe991b4d1"
+			provider_type_id = "%s"
 			name = "%s"
 			attributes = %s
 		}
@@ -86,5 +86,5 @@ func testAccCheckIbmSccProviderTypeInstanceDataSourceConfig(instanceID string, p
 			provider_type_id = ibm_scc_provider_type_instance.scc_provider_type_instance.provider_type_id
 			provider_type_instance_id = ibm_scc_provider_type_instance.scc_provider_type_instance.provider_type_instance_id
 		}
-	`, instanceID, providerTypeInstanceName, providerTypeInstanceAttributes)
+	`, instanceID, providerTypeInstanceID, providerTypeInstanceName, providerTypeInstanceAttributes)
 }

ibm/service/scc/data_source_ibm_scc_provider_type_test.go

@@ -18,7 +18,7 @@ func TestAccIbmSccProviderTypeDataSourceBasic(t *testing.T) {
 		Providers: acc.TestAccProviders,
 		Steps: []resource.TestStep{
 			resource.TestStep{
-				Config: testAccCheckIbmSccProviderTypeDataSourceConfigBasic(),
+				Config: testAccCheckIbmSccProviderTypeDataSourceConfigBasic(acc.SccInstanceID, acc.SccProviderTypeID),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrSet("data.ibm_scc_provider_type.scc_provider_type_instance", "id"),
 					resource.TestCheckResourceAttrSet("data.ibm_scc_provider_type.scc_provider_type_instance", "provider_type_id"),
@@ -30,17 +30,17 @@ func TestAccIbmSccProviderTypeDataSourceBasic(t *testing.T) {
 					resource.TestCheckResourceAttrSet("data.ibm_scc_provider_type.scc_provider_type_instance", "mode"),
 					resource.TestCheckResourceAttrSet("data.ibm_scc_provider_type.scc_provider_type_instance", "data_type"),
 					resource.TestCheckResourceAttrSet("data.ibm_scc_provider_type.scc_provider_type_instance", "icon"),
-					resource.TestCheckResourceAttrSet("data.ibm_scc_provider_type.scc_provider_type_instance", "attributes.%"),
 				),
 			},
 		},
 	})
 }
 
-func testAccCheckIbmSccProviderTypeDataSourceConfigBasic() string {
+func testAccCheckIbmSccProviderTypeDataSourceConfigBasic(instanceID, providerTypeID string) string {
 	return fmt.Sprintf(`
 		data "ibm_scc_provider_type" "scc_provider_type_instance" {
-			provider_type_id = "afa2476ecfa5f09af248492fe991b4d1"
+      instance_id = "%s"
+			provider_type_id = "%s"
 		}
-	`)
+	`, instanceID, providerTypeID)
 }