Resolve commits

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.mod|go.sum|.*.map|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-01-22T15:02:07Z",
+  "generated_at": "2024-01-29T11:06:53Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -2900,15 +2900,15 @@
         "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 341,
+        "line_number": 380,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "92f08f2d9a0dc3f0d4cb3796435a48508cf59ecd",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 687,
+        "line_number": 707,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -2918,7 +2918,7 @@
         "hashed_secret": "347cd9c53ff77d41a7b22aa56c7b4efaf54658e3",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 58,
+        "line_number": 59,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -2956,15 +2956,15 @@
         "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 236,
+        "line_number": 277,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "92f08f2d9a0dc3f0d4cb3796435a48508cf59ecd",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1107,
+        "line_number": 1059,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -2992,7 +2992,7 @@
         "hashed_secret": "92f08f2d9a0dc3f0d4cb3796435a48508cf59ecd",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 509,
+        "line_number": 497,
         "type": "Secret Keyword",
         "verified_result": null
       }

examples/ibm-project/main.tf

@@ -4,7 +4,7 @@ provider "ibm" {
 
 // Provision project_config resource instance
 resource "ibm_project_config" "project_config_instance" {
-  project_id = ibm_project.project_instance.project_id
+  project_id = ibm_project.project_instance.id
   definition {
     name = "static-website-dev"
     description = "Website - development"
@@ -32,7 +32,7 @@ resource "ibm_project" "project_instance" {
 
 // Provision project_environment resource instance
 resource "ibm_project_environment" "project_environment_instance" {
-  project_id = ibm_project.project_instance.project_id
+  project_id = ibm_project.project_instance.id
   definition {
     name = "environment-stage"
     description = "environment for stage project"

go.mod

@@ -24,8 +24,8 @@ require (
 	github.com/IBM/ibm-hpcs-uko-sdk v0.0.20-beta
 	github.com/IBM/keyprotect-go-client v0.12.2
 	github.com/IBM/networking-go-sdk v0.44.0
-	github.com/IBM/platform-services-go-sdk v0.55.0
-	github.com/IBM/project-go-sdk v0.1.6
+	github.com/IBM/platform-services-go-sdk v0.56.3
+	github.com/IBM/project-go-sdk v0.2.0
 	github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5
 	github.com/IBM/scc-go-sdk/v5 v5.1.4
 	github.com/IBM/schematics-go-sdk v0.2.3

go.sum

@@ -160,8 +160,10 @@ github.com/IBM/networking-go-sdk v0.44.0 h1:6acyMd6hwxcjK3bJ2suiUBTjzg8mRFAvYD76
 github.com/IBM/networking-go-sdk v0.44.0/go.mod h1:XtqYRInR5NHmFUXhOL6RovpDdv6PnJfZ1lPFvssA8MA=
 github.com/IBM/platform-services-go-sdk v0.55.0 h1:W598xZanL61bwd8O2DQexr4qjIr+/tP0Y845zoms5yA=
 github.com/IBM/platform-services-go-sdk v0.55.0/go.mod h1:CWSprvsCsXWvujmBzbtoJSmbRZS9FVV3O594b0t/GiM=
-github.com/IBM/project-go-sdk v0.1.6 h1:sGrR0ej5wgBDhR2Xvf8Tgi5NmgMAJ77yep/CPGhvOx8=
-github.com/IBM/project-go-sdk v0.1.6/go.mod h1:lqe0M4cKvABI1iHR1b+KfasVcxQL6nl2VJ8eOyQs8Ig=
+github.com/IBM/platform-services-go-sdk v0.56.3 h1:DQ1VMQSknhPsdT7d+AybKiZT82esczAkHCIBkwYubzQ=
+github.com/IBM/platform-services-go-sdk v0.56.3/go.mod h1:+U6Kg7o5u/Bh4ZkLxjymSgfdpVsaWAtsMtzhwclUry0=
+github.com/IBM/project-go-sdk v0.2.0 h1:DMv0HQfS3GQHkkagZ4E2vt1H1paN5Gh357K9izeaGj8=
+github.com/IBM/project-go-sdk v0.2.0/go.mod h1:lqe0M4cKvABI1iHR1b+KfasVcxQL6nl2VJ8eOyQs8Ig=
 github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5 h1:NPUhkoOCRuv3OFWt19PmwjXGGTKlvmbuPg9fUrBUNe4=
 github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5/go.mod h1:b07XHUVh0XYnQE9s2mqgjYST1h9buaQNqN4EcKhOsX0=
 github.com/IBM/sarama v1.41.2 h1:ZDBZfGPHAD4uuAtSv4U22fRZBgst0eEwGFzLj0fb85c=

ibm/flex/structures.go

@@ -1639,7 +1639,11 @@ func FlattenV2PolicyResource(resource iampolicymanagementv1.V2PolicyResource) []
 	if len(customAttributes) > 0 {
 		out := make(map[string]string)
 		for _, a := range customAttributes {
-			out[*a.Key] = fmt.Sprint(a.Value)
+			if *a.Operator == "stringExists" && a.Value == true {
+				out[*a.Key] = fmt.Sprint("*")
+			} else if *a.Operator == "stringMatch" || *a.Operator == "stringEquals" {
+				out[*a.Key] = fmt.Sprint(a.Value)
+			}
 		}
 		l["attributes"] = out
 	}
@@ -3345,10 +3349,12 @@ func GetResourceAttribute(name string, r iampolicymanagementv1.PolicyResource) *
 
 func GetV2PolicyResourceAttribute(key string, r iampolicymanagementv1.V2PolicyResource) string {
 	for _, a := range r.Attributes {
-		if *a.Key == key &&
-			(*a.Operator == "stringMatch" ||
-				*a.Operator == "stringEquals") {
-			return a.Value.(string)
+		if *a.Key == key {
+			if *a.Operator == "stringExists" && a.Value == true {
+				return fmt.Sprint("*")
+			} else if *a.Operator == "stringMatch" || *a.Operator == "stringEquals" {
+				return a.Value.(string)
+			}
 		}
 	}
 	return *core.StringPtr("")
@@ -3363,15 +3369,15 @@ func GetSubjectAttribute(name string, s iampolicymanagementv1.PolicySubject) *st
 	return core.StringPtr("")
 }
 
-func GetV2PolicySubjectAttribute(key string, s iampolicymanagementv1.V2PolicySubject) *string {
+func GetV2PolicySubjectAttribute(key string, s iampolicymanagementv1.V2PolicySubject) interface{} {
 	for _, a := range s.Attributes {
 		if *a.Key == key &&
 			(*a.Operator == "stringMatch" ||
 				*a.Operator == "stringEquals") {
 			return a.Value
 		}
 	}
-	return core.StringPtr("")
+	return interface{}(core.StringPtr(""))
 }
 
 func SetResourceAttribute(name *string, value *string, r []iampolicymanagementv1.ResourceAttribute) []iampolicymanagementv1.ResourceAttribute {
@@ -3512,18 +3518,28 @@ func GetRoleNamesFromPolicyResponse(policy iampolicymanagementv1.V2PolicyTemplat
 	controlResponse := policy.Control.(*iampolicymanagementv1.ControlResponse)
 	policyRoles := MapRolesToPolicyRoles(controlResponse.Grant.Roles)
 	resourceAttributes := policy.Resource.Attributes
+	subjectAttributes := policy.Subject.Attributes
 
 	userDetails, err := meta.(conns.ClientSession).BluemixUserDetails()
 	if err != nil {
 		return []string{}, err
 	}
 
 	var (
-		serviceName    string
-		resourceType   string
-		serviceGroupID string
+		serviceName       string
+		sourceServiceName string
+		resourceType      string
+		serviceGroupID    string
 	)
 
+	for _, a := range subjectAttributes {
+		if *a.Key == "serviceName" &&
+			(*a.Operator == "stringMatch" ||
+				*a.Operator == "stringEquals") {
+			sourceServiceName = a.Value.(string)
+		}
+	}
+
 	for _, a := range resourceAttributes {
 		if *a.Key == "serviceName" &&
 			(*a.Operator == "stringMatch" ||
@@ -3550,6 +3566,11 @@ func GetRoleNamesFromPolicyResponse(policy iampolicymanagementv1.V2PolicyTemplat
 	if accountManagement, ok := d.GetOk("account_management"); ok {
 		isAccountManagementPolicy = accountManagement.(bool)
 	}
+
+	if serviceName == "" && resourceType == "resource-group" {
+		serviceName = "resource-controller"
+	}
+
 	if serviceName == "" && // no specific service specified
 		!isAccountManagementPolicy && // not all account management services
 		resourceType != "resource-group" && // not to a resource group
@@ -3565,6 +3586,14 @@ func GetRoleNamesFromPolicyResponse(policy iampolicymanagementv1.V2PolicyTemplat
 		listRoleOptions.ServiceGroupID = &serviceGroupID
 	}
 
+	if sourceServiceName != "" {
+		listRoleOptions.SourceServiceName = &sourceServiceName
+	}
+
+	if *policy.Type != "" {
+		listRoleOptions.PolicyType = policy.Type
+	}
+
 	roleList, _, err := iamPolicyManagementClient.ListRoles(listRoleOptions)
 
 	if err != nil {

ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule_test.go

@@ -13,6 +13,11 @@ import (
 	acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest"
 )
 
+const (
+	testAccountID = "12ab34cd56ef78ab90cd12ef34ab56cd"
+	testZoneID    = "559052eb8f43302824e7ae490c0281eb"
+)
+
 func TestAccIBMCbrRuleDataSourceBasic(t *testing.T) {
 	resource.Test(t, resource.TestCase{
 		PreCheck:  func() { acc.TestAccPreCheck(t) },
@@ -77,13 +82,13 @@ func testAccCheckIBMCbrRuleDataSourceConfigBasic() string {
   			contexts {
     			attributes {
       				name = "networkZoneId"
-      				value = "559052eb8f43302824e7ae490c0281eb"
+      				value = "%s"
     			}
   			}
   			resources {
     			attributes {
       				name = "accountId"
-      				value = "12ab34cd56ef78ab90cd12ef34ab56cd"
+      				value = "%s"
     			}
     			attributes {
       				name = "serviceName"
@@ -94,7 +99,7 @@ func testAccCheckIBMCbrRuleDataSourceConfigBasic() string {
 		data "ibm_cbr_rule" "cbr_rule" {
 			rule_id = ibm_cbr_rule.cbr_rule.id
 		}
-	`)
+	`, testZoneID, testAccountID)
 }
 
 func testAccCheckIBMCbrRuleDataSourceConfig(ruleDescription string, ruleEnforcementMode string) string {
@@ -104,13 +109,13 @@ func testAccCheckIBMCbrRuleDataSourceConfig(ruleDescription string, ruleEnforcem
 			contexts {
     			attributes {
       				name = "networkZoneId"
-      				value = "559052eb8f43302824e7ae490c0281eb"
+      				value = "%s"
     			}
 			}
 			resources {
 				attributes {
       				name = "accountId"
-      				value = "12ab34cd56ef78ab90cd12ef34ab56cd"
+      				value = "%s"
     			}
     			attributes {
       				name = "serviceName"
@@ -133,5 +138,5 @@ func testAccCheckIBMCbrRuleDataSourceConfig(ruleDescription string, ruleEnforcem
 		data "ibm_cbr_rule" "cbr_rule" {
 			rule_id = ibm_cbr_rule.cbr_rule.id
 		}
-	`, ruleDescription, ruleEnforcementMode)
+	`, ruleDescription, testZoneID, testAccountID, ruleEnforcementMode)
 }

ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone_test.go

@@ -45,7 +45,7 @@ func TestAccIBMCbrZoneDataSourceBasic(t *testing.T) {
 
 func TestAccIBMCbrZoneDataSourceAllArgs(t *testing.T) {
 	zoneName := fmt.Sprintf("tf_name_%d", acctest.RandIntRange(10, 100))
-	zoneAccountID := "12ab34cd56ef78ab90cd12ef34ab56cd"
+	zoneAccountID := testAccountID
 	zoneDescription := fmt.Sprintf("tf_description_%d", acctest.RandIntRange(10, 100))
 
 	resource.Test(t, resource.TestCase{
@@ -86,7 +86,7 @@ func testAccCheckIBMCbrZoneDataSourceConfigBasic() string {
 		resource "ibm_cbr_zone" "cbr_zone" {
 			name = "Test Zone Data Source Config Basic"
 			description = "Test Zone Data Source Config Basic"
-			account_id = "12ab34cd56ef78ab90cd12ef34ab56cd"
+			account_id = "%s"
 			addresses {
 				type = "ipRange"
 				value = "169.23.22.0-169.23.22.255"
@@ -96,7 +96,7 @@ func testAccCheckIBMCbrZoneDataSourceConfigBasic() string {
 		data "ibm_cbr_zone" "cbr_zone" {
 			zone_id = ibm_cbr_zone.cbr_zone.id
 		}
-	`)
+	`, testAccountID)
 }
 
 func testAccCheckIBMCbrZoneDataSourceConfig(zoneName string, zoneAccountID string, zoneDescription string) string {

ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule.go

@@ -35,7 +35,7 @@ func ResourceIBMCbrRule() *schema.Resource {
 			},
 			"contexts": &schema.Schema{
 				Type:        schema.TypeList,
-				Required:    true,
+				Optional:    true,
 				Description: "The contexts this rule applies to.",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
@@ -122,6 +122,7 @@ func ResourceIBMCbrRule() *schema.Resource {
 				Type:        schema.TypeList,
 				MaxItems:    1,
 				Optional:    true,
+				Computed:    true,
 				Description: "The operations this rule applies to.",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
@@ -144,7 +145,7 @@ func ResourceIBMCbrRule() *schema.Resource {
 			"enforcement_mode": &schema.Schema{
 				Type:         schema.TypeString,
 				Optional:     true,
-				Default:      "enabled",
+				Computed:     true,
 				ValidateFunc: validate.InvokeValidator("ibm_cbr_rule", "enforcement_mode"),
 				Description:  "The rule enforcement mode: * `enabled` - The restrictions are enforced and reported. This is the default. * `disabled` - The restrictions are disabled. Nothing is enforced or reported. * `report` - The restrictions are evaluated and reported, but not enforced.",
 			},
@@ -252,8 +253,8 @@ func resourceIBMCbrRuleCreate(context context.Context, d *schema.ResourceData, m
 	if _, ok := d.GetOk("description"); ok {
 		createRuleOptions.SetDescription(d.Get("description").(string))
 	}
+	contexts := []contextbasedrestrictionsv1.RuleContext{}
 	if _, ok := d.GetOk("contexts"); ok {
-		var contexts []contextbasedrestrictionsv1.RuleContext
 		for _, e := range d.Get("contexts").([]interface{}) {
 			value := e.(map[string]interface{})
 			contextsItem, err := resourceIBMCbrRuleMapToRuleContext(value)
@@ -262,8 +263,8 @@ func resourceIBMCbrRuleCreate(context context.Context, d *schema.ResourceData, m
 			}
 			contexts = append(contexts, *contextsItem)
 		}
-		createRuleOptions.SetContexts(contexts)
 	}
+	createRuleOptions.SetContexts(contexts)
 	if _, ok := d.GetOk("resources"); ok {
 		var resources []contextbasedrestrictionsv1.Resource
 		for _, e := range d.Get("resources").([]interface{}) {
@@ -408,8 +409,8 @@ func resourceIBMCbrRuleUpdate(context context.Context, d *schema.ResourceData, m
 	if _, ok := d.GetOk("description"); ok {
 		replaceRuleOptions.SetDescription(d.Get("description").(string))
 	}
+	contexts := []contextbasedrestrictionsv1.RuleContext{}
 	if _, ok := d.GetOk("contexts"); ok {
-		var contexts []contextbasedrestrictionsv1.RuleContext
 		for _, e := range d.Get("contexts").([]interface{}) {
 			value := e.(map[string]interface{})
 			contextsItem, err := resourceIBMCbrRuleMapToRuleContext(value)
@@ -418,8 +419,8 @@ func resourceIBMCbrRuleUpdate(context context.Context, d *schema.ResourceData, m
 			}
 			contexts = append(contexts, *contextsItem)
 		}
-		replaceRuleOptions.SetContexts(contexts)
 	}
+	replaceRuleOptions.SetContexts(contexts)
 	if _, ok := d.GetOk("resources"); ok {
 		var resources []contextbasedrestrictionsv1.Resource
 		for _, e := range d.Get("resources").([]interface{}) {