feat: expose new s2s iam

[alex-reiff]

Description

Expose built-in IAM engine to fscloud submodule (and DA)

Release required?

• No release
• Patch release (x.x.X)
• Minor release (x.X.x)
• Major release (X.x.x)

Release notes content

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

• If relevant, a test for the change is included or updated with this PR.
• If relevant, documentation for the change is included or updated with this PR.

For mergers

• Use a conventional commit message to set the release level. Follow the guidelines.
• Include information that users need to know about the PR in the commit message. The commit message becomes part of the GitHub release notes.
• Use the Squash and merge option.

[alex-reiff]

/run pipeline

[ocofaigh]

Why are we not consistent with the variable description in the module?

[ocofaigh]

Why are we not consistent with the variable description in the module?

[ocofaigh]

Why are we not consistent with the variable description in the module?

[ocofaigh]

I was wondering how the upgrade test is not failing as it should be destroying the old IAM engine resources (like the service ID and apikey) and after checking it seems we have no upgrade test for the DA! This is big gap. Can you please add an upgrade test for the DA (using RunSchematicUpgradeTest) in a separate PR first please (created tracking issue)?

[ocofaigh]

@alex-reiff can we address this now that upgrade test pr is merged?

[alex-reiff]

/run pipeline

[alex-reiff]

/run pipeline

[alex-reiff]

@ocofaigh DA was not creating an IAM engine before. Do we want to make that the new default?

(upgrade test failing as expected)

[ocofaigh]

@alex-reiff The DA is creating IAM engine ->

terraform-ibm-secrets-manager/solutions/standard/main.tf

Lines 123 to 131 in f12d4e9

	module "iam_secrets_engine" {
	count = var.iam_engine_enabled ? 1 : 0
	source = "terraform-ibm-modules/secrets-manager-iam-engine/ibm"
	version = "1.2.8"
	region = local.secrets_manager_region
	iam_engine_name = try("${local.prefix}-${var.iam_engine_name}", var.iam_engine_name)
	secrets_manager_guid = local.secrets_manager_guid
	endpoint_type = "private"
	}

Since this variation is actually getting replace by new variations in #300 is suggest to just leave the current DA as is, and we will only expose the new s2s auth policy in the new variation

[alex-reiff]

@ocofaigh So is there anything to do in this PR?

[alex-reiff]

/run pipeline

[alex-reiff]

/run pipeline

[ocofaigh]

@alex-reiff Remember to paste the reason for the previously failed run so we can track them. Looks like an issue with schematics talking to COS:
2025/03/19 15:44:36 Failed to upload file to object storage, %!(EXTRA string=File upload error: rpc error: code = Unavailable desc = keepalive ping failed to receive ACK within timeout)

I'll report to schematics team.

Also I see several warnings in the logs - Can you address these too (maybe create a new tracking issue and handle in new PR). I think we are passing inputs in the test that are not valid:

 2025/03/19 15:42:37 Terraform refresh | Warning: Value for undeclared variable
         2025/03/19 15:42:37 Terraform refresh | 
         2025/03/19 15:42:37 Terraform refresh | The root module does not declare a variable named "ca_name" but a value was
         2025/03/19 15:42:37 Terraform refresh | found in file "schematics.tfvars". If you meant to use this value, add a
         2025/03/19 15:42:37 Terraform refresh | "variable" block to the configuration.
         2025/03/19 15:42:37 Terraform refresh | 
         2025/03/19 15:42:37 Terraform refresh | To silence these warnings, use TF_VAR_... environment variables to provide
         2025/03/19 15:42:37 Terraform refresh | certain "global" settings to all configurations in your organization. To
         2025/03/19 15:42:37 Terraform refresh | reduce the verbosity of these warnings, use the -compact-warnings option.
         2025/03/19 15:42:37 Terraform refresh | 
         2025/03/19 15:42:37 Terraform refresh | Warning: Value for undeclared variable
         2025/03/19 15:42:37 Terraform refresh | 
         2025/03/19 15:42:37 Terraform refresh | The root module does not declare a variable named "private_engine_enabled"
         2025/03/19 15:42:37 Terraform refresh | but a value was found in file "schematics.tfvars". If you meant to use this
         2025/03/19 15:42:37 Terraform refresh | value, add a "variable" block to the configuration.
         2025/03/19 15:42:37 Terraform refresh | 
         2025/03/19 15:42:37 Terraform refresh | To silence these warnings, use TF_VAR_... environment variables to provide
         2025/03/19 15:42:37 Terraform refresh | certain "global" settings to all configurations in your organization. To
         2025/03/19 15:42:37 Terraform refresh | reduce the verbosity of these warnings, use the -compact-warnings option.
         2025/03/19 15:42:37 Terraform refresh | 
         2025/03/19 15:42:37 Terraform refresh | Warning: Values for undeclared variables
         2025/03/19 15:42:37 Terraform refresh | 
         2025/03/19 15:42:37 Terraform refresh | In addition to the other similar warnings shown, 3 other variable(s) defined
         2025/03/19 15:42:37 Terraform refresh | without being declared.

[ocofaigh]

@alex-reiff do we have a misconfigured test? Are you able to locally run this? (make run-tests-local RUN=TestRunExistingResourcesInstances)

        	Error Trace:	/__w/terraform-ibm-secrets-manager/terraform-ibm-secrets-manager/tests/pr_test.go:213
        	Error:      	Received unexpected error:
        	            	error setting workspace tar file: tar upload has failed with status FAILED - [ -ds9rp1 (eu-de.workspace.-ds9rp1.378d4092) ]
        	Test:       	TestRunExistingResourcesInstances
        	Messages:   	Schematic Test had unexpected error

Meanwhile I try trigger pipeline again..

[ocofaigh]

/run pipeline

[terraform-ibm-modules-ops]

🎉 This PR is included in version 1.25.3 🎉

The release is available on:

• GitHub release
• v1.25.3

Your semantic-release bot 📦🚀