fix: removed CBR rule added twice in root module

[Aditya-ranjan-16]

Description

Removed CBR rule added twice in root module

GIT issue

Release required?

• No release
• Patch release (x.x.X)
• Minor release (x.X.x)
• Major release (X.x.x)

Release notes content

removes CBR rule added twice in root module

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

• If relevant, a test for the change is included or updated with this PR.
• If relevant, documentation for the change is included or updated with this PR.

For mergers

• Use a conventional commit message to set the release level. Follow the guidelines.
• Include information that users need to know about the PR in the commit message. The commit message becomes part of the GitHub release notes.
• Use the Squash and merge option.

[Aditya-ranjan-16]

/run pipeline

[Aditya-ranjan-16]

Following are the details on how the changes were tested locally :

• examples/advanced example was used for the test and following variables where modified/added temporarily to make it run locally:

1. In module key_protect_all_inclusive :

 key_protect_allowed_network = "public-and-private"
 key_ring_endpoint_type      = "public"
 key_endpoint_type           = "public"

2. In module cbr_zone :

addresses = [{
  .
  .
  .
  type = "ipAddress"
  value = "180.151.xxx.xx"  # IP of the local system
}]

• A KMS All-Inclusive instance was provisioned by passing a CBR rule because the advanced example used for provisioning included a CBR rule. The cbr_rules module block was then removed from the root module, and the cbr_rules variable of the key_protect module block was used to pass the CBR rules. Running terraform plan generated the following updated configuration.

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy

Terraform will perform the following actions:

  # module.cbr_zone.ibm_cbr_zone.cbr_zone[0] will be updated in-place
  ~ resource "ibm_cbr_zone" "cbr_zone" {
        id                  = "39eff9b1aa41abc6c1184ed54e18870d"
        name                = "ar-kms-network-zone"
        # (11 unchanged attributes hidden)

      ~ addresses {
            # (2 unchanged attributes hidden)

          + ref {
              + account_id   = "abac0df06b644a9cabc6e44f55b3880e"
              + service_name = "schematics"
            }
        }
    }

  # module.key_protect_all_inclusive.module.cbr_rule[0].ibm_cbr_rule.cbr_rule will be destroyed
  # (because ibm_cbr_rule.cbr_rule is not in configuration)
  - resource "ibm_cbr_rule" "cbr_rule" {
      - created_at          = "2024-12-13T06:34:36.000Z" -> null
      - created_by_id       = "IBMid-693000L636" -> null
      - crn                 = "crn:v1:bluemix:public:context-based-restrictions:global:a/abac0df06b644a9cabc6e44f55b3880e::rule:4a6f138f01083fb09a66268ed9196767" -> null
      - description         = "key-protect access only from schematics" -> null
      - enforcement_mode    = "enabled" -> null
      - etag                = "1-78d5fc71a922b4473a5c0cd5ce85ebfc" -> null
      - href                = "https://cbr.cloud.ibm.com/v1/rules/4a6f138f01083fb09a66268ed9196767" -> null
      - id                  = "4a6f138f01083fb09a66268ed9196767" -> null
      - last_modified_at    = "2024-12-13T06:34:36.000Z" -> null
      - last_modified_by_id = "IBMid-693000L636" -> null

      - contexts {
          - attributes {
              - name  = "networkZoneId" -> null
              - value = "39eff9b1aa41abc6c1184ed54e18870d" -> null
            }
        }

      - operations {
          - api_types {
              - api_type_id  = "crn:v1:bluemix:public:context-based-restrictions::::api-type:" -> null
                # (2 unchanged attributes hidden)
            }
          - api_types {
              - api_type_id  = "crn:v1:bluemix:public:context-based-restrictions::::platform-api-type:" -> null
                # (2 unchanged attributes hidden)
            }
        }

      - resources {
          - attributes {
              - name     = "accountId" -> null
              - value    = "abac0df06b644a9cabc6e44f55b3880e" -> null
                # (1 unchanged attribute hidden)
            }
          - attributes {
              - name     = "serviceInstance" -> null
              - operator = "stringEquals" -> null
              - value    = "469ce4c1-a469-4244-8bce-c16a29f3dfc1" -> null
            }
          - attributes {
              - name     = "serviceName" -> null
              - value    = "kms" -> null
                # (1 unchanged attribute hidden)
            }
        }
    }

  # module.key_protect_all_inclusive.module.key_protect[0].module.cbr_rule[0].ibm_cbr_rule.cbr_rule will be created
  + resource "ibm_cbr_rule" "cbr_rule" {
      + created_at          = (known after apply)
      + created_by_id       = (known after apply)
      + crn                 = (known after apply)
      + description         = "key-protect access only from schematics"
      + enforcement_mode    = "enabled"
      + etag                = (known after apply)
      + href                = (known after apply)
      + id                  = (known after apply)
      + last_modified_at    = (known after apply)
      + last_modified_by_id = (known after apply)

      + contexts {
          + attributes {
              + name  = "networkZoneId"
              + value = "39eff9b1aa41abc6c1184ed54e18870d"
            }
        }

      + operations {
          + api_types {
              + api_type_id  = "crn:v1:bluemix:public:context-based-restrictions::::api-type:"
              + description  = (known after apply)
              + display_name = (known after apply)
            }
          + api_types {
              + api_type_id  = "crn:v1:bluemix:public:context-based-restrictions::::platform-api-type:"
              + description  = (known after apply)
              + display_name = (known after apply)
            }
        }

      + resources {
          + attributes {
              + name     = "accountId"
              + value    = "abac0df06b644a9cabc6e44f55b3880e"
                # (1 unchanged attribute hidden)
            }
          + attributes {
              + name     = "serviceInstance"
              + operator = "stringEquals"
              + value    = "469ce4c1-a469-4244-8bce-c16a29f3dfc1"
            }
          + attributes {
              + name     = "serviceName"
              + value    = "kms"
                # (1 unchanged attribute hidden)
            }
        }
    }

Plan: 1 to add, 1 to change, 1 to destroy.

• The cbr_rules resource of the root module was getting destroyed and cbr_rules resource inside the key_protect module was being created . In order to avoid destruction of any existing resources moved block was used to point the old cbr_rules resource to the new one , using moved block generated the following plan :

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.cbr_zone.ibm_cbr_zone.cbr_zone[0] will be updated in-place
  ~ resource "ibm_cbr_zone" "cbr_zone" {
        id                  = "39eff9b1aa41abc6c1184ed54e199b16"
        name                = "ar-kms-network-zone"
        # (11 unchanged attributes hidden)

      ~ addresses {
            # (2 unchanged attributes hidden)

          + ref {
              + account_id   = "abac0df06b644a9cabc6e44f55b3880e"
              + service_name = "schematics"
            }
        }
    }

  # module.key_protect_all_inclusive.module.cbr_rule[0].ibm_cbr_rule.cbr_rule has moved to module.key_protect_all_inclusive.module.key_protect[0].module.cbr_rule[0].ibm_cbr_rule.cbr_rule
    resource "ibm_cbr_rule" "cbr_rule" {
        id                  = "39eff9b1aa41abc6c1184ed54e19a762"
        # (9 unchanged attributes hidden)

        # (3 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

• Conforming from the UI there where no additional CBR rules that were created before and after applying the above plan hence confirming that cbr_rules resource was moved successfully without breaking existing infrastructure

[Aashiq-J]

/run pipeline

[terraform-ibm-modules-ops]

🎉 This PR is included in version 4.18.2 🎉

The release is available on:

• GitHub release
• v4.18.2

Your semantic-release bot 📦🚀