fix: update policies (#511)

terraform-ibm-modules · Nov 15, 2024 · 44204d9 · 44204d9
1 parent c707658
commit 44204d9
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 6 deletions.
diff --git a/main.tf b/main.tf
@@ -994,7 +994,7 @@ module "devsecops_cc_toolchain" {
 # Random string for webhook token
 resource "random_string" "webhook_secret" {
   count      = (var.autostart) ? 1 : 0
-  depends_on = [module.devsecops_ci_toolchain[0].ci_pipeline_id, module.devsecops_ci_toolchain[0].app_repo_url]
+  depends_on = [module.devsecops_ci_toolchain[0].ci_pipeline_id, module.devsecops_ci_toolchain[0].app_repo_url, module.prereqs]
   length     = 48
   special    = false
   upper      = false

diff --git a/prereqs/main.tf b/prereqs/main.tf
@@ -106,19 +106,18 @@ resource "ibm_iam_service_policy" "cd_policy" {
 resource "ibm_iam_service_policy" "kube_policy" {
   count          = ((var.create_kubernetes_access_policy == true) && (local.create_pipeline_api_key == true)) ? 1 : 0
   iam_service_id = ibm_iam_service_id.pipeline_service_id[0].id
-  roles          = ["Editor"]
+  roles          = ["Manager", "Editor"]
   resources {
-    service           = "kubernetes"
-    resource_group_id = data.ibm_resource_group.resource_group.id
+    service = "containers-kubernetes"
   }
 }
 
 resource "ibm_iam_service_policy" "ce_policy" {
   count          = ((var.create_code_engine_access_policy) && (local.create_pipeline_api_key == true)) ? 1 : 0
   iam_service_id = ibm_iam_service_id.pipeline_service_id[0].id
-  roles          = ["Editor"]
+  roles          = ["Manager", "Editor"]
   resources {
-    service           = "code-engine"
+    service           = "codeengine"
     resource_group_id = data.ibm_resource_group.resource_group.id
   }
 }