From 1c52dd40e13d5608f9b496614c55a140cf32b219 Mon Sep 17 00:00:00 2001
From: huayuenh <huayuenh@ie.ibm.com>
Date: Fri, 15 Nov 2024 12:42:58 +0000
Subject: [PATCH 1/2] chore: update policies

---
 main.tf         | 2 +-
 prereqs/main.tf | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/main.tf b/main.tf
index c69a4fb..609a2d2 100644
--- a/main.tf
+++ b/main.tf
@@ -994,7 +994,7 @@ module "devsecops_cc_toolchain" {
 # Random string for webhook token
 resource "random_string" "webhook_secret" {
   count      = (var.autostart) ? 1 : 0
-  depends_on = [module.devsecops_ci_toolchain[0].ci_pipeline_id, module.devsecops_ci_toolchain[0].app_repo_url]
+  depends_on = [module.devsecops_ci_toolchain[0].ci_pipeline_id, module.devsecops_ci_toolchain[0].app_repo_url, module.prereqs]
   length     = 48
   special    = false
   upper      = false
diff --git a/prereqs/main.tf b/prereqs/main.tf
index eb1b043..99a9bd9 100644
--- a/prereqs/main.tf
+++ b/prereqs/main.tf
@@ -106,9 +106,9 @@ resource "ibm_iam_service_policy" "cd_policy" {
 resource "ibm_iam_service_policy" "kube_policy" {
   count          = ((var.create_kubernetes_access_policy == true) && (local.create_pipeline_api_key == true)) ? 1 : 0
   iam_service_id = ibm_iam_service_id.pipeline_service_id[0].id
-  roles          = ["Editor"]
+  roles          = ["Manager", "Editor"]
   resources {
-    service           = "kubernetes"
+    service           = "containers-kubernetes"
     resource_group_id = data.ibm_resource_group.resource_group.id
   }
 }
@@ -116,9 +116,9 @@ resource "ibm_iam_service_policy" "kube_policy" {
 resource "ibm_iam_service_policy" "ce_policy" {
   count          = ((var.create_code_engine_access_policy) && (local.create_pipeline_api_key == true)) ? 1 : 0
   iam_service_id = ibm_iam_service_id.pipeline_service_id[0].id
-  roles          = ["Editor"]
+  roles          = ["Manager", "Editor"]
   resources {
-    service           = "code-engine"
+    service           = "codeengine"
     resource_group_id = data.ibm_resource_group.resource_group.id
   }
 }

From 028544995d00adeb6dcda2a07c9c5ba473fb9fb8 Mon Sep 17 00:00:00 2001
From: huayuenh <huayuenh@ie.ibm.com>
Date: Fri, 15 Nov 2024 14:36:31 +0000
Subject: [PATCH 2/2] fix: permissions

---
 prereqs/main.tf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/prereqs/main.tf b/prereqs/main.tf
index 99a9bd9..2691c88 100644
--- a/prereqs/main.tf
+++ b/prereqs/main.tf
@@ -108,8 +108,7 @@ resource "ibm_iam_service_policy" "kube_policy" {
   iam_service_id = ibm_iam_service_id.pipeline_service_id[0].id
   roles          = ["Manager", "Editor"]
   resources {
-    service           = "containers-kubernetes"
-    resource_group_id = data.ibm_resource_group.resource_group.id
+    service = "containers-kubernetes"
   }
 }