feat: scope all auth policies to individual keys/buckets

[toddgiguere]

Description

Proposed changes to scope all of the KMS and COS auth policies to their individual targets (keys or buckets) instead of instance targets.

Release required?

• No release
• Patch release (x.x.X)
• Minor release (x.X.x)
• Major release (X.x.x)

Release notes content

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

• If relevant, a test for the change is included or updated with this PR.
• If relevant, documentation for the change is included or updated with this PR.

For mergers

• Use a conventional commit message to set the release level. Follow the guidelines.
• Include information that users need to know about the PR in the commit message. The commit message becomes part of the GitHub release notes.
• Use the Squash and merge option.

[toddgiguere]

/run pipeline

[ocofaigh]

/run pipeline

[ocofaigh]

Upgrade test needs to be skipped

[toddgiguere]

Had committed the SKIP UPGRADE but forgot to push, running pipeline now.

[toddgiguere]

/run pipeline

[ocofaigh]

/run pipeline

[toddgiguere]

@ocofaigh I think my rescope of the auth policies has affected the vsi-extension pattern. I can't tell yet if it is the actual pattern that needs to be fixed, or if it is our test that needs to be adjusted.

The error is with flow logs not having auth to the COS bucket. I need to look at the actual test (which I think first provisions "existing resources").

[toddgiguere]

/run pipeline

[toddgiguere]

/run pipeline

[toddgiguere]

/run pipeline

[terraform-ibm-modules-ops]

🎉 This PR is included in version 7.0.0 🎉

The release is available on:

• GitHub release
• v7.0.0

Your semantic-release bot 📦🚀