fix: fixed bug which was causing the incorrect image tag to be used for the initContainer<br>- renamed the input kernal_module_image_repository -> kernel_module_image_repository (#260)

Author: jor2

README.md

@@ -23,8 +23,8 @@ This module supports the provisioning of an agent to an IBM Cloud Red Hat OpenSh
 ## Overview
 * [terraform-ibm-monitoring-agent](#terraform-ibm-monitoring-agent)
 * [Examples](./examples)
-    * <div style="display: inline-block;"><a href="./examples/obs-agent-iks">Deploy agent in IKS cluster</a></div> <div style="display: inline-block; vertical-align: middle;"><a href="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=ma-obs-agent-iks-example&repository=github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/tree/main/examples/obs-agent-iks" target="_blank"><img src="https://cloud.ibm.com/media/docs/images/icons/Deploy_to_cloud.svg" alt="Deploy to IBM Cloud button"></a></div>
-    * <div style="display: inline-block;"><a href="./examples/obs-agent-ocp">Deploy agent in OpenShift cluster</a></div> <div style="display: inline-block; vertical-align: middle;"><a href="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=ma-obs-agent-ocp-example&repository=github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/tree/main/examples/obs-agent-ocp" target="_blank"><img src="https://cloud.ibm.com/media/docs/images/icons/Deploy_to_cloud.svg" alt="Deploy to IBM Cloud button"></a></div>
+    * <div style="display: inline-block;"><a href="./examples/obs-agent-iks">Deploy agent in IKS cluster</a></div> <div style="display: inline-block; vertical-align: middle;"><a href="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=ma-obs-agent-iks-example&repository=https://github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/tree/main/examples/obs-agent-iks" target="_blank"><img src="https://cloud.ibm.com/media/docs/images/icons/Deploy_to_cloud.svg" alt="Deploy to IBM Cloud button"></a></div>
+    * <div style="display: inline-block;"><a href="./examples/obs-agent-ocp">Deploy agent in OpenShift cluster</a></div> <div style="display: inline-block; vertical-align: middle;"><a href="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=ma-obs-agent-ocp-example&repository=https://github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/tree/main/examples/obs-agent-ocp" target="_blank"><img src="https://cloud.ibm.com/media/docs/images/icons/Deploy_to_cloud.svg" alt="Deploy to IBM Cloud button"></a></div>
 * [Contributing](#contributing)
 <!-- END OVERVIEW HOOK -->
 
@@ -141,8 +141,8 @@ No modules.
 | <a name="input_image_registry_namespace"></a> [image\_registry\_namespace](#input\_image\_registry\_namespace) | The namespace within the image registry to pull all images from. | `string` | `"ext/sysdig"` | no |
 | <a name="input_instance_region"></a> [instance\_region](#input\_instance\_region) | The region of the IBM Cloud Monitoring instance that you want to send metrics to. The region value is used to construct the ingestion and api endpoints. If you are only using the agent for security and compliance monitoring, set this to the region of your IBM Cloud Security and Compliance Center Workload Protection instance. If you have both Cloud Monitoring and Security and Compliance Center Workload Protection instances, the instances must be connected and must be in the same region to use the same agent. | `string` | n/a | yes |
 | <a name="input_is_vpc_cluster"></a> [is\_vpc\_cluster](#input\_is\_vpc\_cluster) | Specify true if the target cluster is a VPC cluster, false if it is a classic cluster. | `bool` | `true` | no |
-| <a name="input_kernal_module_image_repository"></a> [kernal\_module\_image\_repository](#input\_kernal\_module\_image\_repository) | The image repository to pull the agent kernal module initContainer image from. | `string` | `"agent-kmodule"` | no |
-| <a name="input_kernel_module_image_tag_digest"></a> [kernel\_module\_image\_tag\_digest](#input\_kernel\_module\_image\_tag\_digest) | The image tag or digest to use for the agent kernel module used by the initContainer. If using digest, it must be in the format of `X.Y.Z@sha256:xxxxx` | `string` | `"14.2.3@sha256:78c87643d1336efa62f4af8af80290f76097fde51c8d8204a5eb38d73363489d"` | no |
+| <a name="input_kernel_module_image_repository"></a> [kernel\_module\_image\_repository](#input\_kernel\_module\_image\_repository) | The image repository to pull the agent kernel module initContainer image from. | `string` | `"agent-kmodule"` | no |
+| <a name="input_kernel_module_image_tag_digest"></a> [kernel\_module\_image\_tag\_digest](#input\_kernel\_module\_image\_tag\_digest) | The image digest to use for the agent kernel module used by the initContainer. Must be in the format of `X.Y.Z@sha256:xxxxx` | `string` | `"14.2.3@sha256:78c87643d1336efa62f4af8af80290f76097fde51c8d8204a5eb38d73363489d"` | no |
 | <a name="input_max_surge"></a> [max\_surge](#input\_max\_surge) | The number of pods that can be created above the desired amount of daemonset pods during an update. If `max_surge` is set to null, the `max_surge` setting is ignored. The variable accepts absolute number or percentage value(e.g., '1' or '10%'). | `string` | `null` | no |
 | <a name="input_max_unavailable"></a> [max\_unavailable](#input\_max\_unavailable) | The maximum number of pods that can be unavailable during a DaemonSet rolling update. Accepts absolute number or percentage (e.g., '1' or '10%'). | `string` | `"1"` | no |
 | <a name="input_metrics_filter"></a> [metrics\_filter](#input\_metrics\_filter) | To filter custom metrics you can specify which metrics to include and exclude. For more info, see https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics | <pre>list(object({<br/>    include = optional(string)<br/>    exclude = optional(string)<br/>  }))</pre> | `[]` | no |

common-dev-assets

@@ -397,7 +397,7 @@
               "key": "cluster_shield_requests_memory"
             },
             {
-              "key": "kernal_module_image_repository"
+              "key": "kernel_module_image_repository"
             },
             {
               "key": "kernel_module_image_tag_digest"

ibm_catalog.json

@@ -181,8 +181,8 @@ resource "helm_release" "cloud_monitoring_agent" {
     "image":
       "repository": ${var.agent_image_repository}
     "kmoduleImage":
-      "repository": ${var.kernal_module_image_repository}
-      "tag": ${var.kernel_module_image_tag_digest}
+      "repository": ${var.kernel_module_image_repository}
+      "digest": ${var.kernel_module_image_tag_digest}
   "image":
     "registry": ${var.image_registry_base_url}
     "tag": ${var.agent_image_tag_digest}

main.tf

@@ -5,4 +5,6 @@ set -e
 daemonset=$1
 namespace=$2
 
+echo "Waiting for daemonset ${daemonset} to roll out in namespace ${namespace}..."
 kubectl rollout status ds "${daemonset}" -n "${namespace}" --timeout 30m
+echo "Daemonset ${daemonset} successfully rolled out"

scripts/confirm-rollout-status.sh

@@ -56,7 +56,7 @@ module "monitoring_agent" {
   agent_image_repository          = var.agent_image_repository
   agent_image_tag_digest          = var.agent_image_tag_digest
   kernel_module_image_tag_digest  = var.kernel_module_image_tag_digest
-  kernal_module_image_repository  = var.kernal_module_image_repository
+  kernel_module_image_repository  = var.kernel_module_image_repository
   agent_limits_cpu                = var.agent_limits_cpu
   agent_limits_memory             = var.agent_limits_memory
   agent_requests_cpu              = var.agent_requests_cpu

solutions/fully-configurable/main.tf

@@ -220,15 +220,15 @@ variable "agent_image_tag_digest" {
 }
 
 variable "kernel_module_image_tag_digest" {
-  description = "The image tag or digest to use for the agent kernel module used by the initContainer. If using digest, it must be in the format of `X.Y.Z@sha256:xxxxx`"
+  description = "The image digest to use for the agent kernel module used by the initContainer. Must be in the format of `X.Y.Z@sha256:xxxxx`"
   type        = string
   # This version is automatically managed by renovate automation - do not remove the datasource comment on next line
   default  = "14.2.3@sha256:78c87643d1336efa62f4af8af80290f76097fde51c8d8204a5eb38d73363489d" # datasource: icr.io/ext/sysdig/agent-kmodule
   nullable = false
 }
 
-variable "kernal_module_image_repository" {
-  description = "The image repository to pull the agent kernal module initContainer image from."
+variable "kernel_module_image_repository" {
+  description = "The image repository to pull the agent kernel module initContainer image from."
   type        = string
   default     = "agent-kmodule"
   nullable    = false

solutions/fully-configurable/variables.tf

@@ -2,7 +2,6 @@
 package test
 
 import (
-	"math/rand/v2"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -18,7 +17,7 @@ func TestRunAgentVpcOcp(t *testing.T) {
 		TerraformDir:  terraformDirMonitoringAgentROKS,
 		Prefix:        "obs-agent-ocp",
 		ResourceGroup: resourceGroup,
-		Region:        validRegions[rand.IntN(len(validRegions))],
+		Region:        validRegions[randInt(len(validRegions))],
 		IgnoreUpdates: testhelper.Exemptions{ // Ignore for consistency check
 			List: IgnoreUpdates,
 		},

tests/other_test.go

@@ -2,9 +2,10 @@
 package test
 
 import (
+	"crypto/rand"
 	"fmt"
 	"log"
-	"math/rand/v2"
+	"math/big"
 	"os"
 	"strings"
 	"testing"
@@ -27,6 +28,7 @@ const fullyConfigurableSolutionDir = "solutions/fully-configurable"
 const fullyConfigurableSolutionKubeconfigDir = "solutions/fully-configurable/kubeconfig"
 const terraformDirMonitoringAgentIKS = "examples/obs-agent-iks"
 const terraformDirMonitoringAgentROKS = "examples/obs-agent-ocp"
+
 const terraformVersion = "terraform_v1.12.2" // This should match the version in the ibm_catalog.json
 // Define a struct with fields that match the structure of the YAML data
 const yamlLocation = "../common-dev-assets/common-go-assets/common-permanent-resources.yaml"
@@ -54,6 +56,15 @@ var IgnoreUpdates = []string{
 // workaround for https://github.com/terraform-ibm-modules/terraform-ibm-scc-workload-protection/issues/243
 var IgnoreAdds = []string{"module.scc_wp.restapi_object.cspm"}
 
+// randInt returns a cryptographically secure random integer in the range [0, max)
+func randInt(max int) int {
+	n, err := rand.Int(rand.Reader, big.NewInt(int64(max)))
+	if err != nil {
+		log.Fatal(err)
+	}
+	return int(n.Int64())
+}
+
 // TestMain will be run before any parallel tests, used to set up a shared InfoService object to track region usage
 // for multiple tests
 func TestMain(m *testing.M) {
@@ -71,7 +82,7 @@ func TestMain(m *testing.M) {
 func TestFullyConfigurableSolution(t *testing.T) {
 	t.Parallel()
 
-	var region = validRegions[rand.IntN(len(validRegions))]
+	var region = validRegions[randInt(len(validRegions))]
 	// ------------------------------------------------------------------------------------------------------
 	// Deploy OCP Cluster and Monitoring instance since it is needed to deploy agent
 	// ------------------------------------------------------------------------------------------------------
@@ -156,7 +167,7 @@ func TestFullyConfigurableSolution(t *testing.T) {
 func TestFullyConfigurableUpgradeSolution(t *testing.T) {
 	t.Parallel()
 
-	var region = validRegions[rand.IntN(len(validRegions))]
+	var region = validRegions[randInt(len(validRegions))]
 
 	// ------------------------------------------------------------------------------------------------------
 	// Deploy OCP Cluster and Monitoring instance since it is needed to deploy agent
@@ -247,7 +258,7 @@ func TestRunAgentVpcKubernetes(t *testing.T) {
 		Testing:       t,
 		TerraformDir:  terraformDirMonitoringAgentIKS,
 		Prefix:        "obs-agent-vpc-iks",
-		Region:        validRegions[rand.IntN(len(validRegions))],
+		Region:        validRegions[randInt(len(validRegions))],
 		ResourceGroup: resourceGroup,
 		IgnoreUpdates: testhelper.Exemptions{ // Ignore for consistency check
 			List: IgnoreUpdates,
@@ -269,7 +280,7 @@ func TestRunAgentClassicKubernetes(t *testing.T) {
 		Testing:       t,
 		TerraformDir:  terraformDirMonitoringAgentIKS,
 		Prefix:        "obs-agent-iks",
-		Region:        validRegions[rand.IntN(len(validRegions))],
+		Region:        validRegions[randInt(len(validRegions))],
 		ResourceGroup: resourceGroup,
 		IgnoreUpdates: testhelper.Exemptions{ // Ignore for consistency check
 			List: IgnoreUpdates,

tests/pr_test.go

@@ -196,15 +196,15 @@ variable "agent_image_tag_digest" {
 }
 
 variable "kernel_module_image_tag_digest" {
-  description = "The image tag or digest to use for the agent kernel module used by the initContainer. If using digest, it must be in the format of `X.Y.Z@sha256:xxxxx`"
+  description = "The image digest to use for the agent kernel module used by the initContainer. Must be in the format of `X.Y.Z@sha256:xxxxx`"
   type        = string
   # This version is automatically managed by renovate automation - do not remove the datasource comment on next line
   default  = "14.2.3@sha256:78c87643d1336efa62f4af8af80290f76097fde51c8d8204a5eb38d73363489d" # datasource: icr.io/ext/sysdig/agent-kmodule
   nullable = false
 }
 
-variable "kernal_module_image_repository" {
-  description = "The image repository to pull the agent kernal module initContainer image from."
+variable "kernel_module_image_repository" {
+  description = "The image repository to pull the agent kernel module initContainer image from."
   type        = string
   default     = "agent-kmodule"
   nullable    = false