fix: cos policy creation condition and typo (#619)

* fix: typos

Author: huayuenh

README.md

@@ -657,6 +657,7 @@ statement instead the previous block.
 | <a name="output_app_repo_url"></a> [app\_repo\_url](#output\_app\_repo\_url) | The App Repo URL |
 | <a name="output_cc_pipeline_id"></a> [cc\_pipeline\_id](#output\_cc\_pipeline\_id) | The CC pipeline Id |
 | <a name="output_cd_pipeline_id"></a> [cd\_pipeline\_id](#output\_cd\_pipeline\_id) | The CD pipeline Id |
+| <a name="output_change_management_repo_tool_id"></a> [change\_management\_repo\_tool\_id](#output\_change\_management\_repo\_tool\_id) | The ID of the Change Management repo tool. |
 | <a name="output_change_management_repo_url"></a> [change\_management\_repo\_url](#output\_change\_management\_repo\_url) | The Change Management Repo URL. |
 | <a name="output_ci_pipeline_id"></a> [ci\_pipeline\_id](#output\_ci\_pipeline\_id) | The CI pipeline Id |
 | <a name="output_compliance_cc_toolchain_id"></a> [compliance\_cc\_toolchain\_id](#output\_compliance\_cc\_toolchain\_id) | The ID of the Compliance CC Toolchain |

main.tf

@@ -314,7 +314,7 @@ module "prereqs" {
   privateworker_secret_name        = var.privateworker_credentials_secret_name
   privateworker_secret_value       = var.privateworker_secret_value
   signing_key_secret_name          = var.ci_signing_key_secret_name
-  signing_certifcate_secret_name   = var.cd_code_signing_cert_secret_name
+  signing_certificate_secret_name  = var.cd_code_signing_cert_secret_name
   repo_git_token_secret_name       = var.repo_git_token_secret_name
   repo_git_token_secret_value      = var.repo_git_token_secret_value
   rotation_period                  = var.rotation_period

outputs.tf

@@ -92,4 +92,10 @@ output "icr_namespace_name" {
   value       = (var.prefix == "") ? local.registry_namespace_suffix : local.registry_namespace
 }
 
+
+output "change_management_repo_tool_id" {
+  description = "The ID of the Change Management repo tool."
+  value       = try(module.devsecops_cd_toolchain[0].change_management_repo.tool_id, "")
+}
+
 #############################################################################

prereqs/main.tf

@@ -104,6 +104,7 @@ resource "ibm_iam_service_policy" "cos_bucket_policy" {
 }
 
 resource "ibm_iam_service_policy" "cos_policy" {
+  count          = (local.create_cos_service_api_key) ? 1 : 0
   iam_service_id = ibm_iam_service_id.cos_service_id[0].id
   roles          = ["Reader"]
 
@@ -202,7 +203,7 @@ data "external" "signing_keys" {
     region             = var.sm_location
     secret_group_id    = (var.create_secret_group == false) ? data.ibm_sm_secret_group.existing_sm_secret_group[0].secret_group_id : ibm_sm_secret_group.sm_secret_group[0].secret_group_id
     signing_key_name   = var.signing_key_secret_name
-    signing_cert_name  = var.signing_certifcate_secret_name
+    signing_cert_name  = var.signing_certificate_secret_name
     rotate_signing_key = var.rotate_signing_key
   }
 }
@@ -244,7 +245,7 @@ resource "ibm_sm_arbitrary_secret" "secret_signing_certifcate" {
   region          = var.sm_location
   instance_id     = (local.sm_instance_id != "") ? local.sm_instance_id : var.sm_instance_id
   secret_group_id = (var.create_secret_group == false) ? data.ibm_sm_secret_group.existing_sm_secret_group[0].secret_group_id : ibm_sm_secret_group.sm_secret_group[0].secret_group_id
-  name            = var.signing_certifcate_secret_name
+  name            = var.signing_certificate_secret_name
   description     = "The public component of the GPG signing key for validating image signatures."
   labels          = []
   payload         = (var.signing_certificate_secret == "") ? data.external.signing_keys[0].result.publickey : var.signing_certificate_secret

prereqs/variables.tf

@@ -177,7 +177,7 @@ variable "signing_certificate_secret" {
   default     = ""
 }
 
-variable "signing_certifcate_secret_name" {
+variable "signing_certificate_secret_name" {
   type        = string
   description = "The name of the secret as it appears in Secret Manager."
   default     = "signing-certificate"