feat: removed kms_region from the bucket DA inputs as its now progr…

…ammatically determined.<br>* The `existing_kms_instance_guid` input variable has been replaced by the `existing_kms_instance_crn` in the both bucket DA solutiona. The CRN should now be passed to it instead of the GUID. (#642)
terraform-ibm-modules · Jun 11, 2024 · 9748e04 · 9748e04
1 parent ef51c60
commit 9748e04
Show file tree

Hide file tree

Showing 9 changed files with 24 additions and 30 deletions.
diff --git a/solutions/secure-cross-regional-bucket/catalogValidationValues.json.template b/solutions/secure-cross-regional-bucket/catalogValidationValues.json.template
@@ -1,6 +1,6 @@
 {
   "ibmcloud_api_key": $VALIDATION_APIKEY,
   "bucket_name": $PREFIX,
-  "existing_kms_guid": $HPCS_US_SOUTH_GUID,
+  "existing_kms_instance_crn": $HPCS_US_SOUTH_CRN,
   "cross_region_location": "us"
 }
diff --git a/solutions/secure-cross-regional-bucket/main.tf b/solutions/secure-cross-regional-bucket/main.tf
@@ -4,14 +4,17 @@
 
 locals {
   # tflint-ignore: terraform_unused_declarations
-  validate_inputs = var.existing_kms_key_crn == null && var.existing_kms_guid == null ? tobool("A value must be passed for 'existing_kms_guid' if not supplying any value for 'existing_kms_key_crn'.") : true
+  validate_inputs = var.existing_kms_key_crn == null && var.existing_kms_instance_crn == null ? tobool("A value must be passed for 'existing_kms_instance_crn' if not supplying any value for 'existing_kms_key_crn'.") : true
+
+  existing_kms_instance_guid   = var.existing_kms_instance_crn != null ? element(split(":", var.existing_kms_instance_crn), length(split(":", var.existing_kms_instance_crn)) - 3) : null
+  existing_kms_instance_region = var.existing_kms_instance_crn != null ? element(split(":", var.existing_kms_instance_crn), length(split(":", var.existing_kms_instance_crn)) - 5) : null
 
   bucket_config = [{
     access_tags                   = var.bucket_access_tags
     bucket_name                   = var.bucket_name
     kms_encryption_enabled        = true
     add_bucket_name_suffix        = var.add_bucket_name_suffix
-    kms_guid                      = var.existing_kms_guid
+    kms_guid                      = local.existing_kms_instance_guid
     kms_key_crn                   = var.existing_kms_key_crn != null ? var.existing_kms_key_crn : module.kms[0].keys[format("%s.%s", var.key_ring_name, var.key_name)].crn
     skip_iam_authorization_policy = var.skip_iam_authorization_policy
     management_endpoint_type      = var.management_endpoint_type_for_bucket
@@ -62,8 +65,8 @@ module "kms" {
   source                      = "terraform-ibm-modules/kms-all-inclusive/ibm"
   version                     = "4.13.2"
   create_key_protect_instance = false
-  region                      = var.kms_region
-  existing_kms_instance_guid  = var.existing_kms_guid
+  region                      = local.existing_kms_instance_region
+  existing_kms_instance_guid  = local.existing_kms_instance_guid
   key_ring_endpoint_type      = var.kms_endpoint_type
   key_endpoint_type           = var.kms_endpoint_type
   keys = [

diff --git a/solutions/secure-cross-regional-bucket/provider.tf b/solutions/secure-cross-regional-bucket/provider.tf
@@ -6,5 +6,5 @@ provider "ibm" {
 provider "ibm" {
   alias            = "kms"
   ibmcloud_api_key = var.ibmcloud_api_key
-  region           = var.kms_region
+  region           = local.existing_kms_instance_region
 }
diff --git a/solutions/secure-cross-regional-bucket/variables.tf b/solutions/secure-cross-regional-bucket/variables.tf
@@ -8,16 +8,10 @@ variable "ibmcloud_api_key" {
 # KMS variables
 ########################################################################################################################
 
-variable "kms_region" {
-  type        = string
-  default     = "us-south"
-  description = "The region in which KMS instance exists."
-}
-
-variable "existing_kms_guid" {
+variable "existing_kms_instance_crn" {
   type        = string
   default     = null
-  description = "The GUID of the KMS instance that is used for the Object Storage bucket root key. Required only if a KMS root key is specified and if `skip_iam_authorization_policy` is true."
+  description = "The CRN of the KMS instance that is used for the Object Storage bucket root key. Required only if a KMS root key is specified and if `skip_iam_authorization_policy` is true."
 }
 
 variable "skip_iam_authorization_policy" {

diff --git a/solutions/secure-regional-bucket/catalogValidationValues.json.template b/solutions/secure-regional-bucket/catalogValidationValues.json.template
@@ -2,5 +2,5 @@
   "ibmcloud_api_key": $VALIDATION_APIKEY,
   "bucket_name": $PREFIX,
   "region": "us-south",
-  "existing_kms_guid": $HPCS_US_SOUTH_GUID
+  "existing_kms_instance_crn": $HPCS_US_SOUTH_CRN
 }
diff --git a/solutions/secure-regional-bucket/main.tf b/solutions/secure-regional-bucket/main.tf
@@ -4,14 +4,17 @@
 
 locals {
   # tflint-ignore: terraform_unused_declarations
-  validate_inputs = var.existing_kms_key_crn == null && var.existing_kms_guid == null ? tobool("A value must be passed for 'existing_kms_guid' if not supplying any value for 'existing_kms_key_crn'.") : true
+  validate_inputs = var.existing_kms_key_crn == null && var.existing_kms_instance_crn == null ? tobool("A value must be passed for 'existing_kms_instance_crn' if not supplying any value for 'existing_kms_key_crn'.") : true
+
+  existing_kms_instance_guid   = var.existing_kms_instance_crn != null ? element(split(":", var.existing_kms_instance_crn), length(split(":", var.existing_kms_instance_crn)) - 3) : null
+  existing_kms_instance_region = var.existing_kms_instance_crn != null ? element(split(":", var.existing_kms_instance_crn), length(split(":", var.existing_kms_instance_crn)) - 5) : null
 
   bucket_config = [{
     access_tags                   = var.bucket_access_tags
     bucket_name                   = var.bucket_name
     kms_encryption_enabled        = true
     add_bucket_name_suffix        = var.add_bucket_name_suffix
-    kms_guid                      = var.existing_kms_guid
+    kms_guid                      = local.existing_kms_instance_guid
     kms_key_crn                   = var.existing_kms_key_crn != null ? var.existing_kms_key_crn : module.kms[0].keys[format("%s.%s", var.key_ring_name, var.key_name)].crn
     skip_iam_authorization_policy = var.skip_iam_authorization_policy
     management_endpoint_type      = var.management_endpoint_type_for_bucket
@@ -67,8 +70,8 @@ module "kms" {
   source                      = "terraform-ibm-modules/kms-all-inclusive/ibm"
   version                     = "4.13.2"
   create_key_protect_instance = false
-  region                      = var.kms_region
-  existing_kms_instance_guid  = var.existing_kms_guid
+  region                      = local.existing_kms_instance_region
+  existing_kms_instance_guid  = local.existing_kms_instance_guid
   key_ring_endpoint_type      = var.kms_endpoint_type
   key_endpoint_type           = var.kms_endpoint_type
   keys = [

diff --git a/solutions/secure-regional-bucket/provider.tf b/solutions/secure-regional-bucket/provider.tf
@@ -6,5 +6,5 @@ provider "ibm" {
 provider "ibm" {
   alias            = "kms"
   ibmcloud_api_key = var.ibmcloud_api_key
-  region           = var.kms_region
+  region           = local.existing_kms_instance_region
 }
diff --git a/solutions/secure-regional-bucket/variables.tf b/solutions/secure-regional-bucket/variables.tf
@@ -8,16 +8,10 @@ variable "ibmcloud_api_key" {
 # KMS variables
 ########################################################################################################################
 
-variable "kms_region" {
-  type        = string
-  default     = "us-south"
-  description = "The region in which KMS instance exists."
-}
-
-variable "existing_kms_guid" {
+variable "existing_kms_instance_crn" {
   type        = string
   default     = null
-  description = "The GUID of the KMS instance that is used for the Object Storage bucket root key. Required only if a KMS root key is specified and if `skip_iam_authorization_policy` is true."
+  description = "The CRN of the KMS instance that is used for the Object Storage bucket root key. Required only if a KMS root key is specified and if `skip_iam_authorization_policy` is true."
 }
 
 variable "skip_iam_authorization_policy" {

diff --git a/tests/pr_test.go b/tests/pr_test.go
@@ -288,7 +288,7 @@ func TestRunSolutions(t *testing.T) {
 			TerraformVars: map[string]interface{}{
 				"bucket_name":                         fmt.Sprintf("%s-regional-bucket", prefix),
 				"region":                              region,
-				"existing_kms_guid":                   permanentResources["hpcs_south"],
+				"existing_kms_instance_crn":           permanentResources["hpcs_south_crn"],
 				"kms_endpoint_type":                   "public",
 				"management_endpoint_type_for_bucket": "public",
 				"existing_cos_instance_id":            instanceOptions.LastTestTerraformOutputs["cos_instance_id"],
@@ -308,7 +308,7 @@ func TestRunSolutions(t *testing.T) {
 				"bucket_name":                         fmt.Sprintf("%s-cross-region-bucket", prefix),
 				"cross_region_location":               "us",
 				"existing_kms_key_crn":                permanentResources["hpcs_south_root_key_crn"],
-				"existing_kms_guid":                   permanentResources["hpcs_south"],
+				"existing_kms_instance_crn":           permanentResources["hpcs_south_crn"],
 				"management_endpoint_type_for_bucket": "public",
 				"existing_cos_instance_id":            instanceOptions.LastTestTerraformOutputs["cos_instance_id"],
 			},