diff --git a/README.md b/README.md
index 51630f9..7fee5e5 100644
--- a/README.md
+++ b/README.md
@@ -146,7 +146,7 @@ statement instead the previous block.
|------|-------------|------|---------|:--------:|
| [cos\_kms\_crn](#input\_cos\_kms\_crn) | Key Protect service instance CRN used to encrypt the COS buckets used by the watsonx projects. Required if `enable_cos_kms_encryption` is true. | `string` | `null` | no |
| [cos\_kms\_key\_crn](#input\_cos\_kms\_key\_crn) | Key Protect key CRN used to encrypt the COS buckets used by the watsonx projects. If not set, then the cos\_kms\_new\_key\_name must be specified. | `string` | `null` | no |
-| [cos\_kms\_new\_key\_name](#input\_cos\_kms\_new\_key\_name) | Name of the Key Protect key to create for encrypting the COS buckets used by the watsonx projects. | `string` | `""` | no |
+| [cos\_kms\_new\_key\_name](#input\_cos\_kms\_new\_key\_name) | Name of the Key Protect key to create for encrypting the COS buckets used by the watsonx projects. | `string` | `"storage-delegation-key"` | no |
| [cos\_kms\_ring\_id](#input\_cos\_kms\_ring\_id) | The identifier of the Key Protect ring to create the cos\_kms\_new\_key\_name into. If it is not set, then the new key will be created in the default ring. | `string` | `null` | no |
| [cos\_plan](#input\_cos\_plan) | The plan that's used to provision the Cloud Object Storage instance. | `string` | `"standard"` | no |
| [enable\_cos\_kms\_encryption](#input\_enable\_cos\_kms\_encryption) | Flag to enable COS KMS encryption. If set to true, a value must be passed for `cos_kms_crn`. | `bool` | `true` | no |
diff --git a/common-dev-assets b/common-dev-assets
index 0f1f11e..97bdd73 160000
--- a/common-dev-assets
+++ b/common-dev-assets
@@ -1 +1 @@
-Subproject commit 0f1f11eb807b936a39b2a41106b5c26afd4b2b03
+Subproject commit 97bdd73a486309b2d03c68e4836d2c5bbc9b3591
diff --git a/main.tf b/main.tf
index 1d0719b..21120bb 100644
--- a/main.tf
+++ b/main.tf
@@ -62,6 +62,8 @@ locals {
# tflint-ignore: terraform_unused_declarations
validate_encryption_inputs = var.enable_cos_kms_encryption && (var.cos_kms_crn == null || var.cos_kms_crn == "") ? tobool("A value must be passed for 'cos_kms_crn' when 'enable_cos_kms_encryption' is set to true") : true
+ # tflint-ignore: terraform_unused_declarations
+ validate_enable_cos_kms_encryption = (var.cos_kms_crn != null || var.cos_kms_key_crn != null) && var.enable_cos_kms_encryption == false ? tobool("If a value for 'cos_kms_crn' or 'cos_kms_key_crn' is passed then 'enable_cos_kms_encryption' must be set to true") : true
}
data "ibm_iam_auth_token" "restapi" {
diff --git a/storage_delegation/variables.tf b/storage_delegation/variables.tf
index 4ef33b1..903ba1a 100644
--- a/storage_delegation/variables.tf
+++ b/storage_delegation/variables.tf
@@ -32,7 +32,7 @@ variable "cos_kms_key_crn" {
variable "cos_kms_new_key_name" {
description = "Name of the Key Protect key to create for encrypting the COS buckets used by the watsonx projects."
type = string
- default = ""
+ default = "storage-delegation-key"
}
variable "cos_kms_ring_id" {
diff --git a/tests/pr_test.go b/tests/pr_test.go
index edf128c..d7ee255 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -152,11 +152,12 @@ func TestWithExistingKP(t *testing.T) {
},
},
TerraformVars: map[string]interface{}{
- "location": validRegions[rand.Intn(len(validRegions))],
- "resource_group_name": prefix,
- "provider_visibility": "public",
- "cos_kms_crn": terraform.Output(t, existingTerraformOptions, "key_protect_crn"),
- "cos_kms_key_crn": terraform.Output(t, existingTerraformOptions, "kms_key_crn"),
+ "location": validRegions[rand.Intn(len(validRegions))],
+ "resource_group_name": prefix,
+ "provider_visibility": "public",
+ "enable_cos_kms_encryption": true,
+ "cos_kms_crn": terraform.Output(t, existingTerraformOptions, "key_protect_crn"),
+ "cos_kms_key_crn": terraform.Output(t, existingTerraformOptions, "kms_key_crn"),
},
})
@@ -178,3 +179,88 @@ func TestWithExistingKP(t *testing.T) {
}
}
+
+func TestRunUpgradeExistingKP(t *testing.T) {
+ t.Parallel()
+
+ // ------------------------------------------------------------------------------------
+ // Provision KP first
+ // ------------------------------------------------------------------------------------
+
+ prefix := fmt.Sprintf("kp-ut-%s", strings.ToLower(random.UniqueId()))
+ realTerraformDir := "./resources/kp-instance"
+ tempTerraformDir, _ := files.CopyTerraformFolderToTemp(realTerraformDir, fmt.Sprintf(prefix+"-%s", strings.ToLower(random.UniqueId())))
+ region := "us-south"
+
+ // Verify ibmcloud_api_key variable is set
+ checkVariable := "TF_VAR_ibmcloud_api_key"
+ val, present := os.LookupEnv(checkVariable)
+ require.True(t, present, checkVariable+" environment variable not set")
+ require.NotEqual(t, "", val, checkVariable+" environment variable is empty")
+
+ logger.Log(t, "Tempdir: ", tempTerraformDir)
+ existingTerraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+ TerraformDir: tempTerraformDir,
+ Vars: map[string]interface{}{
+ "prefix": prefix,
+ "region": region,
+ },
+ // Set Upgrade to true to ensure latest version of providers and modules are used by terratest.
+ // This is the same as setting the -upgrade=true flag with terraform.
+ Upgrade: true,
+ })
+
+ terraform.WorkspaceSelectOrNew(t, existingTerraformOptions, prefix)
+ _, existErr := terraform.InitAndApplyE(t, existingTerraformOptions)
+ if existErr != nil {
+ assert.True(t, existErr == nil, "Init and Apply of temp existing resource failed")
+ } else {
+
+ // ------------------------------------------------------------------------------------
+ // Upgrade test for watsonx DA passing in existing KP details
+ // ------------------------------------------------------------------------------------
+
+ options := testhelper.TestOptionsDefault(&testhelper.TestOptions{
+ Testing: t,
+ TerraformDir: rootDaDir,
+ Prefix: "existing-kp-upg",
+ IgnoreDestroys: testhelper.Exemptions{ // Ignore for consistency check
+ List: []string{
+ "module.configure_user.null_resource.configure_user",
+ "module.configure_user.null_resource.restrict_access",
+ },
+ },
+ IgnoreUpdates: testhelper.Exemptions{ // Ignore for consistency check
+ List: []string{
+ "module.configure_user.null_resource.configure_user",
+ "module.configure_user.null_resource.restrict_access",
+ },
+ },
+ TerraformVars: map[string]interface{}{
+ "location": validRegions[rand.Intn(len(validRegions))],
+ "resource_group_name": prefix,
+ "provider_visibility": "public",
+ "enable_cos_kms_encryption": true,
+ "cos_kms_crn": terraform.Output(t, existingTerraformOptions, "key_protect_crn"),
+ "cos_kms_key_crn": terraform.Output(t, existingTerraformOptions, "kms_key_crn"),
+ },
+ })
+
+ output, err := options.RunTestUpgrade()
+ assert.Nil(t, err, "This should not have errored")
+ assert.NotNil(t, output, "Expected some output")
+ }
+
+ // Check if "DO_NOT_DESTROY_ON_FAILURE" is set
+ envVal, _ := os.LookupEnv("DO_NOT_DESTROY_ON_FAILURE")
+ // Destroy the temporary existing resources if required
+ if t.Failed() && strings.ToLower(envVal) == "true" {
+ fmt.Println("Terratest failed. Debug the test and delete resources manually.")
+ } else {
+ logger.Log(t, "START: Destroy (existing resources)")
+ terraform.Destroy(t, existingTerraformOptions)
+ terraform.WorkspaceDelete(t, existingTerraformOptions, prefix)
+ logger.Log(t, "END: Destroy (existing resources)")
+ }
+
+}
diff --git a/variables.tf b/variables.tf
index 792db94..733d36c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -281,7 +281,7 @@ variable "cos_kms_key_crn" {
variable "cos_kms_new_key_name" {
description = "Name of the Key Protect key to create for encrypting the COS buckets used by the watsonx projects."
type = string
- default = ""
+ default = "storage-delegation-key"
}
variable "cos_kms_ring_id" {