set default for kpk in storage delegation

README.md

@@ -146,7 +146,7 @@ statement instead the previous block.
 |------|-------------|------|---------|:--------:|
 | <a name="input_cos_kms_crn"></a> [cos\_kms\_crn](#input\_cos\_kms\_crn) | Key Protect service instance CRN used to encrypt the COS buckets used by the watsonx projects. Required if `enable_cos_kms_encryption` is true. | `string` | `null` | no |
 | <a name="input_cos_kms_key_crn"></a> [cos\_kms\_key\_crn](#input\_cos\_kms\_key\_crn) | Key Protect key CRN used to encrypt the COS buckets used by the watsonx projects. If not set, then the cos\_kms\_new\_key\_name must be specified. | `string` | `null` | no |
-| <a name="input_cos_kms_new_key_name"></a> [cos\_kms\_new\_key\_name](#input\_cos\_kms\_new\_key\_name) | Name of the Key Protect key to create for encrypting the COS buckets used by the watsonx projects. | `string` | `""` | no |
+| <a name="input_cos_kms_new_key_name"></a> [cos\_kms\_new\_key\_name](#input\_cos\_kms\_new\_key\_name) | Name of the Key Protect key to create for encrypting the COS buckets used by the watsonx projects. | `string` | `"storage-delegation-key"` | no |
 | <a name="input_cos_kms_ring_id"></a> [cos\_kms\_ring\_id](#input\_cos\_kms\_ring\_id) | The identifier of the Key Protect ring to create the cos\_kms\_new\_key\_name into. If it is not set, then the new key will be created in the default ring. | `string` | `null` | no |
 | <a name="input_cos_plan"></a> [cos\_plan](#input\_cos\_plan) | The plan that's used to provision the Cloud Object Storage instance. | `string` | `"standard"` | no |
 | <a name="input_enable_cos_kms_encryption"></a> [enable\_cos\_kms\_encryption](#input\_enable\_cos\_kms\_encryption) | Flag to enable COS KMS encryption. If set to true, a value must be passed for `cos_kms_crn`. | `bool` | `true` | no |

storage_delegation/variables.tf

@@ -32,7 +32,7 @@ variable "cos_kms_key_crn" {
 variable "cos_kms_new_key_name" {
   description = "Name of the Key Protect key to create for encrypting the COS buckets used by the watsonx projects."
   type        = string
-  default     = ""
+  default     = "storage-delegation-key"
 }
 
 variable "cos_kms_ring_id" {

tests/pr_test.go

@@ -178,3 +178,87 @@ func TestWithExistingKP(t *testing.T) {
 	}
 
 }
+
+func TestRunUpgradeExistingKP(t *testing.T) {
+	t.Parallel()
+
+	// ------------------------------------------------------------------------------------
+	// Provision KP first
+	// ------------------------------------------------------------------------------------
+
+	prefix := fmt.Sprintf("kp-ut-%s", strings.ToLower(random.UniqueId()))
+	realTerraformDir := "./resources/kp-instance"
+	tempTerraformDir, _ := files.CopyTerraformFolderToTemp(realTerraformDir, fmt.Sprintf(prefix+"-%s", strings.ToLower(random.UniqueId())))
+	region := "us-south"
+
+	// Verify ibmcloud_api_key variable is set
+	checkVariable := "TF_VAR_ibmcloud_api_key"
+	val, present := os.LookupEnv(checkVariable)
+	require.True(t, present, checkVariable+" environment variable not set")
+	require.NotEqual(t, "", val, checkVariable+" environment variable is empty")
+
+	logger.Log(t, "Tempdir: ", tempTerraformDir)
+	existingTerraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+		TerraformDir: tempTerraformDir,
+		Vars: map[string]interface{}{
+			"prefix": prefix,
+			"region": region,
+		},
+		// Set Upgrade to true to ensure latest version of providers and modules are used by terratest.
+		// This is the same as setting the -upgrade=true flag with terraform.
+		Upgrade: true,
+	})
+
+	terraform.WorkspaceSelectOrNew(t, existingTerraformOptions, prefix)
+	_, existErr := terraform.InitAndApplyE(t, existingTerraformOptions)
+	if existErr != nil {
+		assert.True(t, existErr == nil, "Init and Apply of temp existing resource failed")
+	} else {
+
+		// ------------------------------------------------------------------------------------
+		// Upgrade test for watsonx DA passing in existing KP details
+		// ------------------------------------------------------------------------------------
+
+		options := testhelper.TestOptionsDefault(&testhelper.TestOptions{
+			Testing:      t,
+			TerraformDir: rootDaDir,
+			Prefix:       "existing-kp-upg",
+			IgnoreDestroys: testhelper.Exemptions{ // Ignore for consistency check
+				List: []string{
+					"module.configure_user.null_resource.configure_user",
+					"module.configure_user.null_resource.restrict_access",
+				},
+			},
+			IgnoreUpdates: testhelper.Exemptions{ // Ignore for consistency check
+				List: []string{
+					"module.configure_user.null_resource.configure_user",
+					"module.configure_user.null_resource.restrict_access",
+				},
+			},
+			TerraformVars: map[string]interface{}{
+				"location":            validRegions[rand.Intn(len(validRegions))],
+				"resource_group_name": prefix,
+				"provider_visibility": "public",
+				"cos_kms_crn":         terraform.Output(t, existingTerraformOptions, "key_protect_crn"),
+				"cos_kms_key_crn":     terraform.Output(t, existingTerraformOptions, "kms_key_crn"),
+			},
+		})
+
+		output, err := options.RunTestUpgrade()
+		assert.Nil(t, err, "This should not have errored")
+		assert.NotNil(t, output, "Expected some output")
+	}
+
+	// Check if "DO_NOT_DESTROY_ON_FAILURE" is set
+	envVal, _ := os.LookupEnv("DO_NOT_DESTROY_ON_FAILURE")
+	// Destroy the temporary existing resources if required
+	if t.Failed() && strings.ToLower(envVal) == "true" {
+		fmt.Println("Terratest failed. Debug the test and delete resources manually.")
+	} else {
+		logger.Log(t, "START: Destroy (existing resources)")
+		terraform.Destroy(t, existingTerraformOptions)
+		terraform.WorkspaceDelete(t, existingTerraformOptions, prefix)
+		logger.Log(t, "END: Destroy (existing resources)")
+	}
+
+}

variables.tf

@@ -281,7 +281,7 @@ variable "cos_kms_key_crn" {
 variable "cos_kms_new_key_name" {
   description = "Name of the Key Protect key to create for encrypting the COS buckets used by the watsonx projects."
   type        = string
-  default     = ""
+  default     = "storage-delegation-key"
 }
 
 variable "cos_kms_ring_id" {