fix: fix bug when setting use_ibm_owned_encryption_key to true in t…

…he DA (#522)
terraform-ibm-modules · Nov 12, 2024 · 857e1fd · 857e1fd
1 parent bd9c2aa
commit 857e1fd
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 3 deletions.
diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
@@ -64,7 +64,7 @@ module "kms" {
   providers = {
     ibm = ibm.kms
   }
-  count                       = var.existing_kms_key_crn != null ? 0 : 1 # no need to create any KMS resources if passing an existing key or using IBM owned keys
+  count                       = var.existing_kms_key_crn != null || var.use_ibm_owned_encryption_key ? 0 : 1 # no need to create any KMS resources if passing an existing key or using IBM owned keys
   source                      = "terraform-ibm-modules/kms-all-inclusive/ibm"
   version                     = "4.16.8"
   create_key_protect_instance = false
@@ -133,7 +133,7 @@ module "backup_kms" {
   providers = {
     ibm = ibm.kms
   }
-  count                       = var.existing_backup_kms_key_crn != null ? 0 : var.existing_backup_kms_instance_crn != null ? 1 : 0
+  count                       = var.use_ibm_owned_encryption_key ? 0 : var.existing_backup_kms_key_crn != null ? 0 : var.existing_backup_kms_instance_crn != null ? 1 : 0
   source                      = "terraform-ibm-modules/kms-all-inclusive/ibm"
   version                     = "4.16.8"
   create_key_protect_instance = false

diff --git a/solutions/standard/variables.tf b/solutions/standard/variables.tf
@@ -216,7 +216,7 @@ variable "auto_scaling" {
 ##############################################################
 
 variable "use_ibm_owned_encryption_key" {
-  type        = string
+  type        = bool
   description = "Set to true to use the default IBM Cloud® Databases randomly generated keys for disk and backups encryption."
   default     = false
 }

diff --git a/tests/pr_test.go b/tests/pr_test.go
@@ -122,6 +122,30 @@ func TestRunStandardSolution(t *testing.T) {
 	assert.NotNil(t, output, "Expected some output")
 }
 
+// Test the DA when using IBM owned encryption keys
+func TestRunStandardSolutionIBMKeys(t *testing.T) {
+	t.Parallel()
+
+	options := testhelper.TestOptionsDefault(&testhelper.TestOptions{
+		Testing:       t,
+		TerraformDir:  standardSolutionTerraformDir,
+		Region:        "us-south",
+		Prefix:        "postgres-icd-key",
+		ResourceGroup: resourceGroup,
+	})
+
+	options.TerraformVars = map[string]interface{}{
+		"pg_version":                   "16",
+		"provider_visibility":          "public",
+		"resource_group_name":          options.Prefix,
+		"use_ibm_owned_encryption_key": true,
+	}
+
+	output, err := options.RunTestConsistency()
+	assert.Nil(t, err, "This should not have errored")
+	assert.NotNil(t, output, "Expected some output")
+}
+
 func TestRunStandardUpgradeSolution(t *testing.T) {
 	t.Parallel()