From 857e1fd52f8e5564b7de3df7a12b2252a85a0a88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Conall=20=C3=93=20Cofaigh?= <ocofaigh@ie.ibm.com>
Date: Tue, 12 Nov 2024 21:00:30 +0000
Subject: [PATCH] fix: fix bug when setting `use_ibm_owned_encryption_key` to
 true in the DA (#522)

---
 solutions/standard/main.tf      |  4 ++--
 solutions/standard/variables.tf |  2 +-
 tests/pr_test.go                | 24 ++++++++++++++++++++++++
 3 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
index 75063a42..9fe2e832 100644
--- a/solutions/standard/main.tf
+++ b/solutions/standard/main.tf
@@ -64,7 +64,7 @@ module "kms" {
   providers = {
     ibm = ibm.kms
   }
-  count                       = var.existing_kms_key_crn != null ? 0 : 1 # no need to create any KMS resources if passing an existing key or using IBM owned keys
+  count                       = var.existing_kms_key_crn != null || var.use_ibm_owned_encryption_key ? 0 : 1 # no need to create any KMS resources if passing an existing key or using IBM owned keys
   source                      = "terraform-ibm-modules/kms-all-inclusive/ibm"
   version                     = "4.16.8"
   create_key_protect_instance = false
@@ -133,7 +133,7 @@ module "backup_kms" {
   providers = {
     ibm = ibm.kms
   }
-  count                       = var.existing_backup_kms_key_crn != null ? 0 : var.existing_backup_kms_instance_crn != null ? 1 : 0
+  count                       = var.use_ibm_owned_encryption_key ? 0 : var.existing_backup_kms_key_crn != null ? 0 : var.existing_backup_kms_instance_crn != null ? 1 : 0
   source                      = "terraform-ibm-modules/kms-all-inclusive/ibm"
   version                     = "4.16.8"
   create_key_protect_instance = false
diff --git a/solutions/standard/variables.tf b/solutions/standard/variables.tf
index 6b164a3e..220555f4 100644
--- a/solutions/standard/variables.tf
+++ b/solutions/standard/variables.tf
@@ -216,7 +216,7 @@ variable "auto_scaling" {
 ##############################################################
 
 variable "use_ibm_owned_encryption_key" {
-  type        = string
+  type        = bool
   description = "Set to true to use the default IBM Cloud® Databases randomly generated keys for disk and backups encryption."
   default     = false
 }
diff --git a/tests/pr_test.go b/tests/pr_test.go
index 94707a25..555e2663 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -122,6 +122,30 @@ func TestRunStandardSolution(t *testing.T) {
 	assert.NotNil(t, output, "Expected some output")
 }
 
+// Test the DA when using IBM owned encryption keys
+func TestRunStandardSolutionIBMKeys(t *testing.T) {
+	t.Parallel()
+
+	options := testhelper.TestOptionsDefault(&testhelper.TestOptions{
+		Testing:       t,
+		TerraformDir:  standardSolutionTerraformDir,
+		Region:        "us-south",
+		Prefix:        "postgres-icd-key",
+		ResourceGroup: resourceGroup,
+	})
+
+	options.TerraformVars = map[string]interface{}{
+		"pg_version":                   "16",
+		"provider_visibility":          "public",
+		"resource_group_name":          options.Prefix,
+		"use_ibm_owned_encryption_key": true,
+	}
+
+	output, err := options.RunTestConsistency()
+	assert.Nil(t, err, "This should not have errored")
+	assert.NotNil(t, output, "Expected some output")
+}
+
 func TestRunStandardUpgradeSolution(t *testing.T) {
 	t.Parallel()