feat: DA solution updates:<br>- removed kms_region variable as its now programmatically determined<br>- existing_kms_root_key_id has been replaced by existing_kms_root_key_crn<br>- existing_resource_group has been renamed to use_existing_resource_group (#178)

Author: akocbek

ibm_catalog.json

@@ -50,6 +50,12 @@
                 }
               ]
             },
+            "configuration" : [
+              {
+                "key": "existing_kms_root_key_crn",
+                "required": true
+              }
+            ],
             "iam_permissions": [
               {
                 "role_crns": [

solutions/standard/catalogValidationValues.json.template

@@ -2,7 +2,6 @@
   "ibmcloud_api_key": $VALIDATION_APIKEY,
   "resource_group_name": $PREFIX,
   "tags": $TAGS,
-  "existing_kms_instance_crn": "crn:v1:bluemix:public:hs-crypto:us-south:a/abac0df06b644a9cabc6e44f55b3880e:e6dce284-e80f-46e1-a3c1-830f7adff7a9::",
-  "kms_region": "us-south",
+  "existing_kms_instance_crn": $HPCS_US_SOUTH_CRN,
   "kms_endpoint_url": "https://api.private.us-south.hs-crypto.cloud.ibm.com:8992"
 }

solutions/standard/main.tf

@@ -5,29 +5,33 @@
 module "resource_group" {
   source                       = "terraform-ibm-modules/resource-group/ibm"
   version                      = "1.1.5"
-  resource_group_name          = var.existing_resource_group == false ? var.resource_group_name : null
-  existing_resource_group_name = var.existing_resource_group == true ? var.resource_group_name : null
+  resource_group_name          = var.use_existing_resource_group == false ? var.resource_group_name : null
+  existing_resource_group_name = var.use_existing_resource_group == true ? var.resource_group_name : null
 }
 
 #######################################################################################################################
 # KMS Key
 #######################################################################################################################
 
 locals {
-  en_kms_key_id = var.existing_kms_root_key_id != null ? var.existing_kms_root_key_id : module.kms[0].keys[format("%s.%s", var.en_key_ring_name, var.en_key_name)].key_id
+  parsed_existing_kms_root_key_crn = var.existing_kms_root_key_crn != null ? split(":", var.existing_kms_root_key_crn) : []
+  existing_kms_root_key_id         = length(local.parsed_existing_kms_root_key_crn) > 0 ? local.parsed_existing_kms_root_key_crn[length(local.parsed_existing_kms_root_key_crn) - 1] : null
+  parsed_existing_kms_instance_crn = var.existing_kms_instance_crn != null ? split(":", var.existing_kms_instance_crn) : []
+  kms_region                       = length(local.parsed_existing_kms_instance_crn) > 0 ? local.parsed_existing_kms_instance_crn[5] : null
+  en_kms_key_id                    = local.existing_kms_root_key_id != null ? local.existing_kms_root_key_id : module.kms[0].keys[format("%s.%s", var.en_key_ring_name, var.en_key_name)].key_id
 }
 
 # KMS root key for Event Notifications
 module "kms" {
   providers = {
     ibm = ibm.kms
   }
-  count                       = var.existing_kms_root_key_id != null ? 0 : 1 # no need to create any KMS resources if passing an existing key
+  count                       = var.existing_kms_root_key_crn != null ? 0 : 1 # no need to create any KMS resources if passing an existing key
   source                      = "terraform-ibm-modules/kms-all-inclusive/ibm"
   version                     = "4.8.4"
   resource_group_id           = null # rg only needed if creating KP instance
   create_key_protect_instance = false
-  region                      = var.kms_region
+  region                      = local.kms_region
   existing_kms_instance_guid  = var.existing_kms_instance_crn
   key_ring_endpoint_type      = var.kms_endpoint_type
   key_endpoint_type           = var.kms_endpoint_type

solutions/standard/provider.tf

@@ -6,5 +6,5 @@ provider "ibm" {
 provider "ibm" {
   alias            = "kms"
   ibmcloud_api_key = var.ibmcloud_api_key
-  region           = var.kms_region
+  region           = local.kms_region
 }

solutions/standard/variables.tf

@@ -8,7 +8,7 @@ variable "ibmcloud_api_key" {
   sensitive   = true
 }
 
-variable "existing_resource_group" {
+variable "use_existing_resource_group" {
   type        = bool
   description = "Whether to use an existing resource group."
   default     = false
@@ -82,9 +82,9 @@ variable "existing_kms_instance_crn" {
   description = "The CRN of the Hyper Protect Crypto Services or Key Protect instance."
 }
 
-variable "existing_kms_root_key_id" {
+variable "existing_kms_root_key_crn" {
   type        = string
-  description = "The Key ID of a root key, existing in the KMS instance passed in var.existing_kms_instance_crn, which will be used to encrypt the data encryption keys (DEKs) which are then used to encrypt the data. The code will create the key if one is not passed in."
+  description = "The Key CRN of a root key, existing in the KMS instance passed in var.existing_kms_instance_crn, which will be used to encrypt the data encryption keys (DEKs) which are then used to encrypt the data. The code will create the key if one is not passed in."
   default     = null
 }
 
@@ -93,12 +93,6 @@ variable "kms_endpoint_url" {
   description = "The KMS endpoint URL to use when configuring KMS encryption. HPCS endpoint URL format- https://api.private.<REGION>.hs-crypto.cloud.ibm.com:<port> and KP endpoint URL format- https://<REGION>.kms.cloud.ibm.com. Only required if not passing existing key."
 }
 
-variable "kms_region" {
-  type        = string
-  default     = "us-south"
-  description = "The region in which KMS instance exists."
-}
-
 variable "kms_endpoint_type" {
   type        = string
   description = "The type of endpoint to be used for commincating with the KMS instance. Allowed values are: 'public' or 'private' (default). Only used if not supplying an existing root key."

tests/pr_test.go

@@ -128,7 +128,6 @@ func TestDAInSchematics(t *testing.T) {
 		{Name: "resource_group_name", Value: options.Prefix, DataType: "string"},
 		{Name: "region", Value: region, DataType: "string"},
 		{Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"},
-		{Name: "kms_region", Value: "us-south", DataType: "string"}, // KMS instance is in us-south
 		{Name: "kms_endpoint_url", Value: permanentResources["hpcs_south_private_endpoint"], DataType: "string"},
 	}