fix: remove sm-crn and add sm-region (#41)

Author: rajatagarwal-ibm

cra-config.yaml

@@ -20,5 +20,5 @@ CRA_TARGETS:
       TF_VAR_watson_machine_learning_instance_resource_name: "test-machine-learning-instance"
       TF_VAR_inventory_repo_url: "https://us-south.git.cloud.ibm.com/yada.yada/04181-inventory-repo.git"
       TF_VAR_signing_key: "dummy value"
-      TF_VAR_secrets_manager_crn: "dummy crn"
       TF_VAR_secrets_manager_guid: "dummy guid"
+      TF_VAR_secrets_manager_region: "us-south"

solutions/banking/main.tf

@@ -32,11 +32,11 @@ module "cos" {
 # secrets manager secrets - IBM IAM API KEY
 module "secrets_manager_secret_ibm_iam" {
   providers = {
-    ibm = ibm.ibm_resources
+    ibm = ibm.sm_resources
   }
   source                  = "terraform-ibm-modules/secrets-manager-secret/ibm"
   version                 = "1.3.0"
-  region                  = var.toolchain_region
+  region                  = var.secrets_manager_region
   secrets_manager_guid    = var.secrets_manager_guid
   secret_name             = "ibmcloud-api-key"
   secret_description      = "IBM IAM Api key"
@@ -47,11 +47,11 @@ module "secrets_manager_secret_ibm_iam" {
 # secrets manager secrets - IBM signing key
 module "secrets_manager_secret_signing_key" {
   providers = {
-    ibm = ibm.ibm_resources
+    ibm = ibm.sm_resources
   }
   source                  = "terraform-ibm-modules/secrets-manager-secret/ibm"
   version                 = "1.3.0"
-  region                  = var.toolchain_region
+  region                  = var.secrets_manager_region
   secrets_manager_guid    = var.secrets_manager_guid
   secret_name             = "signing-key"
   secret_description      = "IBM Signing GPG key"

solutions/banking/outputs.tf

@@ -32,8 +32,3 @@ output "discovery_project_id" {
   description = "WatsonX Discovery Project ID."
   value       = data.external.discovery_project_id.result.discovery_project_id
 }
-
-output "secrets_manager_crn" {
-  description = "Secrets Manager CRN."
-  value       = var.secrets_manager_crn
-}

solutions/banking/provider.tf

@@ -4,6 +4,12 @@ provider "ibm" {
   region           = var.toolchain_region
 }
 
+provider "ibm" {
+  alias            = "sm_resources"
+  ibmcloud_api_key = var.ibmcloud_api_key
+  region           = var.secrets_manager_region
+}
+
 provider "ibm" {
   ibmcloud_api_key = var.watsonx_admin_api_key != null ? var.watsonx_admin_api_key : var.ibmcloud_api_key
   region           = var.toolchain_region

solutions/banking/variables.tf

@@ -101,12 +101,12 @@ variable "signing_key" {
   sensitive   = true
 }
 
-variable "secrets_manager_crn" {
-  description = "Secrets Manager CRN where the API key and signing key will be stored."
+variable "secrets_manager_guid" {
+  description = "Secrets Manager GUID where the API key and signing key will be stored."
   type        = string
 }
 
-variable "secrets_manager_guid" {
-  description = "Secrets Manager GUID where the API key and signing key will be stored."
+variable "secrets_manager_region" {
+  description = "The region where the Secrets Manager instance previously created reside."
   type        = string
 }

tests/pr_test.go

@@ -79,7 +79,7 @@ func TestRunBankingSolutions(t *testing.T) {
 				"watson_machine_learning_instance_guid":          terraform.Output(t, existingTerraformOptions, "watson_machine_learning_instance_guid"),
 				"watson_machine_learning_instance_resource_name": terraform.Output(t, existingTerraformOptions, "watson_machine_learning_instance_resource_name"),
 				"secrets_manager_guid":                           terraform.Output(t, existingTerraformOptions, "secrets_manager_guid"),
-				"secrets_manager_crn":                            terraform.Output(t, existingTerraformOptions, "secrets_manager_crn"),
+				"secrets_manager_region":                         region,
 				"signing_key":                                    terraform.Output(t, existingTerraformOptions, "signing_key"),
 			},
 		})

tests/resources/existing-resources/outputs.tf

@@ -53,11 +53,6 @@ output "secrets_manager_guid" {
   description = "GUID of Secrets Manager instance."
 }
 
-output "secrets_manager_crn" {
-  value       = module.secrets_manager.secrets_manager_crn
-  description = "CRN of the Secrets Manager instance."
-}
-
 output "signing_key" {
   value       = local.signing_key_payload
   sensitive   = true

tests/scripts/pre-validation.sh

@@ -42,7 +42,7 @@ TF_VARS_FILE="terraform.tfvars"
   use_existing_resource_group_var_name="use_existing_resource_group"
   create_continuous_delivery_service_instance_var_name="create_continuous_delivery_service_instance"
   secrets_manager_guid_var_name="secrets_manager_guid"
-  secrets_manager_crn_var_name="secrets_manager_crn"
+  secrets_manager_region_var_name="secrets_manager_region"
   signing_key_var_name="signing_key"
 
   resource_group_name_value=$(terraform output -state=terraform.tfstate -raw resource_group_name)
@@ -57,7 +57,6 @@ TF_VARS_FILE="terraform.tfvars"
   use_existing_resource_group_value=true
   create_continuous_delivery_service_instance_value=false
   secrets_manager_guid_value=$(terraform output -state=terraform.tfstate -raw secrets_manager_guid)
-  secrets_manager_crn_value=$(terraform output -state=terraform.tfstate -raw secrets_manager_crn)
   signing_key_value=$(terraform output -state=terraform.tfstate -raw signing_key)
 
   echo "Appending required input variable values to ${JSON_FILE}.."
@@ -93,9 +92,9 @@ TF_VARS_FILE="terraform.tfvars"
         --arg use_existing_resource_group_value "${use_existing_resource_group_value}" \
         --arg create_continuous_delivery_service_instance_var_name "${create_continuous_delivery_service_instance_var_name}" \
         --arg create_continuous_delivery_service_instance_value "${create_continuous_delivery_service_instance_value}" \
-        --arg secrets_manager_crn_var_name "${secrets_manager_crn_var_name}" \
-        --arg secrets_manager_crn_value "${secrets_manager_crn_value}" \
         --arg secrets_manager_guid_var_name "${secrets_manager_guid_var_name}" \
+        --arg secrets_manager_region_var_name "${secrets_manager_region_var_name}" \
+        --arg secrets_manager_region_value "${REGION}" \
         --arg secrets_manager_guid_value "${secrets_manager_guid_value}" \
         --arg signing_key_var_name "${signing_key_var_name}" \
         --arg signing_key_value "${signing_key_value}" \
@@ -114,8 +113,8 @@ TF_VARS_FILE="terraform.tfvars"
           ($use_existing_resource_group_var_name): $use_existing_resource_group_value,
           ($create_continuous_delivery_service_instance_var_name): $create_continuous_delivery_service_instance_value,
           ($watson_machine_learning_instance_resource_name_var_name): $watson_machine_learning_instance_resource_name_value,
-          ($secrets_manager_crn_var_name): $secrets_manager_crn_value,
           ($secrets_manager_guid_var_name): $secrets_manager_guid_value,
+          ($secrets_manager_region_var_name): $secrets_manager_region_value,
           ($signing_key_var_name): $signing_key_value}' "${JSON_FILE}" > tmpfile && mv tmpfile "${JSON_FILE}" || exit 1
 
   echo "Pre-validation complete successfully"