fix: do not create kms key if existing SM instance is passed (#110)

Author: akocbek

solutions/standard/main.tf

@@ -27,7 +27,7 @@ module "kms" {
   providers = {
     ibm = ibm.kms
   }
-  count                       = var.existing_secrets_manager_kms_key_crn != null ? 0 : 1 # no need to create any KMS resources if passing an existing key, or bucket
+  count                       = var.existing_secrets_manager_crn != null || var.existing_secrets_manager_kms_key_crn != null ? 0 : 1 # no need to create any KMS resources if passing an existing key, or bucket
   source                      = "terraform-ibm-modules/kms-all-inclusive/ibm"
   version                     = "4.8.5"
   create_key_protect_instance = false
@@ -90,7 +90,7 @@ module "iam_secrets_engine" {
   count                = var.iam_engine_enabled ? 1 : 0
   source               = "terraform-ibm-modules/secrets-manager-iam-engine/ibm"
   version              = "1.1.0"
-  region               = var.region
+  region               = local.secrets_manager_region
   iam_engine_name      = var.prefix != null ? "${var.prefix}-${var.iam_engine_name}" : var.iam_engine_name
   secrets_manager_guid = local.secrets_manager_guid
   endpoint_type        = var.allowed_network == "private-only" ? "private" : "public"

solutions/standard/outputs.tf

@@ -15,7 +15,7 @@ output "secrets_manager_guid" {
 
 output "secrets_manager_id" {
   description = "ID of Secrets Manager instance"
-  value       = var.existing_secrets_manager_crn == null ? module.secrets_manager[0].secrets_manager_id : null
+  value       = var.existing_secrets_manager_crn == null ? module.secrets_manager[0].secrets_manager_id : local.secrets_manager_guid
 }
 
 output "secrets_manager_name" {

tests/pr_test.go

@@ -152,7 +152,7 @@ func TestRunExistingResourcesInstances(t *testing.T) {
 	// ------------------------------------------------------------------------------------
 	// Provision Event Notification, KMS key and resource group first
 	// ------------------------------------------------------------------------------------
-
+	region := validRegions[rand.Intn(len(validRegions))]
 	prefix := fmt.Sprintf("scc-exist-%s", strings.ToLower(random.UniqueId()))
 	realTerraformDir := "./existing-resources"
 	tempTerraformDir, _ := files.CopyTerraformFolderToTemp(realTerraformDir, fmt.Sprintf(prefix+"-%s", strings.ToLower(random.UniqueId())))
@@ -168,7 +168,7 @@ func TestRunExistingResourcesInstances(t *testing.T) {
 		TerraformDir: tempTerraformDir,
 		Vars: map[string]interface{}{
 			"prefix":        prefix,
-			"region":        validRegions[rand.Intn(len(validRegions))],
+			"region":        region,
 			"resource_tags": tags,
 		},
 		// Set Upgrade to true to ensure latest version of providers and modules are used by terratest.
@@ -188,7 +188,7 @@ func TestRunExistingResourcesInstances(t *testing.T) {
 			ImplicitRequired: false,
 			TerraformVars: map[string]interface{}{
 				"ibmcloud_api_key":                         os.Getenv("TF_VAR_ibmcloud_api_key"),
-				"region":                                   validRegions[rand.Intn(len(validRegions))],
+				"region":                                   region,
 				"resource_group_name":                      terraform.Output(t, existingTerraformOptions, "resource_group_name"),
 				"use_existing_resource_group":              true,
 				"existing_event_notification_instance_crn": terraform.Output(t, existingTerraformOptions, "event_notification_instance_crn"),