feat: added support for enabling Event Notifications integration when passing an existing secrets manager instance (#162)

Khuzaima05 · web-flow · commit 7c0c8b35e9fe · 2024-07-30T21:34:56.000+01:00
diff --git a/README.md b/README.md
@@ -68,7 +68,7 @@ You need the following permissions to run this module.
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= v1.0.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.62.0, < 2.0.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.65.0, <2.0.0 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.9.1, < 1.0.0 |
 
 ### Modules
@@ -87,6 +87,7 @@ You need the following permissions to run this module.
 | [ibm_resource_instance.secrets_manager_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |
 | [ibm_sm_en_registration.sm_en_registration](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/sm_en_registration) | resource |
 | [time_sleep.wait_for_authorization_policy](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
+| [ibm_resource_instance.sm_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/resource_instance) | data source |
 
 ### Inputs
 
@@ -98,12 +99,13 @@ You need the following permissions to run this module.
 | <a name="input_endpoint_type"></a> [endpoint\_type](#input\_endpoint\_type) | The type of endpoint (public or private) to connect to the Secrets Manager API. The Terraform provider uses this endpoint type to interact with the Secrets Manager API and configure Event Notifications. | `string` | `"public"` | no |
 | <a name="input_existing_en_instance_crn"></a> [existing\_en\_instance\_crn](#input\_existing\_en\_instance\_crn) | The CRN of the Event Notifications service to enable lifecycle notifications for your Secrets Manager instance. | `string` | `null` | no |
 | <a name="input_existing_kms_instance_guid"></a> [existing\_kms\_instance\_guid](#input\_existing\_kms\_instance\_guid) | The GUID of the Hyper Protect Crypto Services or Key Protect instance in which the key specified in `kms_key_crn` is coming from. Required only if `kms_encryption_enabled` is set to true, and `skip_kms_iam_authorization_policy` is set to false. | `string` | `null` | no |
+| <a name="input_existing_sm_instance_crn"></a> [existing\_sm\_instance\_crn](#input\_existing\_sm\_instance\_crn) | An existing Secrets Manager instance CRN. If not provided an new instance will be provisioned. | `string` | `null` | no |
 | <a name="input_kms_encryption_enabled"></a> [kms\_encryption\_enabled](#input\_kms\_encryption\_enabled) | Set this to true to control the encryption keys used to encrypt the data that you store in Secrets Manager. If set to false, the data that you store is encrypted at rest by using envelope encryption. For more details, see https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-mng-data&interface=ui#about-encryption. | `bool` | `false` | no |
 | <a name="input_kms_key_crn"></a> [kms\_key\_crn](#input\_kms\_key\_crn) | The root key CRN of a Key Management Service like Key Protect or Hyper Protect Crypto Services (HPCS) that you want to use for encryption. Only used if `kms_encryption_enabled` is set to true. | `string` | `null` | no |
-| <a name="input_region"></a> [region](#input\_region) | The region to provision the Secrets Manager instance to. | `string` | n/a | yes |
-| <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The ID of the resource group to provision the Secrets Manager instance to. | `string` | n/a | yes |
+| <a name="input_region"></a> [region](#input\_region) | The region where the resource will be provisioned.Its not required if passing a value for `existing_sm_instance_crn`. | `string` | `null` | no |
+| <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The ID of the resource group | `string` | n/a | yes |
 | <a name="input_secrets"></a> [secrets](#input\_secrets) | Secret Manager secrets configurations. | <pre>list(object({<br>    secret_group_name        = string<br>    secret_group_description = optional(string)<br>    existing_secret_group    = optional(bool, false)<br>    secrets = optional(list(object({<br>      secret_name                             = string<br>      secret_description                      = optional(string)<br>      secret_type                             = optional(string)<br>      imported_cert_certificate               = optional(string)<br>      imported_cert_private_key               = optional(string)<br>      imported_cert_intermediate              = optional(string)<br>      secret_username                         = optional(string)<br>      secret_labels                           = optional(list(string), [])<br>      secret_payload_password                 = optional(string, "")<br>      secret_auto_rotation                    = optional(bool, true)<br>      secret_auto_rotation_unit               = optional(string, "day")<br>      secret_auto_rotation_interval           = optional(number, 89)<br>      service_credentials_ttl                 = optional(string, "7776000") # 90 days<br>      service_credentials_source_service_crn  = optional(string)<br>      service_credentials_source_service_role = optional(string)<br>    })))<br>  }))</pre> | `[]` | no |
-| <a name="input_secrets_manager_name"></a> [secrets\_manager\_name](#input\_secrets\_manager\_name) | The name to give the Secrets Manager instance. | `string` | n/a | yes |
+| <a name="input_secrets_manager_name"></a> [secrets\_manager\_name](#input\_secrets\_manager\_name) | The name of the Secrets Manager instance to create | `string` | n/a | yes |
 | <a name="input_skip_en_iam_authorization_policy"></a> [skip\_en\_iam\_authorization\_policy](#input\_skip\_en\_iam\_authorization\_policy) | Set to true to skip the creation of an IAM authorization policy that permits all Secrets Manager instances (scoped to the resource group) an 'Event Source Manager' role to the given Event Notifications instance passed in the `existing_en_instance_crn` input variable. In addition, no policy is created if `enable_event_notification` is set to false. | `bool` | `false` | no |
 | <a name="input_skip_kms_iam_authorization_policy"></a> [skip\_kms\_iam\_authorization\_policy](#input\_skip\_kms\_iam\_authorization\_policy) | Set to true to skip the creation of an IAM authorization policy that permits all Secrets Manager instances in the resource group to read the encryption key from the KMS instance. If set to false, pass in a value for the KMS instance in the `existing_kms_instance_guid` variable. In addition, no policy is created if `kms_encryption_enabled` is set to false. | `bool` | `false` | no |
 | <a name="input_sm_service_plan"></a> [sm\_service\_plan](#input\_sm\_service\_plan) | The Secrets Manager plan to provision. | `string` | `"standard"` | no |
diff --git a/examples/basic/version.tf b/examples/basic/version.tf
@@ -6,7 +6,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.62.0"
+      version = "1.65.0"
     }
   }
 }
diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -8,7 +8,7 @@ This examples handles the provisioning of a new Secrets Manager instance.
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= v1.0.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.62.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.65.0 |
 
 ### Modules
 
diff --git a/examples/complete/version.tf b/examples/complete/version.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">= 1.62.0"
+      version = ">= 1.65.0"
     }
   }
 }
diff --git a/examples/fscloud/version.tf b/examples/fscloud/version.tf
@@ -4,7 +4,7 @@ terraform {
     # Use latest version of provider in non-basic examples to verify latest version works with module
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">=1.62.0, <2.0.0"
+      version = ">=1.65.0, <2.0.0"
     }
   }
 }
diff --git a/main.tf b/main.tf
@@ -15,10 +15,25 @@ locals {
   validate_event_notification = var.enable_event_notification && var.existing_en_instance_crn == null ? tobool("When setting var.enable_event_notification to true, a value must be passed for var.existing_en_instance_crn") : true
   # tflint-ignore: terraform_unused_declarations
   validate_endpoint = var.enable_event_notification && var.endpoint_type == "public" && var.allowed_network == "private-only" ? tobool("It is not allowed to have conflicting var.endpoint_type and var.allowed_network values.") : true
+  # tflint-ignore: terraform_unused_declarations
+  validate_region = var.existing_sm_instance_crn == null && var.region == null ? tobool("When existing_sm_instance_crn is null, a value must be passed for var.region") : true
+}
+
+locals {
+  parsed_existing_sm_instance_crn = var.existing_sm_instance_crn != null ? split(":", var.existing_sm_instance_crn) : []
+  existing_sm_guid                = length(local.parsed_existing_sm_instance_crn) > 0 ? local.parsed_existing_sm_instance_crn[7] : null
+  existing_sm_region              = length(local.parsed_existing_sm_instance_crn) > 0 ? local.parsed_existing_sm_instance_crn[5] : null
+}
+
+
+data "ibm_resource_instance" "sm_instance" {
+  count      = var.existing_sm_instance_crn == null ? 0 : 1
+  identifier = var.existing_sm_instance_crn
 }
 
 # Create Secrets Manager Instance
 resource "ibm_resource_instance" "secrets_manager_instance" {
+  count             = var.existing_sm_instance_crn == null ? 1 : 0
   depends_on        = [ibm_iam_authorization_policy.kms_policy]
   name              = var.secrets_manager_name
   service           = "secrets-manager"
@@ -65,7 +80,8 @@ resource "time_sleep" "wait_for_authorization_policy" {
 
 
 locals {
-  secrets_manager_guid = tolist(ibm_resource_instance.secrets_manager_instance[*].guid)[0]
+  secrets_manager_guid   = var.existing_sm_instance_crn != null ? local.existing_sm_guid : tolist(ibm_resource_instance.secrets_manager_instance[*].guid)[0]
+  secrets_manager_region = var.existing_sm_instance_crn != null ? local.existing_sm_region : var.region
 }
 
 ##############################################################################
@@ -123,7 +139,7 @@ resource "ibm_sm_en_registration" "sm_en_registration" {
   count                                  = var.enable_event_notification ? 1 : 0
   depends_on                             = [time_sleep.wait_for_authorization_policy]
   instance_id                            = local.secrets_manager_guid
-  region                                 = var.region
+  region                                 = local.secrets_manager_region
   event_notifications_instance_crn       = var.existing_en_instance_crn
   event_notifications_source_description = "Secret Manager"
   event_notifications_source_name        = var.secrets_manager_name
@@ -137,7 +153,7 @@ resource "ibm_sm_en_registration" "sm_en_registration" {
 module "secrets" {
   source                      = "./modules/secrets"
   existing_sm_instance_guid   = local.secrets_manager_guid
-  existing_sm_instance_region = var.region
+  existing_sm_instance_region = local.secrets_manager_region
   secrets                     = var.secrets
   endpoint_type               = var.endpoint_type
 }
diff --git a/moved.tf b/moved.tf
@@ -2,3 +2,8 @@ moved {
   from = ibm_iam_authorization_policy.policy
   to   = ibm_iam_authorization_policy.kms_policy
 }
+
+moved {
+  from = ibm_resource_instance.secrets_manager_instance
+  to   = ibm_resource_instance.secrets_manager_instance[0]
+}
diff --git a/outputs.tf b/outputs.tf
@@ -8,22 +8,23 @@ output "secrets_manager_guid" {
 }
 
 output "secrets_manager_id" {
-  value       = ibm_resource_instance.secrets_manager_instance.id
+  value       = var.existing_sm_instance_crn != null ? var.existing_sm_instance_crn : ibm_resource_instance.secrets_manager_instance[0].crn
   description = "ID of the Secrets Manager instance"
 }
 
+
 output "secrets_manager_name" {
-  value       = ibm_resource_instance.secrets_manager_instance.name
+  value       = var.existing_sm_instance_crn != null ? data.ibm_resource_instance.sm_instance[0].name : ibm_resource_instance.secrets_manager_instance[0].name
   description = "Name of the Secrets Manager instance"
 }
 
 output "secrets_manager_crn" {
-  value       = ibm_resource_instance.secrets_manager_instance.crn
+  value       = var.existing_sm_instance_crn != null ? var.existing_sm_instance_crn : ibm_resource_instance.secrets_manager_instance[0].crn
   description = "CRN of the Secrets Manager instance"
 }
 
 output "secrets_manager_region" {
-  value       = var.region
+  value       = var.existing_sm_instance_crn != null ? local.existing_sm_region : var.region
   description = "Region of the Secrets Manager instance"
 }
 
diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
@@ -18,7 +18,7 @@ module "resource_group" {
 # KMS Key
 #######################################################################################################################
 locals {
-  kms_key_crn       = var.existing_secrets_manager_crn == null ? (var.existing_secrets_manager_kms_key_crn != null ? var.existing_secrets_manager_kms_key_crn : module.kms[0].keys[format("%s.%s", local.kms_key_ring_name, local.kms_key_name)].crn) : null
+  kms_key_crn       = var.existing_secrets_manager_crn == null ? (var.existing_secrets_manager_kms_key_crn != null ? var.existing_secrets_manager_kms_key_crn : module.kms[0].keys[format("%s.%s", local.kms_key_ring_name, local.kms_key_name)].crn) : var.existing_secrets_manager_kms_key_crn
   kms_key_ring_name = var.prefix != null ? "${var.prefix}-${var.kms_key_ring_name}" : var.kms_key_ring_name
   kms_key_name      = var.prefix != null ? "${var.prefix}-${var.kms_key_name}" : var.kms_key_name
 
@@ -91,22 +91,22 @@ module "kms" {
 
 locals {
   parsed_existing_secrets_manager_crn = var.existing_secrets_manager_crn != null ? split(":", var.existing_secrets_manager_crn) : []
-  secrets_manager_guid                = var.existing_secrets_manager_crn != null ? (length(local.parsed_existing_secrets_manager_crn) > 0 ? local.parsed_existing_secrets_manager_crn[7] : null) : module.secrets_manager[0].secrets_manager_guid
-  secrets_manager_crn                 = var.existing_secrets_manager_crn != null ? var.existing_secrets_manager_crn : module.secrets_manager[0].secrets_manager_crn
-  secrets_manager_region              = var.existing_secrets_manager_crn != null ? (length(local.parsed_existing_secrets_manager_crn) > 0 ? local.parsed_existing_secrets_manager_crn[5] : null) : module.secrets_manager[0].secrets_manager_region
+  secrets_manager_guid                = var.existing_secrets_manager_crn != null ? (length(local.parsed_existing_secrets_manager_crn) > 0 ? local.parsed_existing_secrets_manager_crn[7] : null) : module.secrets_manager.secrets_manager_guid
+  secrets_manager_crn                 = var.existing_secrets_manager_crn != null ? var.existing_secrets_manager_crn : module.secrets_manager.secrets_manager_crn
+  secrets_manager_region              = var.existing_secrets_manager_crn != null ? (length(local.parsed_existing_secrets_manager_crn) > 0 ? local.parsed_existing_secrets_manager_crn[5] : null) : module.secrets_manager.secrets_manager_region
   sm_endpoint_type                    = var.existing_secrets_manager_crn != null ? var.existing_secrets_endpoint_type : var.allowed_network == "private-only" ? "private" : "public"
 }
 
 module "secrets_manager" {
-  count                = var.existing_secrets_manager_crn != null ? 0 : 1
-  depends_on           = [time_sleep.wait_for_authorization_policy]
-  source               = "../.."
-  resource_group_id    = module.resource_group[0].resource_group_id
-  region               = var.region
-  secrets_manager_name = var.prefix != null ? "${var.prefix}-${var.secrets_manager_instance_name}" : var.secrets_manager_instance_name
-  sm_service_plan      = var.service_plan
-  allowed_network      = var.allowed_network
-  sm_tags              = var.secret_manager_tags
+  depends_on               = [time_sleep.wait_for_authorization_policy]
+  source                   = "../.."
+  existing_sm_instance_crn = var.existing_secrets_manager_crn
+  resource_group_id        = var.existing_secrets_manager_crn == null ? module.resource_group[0].resource_group_id : data.ibm_resource_instance.existing_sm[0].resource_group_id
+  region                   = var.region
+  secrets_manager_name     = var.prefix != null ? "${var.prefix}-${var.secrets_manager_instance_name}" : var.secrets_manager_instance_name
+  sm_service_plan          = var.service_plan
+  allowed_network          = var.allowed_network
+  sm_tags                  = var.secret_manager_tags
   # kms dependency
   kms_encryption_enabled            = true
   existing_kms_instance_guid        = local.existing_kms_guid
diff --git a/solutions/standard/outputs.tf b/solutions/standard/outputs.tf
@@ -15,11 +15,11 @@ output "secrets_manager_guid" {
 
 output "secrets_manager_id" {
   description = "ID of Secrets Manager instance. Same value as secrets_manager_guid"
-  value       = var.existing_secrets_manager_crn == null ? module.secrets_manager[0].secrets_manager_id : local.secrets_manager_guid
+  value       = var.existing_secrets_manager_crn == null ? module.secrets_manager.secrets_manager_id : local.secrets_manager_guid
 }
 
 output "secrets_manager_name" {
-  value       = var.existing_secrets_manager_crn == null ? module.secrets_manager[0].secrets_manager_name : data.ibm_resource_instance.existing_sm[0].resource_name
+  value       = var.existing_secrets_manager_crn == null ? module.secrets_manager.secrets_manager_name : data.ibm_resource_instance.existing_sm[0].resource_name
   description = "Name of the Secrets Manager instance"
 }
 
diff --git a/tests/existing-resources/main.tf b/tests/existing-resources/main.tf
@@ -54,15 +54,10 @@ module "key_protect" {
 ##############################################################################
 
 module "secrets_manager" {
-  source                     = "../.."
-  resource_group_id          = module.resource_group.resource_group_id
-  region                     = var.region
-  secrets_manager_name       = "${var.prefix}-secrets-manager" #tfsec:ignore:general-secrets-no-plaintext-exposure
-  sm_service_plan            = "trial"
-  sm_tags                    = var.resource_tags
-  kms_encryption_enabled     = true
-  existing_kms_instance_guid = module.key_protect.kms_guid
-  kms_key_crn                = module.key_protect.keys["${var.prefix}-sm.${var.prefix}-sm-key"].crn
-  enable_event_notification  = true
-  existing_en_instance_crn   = module.event_notifications.crn
+  source               = "../.."
+  resource_group_id    = module.resource_group.resource_group_id
+  region               = var.region
+  secrets_manager_name = "${var.prefix}-secrets-manager" #tfsec:ignore:general-secrets-no-plaintext-exposure
+  sm_service_plan      = "trial"
+  sm_tags              = var.resource_tags
 }
diff --git a/tests/pr_test.go b/tests/pr_test.go
@@ -198,6 +198,7 @@ func TestRunExistingResourcesInstances(t *testing.T) {
 				"iam_engine_enabled":                       true,
 				"private_engine_enabled":                   true,
 				"existing_secrets_endpoint_type":           "public",
+				"allowed_network":                          "public-and-private",
 			},
 		})
 
diff --git a/variables.tf b/variables.tf
@@ -1,20 +1,20 @@
 ##############################################################################
 # Input Variables
 ##############################################################################
-
 variable "resource_group_id" {
   type        = string
-  description = "The ID of the resource group to provision the Secrets Manager instance to."
+  description = "The ID of the resource group"
 }
 
 variable "region" {
   type        = string
-  description = "The region to provision the Secrets Manager instance to."
+  description = "The region where the resource will be provisioned.Its not required if passing a value for `existing_sm_instance_crn`."
+  default     = null
 }
 
 variable "secrets_manager_name" {
   type        = string
-  description = "The name to give the Secrets Manager instance."
+  description = "The name of the Secrets Manager instance to create"
 }
 
 variable "sm_service_plan" {
@@ -67,6 +67,12 @@ variable "kms_key_crn" {
   default     = null
 }
 
+variable "existing_sm_instance_crn" {
+  type        = string
+  description = "An existing Secrets Manager instance CRN. If not provided an new instance will be provisioned."
+  default     = null
+}
+
 ##############################################################
 # Context-based restriction (CBR)
 ##############################################################
diff --git a/version.tf b/version.tf

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ terraform {`
`6`	`6`	`required_providers {`
`7`	`7`	`ibm = {`
`8`	`8`	`source = "IBM-Cloud/ibm"`
`9`		`- version = "1.62.0"`
	`9`	`+ version = "1.65.0"`
`10`	`10`	`}`
`11`	`11`	`}`
`12`	`12`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ terraform {`
`3`	`3`	`required_providers {`
`4`	`4`	`ibm = {`
`5`	`5`	`source = "IBM-Cloud/ibm"`
`6`		`- version = ">= 1.62.0"`
	`6`	`+ version = ">= 1.65.0"`
`7`	`7`	`}`
`8`	`8`	`}`
`9`	`9`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ terraform {`
`4`	`4`	`# Use latest version of provider in non-basic examples to verify latest version works with module`
`5`	`5`	`ibm = {`
`6`	`6`	`source = "IBM-Cloud/ibm"`
`7`		`- version = ">=1.62.0, <2.0.0"`
	`7`	`+ version = ">=1.65.0, <2.0.0"`
`8`	`8`	`}`
`9`	`9`	`}`
`10`	`10`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2,3 +2,8 @@ moved {`
`2`	`2`	`from = ibm_iam_authorization_policy.policy`
`3`	`3`	`to = ibm_iam_authorization_policy.kms_policy`
`4`	`4`	`}`
	`5`	`+`
	`6`	`+moved {`
	`7`	`+ from = ibm_resource_instance.secrets_manager_instance`
	`8`	`+ to = ibm_resource_instance.secrets_manager_instance[0]`
	`9`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -8,22 +8,23 @@ output "secrets_manager_guid" {`
`8`	`8`	`}`
`9`	`9`
`10`	`10`	`output "secrets_manager_id" {`
`11`		`- value = ibm_resource_instance.secrets_manager_instance.id`
	`11`	`+ value = var.existing_sm_instance_crn != null ? var.existing_sm_instance_crn : ibm_resource_instance.secrets_manager_instance[0].crn`
`12`	`12`	`description = "ID of the Secrets Manager instance"`
`13`	`13`	`}`
`14`	`14`
	`15`	`+`
`15`	`16`	`output "secrets_manager_name" {`
`16`		`- value = ibm_resource_instance.secrets_manager_instance.name`
	`17`	`+ value = var.existing_sm_instance_crn != null ? data.ibm_resource_instance.sm_instance[0].name : ibm_resource_instance.secrets_manager_instance[0].name`
`17`	`18`	`description = "Name of the Secrets Manager instance"`
`18`	`19`	`}`
`19`	`20`
`20`	`21`	`output "secrets_manager_crn" {`
`21`		`- value = ibm_resource_instance.secrets_manager_instance.crn`
	`22`	`+ value = var.existing_sm_instance_crn != null ? var.existing_sm_instance_crn : ibm_resource_instance.secrets_manager_instance[0].crn`
`22`	`23`	`description = "CRN of the Secrets Manager instance"`
`23`	`24`	`}`
`24`	`25`
`25`	`26`	`output "secrets_manager_region" {`
`26`		`- value = var.region`
	`27`	`+ value = var.existing_sm_instance_crn != null ? local.existing_sm_region : var.region`
`27`	`28`	`description = "Region of the Secrets Manager instance"`
`28`	`29`	`}`
`29`	`30`
Original file line number	Diff line number	Diff line change
`@@ -15,11 +15,11 @@ output "secrets_manager_guid" {`
`15`	`15`
`16`	`16`	`output "secrets_manager_id" {`
`17`	`17`	`description = "ID of Secrets Manager instance. Same value as secrets_manager_guid"`
`18`		`- value = var.existing_secrets_manager_crn == null ? module.secrets_manager[0].secrets_manager_id : local.secrets_manager_guid`
	`18`	`+ value = var.existing_secrets_manager_crn == null ? module.secrets_manager.secrets_manager_id : local.secrets_manager_guid`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`output "secrets_manager_name" {`
`22`		`- value = var.existing_secrets_manager_crn == null ? module.secrets_manager[0].secrets_manager_name : data.ibm_resource_instance.existing_sm[0].resource_name`
	`22`	`+ value = var.existing_secrets_manager_crn == null ? module.secrets_manager.secrets_manager_name : data.ibm_resource_instance.existing_sm[0].resource_name`
`23`	`23`	`description = "Name of the Secrets Manager instance"`
`24`	`24`	`}`
`25`	`25`