fix: fix kms reference error when sm crn is set (#112)

vburckhardt · web-flow · commit e83d4175b1e3 · 2024-04-30T12:22:48.000+01:00
* fix: fix kms reference error when sm crn is set

* fix: leverage lookup by crn to return existing sm instance details

* fix: output index

* docs: fix description
diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
@@ -3,6 +3,7 @@
 ########################################################################################################################
 
 module "resource_group" {
+  count                        = var.existing_secrets_manager_crn == null ? 1 : 0
   source                       = "terraform-ibm-modules/resource-group/ibm"
   version                      = "1.1.4"
   resource_group_name          = var.use_existing_resource_group == false ? (var.prefix != null ? "${var.prefix}-${var.resource_group_name}" : var.resource_group_name) : null
@@ -13,7 +14,7 @@ module "resource_group" {
 # KMS Key
 #######################################################################################################################
 locals {
-  kms_key_crn       = var.existing_secrets_manager_kms_key_crn != null ? var.existing_secrets_manager_kms_key_crn : module.kms[0].keys[format("%s.%s", local.kms_key_ring_name, local.kms_key_name)].crn
+  kms_key_crn       = var.existing_secrets_manager_crn == null ? (var.existing_secrets_manager_kms_key_crn != null ? var.existing_secrets_manager_kms_key_crn : module.kms[0].keys[format("%s.%s", local.kms_key_ring_name, local.kms_key_name)].crn) : null
   kms_key_ring_name = var.prefix != null ? "${var.prefix}-${var.kms_key_ring_name}" : var.kms_key_ring_name
   kms_key_name      = var.prefix != null ? "${var.prefix}-${var.kms_key_name}" : var.kms_key_name
 
@@ -67,7 +68,7 @@ locals {
 module "secrets_manager" {
   count                = var.existing_secrets_manager_crn != null ? 0 : 1
   source               = "../.."
-  resource_group_id    = module.resource_group.resource_group_id
+  resource_group_id    = module.resource_group[0].resource_group_id
   region               = var.region
   secrets_manager_name = var.prefix != null ? "${var.prefix}-${var.secrets_manager_instance_name}" : var.secrets_manager_instance_name
   sm_service_plan      = var.service_plan
@@ -137,3 +138,8 @@ module "private_secret_engine" {
   certificate_template_name = var.certificate_template_name
   endpoint_type             = var.allowed_network == "private-only" ? "private" : "public"
 }
+
+data "ibm_resource_instance" "existing_sm" {
+  count      = var.existing_secrets_manager_crn == null ? 0 : 1
+  identifier = var.existing_secrets_manager_crn
+}
diff --git a/solutions/standard/outputs.tf b/solutions/standard/outputs.tf
@@ -1,11 +1,11 @@
 output "resource_group_name" {
   description = "Resource group name"
-  value       = module.resource_group.resource_group_name
+  value       = var.existing_secrets_manager_crn == null ? module.resource_group[0].resource_group_name : data.ibm_resource_instance.existing_sm[0].resource_group_name
 }
 
 output "resource_group_id" {
   description = "Resource group ID"
-  value       = module.resource_group.resource_group_id
+  value       = var.existing_secrets_manager_crn == null ? module.resource_group[0].resource_group_name : data.ibm_resource_instance.existing_sm[0].resource_group_id
 }
 
 output "secrets_manager_guid" {
@@ -14,12 +14,12 @@ output "secrets_manager_guid" {
 }
 
 output "secrets_manager_id" {
-  description = "ID of Secrets Manager instance"
+  description = "ID of Secrets Manager instance. Same value as secrets_manager_guid"
   value       = var.existing_secrets_manager_crn == null ? module.secrets_manager[0].secrets_manager_id : local.secrets_manager_guid
 }
 
 output "secrets_manager_name" {
-  value       = var.existing_secrets_manager_crn == null ? module.secrets_manager[0].secrets_manager_name : null
+  value       = var.existing_secrets_manager_crn == null ? module.secrets_manager[0].secrets_manager_name : data.ibm_resource_instance.existing_sm[0].resource_name
   description = "Name of the Secrets Manager instance"
 }
 
diff --git a/solutions/standard/variables.tf b/solutions/standard/variables.tf
@@ -16,7 +16,8 @@ variable "use_existing_resource_group" {
 
 variable "resource_group_name" {
   type        = string
-  description = "The name of a new or an existing resource group in which to provision Secrets Manager resources to. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'"
+  description = "The name of a new or an existing resource group in which to provision Secrets Manager resources to. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'. Optional if existing_secrets_manager_crn is not set."
+  default     = null
 }
 
 variable "region" {

Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,11 @@`
`1`	`1`	`output "resource_group_name" {`
`2`	`2`	`description = "Resource group name"`
`3`		`- value = module.resource_group.resource_group_name`
	`3`	`+ value = var.existing_secrets_manager_crn == null ? module.resource_group[0].resource_group_name : data.ibm_resource_instance.existing_sm[0].resource_group_name`
`4`	`4`	`}`
`5`	`5`
`6`	`6`	`output "resource_group_id" {`
`7`	`7`	`description = "Resource group ID"`
`8`		`- value = module.resource_group.resource_group_id`
	`8`	`+ value = var.existing_secrets_manager_crn == null ? module.resource_group[0].resource_group_name : data.ibm_resource_instance.existing_sm[0].resource_group_id`
`9`	`9`	`}`
`10`	`10`
`11`	`11`	`output "secrets_manager_guid" {`
`@@ -14,12 +14,12 @@ output "secrets_manager_guid" {`
`14`	`14`	`}`
`15`	`15`
`16`	`16`	`output "secrets_manager_id" {`
`17`		`- description = "ID of Secrets Manager instance"`
	`17`	`+ description = "ID of Secrets Manager instance. Same value as secrets_manager_guid"`
`18`	`18`	`value = var.existing_secrets_manager_crn == null ? module.secrets_manager[0].secrets_manager_id : local.secrets_manager_guid`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`output "secrets_manager_name" {`
`22`		`- value = var.existing_secrets_manager_crn == null ? module.secrets_manager[0].secrets_manager_name : null`
	`22`	`+ value = var.existing_secrets_manager_crn == null ? module.secrets_manager[0].secrets_manager_name : data.ibm_resource_instance.existing_sm[0].resource_name`
`23`	`23`	`description = "Name of the Secrets Manager instance"`
`24`	`24`	`}`
`25`	`25`
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,8 @@ variable "use_existing_resource_group" {`
`16`	`16`
`17`	`17`	`variable "resource_group_name" {`
`18`	`18`	`type = string`
`19`		`- description = "The name of a new or an existing resource group in which to provision Secrets Manager resources to. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'"`
	`19`	`+ description = "The name of a new or an existing resource group in which to provision Secrets Manager resources to. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'. Optional if existing_secrets_manager_crn is not set."`
	`20`	`+ default = null`
`20`	`21`	`}`
`21`	`22`
`22`	`23`	`variable "region" {`