fix: add extra validation since KMS encryption is only supported on e…

…nterprise plan (#45)
terraform-ibm-modules · Jun 30, 2023 · 1e77aef · 1e77aef
1 parent 837cded
commit 1e77aef
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 9 deletions.
diff --git a/main.tf b/main.tf
@@ -5,6 +5,8 @@
 locals {
   # Validation (approach based on https://github.com/hashicorp/terraform/issues/25609#issuecomment-1057614400)
   # tflint-ignore: terraform_unused_declarations
+  validate_kms_plan = var.kms_encryption_enabled != null && var.plan != "enterprise-3nodes-2tb" ? tobool("kms encryption is only supported for enterprise plan") : true
+  # tflint-ignore: terraform_unused_declarations
   validate_kms_values = !var.kms_encryption_enabled && var.kms_key_crn != null ? tobool("When passing values for var.kms_key_crn, you must set var.kms_encryption_enabled to true. Otherwise unset them to use default encryption") : true
   # tflint-ignore: terraform_unused_declarations
   validate_kms_vars = var.kms_encryption_enabled && var.kms_key_crn == null ? tobool("When setting var.kms_encryption_enabled to true, a value must be passed for var.kms_key_crn and/or var.backup_encryption_key_crn") : true

diff --git a/module-metadata.json b/module-metadata.json
@@ -317,7 +317,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 53
+        "line": 55
       }
     },
     "ibm_event_streams_topic.es_topic": {
@@ -335,7 +335,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 64
+        "line": 66
       }
     },
     "ibm_iam_authorization_policy.kms_policy": {
@@ -352,7 +352,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 78
+        "line": 80
       }
     },
     "ibm_resource_instance.es_instance": {
@@ -372,7 +372,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 28
+        "line": 30
       }
     }
   },
@@ -452,7 +452,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 91
+        "line": 93
       }
     }
   }

diff --git a/tests/pr_test.go b/tests/pr_test.go
@@ -63,10 +63,16 @@ func TestRunFSCloudExample(t *testing.T) {
 	t.Parallel()
 
 	options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{
-		Testing:            t,
-		TerraformDir:       fsCloudTerraformDir,
-		Prefix:             "es-fscloud",
-		ResourceGroup:      resourceGroup,
+		Testing:      t,
+		TerraformDir: fsCloudTerraformDir,
+		Prefix:       "es-fscloud",
+		/*
+		 Comment out the 'ResourceGroup' input to force this tests to create a unique resource group to ensure tests do
+		 not clash. This is due to the fact that an auth policy may already exist in this resource group since we are
+		 re-using a permanent HPCS instance. By using a new resource group, the auth policy will not already exist
+		 since this module scopes auth policies by resource group.
+		*/
+		//ResourceGroup:      resourceGroup,
 		BestRegionYAMLPath: regionSelectionPath,
 		TerraformVars: map[string]interface{}{
 			"existing_kms_instance_guid": permanentResources["hpcs_south"],