feat: add support for service_credential_secrets

terraform-ibm-modules · Feb 4, 2025 · 833e883 · 833e883
1 parent dd2a97c
commit 833e883
Showing 1 changed file with 31 additions and 24 deletions.
diff --git a/tests/pr_test.go b/tests/pr_test.go
@@ -73,32 +73,35 @@ func TestRunQuickstartSolution(t *testing.T) {
 		ResourceGroup: resourceGroup,
 	})
 
-	serviceCredentialSecrets := []map[string]interface{}{
-		{
-			"secret_group_name": fmt.Sprintf("%s-secret-group", options.Prefix),
-			"service_credentials": []map[string]string{
-				{
-					"secret_name": fmt.Sprintf("%s-cred-reader", options.Prefix),
-					"service_credentials_source_service_role_crn": "crn:v1:bluemix:public:iam::::role:Reader",
-				},
-				{
-					"secret_name": fmt.Sprintf("%s-cred-writer", options.Prefix),
-					"service_credentials_source_service_role_crn": "crn:v1:bluemix:public:iam::::role:Writer",
+	options.TerraformVars = map[string]interface{}{
+		"ibmcloud_api_key":                       options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"],
+		"resource_group_name":                    options.ResourceGroup,
+		"use_existing_resource_group":            true,
+		"prefix":                                 options.Prefix,
+		"provider_visibility":                    "public",
+		"existing_secrets_manager_instance_crn":  permanentResources["secretsManagerCRN"],
+		"existing_secrets_manager_endpoint_type": "public",
+		"service_credential_secrets": []map[string]interface{}{
+			{
+				"secret_group_name": fmt.Sprintf("%s-secret-group", options.Prefix),
+				"service_credentials": []map[string]string{
+					{
+						"secret_name": fmt.Sprintf("%s-cred-config-reader", options.Prefix),
+						"service_credentials_source_service_role_crn": "crn:v1:bluemix:public:iam::::role:ConfigReader",
+					},
+					{
+						"secret_name": fmt.Sprintf("%s-cred-reader", options.Prefix),
+						"service_credentials_source_service_role_crn": "crn:v1:bluemix:public:iam::::serviceRole:Reader",
+					},
+					{
+						"secret_name": fmt.Sprintf("%s-cred-key-manager", options.Prefix),
+						"service_credentials_source_service_role_crn": "crn:v1:bluemix:public:resource-controller::::role:KeyManager",
+					},
 				},
 			},
 		},
 	}
 
-	options.TerraformVars = map[string]interface{}{
-		"ibmcloud_api_key":                      options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"],
-		"resource_group_name":                   options.ResourceGroup,
-		"use_existing_resource_group":           true,
-		"prefix":                                options.Prefix,
-		"provider_visibility":                   "public",
-		"service_credential_secrets":            serviceCredentialSecrets,
-		"existing_secrets_manager_instance_crn": permanentResources["secretsManagerCRN"],
-	}
-
 	output, err := options.RunTestConsistency()
 	assert.Nil(t, err, "This should not have errored")
 	assert.NotNil(t, output, "Expected some output")
@@ -133,13 +136,17 @@ func TestEnterpriseSolutionInSchematics(t *testing.T) {
 		{
 			"secret_group_name": fmt.Sprintf("%s-secret-group", options.Prefix),
 			"service_credentials": []map[string]string{
+				{
+					"secret_name": fmt.Sprintf("%s-cred-config-reader", options.Prefix),
+					"service_credentials_source_service_role_crn": "crn:v1:bluemix:public:iam::::role:ConfigReader",
+				},
 				{
 					"secret_name": fmt.Sprintf("%s-cred-reader", options.Prefix),
-					"service_credentials_source_service_role_crn": "crn:v1:bluemix:public:iam::::role:Reader",
+					"service_credentials_source_service_role_crn": "crn:v1:bluemix:public:iam::::serviceRole:Reader",
 				},
 				{
-					"secret_name": fmt.Sprintf("%s-cred-writer", options.Prefix),
-					"service_credentials_source_service_role_crn": "crn:v1:bluemix:public:iam::::role:Writer",
+					"secret_name": fmt.Sprintf("%s-cred-key-manager", options.Prefix),
+					"service_credentials_source_service_role_crn": "crn:v1:bluemix:public:resource-controller::::role:KeyManager",
 				},
 			},
 		},