fix: update incorrect KMS validation logic (#18)

README.md

@@ -122,11 +122,11 @@ You need the following permissions to run this module.
         - `Editor` platform access
         - `Manager` service access
 
-
+<!-- BEGIN EXAMPLES HOOK -->
 ## Examples
 
-- [ Complete example with key protect and secret manager](examples/complete)
-- [ Default Example](examples/default)
+- [ Basic example](examples/basic)
+- [ Complete example with BYOK encryption](examples/complete)
 <!-- END EXAMPLES HOOK -->
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements

examples/default/README.md → examples/basic/README.md

@@ -1,8 +1,6 @@
-# Default example using the modules default inputs
+# Basic example
 
 An end-to-end example that creates an event streams instance.
 This example uses the IBM Cloud terraform provider to:
  - Create a new resource group if one is not passed in.
  - Create a new event streams instance with default inputs in the resource group and region provided.
-
-<!-- Add your example and link to it from the module's main readme file. -->

examples/complete/README.md

@@ -1,8 +1,7 @@
-# Complete example with key protect
+# Complete example with BYOK encryption
 
 An end-to-end example that creates an event streams instance with key protect.
 This example uses the IBM Cloud terraform provider to:
  - Create a new resource group if one is not passed in.
- - Create a new event streams instance with topics and schemas provided, and a new key protect instance in the resource group and region provided.
-
-<!-- Add your example and link to it from the module's main readme file. -->
+ - Create a Key Protect instance and root key in the provided region.
+ - Create a new event streams instance in the resource group and region provided, encrypted with the root key created above, and configured with topics and schemas.

main.tf

@@ -10,15 +10,13 @@ locals {
     )
   ) : null
   # tflint-ignore: terraform_unused_declarations
-  validate_skip_iam_authorization_policy = var.skip_iam_authorization_policy && local.kms_service == null ? tobool("var.kms_key_crn cannot be null if var.skip_iam_authorization_policy is true.") : true
+  validate_skip_iam_authorization_policy = var.skip_iam_authorization_policy == false && (var.kms_key_crn == null || var.existing_kms_instance_guid == null) ? tobool("When var.skip_iam_authorization_policy is set to false, a value must be passed for var.existing_kms_instance_guid and var.kms_key_crn. Alternatively, if opting to use default encryption, set var.skip_iam_authorization_policy to true to skip creating any KMS auth policy creation.") : true
   # tflint-ignore: terraform_unused_declarations
   validate_throughput_lite_standard = ((var.plan == "lite" || var.plan == "standard") && var.throughput != 150) ? tobool("Throughput value cannot be changed in lite and standard plan. Default value is 150.") : true
   # tflint-ignore: terraform_unused_declarations
   validate_storage_size_lite_standard = ((var.plan == "lite" || var.plan == "standard") && var.storage_size != 2048) ? tobool("Storage size value cannot be changed in lite and standard plan. Default value is 2048.") : true
   # tflint-ignore: terraform_unused_declarations
   validate_service_end_points_lite_standard = ((var.plan == "lite" || var.plan == "standard") && var.service_endpoints != "public") ? tobool("Service endpoint cannot be changed in lite and standard plan. Default is public.") : true
-  # tflint-ignore: terraform_unused_declarations
-  validate_hpcs_guid_input = var.skip_iam_authorization_policy == false && var.existing_kms_instance_guid == null ? tobool("A value must be passed for var.existing_kms_instance_guid when creating an instance, var.skip_iam_authorization_policy is false.") : true
 }
 
 resource "ibm_resource_instance" "es_instance" {

module-metadata.json

@@ -290,7 +290,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 49
+        "line": 47
       }
     },
     "ibm_event_streams_topic.es_topic": {
@@ -308,7 +308,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 60
+        "line": 58
       }
     },
     "ibm_iam_authorization_policy.kms_policy": {
@@ -325,7 +325,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 74
+        "line": 72
       }
     },
     "ibm_resource_instance.es_instance": {
@@ -345,7 +345,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 24
+        "line": 22
       }
     }
   },

tests/other_test.go

@@ -8,24 +8,12 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-const defaultExampleTerraformDir = "examples/default"
-
-func TestRunUpgradeDefaultExample(t *testing.T) {
-	t.Parallel()
-
-	options := setupOptions(t, "event-streams-upg", defaultExampleTerraformDir)
-
-	output, err := options.RunTestUpgrade()
-	if !options.UpgradeTestSkipped {
-		assert.Nil(t, err, "This should not have errored")
-		assert.NotNil(t, output, "Expected some output")
-	}
-}
+const basicExampleTerraformDir = "examples/basic"
 
 func TestRunDefaultExample(t *testing.T) {
 	t.Parallel()
 
-	options := setupOptions(t, "event-streams-default", defaultExampleTerraformDir)
+	options := setupOptions(t, "event-streams-default", basicExampleTerraformDir)
 
 	output, err := options.RunTestConsistency()
 	assert.Nil(t, err, "This should not have errored")