fix: fixed bug in KMS validation logic (#46)

terraform-ibm-modules · Jul 4, 2023 · f20ea1f · f20ea1f
1 parent ff6f933
commit f20ea1f
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 60 deletions.
diff --git a/README.md b/README.md
@@ -117,7 +117,7 @@ You need the following permissions to run this module.
 ## Examples
 
 - [ Basic example](examples/basic)
-- [ Complete example with topics and schema creation and BYOK encryption](examples/complete)
+- [ Complete example with topics and schema creation.](examples/complete)
 - [ Financial Services Cloud profile example](examples/fscloud)
 <!-- END EXAMPLES HOOK -->
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -1,7 +1,7 @@
-# Complete example with topics and schema creation and BYOK encryption
+# Complete example with topics and schema creation.
 
 An end-to-end example that creates an event streams instance with key protect.
 This example uses the IBM Cloud terraform provider to:
  - Create a new resource group if one is not passed in.
  - Create a Key Protect instance and root key in the provided region.
- - Create a new event streams instance in the resource group and region provided, encrypted with the root key created above, and configured with topics and schemas.
+ - Create a new event streams instance in the resource group and region provided along with configured topics and schemas.
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -10,65 +10,15 @@ module "resource_group" {
   existing_resource_group_name = var.resource_group
 }
 
-##############################################################################
-# Key Protect All Inclusive
-##############################################################################
-
-module "key_protect_all_inclusive" {
-  source                    = "terraform-ibm-modules/key-protect-all-inclusive/ibm"
-  version                   = "4.2.0"
-  key_protect_instance_name = "${var.prefix}-kp"
-  resource_group_id         = module.resource_group.resource_group_id
-  region                    = var.region
-  resource_tags             = var.resource_tags
-  key_map                   = { "es" = ["${var.prefix}-es"] }
-  enable_metrics            = false
-}
-
-##############################################################################
-# Get Cloud Account ID
-##############################################################################
-
-data "ibm_iam_account_settings" "iam_account_settings" {
-}
-
-##############################################################################
-# VPC
-##############################################################################
-resource "ibm_is_vpc" "example_vpc" {
-  name           = "${var.prefix}-vpc"
-  resource_group = module.resource_group.resource_group_id
-  tags           = var.resource_tags
-}
-
-##############################################################################
-# Create CBR Zone
-##############################################################################
-module "cbr_zone" {
-  source           = "terraform-ibm-modules/cbr/ibm//cbr-zone-module"
-  version          = "1.2.0"
-  name             = "${var.prefix}-VPC-network-zone"
-  zone_description = "CBR Network zone representing VPC"
-  account_id       = data.ibm_iam_account_settings.iam_account_settings.account_id
-  addresses = [{
-    type  = "vpc", # to bind a specific vpc to the zone
-    value = ibm_is_vpc.example_vpc.crn,
-  }]
-}
-
-
 ##############################################################################
 # Events-streams-instance
 ##############################################################################
 
 module "event_streams" {
-  source                     = "../../"
-  resource_group_id          = module.resource_group.resource_group_id
-  es_name                    = "${var.prefix}-es"
-  kms_encryption_enabled     = true
-  kms_key_crn                = module.key_protect_all_inclusive.keys["es.${var.prefix}-es"].crn
-  existing_kms_instance_guid = module.key_protect_all_inclusive.key_protect_guid
-  schemas                    = var.schemas
-  tags                       = var.resource_tags
-  topics                     = var.topics
+  source            = "../../"
+  resource_group_id = module.resource_group.resource_group_id
+  es_name           = "${var.prefix}-es"
+  schemas           = var.schemas
+  tags              = var.resource_tags
+  topics            = var.topics
 }
diff --git a/main.tf b/main.tf
@@ -5,7 +5,7 @@
 locals {
   # Validation (approach based on https://github.com/hashicorp/terraform/issues/25609#issuecomment-1057614400)
   # tflint-ignore: terraform_unused_declarations
-  validate_kms_plan = var.kms_encryption_enabled != null && var.plan != "enterprise-3nodes-2tb" ? tobool("kms encryption is only supported for enterprise plan") : true
+  validate_kms_plan = var.kms_encryption_enabled && var.plan != "enterprise-3nodes-2tb" ? tobool("kms encryption is only supported for enterprise plan") : true
   # tflint-ignore: terraform_unused_declarations
   validate_kms_values = !var.kms_encryption_enabled && var.kms_key_crn != null ? tobool("When passing values for var.kms_key_crn, you must set var.kms_encryption_enabled to true. Otherwise unset them to use default encryption") : true
   # tflint-ignore: terraform_unused_declarations