From f33504fc64aa5a69e09d2b22e7914ec61e2d5e03 Mon Sep 17 00:00:00 2001
From: Matthew Lemmond <Matthew.Lemmond@ibm.com>
Date: Fri, 27 Sep 2024 07:17:52 -0400
Subject: [PATCH] fix: add count to wait (#299)

---
 main.tf                    | 5 ++++-
 solutions/standard/main.tf | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index 4e146dd..4384ac4 100644
--- a/main.tf
+++ b/main.tf
@@ -31,11 +31,13 @@ locals {
       can(regex(".*hs-crypto.*", var.kms_key_crn)) ? "hs-crypto" : "unrecognized key type"
     )
   ) : "no key crn"
+
+  create_kp_auth_policy = var.kms_encryption_enabled == false || var.skip_iam_authorization_policy ? 0 : 1
 }
 
 # Create IAM Access Policy to allow Key protect to access Elasticsearch instance
 resource "ibm_iam_authorization_policy" "policy" {
-  count                       = var.kms_encryption_enabled == false || var.skip_iam_authorization_policy ? 0 : 1
+  count                       = local.create_kp_auth_policy
   source_service_name         = "databases-for-elasticsearch"
   source_resource_group_id    = var.resource_group_id
   target_service_name         = local.kms_service
@@ -45,6 +47,7 @@ resource "ibm_iam_authorization_policy" "policy" {
 
 # workaround for https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4478
 resource "time_sleep" "wait_for_authorization_policy" {
+  count      = local.create_kp_auth_policy
   depends_on = [ibm_iam_authorization_policy.policy]
 
   create_duration = "30s"
diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
index cbbe107..c1250d9 100644
--- a/solutions/standard/main.tf
+++ b/solutions/standard/main.tf
@@ -17,6 +17,7 @@ locals {
   use_existing_db_instance  = var.existing_db_instance_crn != null
 
   create_cross_account_auth_policy = !var.skip_iam_authorization_policy && var.ibmcloud_kms_api_key != null
+  create_sm_auth_policy            = var.skip_es_sm_auth_policy || var.existing_secrets_manager_instance_crn == null ? 0 : 1
   kms_service_name = local.kms_key_crn != null ? (
     can(regex(".*kms.*", local.kms_key_crn)) ? "kms" : can(regex(".*hs-crypto.*", local.kms_key_crn)) ? "hs-crypto" : null
   ) : null
@@ -57,6 +58,7 @@ resource "ibm_iam_authorization_policy" "kms_policy" {
 
 # workaround for https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4478
 resource "time_sleep" "wait_for_authorization_policy" {
+  count           = local.create_cross_account_auth_policy ? 1 : 0
   depends_on      = [ibm_iam_authorization_policy.kms_policy]
   create_duration = "30s"
 }
@@ -131,7 +133,7 @@ resource "random_password" "admin_password" {
 
 # create a service authorization between Secrets Manager and the target service (Elastic Search)
 resource "ibm_iam_authorization_policy" "secrets_manager_key_manager" {
-  count                       = var.skip_es_sm_auth_policy || var.existing_secrets_manager_instance_crn == null ? 0 : 1
+  count                       = local.create_sm_auth_policy
   depends_on                  = [module.elasticsearch]
   source_service_name         = "secrets-manager"
   source_resource_instance_id = local.existing_secrets_manager_instance_guid
@@ -143,6 +145,7 @@ resource "ibm_iam_authorization_policy" "secrets_manager_key_manager" {
 
 # workaround for https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4478
 resource "time_sleep" "wait_for_es_authorization_policy" {
+  count           = local.create_sm_auth_policy
   depends_on      = [ibm_iam_authorization_policy.secrets_manager_key_manager]
   create_duration = "30s"
 }