feat: added support to optionally use an existing KMS instance by adding new optional input variable existing_kms_instance_crn. If not value passed, a new Key Protect instance gets created (#64)

Soaib024 · web-flow · commit 6564e06f7b9f · 2024-07-05T09:34:42.000+01:00
diff --git a/ibm_catalog.json b/ibm_catalog.json
@@ -204,6 +204,13 @@
 							"description": "Whether to provision logging and monitoring instances are configured to receive all platform logs and metrics in the target region. There can only be one instance per region provisioned for platform logs/metrics.",
 							"required": false
 						},
+						{
+							"key": "existing_kms_instance_crn",
+							"type": "string",
+							"default_value": "__NULL__",
+							"description": "The CRN of an existing KMS instance to use in this solution. If not set, a new Key Protect instance is provisioned.",
+							"required": false
+						},
 						{
 							"key": "en_email_list",
 							"type": "array",
diff --git a/stack_definition.json b/stack_definition.json
@@ -32,13 +32,22 @@
 			"default": true,
 			"custom_config": {}
 		},
+		{
+			"name": "existing_kms_instance_crn",
+			"required": false,
+			"type": "string",
+			"hidden": false,
+			"default": "__NULL__",
+			"custom_config": {}
+		},
 		{
 			"name": "en_email_list",
 			"required": false,
 			"type": "array",
 			"hidden": false,
 			"default": [],
 			"custom_config": {}
+
 		},
 		{
 			"name": "existing_secrets_manager_crn",
@@ -76,6 +85,10 @@
 					"name": "use_existing_resource_group",
 					"value": true
 				},
+				{
+					"name": "existing_kms_instance_crn",
+					"value": "ref:../../inputs/existing_kms_instance_crn"
+				},
 				{
 					"name": "region",
 					"value": "ref:../../inputs/region"
@@ -86,7 +99,7 @@
 				}
 			],
 			"name": "1a - Key management",
-			"version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.e7f105c4-8af4-4238-a98d-e89999ff14c8-global"
+			"version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.4a3affda-ffc6-4d14-a4f7-aeeb2b80908c-global"
 		},
 		{
 			"inputs": [
@@ -164,7 +177,7 @@
 				},
 				{
 					"name": "kms_endpoint_url",
-					"value": "ref:../../members/1a - Key management/outputs/kp_private_endpoint"
+					"value": "ref:../../members/1a - Key management/outputs/kms_private_endpoint"
 				},
 				{
 					"name": "existing_kms_instance_crn",
diff --git a/tests/pr_test.go b/tests/pr_test.go
@@ -1,16 +1,36 @@
 package tests
 
 import (
+	"log"
+	"os"
+	"testing"
+
 	"github.com/stretchr/testify/assert"
+	"github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/common"
 	"github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testprojects"
-	"testing"
 )
 
 // Use existing resource group
 const resourceGroup = "geretain-test-resources"
 
-func TestProjectsFullTest(t *testing.T) {
+// Define a struct with fields that match the structure of the YAML data
+const yamlLocation = "../common-dev-assets/common-go-assets/common-permanent-resources.yaml"
+
+var permanentResources map[string]interface{}
+
+func TestMain(m *testing.M) {
+	// Read the YAML file contents
+	var err error
+	permanentResources, err = common.LoadMapFromYaml(yamlLocation)
+	if err != nil {
+		log.Fatal(err)
+	}
 
+	os.Exit(m.Run())
+}
+
+func TestProjectsFullTest(t *testing.T) {
+	t.Parallel()
 	options := testprojects.TestProjectOptionsDefault(&testprojects.TestProjectsOptions{
 		Testing:        t,
 		Prefix:         "cs", // setting prefix here gets a random string appended to it
@@ -21,7 +41,6 @@ func TestProjectsFullTest(t *testing.T) {
 		"prefix":                       options.Prefix,
 		"existing_resource_group_name": resourceGroup,
 		"sm_service_plan":              "trial",
-		"use_existing_resource_group":  false,
 		"ibmcloud_api_key":             options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack
 		"enable_platform_logs_metrics": false,
 	}
@@ -33,3 +52,30 @@ func TestProjectsFullTest(t *testing.T) {
 		t.Error("TestProjectsFullTest Failed")
 	}
 }
+
+func TestProjectsExistingResourcesTest(t *testing.T) {
+	t.Parallel()
+	options := testprojects.TestProjectOptionsDefault(&testprojects.TestProjectsOptions{
+		Testing:        t,
+		Prefix:         "ecs", // setting prefix here gets a random string appended to it
+		ParallelDeploy: true,
+	})
+
+	options.StackInputs = map[string]interface{}{
+		"prefix":                       options.Prefix,
+		"existing_resource_group_name": resourceGroup,
+		"ibmcloud_api_key":             options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack
+		"enable_platform_logs_metrics": false,
+		// More info: https://github.ibm.com/GoldenEye/issues/issues/9709#issuecomment-83874969
+		// "existing_secrets_manager_crn": permanentResources["secretsManagerCRN"],
+		"sm_service_plan":           "trial",
+		"existing_kms_instance_crn": permanentResources["hpcs_south_crn"],
+	}
+
+	err := options.RunProjectsTest()
+	if assert.NoError(t, err) {
+		t.Log("TestProjectsExistingResourcesTest Passed")
+	} else {
+		t.Error("TestProjectsExistingResourcesTest Failed")
+	}
+}
