fix: add test and fix bug

Author: Jordan-Williams2

modules/fscloud/README.md

@@ -53,7 +53,7 @@ No resources.
 | <a name="input_service_credential_names"></a> [service\_credential\_names](#input\_service\_credential\_names) | Map of name, role for service credentials that you want to create for the database | `map(string)` | `{}` | no |
 | <a name="input_skip_iam_authorization_policy"></a> [skip\_iam\_authorization\_policy](#input\_skip\_iam\_authorization\_policy) | Set to true to skip the creation of an IAM authorization policy that permits all ElasticSearch database instances in the resource group to read the encryption key from the Hyper Protect Crypto Services or Key Protect instance. The instance is passed in through the var.existing\_kms\_instance\_guid variable. | `bool` | `false` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Optional list of tags to be added to the Elasticsearch instance. | `list(any)` | `[]` | no |
-| <a name="input_use_ibm_owned_encryption_key"></a> [use\_ibm\_owned\_encryption\_key](#input\_use\_ibm\_owned\_encryption\_key) | Set to true to use the default IBM Cloud® Databases randomly generated keys for disk and backups encryption. To control the encryption keys, use the `kms_key_crn` and `backup_encryption_key_crn` inputs. | `string` | `false` | no |
+| <a name="input_use_ibm_owned_encryption_key"></a> [use\_ibm\_owned\_encryption\_key](#input\_use\_ibm\_owned\_encryption\_key) | Set to true to use the default IBM Cloud® Databases randomly generated keys for disk and backups encryption. To control the encryption keys, use the `kms_key_crn` and `backup_encryption_key_crn` inputs. | `bool` | `false` | no |
 | <a name="input_users"></a> [users](#input\_users) | A list of users that you want to create on the database. Multiple blocks are allowed. The user password must be in the range of 10-32 characters. Be warned that in most case using IAM service credentials (via the var.service\_credential\_names) is sufficient to control access to the Elasticsearch instance. This blocks creates native Elasticsearch database users, more info on that can be found here https://cloud.ibm.com/docs/databases-for-elasticsearch?topic=databases-for-elasticsearch-user-management&interface=ui | <pre>list(object({<br/>    name     = string<br/>    password = string # pragma: allowlist secret<br/>    type     = optional(string)<br/>    role     = optional(string)<br/>  }))</pre> | `[]` | no |
 
 ### Outputs

modules/fscloud/variables.tf

@@ -137,7 +137,7 @@ variable "auto_scaling" {
 ##############################################################
 
 variable "use_ibm_owned_encryption_key" {
-  type        = string
+  type        = bool
   description = "Set to true to use the default IBM Cloud® Databases randomly generated keys for disk and backups encryption. To control the encryption keys, use the `kms_key_crn` and `backup_encryption_key_crn` inputs."
   default     = false
 }

solutions/standard/main.tf

@@ -67,7 +67,7 @@ module "kms" {
   providers = {
     ibm = ibm.kms
   }
-  count                       = var.existing_kms_key_crn != null || local.use_existing_db_instance ? 0 : 1 # no need to create any KMS resources if passing an existing key or using IBM owned keys
+  count                       = var.existing_kms_key_crn != null || local.use_existing_db_instance || var.use_ibm_owned_encryption_key ? 0 : 1 # no need to create any KMS resources if passing an existing key or using IBM owned keys
   source                      = "terraform-ibm-modules/kms-all-inclusive/ibm"
   version                     = "4.16.4"
   create_key_protect_instance = false

solutions/standard/variables.tf

@@ -245,7 +245,7 @@ variable "elasticsearch_key_ring_name" {
 }
 
 variable "use_ibm_owned_encryption_key" {
-  type        = string
+  type        = bool
   description = "Set to true to use the default IBM Cloud® Databases randomly generated keys for disk and backups encryption."
   default     = false
 }

tests/pr_test.go

@@ -165,14 +165,14 @@ func TestRunStandardSolutionSchematics(t *testing.T) {
 
 	serviceCredentialSecrets := []map[string]interface{}{
 		{
-			"secret_group_name": fmt.Sprintf("%s-secret-group", prefix),
+			"secret_group_name": fmt.Sprintf("%s-secret-group", options.Prefix),
 			"service_credentials": []map[string]string{
 				{
-					"secret_name": fmt.Sprintf("%s-cred-reader", prefix),
+					"secret_name": fmt.Sprintf("%s-cred-reader", options.Prefix),
 					"service_credentials_source_service_role": "Reader",
 				},
 				{
-					"secret_name": fmt.Sprintf("%s-cred-writer", prefix),
+					"secret_name": fmt.Sprintf("%s-cred-writer", options.Prefix),
 					"service_credentials_source_service_role": "Writer",
 				},
 			},
@@ -248,3 +248,27 @@ func TestRunBasicExample(t *testing.T) {
 	assert.Nil(t, err, "This should not have errored")
 	assert.NotNil(t, output, "Expected some output")
 }
+
+// Test the DA when using IBM owned encryption keys
+func TestRunStandardSolutionIBMKeys(t *testing.T) {
+	t.Parallel()
+
+	options := testhelper.TestOptionsDefault(&testhelper.TestOptions{
+		Testing:       t,
+		TerraformDir:  standardSolutionTerraformDir,
+		Region:        "us-south",
+		Prefix:        "es-icd-key",
+		ResourceGroup: resourceGroup,
+	})
+
+	options.TerraformVars = map[string]interface{}{
+		"elasticsearch_version":        "8.12",
+		"provider_visibility":          "public",
+		"resource_group_name":          options.Prefix,
+		"use_ibm_owned_encryption_key": true,
+	}
+
+	output, err := options.RunTestConsistency()
+	assert.Nil(t, err, "This should not have errored")
+	assert.NotNil(t, output, "Expected some output")
+}