fix: add count to wait

[MatthewLemmond]

Description

If the auth policy creation is skipped, the wait will now also be skipped.
resolves #283

Release required?

• No release
• Patch release (x.x.X)
• Minor release (x.X.x)
• Major release (X.x.x)

Release notes content

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

• If relevant, a test for the change is included or updated with this PR.
• If relevant, documentation for the change is included or updated with this PR.

For mergers

• Use a conventional commit message to set the release level. Follow the guidelines.
• Include information that users need to know about the PR in the commit message. The commit message becomes part of the GitHub release notes.
• Use the Squash and merge option.

[MatthewLemmond]

/run pipeline

[ocofaigh]

if this now has a count, does the depends_on on line 56 need to be updated?

[ocofaigh]

Instead of duplicating line 38 and 48, suggest to use a local (incase the logic is ever updated, it would only need to be changed in 1 place)

[MatthewLemmond]

if this now has a count, does the depends_on on line 56 need to be updated?

No, when doing depends on we don't do any indexing or anything like that so it passes as is and is still necessary

[ocofaigh]

@MatthewLemmond Actually the issue you created was to make the change in the DA ->

terraform-ibm-icd-elasticsearch/solutions/standard/main.tf

Lines 59 to 62 in e220b34

	resource "time_sleep" "wait_for_authorization_policy" {
	depends_on = [ibm_iam_authorization_policy.kms_policy]
	create_duration = "30s"
	}

The change you made to the module is valid too I guess

[shemau]

It looks like changes are required in both. It seems the DA only creates the policy IF it is cross account. The main module creates the policy if it is the same account.

[MatthewLemmond]

/run pipeline

[MatthewLemmond]

The upgrade test fails due to the wait not being provisioned in the latest version: https://github.com/terraform-ibm-modules/terraform-ibm-icd-elasticsearch/actions/runs/11056038146/job/30716846899#step:7:2206

This is expected because we are now skipping these when an auth policy is not created and the upgrade test uses the standard solution, here is the output doing the upgrade test manually and allowing it to destroy the wait blocks

random_password.admin_password[0]: Refreshing state... [id=none]
module.kms[0].data.ibm_resource_instance.existing_kms_instance[0]: Reading...
module.kms[0].module.kms_key_rings["elasticsearch-key-ring"].ibm_kms_key_rings.key_ring: Refreshing state... [id=elasticsearch-key-ring:keyRing:crn:v1:bluemix:public:hs-crypto:us-south:a/abac0df06b644a9cabc6e44f55b3880e:e6dce284-e80f-46e1-a3c1-830f7adff7a9::]
module.resource_group.data.ibm_resource_group.existing_resource_group[0]: Reading...
module.kms[0].module.kms_keys["elasticsearch-key-ring.elasticsearch-key"].ibm_kms_key.key: Refreshing state... [id=crn:v1:bluemix:public:hs-crypto:us-south:a/abac0df06b644a9cabc6e44f55b3880e:e6dce284-e80f-46e1-a3c1-830f7adff7a9:key:cc0005b9-ef98-4ddb-820c-b74275f30d83]
module.resource_group.data.ibm_resource_group.existing_resource_group[0]: Read complete after 1s [id=c91b01c9dbfa48c3bc5d0571e06d392f]
module.kms[0].data.ibm_resource_instance.existing_kms_instance[0]: Read complete after 2s [id=crn:v1:bluemix:public:hs-crypto:us-south:a/abac0df06b644a9cabc6e44f55b3880e:e6dce284-e80f-46e1-a3c1-830f7adff7a9::]
module.kms[0].module.kms_keys["elasticsearch-key-ring.elasticsearch-key"].ibm_kms_key_policies.root_key_policy[0]: Refreshing state... [id=crn:v1:bluemix:public:hs-crypto:us-south:a/abac0df06b644a9cabc6e44f55b3880e:e6dce284-e80f-46e1-a3c1-830f7adff7a9:key:cc0005b9-ef98-4ddb-820c-b74275f30d83]
module.elasticsearch[0].module.elasticsearch.ibm_iam_authorization_policy.policy[0]: Refreshing state... [id=5e445979-5977-4a8d-a487-02f06a339eef]
module.elasticsearch[0].module.elasticsearch.time_sleep.wait_for_authorization_policy[0]: Refreshing state... [id=2024-09-26T18:45:24Z]
module.elasticsearch[0].module.elasticsearch.ibm_database.elasticsearch: Refreshing state... [id=crn:v1:bluemix:public:databases-for-elasticsearch:us-south:a/abac0df06b644a9cabc6e44f55b3880e:b87fc39a-e6f6-4a57-ab73-09af57be3117::]
module.elasticsearch[0].module.elasticsearch.data.ibm_database_connection.database_connection: Reading...
module.elasticsearch[0].module.elasticsearch.data.ibm_database_connection.database_connection: Read complete after 1s [id=2024-09-26 19:02:27.675321 +0000 UTC]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.

The one authorization policy that is still present has its wait still, but the two waits which were not needed have been destroyed. Going to skip the upgrade test for this PR as this all seems to be following the expected behavior of these changes.

[MatthewLemmond]

/run pipeline

[shemau]

LGTM

[terraform-ibm-modules-ops]

🎉 This PR is included in version 1.20.2 🎉

The release is available on:

• GitHub release
• v1.20.2

Your semantic-release bot 📦🚀