From 80ef370b60abdebd3a625c00bd5b1875a3b841e6 Mon Sep 17 00:00:00 2001
From: "Matthew.Lemmond@ibm.com" <Matthew.Lemmond@ibm.com>
Date: Wed, 25 Sep 2024 17:32:10 -0400
Subject: [PATCH 1/4] fix: add count to wait

---
 main.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/main.tf b/main.tf
index 4e146dd4..79f9d845 100644
--- a/main.tf
+++ b/main.tf
@@ -45,6 +45,7 @@ resource "ibm_iam_authorization_policy" "policy" {
 
 # workaround for https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4478
 resource "time_sleep" "wait_for_authorization_policy" {
+  count      = var.kms_encryption_enabled == false || var.skip_iam_authorization_policy ? 0 : 1
   depends_on = [ibm_iam_authorization_policy.policy]
 
   create_duration = "30s"

From 8e392e2f63877501b1d50ecc82932f0d11fa63a1 Mon Sep 17 00:00:00 2001
From: "Matthew.Lemmond@ibm.com" <Matthew.Lemmond@ibm.com>
Date: Thu, 26 Sep 2024 11:55:37 -0400
Subject: [PATCH 2/4] refactor: add counts to waits in the solution

---
 solutions/standard/main.tf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
index cbbe107e..a8f819ce 100644
--- a/solutions/standard/main.tf
+++ b/solutions/standard/main.tf
@@ -57,6 +57,7 @@ resource "ibm_iam_authorization_policy" "kms_policy" {
 
 # workaround for https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4478
 resource "time_sleep" "wait_for_authorization_policy" {
+  count           = local.create_cross_account_auth_policy ? 1 : 0
   depends_on      = [ibm_iam_authorization_policy.kms_policy]
   create_duration = "30s"
 }
@@ -143,6 +144,7 @@ resource "ibm_iam_authorization_policy" "secrets_manager_key_manager" {
 
 # workaround for https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4478
 resource "time_sleep" "wait_for_es_authorization_policy" {
+  count           = var.skip_es_sm_auth_policy || var.existing_secrets_manager_instance_crn == null ? 0 : 1
   depends_on      = [ibm_iam_authorization_policy.secrets_manager_key_manager]
   create_duration = "30s"
 }

From 9d60a52477e0c27dd8737caebb87138d156c78de Mon Sep 17 00:00:00 2001
From: "Matthew.Lemmond@ibm.com" <Matthew.Lemmond@ibm.com>
Date: Thu, 26 Sep 2024 12:04:58 -0400
Subject: [PATCH 3/4] refactor: move counts for auth to locals

---
 main.tf                    | 6 ++++--
 solutions/standard/main.tf | 5 +++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/main.tf b/main.tf
index 79f9d845..4384ac4b 100644
--- a/main.tf
+++ b/main.tf
@@ -31,11 +31,13 @@ locals {
       can(regex(".*hs-crypto.*", var.kms_key_crn)) ? "hs-crypto" : "unrecognized key type"
     )
   ) : "no key crn"
+
+  create_kp_auth_policy = var.kms_encryption_enabled == false || var.skip_iam_authorization_policy ? 0 : 1
 }
 
 # Create IAM Access Policy to allow Key protect to access Elasticsearch instance
 resource "ibm_iam_authorization_policy" "policy" {
-  count                       = var.kms_encryption_enabled == false || var.skip_iam_authorization_policy ? 0 : 1
+  count                       = local.create_kp_auth_policy
   source_service_name         = "databases-for-elasticsearch"
   source_resource_group_id    = var.resource_group_id
   target_service_name         = local.kms_service
@@ -45,7 +47,7 @@ resource "ibm_iam_authorization_policy" "policy" {
 
 # workaround for https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4478
 resource "time_sleep" "wait_for_authorization_policy" {
-  count      = var.kms_encryption_enabled == false || var.skip_iam_authorization_policy ? 0 : 1
+  count      = local.create_kp_auth_policy
   depends_on = [ibm_iam_authorization_policy.policy]
 
   create_duration = "30s"
diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
index a8f819ce..c1250d93 100644
--- a/solutions/standard/main.tf
+++ b/solutions/standard/main.tf
@@ -17,6 +17,7 @@ locals {
   use_existing_db_instance  = var.existing_db_instance_crn != null
 
   create_cross_account_auth_policy = !var.skip_iam_authorization_policy && var.ibmcloud_kms_api_key != null
+  create_sm_auth_policy            = var.skip_es_sm_auth_policy || var.existing_secrets_manager_instance_crn == null ? 0 : 1
   kms_service_name = local.kms_key_crn != null ? (
     can(regex(".*kms.*", local.kms_key_crn)) ? "kms" : can(regex(".*hs-crypto.*", local.kms_key_crn)) ? "hs-crypto" : null
   ) : null
@@ -132,7 +133,7 @@ resource "random_password" "admin_password" {
 
 # create a service authorization between Secrets Manager and the target service (Elastic Search)
 resource "ibm_iam_authorization_policy" "secrets_manager_key_manager" {
-  count                       = var.skip_es_sm_auth_policy || var.existing_secrets_manager_instance_crn == null ? 0 : 1
+  count                       = local.create_sm_auth_policy
   depends_on                  = [module.elasticsearch]
   source_service_name         = "secrets-manager"
   source_resource_instance_id = local.existing_secrets_manager_instance_guid
@@ -144,7 +145,7 @@ resource "ibm_iam_authorization_policy" "secrets_manager_key_manager" {
 
 # workaround for https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4478
 resource "time_sleep" "wait_for_es_authorization_policy" {
-  count           = var.skip_es_sm_auth_policy || var.existing_secrets_manager_instance_crn == null ? 0 : 1
+  count           = local.create_sm_auth_policy
   depends_on      = [ibm_iam_authorization_policy.secrets_manager_key_manager]
   create_duration = "30s"
 }

From 431f339e83293fc873330f42637bfcec0a95212f Mon Sep 17 00:00:00 2001
From: "Matthew.Lemmond@ibm.com" <Matthew.Lemmond@ibm.com>
Date: Thu, 26 Sep 2024 15:12:52 -0400
Subject: [PATCH 4/4] refactor: skipping upgrade test SKIP UPGRADE TEST due to
 the wait blocks that are not needed being destroyed the upgrade test is
 failing, this is expected behavior for this update