fix: added sleep to wait for authorization policy of backup KMS encryption key (#294)

* feat: consistency with other ICD modules

* Updated description

* fix: Reverted changes

---------

Co-authored-by: Arya Girish K <[email protected]>

Author: arya-girish-k

examples/backup-restore/catalogValidationValues.json.template

@@ -0,0 +1,6 @@
+{
+  "ibmcloud_api_key": $VALIDATION_APIKEY,
+  "region": "us-south",
+  "resource_tags": $TAGS,
+  "prefix": $PREFIX
+}

examples/backup-restore/main.tf

@@ -11,11 +11,11 @@ module "resource_group" {
 }
 
 data "ibm_database_backups" "backup_database" {
-  deployment_id = var.etcd_db_crn
+  deployment_id = var.existing_database_crn
 }
 
 # New etcd db instance pointing to the backup instance
-module "restored_etcd_db" {
+module "restored_icd_etcd" {
   source             = "../.."
   resource_group_id  = module.resource_group.resource_group_id
   name               = "${var.prefix}-etcd-restored"

examples/backup-restore/outputs.tf

@@ -2,12 +2,12 @@
 # Outputs
 ##############################################################################
 
-output "restored_etcd_db_id" {
+output "restored_icd_etcd_id" {
   description = "Restored etcd db instance id"
-  value       = module.restored_etcd_db.id
+  value       = module.restored_icd_etcd.id
 }
 
-output "restored_etcd_db_version" {
+output "restored_icd_etcd_version" {
   description = "Restored etcd instance version"
-  value       = module.restored_etcd_db.version
+  value       = module.restored_icd_etcd.version
 }

examples/backup-restore/variables.tf

@@ -40,7 +40,7 @@ variable "access_tags" {
   default     = []
 }
 
-variable "etcd_db_crn" {
+variable "existing_database_crn" {
   type        = string
   description = "The existing CRN of a etcd instance to fetch the latest backup crn."
 }

examples/basic/main.tf

@@ -14,12 +14,20 @@ module "resource_group" {
 # ICD etcd database
 ##############################################################################
 
-module "etcd_db" {
-  source            = "../.."
-  resource_group_id = module.resource_group.resource_group_id
-  name              = "${var.prefix}-etcd"
-  region            = var.region
-  etcd_version      = var.etcd_version
-  tags              = var.resource_tags
-  access_tags       = var.access_tags
+module "database" {
+  source             = "../.."
+  resource_group_id  = module.resource_group.resource_group_id
+  name               = "${var.prefix}-data-store"
+  region             = var.region
+  access_tags        = var.access_tags
+  service_endpoints  = var.service_endpoints
+  member_host_flavor = var.member_host_flavor
+  tags               = var.resource_tags
+  etcd_version       = var.etcd_version
+  service_credential_names = {
+    "etcd_admin" : "Administrator",
+    "etcd_operator" : "Operator",
+    "etcd_viewer" : "Viewer",
+    "etcd_editor" : "Editor",
+  }
 }

examples/basic/outputs.tf

@@ -3,31 +3,35 @@
 ##############################################################################
 output "id" {
   description = "Etcd instance id"
-  value       = module.etcd_db.id
+  value       = module.database.id
+}
+output "etcd_crn" {
+  description = "Etcd CRN"
+  value       = module.database.crn
 }
 
 output "version" {
   description = "Etcd instance version"
-  value       = module.etcd_db.version
+  value       = module.database.version
 }
 
 output "adminuser" {
   description = "Database admin user name"
-  value       = module.etcd_db.adminuser
+  value       = module.database.adminuser
 }
 
 output "hostname" {
   description = "Database connection hostname"
-  value       = module.etcd_db.hostname
+  value       = module.database.hostname
 }
 
 output "port" {
   description = "Database connection port"
-  value       = module.etcd_db.port
+  value       = module.database.port
 }
 
 output "certificate_base64" {
   description = "Database connection certificate"
-  value       = module.etcd_db.certificate_base64
+  value       = module.database.certificate_base64
   sensitive   = true
 }

examples/basic/variables.tf

@@ -39,3 +39,21 @@ variable "resource_tags" {
   description = "Optional list of tags to be added to created resources"
   default     = []
 }
+
+variable "service_endpoints" {
+  type        = string
+  description = "The type of endpoint of the database instance. Possible values: `public`, `private`, `public-and-private`."
+  default     = "public"
+
+  validation {
+    condition     = can(regex("public|public-and-private|private", var.service_endpoints))
+    error_message = "Valid values for service_endpoints are 'public', 'public-and-private', and 'private'"
+  }
+}
+
+variable "member_host_flavor" {
+  type        = string
+  description = "The host flavor per member. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/database#host_flavor)."
+  default     = "multitenant"
+  # Validation is done in the Terraform plan phase by the IBM provider, so no need to add extra validation here.
+}

main.tf

@@ -14,7 +14,12 @@ locals {
   validate_backup_key = !var.use_ibm_owned_encryption_key && var.backup_encryption_key_crn != null && (var.use_default_backup_encryption_key || var.use_same_kms_key_for_backups) ? tobool("When passing a value for 'backup_encryption_key_crn' you cannot set 'use_default_backup_encryption_key' to true or 'use_ibm_owned_encryption_key' to false.") : true
   # tflint-ignore: terraform_unused_declarations
   validate_backup_key_2 = !var.use_ibm_owned_encryption_key && var.backup_encryption_key_crn == null && !var.use_same_kms_key_for_backups ? tobool("When 'use_same_kms_key_for_backups' is set to false, a value needs to be passed for 'backup_encryption_key_crn'.") : true
+}
 
+########################################################################################################################
+# Locals
+########################################################################################################################
+locals {
   # If no value passed for 'backup_encryption_key_crn' use the value of 'kms_key_crn' and perform validation of 'kms_key_crn' to check if region is supported by backup encryption key.
 
   # If 'use_ibm_owned_encryption_key' is true or 'use_default_backup_encryption_key' is true, default to null.
@@ -115,9 +120,8 @@ resource "ibm_iam_authorization_policy" "policy" {
 
 # workaround for https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4478
 resource "time_sleep" "wait_for_authorization_policy" {
-  count      = local.create_kms_auth_policy
-  depends_on = [ibm_iam_authorization_policy.policy]
-
+  count           = local.create_kms_auth_policy
+  depends_on      = [ibm_iam_authorization_policy.policy]
   create_duration = "30s"
 }
 
@@ -172,7 +176,7 @@ resource "time_sleep" "wait_for_backup_kms_authorization_policy" {
 
 # Create etcd database
 resource "ibm_database" "etcd_db" {
-  depends_on                = [time_sleep.wait_for_authorization_policy]
+  depends_on                = [time_sleep.wait_for_authorization_policy, time_sleep.wait_for_backup_kms_authorization_policy]
   resource_group_id         = var.resource_group_id
   name                      = var.name
   service                   = "databases-for-etcd"

tests/other_test.go

@@ -64,7 +64,7 @@ func TestRunRestoredDBExample(t *testing.T) {
 		ResourceGroup: resourceGroup,
 		Region:        fmt.Sprint(permanentResources["etcd_region"]),
 		TerraformVars: map[string]interface{}{
-			"etcd_db_crn": permanentResources["etcd_crn"],
+			"existing_database_crn": permanentResources["etcd_crn"],
 		},
 		CloudInfoService: sharedInfoSvc,
 	})