From 204ac90123f92281aac2bf2f867819ec3c135a52 Mon Sep 17 00:00:00 2001
From: Todd Giguere <todd.giguere@ibm.com>
Date: Fri, 7 Feb 2025 19:05:52 -0500
Subject: [PATCH 1/5] fix: force vpc flow logs to wait for auth policy sleep

---
 atracker.tf | 2 +-
 main.tf     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/atracker.tf b/atracker.tf
index b8e69a7b0..faba514d8 100644
--- a/atracker.tf
+++ b/atracker.tf
@@ -31,7 +31,7 @@ resource "ibm_atracker_target" "atracker_target" {
   target_type = "cloud_object_storage"
 
   # Wait for buckets and auth policies to ensure successful provision
-  depends_on = [ibm_cos_bucket.buckets, ibm_iam_authorization_policy.policy, ibm_iam_authorization_policy.cos_bucket_policy]
+  depends_on = [ibm_cos_bucket.buckets, ibm_iam_authorization_policy.policy, time_sleep.wait_for_authorization_policy_buckets]
 }
 
 resource "ibm_atracker_route" "atracker_route" {
diff --git a/main.tf b/main.tf
index 7851970e7..2530157cc 100644
--- a/main.tf
+++ b/main.tf
@@ -58,7 +58,7 @@ module "vpc" {
   existing_subnets                       = each.value.existing_subnets
   enable_vpc_flow_logs                   = (each.value.flow_logs_bucket_name != null) ? true : false
   create_authorization_policy_vpc_to_cos = false
-  existing_storage_bucket_name           = (each.value.flow_logs_bucket_name != null) ? ibm_cos_bucket.buckets[each.value.flow_logs_bucket_name].bucket_name : null
+  existing_storage_bucket_name           = (each.value.flow_logs_bucket_name != null && time_sleep.wait_for_authorization_policy_buckets.id != null) ? ibm_cos_bucket.buckets[each.value.flow_logs_bucket_name].bucket_name : null
   clean_default_sg_acl                   = (each.value.clean_default_sg_acl == null) ? false : each.value.clean_default_sg_acl
   dns_binding_name                       = each.value.dns_binding_name
   dns_instance_name                      = each.value.dns_instance_name

From 5b2156b505407106710868b727ae3acfaa5dd984 Mon Sep 17 00:00:00 2001
From: Todd Giguere <todd.giguere@ibm.com>
Date: Sat, 8 Feb 2025 12:06:13 -0500
Subject: [PATCH 2/5] refactor: add try function to time_sleep condition

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 2530157cc..5bfa7792d 100644
--- a/main.tf
+++ b/main.tf
@@ -58,7 +58,7 @@ module "vpc" {
   existing_subnets                       = each.value.existing_subnets
   enable_vpc_flow_logs                   = (each.value.flow_logs_bucket_name != null) ? true : false
   create_authorization_policy_vpc_to_cos = false
-  existing_storage_bucket_name           = (each.value.flow_logs_bucket_name != null && time_sleep.wait_for_authorization_policy_buckets.id != null) ? ibm_cos_bucket.buckets[each.value.flow_logs_bucket_name].bucket_name : null
+  existing_storage_bucket_name           = (each.value.flow_logs_bucket_name != null && try(time_sleep.wait_for_authorization_policy_buckets.id, "IGNORE_ERROR") != null) ? ibm_cos_bucket.buckets[each.value.flow_logs_bucket_name].bucket_name : null
   clean_default_sg_acl                   = (each.value.clean_default_sg_acl == null) ? false : each.value.clean_default_sg_acl
   dns_binding_name                       = each.value.dns_binding_name
   dns_instance_name                      = each.value.dns_instance_name

From b49e8455e3d4cb85a2ad510ef34ba3bf19281012 Mon Sep 17 00:00:00 2001
From: Todd Giguere <todd.giguere@ibm.com>
Date: Mon, 10 Feb 2025 10:13:13 -0500
Subject: [PATCH 3/5] fix: refinement of time_sleep bucket fix

---
 atracker.tf               |  5 +----
 main.tf                   |  2 +-
 service_authorizations.tf | 11 +++++++++++
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/atracker.tf b/atracker.tf
index faba514d8..a77e7b6c1 100644
--- a/atracker.tf
+++ b/atracker.tf
@@ -24,14 +24,11 @@ resource "ibm_atracker_target" "atracker_target" {
   cos_endpoint {
     endpoint                   = "s3.private.${var.region}.cloud-object-storage.appdomain.cloud"
     target_crn                 = local.bucket_to_instance_map[var.atracker.collector_bucket_name].id
-    bucket                     = ibm_cos_bucket.buckets[replace(var.atracker.collector_bucket_name, var.prefix, "")].bucket_name
+    bucket                     = time_sleep.wait_for_authorization_policy_buckets[replace(var.atracker.collector_bucket_name, var.prefix, "")].triggers["bucket_name"]
     service_to_service_enabled = true
   }
   name        = "${var.prefix}-atracker"
   target_type = "cloud_object_storage"
-
-  # Wait for buckets and auth policies to ensure successful provision
-  depends_on = [ibm_cos_bucket.buckets, ibm_iam_authorization_policy.policy, time_sleep.wait_for_authorization_policy_buckets]
 }
 
 resource "ibm_atracker_route" "atracker_route" {
diff --git a/main.tf b/main.tf
index 5bfa7792d..4fbeca447 100644
--- a/main.tf
+++ b/main.tf
@@ -58,7 +58,7 @@ module "vpc" {
   existing_subnets                       = each.value.existing_subnets
   enable_vpc_flow_logs                   = (each.value.flow_logs_bucket_name != null) ? true : false
   create_authorization_policy_vpc_to_cos = false
-  existing_storage_bucket_name           = (each.value.flow_logs_bucket_name != null && try(time_sleep.wait_for_authorization_policy_buckets.id, "IGNORE_ERROR") != null) ? ibm_cos_bucket.buckets[each.value.flow_logs_bucket_name].bucket_name : null
+  existing_storage_bucket_name           = (each.value.flow_logs_bucket_name != null) ? time_sleep.wait_for_authorization_policy_buckets[each.value.flow_logs_bucket_name].triggers["bucket_name"] : null
   clean_default_sg_acl                   = (each.value.clean_default_sg_acl == null) ? false : each.value.clean_default_sg_acl
   dns_binding_name                       = each.value.dns_binding_name
   dns_instance_name                      = each.value.dns_instance_name
diff --git a/service_authorizations.tf b/service_authorizations.tf
index 2c0bf14e3..ead6ca127 100644
--- a/service_authorizations.tf
+++ b/service_authorizations.tf
@@ -168,9 +168,20 @@ resource "time_sleep" "wait_for_authorization_policy" {
   create_duration = "30s"
 }
 
+# This time_sleep is a for_each, and will have one instance per bucket we are creating,
+# and dependent (timer start) on the bucket authorization creations.
+# The triggers serve two purposes: 
+#   - the create timer will be used again if the bucket itself is changed (the crn changes)
+#   - if we need to reference any bucket attributes from this sleep directly, to create implicity dependency on this wait
 resource "time_sleep" "wait_for_authorization_policy_buckets" {
+  for_each   = ibm_cos_bucket.buckets
   depends_on = [ibm_iam_authorization_policy.cos_bucket_policy]
 
+  triggers = {
+    bucket_name = each.value.bucket_name
+    bucket_crn  = each.value.crn
+  }
+
   create_duration = "30s"
 }
 

From f921b1a3178587a1c54d52d629106ffd9be188da Mon Sep 17 00:00:00 2001
From: Todd Giguere <todd.giguere@ibm.com>
Date: Mon, 10 Feb 2025 12:02:04 -0500
Subject: [PATCH 4/5] refactor: whitespace fixes

---
 service_authorizations.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/service_authorizations.tf b/service_authorizations.tf
index ead6ca127..5c6438594 100644
--- a/service_authorizations.tf
+++ b/service_authorizations.tf
@@ -170,7 +170,7 @@ resource "time_sleep" "wait_for_authorization_policy" {
 
 # This time_sleep is a for_each, and will have one instance per bucket we are creating,
 # and dependent (timer start) on the bucket authorization creations.
-# The triggers serve two purposes: 
+# The triggers serve two purposes:
 #   - the create timer will be used again if the bucket itself is changed (the crn changes)
 #   - if we need to reference any bucket attributes from this sleep directly, to create implicity dependency on this wait
 resource "time_sleep" "wait_for_authorization_policy_buckets" {

From 6df937bd921e038808995862fad439746d380a91 Mon Sep 17 00:00:00 2001
From: Todd Giguere <todd.giguere@ibm.com>
Date: Mon, 10 Feb 2025 15:12:27 -0500
Subject: [PATCH 5/5] chore: skipping upgrade tests SKIP UPGRADE TEST