test: allow existing sm to be passed in api example (#190)

kierramarie · web-flow · commit 72b4206d4118 · 2025-02-19T13:37:14.000-05:00
* test: allow existing sm to be passed in api example

* fix: put vars in right spot

* fix: use crn parser
diff --git a/examples/api_key_auth/main.tf b/examples/api_key_auth/main.tf
@@ -1,6 +1,8 @@
 locals {
   # Certificate issuance is rate limited by domain, by default pick different domains to avoid rate limits during testing
   cert_common_name = var.cert_common_name == null ? "${var.prefix}.goldeneye.dev.cloud.ibm.com" : var.cert_common_name
+  sm_guid          = var.existing_sm_instance_crn == null ? module.secrets_manager[0].secrets_manager_guid : module.existing_sm_crn_parser[0].service_instance
+  sm_region        = var.existing_sm_instance_crn == null ? var.region : module.existing_sm_crn_parser[0].region
 }
 
 module "resource_group" {
@@ -11,7 +13,15 @@ module "resource_group" {
   existing_resource_group_name = var.resource_group
 }
 
+module "existing_sm_crn_parser" {
+  count   = var.existing_sm_instance_crn == null ? 0 : 1
+  source  = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser"
+  version = "1.1.0"
+  crn     = var.existing_sm_instance_crn
+}
+
 module "secrets_manager" {
+  count                = var.existing_sm_instance_crn == null ? 1 : 0
   source               = "terraform-ibm-modules/secrets-manager/ibm"
   version              = "1.23.3"
   resource_group_id    = module.resource_group.resource_group_id
@@ -27,8 +37,8 @@ module "secrets_manager" {
 module "secrets_manager_secret_group" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
   version                  = "1.2.2"
-  region                   = var.region
-  secrets_manager_guid     = module.secrets_manager.secrets_manager_guid
+  region                   = local.sm_region
+  secrets_manager_guid     = local.sm_guid
   secret_group_name        = "${var.prefix}-certificates-secret-group"   #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
   secret_group_description = "secret group used for public certificates" #tfsec:ignore:general-secrets-no-plaintext-exposure
   endpoint_type            = "private"
@@ -45,8 +55,8 @@ module "public_secret_engine" {
     ibm.secret-store = ibm.secret-store
   }
   depends_on                                = [module.secrets_manager] # Required to wait for instance to fully start
-  secrets_manager_guid                      = module.secrets_manager.secrets_manager_guid
-  region                                    = var.region
+  secrets_manager_guid                      = local.sm_guid
+  region                                    = local.sm_region
   ibmcloud_cis_api_key                      = var.ibmcloud_api_key # key with manager authorization to CIS
   internet_services_crn                     = var.cis_id
   dns_config_name                           = var.dns_provider_name
@@ -74,8 +84,8 @@ module "secrets_manager_public_certificate" {
   secrets_manager_ca_name           = var.ca_name
   secrets_manager_dns_provider_name = var.dns_provider_name
 
-  secrets_manager_guid   = module.secrets_manager.secrets_manager_guid
-  secrets_manager_region = var.region
+  secrets_manager_guid   = local.sm_guid
+  secrets_manager_region = local.sm_region
 
   service_endpoints = "private"
 }
diff --git a/examples/api_key_auth/variables.tf b/examples/api_key_auth/variables.tf
@@ -29,6 +29,12 @@ variable "resource_group" {
   default     = null
 }
 
+variable "existing_sm_instance_crn" {
+  type        = string
+  description = "Existing Secrets Manager CRN. If not provided a new instance will be provisioned"
+  default     = null
+}
+
 variable "cis_id" {
   type        = string
   description = "Cloud Internet Service ID"
diff --git a/tests/pr_test.go b/tests/pr_test.go
@@ -80,6 +80,8 @@ func TestPrivateInSchematics(t *testing.T) {
 		{Name: "private_key_secrets_manager_instance_guid", Value: permanentResources["acme_letsencrypt_private_key_sm_id"], DataType: "string"},
 		{Name: "private_key_secrets_manager_secret_id", Value: permanentResources["acme_letsencrypt_private_key_secret_id"], DataType: "string"},
 		{Name: "private_key_secrets_manager_region", Value: permanentResources["acme_letsencrypt_private_key_sm_region"], DataType: "string"},
+		{Name: "existing_sm_instance_crn", Value: permanentResources["privateOnlySecMgrCRN"], DataType: "string"},
+		{Name: "existing_sm_instance_region", Value: permanentResources["privateOnlySecMgrRegion"], DataType: "string"},
 	}
 
 	err := options.RunSchematicTest()

Original file line number	Diff line number	Diff line change
`@@ -80,6 +80,8 @@ func TestPrivateInSchematics(t *testing.T) {`
`80`	`80`	`{Name: "private_key_secrets_manager_instance_guid", Value: permanentResources["acme_letsencrypt_private_key_sm_id"], DataType: "string"},`
`81`	`81`	`{Name: "private_key_secrets_manager_secret_id", Value: permanentResources["acme_letsencrypt_private_key_secret_id"], DataType: "string"},`
`82`	`82`	`{Name: "private_key_secrets_manager_region", Value: permanentResources["acme_letsencrypt_private_key_sm_region"], DataType: "string"},`
	`83`	`+ {Name: "existing_sm_instance_crn", Value: permanentResources["privateOnlySecMgrCRN"], DataType: "string"},`
	`84`	`+ {Name: "existing_sm_instance_region", Value: permanentResources["privateOnlySecMgrRegion"], DataType: "string"},`
`83`	`85`	`}`
`84`	`86`
`85`	`87`	`err := options.RunSchematicTest()`