chore: add missing auth policy from complete example (#275)

Aashiq-J · web-flow · commit a07cb0f95238 · 2025-01-30T11:07:34.000Z
diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -9,6 +9,7 @@ This examples handles the provisioning of a new Secrets Manager instance.
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= v1.0.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >=1.70.0 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | 0.12.1 |
 
 ### Modules
 
@@ -21,7 +22,10 @@ This examples handles the provisioning of a new Secrets Manager instance.
 
 ### Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [ibm_iam_authorization_policy.en_policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource |
+| [time_sleep.wait_for_en_policy](https://registry.terraform.io/providers/hashicorp/time/0.12.1/docs/resources/sleep) | resource |
 
 ### Inputs
 
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -36,7 +36,26 @@ module "event_notification" {
   region            = var.en_region
 }
 
+resource "ibm_iam_authorization_policy" "en_policy" {
+  source_service_name         = "secrets-manager"
+  roles                       = ["Key Manager"]
+  target_service_name         = "event-notifications"
+  target_resource_instance_id = module.event_notification.guid
+  description                 = "Allow the Secret manager Key Manager role access to event-notifications with guid ${module.event_notification.guid}."
+  # Scope of policy now includes the key, so ensure to create new policy before
+  # destroying old one to prevent any disruption to every day services.
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "time_sleep" "wait_for_en_policy" {
+  depends_on      = [ibm_iam_authorization_policy.en_policy]
+  create_duration = "30s"
+}
+
 module "secrets_manager" {
+  depends_on                 = [time_sleep.wait_for_en_policy]
   source                     = "../.."
   resource_group_id          = module.resource_group.resource_group_id
   region                     = var.region
diff --git a/examples/complete/version.tf b/examples/complete/version.tf
@@ -5,5 +5,9 @@ terraform {
       source  = "IBM-Cloud/ibm"
       version = ">=1.70.0"
     }
+    time = {
+      source  = "hashicorp/time"
+      version = "0.12.1"
+    }
   }
 }
diff --git a/tests/other_test.go b/tests/other_test.go
@@ -27,7 +27,7 @@ func TestRunBasicExample(t *testing.T) {
 func TestRunCompleteExample(t *testing.T) {
 	t.Parallel()
 
-	options := setupOptions(t, "secrets-mgr")
+	options := setupOptions(t, "secrets-mgr", false)
 
 	output, err := options.RunTestConsistency()
 	assert.Nil(t, err, "This should not have errored")
@@ -57,8 +57,8 @@ func TestFSCloudInSchematics(t *testing.T) {
 		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
 		{Name: "region", Value: validRegions[rand.Intn(len(validRegions))], DataType: "string"},
 		{Name: "prefix", Value: options.Prefix, DataType: "string"},
-		{Name: "existing_kms_instance_guid", Value: permanentResources["hpcs_east"], DataType: "string"},
-		{Name: "kms_key_crn", Value: permanentResources["hpcs_east_root_key_crn"], DataType: "string"},
+		{Name: "existing_kms_instance_guid", Value: permanentResources["hpcs_south"], DataType: "string"},
+		{Name: "kms_key_crn", Value: permanentResources["hpcs_south_root_key_crn"], DataType: "string"},
 		{Name: "sm_service_plan", Value: "trial", DataType: "string"},
 	}
 
diff --git a/tests/pr_test.go b/tests/pr_test.go
@@ -53,12 +53,13 @@ func TestMain(m *testing.M) {
 	os.Exit(m.Run())
 }
 
-func setupOptions(t *testing.T, prefix string) *testhelper.TestOptions {
+func setupOptions(t *testing.T, prefix string, checkApplyResultForUpgrade bool) *testhelper.TestOptions {
 	options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{
-		Testing:      t,
-		TerraformDir: completeExampleTerraformDir,
-		Prefix:       prefix,
-		Region:       validRegions[rand.Intn(len(validRegions))],
+		Testing:                    t,
+		TerraformDir:               completeExampleTerraformDir,
+		Prefix:                     prefix,
+		Region:                     validRegions[rand.Intn(len(validRegions))],
+		CheckApplyResultForUpgrade: checkApplyResultForUpgrade,
 		/*
 		 Comment out the 'ResourceGroup' input to force this tests to create a unique resource group. This is because
 		 there is a restriction with the Event Notification service, which allows only one Lite plan instance per resource group.
@@ -72,7 +73,7 @@ func setupOptions(t *testing.T, prefix string) *testhelper.TestOptions {
 func TestRunUpgradeExample(t *testing.T) {
 	t.Parallel()
 
-	options := setupOptions(t, "secrets-mgr-upg")
+	options := setupOptions(t, "secrets-mgr-upg", true)
 
 	output, err := options.RunTestUpgrade()
 	if !options.UpgradeTestSkipped {

Original file line number	Diff line number	Diff line change
`@@ -5,5 +5,9 @@ terraform {`
`5`	`5`	`source = "IBM-Cloud/ibm"`
`6`	`6`	`version = ">=1.70.0"`
`7`	`7`	`}`
	`8`	`+ time = {`
	`9`	`+ source = "hashicorp/time"`
	`10`	`+ version = "0.12.1"`
	`11`	`+ }`
`8`	`12`	`}`
`9`	`13`	`}`