Address issues reported in Secrets Manager DA rally #333
Description
Issues that came up from DA rally:
-
skip_sm_ce_iam_authorization_policy → should include full service names / component (instead of sm and ce=certificate engine)
-
skip_sm_ce_iam_authorization_policy - “Whether to skip the creation of the IAM authorization policies required to enable the IAM credentials engine. If set to false, policies will be created that grants the Secrets Manager instance 'Operator' access to the IAM identity service, and 'Groups Service Member Manage' access to the IAM groups service.” → first sentence should clearly indicate why a user may want to skip (eg: to avoid clashes)
-
allowed_network → link to corresponding sm documentation for each setting whenever possible. (“Learn More” with a link to doc)
-
skip_sm_kms_iam_authorization_policy → use full service names
-
ibmcloud_kms_api_key → “Leave this input empty if the same account owns both instances.
ibmcloud_kms_api_key” should be the first sentence. Clearly indicate that this is ONLY needed if the sm and key protect instance are in different accounts.
-
kms_endpoint_type → remove variable
-
(review with project) good example where we would need control on which input variable are surfaced depending on other choices.
-
event_notifications_email_list → does not use the right input widget (should be using the string array widget)- event_notifications_email_list → is the tf validation / apply going to fail if use set the input to not set or null?
-
ensure those email address actually work (is there no check on who owns those email addresses?)
-
skip_event_notifications_iam_authorization_policy → should this be skip_secrets_manager_event_notifications_iam_authorization_policy to be consistent