From c03d1b04d25be8d05aac127387c8179a0eb64b22 Mon Sep 17 00:00:00 2001
From: Aashiq-J <122446118+Aashiq-J@users.noreply.github.com>
Date: Wed, 29 Jan 2025 21:01:12 +0530
Subject: [PATCH 1/6] test: change the `existing_kms_instance_guid` to use
 us-south hpcs

---
 tests/other_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/other_test.go b/tests/other_test.go
index 181e209f..d8101d83 100644
--- a/tests/other_test.go
+++ b/tests/other_test.go
@@ -57,8 +57,8 @@ func TestFSCloudInSchematics(t *testing.T) {
 		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
 		{Name: "region", Value: validRegions[rand.Intn(len(validRegions))], DataType: "string"},
 		{Name: "prefix", Value: options.Prefix, DataType: "string"},
-		{Name: "existing_kms_instance_guid", Value: permanentResources["hpcs_east"], DataType: "string"},
-		{Name: "kms_key_crn", Value: permanentResources["hpcs_east_root_key_crn"], DataType: "string"},
+		{Name: "existing_kms_instance_guid", Value: permanentResources["hpcs_south"], DataType: "string"},
+		{Name: "kms_key_crn", Value: permanentResources["hpcs_south_root_key_crn"], DataType: "string"},
 		{Name: "sm_service_plan", Value: "trial", DataType: "string"},
 	}
 

From f5e871854b8c88f470376cb19050ee1116e506ad Mon Sep 17 00:00:00 2001
From: "aashiq.jacob@ibm.com" <aashiq.jacob@ibm.com>
Date: Thu, 30 Jan 2025 14:47:56 +0530
Subject: [PATCH 2/6] adding auth policy for service credentials

---
 examples/complete/main.tf | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index e81c9612..9fc22834 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -36,7 +36,26 @@ module "event_notification" {
   region            = var.en_region
 }
 
+resource "ibm_iam_authorization_policy" "en_policy" {
+  source_service_name         = "secrets-manager"
+  roles                       = ["Key Manager"]
+  target_service_name         = "event-notifications"
+  target_resource_instance_id = module.event_notification.guid
+  description                 = "Allow the Secret manager Key Manager role access to event-notifications with guid ${module.event_notification.guid}."
+  # Scope of policy now includes the key, so ensure to create new policy before
+  # destroying old one to prevent any disruption to every day services.
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "time_sleep" "wait_for_en_policy" {
+  depends_on      = [ibm_iam_authorization_policy.en_policy]
+  create_duration = "30s"
+}
+
 module "secrets_manager" {
+  depends_on                 = [time_sleep.wait_for_en_policy]
   source                     = "../.."
   resource_group_id          = module.resource_group.resource_group_id
   region                     = var.region

From f101640c6498b0e63ac853f42c7b41c4e0af6e94 Mon Sep 17 00:00:00 2001
From: "aashiq.jacob@ibm.com" <aashiq.jacob@ibm.com>
Date: Thu, 30 Jan 2025 14:48:32 +0530
Subject: [PATCH 3/6] SKIP UPGRADE TEST


From 689acf5e839733731cc7b7d58554c445cf1c3e19 Mon Sep 17 00:00:00 2001
From: "aashiq.jacob@ibm.com" <aashiq.jacob@ibm.com>
Date: Thu, 30 Jan 2025 15:20:08 +0530
Subject: [PATCH 4/6] precommit

---
 examples/complete/README.md  | 6 +++++-
 examples/complete/version.tf | 4 ++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/examples/complete/README.md b/examples/complete/README.md
index 29e6144d..53b32caa 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -9,6 +9,7 @@ This examples handles the provisioning of a new Secrets Manager instance.
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= v1.0.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >=1.70.0 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | 0.12.1 |
 
 ### Modules
 
@@ -21,7 +22,10 @@ This examples handles the provisioning of a new Secrets Manager instance.
 
 ### Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [ibm_iam_authorization_policy.en_policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource |
+| [time_sleep.wait_for_en_policy](https://registry.terraform.io/providers/hashicorp/time/0.12.1/docs/resources/sleep) | resource |
 
 ### Inputs
 
diff --git a/examples/complete/version.tf b/examples/complete/version.tf
index e8e34e2f..f2368843 100644
--- a/examples/complete/version.tf
+++ b/examples/complete/version.tf
@@ -5,5 +5,9 @@ terraform {
       source  = "IBM-Cloud/ibm"
       version = ">=1.70.0"
     }
+    time = {
+      source  = "hashicorp/time"
+      version = "0.12.1"
+    }
   }
 }

From c97e9e664fdee38e75e91c87bda8947a7a300c88 Mon Sep 17 00:00:00 2001
From: "aashiq.jacob@ibm.com" <aashiq.jacob@ibm.com>
Date: Thu, 30 Jan 2025 15:56:08 +0530
Subject: [PATCH 5/6] plug test gap

---
 tests/pr_test.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/tests/pr_test.go b/tests/pr_test.go
index d101132a..3f2abe1a 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -55,10 +55,11 @@ func TestMain(m *testing.M) {
 
 func setupOptions(t *testing.T, prefix string) *testhelper.TestOptions {
 	options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{
-		Testing:      t,
-		TerraformDir: completeExampleTerraformDir,
-		Prefix:       prefix,
-		Region:       validRegions[rand.Intn(len(validRegions))],
+		Testing:                    t,
+		TerraformDir:               completeExampleTerraformDir,
+		Prefix:                     prefix,
+		Region:                     validRegions[rand.Intn(len(validRegions))],
+		CheckApplyResultForUpgrade: true,
 		/*
 		 Comment out the 'ResourceGroup' input to force this tests to create a unique resource group. This is because
 		 there is a restriction with the Event Notification service, which allows only one Lite plan instance per resource group.

From fd092a28c260071de1093e242965cf1ce7bebc14 Mon Sep 17 00:00:00 2001
From: "aashiq.jacob@ibm.com" <aashiq.jacob@ibm.com>
Date: Thu, 30 Jan 2025 16:05:59 +0530
Subject: [PATCH 6/6] update test

---
 tests/other_test.go | 2 +-
 tests/pr_test.go    | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/other_test.go b/tests/other_test.go
index d8101d83..ee1f0a4c 100644
--- a/tests/other_test.go
+++ b/tests/other_test.go
@@ -27,7 +27,7 @@ func TestRunBasicExample(t *testing.T) {
 func TestRunCompleteExample(t *testing.T) {
 	t.Parallel()
 
-	options := setupOptions(t, "secrets-mgr")
+	options := setupOptions(t, "secrets-mgr", false)
 
 	output, err := options.RunTestConsistency()
 	assert.Nil(t, err, "This should not have errored")
diff --git a/tests/pr_test.go b/tests/pr_test.go
index 3f2abe1a..4153582f 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -53,13 +53,13 @@ func TestMain(m *testing.M) {
 	os.Exit(m.Run())
 }
 
-func setupOptions(t *testing.T, prefix string) *testhelper.TestOptions {
+func setupOptions(t *testing.T, prefix string, checkApplyResultForUpgrade bool) *testhelper.TestOptions {
 	options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{
 		Testing:                    t,
 		TerraformDir:               completeExampleTerraformDir,
 		Prefix:                     prefix,
 		Region:                     validRegions[rand.Intn(len(validRegions))],
-		CheckApplyResultForUpgrade: true,
+		CheckApplyResultForUpgrade: checkApplyResultForUpgrade,
 		/*
 		 Comment out the 'ResourceGroup' input to force this tests to create a unique resource group. This is because
 		 there is a restriction with the Event Notification service, which allows only one Lite plan instance per resource group.
@@ -73,7 +73,7 @@ func setupOptions(t *testing.T, prefix string) *testhelper.TestOptions {
 func TestRunUpgradeExample(t *testing.T) {
 	t.Parallel()
 
-	options := setupOptions(t, "secrets-mgr-upg")
+	options := setupOptions(t, "secrets-mgr-upg", true)
 
 	output, err := options.RunTestUpgrade()
 	if !options.UpgradeTestSkipped {