test: change the existing_kms_instance_guid to use us-south hpcs and add auth policy for service credential

examples/complete/README.md

@@ -9,6 +9,7 @@ This examples handles the provisioning of a new Secrets Manager instance.
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= v1.0.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >=1.70.0 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | 0.12.1 |
 
 ### Modules
 
@@ -21,7 +22,10 @@ This examples handles the provisioning of a new Secrets Manager instance.
 
 ### Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [ibm_iam_authorization_policy.en_policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource |
+| [time_sleep.wait_for_en_policy](https://registry.terraform.io/providers/hashicorp/time/0.12.1/docs/resources/sleep) | resource |
 
 ### Inputs
 

examples/complete/main.tf

@@ -36,7 +36,26 @@ module "event_notification" {
   region            = var.en_region
 }
 
+resource "ibm_iam_authorization_policy" "en_policy" {
+  source_service_name         = "secrets-manager"
+  roles                       = ["Key Manager"]
+  target_service_name         = "event-notifications"
+  target_resource_instance_id = module.event_notification.guid
+  description                 = "Allow the Secret manager Key Manager role access to event-notifications with guid ${module.event_notification.guid}."
+  # Scope of policy now includes the key, so ensure to create new policy before
+  # destroying old one to prevent any disruption to every day services.
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "time_sleep" "wait_for_en_policy" {
+  depends_on      = [ibm_iam_authorization_policy.en_policy]
+  create_duration = "30s"
+}
+
 module "secrets_manager" {
+  depends_on                 = [time_sleep.wait_for_en_policy]
   source                     = "../.."
   resource_group_id          = module.resource_group.resource_group_id
   region                     = var.region

examples/complete/version.tf

@@ -5,5 +5,9 @@ terraform {
       source  = "IBM-Cloud/ibm"
       version = ">=1.70.0"
     }
+    time = {
+      source  = "hashicorp/time"
+      version = "0.12.1"
+    }
   }
 }

tests/other_test.go

@@ -57,8 +57,8 @@ func TestFSCloudInSchematics(t *testing.T) {
 		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
 		{Name: "region", Value: validRegions[rand.Intn(len(validRegions))], DataType: "string"},
 		{Name: "prefix", Value: options.Prefix, DataType: "string"},
-		{Name: "existing_kms_instance_guid", Value: permanentResources["hpcs_east"], DataType: "string"},
-		{Name: "kms_key_crn", Value: permanentResources["hpcs_east_root_key_crn"], DataType: "string"},
+		{Name: "existing_kms_instance_guid", Value: permanentResources["hpcs_south"], DataType: "string"},
+		{Name: "kms_key_crn", Value: permanentResources["hpcs_south_root_key_crn"], DataType: "string"},
 		{Name: "sm_service_plan", Value: "trial", DataType: "string"},
 	}