Exposes kms_enabled variable to explicitly set instead of deriving (#19)

Sean Sundberg · web-flow · commit 09a957a90b1e · 2021-04-28T21:25:50.000Z
Signed-off-by: Sean Sundberg &lt;seansund@us.ibm.com&gt;
diff --git a/main.tf b/main.tf
@@ -45,8 +45,7 @@ locals {
   vpc_subnets           = !var.exists ? var.vpc_subnets : []
   security_group_id     = !var.exists ? data.ibm_is_vpc.vpc[0].default_security_group : ""
   ipv4_cidr_blocks      = !var.exists ? data.ibm_is_subnet.vpc_subnet[*].ipv4_cidr_block : []
-  kms_enabled           = var.kms_key_id != ""
-  kms_config            = local.kms_enabled ? [{
+  kms_config            = var.kms_enabled ? [{
     instance_id      = var.kms_id
     crk_id           = var.kms_key_id
     private_endpoint = var.kms_private_endpoint
@@ -127,7 +126,7 @@ data ibm_is_subnet vpc_subnet {
 }
 
 resource "ibm_iam_authorization_policy" "policy" {
-  count = local.kms_enabled && var.authorize_kms ? length(local.policy_targets) : 0
+  count = var.kms_enabled && var.authorize_kms ? length(local.policy_targets) : 0
 
   source_service_name         = "containers-kubernetes"
   target_service_name         = local.policy_targets[count.index]
diff --git a/variables.tf b/variables.tf
@@ -95,6 +95,12 @@ variable "cos_id" {
   description = "The crn of the COS instance that will be used with the OCP instance"
 }
 
+variable "kms_enabled" {
+  type        = bool
+  description = "Flag indicating that kms encryption should be enabled for this cluster"
+  default     = false
+}
+
 variable "kms_id" {
   type        = string
   description = "The crn of the KMS instance that will be used to encrypt the cluster."
