Updates auth policy and kms encryption (#26)

Sean Sundberg · web-flow · commit 4c1651d8c60a · 2021-05-05T06:34:09.000Z
- Removes auth policy logic to be handled in separate module
- Updates kms variables in metadata

Signed-off-by: Sean Sundberg &lt;seansund@us.ibm.com&gt;
diff --git a/main.tf b/main.tf
@@ -123,17 +123,9 @@ data ibm_is_subnet vpc_subnet {
   identifier = local.vpc_subnets[count.index].id
 }
 
-resource "ibm_iam_authorization_policy" "policy" {
-  count = var.kms_enabled && var.authorize_kms ? length(local.policy_targets) : 0
-
-  source_service_name         = "containers-kubernetes"
-  target_service_name         = local.policy_targets[count.index]
-  roles                       = ["Reader"]
-}
-
 resource ibm_container_vpc_cluster cluster {
   count = !var.exists ? 1 : 0
-  depends_on = [null_resource.print_resources, ibm_iam_authorization_policy.policy]
+  depends_on = [null_resource.print_resources]
 
   name              = local.cluster_name
   vpc_id            = local.vpc_id
diff --git a/module.yaml b/module.yaml
@@ -26,11 +26,9 @@ versions:
       refs:
         - source: github.com/cloud-native-toolkit/terraform-ibm-vpc-subnets
           version: ">= 1.0.0"
-    - id: kms
+    - id: kms_key
       refs:
-        - source: github.com/cloud-native-toolkit/terraform-ibm-key-protect
-          version: ">= 1.0.0"
-        - source: github.com/cloud-native-toolkit/terraform-ibm-hpcs
+        - source: github.com/cloud-native-toolkit/terraform-ibm-kms-key
           version: ">= 1.0.0"
       optional: true
   variables:
@@ -56,10 +54,13 @@ versions:
         output: id
     - name: kms_id
       moduleRef:
-        id: kms
-        output: guid
+        id: kms_key
+        output: kms_id
       optional: true
     - name: kms_key_id
+      moduleRef:
+        id: kms_key
+        output: id
       optional: true
     - name: name_prefix
       scope: global
@@ -76,4 +77,3 @@ versions:
     - name: exists
       scope: module
     - name: ocp_entitlement
-      scope: ignore
diff --git a/variables.tf b/variables.tf
@@ -98,13 +98,13 @@ variable "kms_enabled" {
 variable "kms_id" {
   type        = string
   description = "The crn of the KMS instance that will be used to encrypt the cluster."
-  default     = ""
+  default     = null
 }
 
 variable "kms_key_id" {
   type        = string
   description = "The id of the root key in the KMS instance that will be used to encrypt the cluster."
-  default     = ""
+  default     = null
 }
 
 variable "kms_private_endpoint" {
@@ -113,12 +113,6 @@ variable "kms_private_endpoint" {
   default     = true
 }
 
-variable "authorize_kms" {
-  type        = bool
-  description = "Flag indicating that the authorization between the kms and the service should be created."
-  default     = true
-}
-
 variable "login" {
   type        = bool
   description = "Flag indicating that after the cluster is provisioned, the module should log into the cluster"
