feat: add new output kms_account_id (#597)

README.md

@@ -149,7 +149,7 @@ For more info, see [Understanding user roles and resources](https://cloud.ibm.co
 |------|--------|---------|
 | <a name="module_cbr_rule"></a> [cbr\_rule](#module\_cbr\_rule) | terraform-ibm-modules/cbr/ibm//modules/cbr-rule-module | 1.29.0 |
 | <a name="module_existing_key_ring_keys"></a> [existing\_key\_ring\_keys](#module\_existing\_key\_ring\_keys) | terraform-ibm-modules/kms-key/ibm | v1.2.4 |
-| <a name="module_key_protect"></a> [key\_protect](#module\_key\_protect) | terraform-ibm-modules/key-protect/ibm | 2.8.8 |
+| <a name="module_key_protect"></a> [key\_protect](#module\_key\_protect) | terraform-ibm-modules/key-protect/ibm | 2.9.0 |
 | <a name="module_kms_key_rings"></a> [kms\_key\_rings](#module\_kms\_key\_rings) | terraform-ibm-modules/kms-key-ring/ibm | v2.5.0 |
 | <a name="module_kms_keys"></a> [kms\_keys](#module\_kms\_keys) | terraform-ibm-modules/kms-key/ibm | v1.2.4 |
 
@@ -194,6 +194,7 @@ For more info, see [Understanding user roles and resources](https://cloud.ibm.co
 | <a name="output_key_protect_name"></a> [key\_protect\_name](#output\_key\_protect\_name) | Key Protect Name |
 | <a name="output_key_rings"></a> [key\_rings](#output\_key\_rings) | IDs of new Key Rings created by the module |
 | <a name="output_keys"></a> [keys](#output\_keys) | IDs of new Keys created by the module |
+| <a name="output_kms_account_id"></a> [kms\_account\_id](#output\_kms\_account\_id) | The account ID of the KMS instance. |
 | <a name="output_kms_guid"></a> [kms\_guid](#output\_kms\_guid) | KMS GUID |
 | <a name="output_kms_private_endpoint"></a> [kms\_private\_endpoint](#output\_kms\_private\_endpoint) | Key Management Service instance private endpoint URL |
 | <a name="output_kms_public_endpoint"></a> [kms\_public\_endpoint](#output\_kms\_public\_endpoint) | Key Management Service instance public endpoint URL |

examples/advanced/outputs.tf

@@ -17,6 +17,11 @@ output "key_protect_guid" {
   value       = module.key_protect_all_inclusive.kms_guid
 }
 
+output "key_protect_account_id" {
+  description = "The account ID of the Key Protect instance."
+  value       = module.key_protect_all_inclusive.kms_account_id
+}
+
 output "key_protect_name" {
   description = "Key Protect Name"
   value       = module.key_protect_all_inclusive.key_protect_name

examples/basic/outputs.tf

@@ -17,6 +17,11 @@ output "key_protect_guid" {
   value       = module.key_protect_all_inclusive.kms_guid
 }
 
+output "key_protect_account_id" {
+  description = "The account ID of the Key Protect instance."
+  value       = module.key_protect_all_inclusive.kms_account_id
+}
+
 output "key_protect_name" {
   description = "Key Protect Name"
   value       = module.key_protect_all_inclusive.key_protect_name

examples/existing-resources/outputs.tf

@@ -2,6 +2,11 @@
 # Outputs
 ##############################################################################
 
+output "kms_account_id" {
+  description = "The account ID of the KMS instance."
+  value       = module.key_protect_all_inclusive.kms_account_id
+}
+
 output "key_rings" {
   description = "IDs of Key Rings created by the module"
   value       = module.key_protect_all_inclusive.key_rings

main.tf

@@ -11,6 +11,7 @@ locals {
 
   parsed_existing_kms_instance_crn = var.existing_kms_instance_crn != null ? split(":", var.existing_kms_instance_crn) : []
   existing_kms_instance_guid       = length(local.parsed_existing_kms_instance_crn) > 0 ? local.parsed_existing_kms_instance_crn[7] : null
+  existing_kms_account_id          = length(local.parsed_existing_kms_instance_crn) > 0 ? split("/", local.parsed_existing_kms_instance_crn[6])[1] : null
 
   # variable validation around new instance vs existing
   instance_validate_condition = var.create_key_protect_instance && local.existing_kms_instance_guid != null
@@ -27,6 +28,9 @@ locals {
   # set key_protect_guid as either the ID of the passed in name of instance or the one created by this module
   kms_guid = var.create_key_protect_instance ? module.key_protect[0].key_protect_guid : local.existing_kms_instance_guid
 
+  # set kms_account_id as either the ID of the passed in instance or the one created by this module
+  kms_account_id = var.create_key_protect_instance ? module.key_protect[0].key_protect_account_id : local.existing_kms_account_id
+
   # set key_protect_crn as either the crn of the passed in name of instance or the one created by this module
   kms_crn = var.create_key_protect_instance ? module.key_protect[0].key_protect_crn : var.existing_kms_instance_crn
   # tflint-ignore: terraform_unused_declarations
@@ -50,7 +54,7 @@ locals {
 module "key_protect" {
   count                             = var.create_key_protect_instance ? 1 : 0
   source                            = "terraform-ibm-modules/key-protect/ibm"
-  version                           = "2.8.8"
+  version                           = "2.9.0"
   key_protect_name                  = var.key_protect_instance_name
   region                            = var.region
   allowed_network                   = var.key_protect_allowed_network

outputs.tf

@@ -7,6 +7,11 @@ output "kms_guid" {
   value       = local.kms_guid
 }
 
+output "kms_account_id" {
+  description = "The account ID of the KMS instance."
+  value       = local.kms_account_id
+}
+
 output "key_protect_id" {
   description = "Key Protect service instance ID when an instance is created, otherwise null"
   value       = can(module.key_protect[0].key_protect_id) ? module.key_protect[0].key_protect_id : null

solutions/standard/outputs.tf

@@ -17,10 +17,16 @@ output "kms_guid" {
   value       = module.kms.kms_guid
 }
 
+output "kms_account_id" {
+  description = "The account ID of the KMS instance."
+  value       = module.kms.kms_account_id
+}
+
 output "key_protect_id" {
   description = "Key Protect instance ID when an instance is created, otherwise null"
   value       = module.kms.key_protect_id
 }
+
 output "kms_instance_crn" {
   value       = var.existing_kms_instance_crn == null ? module.kms.key_protect_crn : var.existing_kms_instance_crn
   description = "The CRN of the Hyper Protect Crypto Service instance or Key Protect instance"