fix: added extra KMS validation logic (#223)

main.tf

@@ -62,6 +62,8 @@ locals {
   # tflint-ignore: terraform_unused_declarations
   validate_encryption_inputs = var.enable_cos_kms_encryption && (var.cos_kms_crn == null || var.cos_kms_crn == "") ? tobool("A value must be passed for 'cos_kms_crn' when 'enable_cos_kms_encryption' is set to true") : true
 
+  # tflint-ignore: terraform_unused_declarations
+  validate_enable_cos_kms_encryption = (var.cos_kms_crn != null || var.cos_kms_key_crn != null) && var.enable_cos_kms_encryption == false ? tobool("If a value for 'cos_kms_crn' or 'cos_kms_key_crn' is passed then 'enable_cos_kms_encryption' must be set to true") : true
 }
 
 data "ibm_iam_auth_token" "restapi" {

tests/pr_test.go

@@ -152,11 +152,12 @@ func TestWithExistingKP(t *testing.T) {
 				},
 			},
 			TerraformVars: map[string]interface{}{
-				"location":            validRegions[rand.Intn(len(validRegions))],
-				"resource_group_name": prefix,
-				"provider_visibility": "public",
-				"cos_kms_crn":         terraform.Output(t, existingTerraformOptions, "key_protect_crn"),
-				"cos_kms_key_crn":     terraform.Output(t, existingTerraformOptions, "kms_key_crn"),
+				"location":                  validRegions[rand.Intn(len(validRegions))],
+				"resource_group_name":       prefix,
+				"provider_visibility":       "public",
+				"enable_cos_kms_encryption": true,
+				"cos_kms_crn":               terraform.Output(t, existingTerraformOptions, "key_protect_crn"),
+				"cos_kms_key_crn":           terraform.Output(t, existingTerraformOptions, "kms_key_crn"),
 			},
 		})
 
@@ -178,3 +179,89 @@ func TestWithExistingKP(t *testing.T) {
 	}
 
 }
+
+func TestRunUpgradeExistingKP(t *testing.T) {
+	t.Parallel()
+
+	// ------------------------------------------------------------------------------------
+	// Provision KP first
+	// ------------------------------------------------------------------------------------
+
+	prefix := fmt.Sprintf("kp-ut-%s", strings.ToLower(random.UniqueId()))
+	realTerraformDir := "./resources/kp-instance"
+	tempTerraformDir, _ := files.CopyTerraformFolderToTemp(realTerraformDir, fmt.Sprintf(prefix+"-%s", strings.ToLower(random.UniqueId())))
+	region := "us-south"
+
+	// Verify ibmcloud_api_key variable is set
+	checkVariable := "TF_VAR_ibmcloud_api_key"
+	val, present := os.LookupEnv(checkVariable)
+	require.True(t, present, checkVariable+" environment variable not set")
+	require.NotEqual(t, "", val, checkVariable+" environment variable is empty")
+
+	logger.Log(t, "Tempdir: ", tempTerraformDir)
+	existingTerraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+		TerraformDir: tempTerraformDir,
+		Vars: map[string]interface{}{
+			"prefix": prefix,
+			"region": region,
+		},
+		// Set Upgrade to true to ensure latest version of providers and modules are used by terratest.
+		// This is the same as setting the -upgrade=true flag with terraform.
+		Upgrade: true,
+	})
+
+	terraform.WorkspaceSelectOrNew(t, existingTerraformOptions, prefix)
+	_, existErr := terraform.InitAndApplyE(t, existingTerraformOptions)
+	if existErr != nil {
+		assert.True(t, existErr == nil, "Init and Apply of temp existing resource failed")
+	} else {
+
+		// ------------------------------------------------------------------------------------
+		// Upgrade test for watsonx DA passing in existing KP details
+		// ------------------------------------------------------------------------------------
+
+		options := testhelper.TestOptionsDefault(&testhelper.TestOptions{
+			Testing:      t,
+			TerraformDir: rootDaDir,
+			Prefix:       "existing-kp-upg",
+			IgnoreDestroys: testhelper.Exemptions{ // Ignore for consistency check
+				List: []string{
+					"module.configure_user.null_resource.configure_user",
+					"module.configure_user.null_resource.restrict_access",
+				},
+			},
+			IgnoreUpdates: testhelper.Exemptions{ // Ignore for consistency check
+				List: []string{
+					"module.configure_user.null_resource.configure_user",
+					"module.configure_user.null_resource.restrict_access",
+				},
+			},
+			TerraformVars: map[string]interface{}{
+				"location":                  validRegions[rand.Intn(len(validRegions))],
+				"resource_group_name":       prefix,
+				"provider_visibility":       "public",
+				"enable_cos_kms_encryption": true,
+				"cos_kms_crn":               terraform.Output(t, existingTerraformOptions, "key_protect_crn"),
+			},
+		})
+
+		output, err := options.RunTestUpgrade()
+		if !options.UpgradeTestSkipped {
+			assert.Nil(t, err, "This should not have errored")
+			assert.NotNil(t, output, "Expected some output")
+		}
+	}
+
+	// Check if "DO_NOT_DESTROY_ON_FAILURE" is set
+	envVal, _ := os.LookupEnv("DO_NOT_DESTROY_ON_FAILURE")
+	// Destroy the temporary existing resources if required
+	if t.Failed() && strings.ToLower(envVal) == "true" {
+		fmt.Println("Terratest failed. Debug the test and delete resources manually.")
+	} else {
+		logger.Log(t, "START: Destroy (existing resources)")
+		terraform.Destroy(t, existingTerraformOptions)
+		terraform.WorkspaceDelete(t, existingTerraformOptions, prefix)
+		logger.Log(t, "END: Destroy (existing resources)")
+	}
+
+}