feat: The following DA variables have been renamed:<br>- sm_key_name -> kms_key_name, sm_key_ring_name -> kms_key_ring_name (#93)

Author: shemau

solutions/standard/main.tf

@@ -13,9 +13,9 @@ module "resource_group" {
 # KMS Key
 #######################################################################################################################
 locals {
-  kms_key_crn = var.existing_sm_kms_key_crn != null ? var.existing_sm_kms_key_crn : module.kms[0].keys[format("%s.%s", var.sm_key_ring_name, var.sm_key_name)].crn
+  kms_key_crn = var.existing_sm_kms_key_crn != null ? var.existing_sm_kms_key_crn : module.kms[0].keys[format("%s.%s", var.kms_key_ring_name, var.kms_key_name)].crn
 }
-# KMS root key for Secrets Manager COS bucket
+# KMS root key for Secrets Manager secret encryption
 module "kms" {
   providers = {
     ibm = ibm.kms
@@ -30,12 +30,12 @@ module "kms" {
   key_endpoint_type           = var.kms_endpoint_type
   keys = [
     {
-      key_ring_name         = var.sm_key_ring_name
+      key_ring_name         = var.kms_key_ring_name
       existing_key_ring     = false
       force_delete_key_ring = true
       keys = [
         {
-          key_name                 = var.sm_key_name
+          key_name                 = var.kms_key_name
           standard_key             = false
           rotation_interval_month  = 3
           dual_auth_delete_enabled = false

solutions/standard/variables.tf

@@ -89,38 +89,42 @@ variable "existing_sm_kms_key_crn" {
   default     = null
 }
 
+########################################################################################################################
+# KMS properties required when creating an encryption key, rather than passing an existing key CRN.
+########################################################################################################################
+
 variable "kms_region" {
   type        = string
   default     = "us-south"
-  description = "The region in which KMS instance exists."
+  description = "The region in which KMS instance exists. Only required if not supplying an existing KMS root key CRN."
 }
 
 variable "existing_kms_guid" {
   type        = string
   default     = null
-  description = "The GUID of of the KMS instance used for the Secrets Manager root Key. Only required if not supplying an existing KMS root key and if 'skip_cos_kms_auth_policy' is true."
+  description = "The GUID of of the KMS instance used for the Secrets Manager root Key. Only required if not supplying an existing KMS root key CRN and if 'skip_kms_iam_authorization_policy' is true."
 }
 
 variable "kms_endpoint_type" {
   type        = string
-  description = "The type of endpoint to be used for communicating with the KMS instance. Allowed values are: 'public' or 'private' (default)"
+  description = "The type of endpoint to be used for communicating with the KMS instance. Allowed values are: 'public' or 'private' (default). Only required if not supplying an existing KMS root key CRN."
   default     = "private"
   validation {
     condition     = can(regex("public|private", var.kms_endpoint_type))
     error_message = "The kms_endpoint_type value must be 'public' or 'private'."
   }
 }
 
-variable "sm_key_ring_name" {
+variable "kms_key_ring_name" {
   type        = string
   default     = "sm-cos-key-ring"
-  description = "The name to give the Key Ring which will be created for the Secrets Manager COS bucket Key. Not used if supplying an existing Key."
+  description = "The name to give to the new KMS key ring that will be used to store the KMS key to enable advanced, customer-managed encryption for your Secrets Manager secrets. Only required if not supplying an existing KMS root key CRN."
 }
 
-variable "sm_key_name" {
+variable "kms_key_name" {
   type        = string
   default     = "sm-cos-key"
-  description = "The name to give the Key which will be created for the Secrets Manager COS bucket. Not used if supplying an existing Key."
+  description = "The name to give to the new KMS root key that will be used to enable advanced, customer-managed encryption for your Secrets Manager secrets. Only required if not supplying an existing KMS root key CRN."
 }
 
 ########################################################################################################################

tests/pr_test.go

@@ -98,7 +98,7 @@ func TestFSCloudInSchematics(t *testing.T) {
 	options.TerraformVars = []testschematic.TestSchematicTerraformVar{
 		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
 		{Name: "region", Value: options.Region, DataType: "string"},
-		{Name: "resource_group", Value: options.Prefix, DataType: "string"},
+		{Name: "prefix", Value: options.Prefix, DataType: "string"},
 		{Name: "existing_kms_instance_guid", Value: permanentResources["hpcs_south"], DataType: "string"},
 		{Name: "kms_key_crn", Value: permanentResources["hpcs_south_root_key_crn"], DataType: "string"},
 		{Name: "sm_service_plan", Value: "trial", DataType: "string"},