Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add description for keys and force_delete for deleteKeyRings for IBM KMS #4767

Merged
merged 13 commits into from
Sep 14, 2023
Merged

Add description for keys and force_delete for deleteKeyRings for IBM KMS #4767

merged 13 commits into from
Sep 14, 2023

Conversation

william8siew
Copy link
Contributor

@william8siew william8siew commented Aug 25, 2023
edited
Loading

Community Note

Changelog:

  • Upgraded key protect Go SDK from v0.10.0 to v0.12.2
  • Highlighted Deprecation in docs for ibm_kp_key resource that has been replaced with ibm_kms_key
  • Added 'description' as resource and data source for resources ibm_kms_key, ibm_kms_keys, ibm_kms_key_with_policy_overrides along with tests
  • Fixed previously failing instance policy test as regex contained unescaped brackets
  • Fixed previously failing instance policy test where a required flag was not passed in
  • Made 'payload' a sensitive attribute for ibm_kms_key and kms_key_with_policy_overrides, this means it no longer exposed in logs from terraform output
  • Added 'force_delete' flag to ibm_kms_key_rings, along with new terraform Update function specifically to support this operation
  • Remove 409 silencing for KeyRing delete
  • Changed docs for resources with expiration_date to specify an example time without milliseconds. We do not store up to the milliseconds in KP so for terraform, the same value used before will always indicate a 'change' and a replacement.
  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Relates OR Closes #0000

Output from acceptance testing:

This failure TestAccIBMKMSResource_Key_Alias_Key_Limit is due to a known bug
Only other failures are due to 429 rate limits and for resources we did not touch

(base) wsiew@Williams-MacBook-Pro terraform-provider-ibm % make testacc TEST=./ibm/service/kms TESTARGS='-run=TestAccIBMKMS'   
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./ibm/service/kms -v -run=TestAccIBMKMS -timeout 700m
[WARN] Set the environment variable IBM_APPID_TENANT_ID for testing AppID resources, AppID tests will fail if this is not set
[WARN] Set the environment variable IBM_APPID_TEST_USER_EMAIL for testing AppID user resources, the tests will fail if this is not set
[WARN] Set the environment variable IBM_ORG for testing ibm_org  resource Some tests for that resource will fail if this is not set correctly
[WARN] Set the environment variable IBM_SPACE for testing ibm_space  resource Some tests for that resource will fail if this is not set correctly
[WARN] Set the environment variable IBM_ID1 for testing ibm_space resource Some tests for that resource will fail if this is not set correctly
[WARN] Set the environment variable IBM_ID2 for testing ibm_space resource Some tests for that resource will fail if this is not set correctly
[WARN] Set the environment variable IBM_IAMUSER for testing ibm_iam_user_policy resource Some tests for that resource will fail if this is not set correctly
[WARN] Set the environment variable IBM_IAMACCOUNTID for testing ibm_iam_trusted_profile resource Some tests for that resource will fail if this is not set correctly
[WARN] Set the environment variable IBM_IAM_SERVICE_ID for testing ibm_iam_trusted_profile_identity resource Some tests for that resource will fail if this is not set correctly
[WARN] Set the environment variable IBM_IAM_TRUSTED_PROFILE_ID for testing ibm_iam_trusted_profile_identity resource Some tests for that resource will fail if this is not set correctly
[WARN] Set the environment variable IBM_DATACENTER for testing ibm_container_cluster resource else it is set to default value 'par01'
[WARN] Set the environment variable IBM_MACHINE_TYPE for testing ibm_container_cluster resource else it is set to default value 'b3c.4x16'
[WARN] Set the environment variable IBM_CERT_CRN for testing ibm_container_alb_cert or ibm_container_ingress_secret_tls resource else it is set to default value
[WARN] Set the environment variable IBM_UPDATE_CERT_CRN for testing ibm_container_alb_cert or ibm_container_ingress_secret_tls resource else it is set to default value
[WARN] Set the environment variable IBM_SECRET_CRN for testing ibm_container_ingress_secret_opaque resource else it is set to default value
[WARN] Set the environment variable IBM_SECRET_CRN_2 for testing ibm_container_ingress_secret_opaque resource else it is set to default value
[WARN] Set the environment variable IBM_INGRESS_INSTANCE_CRN for testing ibm_container_ingress_instance resource. Some tests for that resource will fail if this is not set correctly
[WARN] Set the environment variable IBM_INGRESS_INSTANCE_SECRET_GROUP_ID for testing ibm_container_ingress_instance resource. Some tests for that resource will fail if this is not set correctly
[WARN] Set the environment variable IBM_CONTAINER_REGION for testing ibm_container resources else it is set to default value 'eu-de'
[WARN] Set the environment variable IBM_CIS_INSTANCE with a VALID CIS Instance NAME for testing ibm_cis resources on staging/test
[WARN] Set the environment variable IBM_CIS_DOMAIN_STATIC with the Domain name registered with the CIS instance on test/staging. Domain must be predefined in CIS to avoid CIS billing costs due to domain delete/create
[WARN] Set the environment variable IBM_CIS_DOMAIN_TEST with a VALID Domain name for testing the one time create and delete of a domain in CIS. Note each create/delete will trigger a monthly billing instance. Only to be run in staging/test
[WARN] Set the environment variable IBM_CIS_RESOURCE_GROUP with the resource group for the CIS Instance 
[WARN] Set the environment variable IBM_COS_CRN with a VALID COS instance CRN for testing ibm_cos_* resources
[WARN] Set the environment variable IBM_COS_Bucket_CRN with a VALID BUCKET CRN for testing ibm_cos_bucket* resources
[WARN] Set the environment variable IBM_COS_BUCKET_NAME with a VALID BUCKET Name for testing ibm_cos_bucket* resources
[WARN] Set the environment variable IBM_COS_NAME with a VALID COS instance name for testing resources with cos deps
[WARN] Set the environment variable IBM_TRUSTED_MACHINE_TYPE for testing ibm_container_cluster resource else it is set to default value 'mb1c.16x64'
[WARN] Set the environment variable IBM_BM_EXTENDED_HW_TESTING to true/false for testing ibm_compute_bare_metal resource else it is set to default value 'false'
[WARN] Set the environment variable IBM_PUBLIC_VLAN_ID for testing ibm_container_cluster resource else it is set to default value '2393319'
[WARN] Set the environment variable IBM_PRIVATE_VLAN_ID for testing ibm_container_cluster resource else it is set to default value '2393321'
[WARN] Set the environment variable IBM_KUBE_VERSION for testing ibm_container_cluster resource else it is set to default value '1.18.14'
[WARN] Set the environment variable IBM_KUBE_UPDATE_VERSION for testing ibm_container_cluster resource else it is set to default value '1.19.6'
[WARN] Set the environment variable IBM_PRIVATE_SUBNET_ID for testing ibm_container_cluster resource else it is set to default value '1636107'
[WARN] Set the environment variable IBM_PUBLIC_SUBNET_ID for testing ibm_container_cluster resource else it is set to default value '1165645'
[WARN] Set the environment variable IBM_SUBNET_ID for testing ibm_container_cluster resource else it is set to default value '1165645'
[INFO] Set the environment variable IBM_IPSEC_DATACENTER for testing ibm_ipsec_vpn resource else it is set to default value 'tok02'
[INFO] Set the environment variable IBM_IPSEC_CUSTOMER_SUBNET_ID for testing ibm_ipsec_vpn resource else it is set to default value '123456'
[INFO] Set the environment variable IBM_IPSEC_CUSTOMER_PEER_IP for testing ibm_ipsec_vpn resource else it is set to default value '192.168.0.1'
[WARN] Set the environment variable IBM_LBAAS_DATACENTER for testing ibm_lbaas resource else it is set to default value 'dal13'
[WARN] Set the environment variable IBM_LBAAS_SUBNETID for testing ibm_lbaas resource else it is set to default value '2144241'
[WARN] Set the environment variable IBM_LB_LISTENER_CERTIFICATE_INSTANCE for testing ibm_is_lb_listener resource for https redirect else it is set to default value 'crn:v1:staging:public:cloudcerts:us-south:a/2d1bace7b46e4815a81e52c6ffeba5cf:af925157-b125-4db2-b642-adacb8b9c7f5:certificate:c81627a1bf6f766379cc4b98fd2a44ed'
[WARN] Set the environment variable IBM_DEDICATED_HOSTNAME for testing ibm_compute_vm_instance resource else it is set to default value 'terraform-dedicatedhost'
[WARN] Set the environment variable IBM_DEDICATED_HOST_ID for testing ibm_compute_vm_instance resource else it is set to default value '30301'
[WARN] Set the environment variable IBM_WORKER_POOL_ZONE for testing ibm_container_worker_pool_zone_attachment resource else it is set to default value 'ams03'
[WARN] Set the environment variable IBM_WORKER_POOL_ZONE_PRIVATE_VLAN for testing ibm_container_worker_pool_zone_attachment resource else it is set to default value '2538975'
[WARN] Set the environment variable IBM_WORKER_POOL_ZONE_PUBLIC_VLAN for testing ibm_container_worker_pool_zone_attachment resource else it is set to default value '2538967'
[WARN] Set the environment variable IBM_WORKER_POOL_ZONE_UPDATE_PRIVATE_VLAN for testing ibm_container_worker_pool_zone_attachment resource else it is set to default value '2388377'
[WARN] Set the environment variable IBM_WORKER_POOL_ZONE_UPDATE_PUBLIC_VLAN for testing ibm_container_worker_pool_zone_attachment resource else it is set to default value '2388375'
[WARN] Set the environment variable IBM_WORKER_POOL_SECONDARY_STORAGE for testing secondary_storage attachment to IKS workerpools
[WARN] Set the environment variable IBM_PLACEMENT_GROUP_NAME for testing ibm_compute_vm_instance resource else it is set to default value 'terraform-group'
[INFO] Set the environment variable SL_REGION for testing ibm_is_region datasource else it is set to default value 'us-south'
[INFO] Set the environment variable SL_ZONE for testing ibm_is_zone datasource else it is set to default value 'us-south-1'
[INFO] Set the environment variable SL_ZONE_2 for testing ibm_is_zone datasource else it is set to default value 'us-south-2'
[INFO] Set the environment variable SL_ZONE_3 for testing ibm_is_zone datasource else it is set to default value 'us-south-3'
[INFO] Set the environment variable SL_CIDR for testing ibm_is_subnet else it is set to default value '10.240.0.0/24'
[INFO] Set the environment variable SL_CIDR_2 for testing ibm_is_subnet else it is set to default value '10.240.64.0/24'
[INFO] Set the environment variable SL_CIDR_2 for testing ibm_is_subnet else it is set to default value '10.240.64.0/24'
[INFO] Set the environment variable SL_CIDR_2 for testing ibm_is_instance datasource else it is set to default value './test-fixtures/.ssh/pkcs8_rsa.pub'
[INFO] Set the environment variable IS_PRIVATE_SSH_KEY_PATH for testing ibm_is_instance datasource else it is set to default value './test-fixtures/.ssh/pkcs8_rsa'
[INFO] Set the environment variable SL_RESOURCE_GROUP_ID for testing with different resource group id else it is set to default value 'c01d34dff4364763476834c990398zz8'
[INFO] Set the environment variable IS_IMAGE for testing ibm_is_instance, ibm_is_floating_ip else it is set to default value 'r006-907911a7-0ffe-467e-8821-3cc9a0d82a39'
[INFO] Set the environment variable IS_WIN_IMAGE for testing ibm_is_instance data source else it is set to default value 'r006-d2e0d0e9-0a4f-4c45-afd7-cab787030776'
[INFO] Set the environment variable IS_COS_BUCKET_NAME for testing ibm_is_image_export_job else it is set to default value 'bucket-27200-lwx4cfvcue'
[INFO] Set the environment variable IS_COS_BUCKET_CRN for testing ibm_is_image_export_job else it is set to default value 'bucket-27200-lwx4cfvcue'
[INFO] Set the environment variable IS_INSTANCE_NAME for testing ibm_is_instance resource else it is set to default value 'instance-01'
[INFO] Set the environment variable IS_BACKUP_POLICY_JOB_ID for testing ibm_is_backup_policy_job datasource
[INFO] Set the environment variable IS_BACKUP_POLICY_ID for testing ibm_is_backup_policy_jobs datasource
[INFO] Set the environment variable IS_REMOTE_CP_BAAS_ENCRYPTION_KEY_CRN for testing remote_copies_policy with Baas plans, else it is set to default value, 'crn:v1:bluemix:public:kms:us-south:a/dffc98a0f1f0f95f6613b3b752286b87:e4a29d1a-2ef0-42a6-8fd2-350deb1c647e:key:5437653b-c4b1-447f-9646-b2a2a4cd6179'
[INFO] Set the environment variable SL_INSTANCE_PROFILE for testing ibm_is_instance resource else it is set to default value 'cx2-2x4'
[INFO] Set the environment variable SL_KMS_INSTANCE_ID for testing ibm_kms_key resource else it is set to default value '30222bb5-1c6d-3834-8d78-ae6348cf8z61'
[INFO] Set the environment variable SL_KMS_KEY_NAME for testing ibm_kms_key resource else it is set to default value 'tfp-test-key'
[INFO] Set the environment variable SL_INSTANCE_PROFILE_UPDATE for testing ibm_is_instance resource else it is set to default value 'cx2-4x8'
[INFO] Set the environment variable IS_BARE_METAL_SERVER_PROFILE for testing ibm_is_bare_metal_server resource else it is set to default value 'bx2-metal-192x768'
[INFO] Set the environment variable IsBareMetalServerImage for testing ibm_is_bare_metal_server resource else it is set to default value 'r006-2d1f36b0-df65-4570-82eb-df7ae5f778b1'
[INFO] Set the environment variable IS_DNS_INSTANCE_CRN for testing ibm_is_lb resource else it is set to default value 'crn:v1:staging:public:dns-svcs:global:a/efe5afc483594adaa8325e2b4d1290df:82df2e3c-53a5-43c6-89ce-dcf78be18668::'
[INFO] Set the environment variable IS_DNS_INSTANCE_CRN1 for testing ibm_is_lb resource else it is set to default value 'crn:v1:staging:public:dns-svcs:global:a/efe5afc483594adaa8325e2b4d1290df:599ae4aa-c554-4a88-8bb2-b199b9a3c046::'
[INFO] Set the environment variable IS_DNS_ZONE_ID for testing ibm_is_lb resource else it is set to default value 'dd501d1d-490b-4bb4-a05d-a31954a1c59e'
[INFO] Set the environment variable IS_DNS_ZONE_ID_1 for testing ibm_is_lb resource else it is set to default value 'b1def78d-51b3-4ea5-a746-1b64c992fcab'
[INFO] Set the environment variable IS_DEDICATED_HOST_NAME for testing ibm_is_instance resource else it is set to default value 'tf-dhost-01'
[INFO] Set the environment variable IS_DEDICATED_HOST_GROUP_ID for testing ibm_is_instance resource else it is set to default value '0717-9104e7b5-77ad-44ad-9eaa-091e6b6efce1'
[INFO] Set the environment variable IS_DEDICATED_HOST_PROFILE for testing ibm_is_instance resource else it is set to default value 'bx2d-host-152x608'
[INFO] Set the environment variable IS_DEDICATED_HOST_GROUP_CLASS for testing ibm_is_instance resource else it is set to default value 'bx2d'
[INFO] Set the environment variable IS_DEDICATED_HOST_GROUP_FAMILY for testing ibm_is_instance resource else it is set to default value 'balanced'
[INFO] Set the environment variable SL_INSTANCE_PROFILE for testing ibm_is_instance resource else it is set to default value 'bx2d-16x64'
[INFO] Set the environment variable IS_SHARE_PROFILE for testing ibm_is_instance resource else it is set to default value 'tier-3iops'
[INFO] Set the environment variable IS_VOLUME_PROFILE for testing ibm_is_volume_profile else it is set to default value 'general-purpose'
[INFO] Set the environment variable IS_VIRTUAL_NETWORK_INTERFACE for testing ibm_is_virtual_network_interface else it is set to default value 'c93dc4c6-e85a-4da2-9ea6-f24576256122'
[INFO] Set the environment variable IS_UNATTACHED_BOOT_VOLUME_NAME for testing ibm_is_image else it is set to default value 'r006-1cbe9f0a-7101-4d25-ae72-2a2d725e530e'
[INFO] Set the environment variable IS_VSI_DATA_VOLUME_ID for testing ibm_is_image else it is set to default value 'r006-1cbe9f0a-7101-4d25-ae72-2a2d725e530e'
[INFO] Set the environment variable SL_ROUTE_NEXTHOP else it is set to default value '10.0.0.4'
[INFO] Set the environment variable ISSnapshotCRN for ibm_is_snapshot resource else it is set to default value 'crn:v1:bluemix:public:is:ca-tor:a/xxxxxxxx::snapshot:xxxx-xxxxc-xxx-xxxx-xxxx-xxxxxxxxxx'
[INFO] Set the environment variable ICD_DB_REGION for testing ibm_cloud_databases else it is set to default value 'eu-gb'
[INFO] Set the environment variable ICD_DB_DEPLOYMENT_ID for testing ibm_cloud_databases else it is set to default value 'crn:v1:bluemix:public:databases-for-redis:au-syd:a/40ddc34a953a8c02f10987b59085b60e:5042afe1-72c2-4231-89cc-c949e5d56251::'
[INFO] Set the environment variable ICD_DB_BACKUP_ID for testing ibm_cloud_databases else it is set to default value 'crn:v1:bluemix:public:databases-for-redis:au-syd:a/40ddc34a953a8c02f10987b59085b60e:5042afe1-72c2-4231-89cc-c949e5d56251:backup:0d862fdb-4faa-42e5-aecb-5057f4d399c3'
[INFO] Set the environment variable ICD_DB_TASK_ID for testing ibm_cloud_databases else it is set to default value 'crn:v1:bluemix:public:databases-for-redis:au-syd:a/40ddc34a953a8c02f10987b59085b60e:367b0a22-05bb-41e3-a1ed-ded1ff0889e5:task:882013a6-2751-4df7-a77a-98d258638704'
[INFO] Set the environment variable PI_IMAGE for testing ibm_pi_image resource else it is set to default value '7200-03-03'
[INFO] Set the environment variable PI_SAP_IMAGE for testing ibm_pi_image resource else it is set to default value 'Linux-RHEL-SAP-8-2'
[INFO] Set the environment variable PI_IMAGE_BUCKET_NAME for testing ibm_pi_image resource else it is set to default value 'images-public-bucket'
[INFO] Set the environment variable PI_IMAGE_BUCKET_FILE_NAME for testing ibm_pi_image resource else it is set to default value 'rhel.ova.gz'
[INFO] Set the environment variable PI_IMAGE_BUCKET_ACCESS_KEY for testing ibm_pi_image_export resource else it is set to default value 'images-bucket-access-key'
[INFO] Set the environment variable PI_IMAGE_BUCKET_SECRET_KEY for testing ibm_pi_image_export resource else it is set to default value 'PI_IMAGE_BUCKET_SECRET_KEY'
[INFO] Set the environment variable PI_IMAGE_BUCKET_REGION for testing ibm_pi_image_export resource else it is set to default value 'us-east'
[INFO] Set the environment variable PI_KEY_NAME for testing ibm_pi_key_name resource else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_NETWORK_NAME for testing ibm_pi_network_name resource else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_VOLUME_NAME for testing ibm_pi_network_name resource else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_VOLUME_ID for testing ibm_pi_volume_flash_copy_mappings resource else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_REPLICATION_VOLUME_NAME for testing ibm_pi_volume resource else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_VOLUME_ONBARDING_SOURCE_CRN for testing ibm_pi_volume_onboarding resource else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_AUXILIARY_VOLUME_NAME for testing ibm_pi_volume_onboarding resource else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_VOLUME_GROUP_NAME for testing ibm_pi_volume_group resource else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_VOLUME_GROUP_ID for testing ibm_pi_volume_group_storage_details data source else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_VOLUME_ONBOARDING_ID for testing ibm_pi_volume_onboarding resource else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_CLOUDINSTANCE_ID for testing ibm_pi_image resource else it is set to default value 'd16705bd-7f1a-48c9-9e0e-1c17b71e7331'
[INFO] Set the environment variable PI_PVM_INSTANCE_ID for testing Pi_instance_name resource else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_DHCP_ID for testing ibm_pi_dhcp resource else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_CLOUD_CONNECTION_NAME for testing ibm_pi_cloud_connection resource else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_SAP_PROFILE_ID for testing ibm_pi_sap_profile resource else it is set to default value 'terraform-test-power'
[WARN] Set the environment variable PI_PLACEMENT_GROUP_NAME for testing ibm_pi_placement_group resource else it is set to default value 'tf-pi-placement-group'
[WARN] Set the environment variable PI_SPP_PLACEMENT_GROUP_ID for testing ibm_pi_spp_placement_group resource else it is set to default value 'tf-pi-spp-placement-group'
[INFO] Set the environment variable PI_STORAGE_POOL for testing ibm_pi_storage_pool_capacity else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_STORAGE_TYPE for testing ibm_pi_storage_type_capacity else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_CAPTURE_STORAGE_IMAGE_PATH for testing Pi_capture_storage_image_path resource else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_CAPTURE_CLOUD_STORAGE_ACCESS_KEY for testing Pi_capture_cloud_storage_access_key resource else it is set to default value 'terraform-test-power'
[INFO] Set the environment variable PI_CAPTURE_CLOUD_STORAGE_SECRET_KEY for testing Pi_capture_cloud_storage_secret_key resource else it is set to default value 'terraform-test-power'
[WARN] Set the environment variable PI_SHARED_PROCESSOR_POOL_ID for testing ibm_pi_shared_processor_pool resource else it is set to default value 'tf-pi-shared-processor-pool'
[INFO] Set the environment variable SCHEMATICS_WORKSPACE_ID for testing schematics resources else it is set to default value
[INFO] Set the environment variable SCHEMATICS_TEMPLATE_ID for testing schematics resources else it is set to default value
[INFO] Set the environment variable SCHEMATICS_ACTION_ID for testing schematics resources else it is set to default value
[INFO] Set the environment variable SCHEMATICS_JOB_ID for testing schematics resources else it is set to default value
[INFO] Set the environment variable SCHEMATICS_REPO_URL for testing schematics resources else tests will fail if this is not set correctly
[INFO] Set the environment variable SCHEMATICS_REPO_BRANCH for testing schematics resources else tests will fail if this is not set correctly
[WARN] Set the environment variable IMAGE_COS_URL with a VALID COS Image SQL URL for testing ibm_is_image resources on staging/test
[WARN] Set the environment variable IMAGE_COS_URL_ENCRYPTED with a VALID COS Image SQL URL for testing ibm_is_image resources on staging/test
[WARN] Set the environment variable IMAGE_OPERATING_SYSTEM with a VALID Operating system for testing ibm_is_image resources on staging/test
[INFO] Set the environment variable IS_IMAGE_NAME for testing data source ibm_is_image else it is set to default value `ibm-ubuntu-18-04-1-minimal-amd64-2`
[INFO] Set the environment variable IS_IMAGE_ENCRYPTED_DATA_KEY for testing resource ibm_is_image else it is set to default value
[INFO] Set the environment variable IS_IMAGE_ENCRYPTION_KEY for testing resource ibm_is_image else it is set to default value
[INFO] Set the environment variable IBM_FUNCTION_NAMESPACE for testing ibm_function_package, ibm_function_action, ibm_function_rule, ibm_function_trigger resource else  tests will fail if this is not set correctly
[INFO] Set the environment variable HPCS_INSTANCE_ID for testing data_source_ibm_kms_key_test else it is set to default value
[INFO] Set the environment variable SECRETS_MANAGER_INSTANCE_ID for testing Secrets Manager's tests else tests will fail if this is not set correctly
[INFO] Set the environment variable SECRETS_MANAGER_INSTANCE_REGION for testing Secrets Manager's tests else tests will fail if this is not set correctly
[INFO] Set the environment variable SECRETS_MANAGER_EN_INSTANCE_CRN for testing Event Notifications for Secrets Manager tests else tests will fail if this is not set correctly
[INFO] Set the environment variable SECRETS_MANAGER_EN_INSTANCE_CRN for testing IAM Credentials secret's tests else tests will assume that IAM Credentials engine is already configured and fail if not set correctly
[INFO] Set the environment variable SECRETS_MANAGER_IAM_CREDENTIALS_SECRET_SERVICE_ID or SECRETS_MANAGER_IAM_CREDENTIALS_SECRET_ACCESS_GROUP for testing IAM Credentials secret's tests, else tests fail if not set correctly
[INFO] Set the environment variable SECRETS_MANAGER_PUBLIC_CERTIFICATE_LETS_ENCRYPT_ENVIRONMENT for testing public certificate's tests, else it is set to default value ('production'). For public certificate's tests, tests will fail if this is not set correctly
[INFO] Set the environment variable SECRETS_MANAGER_PUBLIC_CERTIFICATE_LETS_ENCRYPT_PRIVATE_KEY for testing public certificate's tests, else tests fail if not set correctly
[INFO] Set the environment variable SECRETS_MANAGER_PUBLIC_CERTIFICATE_COMMON_NAME for testing public certificate's tests, else tests fail if not set correctly
[INFO] Set the environment variable SECRETS_MANAGER_VALIDATE_MANUAL_DNS_CIS_ZONE_ID for testing validate manual dns' test, else tests fail if not set correctly
[INFO] Set the environment variable SECRETS_MANAGER_PUBLIC_CERTIFICATE_CIS_CRN for testing public certificate's tests, else tests fail if not set correctly
[INFO] Set the environment variable SECRETS_MANAGER_PUBLIC_CLASSIC_INFRASTRUCTURE_USERNAME for testing public certificate's tests, else tests fail if not set correctly
[INFO] Set the environment variable SECRETS_MANAGER_PUBLIC_CLASSIC_INFRASTRUCTURE_PASSWORD for testing public certificate's tests, else tests fail if not set correctly
[INFO] Set the environment variable SECRETS_MANAGER_IMPORTED_CERTIFICATE_PATH_TO_CERTIFICATE for testing imported certificate's tests, else tests fail if not set correctly
[INFO] Set the environment variable SECRETS_MANAGER_SECRET_TYPE for testing data_source_ibm_secrets_manager_secrets_test, else it is set to default value. For data_source_ibm_secrets_manager_secret_test, tests will fail if this is not set correctly
[WARN] Set the environment variable SECRETS_MANAGER_SECRET_ID for testing data_source_ibm_secrets_manager_secret_test else tests will fail if this is not set correctly
[INFO] Set the environment variable IBM_TG_CROSS_ACCOUNT_API_KEY for testing ibm_tg_connection resource else  tests will fail if this is not set correctly
[INFO] Set the environment variable IBM_TG_CROSS_ACCOUNT_ID for testing ibm_tg_connection resource else  tests will fail if this is not set correctly
[INFO] Set the environment variable IBM_TG_CROSS_NETWORK_ID for testing ibm_tg_connection resource else  tests will fail if this is not set correctly
[INFO] Set the environment variable IBM_TG_POWER_VS_NETWORK_ID for testing ibm_tg_connection resource else tests will fail if this is not set correctly
[INFO] Set the environment variable ACCOUNT_TO_BE_IMPORTED for testing import enterprise account resource else  tests will fail if this is not set correctly
[WARN] Set the environment variable IBM_HPCS_ADMIN1 with a VALID HPCS Admin Key1 Path
[WARN] Set the environment variable IBM_HPCS_TOKEN1 with a VALID token for HPCS Admin Key1
[WARN] Set the environment variable IBM_HPCS_ADMIN2 with a VALID HPCS Admin Key2 Path
[WARN] Set the environment variable IBM_IAM_REALM_NAME with a VALID realm name for iam trusted profile claim rule
[WARN] Set the environment variable IBM_IAM_IKS_SA with a VALID realm name for iam trusted profile link
[WARN] Set the environment variable IBM_HPCS_TOKEN2 with a VALID token for HPCS Admin Key2
[WARN] Set the environment variable IBM_HPCS_ROOTKEY_CRN with a VALID CRN for a root key created in the HPCS instance
[WARN] Set the environment variable SCC_GOVERNANCE_ACCOUNT_ID with a VALID account name
[WARN] Set the environment variable IBM_SCC_RESOURCE_GROUP with a VALID resource group id
[INFO] Set the environment variable SCC_SI_ACCOUNT for testing SCC SI resources resource else  tests will fail if this is not set correctly
[INFO] Set the environment variable IBM_CLOUD_SHELL_ACCOUNT_ID for ibm-cloud-shell resource or datasource else tests will fail if this is not set correctly
[WARN] Set the environment variable IBM_CLUSTER_VPC_ID for testing ibm_container_vpc_alb_create resources, ibm_container_vpc_alb_create tests will fail if this is not set
[WARN] Set the environment variable IBM_CLUSTER_VPC_SUBNET_ID for testing ibm_container_vpc_alb_create resources, ibm_container_vpc_alb_creates tests will fail if this is not set
[WARN] Set the environment variable IBM_CLUSTER_VPC_RESOURCE_GROUP_ID for testing ibm_container_vpc_alb_create resources, ibm_container_vpc_alb_creates tests will fail if this is not set
[INFO] Set the environment variable IBM_CONTAINER_CLUSTER_NAME for ibm_container_nlb_dns resource or datasource else tests will fail if this is not set correctly
[INFO] Set the environment variable SATELLITE_LOCATION_ID for ibm_cos_bucket satellite location resource or datasource else tests will fail if this is not set correctly
[INFO] Set the environment variable SATELLITE_RESOURCE_INSTANCE_ID for ibm_cos_bucket satellite location resource or datasource else tests will fail if this is not set correctly
[INFO] Set the environment variable IBM_CONTAINER_DEDICATEDHOST_POOL_ID for ibm_container_vpc_cluster resource to test dedicated host functionality
[INFO] Set the environment variable IBM_KMS_INSTANCE_ID for ibm_container_vpc_cluster resource or datasource else tests will fail if this is not set correctly
[INFO] Set the environment variable IBM_CRK_ID for ibm_container_vpc_cluster resource or datasource else tests will fail if this is not set correctly
[INFO] Set the environment variable IBM_KMS_ACCOUNT_ID for ibm_container_vpc_cluster resource or datasource else tests will fail if this is not set correctly
[INFO] Set the environment variable IBM_CLUSTER_ID for ibm_container_vpc_worker_pool resource or datasource else tests will fail if this is not set correctly
[WARN] Set the environment variable IBM_CD_RESOURCE_GROUP_NAME for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_APPCONFIG_INSTANCE_NAME for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_KEYPROTECT_INSTANCE_NAME for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_SECRETSMANAGER_INSTANCE_NAME for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_SLACK_CHANNEL_NAME for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_SLACK_TEAM_NAME for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_SLACK_WEBHOOK for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_JIRA_PROJECT_KEY for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_JIRA_API_URL for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_JIRA_USERNAME for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_JIRA_API_TOKEN for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_SAUCELABS_ACCESS_KEY for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_SAUCELABS_USERNAME for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_BITBUCKET_REPO_URL for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_GITHUB_CONSOLIDATED_REPO_URL for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_GITLAB_REPO_URL for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_HOSTED_GIT_REPO_URL for testing CD resources, CD tests will fail if this is not set
[WARN] Set the environment variable IBM_CD_EVENTNOTIFICATIONS_INSTANCE_NAME for testing CD resources, CD tests will fail if this is not set
[INFO] Set the environment variable IS_CERTIFICATE_CRN for testing ibm_is_vpn_server resource
[INFO] Set the environment variable IS_CLIENT_CA_CRN for testing ibm_is_vpn_server resource
[INFO] Set the environment variable IBM_AccountID_REPL for setting up authorization policy to enable replication feature resource or datasource else tests will fail if this is not set correctly
[WARN] Set the environment variable COS_API_KEY for testing COS targets, the tests will fail if this is not set
[WARN] Set the environment variable INGESTION_KEY for testing Logdna targets, the tests will fail if this is not set
[WARN] Set the environment variable IES_API_KEY for testing Event streams targets, the tests will fail if this is not set
[WARN] Set the environment variable IBM_CODE_ENGINE_RESOURCE_GROUP_ID with the resource group for Code Engine
[WARN] Set the environment variable IBM_CODE_ENGINE_PROJECT_INSTANCE_ID with the ID of a Code Engine project instance
[WARN] Set the environment variable IBM_CODE_ENGINE_SERVICE_INSTANCE_ID with the ID of a IBM Cloud service instance, e.g. for COS
[WARN] Set the environment variable IBM_CODE_ENGINE_RESOURCE_KEY_ID with the ID of a resource key to access a service instance
=== RUN   TestAccIBMKMSDataSourceKeyPolicy_basicNew
--- PASS: TestAccIBMKMSDataSourceKeyPolicy_basicNew (46.04s)
=== RUN   TestAccIBMKMSKeyRingDataSource_basic
--- PASS: TestAccIBMKMSKeyRingDataSource_basic (39.45s)
=== RUN   TestAccIBMKMSKeyDataSource_basic
--- PASS: TestAccIBMKMSKeyDataSource_basic (47.35s)
=== RUN   TestAccIBMKMSKeyDataSource_description
--- PASS: TestAccIBMKMSKeyDataSource_description (43.49s)
=== RUN   TestAccIBMKMSKeyDataSource_Key
--- PASS: TestAccIBMKMSKeyDataSource_Key (47.83s)
=== RUN   TestAccIBMKMSKeyDataSourceHPCS_basic
    data_source_ibm_kms_key_test.go:78: 
--- SKIP: TestAccIBMKMSKeyDataSourceHPCS_basic (0.00s)
=== RUN   TestAccIBMKMSDataSource_basic
--- PASS: TestAccIBMKMSDataSource_basic (47.92s)
=== RUN   TestAccIBMKMSHPCSDataSource_basic
    data_source_ibm_kms_keys_test.go:36: 
--- SKIP: TestAccIBMKMSHPCSDataSource_basic (0.00s)
=== RUN   TestAccIBMKMSKeyDataSource_Keys
--- PASS: TestAccIBMKMSKeyDataSource_Keys (48.58s)
=== RUN   TestAccIBMKMSInstancePolicy_basic_check
--- PASS: TestAccIBMKMSInstancePolicy_basic_check (48.00s)
=== RUN   TestAccIBMKMSInstancePolicy_rotation_check
--- PASS: TestAccIBMKMSInstancePolicy_rotation_check (39.21s)
=== RUN   TestAccIBMKMSInstancePolicy_dualAuth_check
--- PASS: TestAccIBMKMSInstancePolicy_dualAuth_check (39.27s)
=== RUN   TestAccIBMKMSInstancePolicy_metrics_check
--- PASS: TestAccIBMKMSInstancePolicy_metrics_check (40.65s)
=== RUN   TestAccIBMKMSInstancePolicy_kcia_check
--- PASS: TestAccIBMKMSInstancePolicy_kcia_check (39.07s)
=== RUN   TestAccIBMKMSInstancePolicy_kcia_attributes_check
--- PASS: TestAccIBMKMSInstancePolicy_kcia_attributes_check (39.92s)
=== RUN   TestAccIBMKMSInstancePolicyWithKey
--- PASS: TestAccIBMKMSInstancePolicyWithKey (43.89s)
=== RUN   TestAccIBMKMSInstancePolicy_invalid_interval_check
--- PASS: TestAccIBMKMSInstancePolicy_invalid_interval_check (0.35s)
=== RUN   TestAccIBMKMSResource_Key_Alias_Name
--- PASS: TestAccIBMKMSResource_Key_Alias_Name (51.96s)
=== RUN   TestAccIBMKMSResource_Key_Alias_Duplicate
--- PASS: TestAccIBMKMSResource_Key_Alias_Duplicate (38.41s)
=== RUN   TestAccIBMKMSResource_Key_Alias_Key_Check
--- PASS: TestAccIBMKMSResource_Key_Alias_Key_Check (85.62s)
=== RUN   TestAccIBMKMSResource_Key_Alias_Key_Limit
    resource_ibm_kms_key_alias_test.go:139: Step 1/1, expected an error but got none
--- FAIL: TestAccIBMKMSResource_Key_Alias_Key_Limit (46.78s)
=== RUN   TestAccIBMKMSKeyPolicy_basic_check
--- PASS: TestAccIBMKMSKeyPolicy_basic_check (59.53s)
=== RUN   TestAccIBMKMSKeyPolicy_basic_check_enable
    resource_ibm_kms_key_policies_test.go:51: Step 1/3 error: Error running second post-apply plan: exit status 1
        
        Error: [ERROR] Error retrieving resource instance: You do not have the required permissions for this operation. Contact the account owner to verify your access. with resp code: {
            "StatusCode": 403,
            "Headers": {
                "Cache-Control": [
                    "max-age=0, no-cache, no-store"
                ],
                "Content-Length": [
                    "360"
                ],
                "Content-Type": [
                    "application/json; charset=utf-8"
                ],
                "Date": [
                    "Fri, 01 Sep 2023 02:02:12 GMT"
                ],
                "Expires": [
                    "Fri, 01 Sep 2023 02:02:12 GMT"
                ],
                "Pragma": [
                    "no-cache"
                ],
                "Request-Id": [
                    "754398bc-26cf-4fbc-867d-b98ff3aa693f"
                ],
                "Retry-After": [
                    "0"
                ],
                "Server": [
                    "istio-envoy"
                ],
                "Set-Cookie": [
                    "ak_bmsc=F89CADF745862484664113756B5A1E78~000000000000000000000000000000~YAAQkGRCF8znfEqKAQAAQQB6ThTDxeiJPfvG2zhqOMw815mGlZfz3wA/XfqWFWUMlECyZMYufgRfz7boNx4AT3SjzxNhbPwd/SJcixMZw1LbXyliAwKfThzJUytlfUNjz3IG/D/JOhXzXrkEvRrgJF8quXs7EdwMUSr6zSna3NEB+gdpK4bEDP0lMxerb3nc8toXAzNPofEDvgAyvWmELJ6vsqIDTDiHZBtDt5sBxYYwydMRUp+UVtFZ6OLm3G4AXTpYWqQ6j8d1YvX7vFi+eMG3TTimdRwv5xr3vMnPIKSh8VqFvJiu+PaO17QdoLVOvkeyAAT1iqxtyaQvhJga2SnL/9N3U7MTEYJ07ehFXt+87ywYB3yejS3pfUvWm4ehSr6rYYNdoZ47KW3gemQT2C4=; Domain=.test.cloud.ibm.com; Path=/; Expires=Fri, 01 Sep 2023 04:02:10 GMT; Max-Age=7198; HttpOnly"
                ],
                "Strict-Transport-Security": [
                    "max-age=31536000;includeSubDomains"
                ],
                "Transaction-Id": [
                    "bss-6ccd7bdd1a08cde9"
                ],
                "X-Content-Type-Options": [
                    "nosniff"
                ],
                "X-Envoy-Upstream-Service-Time": [
                    "2509"
                ],
                "X-Global-Transaction-Id": [
                    "bss-6ccd7bdd1a08cde9"
                ],
                "X-Op-Completion-Time": [
                    ""
                ],
                "X-Ratelimit-Limit": [
                    "100"
                ],
                "X-Ratelimit-Remaining": [
                    "99"
                ],
                "X-Ratelimit-Reset": [
                    "0"
                ],
                "X-Request-Id": [
                    "754398bc-26cf-4fbc-867d-b98ff3aa693f"
                ],
                "X-Transaction-Id": [
                    "bss-6ccd7bdd1a08cde9"
                ]
            },
            "Result": {
                "details": "API error code: 429 calling https://iam.test.cloud.ibm.com/v2/authz/bulk for txid: bss-6ccd7bdd1a08cde9 Details: invalid character 'E' looking for beginning of value",
                "message": "You do not have the required permissions for this operation. Contact the account owner to verify your access.",
                "status_code": 403,
                "transaction_id": "bss-6ccd7bdd1a08cde9"
            },
            "RawResult": null
        }
        
        
          with data.ibm_kms_key.test2,
          on terraform_plugin_test.tf line 26, in data "ibm_kms_key" "test2":
          26:     data "ibm_kms_key" "test2" {
        
--- FAIL: TestAccIBMKMSKeyPolicy_basic_check_enable (52.25s)
=== RUN   TestAccIBMKMSKeyPolicy_rotation_check
    resource_ibm_kms_key_policies_test.go:90: Step 1/1 error: Error running post-apply plan: exit status 1
        
        Error: [ERROR] Error retrieving resource instance: You do not have the required permissions for this operation. Contact the account owner to verify your access. with resp code: {
            "StatusCode": 403,
            "Headers": {
                "Cache-Control": [
                    "max-age=0, no-cache, no-store"
                ],
                "Content-Length": [
                    "360"
                ],
                "Content-Type": [
                    "application/json; charset=utf-8"
                ],
                "Date": [
                    "Fri, 01 Sep 2023 02:02:58 GMT"
                ],
                "Expires": [
                    "Fri, 01 Sep 2023 02:02:58 GMT"
                ],
                "Pragma": [
                    "no-cache"
                ],
                "Request-Id": [
                    "1057bf8b-de56-4f1e-898a-30182315fa1e"
                ],
                "Retry-After": [
                    "0"
                ],
                "Server": [
                    "istio-envoy"
                ],
                "Set-Cookie": [
                    "ak_bmsc=A77C0E0DFEAC0CDBF2BAAF8D5D1F67CF~000000000000000000000000000000~YAAQn6o3F6oUzyyKAQAAr7F6ThTk4JbsL8pRvSslEhdvorEdR76zusr9Xcg+/VZ20VUxllpmyv2AgO+EIXe3e7hw0u7zDtk82uPqx3mADlOpb04Vzg03JEcLCvcNnzQ1hrz7FEjGA3lo9I1w21SWko4wqOvutbCVe4QcYpCzikWLwvuGTXjA61xnQwR+GI2fzfCJUFPAFhBZk0VEVxdAM12H1EnpjPIJ41g+2TkV5SXRQwDA1mviRhPvh0FPV65/g7fgAIvbDjvMBysxGjmqD/VKKkkiwBS49PunVvHC52n12jLBt2sILnG905O1X/sxgMZHWtp+9IVMkzC1MA3racOm2nSxzskX9vbbJ4StA3WfPc3fANLSMDBV14XqCNwvdDvvopwSkB7dtrIPMPn/yYI=; Domain=.test.cloud.ibm.com; Path=/; Expires=Fri, 01 Sep 2023 04:02:54 GMT; Max-Age=7196; HttpOnly"
                ],
                "Strict-Transport-Security": [
                    "max-age=31536000;includeSubDomains"
                ],
                "Transaction-Id": [
                    "bss-134fadd83a3a3441"
                ],
                "X-Content-Type-Options": [
                    "nosniff"
                ],
                "X-Envoy-Upstream-Service-Time": [
                    "3401"
                ],
                "X-Global-Transaction-Id": [
                    "bss-134fadd83a3a3441"
                ],
                "X-Op-Completion-Time": [
                    ""
                ],
                "X-Ratelimit-Limit": [
                    "100"
                ],
                "X-Ratelimit-Remaining": [
                    "99"
                ],
                "X-Ratelimit-Reset": [
                    "0"
                ],
                "X-Request-Id": [
                    "1057bf8b-de56-4f1e-898a-30182315fa1e"
                ],
                "X-Transaction-Id": [
                    "bss-134fadd83a3a3441"
                ]
            },
            "Result": {
                "details": "API error code: 429 calling https://iam.test.cloud.ibm.com/v2/authz/bulk for txid: bss-134fadd83a3a3441 Details: invalid character 'E' looking for beginning of value",
                "message": "You do not have the required permissions for this operation. Contact the account owner to verify your access.",
                "status_code": 403,
                "transaction_id": "bss-134fadd83a3a3441"
            },
            "RawResult": null
        }
        
        
          with data.ibm_kms_key.test2,
          on terraform_plugin_test.tf line 22, in data "ibm_kms_key" "test2":
          22:     data "ibm_kms_key" "test2" {
        
--- FAIL: TestAccIBMKMSKeyPolicy_rotation_check (44.24s)
=== RUN   TestAccIBMKMSKeyPolicy_dualAuth_check
--- PASS: TestAccIBMKMSKeyPolicy_dualAuth_check (61.05s)
=== RUN   TestAccIBMKMSKeyPolicy_dualAuth_check_with_Alias
--- PASS: TestAccIBMKMSKeyPolicy_dualAuth_check_with_Alias (51.38s)
=== RUN   TestAccIBMKMSResource_Key_Ring_Name
--- PASS: TestAccIBMKMSResource_Key_Ring_Name (41.40s)
=== RUN   TestAccIBMKMSResource_Key_Ring_Key
--- PASS: TestAccIBMKMSResource_Key_Ring_Key (59.64s)
=== RUN   TestAccIBMKMSResource_Key_Ring_Not_Exist
--- PASS: TestAccIBMKMSResource_Key_Ring_Not_Exist (32.80s)
=== RUN   TestAccIBMKMSResource_Key_Ring_ForceDeleteFalse
--- PASS: TestAccIBMKMSResource_Key_Ring_ForceDeleteFalse (68.92s)
=== RUN   TestAccIBMKMSResource_Key_Ring_ForceDeleteTrue
--- PASS: TestAccIBMKMSResource_Key_Ring_ForceDeleteTrue (71.25s)
=== RUN   TestAccIBMKMSResource_Key_Ring_ForceDeleteTrueContainsActiveKeys
--- PASS: TestAccIBMKMSResource_Key_Ring_ForceDeleteTrueContainsActiveKeys (68.43s)
=== RUN   TestAccIBMKMSResource_basic
    resource_ibm_kms_key_test.go:29: Step 5/6 error: Error running apply: exit status 1
        
        Error: [ERROR] Error when creating resource instance: This plan requires a paid account. You can upgrade by adding a credit card to your account or you can select the free plan if it's available. with resp code: {
            "StatusCode": 400,
            "Headers": {
                "Cache-Control": [
                    "max-age=0, no-cache, no-store"
                ],
                "Content-Length": [
                    "214"
                ],
                "Content-Type": [
                    "application/json; charset=utf-8"
                ],
                "Date": [
                    "Fri, 01 Sep 2023 02:12:04 GMT"
                ],
                "Expires": [
                    "Fri, 01 Sep 2023 02:12:04 GMT"
                ],
                "Pragma": [
                    "no-cache"
                ],
                "Request-Id": [
                    "bss-167dce91060bdfd3-0"
                ],
                "Retry-After": [
                    "0"
                ],
                "Server": [
                    "istio-envoy"
                ],
                "Set-Cookie": [
                    "ak_bmsc=4649B13A56C49849A687587265C1C94D~000000000000000000000000000000~YAAQE2bNFw73OUqKAQAATgeDThR3iUbhYMTsMkBOLTQSIujYZyh1/J0GgIKqYOVA6bARWOEr8YN/BglD8hx4fH30KbWzlwdb8prY/yV0LP5mlLeaFvWRl3r99zL99UhqzhRHczgxNX1Kr70QYiyevCL0ps0nSaCcts2/Bm+eGtt4lyENziqoz45rg4GTdlsLcz/5mVgcFSK8K15ko9e7wNxabw37UiAERvCJi+4kQuyoEDlRxaZOxSdZJpB3CIQA+pDuxqIpVZ89/HAHStdfdLJMcjNs8UrxkR0sFDc8RFjE6q1Ra7Y56GhLIpYnbed2cNCsagBlfIy8TVONXkIx23vafVmKmKTHWgyVEKMYJ3TMm1//m+6eqN8G7231A3x1E96UKUmcSNk3WLtxjmKWClk=; Domain=.test.cloud.ibm.com; Path=/; Expires=Fri, 01 Sep 2023 04:12:03 GMT; Max-Age=7199; HttpOnly"
                ],
                "Strict-Transport-Security": [
                    "max-age=31536000;includeSubDomains"
                ],
                "Transaction-Id": [
                    "bss-167dce91060bdfd3-0"
                ],
                "X-Content-Type-Options": [
                    "nosniff"
                ],
                "X-Envoy-Upstream-Service-Time": [
                    "1141"
                ],
                "X-Global-Transaction-Id": [
                    "bss-167dce91060bdfd3-0"
                ],
                "X-Op-Completion-Time": [
                    ""
                ],
                "X-Ratelimit-Limit": [
                    "100"
                ],
                "X-Ratelimit-Remaining": [
                    "97"
                ],
                "X-Ratelimit-Reset": [
                    "0"
                ],
                "X-Request-Id": [
                    "bss-167dce91060bdfd3-0"
                ],
                "X-Transaction-Id": [
                    "bss-167dce91060bdfd3-0"
                ]
            },
            "Result": {
                "message": "This plan requires a paid account. You can upgrade by adding a credit card to your account or you can select the free plan if it's available.",
                "status_code": 400,
                "transaction_id": "bss-167dce91060bdfd3"
            },
            "RawResult": null
        }
        
        
          with ibm_resource_instance.cos_instance,
          on terraform_plugin_test.tf line 16, in resource "ibm_resource_instance" "cos_instance":
          16:   resource "ibm_resource_instance" "cos_instance" {
        
--- FAIL: TestAccIBMKMSResource_basic (104.96s)
=== RUN   TestAccIBMKMSHPCSResource_basic
    resource_ibm_kms_key_test.go:78: 
--- SKIP: TestAccIBMKMSHPCSResource_basic (0.00s)
=== RUN   TestAccIBMKMSResource_ValidExpDate
--- PASS: TestAccIBMKMSResource_ValidExpDate (55.50s)
=== RUN   TestAccIBMKMSResource_InvalidExpDate
    resource_ibm_kms_key_test.go:141: Step 2/2, expected an error with pattern, no match on: Error running pre-apply refresh: exit status 1
        
        Error: [ERROR] Error retrieving resource instance: You do not have the required permissions for this operation. Contact the account owner to verify your access. with resp code: {
            "StatusCode": 403,
            "Headers": {
                "Cache-Control": [
                    "max-age=0, no-cache, no-store"
                ],
                "Content-Length": [
                    "360"
                ],
                "Content-Type": [
                    "application/json; charset=utf-8"
                ],
                "Date": [
                    "Fri, 01 Sep 2023 02:13:56 GMT"
                ],
                "Expires": [
                    "Fri, 01 Sep 2023 02:13:56 GMT"
                ],
                "Pragma": [
                    "no-cache"
                ],
                "Request-Id": [
                    "2868b923-63c0-4e94-be2b-7a5b812cf246"
                ],
                "Retry-After": [
                    "0"
                ],
                "Server": [
                    "istio-envoy"
                ],
                "Set-Cookie": [
                    "ak_bmsc=0F1B228EBB4CD62FC9C07CC27A3AAA97~000000000000000000000000000000~YAAQn6o3F3mZzyyKAQAAOLyEThTy7dzAwubkADZe4fQzRzzdYSqOvvZppBvvZoy+z0CSekCtNxMKQGSTa+BnANV3rMiUm2hoIVIFJMge1GzuQlxqVYghEeDInOUhOItGNw68540DkQl1uAb4+gn3ic5mVOhRsgGbZzd/d/ZwtJ2rKoMfAO3Ikc9O9k1bjjWt1kTU6FuDVa3IfXbEW3kZznyV2q09vowG/3Aa62npYsV7D7d4/QXV2mP8FVLBGkUKBH7YosvR+uHxtSbNbDidyfzSOh4yBrYL5pK0m8STKAPHQPH35b4un+Y1Lt5DYRgjpADl6jRKGDV4k+OAPxKh7SbR6xCrLPQPRFRRtugjGD4t7XLilzo07teGgLeXSSUFNKwFq+mAdxd0G5x6Uq8yMVU=; Domain=.test.cloud.ibm.com; Path=/; Expires=Fri, 01 Sep 2023 04:13:52 GMT; Max-Age=7196; HttpOnly"
                ],
                "Strict-Transport-Security": [
                    "max-age=31536000;includeSubDomains"
                ],
                "Transaction-Id": [
                    "bss-c86470cdd620918d"
                ],
                "X-Content-Type-Options": [
                    "nosniff"
                ],
                "X-Envoy-Upstream-Service-Time": [
                    "4000"
                ],
                "X-Global-Transaction-Id": [
                    "bss-c86470cdd620918d"
                ],
                "X-Op-Completion-Time": [
                    ""
                ],
                "X-Ratelimit-Limit": [
                    "100"
                ],
                "X-Ratelimit-Remaining": [
                    "98"
                ],
                "X-Ratelimit-Reset": [
                    "0"
                ],
                "X-Request-Id": [
                    "2868b923-63c0-4e94-be2b-7a5b812cf246"
                ],
                "X-Transaction-Id": [
                    "bss-c86470cdd620918d"
                ]
            },
            "Result": {
                "details": "API error code: 429 calling https://iam.test.cloud.ibm.com/v2/authz/bulk for txid: bss-c86470cdd620918d Details: invalid character 'E' looking for beginning of value",
                "message": "You do not have the required permissions for this operation. Contact the account owner to verify your access.",
                "status_code": 403,
                "transaction_id": "bss-c86470cdd620918d"
            },
            "RawResult": null
        }
        
        
          with ibm_resource_instance.kms_instance,
          on terraform_plugin_test.tf line 3, in resource "ibm_resource_instance" "kms_instance":
           3:   resource "ibm_resource_instance" "kms_instance" {
        
--- FAIL: TestAccIBMKMSResource_InvalidExpDate (43.60s)
=== RUN   TestAccIBMKMSKeyWithPolicyOverridesResource_basic
--- PASS: TestAccIBMKMSKeyWithPolicyOverridesResource_basic (94.98s)
=== RUN   TestAccIBMKMSKeyWithPolicyOverridesResource_ValidExpDate
--- PASS: TestAccIBMKMSKeyWithPolicyOverridesResource_ValidExpDate (62.88s)
=== RUN   TestAccIBMKMSKeyWithPolicyOverridesResource_InvalidExpDate
--- PASS: TestAccIBMKMSKeyWithPolicyOverridesResource_InvalidExpDate (35.92s)
=== RUN   TestAccIBMKMSKeyWithPolicyOverridesResource_Policies
--- PASS: TestAccIBMKMSKeyWithPolicyOverridesResource_Policies (55.68s)
=== RUN   TestAccIBMKMSKeyWithPolicyOverridesResource_update
--- PASS: TestAccIBMKMSKeyWithPolicyOverridesResource_update (71.03s)
FAIL
FAIL    github.com/IBM-Cloud/terraform-provider-ibm/ibm/service/kms     1970.672s
FAIL
make: *** [testacc] Error 1

wsiew added 4 commits August 25, 2023 14:38
updated go sdk to v0.12.2, added description to kms_key, made payload…
20087cf 
… sensitive for kms_key and others, fixed docs where expiration date specified milliseconds which forces perma replacement in terraform, made deprecation for kp_key in docs more visible
fix regex failures of intervalcheck for kms policies
7ddd413
add force_delete flag to key_ring, not enabled yet
67c036b
Update examples for deprecated resource to highlight it is deprecated
86e71be
Giakhanh-Hoang
Giakhanh-Hoang reviewed Aug 29, 2023
View reviewed changes
website/docs/r/kms_key_rings.html.markdown Outdated Show resolved Hide resolved
examples/ibm-key-protect/README.md Outdated Show resolved Hide resolved
ibm/service/kms/data_source_ibm_kms_keys.go Show resolved Hide resolved
@william8siew
Copy link
Contributor Author

Tested force delete in preprod
1)Update force_delete first

ibm_kms_key_rings.key_ring: Refreshing state... [id=key-ring-id:keyRing:crn:v1:staging:public:kms:preprod:a/66079351849844ddbc8f9782bfae6b06:3686fae4-cc92-4dfd-9cc6-97cafd97d905::]
ibm_kms_key.test: Refreshing state... [id=crn:v1:staging:public:kms:preprod:a/66079351849844ddbc8f9782bfae6b06:3686fae4-cc92-4dfd-9cc6-97cafd97d905:key:41963ba3-908e-46dd-ab10-33329cd6b8d4]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # ibm_kms_key_rings.key_ring will be updated in-place
  ~ resource "ibm_kms_key_rings" "key_ring" {
      ~ force_delete  = false -> true
        id            = "key-ring-id:keyRing:crn:v1:staging:public:kms:preprod:a/66079351849844ddbc8f9782bfae6b06:3686fae4-cc92-4dfd-9cc6-97cafd97d905::"
        # (3 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

ibm_kms_key_rings.key_ring: Modifying... [id=key-ring-id:keyRing:crn:v1:staging:public:kms:preprod:a/66079351849844ddbc8f9782bfae6b06:3686fae4-cc92-4dfd-9cc6-97cafd97d905::]
ibm_kms_key_rings.key_ring: Modifications complete after 2s [id=key-ring-id:keyRing:crn:v1:staging:public:kms:preprod:a/66079351849844ddbc8f9782bfae6b06:3686fae4-cc92-4dfd-9cc6-97cafd97d905::]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
  1. Remove the key ring resoruce from .tf file
ibm_kms_key.test: Refreshing state... [id=crn:v1:staging:public:kms:preprod:a/66079351849844ddbc8f9782bfae6b06:3686fae4-cc92-4dfd-9cc6-97cafd97d905:key:41963ba3-908e-46dd-ab10-33329cd6b8d4]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # ibm_kms_key_rings.key_ring will be destroyed
  # (because ibm_kms_key_rings.key_ring is not in configuration)
  - resource "ibm_kms_key_rings" "key_ring" {
      - endpoint_type = "public" -> null
      - force_delete  = true -> null
      - id            = "key-ring-id:keyRing:crn:v1:staging:public:kms:preprod:a/66079351849844ddbc8f9782bfae6b06:3686fae4-cc92-4dfd-9cc6-97cafd97d905::" -> null
      - instance_id   = "3686fae4-cc92-4dfd-9cc6-97cafd97d905" -> null
      - key_ring_id   = "key-ring-id" -> null
    }

Plan: 0 to add, 0 to change, 1 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

ibm_kms_key_rings.key_ring: Destroying... [id=key-ring-id:keyRing:crn:v1:staging:public:kms:preprod:a/66079351849844ddbc8f9782bfae6b06:3686fae4-cc92-4dfd-9cc6-97cafd97d905::]
ibm_kms_key_rings.key_ring: Destruction complete after 1s

Apply complete! Resources: 0 added, 0 changed, 1 destroyed.
(base) wsiew@Williams-MacBook-Pro ibm-key-protect %
  1. Verified from CLI that key ring no longer exists in instance
(base) wsiew@Williams-MacBook-Pro GithubStuff % ibmcloud kp key-rings -i 3686fae4-cc92-4dfd-9cc6-97cafd97d905
Listing key rings...
OK
Key Ring ID   
default

stephaniegalang
stephaniegalang suggested changes Sep 5, 2023
View reviewed changes
website/docs/r/kp_key.html.markdown Show resolved Hide resolved
ibm/service/kms/data_source_ibm_kms_keys.go Outdated Show resolved Hide resolved
ibm/service/kms/resource_ibm_kms_key_rings.go Outdated Show resolved Hide resolved
ibm/service/kms/data_source_ibm_kms_key_test.go Outdated Show resolved Hide resolved
joealewine
joealewine reviewed Sep 5, 2023
View reviewed changes
Copy link

@joealewine joealewine left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All minor things.

examples/ibm-key-protect/README.md
Comment on lines +20 to +22
## Deprecation Notice

The resource `ibm_kp_key` is deprecated and replaced with `ibm_kms_key`.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be helpful to say when the deprecation started/took effect.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unfortunately, i dont know. But by my guesses it was over a year ago to 2 years ago

ibm/service/kms/resource_ibm_kms_key_rings.go Outdated Show resolved Hide resolved
ibm/service/kms/resource_ibm_kms_key_rings_test.go Show resolved Hide resolved
website/docs/r/kms_key_rings.html.markdown Outdated Show resolved Hide resolved
@william8siew
Copy link
Contributor Author

@hkantare could you help merge this PR? Need this one to make the next release

hkantare
hkantare reviewed Sep 11, 2023
View reviewed changes
ibm/service/kms/resource_ibm_kms_key.go
"description": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change in description is forceNew?
We can't update description of the key?

Copy link
Contributor Author

@william8siew william8siew Sep 11, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this is actually correct. Key Protect does not have a PATCH endpoint for keys.

Edit: we do, but it only supports changing keyRingID, but this functionality is something we have also not added to terraform

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also if you look at the KMSKeyUpdate function it doesnt do anything really

@hkantare hkantare merged commit 93cc90a into IBM-Cloud:master Sep 14, 2023
2 checks passed
@BrunoHenriques BrunoHenriques mentioned this pull request Oct 3, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Giakhanh-Hoang Giakhanh-Hoang Giakhanh-Hoang left review comments

@stephaniegalang stephaniegalang stephaniegalang approved these changes

@joealewine joealewine joealewine approved these changes

@BrunoHenriques BrunoHenriques BrunoHenriques approved these changes

@hkantare hkantare Awaiting requested review from hkantare

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@william8siew @BrunoHenriques @hkantare @joealewine @stephaniegalang @Giakhanh-Hoang