fix: fix bug in the DA which can occur when using BYOK / KYOK for dat…

…a encryption, but using the default ICD key for backups encryption (#474) Co-authored-by: Jordan-Williams2 <[email protected]> Co-authored-by: Conall Ó Cofaigh <[email protected]>
terraform-ibm-modules · Jan 31, 2025 · 122511f · 122511f
1 parent 18a0d17
commit 122511f
Showing 1 changed file with 15 additions and 10 deletions.
diff --git a/main.tf b/main.tf
@@ -30,30 +30,35 @@ locals {
 # Parse info from KMS key CRNs
 ########################################################################################################################
 
+locals {
+  parse_kms_key        = !var.use_ibm_owned_encryption_key
+  parse_backup_kms_key = !var.use_ibm_owned_encryption_key && !var.use_default_backup_encryption_key
+}
+
 module "kms_key_crn_parser" {
-  count   = var.use_ibm_owned_encryption_key ? 0 : 1
+  count   = local.parse_kms_key ? 1 : 0
   source  = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser"
   version = "1.1.0"
   crn     = var.kms_key_crn
 }
 
 module "backup_key_crn_parser" {
-  count   = var.use_ibm_owned_encryption_key ? 0 : 1
+  count   = local.parse_backup_kms_key ? 1 : 0
   source  = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser"
   version = "1.1.0"
   crn     = local.backup_encryption_key_crn
 }
 
 # Put parsed values into locals
 locals {
-  kms_service                  = !var.use_ibm_owned_encryption_key ? module.kms_key_crn_parser[0].service_name : null
-  kms_account_id               = !var.use_ibm_owned_encryption_key ? module.kms_key_crn_parser[0].account_id : null
-  kms_key_id                   = !var.use_ibm_owned_encryption_key ? module.kms_key_crn_parser[0].resource : null
-  kms_key_instance_guid        = !var.use_ibm_owned_encryption_key ? module.kms_key_crn_parser[0].service_instance : null
-  backup_kms_service           = !var.use_ibm_owned_encryption_key ? module.backup_key_crn_parser[0].service_name : null
-  backup_kms_account_id        = !var.use_ibm_owned_encryption_key ? module.backup_key_crn_parser[0].account_id : null
-  backup_kms_key_id            = !var.use_ibm_owned_encryption_key ? module.backup_key_crn_parser[0].resource : null
-  backup_kms_key_instance_guid = !var.use_ibm_owned_encryption_key ? module.backup_key_crn_parser[0].service_instance : null
+  kms_service                  = local.parse_kms_key ? module.kms_key_crn_parser[0].service_name : null
+  kms_account_id               = local.parse_kms_key ? module.kms_key_crn_parser[0].account_id : null
+  kms_key_id                   = local.parse_kms_key ? module.kms_key_crn_parser[0].resource : null
+  kms_key_instance_guid        = local.parse_kms_key ? module.kms_key_crn_parser[0].service_instance : null
+  backup_kms_service           = local.parse_backup_kms_key ? module.backup_key_crn_parser[0].service_name : null
+  backup_kms_account_id        = local.parse_backup_kms_key ? module.backup_key_crn_parser[0].account_id : null
+  backup_kms_key_id            = local.parse_backup_kms_key ? module.backup_key_crn_parser[0].resource : null
+  backup_kms_key_instance_guid = local.parse_backup_kms_key ? module.backup_key_crn_parser[0].service_instance : null
 }
 
 ########################################################################################################################