IBM-Cloud · hkantare · May 25, 2022 · May 13, 2022 · May 20, 2022 · May 20, 2022
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/IBM-Cloud/terraform-provider-ibm
 go 1.16
 
 require (
-	github.com/IBM-Cloud/bluemix-go v0.0.0-20220407050707-b4cd0d4da813
+	github.com/IBM-Cloud/bluemix-go v0.0.0-20220512101601-701829d22dbc
 	github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20210705152127-41ca00fc9a62
 	github.com/IBM-Cloud/power-go-client v1.1.8
 	github.com/IBM/apigateway-go-sdk v0.0.0-20210714141226-a5d5d49caaca

diff --git a/go.sum b/go.sum
@@ -39,6 +39,12 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/IBM-Cloud/bluemix-go v0.0.0-20220407050707-b4cd0d4da813 h1:UgPApMMM6SglqB+U/EaFHyaoyaEM16RzxyiVah70g4o=
 github.com/IBM-Cloud/bluemix-go v0.0.0-20220407050707-b4cd0d4da813/go.mod h1:UOhxo7T8CdX6sdTY9Dn7rJSgyoTlz1KM9641XcPraH0=
+github.com/IBM-Cloud/bluemix-go v0.0.0-20220506091544-f67089f8d5d9 h1:zxeiJfE5hRMUH/h4hd+g9M98a4DRfUrD8nNbcteSlrc=
+github.com/IBM-Cloud/bluemix-go v0.0.0-20220506091544-f67089f8d5d9/go.mod h1:UOhxo7T8CdX6sdTY9Dn7rJSgyoTlz1KM9641XcPraH0=
+github.com/IBM-Cloud/bluemix-go v0.0.0-20220510085630-12dc05e70f29 h1:42c4MfIYppIOBymVz0WHNN3WO9zNPH+9aFNDP2ektYg=
+github.com/IBM-Cloud/bluemix-go v0.0.0-20220510085630-12dc05e70f29/go.mod h1:tfNN3lCKuA2+SQvndt0+5CjPr2qn/wdNLjrue1GrOhY=
+github.com/IBM-Cloud/bluemix-go v0.0.0-20220512101601-701829d22dbc h1:X3zq0LZyqBzsiX5KJvwzxH7Btl6M/oHqskS/2tL4B5A=
+github.com/IBM-Cloud/bluemix-go v0.0.0-20220512101601-701829d22dbc/go.mod h1:tfNN3lCKuA2+SQvndt0+5CjPr2qn/wdNLjrue1GrOhY=
 github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20210705152127-41ca00fc9a62 h1:MOkcr6qQGk4tY542ZJ1DggVh2WUP72EEyLB79llFVH8=
 github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20210705152127-41ca00fc9a62/go.mod h1:xUQL9SGAjoZFd4GNjrjjtEpjpkgU7RFXRyHesbKTjiY=
 github.com/IBM-Cloud/ibm-cloud-cli-sdk v0.5.3/go.mod h1:RiUvKuHKTBmBApDMUQzBL14pQUGKcx/IioKQPIcRQjs=

diff --git a/ibm/acctest/acctest.go b/ibm/acctest/acctest.go
@@ -90,12 +90,15 @@ var HpcsAdmin2 string
 var HpcsToken2 string
 var RealmName string
 var IksSa string
+var IksClusterID string
 var IksClusterVpcID string
 var IksClusterSubnetID string
 var IksClusterResourceGroupID string
 var IcdDbRegion string
 var IcdDbDeploymentId string
 var IcdDbBackupId string
+var KmsInstanceID string
+var CrkID string
 
 // For Power Colo
 
@@ -891,6 +894,21 @@ func init() {
 	if ClusterName == "" {
 		fmt.Println("[INFO] Set the environment variable IBM_CONTAINER_CLUSTER_NAME for ibm_container_nlb_dns resource or datasource else tests will fail if this is not set correctly")
 	}
+
+	KmsInstanceID = os.Getenv("IBM_KMS_INSTANCE_ID")
+	if KmsInstanceID == "" {
+		fmt.Println("[INFO] Set the environment variable IBM_KMS_INSTANCE_ID for ibm_container_vpc_cluster resource or datasource else tests will fail if this is not set correctly")
+	}
+
+	CrkID = os.Getenv("IBM_CRK_ID")
+	if CrkID == "" {
+		fmt.Println("[INFO] Set the environment variable IBM_CRK_ID for ibm_container_vpc_cluster resource or datasource else tests will fail if this is not set correctly")
+	}
+
+	IksClusterID = os.Getenv("IBM_CLUSTER_ID")
+	if IksClusterID == "" {
+		fmt.Println("[INFO] Set the environment variable IBM_CLUSTER_ID for ibm_container_vpc_worker_pool resource or datasource else tests will fail if this is not set correctly")
+	}
 }
 
 var TestAccProviders map[string]*schema.Provider

diff --git a/ibm/service/kubernetes/data_source_ibm_container_vpc_worker_pool.go b/ibm/service/kubernetes/data_source_ibm_container_vpc_worker_pool.go
@@ -64,6 +64,14 @@ func DataSourceIBMContainerVpcClusterWorkerPool() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"kms_instance_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"crk": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 		},
 	}
 }
@@ -98,13 +106,16 @@ func dataSourceIBMContainerVpcClusterWorkerPoolRead(d *schema.ResourceData, meta
 	d.Set("worker_pool_name", workerPool.PoolName)
 	d.Set("flavor", workerPool.Flavor)
 	d.Set("worker_count", workerPool.WorkerCount)
-	d.Set("provider", workerPool.Provider)
 	d.Set("labels", workerPool.Labels)
 	d.Set("zones", zones)
 	d.Set("cluster", clusterName)
 	d.Set("vpc_id", workerPool.VpcID)
 	d.Set("isolation", workerPool.Isolation)
 	d.Set("resource_group_id", targetEnv.ResourceGroup)
+	if workerPool.WorkerVolumeEncryption != nil {
+		d.Set("kms_instance_id", workerPool.WorkerVolumeEncryption.KmsInstanceID)
+		d.Set("crk", workerPool.WorkerVolumeEncryption.WorkerVolumeCRKID)
+	}
 	d.SetId(workerPool.ID)
 	return nil
 }
diff --git a/ibm/service/kubernetes/data_source_ibm_container_vpc_worker_pool_test.go b/ibm/service/kubernetes/data_source_ibm_container_vpc_worker_pool_test.go
@@ -37,3 +37,30 @@ func testAccCheckIBMContainerVPCClusterWorkerPoolDataSourceConfig(name string) s
 	}
 `
 }
+
+func TestAccIBMContainerVPCClusterWorkerPoolDataSourceEnvvar(t *testing.T) {
+	name := fmt.Sprintf("tf-vpc-wp-%d", acctest.RandIntRange(10, 100))
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { acc.TestAccPreCheck(t) },
+		Providers: acc.TestAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMContainerVPCClusterWorkerPoolDataSourceEnvvar(name),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.ibm_container_vpc_cluster_worker_pool.testacc_ds_worker_pool", "id"),
+					resource.TestCheckResourceAttr("data.ibm_container_vpc_cluster_worker_pool.testacc_ds_worker_pool", "crk", acc.CrkID),
+					resource.TestCheckResourceAttr("data.ibm_container_vpc_cluster_worker_pool.testacc_ds_worker_pool", "kms_instance_id", acc.KmsInstanceID),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckIBMContainerVPCClusterWorkerPoolDataSourceEnvvar(name string) string {
+	return testAccCheckIBMVpcContainerWorkerPoolEnvvar(name) + `
+	data "ibm_container_vpc_cluster_worker_pool" "testacc_ds_worker_pool" {
+	    cluster = "${ibm_container_vpc_worker_pool.test_pool.cluster}"
+	    worker_pool_name = "${ibm_container_vpc_worker_pool.test_pool.worker_pool_name}"
+	}
+`
+}
diff --git a/ibm/service/kubernetes/resource_ibm_container_vpc_cluster.go b/ibm/service/kubernetes/resource_ibm_container_vpc_cluster.go
@@ -276,6 +276,20 @@ func ResourceIBMContainerVpcCluster() *schema.Resource {
 				Computed:    true,
 				Description: "The URL of the IBM Cloud dashboard that can be used to explore and view details about this cluster",
 			},
+			"kms_instance_id": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				DiffSuppressFunc: flex.ApplyOnce,
+				Description:      "Instance ID for boot volume encryption",
+				RequiredWith:     []string{"crk"},
+			},
+			"crk": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				DiffSuppressFunc: flex.ApplyOnce,
+				Description:      "Root Key ID for boot volume encryption",
+				RequiredWith:     []string{"kms_instance_id"},
+			},
 
 			//Get Cluster info Request
 			"state": {
@@ -479,6 +493,15 @@ func resourceIBMContainerVpcClusterCreate(d *schema.ResourceData, meta interface
 		Zones:       zonesList,
 	}
 
+	if v, ok := d.GetOk("kms_instance_id"); ok {
+		crk := d.Get("crk").(string)
+		wve := v2.WorkerVolumeEncryption{
+			KmsInstanceID:     v.(string),
+			WorkerVolumeCRKID: crk,
+		}
+		workerpool.WorkerVolumeEncryption = &wve
+	}
+
 	if l, ok := d.GetOk("worker_labels"); ok {
 		labels := make(map[string]string)
 		for k, v := range l.(map[string]interface{}) {
@@ -988,6 +1011,11 @@ func resourceIBMContainerVpcClusterRead(d *schema.ResourceData, meta interface{}
 	d.Set(flex.ResourceStatus, cls.State)
 	d.Set(flex.ResourceGroupName, cls.ResourceGroupName)
 
+	if workerPool.WorkerVolumeEncryption != nil {
+		d.Set("crk", workerPool.WorkerVolumeEncryption.WorkerVolumeCRKID)
+		d.Set("kms_instance_id", workerPool.WorkerVolumeEncryption.KmsInstanceID)
+	}
+
 	return nil
 }
 

diff --git a/ibm/service/kubernetes/resource_ibm_container_vpc_cluster_test.go b/ibm/service/kubernetes/resource_ibm_container_vpc_cluster_test.go
@@ -365,3 +365,61 @@ func testAccCheckIBMContainerVpcClusterImageSecuritySetting(name, setting string
 		image_security_enforcement = %s
 	  }`, name, acc.IksClusterVpcID, acc.IksClusterResourceGroupID, acc.SubnetID, setting)
 }
+
+// This test is here to help to focus on given resources, but requires everything else existing already
+func TestAccIBMContainerVpcClusterEnvvar(t *testing.T) {
+	name := fmt.Sprintf("tf-vpc-cluster-%d", acctest.RandIntRange(10, 100))
+	var conf *v2.ClusterInfo
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { acc.TestAccPreCheck(t) },
+		Providers:    acc.TestAccProviders,
+		CheckDestroy: testAccCheckIBMContainerVpcClusterDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMContainerVpcClusterEnvvar(name),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIBMContainerVpcExists("ibm_container_vpc_cluster.cluster", conf),
+					resource.TestCheckResourceAttr(
+						"ibm_container_vpc_cluster.cluster", "name", name),
+					resource.TestCheckResourceAttr(
+						"ibm_container_vpc_cluster.cluster", "worker_count", "1"),
+				),
+			},
+			{
+				ResourceName:      "ibm_container_vpc_cluster.cluster",
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{
+					"wait_till", "update_all_workers", "kms_config", "force_delete_storage", "wait_for_worker_update"},
+			},
+		},
+	})
+}
+
+// You need to set up env vars:
+// export IBM_CLUSTER_VPC_ID
+// export IBM_CLUSTER_VPC_SUBNET_ID
+// export IBM_CLUSTER_VPC_RESOURCE_GROUP_ID
+// export IBM_KMS_INSTANCE_ID
+// export IBM_CRK_ID
+// for acc.IksClusterVpcID, acc.IksClusterResourceGroupID, acc.IksClusterSubnetID, acc.KmsInstanceID, acc.CrkID
+func testAccCheckIBMContainerVpcClusterEnvvar(name string) string {
+	config := fmt.Sprintf(`
+	resource "ibm_container_vpc_cluster" "cluster" {
+		name              = "%[1]s"
+		vpc_id            = "%[2]s"
+		flavor            = "bx2.4x16"
+		worker_count      = 1
+		resource_group_id = "%[3]s"
+		zones {
+			subnet_id = "%[4]s"
+			name      = "us-south-1"
+		}
+		kms_instance_id = "%[5]s"
+		crk = "%[6]s"
+	}
+	`, name, acc.IksClusterVpcID, acc.IksClusterResourceGroupID, acc.IksClusterSubnetID, acc.KmsInstanceID, acc.CrkID)
+	fmt.Println(config)
+	return config
+}
diff --git a/ibm/service/kubernetes/resource_ibm_container_vpc_worker_pool.go b/ibm/service/kubernetes/resource_ibm_container_vpc_worker_pool.go
@@ -151,6 +151,20 @@ func ResourceIBMContainerVpcWorkerPool() *schema.Resource {
 				Computed:    true,
 				Description: "Resource Controller URL",
 			},
+			"kms_instance_id": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				DiffSuppressFunc: flex.ApplyOnce,
+				Description:      "Instance ID for boot volume encryption",
+				RequiredWith:     []string{"crk"},
+			},
+			"crk": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				DiffSuppressFunc: flex.ApplyOnce,
+				Description:      "Root Key ID for boot volume encryption",
+				RequiredWith:     []string{"kms_instance_id"},
+			},
 		},
 	}
 }
@@ -194,13 +208,6 @@ func resourceIBMContainerVpcWorkerPoolCreate(d *schema.ResourceData, meta interf
 
 	}
 
-	// for _, e := range d.Get("zones").(*schema.Set).List() {
-	// 	value := e.(map[string]interface{})
-	// 	id := value["id"].(string)
-	// 	subnetid := value["subnet_id"].(string)
-
-	// }
-
 	workerPoolConfig := v2.WorkerPoolConfig{
 		Name:        d.Get("worker_pool_name").(string),
 		VpcID:       d.Get("vpc_id").(string),
@@ -209,6 +216,15 @@ func resourceIBMContainerVpcWorkerPoolCreate(d *schema.ResourceData, meta interf
 		Zones:       zone,
 	}
 
+	if v, ok := d.GetOk("kms_instance_id"); ok {
+		crk := d.Get("crk").(string)
+		wve := v2.WorkerVolumeEncryption{
+			KmsInstanceID:     v.(string),
+			WorkerVolumeCRKID: crk,
+		}
+		workerPoolConfig.WorkerVolumeEncryption = &wve
+	}
+
 	if l, ok := d.GetOk("labels"); ok {
 		labels := make(map[string]string)
 		for k, v := range l.(map[string]interface{}) {
@@ -463,6 +479,10 @@ func resourceIBMContainerVpcWorkerPoolRead(d *schema.ResourceData, meta interfac
 	if workerPool.Taints != nil {
 		d.Set("taints", flattenWorkerPoolTaints(workerPool))
 	}
+	if workerPool.WorkerVolumeEncryption != nil {
+		d.Set("kms_instance_id", workerPool.WorkerVolumeEncryption.KmsInstanceID)
+		d.Set("crk", workerPool.WorkerVolumeEncryption.WorkerVolumeCRKID)
+	}
 	controller, err := flex.GetBaseController(meta)
 	if err != nil {
 		return err

diff --git a/ibm/service/kubernetes/resource_ibm_container_vpc_worker_pool_test.go b/ibm/service/kubernetes/resource_ibm_container_vpc_worker_pool_test.go
@@ -80,9 +80,12 @@ func testAccCheckIBMVpcContainerWorkerPoolDestroy(s *terraform.State) error {
 		target := v2.ClusterTargetHeader{}
 
 		// Try to find the key
-		_, err = wpClient.WorkerPools().GetWorkerPool(cluster, workerPoolID, target)
+		wp, err := wpClient.WorkerPools().GetWorkerPool(cluster, workerPoolID, target)
 
 		if err == nil {
+			if wp.ActualState == "deleted" && wp.DesiredState == "deleted" {
+				return nil
+			}
 			return fmt.Errorf("Worker pool still exists: %s", rs.Primary.ID)
 		} else if !strings.Contains(err.Error(), "404") {
 			return fmt.Errorf("[ERROR] Error waiting for worker pool (%s) to be destroyed: %s", rs.Primary.ID, err)
@@ -207,3 +210,53 @@ func testAccCheckIBMVpcContainerWorkerPoolUpdate(name string) string {
 	}
 		`, name)
 }
+
+func TestAccIBMContainerVpcClusterWorkerPoolEnvvar(t *testing.T) {
+
+	name := fmt.Sprintf("tf-vpc-worker-%d", acctest.RandIntRange(10, 100))
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { acc.TestAccPreCheck(t) },
+		Providers:    acc.TestAccProviders,
+		CheckDestroy: testAccCheckIBMVpcContainerWorkerPoolDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMVpcContainerWorkerPoolEnvvar(name),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"ibm_container_vpc_worker_pool.test_pool", "flavor", "bx2.4x16"),
+					resource.TestCheckResourceAttr(
+						"ibm_container_vpc_worker_pool.test_pool", "zones.#", "1"),
+					resource.TestCheckResourceAttr(
+						"ibm_container_vpc_worker_pool.test_pool", "kms_instance_id", acc.KmsInstanceID),
+					resource.TestCheckResourceAttr(
+						"ibm_container_vpc_worker_pool.test_pool", "crk", acc.CrkID),
+				),
+			},
+			{
+				ResourceName:      "ibm_container_vpc_worker_pool.test_pool",
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{
+					"kms_instance_id", "crk"},
+			},
+		},
+	})
+}
+
+func testAccCheckIBMVpcContainerWorkerPoolEnvvar(name string) string {
+	return fmt.Sprintf(`
+	resource "ibm_container_vpc_worker_pool" "test_pool" {
+	  cluster           = "%[2]s"
+	  worker_pool_name  = "%[1]s"
+	  flavor            = "bx2.4x16"
+	  vpc_id            = "%[3]s"
+	  worker_count      = 1
+	  zones {
+		subnet_id = "%[4]s"
+		name      = "us-south-1"
+	  }
+	  kms_instance_id = "%[5]s"
+	  crk = "%[6]s"
+	}
+		`, name, acc.IksClusterID, acc.IksClusterVpcID, acc.IksClusterSubnetID, acc.KmsInstanceID, acc.CrkID)
+}
diff --git a/website/docs/d/container_worker_pool.html.markdown b/website/docs/d/container_worker_pool.html.markdown
@@ -40,3 +40,5 @@ Review the attribute references that are exported.
 	- `public_vlan` - (String) The ID of the public VLAN.
 	- `worker_count` - (String) Number of workers attached to this zone.
   - `zone` - (String) Zone name.
+- `crk` - Root Key ID for boot volume encryption.
+- `kms_instance_id` - Instance ID for boot volume encryption.