From 8291ed6cd4d2b8bcfc6541ccc2b98a9b34a1c647 Mon Sep 17 00:00:00 2001
From: Soaib024 <33781996+Soaib024@users.noreply.github.com>
Date: Mon, 10 Jun 2024 15:23:05 +0530
Subject: [PATCH] feat: exposed the ability to skip COS / KMS s2s auth policy
 with new variable `skip_cos_kms_auth_policy`<br>- fixed bug where
 `existing_cos_instance_crn` was not being passed to COS module (#217)

---
 solutions/standard/main.tf      | 2 ++
 solutions/standard/variables.tf | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
index 7c2352a3..4054080a 100644
--- a/solutions/standard/main.tf
+++ b/solutions/standard/main.tf
@@ -85,6 +85,8 @@ module "cos" {
   version                             = "8.3.2"
   create_cos_instance                 = var.existing_cos_instance_crn == null ? true : false
   create_cos_bucket                   = var.existing_cos_bucket_name == null ? true : false
+  existing_cos_instance_id            = var.existing_cos_instance_crn
+  skip_iam_authorization_policy       = var.skip_cos_kms_auth_policy
   add_bucket_name_suffix              = var.add_bucket_name_suffix
   resource_group_id                   = module.resource_group.resource_group_id
   region                              = local.cos_bucket_region
diff --git a/solutions/standard/variables.tf b/solutions/standard/variables.tf
index acca17fe..f3557ab1 100644
--- a/solutions/standard/variables.tf
+++ b/solutions/standard/variables.tf
@@ -176,6 +176,12 @@ variable "skip_en_cos_auth_policy" {
   default     = false
 }
 
+variable "skip_cos_kms_auth_policy" {
+  type        = bool
+  description = "Whether an IAM authorization policy is created for your Cloud Object Storage instance to read the encryption key from the KMS instance. Set to `true` to use an existing policy."
+  default     = false
+}
+
 variable "cos_instance_name" {
   type        = string
   default     = "base-security-services-cos"