From f08cc39101cfc3f182f9e43d47ef668d04058162 Mon Sep 17 00:00:00 2001
From: Aashiq-J <122446118+Aashiq-J@users.noreply.github.com>
Date: Thu, 10 Aug 2023 15:34:30 +0530
Subject: [PATCH] fix: updated the auth policy creation so it does not get
 scoped to a source resource group due to a known issue which can cause VSI
 creation to fail (#499)

---
 main.tf              |  7 ++++---
 module-metadata.json | 13 ++++---------
 2 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/main.tf b/main.tf
index 82b90224..914b29cc 100644
--- a/main.tf
+++ b/main.tf
@@ -81,9 +81,10 @@ locals {
 ##############################################################################
 
 resource "ibm_iam_authorization_policy" "block_storage_policy" {
-  count                       = var.kms_encryption_enabled == false || var.skip_iam_authorization_policy ? 0 : 1
-  source_service_name         = "server-protect"
-  source_resource_group_id    = var.resource_group_id
+  count               = var.kms_encryption_enabled == false || var.skip_iam_authorization_policy ? 0 : 1
+  source_service_name = "server-protect"
+  # commented the following as policy is not working as expected with this option. Related support case - https://cloud.ibm.com/unifiedsupport/cases?number=CS3514707
+  # source_resource_group_id  = var.resource_group_id
   target_service_name         = "hs-crypto"
   target_resource_instance_id = var.existing_kms_instance_guid
   roles                       = ["Reader"]
diff --git a/module-metadata.json b/module-metadata.json
index b92e8488..8a2994bd 100644
--- a/module-metadata.json
+++ b/module-metadata.json
@@ -167,7 +167,6 @@
       "description": "id of resource group to create VPC",
       "required": true,
       "source": [
-        "ibm_iam_authorization_policy.block_storage_policy.source_resource_group_id",
         "ibm_is_instance.vsi.resource_group",
         "ibm_is_lb.lb.resource_group",
         "ibm_is_security_group.security_group.resource_group"
@@ -178,10 +177,7 @@
       },
       "cloud_data_type": "resource_group",
       "immutable": true,
-      "computed": true,
-      "cloud_data_range": [
-        "resolved_to:id"
-      ]
+      "computed": true
     },
     "secondary_allow_ip_spoofing": {
       "name": "secondary_allow_ip_spoofing",
@@ -436,7 +432,6 @@
       "name": "block_storage_policy",
       "attributes": {
         "count": "kms_encryption_enabled",
-        "source_resource_group_id": "resource_group_id",
         "target_resource_instance_id": "existing_kms_instance_guid"
       },
       "provider": {
@@ -461,7 +456,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 160
+        "line": 161
       }
     },
     "ibm_is_floating_ip.vsi_fip": {
@@ -478,7 +473,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 152
+        "line": 153
       }
     },
     "ibm_is_instance.vsi": {
@@ -501,7 +496,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 93
+        "line": 94
       }
     },
     "ibm_is_lb.lb": {