Data Volume is encrypted with Provider managed, expecting Customer managed

[dprosper]

Terraform Version

Terraform v0.12.28

• provider.ibm v1.8.1
• provider.null v2.1.2
• provider.template v2.1.2

Affected Resource(s)

Please list the resources as a list, for example:

• ibm_is_volumes

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

Template is here: https://github.com/dprosper/byok_gen1_gen2

Debug Output

no errors

### Panic Output
If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the `crash.log`.

### Expected Behavior
The Data Volume is created with Provider managed encryption, but expectation is Customer managed. 

### Actual Behavior
What actually happened?

### Steps to Reproduce

1. `terraform apply`

### Important Factoids
The same script in VPC Gen 1 results in errors, please see https://github.com/IBM-Cloud/terraform-provider-ibm/issues/1666

[movinglightspeed]

I am experiencing the same issue. I have VPC gen 2

Terraform Version

terraform version
Terraform v0.12.29

• provider.ibm v1.9.0

Affected Resource(s)

Please list the resources as a list, for example:

• ibm_is_volume

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

values changed for security

resource "ibm_is_volume" "testacc_volume" {
  name     = "terraformblockstoragestanley"
  profile  = "custom"
  zone     = "us-south-1"
  iops     = 1000
  capacity = 200
  encryption_key = "crn:v1:bluemix:public:kms:us-south:a/3525256cs25dhr24918114686c21bf0d12:4ff0eb85-be44-4907-acf0-dd3cac1910e9:key:aff4247d-3a75-4217-4g7e-7ljb246e3215"
  resource_group = "10108b3a757845378c0876ca79861f57"
}

Debug Output

terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:

• create

Terraform will perform the following actions:

ibm_is_volume.testacc_volume will be created

• resource "ibm_is_volume" "testacc_volume" {
  • capacity = 200
  • crn = (known after apply)
  • encryption_key = "crn:v1:bluemix:public:kms:us-south:a/3525256cs25dhr24918114686c21bf0d12:4ff0eb85-be44-4907-acf0-dd3cac1910e9:key:aff4247d-3a75-4217-4g7e-7ljb246e3215"
  • id = (known after apply)
  • iops = 1000
  • name = "terraformblockstoragestanley"
  • profile = "custom"
  • resource_controller_url = (known after apply)
  • resource_crn = (known after apply)
  • resource_group = "10108b3a757845378c0876ca79861f57"
  • resource_group_name = (known after apply)
  • resource_name = (known after apply)
  • resource_status = (known after apply)
  • status = (known after apply)
  • tags = (known after apply)
  • zone = "us-south-1"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: "function_namespace": [DEPRECATED] This field will be deprecated soon

Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.

Enter a value: yes

ibm_is_volume.testacc_volume: Creating...
ibm_is_volume.testacc_volume: Still creating... [10s elapsed]
ibm_is_volume.testacc_volume: Creation complete after 16s [id=r006-6f37a0d1-a088-42bf-998a-390079147f37]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Panic Output

If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the crash.log.

Expected Behavior

Block storage volume should have been created in VPC gen 2 with BYOK root key from key protect instance.

Actual Behavior

A block storage instance was provisioned with Provider managed key

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply

Important Factoids

Are there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? Custom version of OpenStack? Tight ACLs?

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

• Data Volume is encrypted with Provider managed, expecting Customer managed #1673
  Data Volume is encrypted with Provider managed, expecting Customer managed #1673

[movinglightspeed]

This is more of a bug rather than a feature request. The feature exists in terraform for ibm_is_volume but terraform ignores the CRN of the root key and uses IBM provided key.

@hkantare

[hkantare]

Yes the feature we supported is for Gen1 ....But for Gen2 this feature is rolled out sometime back..
We are waiting for the SDK to update the BYOK feature for Gen2
https://github.com/IBM/vpc-go-sdk/

Once we have the SDK rolled out with this feature we will support for Gen2 also

[hkantare]

For gen2 the support is available in latest releases