From 7e7daa723d4d8dafa0db7280c502d78d49bbca49 Mon Sep 17 00:00:00 2001
From: AleksCallebat <aleksander.callebat@gmail.com>
Date: Tue, 15 Oct 2024 11:28:40 +0100
Subject: [PATCH] allow to bring existing VPC as parameters, enable flag as a
 way to disable the hardening

---
 gcp/modules/workspace_deployment/cmek.tf | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/gcp/modules/workspace_deployment/cmek.tf b/gcp/modules/workspace_deployment/cmek.tf
index 065dab0..be40c13 100644
--- a/gcp/modules/workspace_deployment/cmek.tf
+++ b/gcp/modules/workspace_deployment/cmek.tf
@@ -20,16 +20,17 @@ resource "google_kms_crypto_key" "databricks_key" {
 
 
 
-
 # # assign CMEK on Databricks side
 resource "databricks_mws_customer_managed_keys" "this" {
+        
         provider = databricks.accounts
         account_id   = var.databricks_account_id
         gcp_key_info {
-            kms_key_id   = google_kms_crypto_key.databricks_key[0].id 
+            kms_key_id   = var.use_existing_cmek? "projects/${var.google_project}/locations/${var.google_region}/keyRings/${var.keyring_name}/cryptoKeys/${var.key_name}": google_kms_crypto_key.databricks_key[0].id
         }
         use_cases = ["STORAGE","MANAGED","MANAGED_SERVICES"]
         lifecycle {
               ignore_changes = all
         }
-}
\ No newline at end of file
+}
+