COS buckets allow modifying key_protect after creation, but they should not

[kjoconnor]

Terraform Version

Terraform v0.12.29
IBM Cloud Plugin v1.13.1

Affected Resource(s)

• ibm_cos_bucket

Terraform Configuration Files

First:

resource ibm_cos_bucket my_bucket {
  name = "my-bucket"
  ...
}
```hcl
resource ibm_cos_bucket my_bucket {
  name = "my-bucket"
  key_protect = "key-id"
  ...
}

Expected Behavior

When the bucket is first created without key_protect and then later key_protect is added, it should tell you it needs to recreate the bucket. The IBM Cloud console says you can only add key protection when the bucket is created:

More here: https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-encryption#encryption-kp

Actual Behavior

It applies successfully, but in the console no key protection is added, and the terraform state does not actually show the supposed new key_protect attribute.

Steps to Reproduce

1. Use the first hcl above to create the bucket.
2. Modify the hcl to include a valid reference to a KMS key.
3. Plan and apply again - it should work just fine but this isn't actually valid.

[kavya498]

Available in latest 1.22.0

[kavya498]

Closing this issue..
thanks