Invalid KeyRing id format

Question

Invalid KeyRing id format

zxpower opened this issue 4 years ago · comments

Reinholds Zviedris commented 4 years ago

Overview

When creating KMS keyring binding, I got following error message:

Invalid KeyRing id format, expecting `{projectId}/{locationId}/{keyRingName}` or `{locationId}/{keyRingName}.`

Code used when I got the error below:

module "gha_service_account" {
  source  = "terraform-google-modules/service-accounts/google"
  version = "3.0.1"

  project_id = var.project
  prefix     = "gha"
  names      = ["master-sa"]

  project_roles = [
  ]

  display_name  = "Github Actions SA"
  description   = "Service Account used for Github Actions"
  generate_keys = true
}

module "kms_key_ring-iam-bindings" {
  source  = "terraform-google-modules/iam/google//modules/kms_key_rings_iam"
  version = "6.4.1"
  kms_key_rings = [
    "master-keyring",
  ]
  
  mode = "authoritative"

  bindings = {
    "roles/cloudkms.cryptoKeyDecrypter" = [
      "serviceAccount:${module.gha_service_account.email}",
    ]
  }
}

Solved this by just adding global/ before master-keyring as it was created as global resource.

Morgante Pell · Answer 1 · Wed Feb 10 2021 01:24:29 GMT+0800 (China Standard Time)

Since this is solved, I'm not sure we need to do anything to fix in this module.

Reinholds Zviedris · Answer 2 · Wed Feb 10 2021 04:10:30 GMT+0800 (China Standard Time)

I suggest to at least update README for the module because by default you don't set the zone for keyrings because they're mostly global, but there could be times when you create region specific keyring.

Morgante Pell · Answer 3 · Wed Feb 10 2021 04:18:40 GMT+0800 (China Standard Time)

Got it, yes we could update the README. I'm happy to review a PR.