terraform-google-iam icon indicating copy to clipboard operation
terraform-google-iam copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

Invalid KeyRing id format

Open zxpower opened this issue 4 years ago • 3 comments

Overview

When creating KMS keyring binding, I got following error message:

Invalid KeyRing id format, expecting `{projectId}/{locationId}/{keyRingName}` or `{locationId}/{keyRingName}.`

Code used when I got the error below:

module "gha_service_account" {
  source  = "terraform-google-modules/service-accounts/google"
  version = "3.0.1"

  project_id = var.project
  prefix     = "gha"
  names      = ["master-sa"]

  project_roles = [
  ]

  display_name  = "Github Actions SA"
  description   = "Service Account used for Github Actions"
  generate_keys = true
}

module "kms_key_ring-iam-bindings" {
  source  = "terraform-google-modules/iam/google//modules/kms_key_rings_iam"
  version = "6.4.1"
  kms_key_rings = [
    "master-keyring",
  ]
  
  mode = "authoritative"

  bindings = {
    "roles/cloudkms.cryptoKeyDecrypter" = [
      "serviceAccount:${module.gha_service_account.email}",
    ]
  }
}

Solved this by just adding global/ before master-keyring as it was created as global resource.

zxpower avatar Feb 09 '21 16:02 zxpower

Since this is solved, I'm not sure we need to do anything to fix in this module.

morgante avatar Feb 09 '21 17:02 morgante

I suggest to at least update README for the module because by default you don't set the zone for keyrings because they're mostly global, but there could be times when you create region specific keyring.

zxpower avatar Feb 09 '21 20:02 zxpower

Got it, yes we could update the README. I'm happy to review a PR.

morgante avatar Feb 09 '21 20:02 morgante