search

IBM-Cloud / terraform-provider-ibm

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs
Mozilla Public License 2.0
341 stars 670 forks source link

Key Protect only working in 'us-south' #1065

Closed pauljegouic closed 4 years ago

pauljegouic commented 4 years ago

Terraform Version

➜  ~ terraform -v
Terraform v0.12.19
+ provider.ibm v1.1.0

Affected Resource(s)

Please list the resources as a list, for example:

Terraform Configuration Files

From example documentation, with 'eu-de' region:

provider ibm {
  region                = "eu-de"
}

resource "ibm_resource_instance" "kp_instance" {
  name     = "instance-name"
  service  = "kms"
  plan     = "tiered-pricing"
  location = "eu-de"
}
resource "ibm_kp_key" "test" {
  key_protect_id  = ibm_resource_instance.kp_instance.guid
  key_name     = "key-name"
  standard_key = false
}

Expected Behavior

Key provisionned in related KeyProtect instance

Actual Behavior

Error

Terraform will perform the following actions:

  # ibm_kp_key.test will be created
  + resource "ibm_kp_key" "test" {
      + crn                     = (known after apply)
      + id                      = (known after apply)
      + key_id                  = (known after apply)
      + key_name                = "key-name"
      + key_protect_id          = "aa48b045-e97f-435a-b7a6-dfd54d9fe9a6"
      + payload                 = (known after apply)
      + resource_controller_url = (known after apply)
      + resource_crn            = (known after apply)
      + resource_group_name     = (known after apply)
      + resource_name           = (known after apply)
      + resource_status         = (known after apply)
      + standard_key            = false
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

ibm_kp_key.test: Creating...

Error: Error while creating Root key: kp.Error: correlation_id='f3204e19-4aea-4bf6-9051-5b98ed1b7693', msg='Unauthorized: The user does not have access to the specified resource'

  on test.tf line 13, in resource "ibm_kp_key" "test":
  13: resource "ibm_kp_key" "test" {

Same happens in eu-gb

Steps to Reproduce

With provided tf template

  1. `terraform init
  2. `terraform apply
rbustami commented 4 years ago

The KP client initialized in the terraform provider is using the default url: https://github.com/IBM-Cloud/terraform-provider-ibm/blob/db7d9126e40ae83ef53d249b8100bd576dbbe8d1/ibm/config.go#L476

In the KP go client the the default url is hardcoded to only use us-south: https://github.com/IBM/keyprotect-go-client/blob/5963b2526fe152b142d805b2c43ac2db84a95be9/kp.go#L39

The fix could be a region parameter that can be passed into the key protect resource and the default url can be overwritten

pauljegouic commented 4 years ago

Event data is not working properly, got the same error.

hkantare commented 4 years ago

Can you please try with latest provider releases today https://github.com/IBM-Cloud/terraform-provider-ibm/releases/tag/v1.2.0

provider "ibm"{
region = "eu-de"
}
resource "ibm_kp_key" "test" {
-----
}
pauljegouic commented 4 years ago

Resolved. Thank you.