search

IBM-Cloud / terraform-provider-ibm

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs
Mozilla Public License 2.0
339 stars 664 forks source link

Postgresql with keyprotect failing with authorisation error #2771

Closed VidyasagarMSC closed 3 years ago

VidyasagarMSC commented 3 years ago

I am using kms with Postgresql and the DB creation is failing with the below error. It worked fine in the morning today.

Error: Error creating database instance: [400, Bad Request] We were unable to complete your request: Key not found. Databases for PostgreSQL may not be authorized to access the KMS instance selected for disk encryption. <a href='https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect#granting-service-authorization' target='_blank'>View our documentation</a> for more information. Try again with valid values or contact support if the issue persists. {
│     "StatusCode": 400,
│     "Headers": {
│         "Cache-Control": [
│             "max-age=0, no-cache, no-store"
│         ],
│         "Content-Length": [
│             "1063"
│         ],
│         "Content-Type": [
│             "application/json; charset=utf-8"
│         ],
│         "Date": [
│             "Tue, 22 Jun 2021 14:23:45 GMT"
│         ],
│         "Expires": [
│             "Tue, 22 Jun 2021 14:23:45 GMT"
│         ],
│         "Pragma": [
│             "no-cache"
│         ],
│         "Request-Id": [
│             "8af83a84-fd14-4d2a-ba6c-836de4bd61f8"
│         ],
│         "Retry-After": [
│             "0"
│         ],
│         "Server": [
│             "istio-envoy"
│         ],
│         "Set-Cookie": [
│             "ak_bmsc=127452EBAB6BD2EB8FDD8B95061DB061~000000000000000000000000000000~YAAQOUs5F74Obe95AQAAAwobNAxLMmFZ6oEZ6TgfiwnmN6J49pIzpuv008xwG4ZCmX4enLuYr7Xp1yG1vMDt6K28T8kSFKWCRzb6v4MCZqn3wGBWCGN6+Vhp3QiCtc/I1+cwmm9354KJS6EwvP4WaRQvM0uBZfcFOkABnGNN+tskxn0T0ZAQboo/RUQm/i4SG1+zCBPaKm2NpzL518uhrZ5RE2Mktve99lcHurKj10CphdywHGNm8U+sL3xGEbfRktt9GQ5SOE07Qw+80YkzyIZeOYvHh7kKovWlMA+CgVk4C6LDSsUydMikSSVu2SvRnoFBPE3RgytaMekT52W6lQd6I1Mbj08CXIsCbB9uQZGwKPtWT9vHX1wWT7Ehhez4i8MOCkfmUJeG3yv3qjY=; Domain=.cloud.ibm.com; Path=/; Expires=Tue, 22 Jun 2021 16:23:40 GMT; Max-Age=7195; HttpOnly"
│         ],
│         "Strict-Transport-Security": [
│             "max-age=31536000;includeSubDomains"
│         ],
│         "Transaction-Id": [
│             "bss-91ef2e8a4992b6e3"
│         ],
│         "X-Content-Type-Options": [
│             "nosniff"
│         ],
│         "X-Envoy-Upstream-Service-Time": [
│             "4388"
│         ],
│         "X-Global-K8fdic-Transaction-Id": [
│             "8af83a84-fd14-4d2a-ba6c-836de4bd61f8"
│         ],
│         "X-Global-Transaction-Id": [
│             "bss-91ef2e8a4992b6e3"
│         ],
│         "X-Ratelimit-Limit": [
│             "120"
│         ],
│         "X-Ratelimit-Remaining": [
│             "118"
│         ],
│         "X-Ratelimit-Reset": [
│             "0"
│         ],
│         "X-Request-Id": [
│             "8af83a84-fd14-4d2a-ba6c-836de4bd61f8"
│         ],
│         "X-Transaction-Id": [
│             "bss-91ef2e8a4992b6e3"
│         ]
│     },
│     "Result": {
│         "details": "{\"error\":\"KMSError\",\"description\":\"We were unable to complete your request: Key not found. Databases for PostgreSQL may not be authorized to access the KMS instance selected for disk encryption. \\u003ca href='https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect#granting-service-authorization' target='_blank'\\u003eView our documentation\\u003c/a\\u003e for more information. Try again with valid values or contact support if the issue persists.\"}",
│         "error_code": "RC-ServiceBrokerErrorResponse",
│         "message": "[400, Bad Request] We were unable to complete your request: Key not found. Databases for PostgreSQL may not be authorized to access the KMS instance selected for disk encryption. \u003ca href='https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect#granting-service-authorization' target='_blank'\u003eView our documentation\u003c/a\u003e for more information. Try again with valid values or contact support if the issue persists.",
│         "status_code": 400,
│         "transaction_id": "bss-91ef2e8a4992b6e3"
│     },
│     "RawResult": null
│ }
│
│
│   with module.create_services[0].ibm_database.postgresql,
│   on modules/create_services/main.tf line 105, in resource "ibm_database" "postgresql":
│  105: resource "ibm_database" "postgresql" {
kavya498 commented 3 years ago

@VidyasagarMSC , Do you have Service Authorisation between ICD and KP?

VidyasagarMSC commented 3 years ago

@kavya498 Yes. There’s an authorisation between ICD and KMS.

kavya498 commented 3 years ago

Can we get template?

kavya498 commented 3 years ago

Closing this issue as it has been inactive for more than 30 days..This helps maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!