Closed willholley closed 2 years ago
@willholley While provisioning an instance we create a Bluemix-Instance id, which we refer to as guid (unique identifier), and thereby we utilise this guid as instance id for every other resource we provision under that instance. If you check the tf state file, under resource instance you won't find instance_id as an exported attribute.
@harshit777 for consistency with the rest of the provider I'd expect instance_id
to accept the id
attribute (the CRN) of the keyprotect instance. If the instance guid
is required then the instance_id
input variable should be renamed instance_guid
really.
this isn't limited to the ibm_kms_key
- here's an example that took me a while to debug today:
resource "ibm_kms_key" "flow_log_key" {
instance_id = module.cg.context.kp.instance.guid
key_name = local.flow_log_bucket_name
standard_key = false # is a root key
policies {
dual_auth_delete {
enabled = true
}
}
}
// IAM authorization policy and permit flow log collector to access COS service with Writer role
resource "ibm_iam_authorization_policy" "flowlog2cos" {
source_service_name = "is"
source_resource_type = "flow-log-collector"
target_service_name = "cloud-object-storage"
target_resource_instance_id = module.cg.context.cos.instance.guid
roles = ["Writer"]
}
// COS bucket to store the logs in
resource "ibm_cos_bucket" "flow_log" {
bucket_name = local.flow_log_bucket_name
resource_instance_id = module.cg.context.cos.instance.id
region_location = local.ibm_region
storage_class = "smart"
expire_rule {
rule_id = "flow-log-expire"
enable = true
days = 1
}
key_protect = ibm_kms_key.flow_log_key.id
}
So we have:
instance_id = module.cg.context.kp.instance.guid
target_resource_instance_id = module.cg.context.cos.instance.guid
resource_instance_id = module.cg.context.cos.instance.id
(this makes sense, but is different!)Fixed in latest 1.33.0 release.. Closing this issue.. Thanks..
Community Note
Terraform CLI and Terraform IBM Provider Version
Affected Resource(s)
Terraform Configuration Files
Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.
Debug Output
n/a
Panic Output
n/a
Expected Behavior
instance_id
should accept a full Cloud CRN as input. I'd expect the following to work:Actual Behavior
instance_id
only accepts theguid
property of thekp_instance
. As per the example:Steps to Reproduce
terraform apply
Important Factoids
References