When you are using the buckets or fscloud submodule, and you are creating more than 1 bucket with KMS encryption enabled, and have skip_iam_authorization_policy set to false for 1 bucket and set to true for the other, there is a timing issue where 1 bucket config will start to create the KMS auth policy first, while the other will start to create the bucket first, but bucket creation will fail because the auth policy may not yet be created.
Ideally we need to find a way where if any bucket config is set to create an auth policy, NO buckets should get created until its created. This logic would have to live in the buckets submodule I guess.
We probably should also fast fail if we detect that multiple buckets have skip_iam_authorization_policy set to false since its going to try and create duplicate policies and fail anyway.
When you are using the buckets or fscloud submodule, and you are creating more than 1 bucket with KMS encryption enabled, and have
skip_iam_authorization_policy
set to false for 1 bucket and set to true for the other, there is a timing issue where 1 bucket config will start to create the KMS auth policy first, while the other will start to create the bucket first, but bucket creation will fail because the auth policy may not yet be created.We found this issue in https://github.com/terraform-ibm-modules/terraform-ibm-observability-da/issues/8
Ideally we need to find a way where if any bucket config is set to create an auth policy, NO buckets should get created until its created. This logic would have to live in the buckets submodule I guess.
We probably should also fast fail if we detect that multiple buckets have
skip_iam_authorization_policy
set to false since its going to try and create duplicate policies and fail anyway.