search

terraform-ibm-modules / terraform-ibm-cos

Configures an IBM Cloud Object Storage instance and bucket
Apache License 2.0
7 stars 23 forks source link

Timing issue with auth policy when creating multiple buckets with buckets submodule #573

Closed ocofaigh closed 2 months ago

ocofaigh commented 3 months ago

When you are using the buckets or fscloud submodule, and you are creating more than 1 bucket with KMS encryption enabled, and have skip_iam_authorization_policy set to false for 1 bucket and set to true for the other, there is a timing issue where 1 bucket config will start to create the KMS auth policy first, while the other will start to create the bucket first, but bucket creation will fail because the auth policy may not yet be created.

We found this issue in https://github.com/terraform-ibm-modules/terraform-ibm-observability-da/issues/8

Ideally we need to find a way where if any bucket config is set to create an auth policy, NO buckets should get created until its created. This logic would have to live in the buckets submodule I guess.

We probably should also fast fail if we detect that multiple buckets have skip_iam_authorization_policy set to false since its going to try and create duplicate policies and fail anyway.

Soaib024 commented 2 months ago

PR merged - hence closing the issue