KMS instance being deleted before deleting KMS keys - Githubissues

terraform-ibm-modules / terraform-ibm-kms-all-inclusive

Supports creating a Key Protect instance, KMS Key Rings and Keys.

Apache License 2.0

0 stars 1 forks source link

KMS instance being deleted before deleting KMS keys #469

Closed tyao117 closed 3 months ago

tyao117 commented 4 months ago

The keys are being deleted before the instance is being deleted:

logs from the schematics run:

 2024/04/30 17:27:08 [34mStarting command: terraform1.5 destroy -state=terraform.tfstate -var-file=schematics.tfvars -auto-approve -no-color[39m[0m
 2024/04/30 17:27:08 Starting command: terraform1.5 destroy -state=terraform.tfstate -var-file=schematics.tfvars -auto-approve -no-color
 2024/04/30 17:27:21 Terraform destroy | module.resource_group.ibm_resource_group.resource_group[0]: Refreshing state... [id=bd6abdd1802d49e6b31c8d9960ee37cc]
 2024/04/30 17:27:22 Terraform destroy | module.kms.module.key_protect[0].ibm_resource_instance.key_protect_instance: Refreshing state... [id=crn:v1:bluemix:public:kms:us-south:a/37cb83958369439db2ef3d6156f82b9d:225a321c-37b3-4ef3-9204-acbd30361d50::]
 2024/04/30 17:27:23 Terraform destroy | module.kms.module.key_protect[0].ibm_kms_instance_policies.key_protect_instance_policies: Refreshing state... [id=crn:v1:bluemix:public:kms:us-south:a/37cb83958369439db2ef3d6156f82b9d:225a321c-37b3-4ef3-9204-acbd30361d50::]
 2024/04/30 17:27:27 Terraform destroy | 
 2024/04/30 17:27:27 Terraform destroy | Terraform used the selected providers to generate the following execution
 2024/04/30 17:27:27 Terraform destroy | plan. Resource actions are indicated with the following symbols:
 2024/04/30 17:27:27 Terraform destroy |   - destroy
 2024/04/30 17:27:27 Terraform destroy | 
 2024/04/30 17:27:27 Terraform destroy | Terraform will perform the following actions:
 2024/04/30 17:27:27 Terraform destroy | 
 2024/04/30 17:27:27 Terraform destroy |   # module.resource_group.ibm_resource_group.resource_group[0] will be destroyed
 2024/04/30 17:27:27 Terraform destroy |   - resource "ibm_resource_group" "resource_group" {
 2024/04/30 17:27:27 Terraform destroy |       - created_at        = "2024-04-25T21:05:18.556Z" -> null
 2024/04/30 17:27:27 Terraform destroy |       - crn               = "crn:v1:bluemix:public:resource-controller::a/37cb83958369439db2ef3d6156f82b9d::resource-group:bd6abdd1802d49e6b31c8d9960ee37cc" -> null
 2024/04/30 17:27:27 Terraform destroy |       - default           = false -> null
 2024/04/30 17:27:27 Terraform destroy |       - id                = "bd6abdd1802d49e6b31c8d9960ee37cc" -> null
 2024/04/30 17:27:27 Terraform destroy |       - name              = "core-security-services" -> null
 2024/04/30 17:27:27 Terraform destroy |       - quota_id          = "a3d7b8d01e261c24677937c29ab33f3c" -> null
 2024/04/30 17:27:27 Terraform destroy |       - quota_url         = "/v2/quota_definitions/a3d7b8d01e261c24677937c29ab33f3c" -> null
 2024/04/30 17:27:27 Terraform destroy |       - resource_linkages = [] -> null
 2024/04/30 17:27:27 Terraform destroy |       - state             = "ACTIVE" -> null
 2024/04/30 17:27:27 Terraform destroy |       - updated_at        = "2024-04-25T21:05:18.556Z" -> null
 2024/04/30 17:27:27 Terraform destroy |     }
 2024/04/30 17:27:27 Terraform destroy | 
 2024/04/30 17:27:27 Terraform destroy |   # module.kms.module.key_protect[0].ibm_kms_instance_policies.key_protect_instance_policies will be destroyed
 2024/04/30 17:27:27 Terraform destroy |   - resource "ibm_kms_instance_policies" "key_protect_instance_policies" {
 2024/04/30 17:27:27 Terraform destroy |       - endpoint_type = "private" -> null
 2024/04/30 17:27:27 Terraform destroy |       - id            = "crn:v1:bluemix:public:kms:us-south:a/37cb83958369439db2ef3d6156f82b9d:225a321c-37b3-4ef3-9204-acbd30361d50::" -> null
 2024/04/30 17:27:27 Terraform destroy |       - instance_id   = "225a321c-37b3-4ef3-9204-acbd30361d50" -> null
 2024/04/30 17:27:27 Terraform destroy |     }
 2024/04/30 17:27:27 Terraform destroy | 
 2024/04/30 17:27:27 Terraform destroy |   # module.kms.module.key_protect[0].ibm_resource_instance.key_protect_instance will be destroyed
 2024/04/30 17:27:27 Terraform destroy |   - resource "ibm_resource_instance" "key_protect_instance" {
 2024/04/30 17:27:27 Terraform destroy |       - account_id              = "37cb83958369439db2ef3d6156f82b9d" -> null
 2024/04/30 17:27:27 Terraform destroy |       - allow_cleanup           = false -> null
 2024/04/30 17:27:27 Terraform destroy |       - created_at              = "2024-04-25T21:05:21.254Z" -> null
 2024/04/30 17:27:27 Terraform destroy |       - created_by              = "IBMid-550003PATQ" -> null
 2024/04/30 17:27:27 Terraform destroy |       - crn                     = "crn:v1:bluemix:public:kms:us-south:a/37cb83958369439db2ef3d6156f82b9d:225a321c-37b3-4ef3-9204-acbd30361d50::" -> null
 2024/04/30 17:27:27 Terraform destroy |       - dashboard_url           = "/keyprotect/crn%!A(MISSING)v1%!A(MISSING)bluemix%!A(MISSING)public%!A(MISSING)kms%!A(MISSING)us-south%!A(MISSING)a%!F(MISSING)37cb83958369439db2ef3d6156f82b9d%!A(MISSING)225a321c-37b3-4ef3-9204-acbd30361d50%!A(MISSING)%!A(MISSING)" -> null
 2024/04/30 17:27:27 Terraform destroy |       - extensions              = {
 2024/04/30 17:27:27 Terraform destroy |           - "endpoints.private" = "https://private.us-south.kms.cloud.ibm.com"
 2024/04/30 17:27:27 Terraform destroy |           - "endpoints.public"  = "https://us-south.kms.cloud.ibm.com"
 2024/04/30 17:27:27 Terraform destroy |         } -> null
 2024/04/30 17:27:27 Terraform destroy |       - guid                    = "225a321c-37b3-4ef3-9204-acbd30361d50" -> null
 2024/04/30 17:27:27 Terraform destroy |       - id                      = "crn:v1:bluemix:public:kms:us-south:a/37cb83958369439db2ef3d6156f82b9d:225a321c-37b3-4ef3-9204-acbd30361d50::" -> null
 2024/04/30 17:27:27 Terraform destroy |       - last_operation          = {
 2024/04/30 17:27:27 Terraform destroy |           - "async"       = "false"
 2024/04/30 17:27:27 Terraform destroy |           - "cancelable"  = "false"
 2024/04/30 17:27:27 Terraform destroy |           - "description" = "Completed create instance operation"
 2024/04/30 17:27:27 Terraform destroy |           - "poll"        = "false"
 2024/04/30 17:27:27 Terraform destroy |           - "state"       = "succeeded"
 2024/04/30 17:27:27 Terraform destroy |           - "type"        = "create"
 2024/04/30 17:27:27 Terraform destroy |         } -> null
 2024/04/30 17:27:27 Terraform destroy |       - location                = "us-south" -> null
 2024/04/30 17:27:27 Terraform destroy |       - locked                  = false -> null
 2024/04/30 17:27:27 Terraform destroy |       - name                    = "base-security-services-kms" -> null
 2024/04/30 17:27:27 Terraform destroy |       - parameters              = {
 2024/04/30 17:27:27 Terraform destroy |           - "allowed_network" = "private-only"
 2024/04/30 17:27:27 Terraform destroy |         } -> null
 2024/04/30 17:27:27 Terraform destroy |       - plan                    = "tiered-pricing" -> null
 2024/04/30 17:27:27 Terraform destroy |       - plan_history            = [
 2024/04/30 17:27:27 Terraform destroy |           - {
 2024/04/30 17:27:27 Terraform destroy |               - resource_plan_id = "eedd3585-90c6-4c8f-be3d-062069e99fc3"
 2024/04/30 17:27:27 Terraform destroy |               - start_date       = "2024-04-25T21:05:21.254Z"
 2024/04/30 17:27:27 Terraform destroy |             },
 2024/04/30 17:27:27 Terraform destroy |         ] -> null
 2024/04/30 17:27:27 Terraform destroy |       - resource_aliases_url    = "/v2/resource_instances/225a321c-37b3-4ef3-9204-acbd30361d50/resource_aliases" -> null
 2024/04/30 17:27:27 Terraform destroy |       - resource_bindings_url   = "/v2/resource_instances/225a321c-37b3-4ef3-9204-acbd30361d50/resource_bindings" -> null
 2024/04/30 17:27:27 Terraform destroy |       - resource_controller_url = "https://cloud.ibm.com/services/" -> null
 2024/04/30 17:27:27 Terraform destroy |       - resource_crn            = "crn:v1:bluemix:public:kms:us-south:a/37cb83958369439db2ef3d6156f82b9d:225a321c-37b3-4ef3-9204-acbd30361d50::" -> null
 2024/04/30 17:27:27 Terraform destroy |       - resource_group_crn      = "crn:v1:bluemix:public:resource-controller::a/37cb83958369439db2ef3d6156f82b9d::resource-group:bd6abdd1802d49e6b31c8d9960ee37cc" -> null
 2024/04/30 17:27:27 Terraform destroy |       - resource_group_id       = "bd6abdd1802d49e6b31c8d9960ee37cc" -> null
 2024/04/30 17:27:27 Terraform destroy |       - resource_group_name     = "crn:v1:bluemix:public:resource-controller::a/37cb83958369439db2ef3d6156f82b9d::resource-group:bd6abdd1802d49e6b31c8d9960ee37cc" -> null
 2024/04/30 17:27:27 Terraform destroy |       - resource_id             = "ee41347f-b18e-4ca6-bf80-b5467c63f9a6" -> null
 2024/04/30 17:27:27 Terraform destroy |       - resource_keys_url       = "/v2/resource_instances/225a321c-37b3-4ef3-9204-acbd30361d50/resource_keys" -> null
 2024/04/30 17:27:27 Terraform destroy |       - resource_name           = "base-security-services-kms" -> null
 2024/04/30 17:27:27 Terraform destroy |       - resource_plan_id        = "eedd3585-90c6-4c8f-be3d-062069e99fc3" -> null
 2024/04/30 17:27:27 Terraform destroy |       - resource_status         = "active" -> null
 2024/04/30 17:27:27 Terraform destroy |       - service                 = "kms" -> null
 2024/04/30 17:27:27 Terraform destroy |       - state                   = "active" -> null
 2024/04/30 17:27:27 Terraform destroy |       - status                  = "active" -> null
 2024/04/30 17:27:27 Terraform destroy |       - sub_type                = "kms" -> null
 2024/04/30 17:27:27 Terraform destroy |       - tags                    = [
 2024/04/30 17:27:27 Terraform destroy |           - "schematics:us-south.workspace.projects-service.01e91bd3",
 2024/04/30 17:27:27 Terraform destroy |         ] -> null
 2024/04/30 17:27:27 Terraform destroy |       - target_crn              = "crn:v1:bluemix:public:globalcatalog::::deployment:eedd3585-90c6-4c8f-be3d-062069e99fc3%!A(MISSING)us-south" -> null
 2024/04/30 17:27:27 Terraform destroy |       - type                    = "service_instance" -> null
 2024/04/30 17:27:27 Terraform destroy |       - update_at               = "2024-04-25T21:05:21.643Z" -> null
 2024/04/30 17:27:27 Terraform destroy |     }
 2024/04/30 17:27:27 Terraform destroy | 
 2024/04/30 17:27:27 Terraform destroy | Plan: 0 to add, 0 to change, 3 to destroy.
 2024/04/30 17:27:27 Terraform destroy | 
 2024/04/30 17:27:27 Terraform destroy | Changes to Outputs:
 2024/04/30 17:27:27 Terraform destroy |   - key_protect_crn               = "crn:v1:bluemix:public:kms:us-south:a/37cb83958369439db2ef3d6156f82b9d:225a321c-37b3-4ef3-9204-acbd30361d50::" -> null
 2024/04/30 17:27:27 Terraform destroy |   - key_protect_id                = "crn:v1:bluemix:public:kms:us-south:a/37cb83958369439db2ef3d6156f82b9d:225a321c-37b3-4ef3-9204-acbd30361d50::" -> null
 2024/04/30 17:27:27 Terraform destroy |   - key_protect_instance_policies = {
 2024/04/30 17:27:27 Terraform destroy |       - dual_auth_delete         = [
 2024/04/30 17:27:27 Terraform destroy |           - {
 2024/04/30 17:27:27 Terraform destroy |               - created_by    = null
 2024/04/30 17:27:27 Terraform destroy |               - creation_date = null
 2024/04/30 17:27:27 Terraform destroy |               - enabled       = false
 2024/04/30 17:27:27 Terraform destroy |               - last_updated  = null
 2024/04/30 17:27:27 Terraform destroy |               - updated_by    = null
 2024/04/30 17:27:27 Terraform destroy |             },
 2024/04/30 17:27:27 Terraform destroy |         ]
 2024/04/30 17:27:27 Terraform destroy |       - id                       = "crn:v1:bluemix:public:kms:us-south:a/37cb83958369439db2ef3d6156f82b9d:225a321c-37b3-4ef3-9204-acbd30361d50::"
 2024/04/30 17:27:27 Terraform destroy |       - instance_id              = "225a321c-37b3-4ef3-9204-acbd30361d50"
 2024/04/30 17:27:27 Terraform destroy |       - key_create_import_access = [
 2024/04/30 17:27:27 Terraform destroy |           - {
 2024/04/30 17:27:27 Terraform destroy |               - create_root_key     = true
 2024/04/30 17:27:27 Terraform destroy |               - create_standard_key = true
 2024/04/30 17:27:27 Terraform destroy |               - created_by          = null
 2024/04/30 17:27:27 Terraform destroy |               - creation_date       = null
 2024/04/30 17:27:27 Terraform destroy |               - enabled             = false
 2024/04/30 17:27:27 Terraform destroy |               - enforce_token       = false
 2024/04/30 17:27:27 Terraform destroy |               - import_root_key     = true
 2024/04/30 17:27:27 Terraform destroy |               - import_standard_key = true
 2024/04/30 17:27:27 Terraform destroy |               - last_updated        = null
 2024/04/30 17:27:27 Terraform destroy |               - updated_by          = null
 2024/04/30 17:27:27 Terraform destroy |             },
 2024/04/30 17:27:27 Terraform destroy |         ]
 2024/04/30 17:27:27 Terraform destroy |       - metrics                  = [
 2024/04/30 17:27:27 Terraform destroy |           - {
 2024/04/30 17:27:27 Terraform destroy |               - created_by    = null
 2024/04/30 17:27:27 Terraform destroy |               - creation_date = null
 2024/04/30 17:27:27 Terraform destroy |               - enabled       = true
 2024/04/30 17:27:27 Terraform destroy |               - last_updated  = null
 2024/04/30 17:27:27 Terraform destroy |               - updated_by    = null
 2024/04/30 17:27:27 Terraform destroy |             },
 2024/04/30 17:27:27 Terraform destroy |         ]
 2024/04/30 17:27:27 Terraform destroy |       - rotation                 = [
 2024/04/30 17:27:27 Terraform destroy |           - {
 2024/04/30 17:27:27 Terraform destroy |               - created_by     = null
 2024/04/30 17:27:27 Terraform destroy |               - creation_date  = null
 2024/04/30 17:27:27 Terraform destroy |               - enabled        = true
 2024/04/30 17:27:27 Terraform destroy |               - interval_month = 3
 2024/04/30 17:27:27 Terraform destroy |               - last_updated   = null
 2024/04/30 17:27:27 Terraform destroy |               - updated_by     = null
 2024/04/30 17:27:27 Terraform destroy |             },
 2024/04/30 17:27:27 Terraform destroy |         ]
 2024/04/30 17:27:27 Terraform destroy |     } -> null
 2024/04/30 17:27:27 Terraform destroy |   - key_protect_name              = "base-security-services-kms" -> null
 2024/04/30 17:27:27 Terraform destroy |   - key_rings                     = {} -> null
 2024/04/30 17:27:27 Terraform destroy |   - keys                          = {} -> null
 2024/04/30 17:27:27 Terraform destroy |   - kms_guid                      = "225a321c-37b3-4ef3-9204-acbd30361d50" -> null
 2024/04/30 17:27:27 Terraform destroy |   - kp_private_endpoint           = "https://private.us-south.kms.cloud.ibm.com" -> null
 2024/04/30 17:27:27 Terraform destroy |   - kp_public_endpoint            = "https://us-south.kms.cloud.ibm.com" -> null
 2024/04/30 17:27:27 Terraform destroy |   - resource_group_id             = "bd6abdd1802d49e6b31c8d9960ee37cc" -> null
 2024/04/30 17:27:27 Terraform destroy |   - resource_group_name           = "core-security-services" -> null
----------------------
 2024/04/30 17:27:31 Terraform destroy | module.kms.module.key_protect[0].ibm_kms_instance_policies.key_protect_instance_policies: Destroying... [id=crn:v1:bluemix:public:kms:us-south:a/37cb83958369439db2ef3d6156f82b9d:225a321c-37b3-4ef3-9204-acbd30361d50::]
 2024/04/30 17:27:31 Terraform destroy | module.kms.module.key_protect[0].ibm_kms_instance_policies.key_protect_instance_policies: Destruction complete after 0s
 2024/04/30 17:27:31 Terraform destroy | module.kms.module.key_protect[0].ibm_resource_instance.key_protect_instance: Destroying... [id=crn:v1:bluemix:public:kms:us-south:a/37cb83958369439db2ef3d6156f82b9d:225a321c-37b3-4ef3-9204-acbd30361d50::]
 2024/04/30 17:27:32 Terraform destroy | 
 2024/04/30 17:27:32 Terraform destroy | Error: [ERROR] Error deleting resource instance: Please contact the Service Provider for this error. [409, Conflict] CONTAINS_ACTIVE_KEYS: Remove all keys before de-provisioning: Instance contains 4 active keys with resp code: {
 2024/04/30 17:27:32 Terraform destroy |     "StatusCode": 422,
 2024/04/30 17:27:32 Terraform destroy |     "Headers": {
 2024/04/30 17:27:32 Terraform destroy |         "Cache-Control": [
 2024/04/30 17:27:32 Terraform destroy |             "max-age=0, no-cache, no-store"
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "Content-Length": [
 2024/04/30 17:27:32 Terraform destroy |             "649"
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "Content-Type": [
 2024/04/30 17:27:32 Terraform destroy |             "application/json; charset=utf-8"
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "Date": [
 2024/04/30 17:27:32 Terraform destroy |             "Tue, 30 Apr 2024 17:27:32 GMT"
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "Expires": [
 2024/04/30 17:27:32 Terraform destroy |             "Tue, 30 Apr 2024 17:27:32 GMT"
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "Pragma": [
 2024/04/30 17:27:32 Terraform destroy |             "no-cache"
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "Request-Id": [
 2024/04/30 17:27:32 Terraform destroy |             "bss-c3289fab336d39db"
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "Retry-After": [
 2024/04/30 17:27:32 Terraform destroy |             "0"
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "Server": [
 2024/04/30 17:27:32 Terraform destroy |             "istio-envoy"
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "Strict-Transport-Security": [
 2024/04/30 17:27:32 Terraform destroy |             "max-age=31536000;includeSubDomains"
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "Transaction-Id": [
 2024/04/30 17:27:32 Terraform destroy |             "bss-bc223e693444d810"
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "X-Content-Type-Options": [
 2024/04/30 17:27:32 Terraform destroy |             "nosniff"
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "X-Correlation-Id": [
 2024/04/30 17:27:32 Terraform destroy |             "bss-bc223e693444d810"
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "X-Envoy-Upstream-Service-Time": [
 2024/04/30 17:27:32 Terraform destroy |             "332"
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "X-Op-Completion-Time": [
 2024/04/30 17:27:32 Terraform destroy |             ""
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "X-Ratelimit-Limit": [
 2024/04/30 17:27:32 Terraform destroy |             "100"
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "X-Ratelimit-Remaining": [
 2024/04/30 17:27:32 Terraform destroy |             "99"
 2024/04/30 17:27:32 Terraform destroy |         ],
 2024/04/30 17:27:32 Terraform destroy |         "X-Ratelimit-Reset": [
 2024/04/30 17:27:32 Terraform destroy |             "0"
 2024/04/30 17:27:32 Terraform destroy |         ]
 2024/04/30 17:27:32 Terraform destroy |     },
 2024/04/30 17:27:32 Terraform destroy |     "Result": {
 2024/04/30 17:27:32 Terraform destroy |         "details": "{\"status_code\":409,\"name\":\"ConflictError\",\"message\":{\"message\":\"CONTAINS_ACTIVE_KEYS: Remove all keys before de-provisioning: Instance contains 4 active keys\",\"name\":\"ConflictError\",\"status_code\":409,\"transaction_id\":\"\"},\"description\":\"CONTAINS_ACTIVE_KEYS: Remove all keys before de-provisioning: Instance contains 4 active keys\"}",
 2024/04/30 17:27:32 Terraform destroy |         "error_code": "RC-ServiceBrokerErrorResponse",
 2024/04/30 17:27:32 Terraform destroy |         "message": "Please contact the Service Provider for this error. [409, Conflict] CONTAINS_ACTIVE_KEYS: Remove all keys before de-provisioning: Instance contains 4 active keys",
 2024/04/30 17:27:32 Terraform destroy |         "status_code": 422,
 2024/04/30 17:27:32 Terraform destroy |         "transaction_id": "bss-bc223e693444d810"
 2024/04/30 17:27:32 Terraform destroy |     },
 2024/04/30 17:27:32 Terraform destroy |     "RawResult": null
 2024/04/30 17:27:32 Terraform destroy | }
 2024/04/30 17:27:32 Terraform destroy | 
 2024/04/30 17:27:32 Terraform destroy | 
 2024/04/30 17:27:32 [1m[31mTerraform DESTROY error: Terraform DESTROY errorexit status 1[39m[0m
 2024/04/30 17:27:32 [1m[31mCould not execute job: Error : Terraform DESTROY errorexit status 1[39m[0m

logs from the KMS team:

    Apr 30 17:27:34 kube-dal12-cr7267d9dafe6440b9874b0090652acea5-w26 kms_at.log Key Protect: delete secret base-security-services-kms
    Apr 30 17:27:45 kube-dal12-cr7267d9dafe6440b9874b0090652acea5-w26 kms_at.log Key Protect: delete secret base-security-services-kms
    Apr 30 17:29:23 kube-dal10-crb1c781bd91bc45208d015398edf0124c-w26 kms_at.log Key Protect: delete secret base-security-services-kms
    Apr 30 17:33:29 kube-dal10-crb1c781bd91bc45208d015398edf0124c-w25 kms_at.log Key Protect: delete secret base-security-services-kms

Affected modules

module "key_protect"
module "kms_key_rings"

Terraform CLI and Terraform provider versions

Terraform version:
Provider version:

Terraform output

Debug output

Expected behavior

Actual behavior

Steps to reproduce (including links and screen captures)

Run terraform apply

Anything else

By submitting this issue, you agree to follow our Code of Conduct

ocofaigh commented 4 months ago

@tyao117 Did you create the keys using the DA (with the keys input variable), or did you create the keys in the other DAs (like SM, SCC etc) and then try to delete the KMS DA before the other DAs?

ocofaigh commented 3 months ago

For GA we document for user to retry (TODO: create doc issue)

ocofaigh commented 3 months ago

Doc issue: https://github.com/terraform-ibm-modules/stack-ibm-core-security-services/issues/23