search

terraform-ibm-modules / terraform-ibm-observability-da

A deployable architecture solution to deploy Observability instances and agents.
Apache License 2.0
0 stars 1 forks source link

Add delay between creating s2s policy and cos bucket #34

Closed vburckhardt closed 7 months ago

vburckhardt commented 7 months ago

Error: ServiceNotAuthorized: The specified COS Service Instance does not have sufficient permissions to access the resource associated with the KMS key CRN.

is gone on the second attempt. I think this may be due to some delay in the s2s auth to propagate at IAM level. We could add some sleep between creating the s2s auth and the cos instance.

2024/04/12 21:34:16 Terraform apply | module.cos[0].module.buckets.module.buckets["log-archive-cos-bucket"].time_sleep.wait_for_authorization_policy[0]: Still creating... [20s elapsed]
 2024/04/12 21:34:26 Terraform apply | module.cos[0].module.buckets.module.buckets["log-archive-cos-bucket"].time_sleep.wait_for_authorization_policy[0]: Still creating... [30s elapsed]
 2024/04/12 21:34:26 Terraform apply | module.cos[0].module.buckets.module.buckets["log-archive-cos-bucket"].time_sleep.wait_for_authorization_policy[0]: Creation complete after 30s [id=2024-04-12T21:34:26Z]
 2024/04/12 21:34:26 Terraform apply | module.cos[0].module.buckets.module.buckets["log-archive-cos-bucket"].ibm_cos_bucket.cos_bucket[0]: Creating...
 2024/04/12 21:34:30 Terraform apply | module.cos[0].module.buckets.module.buckets["log-archive-cos-bucket"].ibm_cos_bucket.cos_bucket[0]: Creation complete after 4s [id=crn:v1:bluemix:public:cloud-object-storage:global:a/afa3553568b04243b07b3449e95469b0:36334b92-7ae6-46a3-bf83-9f9ff6663fae:bucket:log-archive-cos-bucket-2o3l:meta:rl:us-south:private]
 2024/04/12 21:34:30 Terraform apply | 
 2024/04/12 21:34:30 Terraform apply | Error: ServiceNotAuthorized: The specified COS Service Instance does not have sufficient permissions to access the resource associated with the KMS key CRN.
 2024/04/12 21:34:30 Terraform apply |  status code: 401, request id: e73c6a27-e73f-4caf-aee4-35ac5e2f36d7, host id: 
 2024/04/12 21:34:30 Terraform apply | 
 2024/04/12 21:34:30 Terraform apply |   with module.cos[0].module.buckets.module.buckets["at-events-cos-bucket"].ibm_cos_bucket.cos_bucket[0],
 2024/04/12 21:34:30 Terraform apply |   on .terraform/modules/cos/main.tf line 127, in resource "ibm_cos_bucket" "cos_bucket":
 2024/04/12 21:34:30 Terraform apply |  127: resource "ibm_cos_bucket" "cos_bucket" {
 2024/04/12 21:34:30 Terraform apply | 
 2024/04/12 21:34:30 Terraform apply |

Affected modules

*

Terraform CLI and Terraform provider versions

Terraform output

Debug output

Expected behavior

Actual behavior

Steps to reproduce (including links and screen captures)

  1. Run terraform apply

Anything else

By submitting this issue, you agree to follow our Code of Conduct

ocofaigh commented 7 months ago

@vburckhardt what version did you use? A fix was added for the auth policy issue in https://github.com/terraform-ibm-modules/terraform-ibm-observability-da/releases/tag/v1.1.5

ocofaigh commented 7 months ago

Looks like v1.1.3 was being used. This issue was fixed in v1.1.5 so closing this