Closed Soaib024 closed 3 months ago
/run pipeline
I have resolved the comments but will wait for this PR to be approved so that these can be made consistent.
/run pipeline
/run pipeline
I do not see any updates in PRs similar to this one, so I am requesting a re-review.
The major difference between this and other PRs is that those PRs do not have the 30-second wait time workaround for the auth policy. I am not sure if this is required when it is a cross-account policy.
@ocofaigh @shemau
/run pipeline
Lets make it clear in the
skip_kms_iam_authorization_policy
variable description that if a value is passed foribmcloud_kms_api_key
that the auth policy will be created in the KMS account
This? We have similar in SCC and COS now.
Does this also need a statement about needing that auth policy "before XXX ..."?
"Whether to create an IAM authorization policy that permits the Secrets Manager instance to read the encryption key from the Key Protect or Hyper Protect Crypto Service instance (the KMS). Set to
true
to avoid creating the policy. An authorization policy must exist beforeXXX
can be created. If set tofalse
, specify a value for the KMS instance inexisting_kms_instance_crn
. If a value is specified foribmcloud_kms_api_key
, the policy is created in the KMS account."
Will need to be updated in a few files:
"Set to true to skip the creation of an IAM authorization policy that permits all Secrets Manager instances in the resource group to read the encryption key from the KMS instance. If set to false, pass in a value for the KMS instance in the existing_kms_instance_guid
variable. In addition, no policy is created if kms_encryption_enabled
is set to false."
"Set to true to skip the creation of an IAM authorization policy that permits all Secrets Manager instances in the resource group to read the encryption key. If set to false, pass in a value for the Key Protect or Hyper Protect Crypto Service instance in the existing_kms_instance_crn variable."
/run pipeline
I'll wait for Conall's review and then review the "final" descriptions.
/run pipeline
:tada: This PR is included in version 1.15.0 :tada:
The release is available on:
v1.15.0
Your semantic-release bot :package::rocket:
Description
https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager/issues/138
Release required?
x.x.X
)x.X.x
)X.x.x
)Release notes content
support for cross account s2s policy creation
Run the pipeline
If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.
Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:
Checklist for reviewers
For mergers