Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error reading CryptoKeyVersion - provider defined wrong type vs GCP API response #13924

Closed
boxanhngo opened this issue Mar 7, 2023 · 13 comments · Fixed by GoogleCloudPlatform/magic-modules#9582, #17486, hashicorp/terraform-provider-google-beta#7045 or GoogleCloudPlatform/terraform-google-conversion#2013
Closed

Error reading CryptoKeyVersion - provider defined wrong type vs GCP API response #13924

boxanhngo opened this issue Mar 7, 2023 · 13 comments · Fixed by GoogleCloudPlatform/magic-modules#9582, #17486, hashicorp/terraform-provider-google-beta#7045 or GoogleCloudPlatform/terraform-google-conversion#2013
Labels
bug forward/linked service/cloudkms

Comments

@boxanhngo
Copy link

boxanhngo commented Mar 7, 2023
edited by melinath
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform v1.2.7
on linux_amd64

Affected Resource(s)

  • google_kms_crypto_key_version

Terraform Configuration Files

resource "google_kms_crypto_key_version" "key_version" {
  count      = length(var.keys)
  crypto_key = google_kms_crypto_key.key[count.index].id
}

Debug Output

2023-03-06T20:46:57.932-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/06 20:46:57 [DEBUG] Retry Transport: Stopping retries, last request was successful: timestamp=2023-03-06T20:46:57.932-0800
2023-03-06T20:46:57.932-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/06 20:46:57 [DEBUG] Retry Transport: Returning after 1 attempts: timestamp=2023-03-06T20:46:57.932-0800
2023-03-06T20:46:57.932-0800 [WARN]  Provider "registry.terraform.io/hashicorp/google" produced an unexpected new value for google_kms_crypto_key.key[1] during refresh.
      - .labels: was null, but now cty.MapValEmpty(cty.String)
2023-03-06T20:46:57.935-0800 [WARN]  Provider "registry.terraform.io/hashicorp/google" produced an invalid plan for google_kms_crypto_key.key[1], but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .skip_initial_version_creation: planned value cty.False for a non-computed attribute
      - .labels: planned value cty.MapValEmpty(cty.String) for a non-computed attribute
2023-03-06T20:46:57.937-0800 [INFO]  ReferenceTransformer: reference not found: "var.keys"
2023-03-06T20:46:57.937-0800 [INFO]  ReferenceTransformer: reference not found: "google_kms_crypto_key.key"
2023-03-06T20:46:57.937-0800 [INFO]  ReferenceTransformer: reference not found: "count.index"
2023-03-06T20:46:57.937-0800 [DEBUG] ReferenceTransformer: "google_kms_crypto_key_version.key_version[0]" references: []
2023-03-06T20:46:57.937-0800 [INFO]  ReferenceTransformer: reference not found: "var.keys"
2023-03-06T20:46:57.937-0800 [INFO]  ReferenceTransformer: reference not found: "google_kms_crypto_key.key"
2023-03-06T20:46:57.937-0800 [INFO]  ReferenceTransformer: reference not found: "count.index"
2023-03-06T20:46:57.937-0800 [DEBUG] ReferenceTransformer: "google_kms_crypto_key_version.key_version[1]" references: []
2023-03-06T20:46:57.939-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/06 20:46:57 [DEBUG] Waiting for state to become: [success]: timestamp=2023-03-06T20:46:57.939-0800
2023-03-06T20:46:57.939-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/06 20:46:57 [DEBUG] Waiting for state to become: [success]: timestamp=2023-03-06T20:46:57.939-0800
2023-03-06T20:46:57.939-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/06 20:46:57 [DEBUG] Retry Transport: starting RoundTrip retry loop: timestamp=2023-03-06T20:46:57.939-0800
2023-03-06T20:46:57.939-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/06 20:46:57 [DEBUG] Retry Transport: starting RoundTrip retry loop: timestamp=2023-03-06T20:46:57.939-0800
2023-03-06T20:46:57.939-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/06 20:46:57 [DEBUG] Retry Transport: request attempt 0: timestamp=2023-03-06T20:46:57.939-0800
2023-03-06T20:46:57.939-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/06 20:46:57 [DEBUG] Retry Transport: request attempt 0: timestamp=2023-03-06T20:46:57.939-0800
2023-03-06T20:46:57.939-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/06 20:46:57 [DEBUG] Google API Request Details:
---[ REQUEST ]---------------------------------------
GET /v1/projects/ABC/locations/us/keyRings/ABC/cryptoKeys/ABC-CMEK/cryptoKeyVersions/2?alt=json HTTP/1.1
Host: cloudkms.googleapis.com
User-Agent: Terraform/1.2.7 (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google/4.56.0 IAC-Atlantis/IAC/ABC-iac-something/126 blueprints/terraform/terraform-google-kms/v2.1.0
Content-Type: application/json
Accept-Encoding: gzip
-----------------------------------------------------: timestamp=2023-03-06T20:46:57.939-0800
2023-03-06T20:46:57.939-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/06 20:46:57 [DEBUG] Google API Request Details:
---[ REQUEST ]---------------------------------------
GET /v1/projects/ABC/locations/us/keyRings/ABC/cryptoKeys/ABC-cmek/cryptoKeyVersions/2?alt=json HTTP/1.1
Host: cloudkms.googleapis.com
User-Agent: Terraform/1.2.7 (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google/4.56.0 IAC-Atlantis/IAC/ABC-iac-something/126 blueprints/terraform/terraform-google-kms/v2.1.0
Content-Type: application/json
Accept-Encoding: gzip


-----------------------------------------------------: timestamp=2023-03-06T20:46:57.939-0800
2023-03-06T20:46:58.011-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/06 20:46:58 [DEBUG] Google API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Cache-Control: private
Content-Type: application/json; charset=UTF-8
Date: Tue, 07 Mar 2023 04:46:58 GMT
Server: ESF
Vary: Origin
Vary: X-Origin
Vary: Referer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
  "name": "projects/ABC/locations/us/keyRings/ABC/cryptoKeys/ABC-CMEK/cryptoKeyVersions/2",
  "state": "ENABLED",
  "createTime": "2023-03-06T23:51:04.333908334Z",
  "protectionLevel": "HSM",
  "attestation": {
    "format": "CAVIUM_V2_COMPRESSED",
    "content": "redacted"
    "certChains": {
      "caviumCerts": [
        "-----BEGIN CERTIFICATE-----redacted --END CERTIFICATE------\n",
"-----BEGIN CERTIFICATE-----\n--edacted --END CERTIFICATE -----\n"
 ],
      "googlePartitionCerts": [
"-----BEGIN CERTIFICATE-----\n redacted --END CERTIFICATE ----\n"
      ]
    }
  },
  "algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
  "generateTime": "2023-03-06T23:51:04.333908334Z"
}

-----------------------------------------------------: timestamp=2023-03-06T20:46:58.011-0800
2023-03-06T20:46:58.011-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/06 20:46:58 [DEBUG] Retry Transport: Stopping retries, last request was successful: timestamp=2023-03-06T20:46:58.011-0800
2023-03-06T20:46:58.011-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/06 20:46:58 [DEBUG] Retry Transport: Returning after 1 attempts: timestamp=2023-03-06T20:46:58.011-0800
2023-03-06T20:46:58.011-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/06 20:46:58 [ERROR] setting state: attestation.0.cert_chains.0.cavium_certs: '' expected type 'string', got unconvertible type '[]interface {}', value: '[-----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
]': timestamp=2023-03-06T20:46:58.011-0800
2023-03-06T20:46:58.012-0800 [ERROR] provider.terraform-provider-google_v4.56.0_x5: Response contains error diagnostic: tf_rpc=ReadResource diagnostic_detail= diagnostic_severity=ERROR diagnostic_summary="Error reading CryptoKeyVersion: attestation.0.cert_chains.0.cavium_certs: '' expected type 'string', got unconvertible type '[]interface {}', value: '[-----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
]'" tf_provider_addr=provider tf_req_id=06a093b3-ccca-abab-c4ae-6f3223e526b3 tf_resource_type=google_kms_crypto_key_version @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:55 @module=sdk.proto tf_proto_version=5.3 timestamp=2023-03-06T20:46:58.011-0800
2023-03-06T20:46:58.012-0800 [ERROR] vertex "google_kms_crypto_key_version.key_version[1]" error: Error reading CryptoKeyVersion: attestation.0.cert_chains.0.cavium_certs: '' expected type 'string', got unconvertible type '[]interface {}', value: '[-----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
]'

Panic Output

Error: Error reading CryptoKeyVersion: attestation.0.cert_chains.0.google_partition_certs: '' expected type 'string', got unconvertible type '[]interface {}'

Expected Behavior

https://github.com/hashicorp/terraform-provider-google/blob/v4.56.0/google/resource_kms_crypto_key_version.go#L79

Schema: map[string]*schema.Schema{
		"cavium_certs": {
		       Type:        schema.TypeString,

Actual Behavior

"certChains": {
      "caviumCerts": [
        "-----BEGIN CERTIFICATE-----\n<redacted>\n-----END CERTIFICATE-----\n",

Steps to Reproduce

  1. terraform plan

Important Factoids

References

  • #0000

b/299683525
@boxanhngo boxanhngo added the bug label Mar 7, 2023
@edwardmedia edwardmedia self-assigned this Mar 7, 2023
@edwardmedia
Copy link
Contributor

@boxanhngo can you share your config and the debug log?

@boxanhngo
Copy link
Author

@edwardmedia Can you take a look ? We shared tf config and debug log.

@hao-nan-li hao-nan-li self-assigned this Mar 7, 2023
@hao-nan-li
Copy link
Collaborator

In the log it looks like the referenced crypto_key is not found.
2023-03-06T20:46:57.937-0800 [INFO] ReferenceTransformer: reference not found: "var.keys" 2023-03-06T20:46:57.937-0800 [INFO] ReferenceTransformer: reference not found: "google_kms_crypto_key.key"

To which crypto_keys are the versions applying to?

@boxanhngo
Copy link
Author

In the log it looks like the referenced crypto_key is not found. 2023-03-06T20:46:57.937-0800 [INFO] ReferenceTransformer: reference not found: "var.keys" 2023-03-06T20:46:57.937-0800 [INFO] ReferenceTransformer: reference not found: "google_kms_crypto_key.key"

To which crypto_keys are the versions applying to?

yes. We have a list of keys basically and then we apply crypto keys version against. google_kms_crypto_key.key[count.index].id

@hao-nan-li
Copy link
Collaborator

The error above shows that the referenced crypto_key is not found, and before that the count variable seems not referenced to var.keys.

I'd probably try to solve these before moving forward to investigate in crypto_key_versions

@boxanhngo
Copy link
Author

@hao-nan-li We reproduced the same issue w/o references issue . Log is updated as below. PTAL ?

2023-03-07T14:12:51.837-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/07 14:12:51 [DEBUG] Retry Transport: Stopping retries, last request was successful: timestamp=2023-03-07T14:12:51.837-0800
2023-03-07T14:12:51.837-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/07 14:12:51 [DEBUG] Retry Transport: Returning after 1 attempts: timestamp=2023-03-07T14:12:51.837-0800
2023-03-07T14:12:51.840-0800 [WARN]  Provider "registry.terraform.io/hashicorp/google" produced an invalid plan for google_kms_crypto_key.key, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .labels: planned value cty.MapValEmpty(cty.String) for a non-computed attribute
      - .skip_initial_version_creation: planned value cty.False for a non-computed attribute
      - .rotation_period: planned value cty.StringVal("") for a non-computed attribute
2023-03-07T14:12:51.841-0800 [DEBUG] ReferenceTransformer: "google_kms_crypto_key_version.key_version" references: []
2023-03-07T14:12:51.843-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/07 14:12:51 [DEBUG] Waiting for state to become: [success]: timestamp=2023-03-07T14:12:51.843-0800
2023-03-07T14:12:51.843-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/07 14:12:51 [DEBUG] Retry Transport: starting RoundTrip retry loop: timestamp=2023-03-07T14:12:51.843-0800
2023-03-07T14:12:51.843-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/07 14:12:51 [DEBUG] Retry Transport: request attempt 0: timestamp=2023-03-07T14:12:51.843-0800
2023-03-07T14:12:51.843-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/07 14:12:51 [DEBUG] Google API Request Details:
---[ REQUEST ]---------------------------------------
GET /v1/projects/ABC/locations/us/keyRings/ABC/cryptoKeys/ABC-cmek/cryptoKeyVersions/3?alt=json HTTP/1.1
Host: cloudkms.googleapis.com
User-Agent: Terraform/1.2.7 (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google/4.56.0 IAC-Atlantis/IAC/ABC-iac-something/126 blueprints/terraform/terraform-google-kms/v2.1.0
Content-Type: application/json
Accept-Encoding: gzip
-----------------------------------------------------: timestamp=2023-03-07T14:12:51.843-0800
2023-03-07T14:12:52.043-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/07 14:12:52 [DEBUG] Google API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Cache-Control: private
Content-Type: application/json; charset=UTF-8
Date: Tue, 07 Mar 2023 22:12:52 GMT
Server: ESF
Vary: Origin
Vary: X-Origin
Vary: Referer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
  "name": "projects/ABC/locations/us/keyRings/ABC/cryptoKeys/ABC-cmek/cryptoKeyVersions/3",
  "state": "ENABLED",
  "createTime": "2023-03-07T22:01:13.131861605Z",
  "protectionLevel": "HSM",
  "attestation": {
    "format": "CAVIUM_V2_COMPRESSED",
    "content": "redact",
    "certChains": {
      "caviumCerts": [
        "-----BEGIN CERTIFICATE-----\ redacted",
"-----BEGIN CERTIFICATE-----redacted\n
      ],
      "googleCardCerts": [
"-----BEGIN CERTIFICATE-----\ redacted\n
      ],
      "googlePartitionCerts": [
"-----BEGIN CERTIFICATE-----\n  redacted\n
   ]
    }
  },
  "algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
  "generateTime": "2023-03-07T22:01:13.131861605Z"
}

-----------------------------------------------------: timestamp=2023-03-07T14:12:52.042-0800
2023-03-07T14:12:52.043-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/07 14:12:52 [DEBUG] Retry Transport: Stopping retries, last request was successful: timestamp=2023-03-07T14:12:52.042-0800
2023-03-07T14:12:52.043-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/07 14:12:52 [DEBUG] Retry Transport: Returning after 1 attempts: timestamp=2023-03-07T14:12:52.042-0800
2023-03-07T14:12:52.043-0800 [INFO]  provider.terraform-provider-google_v4.56.0_x5: 2023/03/07 14:12:52 [ERROR] setting state: attestation.0.cert_chains.0.cavium_certs: '' expected type 'string', got unconvertible type '[]interface {}', value: '[-----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
]': timestamp=2023-03-07T14:12:52.043-0800
2023-03-07T14:12:52.043-0800 [ERROR] provider.terraform-provider-google_v4.56.0_x5: Response contains error diagnostic: @module=sdk.proto tf_req_id=d6b8a6dd-a5c3-b20c-f291-328ced0f2820 tf_rpc=ReadResource @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:55 diagnostic_detail= diagnostic_severity=ERROR diagnostic_summary="Error reading CryptoKeyVersion: attestation.0.cert_chains.0.cavium_certs: '' expected type 'string', got unconvertible type '[]interface {}', value: '[-----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
]'" tf_proto_version=5.3 tf_provider_addr=provider tf_resource_type=google_kms_crypto_key_version timestamp=2023-03-07T14:12:52.043-0800
2023-03-07T14:12:52.043-0800 [ERROR] vertex "google_kms_crypto_key_version.key_version" error: Error reading CryptoKeyVersion: attestation.0.cert_chains.0.cavium_certs: '' expected type 'string', got unconvertible type '[]interface {}', value: '[-----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
]'
2023-03-07T14:12:52.043-0800 [ERROR] vertex "google_kms_crypto_key_version.key_version" error: Error reading CryptoKeyVersion: attestation.0.cert_chains.0.cavium_certs: '' expected type 'string', got unconvertible type '[]interface {}', value: '[-----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
]'
2023-03-07T14:12:52.043-0800 [ERROR] vertex "google_kms_crypto_key_version.key_version (expand)" error: Error reading CryptoKeyVersion: attestation.0.cert_chains.0.cavium_certs: '' expected type 'string', got unconvertible type '[]interface {}', value: '[-----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
]'

@hao-nan-li
Copy link
Collaborator

hao-nan-li commented Mar 8, 2023
edited
Loading

Sure I will take a look into it. Could you send me the TF config where caviumCerts is defined?

@edwardmedia edwardmedia removed their assignment Mar 16, 2023
@hao-nan-li
Copy link
Collaborator

Any update?

@cscherban
Copy link

I've actually recieved a rather similar error to do with imports (on version 4.63.0 of the provider.

terraform import google_kms_crypto_key_version.default project/abc/locations/us/keyRings/ring-name/cryptoKeys/key-name/cryptoKeyVersions/1

Leads to

Error: Error reading CryptoKeyVersion: attestation.0.cert_chains.0.google_card_certs: '' expected type 'string', got unconvertible type '[]interface {}', value: '[-----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
]'

Seems like these could be related

@daniel1302
Copy link

I am getting the same issue



➜  windows_sign_apps git:(add-experimental-data-node) ✗ terraform import google_kms_crypto_key_version.digicert_ev_signing_key_ecc_256_v1 "projects/<my-project>/locations/europe-west2/keyRings/windows-sign-apps/cryptoKeys/digicert-ev-signing-key-ecc-256/cryptoKeyVersions/1"
google_kms_crypto_key_version.digicert_ev_signing_key_ecc_256_v1: Importing from ID "projects/<my-project>/locations/europe-west2/keyRings/windows-sign-apps/cryptoKeys/digicert-ev-signing-key-ecc-256/cryptoKeyVersions/1"...
google_kms_crypto_key_version.digicert_ev_signing_key_ecc_256_v1: Import prepared!
  Prepared google_kms_crypto_key_version for import
google_kms_crypto_key_version.digicert_ev_signing_key_ecc_256_v1: Refreshing state... [id=projects/<my-project>/locations/europe-west2/keyRings/windows-sign-apps/cryptoKeys/digicert-ev-signing-key-ecc-256/cryptoKeyVersions/1]
╷
│ Error: Error reading CryptoKeyVersion: attestation.0.cert_chains.0.cavium_certs: '' expected type 'string', got unconvertible type '[]interface {}', value: '[-----BEGIN CERTIFICATE-----

This is my config:

resource "google_kms_key_ring" "windows_sign_apps" {
  name     = "windows-sign-apps"
  location = "europe-west2"
}

resource "google_kms_crypto_key" "digicert_ev_signing_key_ecc_256" {
  name            = "digicert-ev-signing-key-ecc-256"
  key_ring        = google_kms_key_ring.windows_sign_apps.id

  purpose = "ASYMMETRIC_SIGN"
  destroy_scheduled_duration = "86400s"

  timeouts {}

  version_template {
    algorithm        = "EC_SIGN_P256_SHA256"
    protection_level = "HSM"
  }

  lifecycle {
    prevent_destroy = true
  }
}

// This version has been used to generate the Digicert EV Key. DO NOT DESTROY!!!!
resource "google_kms_crypto_key_version" "digicert_ev_signing_key_ecc_256_v1" {
  crypto_key = google_kms_crypto_key.digicert_ev_signing_key_ecc_256.id

  lifecycle {
    prevent_destroy = true

  }
}

image
image

@github-actions github-actions bot added service/cloudkms forward/review In review; remove label to forward labels Aug 17, 2023
@melinath melinath added forward/linked and removed forward/review In review; remove label to forward labels Sep 7, 2023
@gnarea
Copy link

gnarea commented Sep 20, 2023

I'm getting this error with HSM keys only. Software ones are OK.

gnarea added a commit to relaycorp/terraform-google-awala-endpoint that referenced this issue Sep 20, 2023
@gnarea
fix: Implement workaround to make HSM keys work
237125b 
We can't explicitly create key versions with Google KMS due to hashicorp/terraform-provider-google#13924, so this change lets the `google_kms_crypto_key` resource create an initial key and then we import it.
@gnarea gnarea mentioned this issue Sep 20, 2023
Merged
kodiakhq bot pushed a commit to relaycorp/terraform-google-awala-endpoint that referenced this issue Sep 20, 2023
@gnarea
fix: Implement workaround to make HSM keys work (#21)
a60c6e8 
We can't explicitly create key versions with Google KMS due to hashicorp/terraform-provider-google#13924, so this change lets the `google_kms_crypto_key` resource create an initial key and then we import it.
@gnarea
Copy link

gnarea commented Sep 20, 2023

A workaround is to let the crypto key resource create the initial key version, and then import it. See how I've done it here: relaycorp/terraform-google-awala-endpoint#21

@Zarux Zarux mentioned this issue Dec 5, 2023
Merged
This was referenced Mar 4, 2024
Merged
Merged
Merged
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 4, 2024

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 4, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug forward/linked service/cloudkms
Projects
None yet
Milestone
No milestone
7 participants
@melinath @gnarea @daniel1302 @cscherban @edwardmedia @boxanhngo @hao-nan-li