Skip to content

Commit 14d1457

Browse files
andreainnocentiandreainnocenti
authored
fix: Storage delegation does not work when KMS is private (#98)
1 parent 1b805c5 commit 14d1457

File tree

1 file changed

+20
-11
lines changed

1 file changed

+20
-11
lines changed

storage_delegation/main.tf

Lines changed: 20 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -7,21 +7,30 @@ resource "ibm_iam_authorization_policy" "cos_s2s_keyprotect" {
77
roles = ["Reader"]
88
}
99

10+
data "ibm_resource_instance" "kms_instance" {
11+
provider = ibm.deployer
12+
count = var.cos_kms_crn == null || var.cos_kms_crn == "" ? 0 : 1
13+
identifier = var.cos_kms_crn
14+
}
15+
1016
resource "ibm_kms_key" "kms_key" {
11-
provider = ibm.deployer
12-
count = var.cos_kms_key_crn == null || var.cos_kms_key_crn == "" ? 1 : 0
13-
instance_id = var.cos_kms_crn
14-
key_name = var.cos_kms_new_key_name
15-
standard_key = false
16-
force_delete = true
17-
key_ring_id = var.cos_kms_ring_id == null || var.cos_kms_ring_id == "" ? "default" : var.cos_kms_ring_id
17+
provider = ibm.deployer
18+
depends_on = [data.ibm_resource_instance.kms_instance]
19+
count = var.cos_kms_key_crn == null || var.cos_kms_key_crn == "" ? 1 : 0
20+
instance_id = var.cos_kms_crn
21+
key_name = var.cos_kms_new_key_name
22+
standard_key = false
23+
force_delete = true
24+
endpoint_type = try(jsondecode(data.ibm_resource_instance.kms_instance[0].parameters_json).allowed_network, "{}") == "private-only" ? "private" : "public"
25+
key_ring_id = var.cos_kms_ring_id == null || var.cos_kms_ring_id == "" ? "default" : var.cos_kms_ring_id
1826
}
1927

2028
data "ibm_kms_key" "kms_key" {
21-
provider = ibm.deployer
22-
depends_on = [resource.ibm_kms_key.kms_key]
23-
instance_id = var.cos_kms_crn
24-
key_id = var.cos_kms_key_crn == null || var.cos_kms_key_crn == "" ? resource.ibm_kms_key.kms_key[0].key_id : split(":", var.cos_kms_key_crn)[9]
29+
provider = ibm.deployer
30+
depends_on = [resource.ibm_kms_key.kms_key, data.ibm_resource_instance.kms_instance]
31+
endpoint_type = try(jsondecode(data.ibm_resource_instance.kms_instance[0].parameters_json).allowed_network, "{}") == "private-only" ? "private" : "public"
32+
instance_id = var.cos_kms_crn
33+
key_id = var.cos_kms_key_crn == null || var.cos_kms_key_crn == "" ? resource.ibm_kms_key.kms_key[0].key_id : split(":", var.cos_kms_key_crn)[9]
2534
}
2635

2736
resource "restapi_object" "storage_delegation" {

0 commit comments

Comments
 (0)