KMS errors with latest Terraform and google provider

Question

KMS errors with latest Terraform and google provider

ggprod opened this issue 3 years ago · 1 comments

ggprod commented 3 years ago

TL;DR

Attempting to instantiate the module fails with some KMS sub-module errors

Expected behavior

Module should create

Observed behavior

 Error: Unsupported attribute
│ 
│   on .terraform/modules/bootstrap.kms/main.tf line 30, in resource "google_kms_crypto_key" "key":
│   30:   key_ring        = google_kms_key_ring.key_ring.self_link
│ 
│ This object has no argument, nested block, or exported attribute named "self_link".
╵
╷
│ Error: Unsupported attribute
│ 
│   on .terraform/modules/bootstrap.kms/main.tf line 48, in resource "google_kms_crypto_key" "key_ephemeral":
│   48:   key_ring        = google_kms_key_ring.key_ring.self_link
│ 
│ This object has no argument, nested block, or exported attribute named "self_link".
╵
╷
│ Error: Unsupported attribute
│ 
│   on .terraform/modules/bootstrap.kms/outputs.tf line 19, in output "keyring":
│   19:   value       = google_kms_key_ring.key_ring.self_link
│ 
│ This object has no argument, nested block, or exported attribute named "self_link".

Terraform Configuration

resource "google_folder" "shared" {
  display_name = "test-shared"
  parent       = "organizations/1044767058109"
}

module "bootstrap" {
  source  = "terraform-google-modules/bootstrap/google"
  version = "~> 4.1"

  org_id               = "1044767058109"
  folder_id            = google_folder.shared.id
  project_id           = "test-seed"
  billing_account      = var.billing_account_id
  state_bucket_name    = "test-tfstate"
  
  group_org_admins     = "org-admins@test.com"
  group_billing_admins = "billing-admins@test.com"
  org_project_creators = ["group:project-creators@test.com"]
  default_region       = "us-central1"

  project_prefix                 = "test"

  sa_org_iam_permissions = var.sa_org_iam_permissions
}

variable "billing_account_id" { default = "014E71-7F3292-02B490" }
variable "sa_org_iam_permissions" { default = [
  "roles/accesscontextmanager.policyAdmin",
    "roles/billing.user",
    "roles/compute.networkAdmin",
    "roles/compute.xpnAdmin",
    "roles/iam.securityAdmin",
    "roles/iam.serviceAccountAdmin",
    "roles/logging.configWriter",
    "roles/orgpolicy.policyAdmin",
    "roles/resourcemanager.projectCreator",
    "roles/resourcemanager.folderAdmin",
    "roles/resourcemanager.organizationViewer"
]}

Terraform Version

Terraform v1.1.0
on darwin_amd64
+ provider registry.terraform.io/hashicorp/google v4.3.0
+ provider registry.terraform.io/hashicorp/google-beta v4.3.0
+ provider registry.terraform.io/hashicorp/null v3.1.0
+ provider registry.terraform.io/hashicorp/random v3.1.0
+ provider registry.terraform.io/hashicorp/time v0.7.2

Additional information

No response

Answer 1 · 2021-12-13T05:39:54.000Z

This module hasn't yet been updated to support the v4 providers. You can track #133 for that.

For now, you should pin to v3.x of the google providers.