From ee8090a992d2bcff3214bf5b47e85e7bfe322ea3 Mon Sep 17 00:00:00 2001 From: Hayden Johansen Date: Thu, 10 Jul 2025 16:19:51 -0500 Subject: [PATCH 1/2] fix error when importing keys --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 84c72b9..8b2e0b4 100644 --- a/main.tf +++ b/main.tf @@ -15,7 +15,7 @@ */ locals { - keys_by_name = zipmap(var.keys, var.prevent_destroy ? slice(google_kms_crypto_key.key[*].id, 0, length(var.keys)) : slice(google_kms_crypto_key.key_ephemeral[*].id, 0, length(var.keys))) + keys_by_name = zipmap(var.keys, [for k in var.keys : "${google_kms_key_ring.key_ring.id}/cryptoKeys/${k}"]) } resource "google_kms_key_ring" "key_ring" { From 083cf1d727fbc652658974fc4d8e202d5dd0f5f7 Mon Sep 17 00:00:00 2001 From: Hayden Johansen Date: Tue, 2 Sep 2025 12:54:27 -0500 Subject: [PATCH 2/2] modified indexing to use key name instead of numeric --- main.tf | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/main.tf b/main.tf index 8b2e0b4..a10d089 100644 --- a/main.tf +++ b/main.tf @@ -25,8 +25,8 @@ resource "google_kms_key_ring" "key_ring" { } resource "google_kms_crypto_key" "key" { - count = var.prevent_destroy ? length(var.keys) : 0 - name = var.keys[count.index] + for_each = var.prevent_destroy ? { for key in var.keys : key => key } : {} + name = each.key key_ring = google_kms_key_ring.key_ring.id rotation_period = var.key_rotation_period purpose = var.purpose @@ -49,8 +49,8 @@ resource "google_kms_crypto_key" "key" { } resource "google_kms_crypto_key" "key_ephemeral" { - count = var.prevent_destroy ? 0 : length(var.keys) - name = var.keys[count.index] + for_each = var.prevent_destroy ? {} : { for key in var.keys : key => key } + name = each.key key_ring = google_kms_key_ring.key_ring.id rotation_period = var.key_rotation_period purpose = var.purpose @@ -73,22 +73,22 @@ resource "google_kms_crypto_key" "key_ephemeral" { } resource "google_kms_crypto_key_iam_binding" "owners" { - count = length(var.set_owners_for) + for_each = toset(var.set_owners_for) role = "roles/owner" - crypto_key_id = local.keys_by_name[var.set_owners_for[count.index]] - members = compact(split(",", var.owners[count.index])) + crypto_key_id = local.keys_by_name[each.key] + members = compact(split(",", var.owners[index(var.set_owners_for, each.key)])) } resource "google_kms_crypto_key_iam_binding" "decrypters" { - count = length(var.set_decrypters_for) + for_each = toset(var.set_decrypters_for) role = "roles/cloudkms.cryptoKeyDecrypter" - crypto_key_id = local.keys_by_name[var.set_decrypters_for[count.index]] - members = compact(split(",", var.decrypters[count.index])) + crypto_key_id = local.keys_by_name[each.key] + members = compact(split(",", var.owners[index(var.decrypters, each.key)])) } resource "google_kms_crypto_key_iam_binding" "encrypters" { - count = length(var.set_encrypters_for) + for_each = toset(var.set_encrypters_for) role = "roles/cloudkms.cryptoKeyEncrypter" - crypto_key_id = local.keys_by_name[element(var.set_encrypters_for, count.index)] - members = compact(split(",", var.encrypters[count.index])) + crypto_key_id = local.keys_by_name[each.key] + members = compact(split(",", var.owners[index(var.encrypters, each.key)])) }