Skip to content

Commit 08291c6

Browse files
ocofaighocofaigh
authored
fix: add fix for KMS cross account bug
1 parent bee8b7a commit 08291c6

File tree

1 file changed

+3
-3
lines changed
  • solutions/fully-configurable

1 file changed

+3
-3
lines changed

solutions/fully-configurable/main.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ resource "ibm_iam_authorization_policy" "kms_policy" {
6161
provider = ibm.kms
6262
source_service_account = data.ibm_iam_account_settings.iam_account_settings[0].account_id
6363
source_service_name = "secrets-manager"
64-
source_resource_group_id = module.resource_group[0].resource_group_id
64+
source_resource_group_id = module.resource_group.resource_group_id
6565
roles = ["Reader"]
6666
description = "Allow all Secrets Manager instances in the resource group ${local.kms_account_id} to read the ${local.kms_service_name} key ${local.kms_key_id} from the instance GUID ${local.kms_instance_guid}"
6767
resource_attributes {
@@ -109,11 +109,11 @@ resource "ibm_iam_authorization_policy" "secrets_manager_hpcs_policy" {
109109
provider = ibm.kms
110110
source_service_account = data.ibm_iam_account_settings.iam_account_settings[0].account_id
111111
source_service_name = "secrets-manager"
112-
source_resource_group_id = module.resource_group[0].resource_group_id
112+
source_resource_group_id = module.resource_group.resource_group_id
113113
target_service_name = local.kms_service_name
114114
target_resource_instance_id = local.kms_instance_guid
115115
roles = ["Viewer"]
116-
description = "Allow all Secrets Manager instances in the resource group ${module.resource_group[0].resource_group_id} in the account ${local.kms_account_id} to view from the ${local.kms_service_name} instance GUID ${local.kms_instance_guid}"
116+
description = "Allow all Secrets Manager instances in the resource group ${module.resource_group.resource_group_id} in the account ${local.kms_account_id} to view from the ${local.kms_service_name} instance GUID ${local.kms_instance_guid}"
117117
}
118118

119119
# workaround for https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4478

0 commit comments

Comments
 (0)