-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: added functionality to allow for a kms key in an external account #230
Conversation
/run pipeline |
/run pipeline |
@kierramarie ensure changes (including variable descriptions) are consistent with terraform-ibm-modules/terraform-ibm-secrets-manager#147 |
@ocofaigh this da uses kms for en and cos. should I update the cos part as well to use the external kms (I have already mostly implemented this)? |
@kierramarie yes since KMS key is supported for both EN and the COS bucket, cross account support needed for both |
/run pipeline |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
some comments
/run pipeline |
/run pipeline |
Need to wait for this PR to get merged. |
this pr is failing in the precommit but is fine when I run precommit locally. |
The PR is failing because: |
@kierramarie To workaround the lite plan issue, you need to update the tests so they always create a new resource group, as you can have 1 lite plan per group. Here is how to achieve that -> https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager/blob/511d67cf6a936976cbdb093a366b9e4d36e61fb4/tests/pr_test.go#L62-L66 After you make that change, please re-run pipeline to see if you still face other errors |
/run pipeline |
/run pipeline |
@ocofaigh now just the fscloud test is failing with the same error with the "module.event_notification.module.event_notification.data.ibm_en_integrations.en_integrations[0]" resource. |
@kierramarie pipeline is unblocked now if you want to get this one back ready |
/run pipeline |
/run pipeline |
/run pipeline |
/run pipeline |
/run pipeline |
/run pipeline |
/run pipeline |
🎉 This issue has been resolved in version 1.10.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
Description
An external kms key can be used now. If an api key for the external account is passed, new iam policies will be created to all EN and COS to communicate with the external kms instance.
Git Issue: #213
Release required?
x.x.X
)x.X.x
)X.x.x
)Release notes content
Run the pipeline
If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.
Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:
Checklist for reviewers
For mergers