Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission 'cloudkms.cryptoKeys.get' denied on init setup #204

Closed
dcb-imvaria opened this issue Mar 6, 2024 · 3 comments
Closed

Permission 'cloudkms.cryptoKeys.get' denied on init setup #204

dcb-imvaria opened this issue Mar 6, 2024 · 3 comments
Labels
bug Something isn't working Stale

Comments

@dcb-imvaria
Copy link
Contributor

TL;DR

Not enough permission to read from KMS.

Expected behavior

No response

Observed behavior

The following error in VM logs of fresh setup:

Error parsing Seal configuration: error checking key existence: rpc error: code = PermissionDenied desc = Permission 'cloudkms.cryptoKeys.get' denied on resource 'projects/$PROJECT_ID/locations/us-central1/keyRings/vault/cryptoKeys/vault-init' (or it may not exist).

Terraform Configuration

provider "google" {}

data "google_client_config" "current" {}

module "vault" {
  source                                       = "terraform-google-modules/vault/google"
  project_id                                   = data.google_client_config.current.project
  region                                       = "us-west1"
  kms_keyring                                  = "vault-compute-engine"
  vault_version                                = "1.11.12"
  service_account_project_additional_iam_roles = ["roles/iam.serviceAccountKeyAdmin", 
                                                  "roles/iam.serviceAccountAdmin",
                                                  "roles/resourcemanager.projectIamAdmin"]
}

output "vault_addr" {
  value = module.vault.vault_addr
}

Terraform Version

Terraform v1.7.2
on linux_amd64

Additional information

This problem was initially reported in issue #184 but was closed due to inactivity. Another PR, #198, was created but it has not been assigned for review.
@dcb-imvaria dcb-imvaria added the bug Something isn't working label Mar 6, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented May 5, 2024

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days
@github-actions github-actions bot added the Stale label May 5, 2024
@dcb-imvaria
Copy link
Contributor Author

dcb-imvaria commented May 6, 2024 via email

@github-actions github-actions bot removed the Stale label May 6, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 5, 2024

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days
@github-actions github-actions bot added the Stale label Jul 5, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jul 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working Stale
1 participant
@dcb-imvaria