Skip to content

Commit

Permalink
rename crypto key (GoogleCloudPlatform#32)
Browse files Browse the repository at this point in the history
  • Loading branch information
@caetano-colin
caetano-colin authored May 6, 2024
1 parent 9a009d1 commit ef12ae2
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
4 changes: 2 additions & 2 deletions 4-projects/modules/composer_env/crypto.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,15 +53,15 @@ resource "google_project_service_identity" "service_agents_kms" {
}

resource "google_kms_crypto_key_iam_member" "app_key" {
for_each = module.app_cloudbuild_project.crypto_key
for_each = module.app_cloudbuild_project.kms_keys
crypto_key_id = each.value.id
role = "roles/cloudkms.admin"
member = "serviceAccount:${local.app_infra_pipeline_service_accounts[var.repo_name]}"
}

// Add Secret Manager Service Agent to key with encrypt/decrypt permissions
resource "google_kms_crypto_key_iam_binding" "secretmanager_agent" {
for_each = module.app_cloudbuild_project.crypto_key
for_each = module.app_cloudbuild_project.kms_keys
crypto_key_id = each.value.id
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
members = local.kms_secret_sa_accounts
Expand Down
2 changes: 1 addition & 1 deletion 4-projects/modules/composer_env/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ output "project_sa" {

output "project_crypto_key" {
description = "key created in project"
value = module.app_cloudbuild_project.crypto_key
value = module.app_cloudbuild_project.kms_keys
}

# output "terraform_service_accounts" {
Expand Down

0 comments on commit ef12ae2

Please sign in to comment.