Using ops-agent-policy module does not set APT GPG key in OS policy created

[alexjmoore]

TL;DR

Using the ops-agent-policy to install Ops Agent on VMs does not appear to correctly set APT GPG Key, this means the apt update fails and so agent installation fails.

Expected behavior

Install the agent

Observed behavior

Policy fails enforcement step and agent does not install. Error seen by apt:

W: GPG error: https://packages.cloud.google.com/apt google-cloud-ops-agent-noble-all InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY C0BA5CE6DC6315A3

Terraform Configuration

module "install_ops_agent" {
  source          = "terraform-google-modules/cloud-operations/google//modules/ops-agent-policy"
  project         = google_project.this-project.project_id
  assignment_id   = "ops-agent-policy-all-in-${var.zone}"
  zone            = var.zone
  instance_filter = { all = true }
}

Terraform Version

Terraform v1.9.2
on linux_amd64
+ provider registry.terraform.io/hashicorp/google v5.37.0
+ provider registry.terraform.io/hashicorp/google-beta v5.37.0
+ provider registry.terraform.io/hashicorp/http v3.4.3
+ provider registry.terraform.io/hashicorp/random v3.6.2

Additional information

No response

[hsmatulisgoogle]

Thanks for the bug request! I created PR #109 which should fix the fact that the gpg are not being set