-1

我在 IBM Cloud 上使用 Key Protect。我想使用 Terraform 将现有的根密钥导入我的 Key Protect 实例。我正在关注ibm_kms_key的文档:

data "ibm_resource_instance" "kms_instance" {
  name     = "henrikKeyProtectUS"
  service  = "kms"
  location = "us-south"
}

resource "ibm_kms_key" "key" {
  instance_id = data.ibm_resource_instance.kms_instance.guid
  key_name       = "mytestkey"
  standard_key   = false
  payload = "rtmETw5IrxFIkRjl7ZYIxMs5Dk/wWQLJ+eQU+HSrWUo="
}

应用更改时,Terraform 返回错误:

ibm_kms_key.key: Creating...
╷
│ Error: Error while creating Root key with payload: kp.Error: correlation_id='618f8712-b357-xxx-af12-155ad18fbc26', msg='Unauthorized: The user does not have access to the specified resource'
│ 
│   with ibm_kms_key.key,
│   on main.tf line 7, in resource "ibm_kms_key" "key":
│    7: resource "ibm_kms_key" "key" {

为什么?我是帐户所有者和 Key Protect 实例管理员。我应该拥有所有的特权。

4

1 回答 1

1

该错误实际上在ibm_kms_key的介绍中有所描述,但很容易被过度阅读。提供者的设置区域当前必须与 KMS 实例的区域匹配。

在将我的提供商从“eu-de”切换到“us-south”之后,我也能够导入密钥。

provider "ibm" {
  ibmcloud_api_key = var.ibmcloud_api_key
  region           = "us-south"
  ibmcloud_timeout = var.ibmcloud_timeout
}
于 2021-07-08T13:03:47.657 回答