Keyring import

[unb9rn]

How do I import existing keyring to this module?
I have some terraform code:

module "kms-keys" {
  source  = "terraform-google-modules/kms/google"
  version = "~>2.0"

  project_id              = module.project.project_id

  keyring                 = var.kms_keyring_name
  location                = var.kms_keyring_location
  
  key_algorithm           = "GOOGLE_SYMMETRIC_ENCRYPTION"
  key_protection_level    = var.kms_key_protection
  
  keys                    = tolist([var.kms_gke_key_name])
  
  prevent_destroy         = false
}

And I have a keyring named "main-keyring". I'm trying to import state like this:

terraform import "module.kms-keys.google_kms_key_ring.key_ring" "myproject-631c/europe-west3-a/main-keyring"

And I'm getting an error:

module.kms-keys.google_kms_key_ring.key_ring: Refreshing state... [id=projects/myproject-631c/locations/europe-west3-a/keyRings/main-keyring]
╷
│ Error: Invalid function argument
│ 
│   on .terraform/modules/kms-keys/main.tf line 18, in locals:
│   18:   keys_by_name = zipmap(var.keys, var.prevent_destroy ? slice(google_kms_crypto_key.key[*].self_link, 0, length(var.keys)) : slice(google_kms_crypto_key.key_ephemeral[*].self_link, 0, length(var.keys)))
│     ├────────────────
│     │ var.keys is list of string with 1 element
│ 
│ Invalid value for "end_index" parameter: end index must not be greater than the length of the list.

Is it a bug?

[morgante]

This looks like a minor bug in how we compute the index length when importing. We probably need to use max(length(google_kms_crypto_key.key), length(var.keys)).

[philicious]

I wasnt able to fix it just buy what @morgante suggested. If you only have a keyring to import with no keys, it will complain about google_kms_crypto_key.key is empty tuple

however I was able to work around this and import the keyring:

• use a local copy of this module
• comment out all outputs.tf
• comment out all but the resource google_kms_key_ring.. in main.tf
• import the keyring to tf state
• roll back to using the upstream module and create keys with it as you wish

[hjoh95]

Seeing this issue as well.

I was able to import my keyring and key[0] with no issue, however, any additional keys are giving me this:

module.kms.google_kms_crypto_key.key[1]: Refreshing state... [id=projects/<project>/locations/global/keyRings/<keyring>/cryptoKeys/<key1>]
╷
│ Error: Invalid function argument
│
│   on .terraform/modules/kms/main.tf line 18, in locals:
│   18:   keys_by_name = zipmap(var.keys, var.prevent_destroy ? slice(google_kms_crypto_key.key[*].id, 0, length(var.keys)) : slice(google_kms_crypto_key.key_ephemeral[*].id, 0, length(var.keys)))
│     ├────────────────
│     │ var.keys is list of string with 6 elements
│
│ Invalid value for "end_index" parameter: end index must not be greater than
│ the length of the list.
╵

[CrackerJackMack]

someone provided a fix twice for this and they both went stale. Wonder if the maintainer/author is watching this repo anymore