Skip to content

Instantly share code, notes, and snippets.

@todd-dsm

todd-dsm/import-kms-keyring.sh

Last active June 2, 2020 17:27
Show Gist options
  • Save todd-dsm/cbcabec1926ee39223ae6d8551da8c91 to your computer and use it in GitHub Desktop.
Save todd-dsm/cbcabec1926ee39223ae6d8551da8c91 to your computer and use it in GitHub Desktop.
Download ZIP
import a pre-existing google_kms_key_ring
Raw
import-kms-keyring.sh
#!/usr/bin/env bash
# PURPOSE: solves an annoyance importing a google_kms_key_ring. This soaked up
# more minutes than it should have. the fix is pretty simple.
# -----------------------------------------------------------------------------
# NOTE: only run this once
# -----------------------------------------------------------------------------
# If you're in a GCP Organization AND you're creating a
# google_kms_key_ring inside of a dynamically-generated project THEN
# you don't need to run/worry about this.
# -----------------------------------------------------------------------------
# PREREQS: a) gcloud; installed and auth configured
# b) project; pre-configured in WebUI
# c) a create key ring resource must be configured in the root module
# EXAMPLE: cat key_management.tf
# resource "google_kms_key_ring" "my_key_ring" {
# name = "myApp"
# location = "${var.region}"
# project = "${data.google_project.project.project_id}"
# }
# -----------------------------------------------------------------------------
# EXECUTE: ./import-kms-keyrings.sh myApp
# -----------------------------------------------------------------------------
# TODO: 1)
# 2)
# 3)
# -----------------------------------------------------------------------------
# AUTHOR: Todd Thomas
# -----------------------------------------------------------------------------
# CREATED: 2018/10/22
# -----------------------------------------------------------------------------
set -x
"${1?The first argument 'myApp', is not set.}"
###----------------------------------------------------------------------------
### VARIABLES
###----------------------------------------------------------------------------
myApp="$1" # mine is called 'vault-service' for example
# Go shopping for variables
export gkeClusterName="$(gcloud container clusters list --format 'value(name)')"
export gkeClusterZone="$(gcloud container clusters list --format 'value(zone)')"
export gcpProject="$(gcloud config list --format 'value(core.project)')"
###----------------------------------------------------------------------------
### FUNCTIONS
###----------------------------------------------------------------------------
# print it good
function pMsg() {
theMessage=$1
printf '\n%s\n' "$theMessage"
}
###----------------------------------------------------------------------------
### MAIN PROGRAM
###----------------------------------------------------------------------------
### Import the keyring
###---
# FORMAT: terraform import google_kms_key_ring.my_key_ring my-gcp-project/us-central1/my-key-ring
pMsg "Importing google_kms_key_ring.${myApp}..."
terraform import "google_kms_key_ring.${myApp}" \
"${gcpProject}/${gkeClusterZone%-*}/${myApp}"
###---
### OUTPUT: success looks like this
###---
# google_kms_key_ring.myApp: Importing from ID "my-gcp-project/my-region/myApp"...
# google_kms_key_ring.myApp: Import complete!
# Imported google_kms_key_ring (ID: projects/my-gcp-project/locations/my-region/keyRings/myApp)
# google_kms_key_ring.myApp: Refreshing state... (ID: projects/my-gcp-project/locations/my-region/keyRings/myApp)
#
# Import successful!
#
# The resources that were imported are shown above. These resources are now in
# your Terraform state and will henceforth be managed by Terraform.
###---
### fin~
###---
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment