-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Creation of ECS with encrypted system disk fails with EVS.2044 and Ecs.0025 #1640
Comments
I found this aditional hint in OTC doc: So, I created one ECS manually including Xrole. |
It sounds like some kind of API change, I will raise an internal incident for that. |
@pwurbs, you meet this issue, because if project is newly created you will have to grant permissions between services. Here I would like to suggest a solution. Can you try to use this block of code? You can face with this issue in CCE service resource "opentelekomcloud_identity_agency_v3" "enable_evs_enryption" {
name = "EVSAccessKMS"
description = "Created by Terraform to enable evs encryption"
delegated_domain_name = "op_svc_evs"
dynamic "project_role" {
for_each = var.projects
content {
project = project_role.value
roles = [
"Tenant Administrator"
]
}
}
} PS: This grants you should give only 1 time. |
@lego963 I faced that issue just creating ECS instances (without CCE relation). |
@pwurbs CCE is just example with the same issue. |
[ECS] Add info about encrypted disk usage Summary of the Pull Request Add example and a note for encrypted disks in r/ecs_instance_v1 Resolve #1640 PR Checklist Refers to: #1640 Documentation updated. Release notes added. Reviewed-by: Rodion Gyrbu <fpsoff@outlook.com> Reviewed-by: Vladimir Vshivkov <None>
Terraform provider version
v1.27.6
Affected Resource(s)
Terraform Configuration Files
Debug Output/Panic Output
Steps to Reproduce
Expected Behavior
ECS resource is able to access the KMS to create encrypted system disk
Actual Behavior
apply of ECS resource terminates with error message above
References
In https://docs.otc.t-systems.com/en-us/api/ecs/en-us_topic_0022067717.html there is hint what the error message mean:
"EVS is not authorized to obtain KMS keys for encrypting EVS disks."
"Authorize EVS to obtain KMS keys for encrypting EVS disks."
Maybe there is an issue in the resource regarding authorization of the system EVS
The text was updated successfully, but these errors were encountered: