google_kms_crypto_key_version public_key returns 400

[c2thorn]

public_key is returning an error during the initial GET request:

  "error": {
     "code": 400,
    "message": "projects/graphite-test-camtest2/locations/global/keyRings/test-attestor-key-ring/cryptoKeys/test-attestor-key/cryptoKeyVersions/1 is not enabled, current state is: PENDING_GENERATION.",
    "status": "FAILED_PRECONDITION",
   "details": [
      {
     "@type": "type.googleapis.com/google.rpc.PreconditionFailure",
         "violations": [
          {
             "type": "KEY_PENDING_GENERATION",
            "subject": "projects/graphite-test-camtest2/locations/global/keyRings/test-attestor-key-ring/cryptoKeys/test-attestor-key/cryptoKeyVersions/1"
          }
         ]
      }
     ]
   }

Thus public_key returns with an empty list during apply, causing the error seen in #5552 (comment)

[ooq]

Thanks for creating this bug @c2thorn !
I'm new to terraform. But It seems that even when the key is indeed generated (by checking GCP console), refreshing terraform state for version would still not retrieve the public_key. Is this expected?

[c2thorn]

@ooq that is not expected, mind sharing your Terraform configuration file?

[ooq]

@c2thorn Exactly this one: https://www.terraform.io/docs/providers/google/r/binary_authorization_attestor.html#example-usage-binary-authorization-attestor-kms

[c2thorn]

Thanks for your cooperation @ooq! I cannot seem to reproduce what you are seeing (refreshing is showing public_key). Do you mind sharing your DEBUG logs when you apply/refresh?

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!