Invalid KeyRing id format

[zxpower]

Overview

When creating KMS keyring binding, I got following error message:

Invalid KeyRing id format, expecting `{projectId}/{locationId}/{keyRingName}` or `{locationId}/{keyRingName}.`

Code used when I got the error below:

module "gha_service_account" {
  source  = "terraform-google-modules/service-accounts/google"
  version = "3.0.1"

  project_id = var.project
  prefix     = "gha"
  names      = ["master-sa"]

  project_roles = [
  ]

  display_name  = "Github Actions SA"
  description   = "Service Account used for Github Actions"
  generate_keys = true
}

module "kms_key_ring-iam-bindings" {
  source  = "terraform-google-modules/iam/google//modules/kms_key_rings_iam"
  version = "6.4.1"
  kms_key_rings = [
    "master-keyring",
  ]
  
  mode = "authoritative"

  bindings = {
    "roles/cloudkms.cryptoKeyDecrypter" = [
      "serviceAccount:${module.gha_service_account.email}",
    ]
  }
}

Solved this by just adding global/ before master-keyring as it was created as global resource.

[morgante]

Since this is solved, I'm not sure we need to do anything to fix in this module.

[zxpower]

I suggest to at least update README for the module because by default you don't set the zone for keyrings because they're mostly global, but there could be times when you create region specific keyring.

[morgante]

Got it, yes we could update the README. I'm happy to review a PR.