From 8a648484b7c0c03b49637d9bef70033de0a71a2a Mon Sep 17 00:00:00 2001 From: Modular Magician Date: Mon, 10 Oct 2022 21:15:44 +0000 Subject: [PATCH] skip destroyed key versions (#6669) Co-authored-by: Edward Sun Signed-off-by: Modular Magician --- .changelog/6669.txt | 3 +++ google-beta/kms_utils.go | 21 ++++++++++++--------- 2 files changed, 15 insertions(+), 9 deletions(-) create mode 100644 .changelog/6669.txt diff --git a/.changelog/6669.txt b/.changelog/6669.txt new file mode 100644 index 0000000000..1c793ca75c --- /dev/null +++ b/.changelog/6669.txt @@ -0,0 +1,3 @@ +```release-note:bug +kms: fixed apply failure when `google_kms_crypto_key` is removed after its versions were destroyed earlier +``` diff --git a/google-beta/kms_utils.go b/google-beta/kms_utils.go index 135f8bb7f7..5bf5309415 100644 --- a/google-beta/kms_utils.go +++ b/google-beta/kms_utils.go @@ -188,15 +188,18 @@ func clearCryptoKeyVersions(cryptoKeyId *kmsCryptoKeyId, userAgent string, confi } for _, version := range versionsResponse.CryptoKeyVersions { - request := &cloudkms.DestroyCryptoKeyVersionRequest{} - destroyCall := versionsClient.Destroy(version.Name, request) - if config.UserProjectOverride { - destroyCall.Header().Set("X-Goog-User-Project", cryptoKeyId.KeyRingId.Project) - } - _, err = destroyCall.Do() - - if err != nil { - return err + // skip the versions that have been destroyed earlier + if version.State == "ENABLED" { + request := &cloudkms.DestroyCryptoKeyVersionRequest{} + destroyCall := versionsClient.Destroy(version.Name, request) + if config.UserProjectOverride { + destroyCall.Header().Set("X-Goog-User-Project", cryptoKeyId.KeyRingId.Project) + } + _, err = destroyCall.Do() + + if err != nil { + return err + } } }