From 3bca5aecbd4f406d17fb5690335fe6004514abe2 Mon Sep 17 00:00:00 2001 From: Pyronewbic Date: Wed, 20 May 2026 21:46:26 +0530 Subject: [PATCH 1/2] fix: import existing KMS/attestor resources, add public key PEM --- terraform/binary-auth.tf | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/terraform/binary-auth.tf b/terraform/binary-auth.tf index 38e66a0..44ed23c 100644 --- a/terraform/binary-auth.tf +++ b/terraform/binary-auth.tf @@ -1,3 +1,8 @@ +import { + to = google_kms_key_ring.binary_auth + id = "projects/casecomp-495718/locations/global/keyRings/binary-auth" +} + resource "google_kms_key_ring" "binary_auth" { name = "binary-auth" location = "global" @@ -5,6 +10,11 @@ resource "google_kms_key_ring" "binary_auth" { depends_on = [google_project_service.cloudkms] } +import { + to = google_kms_crypto_key.attestor_key + id = "projects/casecomp-495718/locations/global/keyRings/binary-auth/cryptoKeys/attestor-key" +} + resource "google_kms_crypto_key" "attestor_key" { name = "attestor-key" key_ring = google_kms_key_ring.binary_auth.id @@ -16,6 +26,11 @@ resource "google_kms_crypto_key" "attestor_key" { } } +import { + to = google_container_analysis_note.deploy_attestor + id = "projects/casecomp-495718/notes/deploy-attestor" +} + resource "google_container_analysis_note" "deploy_attestor" { name = "deploy-attestor" @@ -28,6 +43,11 @@ resource "google_container_analysis_note" "deploy_attestor" { depends_on = [google_project_service.containeranalysis] } +import { + to = google_binary_authorization_attestor.deploy + id = "projects/casecomp-495718/attestors/deploy-attestor" +} + resource "google_binary_authorization_attestor" "deploy" { name = "deploy-attestor" @@ -35,7 +55,17 @@ resource "google_binary_authorization_attestor" "deploy" { note_reference = google_container_analysis_note.deploy_attestor.name public_keys { - id = "${google_kms_crypto_key.attestor_key.id}/cryptoKeyVersions/1" + id = "//cloudkms.googleapis.com/v1/projects/casecomp-495718/locations/global/keyRings/binary-auth/cryptoKeys/attestor-key/cryptoKeyVersions/1" + + pkix_public_key { + public_key_pem = <<-EOT +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEz1M4jt+Io7Na86SpMNZkIG+yUEn+ +7N/9tVN7BfbH2jZ76A1zm02/5qC4oPbk/+i0SFcUuKMUCqkv+tv4hORMzA== +-----END PUBLIC KEY----- +EOT + signature_algorithm = "ECDSA_P256_SHA256" + } } } From ba2d24146289e43b83e1ed8048a16303d472f306 Mon Sep 17 00:00:00 2001 From: Pyronewbic Date: Wed, 20 May 2026 21:49:41 +0530 Subject: [PATCH 2/2] style: terraform fmt alignment in binary-auth.tf --- terraform/binary-auth.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/binary-auth.tf b/terraform/binary-auth.tf index 44ed23c..3d90bed 100644 --- a/terraform/binary-auth.tf +++ b/terraform/binary-auth.tf @@ -58,7 +58,7 @@ resource "google_binary_authorization_attestor" "deploy" { id = "//cloudkms.googleapis.com/v1/projects/casecomp-495718/locations/global/keyRings/binary-auth/cryptoKeys/attestor-key/cryptoKeyVersions/1" pkix_public_key { - public_key_pem = <<-EOT + public_key_pem = <<-EOT -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEz1M4jt+Io7Na86SpMNZkIG+yUEn+ 7N/9tVN7BfbH2jZ76A1zm02/5qC4oPbk/+i0SFcUuKMUCqkv+tv4hORMzA==