Added new known issue for deleted quarantined keys

Former-commit-id: ec57516
oci-landing-zones · Jul 26, 2024 · edbc2e4 · edbc2e4
1 parent 5532825
commit edbc2e4
Showing 1 changed file with 29 additions and 0 deletions.
diff --git a/blueprints/one-oe/runtime/one-stack/known_issues.md b/blueprints/one-oe/runtime/one-stack/known_issues.md
@@ -37,7 +37,36 @@ Main Menu -> Identity and Security -> Cloud Guard -> Configuration -> Disable Cl
 
 Then, apply remove the conflicting compartment manually and proceed with the Stack destroy operation.
 
+&nbsp; 
+
+## The Key Version cannot deleted because it is the current key version of the key.
+
+While destroying your stack you will see the following error:
+
+```
+Error: 409-Conflict, The Key Version ocid1.keyversion.oc1.eu-frankfurt-1.entkhimfaafr2.bcqlm2r2dxaac.abtheljsnbgjujm7nez7fci36zmeycpcby7tn47lyv3fixgyflla37k4scnq cannot be deleted because it is the current key version of the key
+
+Suggestion: The resource is in a conflicted state. Please retry again or contact support for help with service: Kms Key Version
+
+Documentation: https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/kms_key_version
+
+API Reference: https://docs.oracle.com/iaas/api/#/en/key/release/KeyVersion/ScheduleKeyVersionDeletion
+
+Request Target: POST https://entkhimfaafr2-management.kms.eu-frankfurt-1.oraclecloud.com/20180608/keys/ocid1.key.oc1.eu-frankfurt-1.entkhimfaafr2.abtheljs2ocww2ra4ypwcmizds3pummzt7ik2lesswfskznhoizs2dyld4aq/keyVersions/ocid1.keyversion.oc1.eu-frankfurt-1.entkhimfaafr2.bcqlm2r2dxaac.abtheljsnbgjujm7nez7fci36zmeycpcby7tn47lyv3fixgyflla37k4scnq/actions/scheduleDeletion
+
+```
+
+You won't be able to completely destroy de stack, as we're using a Vault/keys to be compliant with CIS v2 for the Object Storage bucket used for Audit log long retention.
+
+You will need to delete manually the key and move the Vault to the root or alternative compartment.
+
+To delete the key:
+Main menu -> Key Management & Secret Management -> Vault -> Select: ***cmp-landingzone-p/cmp-lzp-security*** compartment -> Select ***key-lzp-oss-audit-bkt*** -> Select every version, 3 dots, delete -> Confirm and select deletion date as the earliest available.
+
+To move the vault:
+Main menu -> Key Management & Secret Management -> Vault -> Select: ***vlt-lzp-shared-security*** vault -> Move Resource -> root compartment.
 
+The destroy operation will keep failing until you reach the key deletion date. If you want to re-deploy the environment we encorage to move all the ***cmp-landingzone-p*** compartment to an alternative compartment in the root.
 
 &nbsp;