terraform-azurerm-avm-res-keyvault-vault icon indicating copy to clipboard operation
terraform-azurerm-avm-res-keyvault-vault copied to clipboard

Published 20 hours ago verified publisher icon Azure

Use azurerm_key_vault_certificate_contacts instead

Open davidkarlsen opened this issue 9 months ago • 7 comments

See https://github.com/hashicorp/terraform-provider-azurerm/pull/19743 and https://github.com/hashicorp/terraform-provider-azurerm/issues/10256 - it might be more optimal to use azurerm_key_vault_certificate_contacts to avoid permission problem when initially creating the KV.

davidkarlsen avatar Nov 05 '23 12:11 davidkarlsen

ah, nvm, this is of course on the consuming-side of things.

davidkarlsen avatar Nov 05 '23 12:11 davidkarlsen

Thanks for this. We will consider the implementation detail.

We do not support access policies in the module as yet, preferring Azure role assignments.

In your use case, how would the above affect the use of the dedicated contact resource?

matt-FFFFFF avatar Nov 05 '23 12:11 matt-FFFFFF

you get a permission denied because the IAM has not been assigned yet - so instead you do this sequence:

  1. create KV
  2. create IAM
  3. create contact resource, depending on 2)

davidkarlsen avatar Nov 05 '23 12:11 davidkarlsen

Thanks. Will swap it out and make dependent on the role assignments

matt-FFFFFF avatar Nov 05 '23 12:11 matt-FFFFFF

could this be merged and released?

davidkarlsen avatar Dec 13 '23 17:12 davidkarlsen

Hi, I've put this in another PR that's challenging at the moment.

I can pull it out.

matt-FFFFFF avatar Dec 13 '23 18:12 matt-FFFFFF

@matt-FFFFFF fix in #39

davidkarlsen avatar Jan 09 '24 08:01 davidkarlsen