azure icon indicating copy to clipboard operation
azure copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

Feature Request: azure_rm_keyvault RBAC

Open adthorn opened this issue 3 years ago • 9 comments

SUMMARY

Enable RBAC for Key vaults

ISSUE TYPE

enable_rbac_authorization: true/false since it's in terraform and ARM/Bicep

COMPONENT NAME

azure_rm_keyvault

ADDITIONAL INFORMATION
- name: Create instance of Key Vault
  azure_rm_keyvault:
    resource_group: "{{azr_rg_name}}"
    vault_name: "{{azr_kv_name}}"
    enable_soft_delete: true
    enabled_for_deployment: true
    enabled_for_disk_encryption: true
    enable_rbac_authorization: true
    vault_tenant: "{{azr_aad_tenant_id}}"
    access_policies:       
      - tenant_id: "{{azr_aad_tenant_id}}"
        object_id: "{{azr_aad_object_id}}"
        keys:
          - get
          - list
    sku:
      name: "{{azr_kv_sku}}"
    subscription_id: "{{azr_subid}}"
    auth_source: auto
    tags:

adthorn avatar Jan 07 '22 17:01 adthorn

@Fred-sun - Any way we can get this option added to the module?

adthorn avatar Jan 25 '22 13:01 adthorn

@Fred-sun - Any way we can get this option added to the module?

@adthorn I will check and complete the addition as soon as possible. Thank you very much!

Fred-sun avatar Jan 25 '22 13:01 Fred-sun

@Fred-sun - Thank you

adthorn avatar Feb 07 '22 13:02 adthorn

Any update? RBAC has been around for 3 years now @Fred-sun

adthorn avatar Jun 06 '22 19:06 adthorn

@adthorn The old SDK currently does not support this parameter "enable-rbac-authorization ". We will consider adding it after we upgrade the SDK. Thank you very much!

Fred-sun avatar Aug 09 '22 02:08 Fred-sun

Any update on this? I'm upgraded to azure.azcollection v1.15.0 and the keyvault module complains if access_policies is omitted. But you shouldn't need to define any access_policies if RBAC is enabled (which is what we do by default).

watsonb avatar Apr 20 '23 19:04 watsonb