terraform-azurerm-caf
terraform-azurerm-caf copied to clipboard
aztfmod
Bug report- Error: retrieving `contact` for KeyVault: keyvault.BaseClient#GetCertificateContacts: Failure sending request: StatusCode=0 -- Original Error: context deadline exceeded
Is there an existing issue for this?
- [X] I have searched the existing issues
Community Note
- Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Version of the module you are using
5.6.0
Rover Version
aztfmod/rover:1.1.7-2203.2311
Terraform Version
1.1.0
AzureRM Provider Version
No response
Affected Resource(s)/Data Source(s)
azurerm_key_vault
Terraform Configuration Files
keyvaults = {
kv_secrets = {
name = "deleteme"
resource_group_key = "deleteme"
sku_name = "standard"
soft_delete_enabled = true
soft_delete_retention_days = 90
creation_policies = {
logged_in_user = {
key_permissions = ["List"]
secret_permissions = ["Set", "Get", "List", "Delete", "Purge", "Recover"]
certificate_permissions = ["List"]
storage_permissions = ["List"]
}
logged_in_aad_app = {
key_permissions = ["List"]
secret_permissions = ["Set", "Get", "List", "Delete", "Purge", "Recover"]
certificate_permissions = ["List"]
storage_permissions = ["List"]
}
}
}
}
Expected Behaviour
Key vault should be created.
Actual Behaviour
Throws the following error and creation fails.
module.solution.module.keyvaults["kv_secrets"].azurerm_key_vault.keyvault: Still creating... [7m20s elapsed]
module.solution.module.keyvaults["kv_secrets"].azurerm_key_vault.keyvault: Still creating... [7m30s elapsed]
╷
│ Error: retrieving `contact` for KeyVault: keyvault.BaseClient#GetCertificateContacts: Failure sending request: StatusCode=0 -- Original Error: context deadline exceeded
│
│ with module.solution.module.keyvaults["dm_kv_secrets"].azurerm_key_vault.keyvault,
│ on /home/vscode/.terraform.cache/pildev/modules/solution/modules/security/keyvault/keyvault.tf line 17, in resource "azurerm_key_vault" "keyvault":
│ 17: resource "azurerm_key_vault" "keyvault" {
│
╵
Terraform apply return code: 1
Error on or near line 434: Error running terraform apply; exiting with status 1
@calling clean_up_variables
cleanup variables
clean_up backend_files`
Steps to Reproduce
Create a keyvault with CAF v5.6.0 or v5.6.1
Important Factoids
No response
References
No response
hi @nusrath432 - You might want to add export ARM_USE_MSAL=false before the rover command. This is set by default on new rover and helps here
@arnaudlh Thanks - will test that. Also, I think this has to do with Keyvault Private Endpoints and the security context (UPN / SPN) that rover is running under - Rover should be executed from a machine that is reachable to KV via the Private Endpoint. I'll update my findings here shortly.
@arnaudlh Just to update - I fixed the connectivity between my machine and the spoke network via the hub (private network) and that seems to have fixed things. No change made to "export ARM_USE_MSAL" in this case.
@nusrath432 : what did you do to fix the connectivity ? What connectivity test can we run between self-hosted ado agent subnet and KV private endpoint subnet to check if connectivity is ok ?
We have this error on multiple KV's in different VNet. Private Endpoint enabled on KV's throwing this error.
Using Rover version 1.2.3-2207.0210.
