ongoing keyvault errors

[ausfestivus]

I am struggling to get even the basic version of this to build successfully. The most common problem I am facing is with the injection of the certificate into the Azure Keyvault.

Terraform says this:

2 errors occurred:
	* module.tfe_cluster.module.common.azurerm_key_vault_certificate.ptfe: 1 error occurred:
	* azurerm_key_vault_certificate.ptfe: keyvault.BaseClient#ImportCertificate: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Forbidden" Message="Access denied. Caller was not found on any access policy.\r\nCaller: appid=04b07795-8ddb-461a-bbee-02f9e1bf7b46;oid=731b021b-d6c0-41f7-b417-9874875730dc;numgroups=2;iss=https://sts.windows.net/a5aa424e-5d6f-47c9-bf70-a1310f4be302/\r\nVault: demoTFE;location=australiaeast" InnerError={"code":"AccessDenied"}

Versions of things is:

Terraform v0.11.14
+ provider.azurerm v1.32.1
+ provider.local v1.4.0
+ provider.null v2.1.2
+ provider.random v2.2.1
+ provider.template v2.1.2
+ provider.tls v2.1.1

I created a new App Registration for the access to Keyvault. I have confirmed the variables in the code to use the necessary attributes of the app registration.

• key_vault_object_id: XXXXXXXXX
• key_vault_tenant_id: XXXXXXXXX
• application_id: XXXXXXXXX

I am running terraform from the CLI on my laptop and im signed in via az login.

It is entirely possible I am missing something fundamental about AppIDs, SPs and Keyvault here, I just cant seem to track it down.

[ausfestivus]

Wonder if it is related to this hashicorp/terraform-provider-azurerm#4569 ?

[ausfestivus]

Could also be related to this one hashicorp/terraform-provider-azurerm#1569 (which is long and I am now reading).

[ausfestivus]

Okay, ive unpacked the root cause of this issue and have updated my fork of this repo to fix it. PR coming shortly.

I wrote up my discovery here