Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_key_vault_access_policy casing is #10591

Closed
FernandoMiguel opened this issue Feb 15, 2021 · 2 comments · Fixed by #10593
Closed

azurerm_key_vault_access_policy casing is #10591

FernandoMiguel opened this issue Feb 15, 2021 · 2 comments · Fixed by #10593
Assignees
@tombuildsstuff
Labels
bug service/key-vault Key Vault upstream/microsoft Indicates that there's an upstream issue blocking this issue/PR v/2.x (legacy)
Milestone
v2.48.0

Comments

@FernandoMiguel
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Affected Resource(s)

Terraform v0.14.6

  • provider registry.terraform.io/hashicorp/azuread v1.3.0
  • provider registry.terraform.io/hashicorp/azurerm v2.46.1
  • provider registry.terraform.io/hashicorp/random v3.0.1
  • provider registry.terraform.io/hashicorp/time v0.6.0
  • provider registry.terraform.io/microsoft/azuredevops v0.1.2

Terraform Configuration Files

resource "azurerm_key_vault_access_policy" "owners" {
  object_id    = local.azuread_application_owners
  key_vault_id = azurerm_key_vault.key_vault.id
  tenant_id    = data.azurerm_client_config.azurerm_client_config.tenant_id

  key_permissions = [
    "Get",
    "List",
    # "Update",
    # "Create",
    # "Import",
    # "Delete",
    # "Recover",
    # "Backup",
    # "Restore",
    # "Decrypt",
    # "Encrypt",
    # "UnwrapKey",
    # "WrapKey",
    # "Verify",
    # "Sign",
    # "Purge",
  ]

  secret_permissions = [
    "Get",
    "List",
    "Set",
    "Delete",
    "Recover",
    "Backup",
    "Restore",
    "Purge",
  ]

  storage_permissions = [
    "get",
    "list",
  ]

  certificate_permissions = [
    "Get",
    "List",
  ]
}

Debug Output

          ~ {
              ~ key_permissions         = [
                  - "get",
                  - "list",
                  + "Get",
                  + "List",
                ]
              ~ secret_permissions      = [
                  - "get",
                  - "list",
                  + "Get",
                  + "List",
                ]
                # (5 unchanged elements hidden)
            },
          ~ {
              ~ key_permissions         = [
                  - "get",
                  - "list",
                  + "Get",
                  + "List",
                ]
              ~ secret_permissions      = [
                  - "get",
                  - "list",
                  + "Get",
                  + "List",
                ]
                # (5 unchanged elements hidden)
            },

Expected Behaviour

Documentation says all args are lower case, but seems the API returns camel case .

But worse, storage_permissions only takes lower case

Error: expected storage_permissions.0 to be one of [backup delete deletesas get getsas list listsas purge recover regeneratekey restore set setsas update], got Get

Actual Behaviour

Steps to Reproduce

  1. terraform apply

References

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy
@tombuildsstuff tombuildsstuff self-assigned this Feb 15, 2021
tombuildsstuff added a commit that referenced this issue Feb 15, 2021
@tombuildsstuff
r/key_vault: normalizing the casing on the Key Vault Access Policies
df2dda5 
Azure's now returning casing which differs from the SDK - as such we need
to normalize these on our side.

Fixes #10591
@tombuildsstuff tombuildsstuff added bug service/key-vault Key Vault upstream/microsoft Indicates that there's an upstream issue blocking this issue/PR labels Feb 15, 2021
@tombuildsstuff tombuildsstuff added this to the v2.48.0 milestone Feb 15, 2021
@tombuildsstuff tombuildsstuff mentioned this issue Feb 15, 2021
Merged
@ghost
Copy link

ghost commented Feb 18, 2021

This has been released in version 2.48.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.48.0"
}
# ... other configuration ...

@thomasriley thomasriley mentioned this issue Mar 15, 2021
Closed
@ghost
Copy link

ghost commented Mar 18, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Mar 18, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@tombuildsstuff tombuildsstuff

Labels
bug service/key-vault Key Vault upstream/microsoft Indicates that there's an upstream issue blocking this issue/PR v/2.x (legacy)
Projects
None yet
Milestone
v2.48.0
Development

Successfully merging a pull request may close this issue.

keyvault: normalizing the casing of the permissions hashicorp/terraform-provider-azurerm
3 participants
@FernandoMiguel @tombuildsstuff @catriona-m