Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refreshing state of a Key from a non-existing Azure Key Vault fails #1240

Closed
toasterlint opened this issue May 15, 2018 · 1 comment · Fixed by #1535
Closed

Refreshing state of a Key from a non-existing Azure Key Vault fails #1240

toasterlint opened this issue May 15, 2018 · 1 comment · Fixed by #1535
Labels
bug service/key-vault Key Vault v/1.x (legacy)
Milestone
v1.9.0

Comments

@toasterlint
Copy link

Terraform Version

Terraform v0.11.7
provider.azurerm v1.5.0

Affected Resource(s)

  • azurerm_key_vault
  • azurerm_key_vault_key

Terraform Configuration Files

resource "azurerm_key_vault" "mgmtkv" {
  name                        = "${local.nameprefix}-kv"
  location                    = "${var.location}"
  resource_group_name         = "${data.azurerm_resource_group.mgmtrg.name}"
  tenant_id                   = "${data.azurerm_client_config.current.tenant_id}"
  enabled_for_disk_encryption = true
  enabled_for_deployment      = true
  tags                        = "${local.tags}"

  sku {
    name = "premium"
  }

  access_policy {
    tenant_id = "${data.azurerm_client_config.current.tenant_id}"
    object_id = "${data.azurerm_client_config.current.service_principal_object_id}"

    key_permissions = [
      "create",
      "get",
      "wrapKey",
    ]

    secret_permissions = [
      "set",
      "get",
    ]
  }
}

resource "azurerm_key_vault_key" "dckey" {
  name      = "DCKey"
  vault_uri = "${azurerm_key_vault.mgmtkv.vault_uri}"
  key_type  = "RSA"
  key_size  = 2048

  key_opts = [
    "decrypt",
    "encrypt",
    "sign",
    "unwrapKey",
    "verify",
    "wrapKey",
  ]
}

Panic Output

* azurerm_key_vault_key.dckey: 1 error(s) occurred:

* azurerm_key_vault_key.dckey: azurerm_key_vault_key.dckey: keyvault.BaseClient#GetKey: Failure sending request: StatusCode=0 -- Original Error: Get https://east2-kv.vault.azure.net/keys/DCKey/?api-version=2016-10-01: dial tcp: lookup east2-kv.vault.azure.net: no such host

Expected Behavior

State should be updated so that the key shows it does not exist. If the Azure Key Vault does not exist, then it should be assumed any key it contained no longer exists as well.

There should be a dependency on checking a Key exists only if the Azure Key Vault still exists.

Actual Behavior

State of the key cannot be found since the Azure Key Vault does not exist. This causes the DNS lookup failure since if the Azure Key Vault does not exist then the DNS name will no longer resolve.

Steps to Reproduce

  1. terraform apply
  • #0000
@bill-rich bill-rich added the bug label May 15, 2018
@katbyte katbyte added the service/key-vault Key Vault label May 15, 2018
@tombuildsstuff tombuildsstuff added this to the Soon milestone May 16, 2018
@tombuildsstuff tombuildsstuff modified the milestones: Soon, 1.8.0 Jun 19, 2018
@katbyte katbyte modified the milestones: 1.8.0, 1.9.0 Jun 28, 2018
@tombuildsstuff tombuildsstuff mentioned this issue Jul 11, 2018
Merged
@ghost
Copy link

ghost commented Mar 30, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug service/key-vault Key Vault v/1.x (legacy)
Projects
None yet
Milestone
v1.9.0
5 participants
@tombuildsstuff @katbyte @bill-rich @toasterlint @catriona-m