Terraform apply should not be failing when terraform is updating keyvault with soft delete enabled

[bamb00]

Is there an existing issue for this?

• I have searched the existing issues

Terraform Version

0.14.0

AzureRM Provider Version

0.14.0

Affected Resource(s)/Data Source(s)

azurerm_key_vault

Terraform Configuration Files

Terraform apply should ignore kv with soft-delete enabled and not failed when the keyvault is getting update.

Debug Output/Panic Output

Error: Error updating Key Vault "xxxxxxxxxx" (Resource Group "xxxxxxxx-xxxx-xxxxxx-xxxxxx-xx"): once Purge Protection has been Enabled it's not possible to disable it

Expected Behaviour

Should skip the kv and not failed the run.

Actual Behaviour

The terraform apply failed with detecting the kv is soft-delete/purge-protection is enabled. The kv is not being purge but it is attempting to update the kv

Steps to Reproduce

1. kv soft-delete/purge-protection is enabled
2. terraform apply updating the kv

Important Factoids

No response

References

No response

[magodo]

@bamb00 Would you please provide a minimal TF config to describe the steps for reproducing the error?

From the description above, it seems in your update on the key vault, you are trying to change the purge_protection_enabled from true to false (note that its default value is false). As is mentioned in this issue, the purge_protection_enabled can't be revert from true to false in Azure. This is why the provider errored with above message.

[bamb00]

Thanks @magodo. I made the change and the TF is running without the errors. I've assume TF will ignore the purge_protection_enabled but had to override the setting.

Thanks for the help!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.