-
Notifications
You must be signed in to change notification settings - Fork 272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can not save variable group created by azuredevops_variable_group( using secret key from keyvault) #945
Comments
When I created variable group by using azuredevops_variable_group and I can not save it. When I press save button, it reports: Value cannot be null. Parameter name: variableGroupParameters This is my code, "arm-client-id" already exist and resource "azuredevops_variable_group" "variable_group_for_project_${azure_project}" {
project_id = data.azuredevops_project.project_${azure_project}.id
name = "technical-user-credentials"
description = "Contains API tokens of the project technical user"
allow_access = true
key_vault {
name = local.list_key_vault_name[0]
service_endpoint_id = azuredevops_serviceendpoint_azurerm.azurerm_endpoint_${azure_project}.id
}
variable {
name = "arm-client-id"
}
# I can see the information of "arm-client-id" but can not see the value
"variable": [
{
"content_type": "",
"enabled": true,
"expires": "2025-12-26 08:01:33 +0000 UTC",
"is_secret": false,
"name": "arm-client-id",
"secret_value": "",
"value": ""
}
]
} |
@thanhphong1995 can you provide the error/trace log? Provider will verify the KV connection first but the error message shows that this is more like a normal KV creation not a KV group. |
Hi @xuzhang3, I created keyvault first and update all the secret keys in the keyvault. Now I want to create variable group in azure devops and link all secret key from keyvault. I see terraform is running successfully. But when I check variable group in azure devlops project, I can not save it, it reports "Value cannot be null. Parameter name: variableGroupParameters". You can see log here:
Plan: 2 to add, 19 to change, 0 to destroy. For the keyvault, I used azurerm_key_vault for creation |
@thanhphong1995 This is not a ADO provider issue. The provider variable was managed by portal not ADO provider. One of the KV constraint is at least on variable should be connected , I think this is the issue. You can refresh the page and try again, sometime the browser cache will cause unexpected behavior. |
Hi @xuzhang3, I used with azure keyvault (Usage With AzureRM Key Vault) and in my example, you can see I have 3 block for variable as my example . After I created variable group and check it, all variables from keyvault are linked but I can not save. I need to have one additional step, press add button and it will save sucessfully #946: This issue is not relevant to my issue, could you check it again |
@thanhphong1995 Any sensitive data will not returned so the values will always empty. This seems to be the secret has been disabled. ADO should exclude the secret disabled. In the screen shot the secret status is |
@xuzhang3 how to enable it? In document, Usage With AzureRM Key Vault), I see we only need to provide name of variable. I try to override is_secret to true, but it reports error |
@thanhphong1995 This was managed by Azure. ADO will enhance the check to exclude the disabled secrets. |
@xuzhang3: do you have any solution for this problem? |
@thanhphong1995 Remove the disabled secrets from |
@xuzhang3, can you provide attribute we need to set or currently, it is a bug of ADO provider |
@thanhphong1995 you need to remove the disabled secret from VG and apply again. This workaround should work. |
@xuzhang3, I try with status is enabled but it is still not working. |
@thanhphong1995 can you be more specific of the operation steps? |
Have you removed all the secrets disabled and run |
@xuzhang3 I only keep one secret key in keyvault with status enable and used terraform apply again |
@thanhphong1995 This is a bug as the |
The API behavior has been changed but ADO not. Will be fixed in #947 |
Hi @xuzhang3, we tested locally with your change, it is working now. Could you merge it and release? |
@thanhphong1995 working on it |
@thanhphong1995 v0.11.0 is now available . https://registry.terraform.io/providers/microsoft/azuredevops/0.11.0 |
No description provided.
The text was updated successfully, but these errors were encountered: