-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple Keyvault policies fail #2270
Comments
hey @pixelicous Thanks for opening this issue :) Taking a quick look into this it appears this is happening because there's no dependencies between the resources - so Terraform doesn't have a preference for which should be created first - and so will attempt to create them in parallel (since it believes there's no dependencies between the resources). There's two ways of specifying dependencies in Terraform - either Implicitly (using the Interpolation Syntax) or Explicitly (via
I've also updated the resource group name on each of the Access Policies - since it needs to match the name of the Resource Group used for the Key Vault. Would you be able to take a look and see if this works for you? Since this is a question about Terraform Configuration rather than a bug in Terraform I'm going to close this issue for the moment (but we'll continue responding 😄) Thanks! |
@tombuildsstuff I think the answer is that the implict dependency didn't kick in only becuase i didn't reference the keyvault name dynamically using HCL, but just string concat.. is that what you meant? |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
Community Note
Terraform v0.11.8
AzureRM Provider v1.18
Affected Resource(s)
azurerm_key_vault_access_policy
"azurerm_key_vault
Terraform Configuration Files
Debug Output
module.TenantOnBoard.azurerm_key_vault_access_policy.keyvault_policy_sf: 1 error(s) occurred:
azurerm_key_vault_access_policy.keyvault_policy_sf: Error updating Access Policy (Object ID "aadcx5ef-7f9f-40ca-xxxx-19e706a94587" / Application ID "") for Key Vault "azneu-sig-tnnt9a2e5-kv" (Resource Group "xxxx-sig-tnntxxxxx-rg"): keyvault.VaultsClient#UpdateAccessPolicy: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ParentResourceNotFound" Message="Can not perform requested operation on nested resource. Parent resource 'xxxx-xxxx-xxxx-kv' not found."
module.TenantOnBoard.azurerm_key_vault_access_policy.keyvault_policy_devops: 1 error(s) occurred:
azurerm_key_vault_access_policy.keyvault_policy_devops: Error updating Access Policy (Object ID "142ce332-xxxx-4243-xxxx-da43cf0aa231" / Application ID "") for Key Vault "xxx-xxx-xxxx-kv" (Resource Group "xxxxx-sig-tnntxxxxx-rg"): keyvault.VaultsClient#UpdateAccessPolicy: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ParentResourceNotFound" Message="Can not perform requested operation on nested resource. Parent resource 'xxxx-xxxx-tnntxxxxx-kv' not found."
module.TenantOnBoard.azurerm_key_vault_access_policy.keyvault_policy_tfs: 1 error(s) occurred:
Expected Behavior
Keyvault created with 3 different polices
Actual Behavior
Received an error, i have 3 different polices, it sometimes creates 1, sometimes creates 2, and those 2 are not always the same
Steps to Reproduce
terraform init
terraform apply
Important Factoids
This is related in my opinion to an old issue where secrets failed to create when keyvault wasn't propagated correctly across azure
References
#655
#1147
#1423
The text was updated successfully, but these errors were encountered: