Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The example code is lacking essential key vault permission #316

Closed
1 task done
lonegunmanb opened this issue Mar 6, 2023 · 0 comments
Closed
1 task done

The example code is lacking essential key vault permission #316

lonegunmanb opened this issue Mar 6, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@lonegunmanb
Copy link
Member

Is there an existing issue for this?

  • I have searched the existing issues

Greenfield/Brownfield provisioning

greenfield

Terraform Version

1.3.9

Module Version

6.7.0

AzureRM Provider Version

3.46.0

Affected Resource(s)/Data Source(s)

azurerm_key_vault_key

Terraform Configuration Files

resource "azurerm_key_vault_key" "des_key" {
  key_opts = [
    "decrypt",
    "encrypt",
    "sign",
    "unwrapKey",
    "verify",
    "wrapKey",
  ]
  key_type        = "RSA-HSM"
  key_vault_id    = azurerm_key_vault.des_vault.id
  name            = "des-key"
  expiration_date = timeadd("${formatdate("YYYY-MM-DD", timestamp())}T00:00:00Z", "168h")
  key_size        = 2048

  depends_on = [
    azurerm_key_vault_access_policy.current_user
  ]

  lifecycle {
    ignore_changes = [expiration_date]
  }
}


All examples have this issue.

tfvars variables values

None

Debug Output/Panic Output

current client lacks permissions to read Key Rotation Policy for Key "des-key" ("Vault: (Name \"wecnuw-des-keyvault\" / Resource Group \"01a60adf0558871f-rg\")", Vault url: "https://wecnuw-des-keyvault.vault.azure.net/"), please update this as described here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_key#example-usage : keyvault.BaseClient#GetKeyRotationPolicy: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Forbidden" Message="The user, group or application 'appid=xxxx;oid=xxxxx;numgroups=2;iss=https://sts.windows.net/xxxxxx/' does not have keys getrotationpolicy permission on key vault 'wecnuw-des-keyvault;location=eastus'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287" InnerError={"code":"ForbiddenByPolicy"}

Expected Behaviour

No response

Actual Behaviour

No response

Steps to Reproduce

No response

Important Factoids

No response

References

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lonegunmanb