Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_recovery_services_vault: Error when specifying user_assigned_identity_id in the encryption block - Unexpected status 400 with error: InvalidRestApiParameter: cmkIdentity parameter is invalid. Please provide a valid cmkIdentity #24087

Closed
1 task done
milesbarnard opened this issue Dec 1, 2023 · 3 comments · Fixed by #24091
Closed
1 task done

azurerm_recovery_services_vault: Error when specifying user_assigned_identity_id in the encryption block - Unexpected status 400 with error: InvalidRestApiParameter: cmkIdentity parameter is invalid. Please provide a valid cmkIdentity #24087

milesbarnard opened this issue Dec 1, 2023 · 3 comments · Fixed by #24091
Labels
bug service/recovery-services v/3.x

Comments

@milesbarnard
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.6.5

AzureRM Provider Version

3.82.0

Affected Resource(s)/Data Source(s)

azurerm_recovery_services_vault

Terraform Configuration Files

resource "azurerm_recovery_services_vault" "rsv" {
  name                         = "rsv-myrsv-dev-uks-001"
  location                     = var.resource_group_location
  resource_group_name          = var.resource_group_name
  sku                          = "Standard"
  storage_mode_type            = "GeoRedundant"
  cross_region_restore_enabled = true
  soft_delete_enabled          = true

  encryption {
    key_id                             = module.encryption.key_id
    user_assigned_identity_id         = azurerm_user_assigned_identity.identity.id
    infrastructure_encryption_enabled  = false
  }

  identity {
    type = "UserAssigned"
    identity_ids = [
      azurerm_user_assigned_identity.identity.id
    ]
  }

  tags = var.tags
}

Debug Output/Panic Output

│ Error: updating  Vault (Subscription: "<mysubscription>"
│ Resource Group Name: "rg-base-dev-uks-001"
│ Vault Name: "rsv-terraform-dev-uks-001"): performing Update: unexpected status 400 with error: InvalidRestApiParameter: cmkIdentity parameter is invalid. Please provide a valid cmkIdentity
│ 
│   with module.subscription.module.rsv.azurerm_recovery_services_vault.rsv,
│   on terraform-modules/modules/recovery_services_vault/main.tf line 28, in resource "azurerm_recovery_services_vault" "rsv":
│   28: resource "azurerm_recovery_services_vault" "rsv" {

Expected Behaviour

It should have updated the resource to encrypt with a customer managed key with a user assigned identity to access the key vault

Actual Behaviour

It failed with an API error - unexpected status 400 with error: InvalidRestApiParameter: cmkIdentity parameter is invalid. Please provide a valid cmkIdentity

Steps to Reproduce

terraform apply

Important Factoids

No response

References

No response
@harshavmb
Copy link
Contributor

harshavmb commented Dec 1, 2023
edited
Loading

Hi @milesbarnard,

Since you chose to use UserAssigned identity, in encryption block you have to specify use_system_assigned_identity to false. I know both are kind of mutually exclusive, a PR will follow to disable the above flag to false here

harshavmb added a commit to AmadeusITGroup/terraform-provider-azurerm that referenced this issue Dec 1, 2023
@harshavmb
hashicorp#24087 : Disable use_system_assigned_identity to false when …
d0d5848 
…user_assigned_identity_id is set in encryption block
@harshavmb harshavmb mentioned this issue Dec 1, 2023
Merged
@rcskosir rcskosir linked a pull request Dec 4, 2023 that will close this issue
#24087 : Return error when use_system_assigned_identity and user_assigned_identity_id are set in azurerm_recovery_services_vault resource #24091
Merged
@milesbarnard
Copy link
Author

@harshavmb

Thanks very much!

@rcskosir rcskosir added the bug label Dec 15, 2023
harshavmb added a commit to AmadeusITGroup/terraform-provider-azurerm that referenced this issue Feb 21, 2024
@harshavmb
hashicorp#24087: Throw an error rather a silent update as per review
822daeb
katbyte pushed a commit that referenced this issue Feb 26, 2024
@harshavmb
#24087 : Return error when use_system_assigned_identity and user_assi…
6bc7eb0 
…gned_identity_id are set in azurerm_recovery_services_vault resource (#24091)
rizkybiz pushed a commit to rizkybiz/terraform-provider-azurerm that referenced this issue Feb 29, 2024
@harshavmb @rizkybiz
hashicorp#24087 : Return error when use_system_assigned_identity and …
586e1d6 
…user_assigned_identity_id are set in azurerm_recovery_services_vault resource (hashicorp#24091)
@github-actions GitHub Actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 23, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug service/recovery-services v/3.x
Projects
None yet
Milestone
No milestone
3 participants
@harshavmb @milesbarnard @rcskosir