Giter Club home page Giter Club logo

terraform-azurerm-key-vault's Issues

│ Error: expected access_policy.0.key_permissions

i have created these user ,Ad group and SP.

provider "azurerm" {
features {}
}

module "key-vault" {
source = "kumarvna/key-vault/azurerm"
version = "2.2.0"

resource_group_name = "deepak-test"
key_vault_name = "demo-project-shard"
key_vault_sku_pricing_tier = "premium"

enable_purge_protection = false

access_policies = [
{
azure_ad_user_principal_names = ["[email protected]", "[email protected]"]
key_permissions = ["get", "list"]
secret_permissions = ["get", "list"]
certificate_permissions = ["get", "import", "list"]
storage_permissions = ["backup", "get", "list", "recover"]
},

{
  azure_ad_group_names    = ["team-test"]
  key_permissions         = ["get", "list"]
  secret_permissions      = ["get", "list"]
  certificate_permissions = ["get", "import", "list"]
  storage_permissions     = ["backup", "get", "list", "recover"]
},

{
  azure_ad_service_principal_names = ["testing", "testing1"]
  key_permissions                  = ["get", "list"]
  secret_permissions               = ["get", "list"]
  certificate_permissions          = ["get", "import", "list"]
  storage_permissions              = ["backup", "get", "list", "recover"]
}

]

secrets = {
"message" = "Hello, world!"
"vmpass" = ""
}

log_analytics_workspace_id = var.log_analytics_workspace_id

tags = {
ProjectName = "demo-project"
Env = "dev"
Owner = "[email protected]"
BusinessUnit = "CORP"
ServiceClass = "Gold"
}
}

ERROR

Error: expected access_policy.0.certificate_permissions.0 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got get

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.0.certificate_permissions.1 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got import

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.0.certificate_permissions.2 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got list

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.0.key_permissions.0 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got get

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.0.key_permissions.1 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got list

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.0.secret_permissions.0 to be one of [Backup Delete Get List Purge Recover Restore Set], got get

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.0.secret_permissions.1 to be one of [Backup Delete Get List Purge Recover Restore Set], got list

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.0.storage_permissions.0 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got backup

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.0.storage_permissions.1 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got get

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.0.storage_permissions.2 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got list

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.0.storage_permissions.3 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got recover

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.1.certificate_permissions.0 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got get

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.1.certificate_permissions.1 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got import

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.1.certificate_permissions.2 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got list

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.1.key_permissions.0 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got get

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.1.key_permissions.1 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got list

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.1.secret_permissions.0 to be one of [Backup Delete Get List Purge Recover Restore Set], got get

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.1.secret_permissions.1 to be one of [Backup Delete Get List Purge Recover Restore Set], got list

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.1.storage_permissions.0 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got backup

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.1.storage_permissions.1 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got get

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.1.storage_permissions.2 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got list

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.1.storage_permissions.3 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got recover

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.certificate_permissions.0 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got backup

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.certificate_permissions.1 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got create

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.certificate_permissions.2 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got delete

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.certificate_permissions.3 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got deleteissuers

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.certificate_permissions.4 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got get

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.certificate_permissions.5 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got getissuers

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.certificate_permissions.6 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got import

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.certificate_permissions.7 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got list

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.certificate_permissions.8 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got listissuers

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.certificate_permissions.9 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got managecontacts

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.certificate_permissions.10 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got manageissuers

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.certificate_permissions.11 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got purge

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.certificate_permissions.12 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got recover

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.certificate_permissions.13 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got restore

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.certificate_permissions.14 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got setissuers

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.certificate_permissions.15 to be one of [Backup Create Delete DeleteIssuers Get GetIssuers Import List ListIssuers ManageContacts ManageIssuers Purge Recover Restore SetIssuers Update], got update

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.key_permissions.0 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got create

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.key_permissions.1 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got delete

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.key_permissions.2 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got get

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.key_permissions.3 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got backup

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.key_permissions.4 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got decrypt

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.key_permissions.5 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got encrypt

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.key_permissions.6 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got import

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.key_permissions.7 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got list

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.key_permissions.8 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got purge

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.key_permissions.9 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got recover

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.key_permissions.10 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got restore

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.key_permissions.11 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got sign

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.key_permissions.12 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got update

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.key_permissions.13 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey Release Rotate GetRotationPolicy SetRotationPolicy], got verify

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.secret_permissions.0 to be one of [Backup Delete Get List Purge Recover Restore Set], got backup

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.secret_permissions.1 to be one of [Backup Delete Get List Purge Recover Restore Set], got delete

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.secret_permissions.2 to be one of [Backup Delete Get List Purge Recover Restore Set], got get

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.secret_permissions.3 to be one of [Backup Delete Get List Purge Recover Restore Set], got list

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.secret_permissions.4 to be one of [Backup Delete Get List Purge Recover Restore Set], got purge

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.secret_permissions.5 to be one of [Backup Delete Get List Purge Recover Restore Set], got recover

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.secret_permissions.6 to be one of [Backup Delete Get List Purge Recover Restore Set], got restore

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.secret_permissions.7 to be one of [Backup Delete Get List Purge Recover Restore Set], got set

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.storage_permissions.0 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got backup

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.storage_permissions.1 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got delete

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.storage_permissions.2 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got deletesas

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.storage_permissions.3 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got get

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.storage_permissions.4 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got getsas

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.storage_permissions.5 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got list

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.storage_permissions.6 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got listsas

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.storage_permissions.7 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got purge

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.storage_permissions.8 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got recover

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.storage_permissions.9 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got regeneratekey

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.storage_permissions.10 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got restore

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.storage_permissions.11 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got set

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.storage_permissions.12 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got setsas

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {



│ Error: expected access_policy.2.storage_permissions.13 to be one of [Backup Delete DeleteSAS Get GetSAS List ListSAS Purge Recover RegenerateKey Restore Set SetSAS Update], got update

│ with module.key-vault.azurerm_key_vault.main,
│ on .terraform/modules/key-vault/main.tf line 133, in resource "azurerm_key_vault" "main":
│ 133: resource "azurerm_key_vault" "main" {

Access Policies

Hello,
I just wanted to let you know that MS has changed the casing on the access policies in azurerm 3.0. If you want to make it compatible to the latest (3.10) all you need to do is change the access polices from lower to upper case. I managed getting it to work with the latest doing this.

service_principal_object_id overwrites access policies of azure_ad_user

I tried out the example code provided and added one azure_ad_user_principal_names which was myself. But the permissions are altered when the second dynamic "access_policy" is ran. Could you explain what the self_permissions is?

Is this because in a CI/CD process, the service principal running this module should always been granted "self_permissions"?

Thanks for providing this module. Very helpful.

Provider produced inconsistent final plan when using azure_ad_user_principal_names

Hello and thank you for your module. It works great, however, if I enable the azure_ad_user_principal_names block in "access_policies" I'm getting the error:

Error: Provider produced an inconsistent final plan
│
│ When expanding the plan for module.key-vault.azurerm_key_vault.main to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/azurerm"  
│ produced an invalid new value for .access_policy: new element 2 has appeared.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.

My terraform block:

terraform {

  required_version = ">=1.2.0"

  required_providers {
    azuread = {
      source  = "hashicorp/azuread"
      version = "~>2.15.0"
    }
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~>3.9.0"
    }
  }

  # configure azure blob storage as state backend
  backend "azurerm" {}
}

# Configure the Microsoft Azure ActiveDirectory provider
provider "azuread" {
}

# Configure the Microsoft Azure Provider
provider "azurerm" {
  features {}
}

Everything works fine if I comment the block:

{
      azure_ad_user_principal_names = ["UPN goes here"]
      key_permissions               = ["Create", "Delete", "Get", "Backup", "Decrypt", "Encrypt", "Import", "List", "Purge", "Recover", "Restore", "Sign", "Update", "Verify"]
      secret_permissions            = ["Backup", "Delete", "Get", "List", "Purge", "Recover", "Restore", "Set"]
      certificate_permissions       = []
      storage_permissions           = []
    },

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.