Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

az keyvault create removes existing access policies #13212

Closed
Cam-Borrowell opened this issue Apr 27, 2020 · 5 comments
Closed

az keyvault create removes existing access policies #13212

Cam-Borrowell opened this issue Apr 27, 2020 · 5 comments
Assignees
@bim-msft
Labels
customer-reported Issues that are reported by GitHub users external to the Azure organization. KeyVault az keyvault OKR3.2 Candidate
Milestone
S171

Comments

@Cam-Borrowell
Copy link

If I run the command az keyvault create on an existing resource, the existing access policies are removed and replaced with a new one for the Azure DevOps project that ran the script.

azure-cli                          2.3.1 *

command-modules-nspkg              2.0.3
core                               2.3.1 *
nspkg                              3.0.4
telemetry                          1.0.4

Extensions:
azure-devops                      0.18.0
@ghost ghost added needs-triage customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Apr 27, 2020
@Cam-Borrowell Cam-Borrowell changed the title az keyvault create is not idempotent az keyvault create removes existing access policies Apr 27, 2020
@yonzhan yonzhan added the KeyVault az keyvault label Apr 27, 2020
@ghost ghost removed the needs-triage label Apr 27, 2020
@yonzhan yonzhan added this to the S170 milestone Apr 27, 2020
@yonzhan
Copy link
Collaborator

yonzhan commented Apr 27, 2020

@bim-msft please take a look

@yungezz yungezz removed the question The issue doesn't require a change to the product in order to be resolved. Most issues start as that label Apr 28, 2020
@yungezz yungezz modified the milestones: S170, S171 Apr 28, 2020
@yungezz
Copy link
Member

yungezz commented Apr 28, 2020

this is service idempotent issue. let's feedback and see what's right solution @bim-msft

@bim-msft
Copy link
Contributor

@Cam-Borrowell Hi, according to our test, it turns out that the KeyVault service for creating operation is not idempotent. I'm not sure if service team is willing to change this behavior, or it might take a long time to change... I will let them know. Thanks for the report!

For short term to unblock you quickly, using update command is recommended to update vault properties, and you can use show command to check if there is already an existing vault with the same name.

Feel free to let me know if you have any concern.

@Cam-Borrowell
Copy link
Author

Thank you @bim-msft . I've already implemented a workaround using az keyvault list to check for an existing Key Vault before running az keyvault create

@bim-msft
Copy link
Contributor

@Cam-Borrowell Good to hear that!
Since this might take a long time to change, I would like to close the issue temporarily. If you have anything unresolved, feel free to reopen it and ping me again.

@bim-msft bim-msft mentioned this issue Jun 1, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bim-msft bim-msft

Labels
customer-reported Issues that are reported by GitHub users external to the Azure organization. KeyVault az keyvault OKR3.2 Candidate
Projects
None yet
Milestone
S171
Development

No branches or pull requests
4 participants
@bim-msft @yungezz @yonzhan @Cam-Borrowell