From b423f2450fc21db84b4d579b1188fca741428b59 Mon Sep 17 00:00:00 2001 From: Xu Wu Date: Fri, 10 Feb 2023 02:08:26 +0800 Subject: [PATCH] `Docs`: udpate `azurerm_key_vault_access_policy` object_id description for principal app (#20366) * udpate keyvault access policy resource object for principal app * fix doc typo --- .../docs/r/key_vault_access_policy.html.markdown | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/website/docs/r/key_vault_access_policy.html.markdown b/website/docs/r/key_vault_access_policy.html.markdown index e4b57d113236..b788d4515e20 100644 --- a/website/docs/r/key_vault_access_policy.html.markdown +++ b/website/docs/r/key_vault_access_policy.html.markdown @@ -45,6 +45,20 @@ resource "azurerm_key_vault_access_policy" "example" { "Get", ] } + +data "azuread_service_principal" "example" { + display_name = "example-app" +} + +resource "azurerm_key_vault_access_policy" "example-principal" { + key_vault_id = azurerm_key_vault.example.id + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = data.azuread_service_principal.example.object_id + + key_permissions = [ + "Get", "List", "Encrypt", "Decrypt" + ] +} ``` ## Argument Reference @@ -55,7 +69,7 @@ The following arguments are supported: * `tenant_id` - (Required) The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Changing this forces a new resource to be created. -* `object_id` - (Required) The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Changing this forces a new resource to be created. +* `object_id` - (Required) The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID of a service principal can be fetched from `azuread_service_principal.object_id`. The object ID must be unique for the list of access policies. Changing this forces a new resource to be created. * `application_id` - (Optional) The object ID of an Application in Azure Active Directory. Changing this forces a new resource to be created.