ACR Encryption block doesn't allow for versionless keys

[tjcorr]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

The recently implemented encryption option for Azure Container Registry is currently forcing the user to provide a versioned key from Key Vault for the encryption. If you want to setup automatic key rotation you have to pass in a versionless id. This can be fixed by changing the schema to a NestedItemIdWithOptionalVersion.

New or Affected Resource(s)

• azurerm_container_registry

Potential Terraform Configuration

resource "azurerm_key_vault_key" "acr-key" {
  name         = "acr-key"
....
  ]
}

resource "azurerm_container_registry" "acr" {
...
  encryption {
    enabled            = true
    key_vault_key_id   = azurerm_key_vault_key.acr-key.versionless_id  
  }
}

References

• #0000

[ghost]

This has been released in version 2.62.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.62.0"
}
# ... other configuration ...

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.