AzureRM KeyVault - Support more than 16 access policies

[whytoe]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Key Vault supports up to 1024 access policy entries for a key vault.

Error: module.keyvault_name.azurerm_key_vault.vault: access_policy: attribute supports 16 item maximum, config has 23 declared

New or Affected Resource(s)

azurerm_keyvault

References

https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault#data-plane-access-control - States the 16 limit doesnt exist anymore

https://www.terraform.io/docs/providers/azurerm/r/key_vault_access_policy.html - Talks about the 16 Object Limit

[WodansSon]

@whytoe Thank you for opening this issue, while the documentation on docs has recently been updated (1/6/2019) to reflect the new limit of 1024 Access Policies, unfortunately the 2018-02-14 version of the API does not.

Since Terraform uses the 2018-02-14 version of the API to provision key vault resource, Terraform is forced by the API to only allow 16 Access Policies to be defined.

I will follow up with the service team to find out if a newer version of the API exists, if so find out if it support the documented 1024 'access policies` as it says on docs.

// VaultAccessPolicyProperties properties of the vault access policy
type VaultAccessPolicyProperties struct {
	// AccessPolicies - An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID.
	AccessPolicies *[]AccessPolicyEntry `json:"accessPolicies,omitempty"`

}

[whytoe]

@jeffreyCline why would you close this issue? it is still an issue, it should be tagged upstream Microsoft

[whytoe]

@katbyte or @tombuildsstuff can you confirm if this should be reopened and labelled with the Upstream/Microsoft

[tombuildsstuff]

@whytoe agreed this should be re-opened until we can determine which API version support this; @jeffreyCline since this is an API question - would you mind opening a Rest API Specs issue to track this publicly? Thanks

[WodansSon]

@tombuildsstuff I have reached out to the service team.

[WodansSon]

@tombuildsstuff @whytoe I have dug into this and it looks like the service team updated this value in the RP code on 6/4/2018 @ 7:31 PM. Which means it is now safe to update the resource code to allow 1024 access policies.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!