Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add storage permission to KV access policy resource #3153

Merged

Conversation

uberrich
Copy link
Contributor

@uberrich uberrich commented Apr 1, 2019

Firstly, this is my first ever pull request, for any project, so please be gentle! And hopefully this is useful. :-)

I ran into issue #2405 so I'm very grateful to @Lucretius for submitting PR #3081. However, after cloning and building the provider after that had been merged, I was still getting the following error when trying to deploy access policy resources with storage permissions:

PS C:\Users\rlewis> terraform validate -var-file="test.tfvars"

Error: azurerm_key_vault_access_policy.devopsmetaKVaccesspolicy_SP: : invalid or unknown key: storage_permissions

Error: azurerm_key_vault_access_policy.devopsmetaKVaccesspolicy_users[0]: : invalid or unknown key: storage_permissions

Error: azurerm_key_vault_access_policy.devopsmetaKVaccesspolicy_users[1]: : invalid or unknown key: storage_permissions

Error: azurerm_key_vault_access_policy.devopsmetaKVaccesspolicy_users[2]: : invalid or unknown key: storage_permissions


PS C:\Users\rlewis> terraform plan -var-file="test.tfvars"

Error: azurerm_key_vault_access_policy.devopsmetaKVaccesspolicy_SP: : invalid or unknown key: storage_permissions

Error: azurerm_key_vault_access_policy.devopsmetaKVaccesspolicy_users[0]: : invalid or unknown key: storage_permissions

Error: azurerm_key_vault_access_policy.devopsmetaKVaccesspolicy_users[1]: : invalid or unknown key: storage_permissions

Error: azurerm_key_vault_access_policy.devopsmetaKVaccesspolicy_users[2]: : invalid or unknown key: storage_permissions

So I just searched through the code looking for "secret_permissions" to check that an equivalent existed for "storage_permissions" and discovered that there was not one in the azurerm/resource_arm_key_vault_access_policy.go file. So I made the changes in this PR, rebuilt the provider and it worked. I've successfully run 'terraform apply' and can confirm that my Key Vault is deployed with the storage permissions set in the access policy.

I suspect that I ran into this problem despite @Lucretius's changes because I was using the standalone access policy resource rather than including them within the parent key vault resource? But I'm not sure. All I know is that the changes below made it work for me. :-)

I should add that I'm by no means a Go developer, indeed I'm not a developer at all, I'm #JustAnOpsGuy, so apologies if the changes are incomplete or lacking in quality.

If there's any other info I can give you or anything else I should have done to this PR then please just shout.

Thanks
Rich.

@ghost ghost added the size/XS label Apr 1, 2019
Copy link
Contributor

@Lucretius Lucretius left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah thank you for catching this! LGTM.

Copy link
Contributor

@tombuildsstuff tombuildsstuff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hey @uberrich

Thanks for this PR :)

Taking a look through this LGTM - so that we can get this merged I'm going to push a commit to add a test/add the missing documentation, I hope you don't mind!

Thanks!

@ghost ghost added the documentation label Apr 6, 2019
@tombuildsstuff
Copy link
Contributor

Tests pass:

Screenshot 2019-04-08 at 04 54 05

@tombuildsstuff tombuildsstuff added this to the v1.25.0 milestone Apr 8, 2019
@tombuildsstuff tombuildsstuff merged commit f3786de into hashicorp:master Apr 8, 2019
tombuildsstuff added a commit that referenced this pull request Apr 8, 2019
@uberrich
Copy link
Contributor Author

uberrich commented Apr 8, 2019

hey @uberrich

Thanks for this PR :)

Taking a look through this LGTM - so that we can get this merged I'm going to push a commit to add a test/add the missing documentation, I hope you don't mind!

Thanks!

Yes, of course, don't mind at all! :-) Sorry I didn't include this in the original PR. Great to hear this has been merged - looking forward to the release of v1.25.0 so that my CI/CD pipelines will be more straightforward! Thanks.

@ghost
Copy link

ghost commented Apr 17, 2019

This has been released in version 1.25.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
	version = "~> 1.25.0"
}
# ... other configuration ...

@ghost
Copy link

ghost commented May 8, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

@ghost ghost locked and limited conversation to collaborators May 8, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants