Azure Key Vault Secret / Issue With Access Policies

[hashibot]

This issue was originally opened by @hmarcelodn as hashicorp/terraform#16908. It was migrated here as a result of the provider split. The original body of the issue is below.

---

Hi Terraform Team,

I am working on provisioning a couple of Azure Key Vaults and its secrets.

I created the resources and assigned a few Access Policies:

1- My self full permissions
2- My terraform AD Application w/ full permissions
3- An application with get permissions

My user Access policy works just fine. But the other two policies appeared in the list but its like its not taking the avatar image, like it were not referencing to the real object in AD. As a result of that when I want to create secrets usings my Terraform AD Application it gave me "Access Denied".

I added manually the policy in the Key Vault and referenced the Terraform AD Application and I gave it the same full permissions then it worked. This time I see the same object_id referenced twice in the Access Policies list, the one I created manually works and the one with Terraform did not.

Any suggestion?

[pixelicous]

You referenced the wrong ID, maybe of the app instead of the spn.. and even if you did reference the spn, check you referenced the obj id or the application id, those are different.. you have 4 ids!! :D way to go microsoft, for the app, for the spn, and each has two ids

[pixelicous]

@tombuildsstuff this is not an issue.. you can close this one..

[katbyte]

@pixelicous, closing as requested 🙂

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!