Add storage permission to KV access policy resource

[uberrich]

Firstly, this is my first ever pull request, for any project, so please be gentle! And hopefully this is useful. :-)

I ran into issue #2405 so I'm very grateful to @Lucretius for submitting PR #3081. However, after cloning and building the provider after that had been merged, I was still getting the following error when trying to deploy access policy resources with storage permissions:

PS C:\Users\rlewis> terraform validate -var-file="test.tfvars"

Error: azurerm_key_vault_access_policy.devopsmetaKVaccesspolicy_SP: : invalid or unknown key: storage_permissions

Error: azurerm_key_vault_access_policy.devopsmetaKVaccesspolicy_users[0]: : invalid or unknown key: storage_permissions

Error: azurerm_key_vault_access_policy.devopsmetaKVaccesspolicy_users[1]: : invalid or unknown key: storage_permissions

Error: azurerm_key_vault_access_policy.devopsmetaKVaccesspolicy_users[2]: : invalid or unknown key: storage_permissions


PS C:\Users\rlewis> terraform plan -var-file="test.tfvars"

Error: azurerm_key_vault_access_policy.devopsmetaKVaccesspolicy_SP: : invalid or unknown key: storage_permissions

Error: azurerm_key_vault_access_policy.devopsmetaKVaccesspolicy_users[0]: : invalid or unknown key: storage_permissions

Error: azurerm_key_vault_access_policy.devopsmetaKVaccesspolicy_users[1]: : invalid or unknown key: storage_permissions

Error: azurerm_key_vault_access_policy.devopsmetaKVaccesspolicy_users[2]: : invalid or unknown key: storage_permissions

So I just searched through the code looking for "secret_permissions" to check that an equivalent existed for "storage_permissions" and discovered that there was not one in the azurerm/resource_arm_key_vault_access_policy.go file. So I made the changes in this PR, rebuilt the provider and it worked. I've successfully run 'terraform apply' and can confirm that my Key Vault is deployed with the storage permissions set in the access policy.

I suspect that I ran into this problem despite @Lucretius's changes because I was using the standalone access policy resource rather than including them within the parent key vault resource? But I'm not sure. All I know is that the changes below made it work for me. :-)

I should add that I'm by no means a Go developer, indeed I'm not a developer at all, I'm #JustAnOpsGuy, so apologies if the changes are incomplete or lacking in quality.

If there's any other info I can give you or anything else I should have done to this PR then please just shout.

Thanks
Rich.

[Lucretius]

Ah thank you for catching this! LGTM.

[tombuildsstuff]

hey @uberrich

Thanks for this PR :)

Taking a look through this LGTM - so that we can get this merged I'm going to push a commit to add a test/add the missing documentation, I hope you don't mind!

Thanks!

[tombuildsstuff]

Tests pass:

[uberrich]

hey @uberrich

Thanks for this PR :)

Taking a look through this LGTM - so that we can get this merged I'm going to push a commit to add a test/add the missing documentation, I hope you don't mind!

Thanks!

Yes, of course, don't mind at all! :-) Sorry I didn't include this in the original PR. Great to hear this has been merged - looking forward to the release of v1.25.0 so that my CI/CD pipelines will be more straightforward! Thanks.

[ghost]

This has been released in version 1.25.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
	version = "~> 1.25.0"
}
# ... other configuration ...

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!