-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AccessPolicy import fails. Invalid resource state is created #3586
Comments
Thanks for the issue @Karol-Pawlowski-Allegro. This looks specific to Azure Native, so I'm going to transfer the issue to the https://github.com/pulumi/pulumi-azure-native repo and someone will take a look. |
Hi @Karol-Pawlowski-Allegro, to arrive at a correct Pulumi state, you should |
Oh, I just remembered #3333 - @danielrbradley I imagine that would be a problem for |
I also mentioned this issue here #3375 (comment) |
Yes, it looks like both of these issues are related to needing the objectId to be at the top level. This work is planned for the next major release which shouldn't be too far away. |
What happened?
Hey Guys, when creating KeyVault Access Policy in the stack with the following code
and importing the existing access policy with below
I get the resource imported by I get the state updated with following line
"policy.objectId": "8a48c337-90bf-4fef-acbb-9aaca225711d"
that enforces resources recreation which also fails as it can locate the resource. The only solution I see at the moment is to manually update the stack and remove that line but when we get stacks encrypted and much more access policies to track, the problem will get serious.Provider version: azure-native::default_2_53_0
Pulumi version: 3.66.0-alpha.48eae07
Example
Steps:
_ = new AccessPolicy( $"policy-{SvCdKv.GetResourceName()}-{policy.Key}", new AccessPolicyArgs() { VaultName = SvCdKv.GetResourceName(), Policy = policy.Value, ResourceGroupName = ResourceGroup.Name }, new CustomResourceOptions() { Parent = SvCdKv });
pulumi import azure-native:keyvault:AccessPolicy policy-depo-spcred-euw-key-dev-6d7a7007-9664-4e29-a203-80324da8641b /subscriptions/6c288f12-751d-4a98-bb2a-537be023beb5/resourceGroups/depo-shared-euw-dev/providers/Microsoft.KeyVault/vaults/depo-svcd-euw-key-dev/accessPolicy/6d7a7007-9664-4e29-a203-80324da8641b --parent urn:pulumi:depo.dev::AllegroPay.IaC.Depo.Shared.ProjectStack::azure-native:keyvault:Vault::depo-spcred-euw-key-dev
Output of
pulumi about
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered: