Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azure_rm_keyvault module does not update access_policies for a keyvault #56

Closed
imjoseangel opened this issue Mar 11, 2020 · 0 comments · Fixed by #57
Closed

azure_rm_keyvault module does not update access_policies for a keyvault #56

imjoseangel opened this issue Mar 11, 2020 · 0 comments · Fixed by #57

Comments

@imjoseangel
Copy link
Contributor

imjoseangel commented Mar 11, 2020
edited
Loading

SUMMARY

When trying to update access policies azure_rm_keyvault module does not update them:

- name: "Update kv"
  azure_rm_keyvault:
    resource_group: "{{ rg }}"
    vault_name: "{{ kv }}"
    enabled_for_deployment: true
    vault_tenant: "{{ kv_tenant }}"
    enable_soft_delete: "false"
    sku:
      name: standard
    access_policies:
      - tenant_id: "{{ tenant_id }}"
        object_id: "{{ obj_id }}"
        keys:
          - encrypt
          - decrypt
          - wrapkey
          - unwrapkey
        certificates:
          - get
          - list
          - delete
          - create
        secrets:
          - get
          - list
          - set
          - delete
          - recover
          - backup
          - restore

when changing the access_policies like this :

access_policies:
  - tenant_id: "{{ tenant_id }}"
    object_id: "{{ obj_id }}"
    keys:
      - encrypt
    certificates:
      - get
    secrets:
      - get

the module does not update them.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

azure_rm_keyvault

ANSIBLE VERSION
ansible 2.9.6
  config file = None
  configured module search path = ['/Users/imjoseangel/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/imjoseangel/.pyenv/versions/3.7.6/Python.framework/Versions/3.7/lib/python3.7/site-packages/ansible
  executable location = /Users/imjoseangel/.pyenv/versions/3.7.6/bin/ansible
  python version = 3.7.6 (default, Mar 10 2020, 19:25:59) [Clang 11.0.0 (clang-1100.0.33.16)]
CONFIGURATION
None
OS / ENVIRONMENT

ProductName: Mac OS X
ProductVersion: 10.15.3
BuildVersion: 19D76

STEPS TO REPRODUCE

Create a keyvault access policies. For instance:

        access_policies:
          - tenant_id: "{{ tenant_id }}"
            object_id: "{{ obj_id }}"
            keys:
              - encrypt
              - decrypt
              - wrapkey
              - unwrapkey
            certificates:
              - get
              - list
              - delete
              - create
            secrets:
              - get
              - list
              - set
              - delete
              - recover
              - backup
              - restore
  1. Change the access policies and try to update them:
    access_policies:
      - tenant_id: "{{ tenant_id }}"
        object_id: "{{ obj_id }}"
        keys:
          - encrypt
        certificates:
          - get
        secrets:
          - get
EXPECTED RESULTS

The new access policies should be:

    access_policies:
      - tenant_id: "{{ tenant_id }}"
        object_id: "{{ obj_id }}"
        keys:
          - encrypt
        certificates:
          - get
        secrets:
          - get
ACTUAL RESULTS

The access policies are the same:

        access_policies:
          - tenant_id: "{{ tenant_id }}"
            object_id: "{{ obj_id }}"
            keys:
              - encrypt
              - decrypt
              - wrapkey
              - unwrapkey
            certificates:
              - get
              - list
              - delete
              - create
            secrets:
              - get
              - list
              - set
              - delete
              - recover
              - backup
              - restore

Based on: ansible/ansible#68160
@imjoseangel imjoseangel changed the title azure_rm_keyvault module does not update access_policies for a keyvault as per issue https://github.com/ansible/ansible/issues/68160 azure_rm_keyvault module does not update access_policies for a keyvault Mar 11, 2020
@imjoseangel imjoseangel mentioned this issue Mar 11, 2020
Merged
Yaish25491 pushed a commit to Yaish25491/azure-ansible-collection that referenced this issue Jul 4, 2024
@GomathiselviS
Merge pull request ansible-collections#56 from GomathiselviS/arg_spec
bd31553 
Add arguments_specs to roles
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes Access Policy Updates
1 participant
@imjoseangel