Fix of key vault import and late initialization #536

ytsarev · 2023-09-08T16:31:06Z

Description of your changes

Fix key vault import by enhancing keyVaultURLIDConf with the ability to properly keep id of keyName/$uuid_version within the externalName. Courtesy of @sergenyalcin
Fixes failure when rotationPolicy is not specified: the late init of rotation_policy
Fixes Error creating vault key in azure #479
Fixes azure.keyvault: Certificate observe and deletion issues #20

I have:

Run make reviewable test to ensure this PR is ready for review.

How has this code been tested

Tested both fresh Key creation and the import. Tested creation with and without rotation_policy. All green. The uptest will follow.

k get -f reproduce8.yaml
NAME                                               READY   SYNCED   EXTERNAL-NAME      AGE
vault.keyvault.azure.upbound.io/test-vault8-yury   True    True     test-vault8-yury   51m

NAME                                                      READY   SYNCED   EXTERNAL-NAME                                                AGE
key.keyvault.azure.upbound.io/test-vault81                True    True     test-vault81/5605c12ed02c4d6db2332e1eb21d0539                51m
key.keyvault.azure.upbound.io/test-vault82                True    True     test-vault82/bc6811e8da1b49faa7573f4d06f61962                51m
key.keyvault.azure.upbound.io/test-vault83                True    True     test-vault83/8d336bbb74754af2ad6eb244b327d2b4                51m
key.keyvault.azure.upbound.io/test-vault84                True    True     test-vault84/a381b641a10f4157849a8bfabf67faa5                51m
key.keyvault.azure.upbound.io/test-vault85                True    True     test-vault85/fee0373a300f4182b9d9539d56720619                51m
key.keyvault.azure.upbound.io/test-vault86                True    True     test-vault86/ed9afd15f0bb4e039a3c2af823e7df8a                51m

key.keyvault.azure.upbound.io/test-vault-8-no-rotation3   True    True     test-vault-8-no-rotation3/7987f8f6e4f040a78220f2cf678834fd   2m32s

NAME                                  READY   SYNCED   EXTERNAL-NAME   AGE
resourcegroup.azure.upbound.io/test   True    True     test            110m

NAME                                                      READY   SYNCED   EXTERNAL-NAME                          AGE
accesspolicy.keyvault.azure.upbound.io/test-vault8-sp     True    True     09809340-6f59-4d37-9cf3-030766d318a5   51m
accesspolicy.keyvault.azure.upbound.io/test-vault8-user   True    True     836042ec-9c85-479c-8f32-ecc8a06fda7c   51m

Uptest:

Certificate.keyvault: https://github.com/upbound/provider-azure/actions/runs/6246579398
Key.keyvault: https://github.com/upbound/provider-azure/actions/runs/6248424448
Secret.keyvault: https://github.com/upbound/provider-azure/actions/runs/6248497316

ytsarev · 2023-09-08T22:55:52Z

Import also works properly, see #479 (comment)

* Fix key vault import * Use special function to keep name + version as part of externalname so it will have a format of `key-name/84faa4674826492e9b16095719740a00` * Fixes crossplane-contrib#479 Co-authored-by: Sergen Yalçın <yalcinsergen97@gmail.com> Signed-off-by: Yury Tsarev <yury@upbound.io>

Signed-off-by: Yury Tsarev <yury@upbound.io>

ytsarev · 2023-09-15T10:31:57Z

/test-examples="examples/keyvault/keyvault-all-in-one.yaml"

ytsarev · 2023-09-15T11:21:44Z

@turkenf just to note it here, the uptest is failing with access issues

turkenf · 2023-09-15T12:17:24Z

/test-examples="examples/keyvault/secret.yaml"

turkenf · 2023-09-16T08:27:53Z

/test-examples="examples/keyvault/key.yaml"

turkenf · 2023-09-16T09:03:07Z

/test-examples="examples/keyvault/vault.yaml"

turkenf · 2023-09-16T09:28:52Z

/test-examples="examples/keyvault/key.yaml"

- azurerm_key_vault - azurerm_key_vault_key - azurerm_key_vault_certificate

* Update example with known working configuration * Remove manual intervention Signed-off-by: Yury Tsarev <yury@upbound.io>

ytsarev · 2023-09-19T18:26:18Z