udpate keyvault access policy resource object for principal app

hashicorp · Feb 8, 2023 · fac7550 · fac7550
1 parent b640745
commit fac7550
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/website/docs/r/key_vault_access_policy.html.markdown b/website/docs/r/key_vault_access_policy.html.markdown
@@ -45,6 +45,20 @@ resource "azurerm_key_vault_access_policy" "example" {
     "Get",
   ]
 }
+
+data "azuread_service_principal" "example" {
+  display_name = "expamle-app"
+}
+
+resource "azurerm_key_vault_access_policy" "example-pricipal" {
+  key_vault_id = azurerm_key_vault.bug_kv.id
+  tenant_id    = data.azurerm_client_config.current.tenant_id
+  object_id    = data.azuread_service_principal.example.id
+
+  key_permissions = [
+    "Get", "List", "Encrypt", "Decrypt"
+  ]
+}
 ```
 
 ## Argument Reference
@@ -55,7 +69,7 @@ The following arguments are supported:
 
 * `tenant_id` - (Required) The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Changing this forces a new resource to be created.
 
-* `object_id` - (Required) The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Changing this forces a new resource to be created.
+* `object_id` - (Required) The ID of service principal or the object ID of a user or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Changing this forces a new resource to be created.
 
 * `application_id` - (Optional) The object ID of an Application in Azure Active Directory. Changing this forces a new resource to be created.