-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Specifying Email Contacts for azurerm_key_vault_certificate #1301
Comments
hey @kalyanrajsista Thanks for opening this issue :) Taking a quick look into this - it appears that support for this is available in the SDK using the Thanks! |
@tombuildsstuff this seems to be something we would want to have specified on the Key Vault as a whole. Perhaps we can expose this property on the EDIT: It also may be reasonable to just make a separate |
@Lucretius thinking about this I think this'd make more sense within the |
The only thing I was concerned about was it being a separate call after the resource already exists in order to add the contacts via the SDK. Still learning how the provider works - would putting this logic after the SetId function call ensure that - if for some reason the SetCertificateContacts call fails - that the following plan/apply just applies the contacts piece and doesn’t trigger a forceNew on the entire keyvault? |
@Lucretius sorry for the delayed reply - we tend to have Create call the Update method (which calls Read, instead of Create -> Read) when this happens and then make these changes inside of the Update function - WDYT? |
The Key Vault resource currently uses one function for both Create and Update - I do have a working prototype of this where I check if the contacts length is > 0 and if so, set the contacts, otherwise delete them, and I make that call just after the key vault itself is created. Seems to be working just need to fix a few bugs and write some tests. But I also have some open PRs I want to close out before I go any further on this one. Thanks @tombuildsstuff for the explainer on the existing CRUD pattern for resources - it definitely is helpful when trying to figure out how best to approach these problems! |
@tombuildsstuff I am running into the following case: The access policy of the Azure entity (service principal/MSI/etc) executing terraform must have the If there is not a way to check this, I don't see a way around handling this in a separate resource. What do you think? |
any updates? is it OK for me to take over this issue and continue ? After investigating, I think an individual resource |
fix #1301 making certificate contact as a standalone resource is pushed back. submit this PR to make it as a embeded field in "key_vault" resource
This has been released in version 2.34.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 2.34.0"
}
# ... other configuration ... |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
Community Note
Description
Specifying email contacts to be updated in Azure Key vault. In the resource 'azurerm_key_vault_certificate', we can only specify action_type as 'EmailContacts' but we cannot specify the email addresses to update email contacts for a specific key vault
New or Affected Resource(s)
The text was updated successfully, but these errors were encountered: