-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azurerm_servicebus_namespace Customer Managed Key with System Assigned Identity not working #21313
Comments
Thanks @dennis1f for raising this issue, let me confirm about the behavior, if system assigned identity is supported, I will raise a pr to fix it. |
@dennis1f I checked the feature, indeed, the system managed identity is supported by customer managed key. But we'll have a cycle if we use system managed identity in customer managed key
Can you try using azapi to update the customer managed key with system managed identity enabled?
|
@xiaxyi I tried, it applied without errors, but did not change anything. The Identity Type "User Assigned" was still selected. However after adding
|
thanks @dennis1f for the update, looks like API use the new value to override the old one if the new value presents. We are still considering whether to change the current behavior from terraform provider perspective because enabling |
I'm experiencing the same issue, which is causing me to be unable to import already created azure resources, when will this be fixed please? |
Is there an existing issue for this?
Community Note
Terraform Version
1.3.6
AzureRM Provider Version
3.50.0
Affected Resource(s)/Data Source(s)
azurerm_servicebus_namespace
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
azurerm_servicebus_namespace should support accessing customer managed keys in key vault with the system assigned identity of the service bus.
azurerm_servicebus_namespace.customer_managed_key.identity_id is not marked as required property
This is the resource used for testing:
{ "sku": { "name": "Premium", "tier": "Premium", "capacity": 1 }, "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/123/providers/Microsoft.ServiceBus/namespaces/azurermtest", "name": "azurermtest", "type": "Microsoft.ServiceBus/Namespaces", "location": "West Europe", "tags": {}, "identity": { "principalId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "tenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "type": "SystemAssigned" }, "properties": { "disableLocalAuth": true, "zoneRedundant": true, "encryption": { "keySource": "Microsoft.KeyVault", "keyVaultProperties": [ { "keyName": "servicebus", "keyVaultUri": "https://asasdasdasdsa.vault.azure.net", "keyVersion": "" } ], "requireInfrastructureEncryption": true }, "provisioningState": "Succeeded", "metricId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx:azurermtest", "createdAt": "2023-04-05T13:02:52.54Z", "updatedAt": "2023-04-05T14:22:05.58Z", "serviceBusEndpoint": "https://azurermtest.servicebus.windows.net:443/", "status": "Active" } }
Actual Behaviour
Using system assigned identity of service bus to authenticate against key vault to access the customer managed key should be possible.
azurerm_servicebus_namespace.customer_managed_key.identity_id is marked as required property in the azurerm provider, therefore it is not possible to use the system assigned identity
Steps to Reproduce
Important Factoids
No response
References
No response
The text was updated successfully, but these errors were encountered: