You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Resource azurerm_key_vault should support allowing public access from specific virtual networks and IP addresses when a network_acls is specified.
Actual Behaviour
Resource azurerm_key_vault only supports Allow public access from all networks or Disable public access even when specifying a network_acls block in order to allow public access from specific virtual networks and IP addresses.
The network_acls is taken into account when manually switching to Allow public access from specific virtual networks and IP addresses as shown in the screenshot.
Steps to Reproduce
terraform apply
Important Factoids
No response
References
No response
The text was updated successfully, but these errors were encountered:
@Sbargaoui Thank you for raising this issue. I have had a try with the Portal, it looks different from your post. To allow public access from selected networks, you have to Public network access first. would you have a try with your Terraform configuration by public_network_access_enabled=true and give acls with specific networks.
@Sbargaoui Thank you for raising this issue. I have had a try with the Portal, it looks different from your post. To allow public access from selected networks, you have to Public network access first. would you have a try with your Terraform configuration by public_network_access_enabled=true and give acls with specific networks.
The settings in the portal look different when you are create a new Key Vault than when you update an existing one.
But you are right, after setting public_network_access_enabled = true and network_acls something like this:
It appears that there's a distinction in behavior between creating a new key vault resource and updating an existing one.
When configuring a network_acls block with public_network_access_enabled=true, the expected behavior is to Allow public access from specific virtual networks and IP addresses, which aligns with the intended functionality.
However, issues arise when attempting to update an existing resource to restrict access solely to specific sources, especially if it was initially configured as fully private or fully public. This inconsistency in behavior during updates is where the problem lies.
Is there an existing issue for this?
Community Note
Terraform Version
1.7.5
AzureRM Provider Version
3.97.1
Affected Resource(s)/Data Source(s)
azurerm_key_vault
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
Resource
azurerm_key_vault
should support allowing public access from specific virtual networks and IP addresses when anetwork_acls
is specified.Actual Behaviour
Resource
azurerm_key_vault
only supportsAllow public access from all networks
orDisable public access
even when specifying anetwork_acls
block in order to allow public access from specific virtual networks and IP addresses.The
network_acls
is taken into account when manually switching toAllow public access from specific virtual networks and IP addresses
as shown in the screenshot.Steps to Reproduce
terraform apply
Important Factoids
No response
References
No response
The text was updated successfully, but these errors were encountered: