Closed WilliamMortlMicrosoft closed 5 years ago
This is a bug in the sample, specifically how it creates a keyvault authorizer. In SetVaultPermissions()
the client ID is used for the object ID which is incorrect; the object ID for the service principal should be used instead, see the following code.
https://github.com/Azure-Samples/azure-sdk-for-go-samples/blob/master/keyvault/vault.go#L116
The easiest way to obtain the object ID for your service principal is to use the CLI.
az ad sp show --id <your client ID>
You should see the following as part of the output.
"objectId": "<some GUID>",
"objectType": "ServicePrincipal",
"odata.metadata": "https://graph.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/$metadata#directoryObjects/@Element",
The value for objectId
is what you want to use when specifying access policies. I will update the sample with this info.
The sample has been updated and works as expected now.
Thank you for your contribution and feedback! Help us review faster by providing the following information:
This issue is a: (mark with an
x
)Steps to reproduce:
Running "go test" in "keyvault" sample directory
Errors and log messages:
despite setting all of my env vars to the create info for my service principal, I cannot update the permissions on my keyvault (the resource group and keyvault are successfully created)
Williams-MBP:keyvault wmortl$ go test 2019/07/30 15:53:04 creating resource group 'azure-samples-go-KeyVault-UtCl8' on location: centralus 2019/07/30 15:53:09 vault created 2019/07/30 15:53:10 keyvault.VaultsClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="An invalid value was provided for 'accessPolicies'." 2019/07/30 15:53:10 set vault permissions 2019/07/30 15:53:11 keyvault.BaseClient#CreateKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Forbidden" Message="Access denied" InnerError={"code":"AccessDenied"} 2019/07/30 15:53:11 created key
Expected behavior:
test should pass
OS and Go versions:
macOS 10.14.6 go version go1.12.7 darwin/amd64
Williams-MBP:keyvault wmortl$ az --version azure-cli 2.0.69 *
command-modules-nspkg 2.0.3 core 2.0.69 * nspkg 3.0.4 telemetry 1.0.3
Further info:
Sorry if I am messing something up here - any help would be welcome! :-) I've been banging my head against the wall here