yonzhan
commented
3 years ago keyvault
Open mla157 opened 3 years ago
yonzhan
commented
3 years ago keyvault
evelyn-ys
commented
3 years ago Please make sure the object id you provided is valid. Service will check the validation and if failed such error will be returned in response
(BadRequest) An invalid value was provided for 'accessPolicies'.
mla157
commented
3 years ago Yes, this was the error. But I was disappointed, that the error stated, that the accessPolicy was bad.
evelyn-ys
commented
3 years ago The error msg is from service side so I guess CLI could hardly refine it.
ghost
commented
3 years ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @RandalliLama, @schaabs, @jlichwa.
| Author: | maxleonalbrecht |
|---|---|
| Assignees: | evelyn-ys |
| Labels: | `KeyVault`, `Service Attention` |
| Milestone: | S189 |
sebansal
commented
2 years ago Team would need more information about the resource to further troubleshoot. Recommend to open up Support Request for KV service.
jlichwa
commented
2 years ago @maxleonalbrecht the object id is identity id in form of GUID. For SQL server you will need to set and use their assigned identity. Example here: https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-configure?tabs=azure-powershell#grant-key-vault-permissions-to-your-server
Describe the bug
If you try to set an access policy for a KeyVault you get a BadRequest Error. Same is happening with arm deployment.
Command Name
az keyvault set-policyErrors:
To Reproduce:
az keyvault set-policy -n <keyVaultName> --key-permissions get list --object-id "/subscriptions/<subscriptionId>/resourceGroups/<resouceGroupName>/providers/Microsoft.Sql/servers/<sqlServerName>"Expected Behavior
Access Policy set on KeyVault.
Environment Summary
Additional Context