search

Azure / azure-service-operator

Azure Service Operator allows you to create Azure resources using kubectl
https://azure.github.io/azure-service-operator/
MIT License
702 stars 188 forks source link

Bug: KeyVault createMode and armID owner doesn't work #4117

Closed Rapharembi closed 1 week ago

Rapharembi commented 2 weeks ago

Azure Service Operator 2.7.0

Describe the bug When trying to create KeyVault and set creationMode spec to anything other than default while using armID as resource owner an error is raised.

To Reproduce Just replace the id values on code bellow. 

apiVersion: keyvault.azure.com/v1api20230701
kind: Vault
metadata:
  annotations:
    serviceoperator.azure.com/credential-from: aso-credential-microsoft-sub
  name: test-keyvault
  namespace: azureserviceoperator-system
spec:
  location: eastus
  owner: 
    armId: /subscriptions/mysub/resourceGroups/myrg
  properties:
    createMode: createOrRecover
    tenantId: mytenant
    sku:
      family: A
      name: standard
    accessPolicies:
      - objectId: "objid"
        tenantId: "tenantid"
        permissions:
          certificates:
            - "get"
          keys:
            - "get"
          secrets:
            - "get"
          storage:
            - "get"

Expected behavior KeyVault created with expected createMode set and selected resource group as its owner.

Additional context Error message is the following: failed to add initial resource state: failed to modify ARM payload: unable to find owner of KeyVault argocd-keyvault: owner of KeyVault test-keyvault is not within the cluster