search

F5Networks / terraform-azure-bigip-module

Terraform module for Deploying BIG-IP in azure
Apache License 2.0
9 stars 23 forks source link

user_identity needs to be optional var input on azurerm_key_vault_access_policy #42

Closed JeffGiroux closed 1 year ago

JeffGiroux commented 2 years ago

Currently the user_identity is an input but it is not used as a var if found in the resource block below. As a result, the user provided user_identity ID does not have a policy applied to it. Instead, the keyvault policy is applied to the azurerm_user_assigned_identity. Which...this block also needs to have a "count" condition if var.user_identity exists.

fix this...by adding count "if" logic var.user_identity exists

resource "azurerm_user_assigned_identity" "user_identity" {
  name                = format("%s-ident", local.instance_prefix)
  resource_group_name = data.azurerm_resource_group.bigiprg.name
  location            = data.azurerm_resource_group.bigiprg.location
  tags = merge(local.tags, {
    Name = format("%s-ident", local.instance_prefix)
    }
  )
}

fix this...by allowing object_id to be the var.user_identity if provided or the azurerm created resourece

resource "azurerm_key_vault_access_policy" "example" {
  count        = var.az_keyvault_authentication ? 1 : 0
  key_vault_id = data.azurerm_key_vault.keyvault[count.index].id
  tenant_id    = data.azurerm_client_config.current.tenant_id
  object_id    = azurerm_user_assigned_identity.user_identity.principal_id
JeffGiroux commented 2 years ago

Is there a timeframe for next release and fix for this?

RavinderReddyF5 commented 2 years ago

Hi @JeffGiroux , mostly December 3rd week

JelleBroekhuijsen commented 1 year ago

@RavinderReddyF5 the latest release broke the template: https://github.com/F5Networks/terraform-azure-bigip-module/commit/89e050f0810e1e337631aa6c4683daf11a2dba58#r95818004

RavinderReddyF5 commented 1 year ago

please reopen new issue if any issue seen