resource azurecaf_naming_convention Project-kv {
name = "${var.env}CKV-${var.group}-${local.project_short}-${local.unique_Keyvault}" # Result into ScScCKV-CIO-ESLZ-4fs98gnd
resource_type = "kv"
postfix = "kv"
convention = "passthrough"
}
Resulting name: scdcckv-cio-eslz-4fs98gnd
Expected result: ScScCKV-CIO-ESLZ-4fs98-kv
Expected behavior logic:
Keyvault name must be a 1-127 character string, starting with a letter and containing only 0-9, a-z, A-Z, and -. It is therefore expected that the returned name will not change letter cases.
Inspecting the go code the issue appear to be related to line 67 of model.go:
Fixing this issue will result in a number of resource re-deployment for people that used the current code. Might also need to be implemented using a specific parameter to enforce lowercase to true and make the default to false. Any users of the old release will need to add this parameter to their KV provider call to avoid it being renamed with uppercase and lower cases.
I noticed the current provider return keyvault names is lowercase instead of maintaining cases as provided by the user. According to https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#:~:text=The%20name%20for%20a%20key,a%2Dz%2C%20A%2DZ%2C%20and%20%2D. keyvault names can include uppercase.
Sample code:
Resulting name: scdcckv-cio-eslz-4fs98gnd
Expected result: ScScCKV-CIO-ESLZ-4fs98-kv
Expected behavior logic:
Keyvault name must be a 1-127 character string, starting with a letter and containing only 0-9, a-z, A-Z, and -. It is therefore expected that the returned name will not change letter cases.
Inspecting the go code the issue appear to be related to line 67 of model.go:
"kv": {"keyvault", "kv", 3, 24, true, alphanumh, "^[a-zA-Z][0-9A-Za-z-]{0,22}[0-9a-zA-Z]$"},
where the code should be:
"kv": {"keyvault", "kv", 3, 24, false, alphanumh, "^[a-zA-Z][0-9A-Za-z-]{0,22}[0-9a-zA-Z]$"},
Fixing this issue will result in a number of resource re-deployment for people that used the current code. Might also need to be implemented using a specific parameter to enforce lowercase to true and make the default to false. Any users of the old release will need to add this parameter to their KV provider call to avoid it being renamed with uppercase and lower cases.