crossplane / upjet

A code generation framework and runtime for Crossplane providers
Apache License 2.0
319 stars 89 forks source link

Continual reconciliation on Azure provider on error #439

Closed stevendborrelli closed 1 month ago

stevendborrelli commented 2 months ago

What happened?

When trying to provision a resource in error on Azure (due to the issue fixed in https://github.com/crossplane/upjet/pull/435 we can't see the exact error), the provider constantly tries to create the resource.

With Azure provider 1.2.0, the requeue is increased up to 16m40s, but the object still reconciles a few times a minute:

2024-09-12T23:28:40Z    DEBUG   provider-azure  External resource is up to date {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"borrelli-test-2"}, "uid": "a03375f7-cc5e-4df2-a04b-e29e7d3f3a1d", "version": "2679", "external-name": "", "requeue-after": "2024-09-12T23:38:22Z"}
2024-09-12T23:28:41Z    DEBUG   provider-azure  External resource is up to date {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"borrelli-test-2"}, "uid": "a03375f7-cc5e-4df2-a04b-e29e7d3f3a1d", "version": "2679", "external-name": "", "requeue-after": "2024-09-12T23:38:37Z"}
2024-09-12T23:28:42Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "5ms"}
2024-09-12T23:29:15Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "10ms"}
2024-09-12T23:29:16Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "20ms"}
2024-09-12T23:29:17Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "40ms"}
2024-09-12T23:29:18Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "80ms"}
2024-09-12T23:29:19Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "160ms"}
2024-09-12T23:29:20Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "320ms"}
2024-09-12T23:29:22Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "640ms"}
2024-09-12T23:29:24Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "1.28s"}
2024-09-12T23:29:26Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "2.56s"}
2024-09-12T23:29:30Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "5.12s"}
2024-09-12T23:29:36Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "10.24s"}
2024-09-12T23:29:48Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "20.48s"}
2024-09-13T00:12:36Z    DEBUG   provider-azure  External resource is up to date {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"borrelli-test-2"}, "uid": "c11fb95c-e26a-4473-8b25-f3d662e5cbb8", "version": "3784", "external-name": "", "requeue-after": "2024-09-13T00:22:52Z"}
2024-09-13T00:12:37Z    DEBUG   provider-azure  External resource is up to date {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"borrelli-test-2"}, "uid": "c11fb95c-e26a-4473-8b25-f3d662e5cbb8", "version": "3784", "external-name": "", "requeue-after": "2024-09-13T00:22:37Z"}
2024-09-13T00:12:37Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "40.96s"}
2024-09-13T00:13:20Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "1m21.92s"}
2024-09-13T00:13:21Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "2m43.84s"}
2024-09-13T00:13:23Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "5m27.68s"}
2024-09-13T00:13:28Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "10m55.36s"}
2024-09-13T00:13:36Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "16m40s"}
2024-09-13T00:13:52Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "16m40s"}
2024-09-13T00:14:24Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "asyncCallback", "when": "16m40s"}

With Azure provider 1.5.0, it requires at 0s but eventually settles in to checking on the error create every 30s.

2024-09-13T00:28:21Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "", "when": "0s"}
2024-09-13T00:28:53Z    DEBUG   provider-azure  External resource is up to date {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"borrelli-test-2"}, "uid": "6577dc44-41df-45bf-9a46-788317f38ac2", "version": "6208", "external-name": "", "requeue-after": "2024-09-13T00:38:52Z"}
2024-09-13T00:28:54Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "", "when": "0s"}
2024-09-13T00:29:27Z    DEBUG   provider-azure  External resource is up to date {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"borrelli-test-2"}, "uid": "6577dc44-41df-45bf-9a46-788317f38ac2", "version": "6287", "external-name": "", "requeue-after": "2024-09-13T00:39:00Z"}
2024-09-13T00:29:27Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "", "when": "0s"}
2024-09-13T00:30:00Z    DEBUG   provider-azure  External resource is up to date {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"borrelli-test-2"}, "uid": "6577dc44-41df-45bf-9a46-788317f38ac2", "version": "6368", "external-name": "", "requeue-after": "2024-09-13T00:39:43Z"}
2024-09-13T00:30:00Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "", "when": "0s"}
2024-09-13T00:30:33Z    DEBUG   provider-azure  External resource is up to date {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"borrelli-test-2"}, "uid": "6577dc44-41df-45bf-9a46-788317f38ac2", "version": "6446", "external-name": "", "requeue-after": "2024-09-13T00:40:12Z"}
2024-09-13T00:30:34Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "", "when": "0s"}
2024-09-13T00:31:06Z    DEBUG   provider-azure  External resource is up to date {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"borrelli-test-2"}, "uid": "6577dc44-41df-45bf-9a46-788317f38ac2", "version": "6525", "external-name": "", "requeue-after": "2024-09-13T00:40:50Z"}
2024-09-13T00:31:07Z    DEBUG   provider-azure  Reconcile request has been requeued.    {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "borrelli-test-2", "rateLimiterName": "", "when": "0s"}

How can we reproduce it?

Create any resource that has an error in provisioning:

apiVersion: keyvault.azure.upbound.io/v1beta1
kind: Vault
metadata:
  annotations:
    meta.upbound.io/example-id: keyvault/v1beta1/key
  labels:
    testing.upbound.io/example-name: example
  name: borrelli-test-2
spec:
  forProvider:
    location: uksouth
    resourceGroupName: borrelli-test
    skuName: premium
    softDeleteRetentionDays: 7
    tenantId: b9925bc4-8383-4c37-b9d2-fa456d1bb1c7
---
apiVersion: keyvault.azure.upbound.io/v1beta2
kind: Key
metadata:
  annotations:
    meta.upbound.io/example-id: keyvault/v1beta1/key
  labels:
    testing.upbound.io/example-name: example
  name: borrelli-test-2
spec:
  forProvider:
    keyOpts:
      - decrypt
      - encrypt
      - sign
      - unwrapKey
      - verify
      - wrapKey
    keySize: 2048
    keyType: RSA
    keyVaultIdRef:
      name: borrelli-test-2
    name: borrelli-test-2
    rotationPolicy:
      automatic:
        timeBeforeExpiry: P30D
      expireAfter: P90D
      notifyBeforeExpiry: P29D
stevendborrelli commented 2 months ago

Another example I have found in logs, you can see the reque-after does not seem to be taking effect:

2024-09-12T11:29:43Z    DEBUG   provider-azure  Successfully requested update of external resource  {"controller": "managed/storage.azure.upbound.io/v1beta1, kind=account", "request": {"name":"uksouth-manager-dev-1-azurefile-csi-nfs"}, "uid": "56647f97-72a2-4e1f-ad7d-bdc7e2951e16", "version": "102331389", "external-name": "34a22711534795a757d4841c", "requeue-after": "2024-09-12T11:39:32Z"}
2024-09-12T11:29:44Z    DEBUG   provider-azure  Successfully requested update of external resource  {"controller": "managed/storage.azure.upbound.io/v1beta1, kind=account", "request": {"name":"uksouth-manager-dev-1-azurefile-csi-nfs"}, "uid": "56647f97-72a2-4e1f-ad7d-bdc7e2951e16", "version": "102331389", "external-name": "34a22711534795a757d4841c", "requeue-after": "2024-09-12T11:39:57Z"}
2024-09-12T11:29:46Z    DEBUG   provider-azure  Successfully requested update of external resource  {"controller": "managed/storage.azure.upbound.io/v1beta1, kind=account", "request": {"name":"uksouth-manager-dev-1-azurefile-csi-nfs"}, "uid": "56647f97-72a2-4e1f-ad7d-bdc7e2951e16", "version": "102331389", "external-name": "34a22711534795a757d4841c", "requeue-after": "2024-09-12T11:40:13Z"}
2024-09-12T11:29:48Z    DEBUG   provider-azure  Successfully requested update of external resource  {"controller": "managed/storage.azure.upbound.io/v1beta1, kind=account", "request": {"name":"uksouth-manager-dev-1-azurefile-csi-nfs"}, "uid": "56647f97-72a2-4e1f-ad7d-bdc7e2951e16", "version": "102331389", "external-name": "34a22711534795a757d4841c", "requeue-after": "2024-09-12T11:39:49Z"}
mergenci commented 1 month ago

@stevendborrelli, Thanks for your report. Here are the takeaways followed by the details of my investigation:

  1. Reconciliation not stopping upon creation error is a known issue of crossplane-runtime not being async-aware, while external clients are running asynchronously for create, update, and delete operations (observe is always synchronous).
  2. Azure provider v1.5.0 behaves in unexpected ways because of https://github.com/crossplane/upjet/pull/435, as you mentioned. Upgrading to at least v1.5.1 resolves the issue. All other behavior that you reported is the expected behavior, though of course, not the desired.
  3. In my tests, I was able to observe that the exponential backoff being capped at 1 minute by crossplane-runtime. Increasing the limit, by first making it configurable, might ease some of the pain.
  4. I couldn't reproduce, however, exponential backoff restarting at zero, unless the pod is restarted. Retry count is kept in memory, therefore the exponential backoff restarts after the pod restarts.
  5. Exponential backoff starts only after a creation grace period of 30 seconds. During this period, only one external API call for creation is performed, even though you might see multiple “Reconciling” message in the logs. On the other hand, external API calls for observe operation happen once per “Reconciling” message.
  6. For a better indicator of external API calls for creation, watch for “Async create starting...” messages.

Below output demonstrates the behavior in action. I omitted duplicate lines for brevity. In the real output, each line except the first one occurs twice, once for “Synced” and once for “Ready” status condition updates. And, if you see “Synced: True” at the beginning, don't be surprised. It's also because of crossplane-runtime not being async aware.

> k get key.v1beta1.keyvault.azure.upbound.io -w              
NAME            SYNCED   READY   EXTERNAL-NAME   AGE
issue-439-key   False    False                   3s
issue-439-key   False    False                   56s
issue-439-key   False    False                   58s
issue-439-key   False    False                   59s
issue-439-key   False    False                   60s
issue-439-key   False    False                   61s
issue-439-key   False    False                   62s
issue-439-key   False    False                   64s
issue-439-key   False    False                   66s
issue-439-key   False    False                   68s
issue-439-key   False    False                   72s
issue-439-key   False    False                   78s
issue-439-key   False    False                   90s
issue-439-key   False    False                   112s
issue-439-key   False    False                   2m34s
issue-439-key   False    False                   3m35s
issue-439-key   False    False                   4m35s

Even though the creation grace period is 30 seconds, it ends at 56 seconds in the output above. I haven't investigated the details of how it extends beyond 30 seconds, but given that reconciliation is not hard-real time and there are other variables, such as jitter, in effect, I'm not surprised. For reference, this block of the managed reconciler executes during this phase.

After the grace period, this block of the managed reconciler executes. As you can see, returned reconciliation result only has Requeue: true, it doesn't contain RequeueAfter. requeue-after logs you see belongs to the phase before the first creation attempt finishes, and therefore doesn't take effect in async creation — again, another quirk of managed reconciler not being async aware.

After the grace period, at 56 seconds, we see that the durations between status condition updates increase. The intervals don't look like they would fit an exponential curve because of the lack of time resolution in the output. If you examine timestamped pod logs below, you'll see that the backoffs are exponential, starting with 5 ms and doubling. Backoffs in the order of milliseconds are difficult to observe above. When the backoff duration increases to the order of seconds, they are not integral numbers, but fractional like 1.28, 2.56, 5.12 seconds, which is also difficult to observe. Timestamps indicate that exponential backoff is working as expected.

Backoff duration is capped at 1 minute by crossplane-runtime, which is configured again in crossplane-runtime, which is called by the provider.

Let me know if you have further questions.

Output during the creation grace period (Extra newlines are added for better readability. Also note that there is a single “Async create starting...” message): ```console 2024-09-29T22:57:35+03:00 DEBUG provider-azure Calling the inner handler for Create event. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "queueLength": 0} 2024-09-29T22:57:35+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:57:35+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:35+03:00 DEBUG provider-azure Calling the inner handler for Update event. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "queueLength": 0} 2024-09-29T22:57:36+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:36+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:36+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:57:36+03:00 DEBUG provider-azure Calling the inner handler for Update event. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "queueLength": 0} 2024-09-29T22:57:36+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T22:57:36+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:36+03:00 DEBUG provider-azure Successfully requested creation of external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333597", "external-name": "", "external-name": ""} 2024-09-29T22:57:36+03:00 DEBUG provider-azure Calling the inner handler for Update event. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "queueLength": 0} 2024-09-29T22:57:36+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:57:36+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:36+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:36+03:00 DEBUG provider-azure ongoing async operation {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "opType": "create"} 2024-09-29T22:57:36+03:00 DEBUG provider-azure External resource is up to date {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333605", "external-name": "", "requeue-after": "2024-09-29T23:08:06+03:00"} 2024-09-29T22:57:37+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:57:37+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:37+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T22:57:37+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "5ms"} 2024-09-29T22:57:37+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:37+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:37+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:57:37+03:00 DEBUG provider-azure Waiting for external resource existence to be confirmed {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333607", "external-name": ""} 2024-09-29T22:57:37+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:57:37+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:38+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:38+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:38+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:57:38+03:00 DEBUG provider-azure Waiting for external resource existence to be confirmed {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333608", "external-name": ""} 2024-09-29T22:57:41+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:57:41+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:42+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:42+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:42+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:57:42+03:00 DEBUG provider-azure Waiting for external resource existence to be confirmed {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333608", "external-name": ""} 2024-09-29T22:57:58+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:57:58+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:58+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:58+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:57:58+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:57:58+03:00 DEBUG provider-azure Waiting for external resource existence to be confirmed {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333608", "external-name": ""} ```
Output after the creation grace period (Extra newlines are added for better readability. Also note that there is one “Async create starting...” message per “Reconciling” message): ```console 2024-09-29T22:58:30+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:58:30+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:31+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:31+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:31+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:58:31+03:00 DEBUG provider-azure Cannot create external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333608", "external-name": "", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]"} 2024-09-29T22:58:31+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T22:58:31+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:32+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T22:58:32+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "10ms"} 2024-09-29T22:58:32+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:58:32+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:33+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:33+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:33+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:58:33+03:00 DEBUG provider-azure Cannot create external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333713", "external-name": "", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]"} 2024-09-29T22:58:33+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T22:58:33+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:33+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T22:58:33+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "20ms"} 2024-09-29T22:58:33+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:58:33+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:34+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:34+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:34+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:58:34+03:00 DEBUG provider-azure Cannot create external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333720", "external-name": "", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]"} 2024-09-29T22:58:34+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T22:58:34+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:34+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T22:58:34+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "40ms"} 2024-09-29T22:58:34+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:58:34+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:35+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:35+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:35+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:58:35+03:00 DEBUG provider-azure Cannot create external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333726", "external-name": "", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]"} 2024-09-29T22:58:35+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T22:58:35+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:36+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T22:58:36+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "80ms"} 2024-09-29T22:58:36+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:58:36+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:36+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:36+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:36+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:58:36+03:00 DEBUG provider-azure Cannot create external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333728", "external-name": "", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]"} 2024-09-29T22:58:36+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T22:58:36+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:37+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T22:58:37+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "160ms"} 2024-09-29T22:58:37+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:58:37+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:37+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:37+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:37+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:58:37+03:00 DEBUG provider-azure Cannot create external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333734", "external-name": "", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]"} 2024-09-29T22:58:37+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T22:58:37+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:38+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T22:58:38+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "320ms"} 2024-09-29T22:58:39+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:58:39+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:39+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:39+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:39+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:58:39+03:00 DEBUG provider-azure Cannot create external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333741", "external-name": "", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]"} 2024-09-29T22:58:39+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T22:58:39+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:40+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T22:58:40+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "640ms"} 2024-09-29T22:58:40+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:58:40+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:41+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:41+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:41+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:58:41+03:00 DEBUG provider-azure Cannot create external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333746", "external-name": "", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]"} 2024-09-29T22:58:41+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T22:58:41+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:41+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T22:58:41+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "1.28s"} 2024-09-29T22:58:43+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:58:43+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:43+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:43+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:43+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:58:43+03:00 DEBUG provider-azure Cannot create external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333753", "external-name": "", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]"} 2024-09-29T22:58:43+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T22:58:43+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:44+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T22:58:44+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "2.56s"} 2024-09-29T22:58:46+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:58:46+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:47+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:47+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:47+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:58:47+03:00 DEBUG provider-azure Cannot create external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333759", "external-name": "", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]"} 2024-09-29T22:58:47+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T22:58:47+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:48+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T22:58:48+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "5.12s"} 2024-09-29T22:58:53+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:58:53+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:53+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:53+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:53+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:58:53+03:00 DEBUG provider-azure Cannot create external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333768", "external-name": "", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]"} 2024-09-29T22:58:53+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T22:58:53+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:58:54+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T22:58:54+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "10.24s"} 2024-09-29T22:59:04+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:59:04+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:59:05+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:59:05+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:59:05+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:59:05+03:00 DEBUG provider-azure Cannot create external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333783", "external-name": "", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]"} 2024-09-29T22:59:05+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T22:59:05+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:59:05+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T22:59:05+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "20.48s"} 2024-09-29T22:59:26+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T22:59:26+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:59:27+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:59:27+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:59:27+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T22:59:27+03:00 DEBUG provider-azure Cannot create external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333807", "external-name": "", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]"} 2024-09-29T22:59:27+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T22:59:27+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T22:59:27+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T22:59:27+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "40.96s"} 2024-09-29T23:00:08+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T23:00:08+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T23:00:09+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T23:00:09+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T23:00:09+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T23:00:09+03:00 DEBUG provider-azure Cannot create external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333848", "external-name": "", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]"} 2024-09-29T23:00:09+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T23:00:09+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T23:00:10+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T23:00:10+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "1m21.92s"} 2024-09-29T23:01:09+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T23:01:09+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T23:01:10+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T23:01:10+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T23:01:10+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T23:01:10+03:00 DEBUG provider-azure Cannot create external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "333927", "external-name": "", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]"} 2024-09-29T23:01:10+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T23:01:10+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T23:01:10+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T23:01:10+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "2m43.84s"} 2024-09-29T23:02:10+03:00 DEBUG provider-azure Reconciling {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}} 2024-09-29T23:02:10+03:00 DEBUG provider-azure Connecting to the service provider {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T23:02:10+03:00 DEBUG provider-azure Instance state not found in cache, reconstructing... {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T23:02:10+03:00 DEBUG provider-azure Observing the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T23:02:10+03:00 DEBUG provider-azure Diff detected {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "instanceDiff": "*terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{\"curve\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"e\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"6\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.0\":*terraform.ResourceAttrDiff{Old:\"\", New:\"decrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.1\":*terraform.ResourceAttrDiff{Old:\"\", New:\"encrypt\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.2\":*terraform.ResourceAttrDiff{Old:\"\", New:\"sign\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.3\":*terraform.ResourceAttrDiff{Old:\"\", New:\"unwrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.4\":*terraform.ResourceAttrDiff{Old:\"\", New:\"verify\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_opts.5\":*terraform.ResourceAttrDiff{Old:\"\", New:\"wrapKey\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"key_size\":*terraform.ResourceAttrDiff{Old:\"\", New:\"2048\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_type\":*terraform.ResourceAttrDiff{Old:\"\", New:\"RSA\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"key_vault_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"/subscriptions/038f2b7c-3265-43b8-8624-c9ad5da610a8/resourceGroups/issue-439-resourcegroup/providers/Microsoft.KeyVault/vaults/issue-439-vault\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"n\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"name\":*terraform.ResourceAttrDiff{Old:\"\", New:\"issue-439-key\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, \"public_key_openssh\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"public_key_pem\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"resource_versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"3\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.#\":*terraform.ResourceAttrDiff{Old:\"0\", New:\"1\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.0.automatic.0.time_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P30D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.1.expire_after\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P90D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"rotation_policy.2.notify_before_expiry\":*terraform.ResourceAttrDiff{Old:\"\", New:\"P29D\", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"version\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"versionless_id\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"x\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, \"y\":*terraform.ResourceAttrDiff{Old:\"\", New:\"\", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, RawConfig:cty.NilVal, RawState:cty.NilVal, RawPlan:cty.NilVal, Meta:map[string]interface {}(nil)}"} 2024-09-29T23:02:10+03:00 DEBUG provider-azure Cannot create external resource {"controller": "managed/keyvault.azure.upbound.io/v1beta1, kind=key", "request": {"name":"issue-439-key"}, "uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "version": "334039", "external-name": "", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]"} 2024-09-29T23:02:10+03:00 DEBUG provider-azure Async create starting... {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "tfID": ""} 2024-09-29T23:02:10+03:00 DEBUG provider-azure Creating the external resource {"uid": "349afc9a-e839-48a7-a007-de43fdca00ea", "name": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key"} 2024-09-29T23:02:11+03:00 DEBUG provider-azure Async create ended. {"trackerUID": "349afc9a-e839-48a7-a007-de43fdca00ea", "resourceName": "issue-439-key", "gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "error": "async create failed: failed to create the resource: [{0 checking for presence of existing Key \"issue-439-key\" (Key Vault \"https://issue-439-vault.vault.azure.net/\"): keyvault.BaseClient#GetKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Forbidden\" Message=\"The user, group or application 'appid=2556f524-5663-461a-874a-9cd47448b031;oid=3be15ce8-4c2e-47d3-98eb-a3aac9e5343b;iss=https://sts.windows.net/b9925bc4-8383-4c37-b9d2-fa456d1bb1c7/' does not have keys get permission on key vault 'issue-439-vault;location=uksouth'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287\" InnerError={\"code\":\"AccessDenied\"} []}]", "tfID": ""} 2024-09-29T23:02:11+03:00 DEBUG provider-azure Reconcile request has been requeued. {"gvk": "keyvault.azure.upbound.io/v1beta1, Kind=Key", "name": "issue-439-key", "rateLimiterName": "asyncCallback", "when": "5m27.68s"} ```
jeanduplessis commented 1 month ago

I'm going to go ahead and close this issue. @stevendborrelli if there's any further info that contradicts the explanation let us know.