azurerm_key_vault_certificate_contacts keep deleting and recreating contact email

[eddiewhho]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.8.4

AzureRM Provider Version

3.106.0

Affected Resource(s)/Data Source(s)

azurerm_key_vault_certificate_contacts

Terraform Configuration Files

resource "azurerm_key_vault_certificate_contacts" "kv" {
  key_vault_id = azurerm_key_vault.kv.id
  contact {
    email = "someone@somewhere.com"
    name  = "someone"
  }
  depends_on = [azurerm_key_vault.kv]
}

Debug Output/Panic Output

none

Expected Behaviour

Create the email contact once

Actual Behaviour

Keeps deleting and creating every time it runs ie. 1st run - creates it 2nd run - deletes it 3rd run - recreate it etc. etc.

Steps to Reproduce

terraform plan terraform apply

Important Factoids

None

References

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_certificate_contacts

[WodansSon]

Hi @eddiewhho, thank your for opening this issue. I will be happy to investigate this, however can you provide some more detail about your particular configuration? Such as, is public_network_access_enabled set to false, is the contact field in the azurerm_key_vault resource also defined while using the azurerm_key_vault_certificate_contacts resource to manage the contact information? That said, with the current information supplied in this issue I am not able to reproduce the stated issue with the below configuration:

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "repro" {
  name     = "acctestRG-wodansson-kv-26287"
  location = "westeurope"
}

data "azurerm_client_config" "current" {
}

resource "azurerm_key_vault" "repro" {
  name                          = "wodansson-kv-contacts"
  location                      = azurerm_resource_group.repro.location
  resource_group_name           = azurerm_resource_group.repro.name
  tenant_id                     = data.azurerm_client_config.current.tenant_id
  sku_name                      = "standard"
  public_network_access_enabled = true

  soft_delete_retention_days = 7

  access_policy {
    tenant_id = data.azurerm_client_config.current.tenant_id
    object_id = data.azurerm_client_config.current.object_id
    certificate_permissions = [
      "ManageContacts",
    ]
  }
}

resource "azurerm_key_vault_certificate_contacts" "repro" {
  key_vault_id = azurerm_key_vault.repro.id

  contact {
    email = "example@newexample.com"
    name  = "example"
  }
}