azurerm_key_vault_access_policy gets stuck and never completes

[glenthomas]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.7

AzureRM Provider Version

3.107.0

Affected Resource(s)/Data Source(s)

azurerm_key_vault_access_policy

Terraform Configuration Files

resource "azurerm_key_vault_access_policy" "app_access_policy" {
  for_each = {
    for app_name in var.web_app_names : app_name => {
      principal_id = module.node_app[app_name].identity.principal_id
      tenant_id    = module.node_app[app_name].identity.tenant_id
    }
  }
  key_vault_id = local.kv_id
  tenant_id    = each.value.tenant_id
  object_id    = each.value.principal_id

  key_permissions = [
    "Get",
    "List",
  ]

  secret_permissions = [
    "Get",
    "List",
  ]
}

Debug Output/Panic Output

# azurerm_key_vault_access_policy.app_access_policy["onyx-mns"] will be created
  + resource "azurerm_key_vault_access_policy" "function_access_policy" {
      + id                 = (known after apply)
      + key_permissions    = [
          + "Get",
          + "List",
        ]
      + key_vault_id       = "***********************************"
      + object_id          = (known after apply)
      + secret_permissions = [
          + "Get",
          + "List",
        ]
      + tenant_id          = (known after apply)
    }

Expected Behaviour

Deployment succeeds.

Actual Behaviour

It gets stuck and never completes...

...
azurerm_key_vault_access_policy.function_access_policy["onyx-mns"]: Still creating... [27m30s elapsed]
azurerm_key_vault_access_policy.function_access_policy["onyx-mns"]: Still creating... [27m40s elapsed]
azurerm_key_vault_access_policy.function_access_policy["onyx-mns"]: Still creating... [27m50s elapsed]
azurerm_key_vault_access_policy.function_access_policy["onyx-mns"]: Still creating... [28m0s elapsed]
azurerm_key_vault_access_policy.function_access_policy["onyx-mns"]: Still creating... [28m10s elapsed]
azurerm_key_vault_access_policy.function_access_policy["onyx-mns"]: Still creating... [28m20s elapsed]
azurerm_key_vault_access_policy.function_access_policy["onyx-mns"]: Still creating... [28m30s elapsed]
azurerm_key_vault_access_policy.function_access_policy["onyx-mns"]: Still creating... [28m40s elapsed]
azurerm_key_vault_access_policy.function_access_policy["onyx-mns"]: Still creating... [28m50s elapsed]
azurerm_key_vault_access_policy.function_access_policy["onyx-mns"]: Still creating... [29m0s elapsed]
azurerm_key_vault_access_policy.function_access_policy["onyx-mns"]: Still creating... [29m10s elapsed]
azurerm_key_vault_access_policy.function_access_policy["onyx-mns"]: Still creating... [29m20s elapsed]
azurerm_key_vault_access_policy.function_access_policy["onyx-mns"]: Still creating... [29m30s elapsed]
azurerm_key_vault_access_policy.function_access_policy["onyx-mns"]: Still creating... [29m40s elapsed]
azurerm_key_vault_access_policy.function_access_policy["onyx-mns"]: Still creating... [29m50s elapsed]
Error: creating Access Policy (Object ID: "8a48c009-434a-422b-8004-f38d235dfac6") within Key Vault (Subscription: "***"
Resource Group Name: "onyx-rg"
Key Vault Name: "***"): context deadline exceeded
  with azurerm_key_vault_access_policy.function_access_policy["onyx-mns"],
  on key-vault.tf line 22, in resource "azurerm_key_vault_access_policy" "function_access_policy":
  22: resource "azurerm_key_vault_access_policy" "function_access_policy" {

Steps to Reproduce

1. terraform apply

Important Factoids

No response

References

No response

[wuxu92]

Thanks for reporting this issue. I can't identify the cause from the provided logs. Could you please run the command with debug logging TF_LOG=DEBUG terraform apply and share the logs with us?