Deployment service principal with "owner" and/or "reader" role of the keyvault resource is not able to read stored secrets during some ISO template integration tests.
The deployments that have run into this error have done so on subsequent deployments. Initial deployments have not surfaced this permissions error.
Description
Investigate a permanent fix or work around for keyvault read permissions.
Turns out this was not a product bug issue or naming collision issue. Instead, multiple deployments were sharing a keyvault resource that was only configurable for a single deployment service principal.
Background:
Deployment service principal with "owner" and/or "reader" role of the keyvault resource is not able to read stored secrets during some ISO template integration tests.
The deployments that have run into this error have done so on subsequent deployments. Initial deployments have not surfaced this permissions error.
Description
Investigate a permanent fix or work around for keyvault read permissions.
Acceptance Criteria
Reference: [Done-Done Checklist] (https://github.com/Microsoft/code-with-engineering-playbook/blob/master/Engineering/BestPractices/DoneDone.md)
Also, here are a few points that need to be addressed:
Resources
Deployment Error: // //...
Tasks
Assignee should break down work into tasks here