Open lkt82 opened 2 years ago
Just to clarify - the migration of existing certificates was okay when upgrading, but the creation of the new certificates is failing?
I've just tested the below code against v4.39.0 and it deploys successfully. Please could you provide code which reproduces this issue?
const current = azure.core.getClientConfig({});
const keyvault = new azure.keyvault.KeyVault("key-vault", {
resourceGroupName: resourceGroup.name,
skuName: "standard",
tenantId: current.then((c) => c.tenantId),
accessPolicies: [
{
tenantId: current.then((current) => current.tenantId),
objectId: current.then((current) => current.objectId),
certificatePermissions: [
"create",
"delete",
"deleteissuers",
"get",
"getissuers",
"import",
"list",
"listissuers",
"managecontacts",
"manageissuers",
"purge",
"setissuers",
"update",
],
keyPermissions: [
"backup",
"create",
"decrypt",
"delete",
"encrypt",
"get",
"import",
"list",
"purge",
"recover",
"restore",
"sign",
"unwrapKey",
"update",
"verify",
"wrapKey",
],
secretPermissions: [
"backup",
"delete",
"get",
"list",
"purge",
"recover",
"restore",
"set",
],
},
],
});
new azure.keyvault.Certificate("cert", {
keyVaultId: keyvault.id,
certificatePolicy: {
issuerParameters: {
name: "Self",
},
keyProperties: {
exportable: true,
keySize: 2048,
keyType: "RSA",
reuseKey: true,
},
lifetimeActions: [
{
action: {
actionType: "AutoRenew",
},
trigger: {
daysBeforeExpiry: 30,
},
},
],
secretProperties: {
contentType: "application/x-pkcs12",
},
x509CertificateProperties: {
extendedKeyUsages: ["1.3.6.1.5.5.7.3.1"],
keyUsages: [
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyAgreement",
"keyCertSign",
"keyEncipherment",
],
subjectAlternativeNames: {
dnsNames: ["internal.contoso.com", "domain.hello.world"],
},
subject: "CN=hello-world",
validityInMonths: 12,
},
},
});
Hi
This happens when we try to create a new environments from scratch. We have not tested any updates as we rolled back to and older provider version when we could not provision a development environment.
it's tangled with a lot of other code, can you use this?
var certId = new RandomId(GetLogicalName("id"), new RandomIdArgs
{
ByteLength = 5,
Prefix = Name.Replace(".", string.Empty).Replace("*", "wc"),
Keepers =
{
{ "CertId", cert.Id },
{ "VaultId", args.VaultId },
{ "CertPem", cert.CertPem },
{ "PrivateKeyPem", privateKey.PrivateKeyPem }
}
}, new()
{
Parent = this
});
var vaultCertificate = certId.Hex.Apply(c => new Certificate(c, new CertificateArgs
{
KeyVaultId = args.VaultId,
Name = c,
Tags = AzureContext.Tags,
KeyVaultCertificate = new CertificateCertificateArgs
{
Contents = pkcs12,
Password = string.Empty
},
CertificatePolicy = new CertificateCertificatePolicyArgs
{
KeyProperties = new CertificateCertificatePolicyKeyPropertiesArgs
{
Exportable = true,
KeyType = KeyVaultKeyType,
KeySize = KeyVaultKeySize,
ReuseKey = false
},
IssuerParameters = new CertificateCertificatePolicyIssuerParametersArgs
{
Name = "Self"
},
SecretProperties = new CertificateCertificatePolicySecretPropertiesArgs
{
ContentType = "application/x-pkcs12"
},
}
}, new()
{
Parent = this,
DeleteBeforeReplace = true,
IgnoreChanges = { "certificate.contents" }
}));
Hi
After upgrading to a version higher than 4.36.0 it breaks the creation of keyvault certificates 👎 .
We are relying on this in production so it's not that fun.
This is the error we get when we are creating keyvault certificates
Environment Pulumi: 3.24.1 Pulumi.Azure: 4.38.0 Os: Windows