Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

az keyvault create not idempotent with access policies

See original GitHub issue

az feedback auto-generates most of the information requested below, as of CLI version 2.0.62

Describe the bug

The “az keyvault create” command is not idempotent with Access Policies. On re-running the command the Access Policies are deleted/removed.

To Reproduce

Create a KeyVault with az keyvault create e.g. “az keyvault create --location westus2 --name MyKeyVault --resource-group MyResourceGroup

Assign an access policy to the KeyVault, either manually in the portal, or via another Azure CLI or PowershellAz command.

Run the “az keyvault create --location westus2 --name MyKeyVault --resource-group MyResourceGroup” command again

The access policy has been removed/deleted

Expected behavior Leave the Access Policy alone

Environment summary

All environments

Additional context

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:2
  • Comments:7 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
pascalnabercommented, Sep 11, 2020

@yungezz Maybe I don’t understand what you mean with client side idempotency. Because I would not know why somebody needs that. Idempotency is about server side behavior if you ask me.

If I read about the az cli Standard Command Types, The CREATE command MUST be idempotent according to the documentation.

https://github.com/Azure/azure-cli/blob/dev/doc/command_guidelines.md#standard-command-types

Hopefully, the behavior of the Keyvault can be changed soon according to the cli guidelines.

0reactions
puagarwacommented, Sep 15, 2020

@bim-msft Is there any ETA for this fix ? I am also facing this issue in my CMK code where i create key vault and then add ACL for CMK to work but once we deploy template again, things break because it altogether remove access policy. I have to everything via ARM here.

Read more comments on GitHub >

github_iconTop Results From Across the Web

az keyvault | Microsoft Learn
Create a key vault with network ACLs specified (use --network-acls to specify IP and VNet rules by using a JSON string). Azure CLI...
Read more >
How to create idempotent, re-deployable ARM templates that ...
In my ARM template, I need to initialize the Service Bus without encryption in order to get a managed identity, grant that identity...
Read more >
azure-cli 2.23.0 - PyPI
Fix #7792: IoT Hub Create is not idempotent (#14449). IoT Central. Add paramater option list for iot central (#14471). KeyVault. az keyvault key ......
Read more >
How-to use customer-managed keys with Azure Key Vault and ...
That being said, you need to update Key Vault to set those two properties. If you don't want to mess around with retrieving...
Read more >
Access KeyVault from Azure Kubernetes Service (AKS) with ...
This blogpost tells you how to access the KeyVault from an… ... sometimes the Service Principal is not there yet az keyvault set-policy...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Webapp:Retrieve webapp publishing profile as XML

Next page

Listing VMs causes bad HTTP request in Windows Terminal