az keyvault create not idempotent with access policies
See original GitHub issue
az feedback
auto-generates most of the information requested below, as of CLI version 2.0.62
Describe the bug
The “az keyvault create” command is not idempotent with Access Policies. On re-running the command the Access Policies are deleted/removed.
To Reproduce
Create a KeyVault with az keyvault create e.g. “az keyvault create --location westus2 --name MyKeyVault --resource-group MyResourceGroup”
Assign an access policy to the KeyVault, either manually in the portal, or via another Azure CLI or PowershellAz command.
Run the “az keyvault create --location westus2 --name MyKeyVault --resource-group MyResourceGroup” command again
The access policy has been removed/deleted
Expected behavior Leave the Access Policy alone
Environment summary
All environments
Additional context
Issue Analytics
- State:
- Created 3 years ago
- Reactions:2
- Comments:7 (3 by maintainers)
Top Results From Across the Web
az keyvault | Microsoft Learn
Create a key vault with network ACLs specified (use --network-acls to specify IP and VNet rules by using a JSON string). Azure CLI...
Read more >How to create idempotent, re-deployable ARM templates that ...
In my ARM template, I need to initialize the Service Bus without encryption in order to get a managed identity, grant that identity...
Read more >azure-cli 2.23.0 - PyPI
Fix #7792: IoT Hub Create is not idempotent (#14449). IoT Central. Add paramater option list for iot central (#14471). KeyVault. az keyvault key ......
Read more >How-to use customer-managed keys with Azure Key Vault and ...
That being said, you need to update Key Vault to set those two properties. If you don't want to mess around with retrieving...
Read more >Access KeyVault from Azure Kubernetes Service (AKS) with ...
This blogpost tells you how to access the KeyVault from an… ... sometimes the Service Principal is not there yet az keyvault set-policy...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@yungezz Maybe I don’t understand what you mean with client side idempotency. Because I would not know why somebody needs that. Idempotency is about server side behavior if you ask me.
If I read about the az cli Standard Command Types, The CREATE command MUST be idempotent according to the documentation.
https://github.com/Azure/azure-cli/blob/dev/doc/command_guidelines.md#standard-command-types
Hopefully, the behavior of the Keyvault can be changed soon according to the cli guidelines.
@bim-msft Is there any ETA for this fix ? I am also facing this issue in my CMK code where i create key vault and then add ACL for CMK to work but once we deploy template again, things break because it altogether remove access policy. I have to everything via ARM here.