Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding accessPolicies to existing keyVault results in error validating property "name" #836

Closed
SimonWahlin opened this issue Nov 6, 2020 · 5 comments
Closed

Adding accessPolicies to existing keyVault results in error validating property "name" #836

SimonWahlin opened this issue Nov 6, 2020 · 5 comments
Labels
bug Something isn't working

Comments

@SimonWahlin
Copy link
Collaborator

Bicep version
Bicep CLI version 0.1.226-alpha (eb3d221)

Describe the bug
Trying to add an accessPolicy to existing keyvault using the name '${keyVault.name}/add'

This results in following error message when trying to build:

Error BCP036: The property "name" expected a value of type "'add' | 'remove' | 'replace'" but the provided value is of type "string".

The property name should be KeyVaultName/add, but bicep validates the whole name against the valid names add/remove/replace instead of just the child-part of the name.

To Reproduce
Add an accessPolicy to existing key vault with following bicep code:

resource keyVaultAccessPolicy 'Microsoft.KeyVault/vaults/accessPolicies@2019-09-01' = {
    name: '${keyVault.name}/add'
    properties: {
        accessPolicies: [
            {
                tenantId: functionApp.outputs.principalTenantId
                objectId: functionApp.outputs.principalId
                permissions: {
                    certificates: [
                        'get'
                        'list'
                        'create'
                        'update'
                    ]
                }
            }
        ]
    }
}

Where keyVault is a Key Vault I just created in the same bicep file and functionApp is a nested deployment that deploys a functionApp with a managed identity.

Additional context
Seems like this is related to the discussion about introducing a parent syntax in #657
@ghost ghost added the Needs: Triage 🔍 label Nov 6, 2020
@alex-frankel
Copy link
Collaborator

thanks for reporting

this is a bug we'll need to fix, but in the meantime you can unblock yourself with the any() function:

resource keyVaultAccessPolicy 'Microsoft.KeyVault/vaults/accessPolicies@2019-09-01' = {
    name: any('${keyVault.name}/add')
    ...
}

@alex-frankel alex-frankel added bug Something isn't working and removed Needs: Triage 🔍 labels Nov 6, 2020
@SimonWahlin
Copy link
Collaborator Author

Thanks @alex-frankel, your workaround worked like a charm as always!

@alex-frankel alex-frankel mentioned this issue Dec 10, 2020
Closed
@alex-frankel
Copy link
Collaborator

@anthony-c-martin - will this be solved by #657? Or is this a KV swagger issue?

@anthony-c-martin
Copy link
Member

The swagger looks correct - #657 will fix it this.

@onionhammer onionhammer mentioned this issue Feb 16, 2021
Closed
@anthony-c-martin
Copy link
Member

Fixed with #657

@ghost ghost locked as resolved and limited conversation to collaborators May 29, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@SimonWahlin @alex-frankel @anthony-c-martin