Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_key_vault has "ConflictError" when building, recommended fix from Azure is to serialize actions #15127

Closed
jblackwood12 opened this issue Jan 26, 2022 · 5 comments
Closed

azurerm_key_vault has "ConflictError" when building, recommended fix from Azure is to serialize actions #15127

jblackwood12 opened this issue Jan 26, 2022 · 5 comments

Comments

@jblackwood12
Copy link

jblackwood12 commented Jan 26, 2022
edited

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

2.93.1

Affected Resource(s)

  • azurerm_key_vault

Terraform Configuration Files

I can't add the configuration files yet, because I need to be sure no sensitive data is shared.

Debug Output

Error: creating Vault: (Name "samplekvname" / Resource Group "samplergname"): keyvault.VaultsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status=<nil> Code="ConflictError" Message="A conflict occurred that prevented the operation from completing. The operation failed because the Key Vault 'samplekvname' changed from the point the operation began. This can happen if parallel operations are being performed on the Key Vault. To prevent this error, serialize the operations so that only one operation is performed on the Key Vault at a time. Follow this link for more information: https://go.microsoft.com/fwlink/?linkid=2147741

Panic Output

Expected Behaviour

Should have built the "azurerm_key_vault"

Actual Behaviour

Fails to build the "azurerm_key_vault"

Steps to Reproduce

  1. terraform apply

Important Factoids

References
@jblackwood12
Copy link
Author

I've just tried using parallelism=1 and got the same error. I'll look at the terraform configuration next.

@jblackwood12
Copy link
Author

Looks like this could be due to the soft deleted key conflicting with the new key being created which has the same name. I'm testing this out by adding this to the azurerm features block:

key_vault { purge_soft_delete_on_destroy = true }

@sinbai
Copy link
Contributor

sinbai commented Jan 27, 2022

Looks like this could be due to the soft deleted key conflicting with the new key being created which has the same name. I'm testing this out by adding this to the azurerm features block:

key_vault { purge_soft_delete_on_destroy = true }

@jblackwood12 thanks for opening this issue. If this issue persists after testing, could you please provide your terraform config that could help repro and troubleshooting?

@jblackwood12
Copy link
Author

@sinbai I've resolved the issue.

As of 1/19/2022, Azure started ensuring "soft-delete" was used when deleting a "Key Vault". The application we were using to communicate to Azure (via Terraform) did not have permissions to purge soft-deleted Key Vaults.

So, I delegated an Azure Key Vault role which had the "purge" soft-delete permission. And, also I've used the block I mentioned above.

@github-actions
Copy link

github-actions bot commented Mar 2, 2022

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 2, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jblackwood12 @sinbai