Hey there We re using Pulumi to manage hundreds of Azure res

Question

Hey there We re using Pulumi to manage hundreds of Azure resources and so far it s been amazing Thanks for such an awesome product Just recently we hit an issue though that is blocking us and we can t figure it out We are using Pulumi to provision an Azure KeyVault and some associated Access Policies The issue is with the access policies Provisioning access policies for users works just fine but when setting an access policy for an app things break down Seems Azure does not recognize the provisioning as being an app and instead classifies it as unknown see screenshot The access policy does not work in this mode Doing the same operation via the az command works just fine

gentle-diamond-70147 · Answer

Are you using azure or azure native One thing to try would be to `pulumi import ` an existing KeyVault and see what properties it prints out But ultimately this sounds like a bug would you mind opening a github issue

famous-leather-94346 · Answer

Have you used azure native it is quite compatible with the azure legacy We uses keyvault policies there without issues

lemon-chef-20322 · Answer

< famous leather 94346> yes we are using azure native Are you creating policies for AD `Applications` Policies for `Users` work fine

famous-leather-94346 · Answer

< lemon chef 20322> Do you create links for policies via service principals I don t think direct link to application works properly Ie ```properties=keyvault VaultPropertiesArgs access policies= keyvault AccessPolicyEntryArgs object id=service principal id lt service principal link permissions=keyvault PermissionsArgs keys= keyvault KeyPermissions GET keyvault KeyPermissions CREATE keyvault KeyPermissions DELETE keyvault KeyPermissions PURGE secrets= keyvault SecretPermissions SET keyvault SecretPermissions DELETE keyvault SecretPermissions PURGE keyvault SecretPermissions LIST tenant id=tenant id ```