Hi I m trying to create an access policy for an existing key

Question

Hi I m trying to create an access policy for an existing keyvault I m using GetVault Invoke from azure native using a different provider our keyvaults are on a different subscription to the one I m creating webapps on etc and then using the original azure package to create the access policy and everything works nicely when I pulumi up from my command line I can find the access policies using <http resources azure com|resources azure com> However when running the stack via azure pipelines this step fails claiming that it can t find the resource group that the keyvault belongs to `retrieving Key Vault xxxxx xxx xx Resource Group xxxxxx xxxxx xx keyvault VaultsClient Get Failure responding to request StatusCode=404 Original Error autorest azure Service returned an error Status=404 Code= ResourceGroupNotFound Message= Resource group xxxxxx xxxxx xx could not be found ` anyone an ideas why this is

abundant-potato-97520 · Answer

as a note the service connection principle is in the owner role for the subscription that the the keyvault belongs to

abundant-potato-97520 · Answer

here s the code that s creating the keyvault access policy `private void CreateKeyVaultAccessPolicies string resourceNamePrefix WebApp webApp string vaultResourceGroupName string vaultName Pulumi AzureNative Provider provider ` ` ` `var webAppId = webApp Identity Apply id = gt id PrincipalId 11111111 1111 1111 1111 111111111111 ` `var getVaultInvokeArgs = new Pulumi AzureNative KeyVault GetVaultInvokeArgs` ` ` `VaultName = vaultName ` `ResourceGroupName = vaultResourceGroupName ` ` ` `var keyVault = Pulumi AzureNative KeyVault GetVault Invoke getVaultInvokeArgs new InvokeOptions Provider = provider ` `var vaultId = keyVault Apply v = gt v Id ` `var clientConfigResult = Output Create Pulumi AzureNative Authorization GetClientConfig InvokeAsync ` `var accessPolicyArgs = new Pulumi Azure KeyVault AccessPolicyArgs` ` ` `KeyVaultId = vaultId ` `TenantId = clientConfigResult Apply c= gt c TenantId ` `ObjectId = webAppId ` `SecretPermissions =` ` ` ` Get ` ` List ` ` ` ` ` `var accessPolicy = new Pulumi Azure KeyVault AccessPolicy $ resourceNamePrefix keyVaultAccessPolicies accessPolicyArgs ` ` `