Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AVM Module Issue]: avm.res.synapse.workspace Workspace using CMK unable to deploy when Keyvault resource is located in a different resource group #3914

Open
1 task done
chris-gibbs opened this issue Dec 10, 2024 · 3 comments
Open
1 task done

[AVM Module Issue]: avm.res.synapse.workspace Workspace using CMK unable to deploy when Keyvault resource is located in a different resource group #3914

chris-gibbs opened this issue Dec 10, 2024 · 3 comments
Labels
Class: Resource Module 📦 This is a resource module Needs: Core Team 🧞 This item needs the AVM Core Team to review it Status: Module Orphaned 👀 The module has no owner and is therefore orphaned at this time Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue Type: Bug 🐛 Something isn't working

Comments

@chris-gibbs
Copy link

chris-gibbs commented Dec 10, 2024
edited by AlexanderSehr
Loading

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Issue Type?

Bug

Module Name

avm/res/synapse/workspace

(Optional) Module Version

No response

Description

The scope keeps getting evaluated as resourceGroup() when passing in encryptionActivateWorkspace true and customerManagedKey.keyVaultResourceId set to a kevvault resource located in a different resource group.

main.bicep

  module workspace_cmk_rbac 'modules/nested_cmkRbac.bicep' = if (encryptionActivateWorkspace) {
    name: '${workspace.name}-cmk-rbac'
    params: {
      workspaceIndentityPrincipalId: workspace.identity.principalId
      keyvaultName: !empty(customerManagedKey.?keyVaultResourceId) ? cMKKeyVault.name : ''
      usesRbacAuthorization: !empty(customerManagedKey.?keyVaultResourceId)
        ? cMKKeyVault.properties.enableRbacAuthorization
        : true
    }
    scope: encryptionActivateWorkspace
      ? resourceGroup(
          split((customerManagedKey.?keyVaultResourceId ?? '//'), '/')[2],
          split((customerManagedKey.?keyVaultResourceId ?? '////'), '/')[4]
        )
      : resourceGroup()
  }

(Optional) Correlation Id

No response
@chris-gibbs chris-gibbs added Needs: Triage 🔍 Maintainers need to triage still Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue labels Dec 10, 2024
@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link

Important

The "Needs: Triage 🔍" label must be removed once the triage process is complete!

Tip

For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.

@microsoft-github-policy-service microsoft-github-policy-service bot added the Type: Bug 🐛 Something isn't working label Dec 10, 2024
@avm-team-linter avm-team-linter bot added the Class: Resource Module 📦 This is a resource module label Dec 10, 2024
@github-project-automation github-project-automation bot moved this to Needs: Triage in AVM - Module Issues Dec 10, 2024
@avm-team-linter AVM Team Linter
Copy link

@chris-gibbs, thanks for submitting this issue for the avm/res/synapse/workspace module!

Important

Please note, that this module is currently orphaned. The @Azure/avm-core-team-technical-bicep, will attempt to find an owner for it. In the meantime, the core team may assist with this issue. Thank you for your patience!

@AlexanderSehr
Copy link
Contributor

Hey @chris-gibbs,
would you happen to have a pipeline run available we could check out?
Quite surprising that the logic does not kick in. Then again, it's anyways a bit special that it has this extra scope case handling in the first place (compared to most of not all other module implementations).

@AlexanderSehr AlexanderSehr added Status: Module Orphaned 👀 The module has no owner and is therefore orphaned at this time Needs: Core Team 🧞 This item needs the AVM Core Team to review it and removed Needs: Triage 🔍 Maintainers need to triage still labels Dec 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Class: Resource Module 📦 This is a resource module Needs: Core Team 🧞 This item needs the AVM Core Team to review it Status: Module Orphaned 👀 The module has no owner and is therefore orphaned at this time Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue Type: Bug 🐛 Something isn't working
Projects
AVM - Module Issues
Status: Needs: Triage
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chris-gibbs @AlexanderSehr