Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: retrieving contact for Keyvault: Keyvault. BaseClient#getcertificateContacts : failure sending request: Original error: context deadline exceeded #21876

Closed
1 task done
reshmav18 opened this issue May 22, 2023 · 2 comments
Closed
1 task done

Error: retrieving contact for Keyvault: Keyvault. BaseClient#getcertificateContacts : failure sending request: Original error: context deadline exceeded #21876

reshmav18 opened this issue May 22, 2023 · 2 comments
Labels
question

Comments

@reshmav18
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

N/A

AzureRM Provider Version

N/A

Affected Resource(s)/Data Source(s)

azurerm/keyvault

Terraform Configuration Files

resource "arurerm_key_vault" "keyvault"{
name = local.keyvault.name
location = var.deployment.target.location
resource_group_name =var.deployment.target.resource_group
enabled_for_disk_encryption= true
purge_protection_enabled = true
tenant_id= lookup(var.tenat_id, var.deployment.tenant)

sku_name ="premuim"

network_acls {
bypass= "Azureservices"
default_action= "deny"
virtual_network_subnet_ids =[]
ip_rules = var.allowed_ips
}

tags= local.tags_full

lifecycle{
ignore_changes =[
tags["created"]
]
}
}

Debug Output/Panic Output

Error: retrieving contact for Keyvault: Keyvault. BaseClient#getcertificateContacts : failure sending request: Statuscode=0 -- Original error: context deadline exceeded

Expected Behaviour

No response

Actual Behaviour

The customer is running a terraform script to re-create a AKS cluster which creates a PEP in Key Vault. The terraform script is listing the changes made, checking the KV config as below and then create a cluster associated with PEP.

resource "arurerm_key_vault" "keyvault"{
name = local.keyvault.name
location = var.deployment.target.location
resource_group_name =var.deployment.target.resource_group
enabled_for_disk_encryption= true
purge_protection_enabled = true
tenant_id= lookup(var.tenat_id, var.deployment.tenant)

sku_name ="premuim"

network_acls {
bypass= "Azureservices"
default_action= "deny"
virtual_network_subnet_ids =[]
ip_rules = var.allowed_ips
}

tags= local.tags_full

lifecycle{
ignore_changes =[
tags["created"]
]
}
}

It is able to list the changes but when tries to check KV config failing with below error

Error: retrieving contact for Keyvault: Keyvault. BaseClient#getcertificateContacts : failure sending request: Statuscode=0 -- Original error: context deadline exceeded

Able to see list changes in Azure activity logs,

Steps to Reproduce
The customer is running a terraform script to re-create a AKS cluster which creates a PEP in Key Vault. The terraform script is listing the changes made, checking the KV config as below and then create a cluster associated with PEP.

resource "arurerm_key_vault" "keyvault"{
name = local.keyvault.name
location = var.deployment.target.location
resource_group_name =var.deployment.target.resource_group
enabled_for_disk_encryption= true
purge_protection_enabled = true
tenant_id= lookup(var.tenat_id, var.deployment.tenant)

sku_name ="premuim"

network_acls {
bypass= "Azureservices"
default_action= "deny"
virtual_network_subnet_ids =[]
ip_rules = var.allowed_ips
}

tags= local.tags_full

lifecycle{
ignore_changes =[
tags["created"]
]
}
}

It is able to list the changes but when tries to check KV config failing with below error

Error: retrieving contact for Keyvault: Keyvault. BaseClient#getcertificateContacts : failure sending request: Statuscode=0 -- Original error: context deadline exceeded

Able to see list changes in Azure activity logs,

Screenshot available

Reached out to Azure KeyVault team and suggestion was to reach out to Terreform Team

Steps to Reproduce

The customer is running a terraform script to re-create a AKS cluster which creates a PEP in Key Vault. The terraform script is listing the changes made, checking the KV config as below and then create a cluster associated with PEP.

resource "arurerm_key_vault" "keyvault"{
name = local.keyvault.name
location = var.deployment.target.location
resource_group_name =var.deployment.target.resource_group
enabled_for_disk_encryption= true
purge_protection_enabled = true
tenant_id= lookup(var.tenat_id, var.deployment.tenant)

sku_name ="premuim"

network_acls {
bypass= "Azureservices"
default_action= "deny"
virtual_network_subnet_ids =[]
ip_rules = var.allowed_ips
}

tags= local.tags_full

lifecycle{
ignore_changes =[
tags["created"]
]
}
}

It is able to list the changes but when tries to check KV config failing with below error

Error: retrieving contact for Keyvault: Keyvault. BaseClient#getcertificateContacts : failure sending request: Statuscode=0 -- Original error: context deadline exceeded

Able to see list changes in Azure activity logs,

Steps to Reproduce
The customer is running a terraform script to re-create a AKS cluster which creates a PEP in Key Vault. The terraform script is listing the changes made, checking the KV config as below and then create a cluster associated with PEP.

resource "arurerm_key_vault" "keyvault"{
name = local.keyvault.name
location = var.deployment.target.location
resource_group_name =var.deployment.target.resource_group
enabled_for_disk_encryption= true
purge_protection_enabled = true
tenant_id= lookup(var.tenat_id, var.deployment.tenant)

sku_name ="premuim"

network_acls {
bypass= "Azureservices"
default_action= "deny"
virtual_network_subnet_ids =[]
ip_rules = var.allowed_ips
}

tags= local.tags_full

lifecycle{
ignore_changes =[
tags["created"]
]
}
}

It is able to list the changes but when tries to check KV config failing with below error

Error: retrieving contact for Keyvault: Keyvault. BaseClient#getcertificateContacts : failure sending request: Statuscode=0 -- Original error: context deadline exceeded

Able to see list changes in Azure activity logs,

Screenshot available

Reached out to Azure KeyVault team and suggestion was to reach out to Terreform Team

Important Factoids

No response

References

No response
@tombuildsstuff
Copy link
Contributor

Duplicate of #9738, please subscribe to that issue for updates - ultimately this is an API limitation since the API doesn't expose this information via the Resource Manager API, so we need to use the Data Plane API here - you can fix this by updating the default_action of the network_acl block, or adding the IP Address of where Terraform is being run to the allow-list.

@reshmav18 reshmav18 mentioned this issue Jul 12, 2023
Open
@github-actions GitHub Actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 26, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tombuildsstuff @reshmav18