key-vault/nested items: support for purging deleted items #9911
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ring This field is optional, so this makes sense to be optional or a UUID
…ture flag Whilst initially I was intending to use a separate `purge_nested_items_on_destroy` flag the "recover" feature flag is shared between the Key Vault and it's Nested Items - as such to mirror that behaviour I'm reusing that feature flag.
This is implied since the resource doesn't support Update
jackofallops
approved these changes
Dec 17, 2020
There was a problem hiding this comment.
Thanks @tombuildsstuff - Couple of minor observations on the docs, but otherwise LGTM 👍
|
Tests pass:
|
tombuildsstuff
added a commit
that referenced
this pull request
Dec 17, 2020
|
This has been released in version 2.41.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 2.41.0"
}
# ... other configuration ... |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
ghost
locked as resolved and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces Purging for Nested Items (e.g. Certificates, Keys and Secrets) during deletion - like we do for the Key Vaults themselves. This behaviour can be opted-out of using the
purge_soft_delete_on_destroyflag (which is reused in the same way that therecover_soft_deleted_key_vaultsflag is reused between Key Vaults and Nested Items)This also fixes an issue where the Key Vault Data Plane API is eventually consistent, by polling to ensure the Nested Item is fully deleted (and subsequently fully purged, if we're opted-into that) during the Delete function.
This change is necessary to workaround an upcoming breaking change happening on December 31st where all Key Vaults get Soft-Delete force-enabled by default and have no means of disabling that - as such to retain the same behaviour as exists today Nested Items must (presuming the users opted in) now be purged during deletion (since users have already confirmed they want to delete these items via approving the
terraform plan).Fixes #5659