Frederic Gauthier
Frederic Gauthier

Reputation: 23

KeyVault Template - Multiple AccesPolicies

I have multiple object ids to add in the key vault's acces policies. So I have an array of objectId and i'm looping through it. But I get this error: An invalid value was provided for 'accessPolicies'. My code is based on this one: https://collab365.community/azure-keyvault-set-multiple-access-policies-using-the-arm-template/

This is a part of my arm template:

"parameters": {
"kvAccessPolicies": {
      "type": "array",
      "metadata": {
        "description": "Access Ids for KeyVaults"
      },
      "defaultValue": [
        "none"
      ]
    }
},
"resources": [
{
      "type": "Microsoft.KeyVault/vaults/accessPolicies",
      "name": "[concat(parameters('keyVaultName'), '/add')]",
      "apiVersion": "2019-09-01",
      "dependsOn":[  
        "[parameters('keyVaultName')]"
      ],
      "properties": {
          "accessPolicies": [
            {
            "copy": [
              {
                "name": "accessPolicies",
                "count": "[length(parameters('kvAccessPolicies'))]",
                "input": {
                  "tenantId": "[subscription().tenantId]",
                  "objectId": "[parameters('kvAccessPolicies')[copyIndex('accessPolicies')].objectId]",
                  "permissions": {
                    "keys": [
                      "all"
                    ],
                    "secrets": [
                      "all"
                    ],
                    "certificates": [
                      "all"
                    ],
                    "storage": [
                      "all"
                    ]
                  }
                }
              }
            ]
          }
          ]
      }
  }
]

This is a part of my parameter file:

"KvAccessPolicies": [ 
            {
                "objectId": "85949fj3-t488-4ye3-5i54-2j2jwk5jri3e"
            },
            {
                "objectId": "4ieh345t-6i4r-t5y4-g9t4-7u6jktl5kri4"
            }
        ]

Upvotes: 2

Views: 403

Answers (1)

Stringfellow
Stringfellow

Reputation: 2908

You do not need the accessPolicies property. The copy iterator will use the "name": "accessPolicies", line to add the property for you. Just eliminate that level, bringing the copy block up a level.

"properties": {
    "copy": [
    {
        "name": "accessPolicies",
        "count": "[length(parameters('kvAccessPolicies'))]",
        "input": {
            "tenantId": "[subscription().tenantId]",
            "objectId": "[parameters('kvAccessPolicies')[copyIndex('accessPolicies')].objectId]",
            "permissions": {
                "keys": [
                    "all"
                ],
                "secrets": [
                    "all"
                ],
                "certificates": [
                    "all"
                ],
                "storage": [
                    "all"
                ]
            }
        }
    }
    ]
}

Upvotes: 2

Related Questions