You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.
Description
Not sure if this is a terraform provider design descision or an ARM API limitation
many different resources have a separate resource block to enable cmk encryption instead of passing the cmk info in the original resource block itself.
while choosing this approach it is not possible to define policies that use the effect "Deny" on resources that do not use CMK, if the resources are created with terraform, as they never can be created in the first place.
educated guess is that azurerm_kusto_cluster is being created first and the policy engine denies the resource as it is not configured properly.
New or Affected Resource(s)/Data Source(s)
azurerm_kusto_cluster
Potential Terraform Configuration
No response
References
No response
The text was updated successfully, but these errors were encountered:
Is there an existing issue for this?
Community Note
Description
Not sure if this is a terraform provider design descision or an ARM API limitation
many different resources have a separate resource block to enable cmk encryption instead of passing the cmk info in the original resource block itself.
examples:
"azurerm_kusto_cluster" uses "azurerm_kusto_cluster_customer_managed_key"
"azurerm_mssql_managed_instance" uses "azurerm_mssql_managed_instance_transparent_data_encryption"
"azurerm_mssql_server" uses "azurerm_mssql_server_transparent_data_encryption"
while choosing this approach it is not possible to define policies that use the effect "Deny" on resources that do not use CMK, if the resources are created with terraform, as they never can be created in the first place.
educated guess is that azurerm_kusto_cluster is being created first and the policy engine denies the resource as it is not configured properly.
New or Affected Resource(s)/Data Source(s)
azurerm_kusto_cluster
Potential Terraform Configuration
No response
References
No response
The text was updated successfully, but these errors were encountered: