Copied from example docs:
provider "azurerm" {
skip_provider_registration = true
environment = "usgovernment"
features {}
}
data "azurerm_client_config" "current" {}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "USGovVirginia"
}
resource "azurerm_key_vault" "example" {
name = "examplekeyvault89151"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 7
purge_protection_enabled = false
sku_name = "standard"
access_policy {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
key_permissions = [
"Get",
]
secret_permissions = [
"Get",
]
storage_permissions = [
"Get",
]
}
}
This works in Azure Commercial, but fails in Azure USGovernment. v2.99 of the azurerm
provider worked fine.
│ Error: retrieving `contact` for KeyVault: keyvault.BaseClient#GetCertificateContacts: Failure sending request: StatusCode=0 -- Original Error: context deadline exceeded
│
│ with azurerm_key_vault.example,
│ on main.tf line 15, in resource "azurerm_key_vault" "example":
│ 15: resource "azurerm_key_vault" "example" {
│
It also fails with refreshing state:
azurerm_key_vault.example: Refreshing state... [id=/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-resources/providers/Microsoft.KeyVault/vaults/examplekeyvault89151]
2022-04-11T17:37:30.085-0400 [DEBUG] provider.terraform-provider-azurerm_v3.1.0_x5.exe: AzureRM Request:
GET /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-resources/providers/Microsoft.KeyVault/vaults/examplekeyvault89151?api-version=2019-09-01 HTTP/1.1
Host: management.usgovcloudapi.net
User-Agent: Go/go1.18 (amd64-windows) go-autorest/v14.2.1 Azure-SDK-For-Go/v63.0.0 keyvault/2020-04-01-preview HashiCorp Terraform/1.1.8 (+https://www.terraform.io) Terraform Plugin SDK/2.10.1 terraform-provider-azurerm/3.1.0 pid-222c6c49-1b0a-5959-a213-6608f9eb8820
X-Ms-Correlation-Request-Id: eec2f4ab-8362-55f7-2b9f-30c0a9ab9786
Accept-Encoding: gzip: timestamp=2022-04-11T17:37:30.085-0400
2022-04-11T17:37:30.733-0400 [DEBUG] provider.terraform-provider-azurerm_v3.1.0_x5.exe: AzureRM Response for https://management.usgovcloudapi.net/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-resources/providers/Microsoft.KeyVault/vaults/examplekeyvault89151?api-version=2019-09-01:
HTTP/2.0 200 OK
Cache-Control: no-cache
Content-Type: application/json; charset=utf-8
Date: Mon, 11 Apr 2022 21:37:30 GMT
Expires: -1
Pragma: no-cache
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Aspnet-Version: 4.0.30319
X-Content-Type-Options: nosniff
X-Ms-Client-Request-Id: 3673b530-38cb-4508-b25b-b3c99876e2d7
X-Ms-Correlation-Request-Id: eec2f4ab-8362-55f7-2b9f-30c0a9ab9786
X-Ms-Keyvault-Service-Version: 1.5.322.3
X-Ms-Ratelimit-Remaining-Subscription-Reads: 14997
X-Ms-Request-Id: d6c60a74-7c1e-4fb4-8d24-aa5109bfd4eb
X-Ms-Routing-Request-Id: USGOVARIZONA:20220411T213730Z:6d9dc26a-ccd0-44ec-bd2c-4ed830bc4726
X-Powered-By: ASP.NET
{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-resources/providers/Microsoft.KeyVault/vaults/examplekeyvault89151","name":"examplekeyvault89151","type":"Microsoft.KeyVault/vaults","location":"usgovvirginia","tags":{},"properties":{"sku":{"family":"A","name":"standard"},"tenantId":"00000000-0000-0000-0000-000000000000","accessPolicies":[{"tenantId":"00000000-0000-0000-0000-000000000000","objectId":"1f8d9a5a-c74b-4927-a72d-6cf5d4660052","permissions":{"keys":["Get"],"secrets":["Get"],"certificates":[],"storage":["Get"]}}],"enabledForDeployment":false,"enabledForDiskEncryption":true,"enabledForTemplateDeployment":false,"enableSoftDelete":true,"softDeleteRetentionInDays":7,"enableRbacAuthorization":false,"vaultUri":"https://examplekeyvault89151.vault.usgovcloudapi.net/","provisioningState":"Succeeded"}}: timestamp=2022-04-11T17:37:30.733-0400
2022-04-11T17:42:30.106-0400 [ERROR] vertex "azurerm_key_vault.example" error: retrieving `contact` for KeyVault: keyvault.BaseClient#GetCertificateContacts: Failure sending request: StatusCode=0 -- Original Error: context deadline exceeded
2022-04-11T17:42:30.106-0400 [ERROR] vertex "azurerm_key_vault.example" error: retrieving `contact` for KeyVault: keyvault.BaseClient#GetCertificateContacts: Failure sending request: StatusCode=0 -- Original Error: context deadline exceeded
2022-04-11T17:42:30.106-0400 [ERROR] vertex "azurerm_key_vault.example (expand)" error: retrieving `contact` for KeyVault: keyvault.BaseClient#GetCertificateContacts: Failure sending request: StatusCode=0 -- Original Error: context deadline exceeded
╷
│ Error: retrieving `contact` for KeyVault: keyvault.BaseClient#GetCertificateContacts: Failure sending request: StatusCode=0 -- Original Error: context deadline exceeded
│
│ with azurerm_key_vault.example,
│ on main.tf line 15, in resource "azurerm_key_vault" "example":
│ 15: resource "azurerm_key_vault" "example" {
│
╵
2022-04-11T17:42:30.112-0400 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2022-04-11T17:42:30.124-0400 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/azurerm/3.1.0/windows_amd64/terraform-provider-azurerm_v3.1.0_x5.exe pid=944
2022-04-11T17:42:30.124-0400 [DEBUG] provider: plugin exited
Terraform versions:
$ terraform version
Terraform v1.1.8
on windows_amd64
+ provider registry.terraform.io/hashicorp/azurerm v3.1.0