Bootstrap dev Key Vault access before Terraform apply#84
Conversation
Terraform Plan (
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: bded32ea96
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| az keyvault set-policy \ | ||
| --name nl-dev-convolens-kv \ | ||
| --object-id "$DEPLOYER_OBJECT_ID" \ | ||
| --secret-permissions get list set delete purge recover |
There was a problem hiding this comment.
Skip the bootstrap until the Key Vault exists
On the first dev deployment (and after the documented terraform destroy), nl-dev-convolens-kv does not yet exist; the dev Terraform configuration is what creates it. This unconditional az keyvault set-policy therefore exits nonzero before Terraform Init/Apply can create the vault, preventing CI from provisioning or recreating the environment. Guard the command for a missing vault, or perform this bootstrap only after the vault is known to exist.
Useful? React with 👍 / 👎.
Summary
Fixes
Validation