Azurerm_api_connection for keyvault

Terraform Providers Azure
1

Hi,
I’m trying to create an api connection (for use with a managed identity) in terraform for the keyvault managed API.

When looking at the ARM template it requires a parameterValueSet as follows:

{
    "kind": "V1",
    "properties": {
        "displayName": "<myKeyvault>",
        "parameterValueSet": {
            "name": "oauthMI",
            "values": {
                "vaultName": {
                    "value": "<myVaulName>"
                }
            }
        },
        "api": {
            "name": "keyvault",
            "displayName": "Azure Key Vault",
            "description": "Azure Key Vault is a service to securely store and access secrets.",
            "iconUri": "https://connectoricons-prod.azureedge.net/releases/v1.0.1656/1.0.1656.3432/keyvault/icon.png",
            "brandColor": "#0079d6",
            "category": "Standard",
            "id": "/subscriptions/<subscriptionId>/providers/Microsoft.Web/locations/<location>/managedApis/keyvault",
            "type": "Microsoft.Web/locations/managedApis"
        },
        "testLinks": [],
        "testRequests": []
    },
    "id": "/subscriptions/<subscriptionId>/resourceGroups/rg-ido-dev-timetracking/providers/Microsoft.Web/connections/keyvault",
    "name": "keyvault",
    "type": "Microsoft.Web/connections",
    "location": "<location>"
}

Per documentation terraform offers no way to parse parameterValueSets, it is only possible to parse parameterValues in the azurerm_api_connection resource.

Is there any way to do this or am I forced to create it via ARM template?

2 Likes
2

Came here to ask the same question. Did you ever solve this or did you use a null resource or ARM template? Funny thing is I did make it work previously but I can’t for the life of me remember how. Setting the values that are required in parameterValueSet in parameter_settings does not work as it is the incorrect place for “name”.

For example:

parameter_values    = {
    
    name: "oauthMI"
    vaultName:  "keyvaultname"
  }

results in the error:

Connection Name: “keyvault”): unexpected status 400 with error: BadRequest: {“Code”:“BadRequest”,“Message”:“Input parameters are invalid. See details for more information. Details:errorCode: ParameterNotDefined. Message: Parameter ‘name’ is not allowed on the connection since it was not defined as a connection parameter when the API was registered.”,“Target”:null,“Details”:[{“Message”:"Input parameters are invalid

checking the JSON from a keyvault that IS configured to use MI, and we can see it more clearly.

"kind": "V1",
    "properties": {
        "displayName": "keyvault-1",
        "authenticatedUser": {},
        "overallStatus": "Ready",
        "statuses": [
            {
                "status": "Ready"
            }
        ],
        "connectionState": "Enabled",
        "parameterValueSet": {
            "name": "oauthMI",
            "values": {
                "vaultName": {
                    "value": "devKeyVaultName"
                }
            }
        }

I’ve tried this with the latest provider (at this time 4.9.0) and receive the same error, anyone have this working or has a workaround?