azure keyvault role assigment for secret

This is a common workflow where user would be granted acceptes to a secret. 

However role assignment to secret + version level can still happened like what we see here. But it is invalid. You won't be able to access the secret and the role assignment won't appear either

Command will be successful but don't do this 

az role assignment create
assignee 868f2c6b-a124-45b5-b0d1-ae6e408a7098  
--role "4633458b-17de-408a-b874-0445c86b69e6"  
--scope /subscriptions/tenand-id/resourceGroups/mytest-kv-rg/providers/
Microsoft.KeyVault/vaults/pv-test-kv-dev/secrets/mytestsecet/
550070619b634bee99d2b72d8e3616d8

Instead we should grant role assignment to secret level as the lowest level, for example. Then your role assignment magically appears as well

az role assignment create assignee 868f2c6b-a124-45b5-b0d1-ae6e408a7098  
--role "4633458b-17de-408a-b874-0445c86b69e6"
--scope /subscriptions/tenantid/resourceGroups/mytest-kv-rg/providers/
Microsoft.KeyVault/vaults/pv-test-kv-dev/secrets/mytestsecet

Comments

Post a Comment

Popular posts from this blog

vllm : Failed to infer device type

Trying to run vllm without gpu will typicaly lands you into this issue. To resolve this issue: we can use set these both. Setting one does not work for me. So i had to configure both settings below:- 1.  environment variable CUDA_VISIBLE_DEVICES = "" 2. in the command line, change to use device cpu and remove  tensor-parallel-size. For example, python3 -m vllm.entrypoints.openai.api_server --port 8080 --model deepseek-ai/DeepSeek-R1 --device cpu --trust-remote-code --max-model-len 4096" References https://docs.vllm.ai/en/latest/getting_started/troubleshooting.html#failed-to-infer-device-type
Read more

NodeJS: Error: spawn EINVAL in window for node version 20.20 and 18.20

Encounter this issue when running autorest (that uses nodejs).  I am using node version:  v18.20.2 After i revert to use node v18.12.0, then i was able to get my app to run without this error. Since i am working with Azure devops yaml, i was able to use the following to resolve my issue.  - task : NodeTool@0   inputs :     versionSource : 'spec'     versionSpec : '18.18.0'
Read more

android studio kotlin source is null error

Image
This org.jetbrains.kotlin.util.FileAnalysisException with a java.lang.IllegalArgumentException: source must not be null is a known issue that can sometimes occur with the Kotlin compiler. It seems to be related to how the compiler analyzes certain source code structures. When this happens, you need to go clean your project and do another rebuild.  For my case, I was trying to test out the databinding = true feature. 
Read more