From 176966466f75b149c4f520888851d457ee1eb94d Mon Sep 17 00:00:00 2001
From: Marcin Gastol <62604769+marcingastol@users.noreply.github.com>
Date: Mon, 7 Oct 2024 08:11:22 +0000
Subject: [PATCH] fix: InvalidKeyRotationPolicy (#3381)

## Description

<!--
>Thank you for your contribution !
> Please include a summary of the change and which issue is fixed.
> Please also include the context.
> List any dependencies that are required for this change.

Closes #{2760}
-->

## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |
|
[![avm.res.key-vault.vault](https://github.com/marcingastol/bicep-registry-modules/actions/workflows/avm.res.key-vault.vault.yml/badge.svg)](https://github.com/marcingastol/bicep-registry-modules/actions/workflows/avm.res.key-vault.vault.yml)
|

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- [ ] Update to CI Environment or utilities (Non-module affecting
changes)
- [ X] Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ X] Someone has opened a bug report issue, and I have included
"Closes #{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [ X] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ X] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [ X] Update to documentation

## Checklist

- [ X] I'm sure there are no other open Pull Requests for the same
update/change
- [ X] I have run `Set-AVMModule` locally to generate the supporting
module files.
- [ X] My corresponding pipelines / checks run clean and green without
any errors or warnings

<!-- Please keep up to date with the contribution guide at
https://aka.ms/avm/contribute/bicep -->

---------

Co-authored-by: Microsoft Learn Student <learn@contoso.com>
Co-authored-by: Felix Borst <17405838+fblix@users.noreply.github.com>
---
 avm/res/key-vault/vault/key/main.bicep |  4 +++-
 avm/res/key-vault/vault/key/main.json  | 18 +++-------------
 avm/res/key-vault/vault/main.json      | 30 ++++++++------------------
 avm/res/key-vault/vault/version.json   |  2 +-
 4 files changed, 16 insertions(+), 38 deletions(-)

diff --git a/avm/res/key-vault/vault/key/main.bicep b/avm/res/key-vault/vault/key/main.bicep
index 45e00bf511..5f54bc9464 100644
--- a/avm/res/key-vault/vault/key/main.bicep
+++ b/avm/res/key-vault/vault/key/main.bicep
@@ -129,8 +129,10 @@ resource key 'Microsoft.KeyVault/vaults/keys@2022-07-01' = {
     keyOps: keyOps
     keySize: keySize
     kty: kty
-    rotationPolicy: rotationPolicy ?? {}
     release_policy: releasePolicy ?? {}
+    ...(empty(rotationPolicy) ? {} : {
+      rotationPolicy: rotationPolicy
+    })
   }
 }
 
diff --git a/avm/res/key-vault/vault/key/main.json b/avm/res/key-vault/vault/key/main.json
index 63c2159cb2..6976827555 100644
--- a/avm/res/key-vault/vault/key/main.json
+++ b/avm/res/key-vault/vault/key/main.json
@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.29.47.4906",
-      "templateHash": "14269695922191217406"
+      "version": "0.30.3.12046",
+      "templateHash": "13039550242026782790"
     },
     "name": "Key Vault Keys",
     "description": "This module deploys a Key Vault Key.",
@@ -232,19 +232,7 @@
       "apiVersion": "2022-07-01",
       "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('name'))]",
       "tags": "[parameters('tags')]",
-      "properties": {
-        "attributes": {
-          "enabled": "[parameters('attributesEnabled')]",
-          "exp": "[parameters('attributesExp')]",
-          "nbf": "[parameters('attributesNbf')]"
-        },
-        "curveName": "[parameters('curveName')]",
-        "keyOps": "[parameters('keyOps')]",
-        "keySize": "[parameters('keySize')]",
-        "kty": "[parameters('kty')]",
-        "rotationPolicy": "[coalesce(parameters('rotationPolicy'), createObject())]",
-        "release_policy": "[coalesce(parameters('releasePolicy'), createObject())]"
-      },
+      "properties": "[shallowMerge(createArray(createObject('attributes', createObject('enabled', parameters('attributesEnabled'), 'exp', parameters('attributesExp'), 'nbf', parameters('attributesNbf')), 'curveName', parameters('curveName'), 'keyOps', parameters('keyOps'), 'keySize', parameters('keySize'), 'kty', parameters('kty'), 'release_policy', coalesce(parameters('releasePolicy'), createObject())), if(empty(parameters('rotationPolicy')), createObject(), createObject('rotationPolicy', parameters('rotationPolicy')))))]",
       "dependsOn": [
         "keyVault"
       ]
diff --git a/avm/res/key-vault/vault/main.json b/avm/res/key-vault/vault/main.json
index 74ea3bdd03..a6769b9cb6 100644
--- a/avm/res/key-vault/vault/main.json
+++ b/avm/res/key-vault/vault/main.json
@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.29.47.4906",
-      "templateHash": "8938543730613882040"
+      "version": "0.30.23.60470",
+      "templateHash": "4499855760252174192"
     },
     "name": "Key Vaults",
     "description": "This module deploys a Key Vault.",
@@ -1224,8 +1224,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.29.47.4906",
-              "templateHash": "7494731697751039419"
+              "version": "0.30.23.60470",
+              "templateHash": "15469258025112973480"
             },
             "name": "Key Vault Access Policies",
             "description": "This module deploys a Key Vault Access Policy.",
@@ -1493,8 +1493,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.29.47.4906",
-              "templateHash": "114626909766354577"
+              "version": "0.30.23.60470",
+              "templateHash": "10121697157844029321"
             },
             "name": "Key Vault Secrets",
             "description": "This module deploys a Key Vault Secret.",
@@ -1791,8 +1791,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.29.47.4906",
-              "templateHash": "14269695922191217406"
+              "version": "0.30.23.60470",
+              "templateHash": "796741209006922272"
             },
             "name": "Key Vault Keys",
             "description": "This module deploys a Key Vault Key.",
@@ -2018,19 +2018,7 @@
               "apiVersion": "2022-07-01",
               "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('name'))]",
               "tags": "[parameters('tags')]",
-              "properties": {
-                "attributes": {
-                  "enabled": "[parameters('attributesEnabled')]",
-                  "exp": "[parameters('attributesExp')]",
-                  "nbf": "[parameters('attributesNbf')]"
-                },
-                "curveName": "[parameters('curveName')]",
-                "keyOps": "[parameters('keyOps')]",
-                "keySize": "[parameters('keySize')]",
-                "kty": "[parameters('kty')]",
-                "rotationPolicy": "[coalesce(parameters('rotationPolicy'), createObject())]",
-                "release_policy": "[coalesce(parameters('releasePolicy'), createObject())]"
-              },
+              "properties": "[shallowMerge(createArray(createObject('attributes', createObject('enabled', parameters('attributesEnabled'), 'exp', parameters('attributesExp'), 'nbf', parameters('attributesNbf')), 'curveName', parameters('curveName'), 'keyOps', parameters('keyOps'), 'keySize', parameters('keySize'), 'kty', parameters('kty'), 'release_policy', coalesce(parameters('releasePolicy'), createObject())), if(empty(parameters('rotationPolicy')), createObject(), createObject('rotationPolicy', parameters('rotationPolicy')))))]",
               "dependsOn": [
                 "keyVault"
               ]
diff --git a/avm/res/key-vault/vault/version.json b/avm/res/key-vault/vault/version.json
index b8b30a0125..9c08aae215 100644
--- a/avm/res/key-vault/vault/version.json
+++ b/avm/res/key-vault/vault/version.json
@@ -1,6 +1,6 @@
 {
     "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
-    "version": "0.9",
+    "version": "0.10",
     "pathFilters": [
         "./main.json"
     ]