Остальные вызова KeyVault API, не удалось, как часть развертывания ARM

Question

кронштейну Развертывание бросает следующее исключение:

The secret of KeyVault parameter 'dbAdministratorLogin' cannot be retrieved. Http status code: '<null>'. Error message: 'The KeyVault API rest call failed. HttpStatusCode: 'Unknown', Exception: 'Newtonsoft.Json.JsonSerializationException: Required property 'detail' not found in JSON. Path '', line 1, position 75. 
    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.EndObject(Object newObject, JsonReader reader, JsonObjectContract contract, Int32 initialDepth, Dictionary`2 propertiesPresence) 
    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id) 
    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue) 
    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue) 
    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent) 
    at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType) 
    at Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings) 
    at Newtonsoft.Json.JsonConvert.DeserializeObject[T](String value, JsonSerializerSettings settings) 
    at Microsoft.WindowsAzure.ResourceStack.Frontdoor.Data.DataProviders.KeyVaultDataProvider.<GetSecret>d__13.MoveNext() in x:\bt\662571\repo\src\frontdoor\Roles\Frontdoor.Data\DataProviders\KeyVaultDataProvider.cs:line 269 
--- End of stack trace from previous location where exception was thrown --- 
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) 
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
    at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult() 
    at Microsoft.WindowsAzure.ResourceStack.Common.Algorithms.AsyncRetry.<Retry>d__6`1.MoveNext() in x:\bt\662571\repo\src\common\core\algorithms\AsyncRetry.cs:line 79 
--- End of stack trace from previous location where exception was thrown --- 
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) 
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
    at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult() 
    at Microsoft.WindowsAzure.ResourceStack.Frontdoor.Data.DataProviders.KeyVaultDataProvider.<GetSecret>d__8.MoveNext() in x:\bt\662571\repo\src\frontdoor\Roles\Frontdoor.Data\DataProviders\KeyVaultDataProvider.cs:line 197'.'. 

, где параметр определяется как ссылка на секрет в keyvault:

"dbAdministratorLogin": { 
    "reference": { 
     "keyVault": { 
     "id": "/subscriptions/{maskedguid}/resourceGroups/ascend-ammo-infrastructure-test/providers/Microsoft.KeyVault/vaults/ascend-ammo-kv-test" 
     }, 
     "secretName": "ascend-ammo-weu-dbAdministratorLogin" 
    } 
    }, 

Любой человек из команды Azure KeyVault, который может дать некоторое представление о потенциальных проблемах, которые могут вызвать эту проблему. Не знаю, есть ли ошибки разрешения, tempalte-ошибки или что-то еще.

Вот мои тестовые файлы:

{ 
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", 
    "contentVersion": "1.0.0.0", 
    "parameters": { 
    "myAdminUsername": { 
     "value": "MyAdministrator" 
    }, 
    "myAdminPassword": { 
     "reference": { 
     "keyVault": { 
      "id": "/subscriptions/{subid}/resourceGroups/ascend-ammo-infrastructure/providers/Microsoft.KeyVault/vaults/{existingkvname}" 
     }, 
     "secretName": "ascend-ammo-weu-dbAdministratorLoginPassword" 
     } 
    } 
    } 
} 

и

{ 
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", 
    "contentVersion": "1.0.0.0", 
    "parameters": { 
    "myAdminUsername": { 
     "type": "string", 
     "minLength": 4 
    }, 
    "myAdminPassword": { 
     "type": "securestring" 
    } 
    }, 
    "resources": [ 
    ], 
    "outputs": { 
    "password": { 
     "type": "securestring", 
     "value": "[parameters('myAdminPassword')]" 
    } 
    } 
} 

Answer 1

Когда keyvault создается он нужен параметр, чтобы включить его для ARM внедрений:

"enabledForTemplateDeployment": { 
    "type": "bool", 
    "defaultValue": false, 
    "allowedValues": [ 
     true, 
     false 
    ], 
    "metadata": { 
     "description": "Specifies if the vault is enabled for ARM template deployment" 
    } 
    }, 

и

{ 
    "type": "Microsoft.KeyVault/vaults", 
    "name": "[variables('keyVaultName')]", 
    "apiVersion": "2015-06-01", 
    "location": "[parameters('keyVaultLocation')]", 
    "properties": { 
    "enabledForDeployment": "[parameters('enableVaultForDeployment')]", 
    "enabledForDiskEncryption": "[parameters('enableVaultForDiskEncryption')]", 
    "enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]", 
    "tenantId": "[parameters('tenantId')]", 
    "accessPolicies": [ 
     { 
     "tenantId": "[parameters('tenantId')]", 
     "objectId": "[parameters('objectId')]", 
     "permissions": { 
      "keys": [ "all" ], 
      "secrets": [ "all" ] 
     } 
     } 
    ], 
    "sku": { 
     "name": "[parameters('keyVaultSku')]", 
     "family": "A" 
    } 
    } 
}