作为 ARM 部署的一部分,KeyVault API rest 调用失败
The KeyVault API rest call failed as part of ARM deployment
ARM 部署抛出以下异常:
The secret of KeyVault parameter 'dbAdministratorLogin' cannot be retrieved. Http status code: '<null>'. Error message: 'The KeyVault API rest call failed. HttpStatusCode: 'Unknown', Exception: 'Newtonsoft.Json.JsonSerializationException: Required property 'detail' not found in JSON. Path '', line 1, position 75.
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.EndObject(Object newObject, JsonReader reader, JsonObjectContract contract, Int32 initialDepth, Dictionary`2 propertiesPresence)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent)
at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType)
at Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings)
at Newtonsoft.Json.JsonConvert.DeserializeObject[T](String value, JsonSerializerSettings settings)
at Microsoft.WindowsAzure.ResourceStack.Frontdoor.Data.DataProviders.KeyVaultDataProvider.<GetSecret>d__13.MoveNext() in x:\bt2571\repo\src\frontdoor\Roles\Frontdoor.Data\DataProviders\KeyVaultDataProvider.cs:line 269
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.WindowsAzure.ResourceStack.Common.Algorithms.AsyncRetry.<Retry>d__6`1.MoveNext() in x:\bt2571\repo\src\common\core\algorithms\AsyncRetry.cs:line 79
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.WindowsAzure.ResourceStack.Frontdoor.Data.DataProviders.KeyVaultDataProvider.<GetSecret>d__8.MoveNext() in x:\bt2571\repo\src\frontdoor\Roles\Frontdoor.Data\DataProviders\KeyVaultDataProvider.cs:line 197'.'.
其中参数定义为对密钥库中机密的引用:
"dbAdministratorLogin": {
"reference": {
"keyVault": {
"id": "/subscriptions/{maskedguid}/resourceGroups/ascend-ammo-infrastructure-test/providers/Microsoft.KeyVault/vaults/ascend-ammo-kv-test"
},
"secretName": "ascend-ammo-weu-dbAdministratorLogin"
}
},
Azure KeyVault 团队的任何人都可以对可能导致此问题的潜在问题提供一些见解。不知道它的权限错误、模板错误或其他问题。
这是我的测试文件:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"myAdminUsername": {
"value": "MyAdministrator"
},
"myAdminPassword": {
"reference": {
"keyVault": {
"id": "/subscriptions/{subid}/resourceGroups/ascend-ammo-infrastructure/providers/Microsoft.KeyVault/vaults/{existingkvname}"
},
"secretName": "ascend-ammo-weu-dbAdministratorLoginPassword"
}
}
}
}
和
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"myAdminUsername": {
"type": "string",
"minLength": 4
},
"myAdminPassword": {
"type": "securestring"
}
},
"resources": [
],
"outputs": {
"password": {
"type": "securestring",
"value": "[parameters('myAdminPassword')]"
}
}
}
创建密钥库时,它需要一个参数来为 ARM 部署启用它:
"enabledForTemplateDeployment": {
"type": "bool",
"defaultValue": false,
"allowedValues": [
true,
false
],
"metadata": {
"description": "Specifies if the vault is enabled for ARM template deployment"
}
},
和
{
"type": "Microsoft.KeyVault/vaults",
"name": "[variables('keyVaultName')]",
"apiVersion": "2015-06-01",
"location": "[parameters('keyVaultLocation')]",
"properties": {
"enabledForDeployment": "[parameters('enableVaultForDeployment')]",
"enabledForDiskEncryption": "[parameters('enableVaultForDiskEncryption')]",
"enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
"tenantId": "[parameters('tenantId')]",
"accessPolicies": [
{
"tenantId": "[parameters('tenantId')]",
"objectId": "[parameters('objectId')]",
"permissions": {
"keys": [ "all" ],
"secrets": [ "all" ]
}
}
],
"sku": {
"name": "[parameters('keyVaultSku')]",
"family": "A"
}
}
}
ARM 部署抛出以下异常:
The secret of KeyVault parameter 'dbAdministratorLogin' cannot be retrieved. Http status code: '<null>'. Error message: 'The KeyVault API rest call failed. HttpStatusCode: 'Unknown', Exception: 'Newtonsoft.Json.JsonSerializationException: Required property 'detail' not found in JSON. Path '', line 1, position 75.
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.EndObject(Object newObject, JsonReader reader, JsonObjectContract contract, Int32 initialDepth, Dictionary`2 propertiesPresence)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent)
at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType)
at Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings)
at Newtonsoft.Json.JsonConvert.DeserializeObject[T](String value, JsonSerializerSettings settings)
at Microsoft.WindowsAzure.ResourceStack.Frontdoor.Data.DataProviders.KeyVaultDataProvider.<GetSecret>d__13.MoveNext() in x:\bt2571\repo\src\frontdoor\Roles\Frontdoor.Data\DataProviders\KeyVaultDataProvider.cs:line 269
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.WindowsAzure.ResourceStack.Common.Algorithms.AsyncRetry.<Retry>d__6`1.MoveNext() in x:\bt2571\repo\src\common\core\algorithms\AsyncRetry.cs:line 79
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.WindowsAzure.ResourceStack.Frontdoor.Data.DataProviders.KeyVaultDataProvider.<GetSecret>d__8.MoveNext() in x:\bt2571\repo\src\frontdoor\Roles\Frontdoor.Data\DataProviders\KeyVaultDataProvider.cs:line 197'.'.
其中参数定义为对密钥库中机密的引用:
"dbAdministratorLogin": {
"reference": {
"keyVault": {
"id": "/subscriptions/{maskedguid}/resourceGroups/ascend-ammo-infrastructure-test/providers/Microsoft.KeyVault/vaults/ascend-ammo-kv-test"
},
"secretName": "ascend-ammo-weu-dbAdministratorLogin"
}
},
Azure KeyVault 团队的任何人都可以对可能导致此问题的潜在问题提供一些见解。不知道它的权限错误、模板错误或其他问题。
这是我的测试文件:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"myAdminUsername": {
"value": "MyAdministrator"
},
"myAdminPassword": {
"reference": {
"keyVault": {
"id": "/subscriptions/{subid}/resourceGroups/ascend-ammo-infrastructure/providers/Microsoft.KeyVault/vaults/{existingkvname}"
},
"secretName": "ascend-ammo-weu-dbAdministratorLoginPassword"
}
}
}
}
和
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"myAdminUsername": {
"type": "string",
"minLength": 4
},
"myAdminPassword": {
"type": "securestring"
}
},
"resources": [
],
"outputs": {
"password": {
"type": "securestring",
"value": "[parameters('myAdminPassword')]"
}
}
}
创建密钥库时,它需要一个参数来为 ARM 部署启用它:
"enabledForTemplateDeployment": {
"type": "bool",
"defaultValue": false,
"allowedValues": [
true,
false
],
"metadata": {
"description": "Specifies if the vault is enabled for ARM template deployment"
}
},
和
{
"type": "Microsoft.KeyVault/vaults",
"name": "[variables('keyVaultName')]",
"apiVersion": "2015-06-01",
"location": "[parameters('keyVaultLocation')]",
"properties": {
"enabledForDeployment": "[parameters('enableVaultForDeployment')]",
"enabledForDiskEncryption": "[parameters('enableVaultForDiskEncryption')]",
"enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
"tenantId": "[parameters('tenantId')]",
"accessPolicies": [
{
"tenantId": "[parameters('tenantId')]",
"objectId": "[parameters('objectId')]",
"permissions": {
"keys": [ "all" ],
"secrets": [ "all" ]
}
}
],
"sku": {
"name": "[parameters('keyVaultSku')]",
"family": "A"
}
}
}