"The resource identifier of the KeyVault parameter '' is invalid" 部署 ARM 模板时出错
"The resource identifier of the KeyVault parameter '' is invalid" error during ARM template deployment
我有一个模板(参数+模板文件)。
参数文件具有以下代码:
"sqlServerAdminLoginPassword": {
"reference": {
"keyVault": {
"id": "[resourceId(subscription().subscriptionId, parameters('keyvaultRG'), 'Microsoft.KeyVault/vaults', parameters('KeyVaultName'))]"
},
"secretName": "sqlAdminPassword"
}
在部署过程中(从VS2017开始)出现以下错误:
00:17:22 -
00:17:22 - VERBOSE: Performing the operation "Creating Deployment" on target "XXXXXXXX".
00:17:23 - New-AzureRmResourceGroupDeployment : 12:17:23 AM - Error: Code=KeyVaultParameterReferenceInvalidResourceId;
00:17:23 - Message=The resource identifier of the KeyVault parameter 'sqlAdminPassword' is invalid. Please specify the value following
00:17:23 - 'subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}'
00:17:23 - format. See https://aka.ms/arm-keyvault for usage details.
00:17:23 - At ######################
00:17:23 - ###\Deploy-AzureResourceGroup.ps1:108 char:5
00:17:23 - + New-AzureRmResourceGroupDeployment -Name ((Get-ChildItem $Templat ...
00:17:23 - + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
00:17:23 - + CategoryInfo : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
00:17:23 - + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDep
00:17:23 - loymentCmdlet
00:17:23 -
00:17:23 - New-AzureRmResourceGroupDeployment : The deployment validation failed
00:17:23 - At ######################
00:17:23 - ###\Deploy-AzureResourceGroup.ps1:108 char:5
00:17:23 - + New-AzureRmResourceGroupDeployment -Name ((Get-ChildItem $Templat ...
00:17:23 - + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
00:17:23 - + CategoryInfo : CloseError: (:) [New-AzureRmResourceGroupDeployment], InvalidOperationException
00:17:23 - + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDep
00:17:23 - loymentCmdlet
00:17:23 -
00:17:24 -
00:17:24 - Template deployment returned the following errors:
00:17:24 - 12:17:23 AM - Error: Code=KeyVaultParameterReferenceInvalidResourceId; Message=The resource identifier of the KeyVault parameter 'sqlAdminPassword' is invalid. Please specify the value following 'subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}' format. See https://aka.ms/arm-keyvault for usage details.
00:17:24 - The deployment validation failed
00:17:24 -
00:17:24 -
00:17:24 - Deploying template using PowerShell script failed.
00:17:24 - Tell us about your experience at https://go.microsoft.com/fwlink/?LinkId=691202
根据 following article and the following 模板文件,我应该可以使用相同的结构,但是,它不起作用。
这里有什么问题吗?
P.S。实际上,资源和参数(如 keyvaultRG 或 KeyVaultName)存在(并且存在)。
P.P.S。 following and following 问题存在于 Github 但仍然 unasnwered\unassigned...
更新:
模板
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"appServicePlanName": {
"type": "string"
},
"workerSize": {
"type": "string"
},
"sku": {
"type": "string"
},
"skuCode": {
"type": "string"
},
"SQLserverName": {
"type": "string"
},
"sqlServerAdminLogin": {
"type": "string"
},
"sqlServerAdminLoginPassword": {
"type": "securestring"
},
"sqlDatabaseName": {
"type": "string"
},
"edition": {
"type": "string"
},
"collation": {
"type": "string"
},
"maxSizeBytes": {
"type": "string"
},
"requestedServiceObjectiveName": {
"type": "string"
},
"sampleName": {
"type": "string"
},
"zoneRedundant": {
"type": "bool"
},
"siteName": {
"type": "string"
},
"appType": {
"type": "string"
},
"KeyVaultName": {
"type": "string"
},
"mailAccount": {
"type": "securestring"
},
"mailPassword": {
"type": "securestring"
},
"keyvaultRG": {
"type": "string"
}
},
"variables": {
},
"resources": [
{
"apiVersion": "2016-09-01",
"name": "[parameters('appServicePlanName')]",
"type": "Microsoft.Web/serverfarms",
"location": "[resourceGroup().location]",
"properties": {
"name": "[parameters('appServicePlanName')]",
"workerSizeId": "[parameters('workerSize')]",
"numberOfWorkers": "[parameters('workerSize')]"
},
"sku": {
"Tier": "[parameters('sku')]",
"Name": "[parameters('skuCode')]"
}
},
{
"apiVersion": "2015-05-01-preview",
"location": "[resourceGroup().location]",
"type": "Microsoft.Sql/servers",
"name": "[parameters('SQLserverName')]",
"properties": {
"administratorLogin": "[parameters('sqlServerAdminLogin')]",
"administratorLoginPassword": "[parameters('sqlServerAdminLoginPassword')]",
"version": "12.0"
},
"resources": [
{
"apiVersion": "2014-04-01-preview",
"type": "firewallrules",
"location": "[resourceGroup().location]",
"name": "AllowAllWindowsAzureIps",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('SQLserverName'))]"
],
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
}
},
{
"name": "[concat(parameters('SQLserverName'),'/',parameters('sqlDatabaseName'))]",
"type": "Microsoft.Sql/servers/databases",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('SQLserverName'))]"
],
"properties": {
"edition": "[parameters('edition')]",
"collation": "[parameters('collation')]",
"maxSizeBytes": "[parameters('maxSizeBytes')]",
"requestedServiceObjectiveName": "[parameters('requestedServiceObjectiveName')]",
"sampleName": "[parameters('sampleName')]",
"zoneRedundant": "[parameters('zoneRedundant')]"
}
}
]
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2016-03-01",
"name": "[parameters('siteName')]",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', parameters('appServicePlanName'))]": "empty"
},
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', parameters('appServicePlanName'))]",
"[resourceId('microsoft.insights/components/', parameters('siteName'))]"
],
"properties": {
"siteConfig": {
"alwaysOn": true,
"use32BitWorkerProcess": false,
"httpsOnly": true,
"connectionStrings": [
{
"name": "defaultConnection",
"ConnectionString": "[concat(concat('Data Source=tcp:' ,reference(concat(parameters('SQLserverName')),'2015-05-01-preview').fullyQualifiedDomainName ,',1433;'),concat('Initial Catalog=',parameters('sqlDatabaseName'),';'),concat('User Id=',concat(parameters('sqlServerAdminLogin')),'@',reference(concat(parameters('sqlServerName')), '2015-05-01-preview').fullyQualifiedDomainName,';'),concat('Password=',parameters('sqlServerAdminLoginPassword'),';'))]",
"type": "SQLAzure"
}
],
"appSettings": []
},
"name": "[parameters('siteName')]",
"serverFarmId": "[concat(resourceGroup().id,'/providers/Microsoft.Web/serverfarms/', parameters('appServicePlanName'))]"
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "logs",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', parameters('siteName'))]"
],
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Verbose"
}
},
"httpLogs": {
"fileSystem": {
"retentionInMb": 100,
"retentionInDays": 90,
"enabled": true
}
},
"failedRequestsTracing": {
"enabled": true
},
"detailedErrorMessages": {
"enabled": true
}
}
}
]
},
],
"outputs": {
}
}
参数
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"appServicePlanName": {
"type": "string",
"value": "AppSvcPlan"
},
"workerSize": {
"type": "string",
"value": "0"
},
"sku": {
"type": "string",
"value": "Standard"
},
"skuCode": {
"type": "string",
"value": "S1"
},
"SQLserverName": {
"type": "string",
"value": "SQLSrv"
},
"sqlServerAdminLogin": {
"type": "string",
"value": "dbuser"
},
"sqlServerAdminLoginPassword": {
"reference": {
"keyVault": {
"id": "[resourceId(parameters('keyvaultRG'), 'Microsoft.KeyVault/vaults', parameters('KeyVaultName'))]"
},
"secretName": "sqlAdminPassword"
}
},
"sqlDatabaseName": {
"type": "string",
"value": "SQLDB"
},
"edition": {
"type": "string",
"value": "Standard"
},
"collation": {
"type": "string",
"value": "SQL_Latin1_General_CP1_CI_AS"
},
"maxSizeBytes": {
"type": "string",
"value": "268435456000"
},
"requestedServiceObjectiveName": {
"type": "string",
"value": "S3"
},
"sampleName": {
"type": "string",
"value": ""
},
"zoneRedundant": {
"type": "bool",
"value": false
},
"siteName": {
"type": "string",
"value": "AppName"
},
"appType": {
"type": "string",
"value": "web"
},
"KeyVaultName": {
"type": "string",
"value": "keyvault"
},
"mailAccount": {
"reference": {
"keyVault": {
"id": "[resourceId(parameters('keyvaultRG'), 'Microsoft.KeyVault/vaults', parameters('KeyVaultName'))]"
},
"secretName": "mailAccount"
}
},
"mailPassword": {
"reference": {
"keyVault": {
"id": "[resourceId(parameters('keyvaultRG'), 'Microsoft.KeyVault/vaults', parameters('KeyVaultName'))]"
},
"secretName": "mailPassword"
}
},
"keyvaultRG": {
"type": "string",
"value": "KeyVaultRG"
}
}
}
错误清楚地说:KeyVaultParameterReferenceInvalidResourceId
首先,我会缩短参考文献:
"[resourceId(parameters('keyvaultRG'), 'Microsoft.KeyVault/vaults', parameters('KeyVaultName'))]"
如果订阅相同,则没有必要指定订阅。我的第二点是要求您提供您正在使用的模板和参数文件,因为您引用的文章是使用嵌套模板来实现的,而不是参数文件。您还应该检查您的 Azure Powershell 版本并更新它。
估计也不会用VS2017来部署吧
另一件事可能会搞砸 - kv 权限(这看起来不像你的情况,但是......)你需要为模板部署启用 KV。
好的。看来您不能在参数文件中使用 KV id 中的表达式。 2 种解决方法:
- 使用powershell构造resourceId并放入参数文件
- 使用嵌套部署,你可以在那里使用 resourceId。
我有一个模板(参数+模板文件)。
参数文件具有以下代码:
"sqlServerAdminLoginPassword": {
"reference": {
"keyVault": {
"id": "[resourceId(subscription().subscriptionId, parameters('keyvaultRG'), 'Microsoft.KeyVault/vaults', parameters('KeyVaultName'))]"
},
"secretName": "sqlAdminPassword"
}
在部署过程中(从VS2017开始)出现以下错误:
00:17:22 -
00:17:22 - VERBOSE: Performing the operation "Creating Deployment" on target "XXXXXXXX".
00:17:23 - New-AzureRmResourceGroupDeployment : 12:17:23 AM - Error: Code=KeyVaultParameterReferenceInvalidResourceId;
00:17:23 - Message=The resource identifier of the KeyVault parameter 'sqlAdminPassword' is invalid. Please specify the value following
00:17:23 - 'subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}'
00:17:23 - format. See https://aka.ms/arm-keyvault for usage details.
00:17:23 - At ######################
00:17:23 - ###\Deploy-AzureResourceGroup.ps1:108 char:5
00:17:23 - + New-AzureRmResourceGroupDeployment -Name ((Get-ChildItem $Templat ...
00:17:23 - + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
00:17:23 - + CategoryInfo : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
00:17:23 - + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDep
00:17:23 - loymentCmdlet
00:17:23 -
00:17:23 - New-AzureRmResourceGroupDeployment : The deployment validation failed
00:17:23 - At ######################
00:17:23 - ###\Deploy-AzureResourceGroup.ps1:108 char:5
00:17:23 - + New-AzureRmResourceGroupDeployment -Name ((Get-ChildItem $Templat ...
00:17:23 - + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
00:17:23 - + CategoryInfo : CloseError: (:) [New-AzureRmResourceGroupDeployment], InvalidOperationException
00:17:23 - + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDep
00:17:23 - loymentCmdlet
00:17:23 -
00:17:24 -
00:17:24 - Template deployment returned the following errors:
00:17:24 - 12:17:23 AM - Error: Code=KeyVaultParameterReferenceInvalidResourceId; Message=The resource identifier of the KeyVault parameter 'sqlAdminPassword' is invalid. Please specify the value following 'subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}' format. See https://aka.ms/arm-keyvault for usage details.
00:17:24 - The deployment validation failed
00:17:24 -
00:17:24 -
00:17:24 - Deploying template using PowerShell script failed.
00:17:24 - Tell us about your experience at https://go.microsoft.com/fwlink/?LinkId=691202
根据 following article and the following 模板文件,我应该可以使用相同的结构,但是,它不起作用。
这里有什么问题吗?
P.S。实际上,资源和参数(如 keyvaultRG 或 KeyVaultName)存在(并且存在)。
P.P.S。 following and following 问题存在于 Github 但仍然 unasnwered\unassigned...
更新:
模板
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"appServicePlanName": {
"type": "string"
},
"workerSize": {
"type": "string"
},
"sku": {
"type": "string"
},
"skuCode": {
"type": "string"
},
"SQLserverName": {
"type": "string"
},
"sqlServerAdminLogin": {
"type": "string"
},
"sqlServerAdminLoginPassword": {
"type": "securestring"
},
"sqlDatabaseName": {
"type": "string"
},
"edition": {
"type": "string"
},
"collation": {
"type": "string"
},
"maxSizeBytes": {
"type": "string"
},
"requestedServiceObjectiveName": {
"type": "string"
},
"sampleName": {
"type": "string"
},
"zoneRedundant": {
"type": "bool"
},
"siteName": {
"type": "string"
},
"appType": {
"type": "string"
},
"KeyVaultName": {
"type": "string"
},
"mailAccount": {
"type": "securestring"
},
"mailPassword": {
"type": "securestring"
},
"keyvaultRG": {
"type": "string"
}
},
"variables": {
},
"resources": [
{
"apiVersion": "2016-09-01",
"name": "[parameters('appServicePlanName')]",
"type": "Microsoft.Web/serverfarms",
"location": "[resourceGroup().location]",
"properties": {
"name": "[parameters('appServicePlanName')]",
"workerSizeId": "[parameters('workerSize')]",
"numberOfWorkers": "[parameters('workerSize')]"
},
"sku": {
"Tier": "[parameters('sku')]",
"Name": "[parameters('skuCode')]"
}
},
{
"apiVersion": "2015-05-01-preview",
"location": "[resourceGroup().location]",
"type": "Microsoft.Sql/servers",
"name": "[parameters('SQLserverName')]",
"properties": {
"administratorLogin": "[parameters('sqlServerAdminLogin')]",
"administratorLoginPassword": "[parameters('sqlServerAdminLoginPassword')]",
"version": "12.0"
},
"resources": [
{
"apiVersion": "2014-04-01-preview",
"type": "firewallrules",
"location": "[resourceGroup().location]",
"name": "AllowAllWindowsAzureIps",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('SQLserverName'))]"
],
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
}
},
{
"name": "[concat(parameters('SQLserverName'),'/',parameters('sqlDatabaseName'))]",
"type": "Microsoft.Sql/servers/databases",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('SQLserverName'))]"
],
"properties": {
"edition": "[parameters('edition')]",
"collation": "[parameters('collation')]",
"maxSizeBytes": "[parameters('maxSizeBytes')]",
"requestedServiceObjectiveName": "[parameters('requestedServiceObjectiveName')]",
"sampleName": "[parameters('sampleName')]",
"zoneRedundant": "[parameters('zoneRedundant')]"
}
}
]
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2016-03-01",
"name": "[parameters('siteName')]",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', parameters('appServicePlanName'))]": "empty"
},
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', parameters('appServicePlanName'))]",
"[resourceId('microsoft.insights/components/', parameters('siteName'))]"
],
"properties": {
"siteConfig": {
"alwaysOn": true,
"use32BitWorkerProcess": false,
"httpsOnly": true,
"connectionStrings": [
{
"name": "defaultConnection",
"ConnectionString": "[concat(concat('Data Source=tcp:' ,reference(concat(parameters('SQLserverName')),'2015-05-01-preview').fullyQualifiedDomainName ,',1433;'),concat('Initial Catalog=',parameters('sqlDatabaseName'),';'),concat('User Id=',concat(parameters('sqlServerAdminLogin')),'@',reference(concat(parameters('sqlServerName')), '2015-05-01-preview').fullyQualifiedDomainName,';'),concat('Password=',parameters('sqlServerAdminLoginPassword'),';'))]",
"type": "SQLAzure"
}
],
"appSettings": []
},
"name": "[parameters('siteName')]",
"serverFarmId": "[concat(resourceGroup().id,'/providers/Microsoft.Web/serverfarms/', parameters('appServicePlanName'))]"
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "logs",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', parameters('siteName'))]"
],
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Verbose"
}
},
"httpLogs": {
"fileSystem": {
"retentionInMb": 100,
"retentionInDays": 90,
"enabled": true
}
},
"failedRequestsTracing": {
"enabled": true
},
"detailedErrorMessages": {
"enabled": true
}
}
}
]
},
],
"outputs": {
}
}
参数
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"appServicePlanName": {
"type": "string",
"value": "AppSvcPlan"
},
"workerSize": {
"type": "string",
"value": "0"
},
"sku": {
"type": "string",
"value": "Standard"
},
"skuCode": {
"type": "string",
"value": "S1"
},
"SQLserverName": {
"type": "string",
"value": "SQLSrv"
},
"sqlServerAdminLogin": {
"type": "string",
"value": "dbuser"
},
"sqlServerAdminLoginPassword": {
"reference": {
"keyVault": {
"id": "[resourceId(parameters('keyvaultRG'), 'Microsoft.KeyVault/vaults', parameters('KeyVaultName'))]"
},
"secretName": "sqlAdminPassword"
}
},
"sqlDatabaseName": {
"type": "string",
"value": "SQLDB"
},
"edition": {
"type": "string",
"value": "Standard"
},
"collation": {
"type": "string",
"value": "SQL_Latin1_General_CP1_CI_AS"
},
"maxSizeBytes": {
"type": "string",
"value": "268435456000"
},
"requestedServiceObjectiveName": {
"type": "string",
"value": "S3"
},
"sampleName": {
"type": "string",
"value": ""
},
"zoneRedundant": {
"type": "bool",
"value": false
},
"siteName": {
"type": "string",
"value": "AppName"
},
"appType": {
"type": "string",
"value": "web"
},
"KeyVaultName": {
"type": "string",
"value": "keyvault"
},
"mailAccount": {
"reference": {
"keyVault": {
"id": "[resourceId(parameters('keyvaultRG'), 'Microsoft.KeyVault/vaults', parameters('KeyVaultName'))]"
},
"secretName": "mailAccount"
}
},
"mailPassword": {
"reference": {
"keyVault": {
"id": "[resourceId(parameters('keyvaultRG'), 'Microsoft.KeyVault/vaults', parameters('KeyVaultName'))]"
},
"secretName": "mailPassword"
}
},
"keyvaultRG": {
"type": "string",
"value": "KeyVaultRG"
}
}
}
错误清楚地说:KeyVaultParameterReferenceInvalidResourceId
首先,我会缩短参考文献:
"[resourceId(parameters('keyvaultRG'), 'Microsoft.KeyVault/vaults', parameters('KeyVaultName'))]"
如果订阅相同,则没有必要指定订阅。我的第二点是要求您提供您正在使用的模板和参数文件,因为您引用的文章是使用嵌套模板来实现的,而不是参数文件。您还应该检查您的 Azure Powershell 版本并更新它。
估计也不会用VS2017来部署吧
另一件事可能会搞砸 - kv 权限(这看起来不像你的情况,但是......)你需要为模板部署启用 KV。
好的。看来您不能在参数文件中使用 KV id 中的表达式。 2 种解决方法:
- 使用powershell构造resourceId并放入参数文件
- 使用嵌套部署,你可以在那里使用 resourceId。