ARM 模板 - 在请求中发现错误的 JSON 内容。 (代码:BadRequest)
ARM template - Bad JSON content found in the request. (Code:BadRequest)
我正在尝试通过 PowerShell 的 Az 库和 ARM 模板在 Azure 中部署 KeyVault。
(我发现了这个: 但它对我没有帮助)
我的代码如下所示:
$kvDeployResult = New-AzResourceGroupDeployment -Name "addKeyVault" -ResourceGroupName $resourceGroupeName -TemplateFile ".\deploy_kv.json" -TemplateParameterFile ".\deploy_kv_param.json" -Verbose
使用这样的命令:
$kvDeployResult = New-AzResourceGroupDeployment -Name "addKeyVault" -ResourceGroupName $resourceGroupeName -TemplateObject $deploy_kv_hashtable -TemplateParameterObject $deploy_kv_param_hashtable -Verbose
导致更小的进展和更多的错误。
我得到这个输出:
我的deploy_kv.json看起来像这样
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string"
},
"location": {
"type": "string"
},
"sku": {
"type": "string"
},
"accessPolicies": {
"type": "Array"
},
"tenant": {
"type": "string"
},
"enabledForDeployment": {
"type": "bool"
},
"enabledForTemplateDeployment": {
"type": "bool"
},
"enabledForDiskEncryption": {
"type": "bool"
},
"enableRbacAuthorization": {
"type": "bool"
},
"enableSoftDelete": {
"type": "bool"
},
"softDeleteRetentionInDays": {
"type": "int"
},
"networkAcls": {
"type": "Object"
}
},
"variables": {
},
"resources": [
{
"apiVersion": "2018-02-14",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"type": "Microsoft.KeyVault/vaults",
"properties": {
"enabledForDeployment": "[parameters('enabledForDeployment')]",
"enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
"enabledForDiskEncryption": "[parameters('enabledForDiskEncryption')]",
"enableRbacAuthorization": "[parameters('enableRbacAuthorization')]",
"accessPolicies": "[parameters('accessPolicies')]",
"tenantId": "[parameters('tenant')]",
"sku": {
"name": "[parameters('sku')]",
"family": "A"
},
"enableSoftDelete": "[parameters('enableSoftDelete')]",
"softDeleteRetentionInDays": "[parameters('softDeleteRetentionInDays')]",
"networkAcls": "[parameters('networkAcls')]"
},
"tags": {
},
"dependsOn": [
]
}
],
"outputs": {
}
}
我的deploy_kv_param.json看起来像这样
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"value": "vaultName"
},
"location": {
"value": "westeurope"
},
"sku": {
"value": "Standard"
},
"accessPolicies": {
"value": [
{
"objectId": "objectID",
"tenantId": "tenantId",
"permissions": {
"keys": "",
"secrets": "Get List Set Delete Recover Backup Restore",
"certificates": ""
},
"applicationId": null
}
]
},
"tenant": {
"value": "tenantId"
},
"enabledForDeployment": {
"value": false
},
"enabledForTemplateDeployment": {
"value": false
},
"enabledForDiskEncryption": {
"value": false
},
"enableRbacAuthorization": {
"value": false
},
"enableSoftDelete": {
"value": true
},
"softDeleteRetentionInDays": {
"value": 90
},
"networkAcls": {
"value": {
"defaultAction": "allow",
"bypass": "AzureServices",
"ipRules": [
],
"virtualNetworkRules": [
]
}
}
}
}
跟进:
我试图通过对所有属性使用默认值将文件最小化到只有 $deploy_kv.json。
现在看起来是这样的:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string",
"defaultValue": "keyVaultName"
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]"
},
"sku": {
"type": "string",
"defaultValue": "Standard"
},
"accessPolicies": {
"type": "array",
"defaultvalue": [
{
"objectId": "objId",
"tenantId": "[subscription().tenantId]",
"permissions": {
"keys": "",
"secrets": "Get List Set Delete Recover Backup Restore",
"certificates": ""
},
"applicationId": null
}
]
},
"tenantId": {
"type": "string",
"defaultValue": "[subscription().tenantId]",
"metadata": {
"description": "Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Get it by using Get-AzSubscription cmdlet."
}
}
},
"variables": {
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"apiVersion": "2019-04-01",
"tags": {
"displayName": "KeyVault"
},
"properties": {
"enabledForDeployment": false,
"enabledForTemplateDeployment": false,
"enabledForDiskEncryption": false,
"enableSoftDelete": true,
"softDeleteRetentionInDays": 90,
"tenantId": "[parameters('tenantId')]",
"accessPolicies": "[parameters('accessPolicies')]",
"sku": {
"name": "[parameters('sku')]",
"family": "A"
},
"networkAcls": {
"defaultAction": "Allow",
"bypass": "AzureServices"
}
}
}
],
"outputs": {
}
我得到的错误是一样的。我假设模板(如命令本身所述:有效)。
将 permissions 属性 更改为:
"permissions": {
"keys": [],
"secrets": ["Get", "List", "Set", "Delete", "Recover", "Backup", "Restore"],
"certificates": []
},
每个权限 属性 需要是一个字符串数组或只是一个空数组。
我还必须将 apiVersion 更改为:
"apiVersion": "2018-02-14",
我正在尝试通过 PowerShell 的 Az 库和 ARM 模板在 Azure 中部署 KeyVault。
(我发现了这个:
我的代码如下所示:
$kvDeployResult = New-AzResourceGroupDeployment -Name "addKeyVault" -ResourceGroupName $resourceGroupeName -TemplateFile ".\deploy_kv.json" -TemplateParameterFile ".\deploy_kv_param.json" -Verbose
使用这样的命令:
$kvDeployResult = New-AzResourceGroupDeployment -Name "addKeyVault" -ResourceGroupName $resourceGroupeName -TemplateObject $deploy_kv_hashtable -TemplateParameterObject $deploy_kv_param_hashtable -Verbose
导致更小的进展和更多的错误。
我得到这个输出:
我的deploy_kv.json看起来像这样
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string"
},
"location": {
"type": "string"
},
"sku": {
"type": "string"
},
"accessPolicies": {
"type": "Array"
},
"tenant": {
"type": "string"
},
"enabledForDeployment": {
"type": "bool"
},
"enabledForTemplateDeployment": {
"type": "bool"
},
"enabledForDiskEncryption": {
"type": "bool"
},
"enableRbacAuthorization": {
"type": "bool"
},
"enableSoftDelete": {
"type": "bool"
},
"softDeleteRetentionInDays": {
"type": "int"
},
"networkAcls": {
"type": "Object"
}
},
"variables": {
},
"resources": [
{
"apiVersion": "2018-02-14",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"type": "Microsoft.KeyVault/vaults",
"properties": {
"enabledForDeployment": "[parameters('enabledForDeployment')]",
"enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
"enabledForDiskEncryption": "[parameters('enabledForDiskEncryption')]",
"enableRbacAuthorization": "[parameters('enableRbacAuthorization')]",
"accessPolicies": "[parameters('accessPolicies')]",
"tenantId": "[parameters('tenant')]",
"sku": {
"name": "[parameters('sku')]",
"family": "A"
},
"enableSoftDelete": "[parameters('enableSoftDelete')]",
"softDeleteRetentionInDays": "[parameters('softDeleteRetentionInDays')]",
"networkAcls": "[parameters('networkAcls')]"
},
"tags": {
},
"dependsOn": [
]
}
],
"outputs": {
}
}
我的deploy_kv_param.json看起来像这样
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"value": "vaultName"
},
"location": {
"value": "westeurope"
},
"sku": {
"value": "Standard"
},
"accessPolicies": {
"value": [
{
"objectId": "objectID",
"tenantId": "tenantId",
"permissions": {
"keys": "",
"secrets": "Get List Set Delete Recover Backup Restore",
"certificates": ""
},
"applicationId": null
}
]
},
"tenant": {
"value": "tenantId"
},
"enabledForDeployment": {
"value": false
},
"enabledForTemplateDeployment": {
"value": false
},
"enabledForDiskEncryption": {
"value": false
},
"enableRbacAuthorization": {
"value": false
},
"enableSoftDelete": {
"value": true
},
"softDeleteRetentionInDays": {
"value": 90
},
"networkAcls": {
"value": {
"defaultAction": "allow",
"bypass": "AzureServices",
"ipRules": [
],
"virtualNetworkRules": [
]
}
}
}
}
跟进:
我试图通过对所有属性使用默认值将文件最小化到只有 $deploy_kv.json。
现在看起来是这样的:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string",
"defaultValue": "keyVaultName"
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]"
},
"sku": {
"type": "string",
"defaultValue": "Standard"
},
"accessPolicies": {
"type": "array",
"defaultvalue": [
{
"objectId": "objId",
"tenantId": "[subscription().tenantId]",
"permissions": {
"keys": "",
"secrets": "Get List Set Delete Recover Backup Restore",
"certificates": ""
},
"applicationId": null
}
]
},
"tenantId": {
"type": "string",
"defaultValue": "[subscription().tenantId]",
"metadata": {
"description": "Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Get it by using Get-AzSubscription cmdlet."
}
}
},
"variables": {
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"apiVersion": "2019-04-01",
"tags": {
"displayName": "KeyVault"
},
"properties": {
"enabledForDeployment": false,
"enabledForTemplateDeployment": false,
"enabledForDiskEncryption": false,
"enableSoftDelete": true,
"softDeleteRetentionInDays": 90,
"tenantId": "[parameters('tenantId')]",
"accessPolicies": "[parameters('accessPolicies')]",
"sku": {
"name": "[parameters('sku')]",
"family": "A"
},
"networkAcls": {
"defaultAction": "Allow",
"bypass": "AzureServices"
}
}
}
],
"outputs": {
}
我得到的错误是一样的。我假设模板(如命令本身所述:有效)。
将 permissions 属性 更改为:
"permissions": {
"keys": [],
"secrets": ["Get", "List", "Set", "Delete", "Recover", "Backup", "Restore"],
"certificates": []
},
每个权限 属性 需要是一个字符串数组或只是一个空数组。
我还必须将 apiVersion 更改为:
"apiVersion": "2018-02-14",