通过来自 devops CI/CD 的 Arm 模板版本更新 key vault secret 失败
Updating key vault secret via Arm template release from devops CI/CD fails
我已经使用我的 arm 模板通过 DevOps CI/CD 成功地将机密发布到我的 Azure 密钥保管库。初始版本运行良好,并将我新的不存在的秘密添加到我的密钥库资源中。尽管有人试图更新我的 ARM 模板中的秘密值,然后将其推送到我的 GIT-repo 以依次发布它以更新我的秘密,但它没有给我:
At least one resource deployment operation failed. Please list deployment operations for
details. Please see https://aka.ms/DeployOperations for usage details.
Details:
BadRequest:
Check out the troubleshooting guide to see if your issue is addressed:
https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-resource-group-deployment?view=azure-devops#troubleshooting
Task failed while creating or updating the template deployment.
我的模板是这样的:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVault": {
"value": "test-kv-devopstest01-d"
},
"TestCedential_1": {
"value": "TestCedentialSecretValue1"
},
"TestCedentialName_1": {
"value": "TestCedentialSecretName1_SecondVersion"
}
}
}
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVault": {
"type": "string"
},
"TestCedential_1": {
"type": "secureString"
},
"TestCedentialName_1": {
"type": "string"
}
},
"variables": {
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(parameters('keyVault'), '/', parameters('TestCedentialName_1'))]",
"apiVersion": "2015-06-01",
"properties": {
"contentType": "text/plain",
"value": "[parameters('TestCedential_1')]"
}
}
],
"outputs": {}
}
我还尝试在 Azure 的密钥库资源中为访问控制中的管道授予权限。
我是不是漏掉了什么?
我在我的环境中测试了相同的代码,结果出现了同样的错误:
问题出在下面:
"TestCedentialName_1": {
"value": "TestCedentialSecretName1_SecondVersion"
}
在Key vault secret'_'(下划线) 不允许出现在名称中。 允许的值是字母数字字符和破折号.
将下划线更改为破折号修复了问题:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVault": {
"type": "string",
"defaultValue" :"test-kv-ansuman-d"
},
"TestCedential_1": {
"type": "secureString",
"defaultValue":"TestCedentialSecretValue1"
},
"TestCedentialName_1": {
"type": "string",
"defaultValue": "TestCedentialSecretName1-SecondVersion"
}
},
"variables": {
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(parameters('keyVault'), '/', parameters('TestCedentialName_1'))]",
"apiVersion": "2015-06-01",
"properties": {
"contentType": "text/plain",
"value": "[parameters('TestCedential_1')]"
}
}
],
"outputs": {}
}
输出:
我已经使用我的 arm 模板通过 DevOps CI/CD 成功地将机密发布到我的 Azure 密钥保管库。初始版本运行良好,并将我新的不存在的秘密添加到我的密钥库资源中。尽管有人试图更新我的 ARM 模板中的秘密值,然后将其推送到我的 GIT-repo 以依次发布它以更新我的秘密,但它没有给我:
At least one resource deployment operation failed. Please list deployment operations for
details. Please see https://aka.ms/DeployOperations for usage details.
Details:
BadRequest:
Check out the troubleshooting guide to see if your issue is addressed:
https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-resource-group-deployment?view=azure-devops#troubleshooting
Task failed while creating or updating the template deployment.
我的模板是这样的:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVault": {
"value": "test-kv-devopstest01-d"
},
"TestCedential_1": {
"value": "TestCedentialSecretValue1"
},
"TestCedentialName_1": {
"value": "TestCedentialSecretName1_SecondVersion"
}
}
}
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVault": {
"type": "string"
},
"TestCedential_1": {
"type": "secureString"
},
"TestCedentialName_1": {
"type": "string"
}
},
"variables": {
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(parameters('keyVault'), '/', parameters('TestCedentialName_1'))]",
"apiVersion": "2015-06-01",
"properties": {
"contentType": "text/plain",
"value": "[parameters('TestCedential_1')]"
}
}
],
"outputs": {}
}
我还尝试在 Azure 的密钥库资源中为访问控制中的管道授予权限。
我是不是漏掉了什么?
我在我的环境中测试了相同的代码,结果出现了同样的错误:
问题出在下面:
"TestCedentialName_1": {
"value": "TestCedentialSecretName1_SecondVersion"
}
在Key vault secret'_'(下划线) 不允许出现在名称中。 允许的值是字母数字字符和破折号.
将下划线更改为破折号修复了问题:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVault": {
"type": "string",
"defaultValue" :"test-kv-ansuman-d"
},
"TestCedential_1": {
"type": "secureString",
"defaultValue":"TestCedentialSecretValue1"
},
"TestCedentialName_1": {
"type": "string",
"defaultValue": "TestCedentialSecretName1-SecondVersion"
}
},
"variables": {
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(parameters('keyVault'), '/', parameters('TestCedentialName_1'))]",
"apiVersion": "2015-06-01",
"properties": {
"contentType": "text/plain",
"value": "[parameters('TestCedential_1')]"
}
}
],
"outputs": {}
}
输出: