1

ARM デプロイメントが次の例外をスローしています:

The secret of KeyVault parameter 'dbAdministratorLogin' cannot be retrieved. Http status code: '<null>'. Error message: 'The KeyVault API rest call failed. HttpStatusCode: 'Unknown', Exception: 'Newtonsoft.Json.JsonSerializationException: Required property 'detail' not found in JSON. Path '', line 1, position 75.
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.EndObject(Object newObject, JsonReader reader, JsonObjectContract contract, Int32 initialDepth, Dictionary`2 propertiesPresence)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent)
   at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType)
   at Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings)
   at Newtonsoft.Json.JsonConvert.DeserializeObject[T](String value, JsonSerializerSettings settings)
   at Microsoft.WindowsAzure.ResourceStack.Frontdoor.Data.DataProviders.KeyVaultDataProvider.<GetSecret>d__13.MoveNext() in x:\bt\662571\repo\src\frontdoor\Roles\Frontdoor.Data\DataProviders\KeyVaultDataProvider.cs:line 269
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at Microsoft.WindowsAzure.ResourceStack.Common.Algorithms.AsyncRetry.<Retry>d__6`1.MoveNext() in x:\bt\662571\repo\src\common\core\algorithms\AsyncRetry.cs:line 79
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at Microsoft.WindowsAzure.ResourceStack.Frontdoor.Data.DataProviders.KeyVaultDataProvider.<GetSecret>d__8.MoveNext() in x:\bt\662571\repo\src\frontdoor\Roles\Frontdoor.Data\DataProviders\KeyVaultDataProvider.cs:line 197'.'.

ここで、パラメーターは keyvault 内のシークレットへの参照として定義されます。

 "dbAdministratorLogin": {
    "reference": {
      "keyVault": {
        "id": "/subscriptions/{maskedguid}/resourceGroups/ascend-ammo-infrastructure-test/providers/Microsoft.KeyVault/vaults/ascend-ammo-kv-test"
      },
      "secretName": "ascend-ammo-weu-dbAdministratorLogin"
    }
  },

この問題を引き起こす可能性のある潜在的な問題について洞察を与えることができる Azure KeyVault チームの誰でも。許可エラー、tempalte エラー、またはその他のエラーかどうかはわかりません。

ここに私のテストファイルがあります:

{
  "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "myAdminUsername": {
      "value": "MyAdministrator"
    },
    "myAdminPassword": {
      "reference": {
        "keyVault": {
          "id": "/subscriptions/{subid}/resourceGroups/ascend-ammo-infrastructure/providers/Microsoft.KeyVault/vaults/{existingkvname}"
        },
        "secretName": "ascend-ammo-weu-dbAdministratorLoginPassword"
      }
    }
  }
}


{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "myAdminUsername": {
      "type": "string",
      "minLength": 4
    },
    "myAdminPassword": {
      "type": "securestring"
    }
  },
  "resources": [
  ],
  "outputs": {
    "password": {
      "type": "securestring",
      "value": "[parameters('myAdminPassword')]"
    }
  }
}
4

1 に答える 1

2

keyvault が作成されたら、ARM デプロイで有効にするためのパラメーターが必要です。

"enabledForTemplateDeployment": {
    "type": "bool",
    "defaultValue": false,
    "allowedValues": [
      true,
      false
    ],
    "metadata": {
      "description": "Specifies if the vault is enabled for ARM template deployment"
    }
  },


{
  "type": "Microsoft.KeyVault/vaults",
  "name": "[variables('keyVaultName')]",
  "apiVersion": "2015-06-01",
  "location": "[parameters('keyVaultLocation')]",
  "properties": {
    "enabledForDeployment": "[parameters('enableVaultForDeployment')]",
    "enabledForDiskEncryption": "[parameters('enableVaultForDiskEncryption')]",
    "enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
    "tenantId": "[parameters('tenantId')]",
    "accessPolicies": [
      {
        "tenantId": "[parameters('tenantId')]",
        "objectId": "[parameters('objectId')]",
        "permissions": {
          "keys": [ "all" ],
          "secrets": [ "all" ]
        }
      }
    ],
    "sku": {
      "name": "[parameters('keyVaultSku')]",
      "family": "A"
    }
  }
}
于 2016-01-25T16:45:59.203 に答える