achahbar
Reputation: 991
ARM template keyvault accesspolicies inside object parameter
When i deploy my ARM template for the azure keyvault I got this error message.
"error": {
"code": "BadRequest",
"message": "An invalid value was provided for 'accessPolicies'."
}
My Template :
{
"type": "Microsoft.KeyVault/vaults",
"name": "[parameters('keyVaultName')]",
"apiVersion": "2016-10-01",
"location": "[parameters('location')]",
"properties": {
"enabledForDeployment": "[parameters('enableVaultForDeployment')]",
"enabledForDiskEncryption": "[parameters('enableVaultForDiskEncryption')]",
"enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
"tenantId": "[parameters('tenantId')]",
"accessPolicies": [],
"sku": {
"name": "[parameters('skuName')]",
"family": "A"
}
}
},
{
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"name": "[concat(parameters('keyVaultName'), '/add')]",
"apiVersion": "2018-02-14",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]"
],
"properties": {
"copy": [
{
"name": "accessPolicies",
"count": "[length(parameters('ObjectPolicies'))]",
"input": {
"tenantId": "[parameters('ObjectPolicies')[copyIndex('accessPolicies')].tenantId]",
"objectId": "[parameters('ObjectPolicies')[copyIndex('accessPolicies')].objectId]",
"permissions": {
"keys": "[parameters('ObjectPolicies')[copyIndex('accessPolicies')].permissions.keys]",
"secrets": "[parameters('ObjectPolicies')[copyIndex('accessPolicies')].permissions.secrets]"
}
}
}
]
}
}
My Parameter file:
"ObjectPolicies": {
"value": [
{
"tenantId": "xxxxx",
"objectId": "xxxxx",
"permissions": {
"keys": [
"all"
],
"secrets": [
"all"
]
}
},
I want to Create a Keyvault with multiple access policies inside an object to get a good overview inside my parameters. instead of objectID1 , objectId2, objectId 3. Tried to copy the answer from this Good answer over here. It seems that I have the same setup as 4c74356b41 but still have an error message.
This SO question has also the same error message but he doesn't seem to add an answer to his question.
Upvotes: 7
Views: 6832
Answers (1)
4c74356b41
Reputation: 72151
I think "all" is not supported as a value for the permissions, at least according to the api reference you have to list all of those one by one.
"accessPolicies": [
{
"tenantId": "00000000-0000-0000-0000-000000000000",
"objectId": "00000000-0000-0000-0000-000000000000",
"permissions": {
"keys": [
"encrypt",
"decrypt",
"wrapKey",
"unwrapKey",
"sign",
"verify",
"get",
"list",
"create",
"update",
"import",
"delete",
"backup",
"restore",
"recover",
"purge"
],
"secrets": [
"get",
"list",
"set",
"delete",
"backup",
"restore",
"recover",
"purge"
],
"certificates": [
"get",
"list",
"delete",
"create",
"import",
"update",
"managecontacts",
"getissuers",
"listissuers",
"setissuers",
"deleteissuers",
"manageissuers",
"recover",
"purge"
]
}
}
]
Upvotes: 3
Related Questions
- How to set types of parameters in Azure ARM templates when using KeyVault references?
- Issue with KeyVault reference in ARM template
- How do I pass secret value from keyvault using Azure ARM Template
- How to dynamically create Azure KeyVault reference in ARM template?
- Using secret from Azure KeyVault in Azure ARM Template
- Pass hashtable as parametwr to ARM template from PowerShell
- Passing a variable from ARM Template to PowerShell
- JSON objects as ARM template function argument
- Azure ARM template keyvault override in Azure DevOps
- pass values into ARM template parameters using powershell