Reputation: 3
Error : 'Unable to evaluate named property or non-integer index 'id' on an array value.'
I am new to bicep and trying to deploy a keyvault with access policies. In my scenario, environments like dev and load can have common access policies, but prod should have region specific access policies.
Below is the code for access policy code within the kv module -
kv-vault.bicep
param objectIds object
resource KeyVault 'Microsoft.KeyVault/vaults@2019-09-01' = {
name: KeyVaultName
location: location
properties: {
tenantId: 'abcdxyz'
accessPolicies: [for objectId in items(objectIds): {
objectId: objectId.value.id
tenantId: 'abcdxyz'
permissions: {
keys:objectId.value.key
secrets: objectId.value.secret
certificates:objectId.value.certificate
}
}]
}
}
Below is how I am calling the kv module in my main.bicep file
main.bicep
var objectid = isAME ? (isLOAD || isDEV || isQA ? common.objectIds
: common.objectIds.us)
: isEMA ? (isLOAD || isDEV || isQA ? common.objectIds
: common.objectIds.ema)
: (isLOAD || isDEV || isQA ? common.objectIds
: common.objectIds.apa)
module KeyVault './modules/key-vault.bicep' = {
name: 'keyvaultdeployment-${uniqueName}'
scope: resourceGroup(resourceGroupName)
params: {
objectIds: objectid
KeyVaultName: KeyVaultName
location: rg.outputs.location
dependsOn: [
vnet
rg
]
}
And I have a common file where all the object id's are being passed.
commom.json
"objectIds":{
"us": {
"id": "abcd-1234",
"key": ["all"],
"secret": ["all"],
"certificate": ["all"]
},
"apa": {
"id": "abcd-4567",
"key": ["all"],
"secret": ["all"],
"certificate": ["all"]
},
"ema": {
"id": "abcd-7890",
"key": ["all"],
"secret": ["all"],
"certificate": ["all"]
}
}
So, when I am trying to deploy in prod in EMA, it should only pickup the 'ema' from the common.jason file. But I am getting an error - 'Unable to evaluate named property or non-integer index 'id' on an array value.'
Please help me out. Let me know if you need any further information on the existing code. Thanks in Advance.
I tried all the basic troubleshooting and going through Microsoft doc, but didn't help me out.
Upvotes: 0
Views: 442
Answers (1)
Reputation: 4071
When you call into the key-vault.bicep module in EMA, the value passed in for will either be:
[
{
"key": "apa",
"value": {
"id": "abcd-4567",
"key": [
"all"
],
"secret": [
"all"
],
"certificate": [
"all"
]
}
},
{
"key": "ema",
"value": {
"id": "abcd-7890",
"key": [
"all"
],
"secret": [
"all"
],
"certificate": [
"all"
]
}
},
{
"key": "us",
"value": {
"id": "abcd-1234",
"key": [
"all"
],
"secret": [
"all"
],
"certificate": [
"all"
]
}
}
]
or
[
{
"key": "certificate",
"value": [
"all"
]
},
{
"key": "id",
"value": "abcd-7890"
},
{
"key": "key",
"value": [
"all"
]
},
{
"key": "secret",
"value": [
"all"
]
}
]
If it's the latter, the key-vault.bicep template will try to dereference the .id property of ["all"] on the first iteration of the loop. Arrays won't have an ID property, leading to their error message you saw.
Upvotes: 0
Related Questions
- Permission Denied Error in Databricks Key Vault
- Azure Key Vault Logs: Success with Forbidden ResultSignature
- Not able to import keyvault certificate in Azure function app
- How to retrieve the secrets with Service principal with certificate
- Unable to Set-AzureRmKeyVaultAccessPolicy
- Azure ARM Template Keyvault Resources keeps removing other access policies
- Cannot get certificate from Azure key vault - Failed to acquire a new access token
- Terraform - Importing multiple Azure KeyVault Access Policies
- Azure Keyvault - "The operation "List" is not enabled in this key vault's access policy." while creating keyvault programmatically
- Looping through values in ARM templates