Menu
When i deploy my ARM template for the azure keyvault I got this error message.
"error": {
"code": "BadRequest",
"message": "An invalid value was provided for 'accessPolicies'."
}
My Template :
{
"type": "Microsoft.KeyVault/vaults",
"name": "[parameters('keyVaultName')]",
"apiVersion": "2016-10-01",
"location": "[parameters('location')]",
"properties": {
"enabledForDeployment": "[parameters('enableVaultForDeployment')]",
"enabledForDiskEncryption": "[parameters('enableVaultForDiskEncryption')]",
"enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
"tenantId": "[parameters('tenantId')]",
"accessPolicies": [],
"sku": {
"name": "[parameters('skuName')]",
"family": "A"
}
}
},
{
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"name": "[concat(parameters('keyVaultName'), '/add')]",
"apiVersion": "2018-02-14",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]"
],
"properties": {
"copy": [
{
"name": "accessPolicies",
"count": "[length(parameters('ObjectPolicies'))]",
"input": {
"tenantId": "[parameters('ObjectPolicies')[copyIndex('accessPolicies')].tenantId]",
"objectId": "[parameters('ObjectPolicies')[copyIndex('accessPolicies')].objectId]",
"permissions": {
"keys": "[parameters('ObjectPolicies')[copyIndex('accessPolicies')].permissions.keys]",
"secrets": "[parameters('ObjectPolicies')[copyIndex('accessPolicies')].permissions.secrets]"
}
}
}
]
}
}
My Parameter file:
"ObjectPolicies": {
"value": [
{
"tenantId": "xxxxx",
"objectId": "xxxxx",
"permissions": {
"keys": [
"all"
],
"secrets": [
"all"
]
}
},
I want to Create a Keyvault with multiple access policies inside an object to get a good overview inside my parameters. instead of objectID1 , objectId2, objectId 3. Tried to copy the answer from this Good answer over here. It seems that I have the same setup as 4c74356b41 but still have an error message.
This SO question has also the same error message but he doesn't seem to add an answer to his question.
444
I think "all" is not supported as a value for the permissions, at least according to the api reference you have to list all of those one by one.
"accessPolicies": [
{
"tenantId": "00000000-0000-0000-0000-000000000000",
"objectId": "00000000-0000-0000-0000-000000000000",
"permissions": {
"keys": [
"encrypt",
"decrypt",
"wrapKey",
"unwrapKey",
"sign",
"verify",
"get",
"list",
"create",
"update",
"import",
"delete",
"backup",
"restore",
"recover",
"purge"
],
"secrets": [
"get",
"list",
"set",
"delete",
"backup",
"restore",
"recover",
"purge"
],
"certificates": [
"get",
"list",
"delete",
"create",
"import",
"update",
"managecontacts",
"getissuers",
"listissuers",
"setissuers",
"deleteissuers",
"manageissuers",
"recover",
"purge"
]
}
}
]
Reading:
https://docs.microsoft.com/en-us/rest/api/keyvault/vaults/createorupdate#create_a_new_vault_or_update_an_existing_vault
181
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
