ARM template - Retrieving from keyvault not working when secret name is concatenated

0
votes

I am trying to retrieve secrets from a Vault within my ARM template

In my parameter file I have the following

"resource_Env": {
  "value": "dev"
},

"activation_URI": {
  "reference": {
    "keyVault": {
      "id": "/subscriptions/xxx/resourceGroups/RG-DEV/providers/Microsoft.KeyVault/vaults/myVault"
    },
    "secretName": "[concat('activation-URI-', parameters('resource_Env'))]"
  }
}

When I run this I get an error

Error Code: KeyVaultParameterReferenceSecretRetrieveFailed Message: The secret of KeyVault parameter 'activation_URI' cannot be retrieved. Http status code: 'BadRequest'. Error message: 'The request URI contains an invalid name: [concat('activation-URI-', parameters('resource_Env'))]'

It appears that the concat is not working. If I hard code the whole string as in

"secretName": "activation-URI-dev"

it works fine

Am I unable to concat in the secretName property?

Here is my template file:-

    {
      "$schema": "https://schema.management.azure.com/schemas/2015-01- 
    01/deploymentTemplate.json#",
       "contentVersion": "1.0.0.0",
      "parameters": {
        "resource_Env": {
          "type": "string",
          "defaultValue": "dev"
        },
         "resource_Env_number": {
          "type": "string",
           "defaultValue": "1"
        },
        "resource_Platform": {
          "type": "string",
          "defaultValue": "int"
        },
        "resource_Group_Locn": {
          "type": "string",
          "defaultValue": "australiasoutheast"
        },
        "resource_Org": {
          "type": "string",
          "defaultValue": "eml"
        },
        "typeName_ResourceGroup": {
          "type": "string",
          "defaultValue": "rg"
        },
        "resourceGroupPrefix": {
          "type": "string",
          "defaultValue": " 
    [concat(parameters('resource_Env'),parameters('resource_Env_Number'),'-',parameters('resource_Org'),'-',parameters('resource_Platform'))]"
        },
        "serviceBusNamespaceName": {
          "type": "string",
          "defaultValue": "   
   [concat(parameters('resource_Env'),parameters('resource_Env_Number'),'-eml-int-svcbus')]",
              "metadata": {
                "description": "Name of the Service Bus namespace"
              }
            },
            "serviceBusTopicName": {
          "type": "string",
          "defaultValue": "transaction",
          "metadata": {
            "description": "Name of the Topic"
           }
        },
        "typeName_FuncApp": {
          "defaultValue": "func",
          "type": "string"
        },
        "ocp_apim_subscription_key": {
          "defaultValue": "",
          "type": "string",
          "metadata": {
            "description": "Subscription key for APIM"
          }
        },
        "svcbus_connection_string": {
          "defaultValue": "",
          "type": "string",
          "metadata": {
            "description": "Service bus connection string"
          }
        },
        "activation_URI": {
          "defaultValue": "",
          "type": "string",
          "metadata": {
            "description": "The URI to the activate endpoint"
          }
        },
        "webhookid": {
          "type": "string",
          "defaultValue": "",
          "metadata": {
            "description": "The id of the webhook registered with EML"
          }
        },
        "location": {
          "type": "string",
          "defaultValue": "[resourceGroup().location]",
          "metadata": {
            "description": "Location for all resources."
          }
        }
      },
      "variables": {
      },
      "resources": [
        {
          "type": "Microsoft.Resources/deployments",
          "apiVersion": "2018-05-01",
          "name": "serviceBusDeployment",
          "properties": {
            "mode": "Incremental",
            "templateLink": {
              "uri": 
     "https://blob/transactiondeployment/azuredeploysvcbus.json",
              "contentVersion": "1.0.0.0"
            },
            "parameters": {
              "serviceBusNamespaceName": { "value": " [parameters('serviceBusNamespaceName')]" },
              "serviceBusTopicName": { "value": "[parameters('serviceBusTopicName')]" }
            }
          }
        },
        {
          "type": "Microsoft.Resources/deployments",
          "apiVersion": "2018-05-01",
          "name": "cosmosDBDeployment",
          "properties": {
            "mode": "Incremental",
            "templateLink": {
              "uri": 
    "https://blob/transactiondeployment/azuredeploycosmosdb.json",
              "contentVersion": "1.0.0.0"
            },
            "parameters": {
              "resourceGroupPrefix": { "value": " 
   [parameters('resourceGroupPrefix')]" }
            }
          }
        },
        {
          "type": "Microsoft.Resources/deployments",
          "apiVersion": "2018-05-01",
          "name": "activateSubscriberDeployment",
          "properties": {
            "mode": "Incremental",
            "templateLink": {
          "uri": 
    "https://blob/transactiondeployment/azuredeployactivatesubscriber.json",
          "contentVersion": "1.0.0.0"
            },
            "parameters": {
              "resource_Env": { "value": "[parameters('resource_Env')]" },
              "resourceGroupPrefix": { "value": "[parameters('resourceGroupPrefix')]" },
              "typeName_FuncApp": { "value": "[parameters('typeName_FuncApp')]" },
              "serviceBusTopicName": { "value": "[parameters('serviceBusTopicName')]" },
              "ocp_apim_subscription_key": { "value": "[parameters('ocp_apim_subscription_key')]" },
              "svcbus_connection_string": { "value": "[parameters('svcbus_connection_string')]" },
          "activation_URI": { "value": "[parameters('activation_URI')]" }

            }
          }
        }
1
azurearm-template
Why the error message is 'The request URI contains an invalid name: [concat('activation-api-URI-', parameters('resource_Env'))]'.? Is there a typo activation-api-URI- instead of activation-URI- at that time ?Nancy Xiong
No sorry - that was me. I have updated the question with the correct errorDavid
Could you show your template file?Nancy Xiong
Have added it aboveDavid

1 Answers

1
votes

After my validation, I also reproduce the same error.

To fix it, you could pass parameters activation_URI as inline values to your link template. You could try to add the referenced value to the parameters to tell where the secret will retrieve from. The template file will like this:

{
          "type": "Microsoft.Resources/deployments",
          "apiVersion": "2018-05-01",
          "name": "activateSubscriberDeployment",
          "properties": {
            "mode": "Incremental",
            "templateLink": {
          "uri": 
    "https://blob/transactiondeployment/azuredeployactivatesubscriber.json",
          "contentVersion": "1.0.0.0"
            },
            "parameters": {
              "resource_Env": { "value": "[parameters('resource_Env')]" },
              "resourceGroupPrefix": { "value": "[parameters('resourceGroupPrefix')]" },
              "typeName_FuncApp": { "value": "[parameters('typeName_FuncApp')]" },
              "serviceBusTopicName": { "value": "[parameters('serviceBusTopicName')]" },
              "ocp_apim_subscription_key": { "value": "[parameters('ocp_apim_subscription_key')]" },
              "svcbus_connection_string": { "value": "[parameters('svcbus_connection_string')]" },


          "activation_URI": {
              "reference": {
              "keyVault": {
               "id": "/subscriptions/xxx/resourceGroups/RG-DEV/providers/Microsoft.KeyVault/vaults/myVault"},
              "secretName": "[concat('activation-URI-', parameters('resource_Env'))]"
  }
}

            }
          }
        }

The parameters file will like this:

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        ...

        "resource_Env": {
            "value": "dev"
          }


    }
}

For more information, you could refer to this template.