search

Azure / AzureKeyVault

R interface to Azure Key Vault
Other
14 stars 7 forks source link

Key Vault Parallel access issue #6

Closed amrit-cloud-dev closed 3 years ago

amrit-cloud-dev commented 3 years ago

Hi team,

I am trying to add secret to a existing KeyVault in core resource group from my main resource group deployment but I am getting below error.

    "status": "Failed",
    "error": {
        "code": "ConflictError",
        "message": "A conflict occurred that prevented the operation from completing. 
        The operation failed because the Microsoft.KeyVault.UnifiedStorage.Core.DomainModel.ResourceId 'Key Vault' changed from the point the operation began. 
        This can happen if parallel operations are being performed on the Microsoft.KeyVault.UnifiedStorage.Core.DomainModel.ResourceId. 
        To prevent this error, serialize the operations so that only one operation is performed on the Microsoft.KeyVault.UnifiedStorage.Core.DomainModel.ResourceId 
        at a time. Follow this link for more information: https://go.microsoft.com/fwlink/?linkid=2147741"
    }
}

My KeyVault ARM template:

    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "mySecretValue": {
            "type": "securestring"
        }
    },
    "resources": [
        {
            "name": "[concat('my-core-key-vault-name', '/', 'my-secret-name')]",
            "type": "Microsoft.KeyVault/vaults/secrets",
            "apiVersion": "2019-09-01"
            "properties": {
                "attributes": {
                    "enabled": true
                },
                "contentType": "text/plain",
                "value": "[parameters('mySecretValue')]"
            }
        }
    ]
}

My Deployment Template:


    "name": "[variables('templates').keyVaultSecret.name]",
    "type": "Microsoft.Resources/deployments",
    "apiVersion": "2021-04-01",
    "subscriptionId": "[parameters('subscriptionId')]",
    "resourceGroup": "[variables('resourceNames').coreRG]",
    "dependsOn": [
        "[resourceId('Microsoft.Resources/tags', 'default')]"
    ],
    "properties": {
        "mode": "Incremental",
        "templateLink": {
            "uri": "[concat(parameters('_artifactsLocation'), variables('templatesRoot'), variables('templates').keyVaultSecret.path, parameters('_artifactsLocationSasToken'))]",
            "contentVersion": "1.0.0.0"
        },
        "parameters": {
            "mySecretValue": {
                "value": "[parameters('mySecretValueParam')]"
            }
        }
    }
}
amrit-cloud-dev commented 3 years ago

I found the solution for this problem hence closing this ticket.

I would like to share my solution, hopefully someone else facing similar issue would find it helpful.

Actually my core resource group key vault has soft delete enabled and I manually deleted the original secret after creating it from arm template deployment. Now when my arm template was trying to added the secret with the same name again, I got this confusing error back. After I restored my deleted secret from Azure Portal, my arm template started working again. happy days :)

hongooi73 commented 3 years ago

Please note this repo is for an R package to work with Key Vault. If you want help with Key Vault itself, you should contact tech support, or ask on Stack Overflow.