search

Azure / powershell

GH Action to run Az PowerShell scripts for developers and administrators to develop, deploy, and manage Microsoft Azure applications.
MIT License
60 stars 40 forks source link

New-AzResourceGroupDeployment - Bad JSON content found in the request #22

Closed RedmanAC closed 3 years ago

RedmanAC commented 3 years ago

Hello,

when deploying a KeyVault via New-AzResourceGroupDeploymentI get the error "Bad JSON content found in the request"

$kvDeployResult = New-AzResourceGroupDeployment -Name "addKeyVault" -ResourceGroupName $resourceGroupeName -TemplateFile ".\deploy_kv.json" -Verbose -Debug

I went through the whole process with the -Debug parameter to find the very point from where the error originates. You can see, that the creation itself works just fine, but later in the process something bad happens, and I dont know why.

I am using PowerShell 5.1 with the Az 5.1 package which includes the Az.Resources 3.0.1. I did a clean uninstall of ALL Azure modules I had installed prior.

The template file:

{
    "$schema":  "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion":  "1.0.0.0",
    "parameters":  {
                       "name":  {
                                    "type":  "string",
                                    "defaultValue":  "kvname"
                                },
                       "location":  {
                                        "type":  "string",
                                        "defaultValue":  "[resourceGroup().location]"
                                    },
                       "sku":  {
                                   "type":  "string",
                                   "defaultValue":  "Standard"
                               },
                       "accessPolicies":  {
                                              "type":  "array",
                                              "defaultvalue":  [
                                                                   {
                                                                       "objectId":  "objid",
                                                                       "tenantId":  "[subscription().tenantId]",
                                                                       "permissions":  {
                                                                                           "keys":  "",
                                                                                           "secrets":  "Get List Set Delete Recover Backup Restore",
                                                                                           "certificates":  ""
                                                                                       },
                                                                       "applicationId":  null
                                                                   }
                                                               ]
                                          },
                       "tenantId":  {
                                        "type":  "string",
                                        "defaultValue":  "[subscription().tenantId]",
                                        "metadata":  {
                                                         "description":  "Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Get it by using Get-AzSubscription cmdlet."
                                                     }
                                    }
                   },
    "variables":  {

                  },
    "resources":  [
                      {
                          "type":  "Microsoft.KeyVault/vaults",
                          "name":  "[parameters('name')]",
                          "location":  "[parameters('location')]",
                          "apiVersion":  "2019-09-01",
                          "tags":  {
                                       "displayName":  "KeyVault"
                                   },
                          "properties":  {
                                             "enabledForDeployment":  false,
                                             "enabledForTemplateDeployment":  false,
                                             "enabledForDiskEncryption":  false,
                                             "enableSoftDelete":  true,
                                             "softDeleteRetentionInDays":  90,
                                             "tenantId":  "[parameters('tenantId')]",
                                             "accessPolicies":  "[parameters('accessPolicies')]",
                                             "sku":  {
                                                         "name":  "[parameters('sku')]",
                                                         "family":  "A"
                                                     },
                                             "networkAcls":  {
                                                                 "defaultAction":  "Allow",
                                                                 "bypass":  "AzureServices"
                                                             }
                                         }
                      }
                  ],
    "outputs":  {

                }
}
`DEBUG: 11:24:56 - NewAzureResourceGroupDeploymentCmdlet begin processing with ParameterSet 'ByTemplateFileWithNoParameters'.
Bestätigung
Vorgang fortsetzen?
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): j
DEBUG: 11:25:04 - using account id 'username'...     
Bestätigung
Vorgang fortsetzen?
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): j
Bestätigung
Möchten Sie diese Aktion wirklich ausführen?
Ausführen des Vorgangs "Creating Deployment" für das Ziel "resourcegroupname".
[J] Ja [A] Ja, alle [N] Nein [K] Nein, keine [H] Anhalten [?] Help (default is "Ja"): j
DEBUG: [Common.Authentication]: Authenticating using Account: 'username', environment: 'AzureCloud', tenant: 'tenantId'
Bestätigung
Vorgang fortsetzen?
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): j
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: 
Bestätigung
Vorgang fortsetzen?
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): j
DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:  ExpiresOn: 2020-12-01T11:24:48.0000000+00:00
Bestätigung
Vorgang fortsetzen?
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): j
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: 
Bestätigung
Vorgang fortsetzen?
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): j
DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:  ExpiresOn: 2020-12-01T11:24:48.0000000+00:00
Bestätigung
Vorgang fortsetzen?
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): j
DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: 'tenantId', UserId: 'userName'
Bestätigung
Vorgang fortsetzen?
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): j
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://management.azure.com/subscriptions/subscriptionId/resourcegroups/resourcegroupname/providers/Microsoft.Resources/deployments/addKeyVault/validate?api-version=2020-06-01

Headers:
x-ms-client-request-id        : b880558b-302b-4b84-8b4d-efbab5489ebe
accept-language               : en-US

Body:
{
  "properties": {
    "template": {
      "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
      "contentVersion": "1.0.0.0",
      "parameters": {
        "name": {
          "type": "string",
          "defaultValue": "kvname"
        },
        "location": {
          "type": "string",
          "defaultValue": "[resourceGroup().location]"
        },
        "sku": {
          "type": "string",
          "defaultValue": "Standard"
        },
        "accessPolicies": {
          "type": "array",
          "defaultvalue": [
            {
              "objectId": "objectId",
              "tenantId": "[subscription().tenantId]",
              "permissions": {
                "keys": "",
                "secrets": "Get List Set Delete Recover Backup Restore",
                "certificates": ""
              },
              "applicationId": null
            }
          ]
        },
        "tenantId": {
          "type": "string",
          "defaultValue": "[subscription().tenantId]",
          "metadata": {
            "description": "Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Get it by using Get-AzSubscription cmdlet."
          }
        }
      },
      "variables": {},
      "resources": [
        {
          "type": "Microsoft.KeyVault/vaults",
          "name": "[parameters('name')]",
          "location": "[parameters('location')]",
          "apiVersion": "2019-09-01",
          "tags": {
            "displayName": "KeyVault"
          },
          "properties": {
            "enabledForDeployment": false,
            "enabledForTemplateDeployment": false,
            "enabledForDiskEncryption": false,
            "enableSoftDelete": true,
            "softDeleteRetentionInDays": 90,
            "tenantId": "[parameters('tenantId')]",
            "accessPolicies": "[parameters('accessPolicies')]",
            "sku": {
              "name": "[parameters('sku')]",
              "family": "A"
            },
            "networkAcls": {
              "defaultAction": "Allow",
              "bypass": "AzureServices"
            }
          }
        }
      ],
      "outputs": {}
    },
    "parameters": {},
    "mode": "Incremental"
  }
}

Bestätigung
Vorgang fortsetzen?
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): j
DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
x-ms-ratelimit-remaining-subscription-writes: 1197
x-ms-request-id               : 7c16b74d-fff5-4d05-90e7-5b352f4f3781
x-ms-correlation-request-id   : 7c16b74d-fff5-4d05-90e7-5b352f4f3781
x-ms-routing-request-id       : GERMANYWESTCENTRAL:20201201T102506Z:7c16b74d-fff5-4d05-90e7-5b352f4f3781
Strict-Transport-Security     : max-age=31536000; includeSubDomains
X-Content-Type-Options        : nosniff
Cache-Control                 : no-cache
Date                          : Tue, 01 Dec 2020 10:25:05 GMT

Body:
{
  "id": "/subscriptions/subscriptionId/resourcegroups/resourcegroupname/providers/Microsoft.Resources/deployments/addKeyVault",
  "name": "addKeyVault",
  "type": "Microsoft.Resources/deployments",
  "properties": {
    "templateHash": "9468291095648279112",
    "parameters": {
      "name": {
        "type": "String",
        "value": "kvname"
      },
      "location": {
        "type": "String",
        "value": "westeurope"
      },
      "sku": {
        "type": "String",
        "value": "Standard"
      },
      "accessPolicies": {
        "type": "Array",
        "value": [
          {
            "objectId": "objid",
            "tenantId": "tenantId",
            "permissions": {
              "keys": "",
              "secrets": "Get List Set Delete Recover Backup Restore",
              "certificates": ""
            },
            "applicationId": null
          }
        ]
      },
      "tenantId": {
        "type": "String",
        "value": "tenantId"
      }
    },
    "mode": "Incremental",
    "provisioningState": "Succeeded",
    "timestamp": "2020-12-01T10:25:06.3031798Z",
    "duration": "PT0S",
    "correlationId": "7c16b74d-fff5-4d05-90e7-5b352f4f3781",
    "providers": [
      {
        "namespace": "Microsoft.KeyVault",
        "resourceTypes": [
          {
            "resourceType": "vaults",
            "locations": [
              "westeurope"
            ]
          }
        ]
      }
    ],
    "dependencies": [],
    "validatedResources": [
      {
        "id": "subscriptions/subscriptionId/resourcegroups/resourcegroupname/providers/Microsoft.KeyVault/vaults/psmccom-ti-cred"
      }
    ]
  }
}

Bestätigung
Vorgang fortsetzen?
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): j
VERBOSE: 11:25:06 - Template is valid.
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PUT

Absolute Uri:
https://management.azure.com/subscriptions/subscriptionId/resourcegroups/resourcegroupname/providers/Microsoft.Resources/deployments/addKeyVault?api-version=2020-06-01

Headers:
x-ms-client-request-id        : 68ef6731-a7db-40fa-b628-f5e47a53d10f
accept-language               : en-US

Body:
{
  "properties": {
    "template": {
      "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
      "contentVersion": "1.0.0.0",
      "parameters": {
        "name": {
          "type": "string",
          "defaultValue": "kvname"
        },
        "location": {
          "type": "string",
          "defaultValue": "[resourceGroup().location]"
        },
        "sku": {
          "type": "string",
          "defaultValue": "Standard"
        },
        "accessPolicies": {
          "type": "array",
          "defaultvalue": [
            {
              "objectId": "objId",
              "tenantId": "[subscription().tenantId]",
              "permissions": {
                "keys": "",
                "secrets": "Get List Set Delete Recover Backup Restore",
                "certificates": ""
              },
              "applicationId": null
            }
          ]
        },
        "tenantId": {
          "type": "string",
          "defaultValue": "[subscription().tenantId]",
          "metadata": {
            "description": "Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Get it by using Get-AzSubscription cmdlet."
          }
        }
      },
      "variables": {},
      "resources": [
        {
          "type": "Microsoft.KeyVault/vaults",
          "name": "[parameters('name')]",
          "location": "[parameters('location')]",
          "apiVersion": "2019-09-01",
          "tags": {
            "displayName": "KeyVault"
          },
          "properties": {
            "enabledForDeployment": false,
            "enabledForTemplateDeployment": false,
            "enabledForDiskEncryption": false,
            "enableSoftDelete": true,
            "softDeleteRetentionInDays": 90,
            "tenantId": "[parameters('tenantId')]",
            "accessPolicies": "[parameters('accessPolicies')]",
            "sku": {
              "name": "[parameters('sku')]",
              "family": "A"
            },
            "networkAcls": {
              "defaultAction": "Allow",
              "bypass": "AzureServices"
            }
          }
        }
      ],
      "outputs": {}
    },
    "parameters": {},
    "mode": "Incremental"
  }
}

Bestätigung
Vorgang fortsetzen?
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): j
DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
Azure-AsyncOperation          : https://management.azure.com/subscriptions/subscriptionId/resourcegroups/resourcegroupname/providers/Microsoft.Resources/deployments/addKeyVault/operationStatuses/08585947885738533236?api-version=2020-06-01
x-ms-ratelimit-remaining-subscription-writes: 1198
x-ms-request-id               : fc6451a2-6540-46b2-88d1-a936dd626ca3
x-ms-correlation-request-id   : fc6451a2-6540-46b2-88d1-a936dd626ca3
x-ms-routing-request-id       : GERMANYWESTCENTRAL:20201201T102511Z:fc6451a2-6540-46b2-88d1-a936dd626ca3
Strict-Transport-Security     : max-age=31536000; includeSubDomains
X-Content-Type-Options        : nosniff
Cache-Control                 : no-cache
Date                          : Tue, 01 Dec 2020 10:25:11 GMT

Body:
{
  "id": "subscriptions/subscriptionId/resourcegroups/resourcegroupname/providers/Microsoft.Resources/deployments/addKeyVault",
  "name": "addKeyVault",
  "type": "Microsoft.Resources/deployments",
  "properties": {
    "templateHash": "9468291095648279112",
    "parameters": {
      "name": {
        "type": "String",
        "value": "kvName"
      },
      "location": {
        "type": "String",
        "value": "westeurope"
      },
      "sku": {
        "type": "String",
        "value": "Standard"
      },
      "accessPolicies": {
        "type": "Array",
        "value": [
          {
            "objectId": "objId",
            "tenantId": "tenantId",
            "permissions": {
              "keys": "",
              "secrets": "Get List Set Delete Recover Backup Restore",
              "certificates": ""
            },
            "applicationId": null
          }
        ]
      },
      "tenantId": {
        "type": "String",
        "value": "tenantId"
      }
    },
    "mode": "Incremental",
    "provisioningState": "Accepted",
    "timestamp": "2020-12-01T10:25:11.8564464Z",
    "duration": "PT0.2321564S",
    "correlationId": "fc6451a2-6540-46b2-88d1-a936dd626ca3",
    "providers": [
      {
        "namespace": "Microsoft.KeyVault",
        "resourceTypes": [
          {
            "resourceType": "vaults",
            "locations": [
              "westeurope"
            ]
          }
        ]
      }
    ],
    "dependencies": []
  }
}

Bestätigung
Vorgang fortsetzen?
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): j
VERBOSE: 11:25:12 - Create template deployment 'addKeyVault'
VERBOSE: 11:25:15 - Checking deployment status in 5 seconds
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions/subscriptionId/resourcegroups/resourcegroupname/deployments/addKeyVault/operations?api-version=2020-06-01

Headers:
x-ms-client-request-id        : 90f688d0-52dd-42f9-843b-f90ea5029fb2
accept-language               : en-US

Body:

Bestätigung
Vorgang fortsetzen?
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): j
DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
x-ms-ratelimit-remaining-subscription-reads: 11982
x-ms-request-id               : 12ca4085-1396-4531-a0f3-bcc47cc46fc3
x-ms-correlation-request-id   : 12ca4085-1396-4531-a0f3-bcc47cc46fc3
x-ms-routing-request-id       : GERMANYWESTCENTRAL:20201201T102519Z:12ca4085-1396-4531-a0f3-bcc47cc46fc3
Strict-Transport-Security     : max-age=31536000; includeSubDomains
X-Content-Type-Options        : nosniff
Cache-Control                 : no-cache
Date                          : Tue, 01 Dec 2020 10:25:19 GMT

Body:
{
  "value": [
    {
      "id": "subscriptions/subscriptionId/resourcegroups/resourcegroupname/providers/Microsoft.Resources/deployments/addKeyVault/operations/D5E656753912A57A",
      "operationId": "D5E656753912A57A",
      "properties": {
        "provisioningOperation": "Create",
        "provisioningState": "Failed",
        "timestamp": "2020-12-01T10:25:13.1328085Z",
        "duration": "PT1.048678S",
        "trackingId": "1f6559f5-f794-47e6-ac5c-a690460bf69f",
        "serviceRequestId": "c673774d-a445-4768-99e3-f638fe1adbe7",
        "statusCode": "BadRequest",
        "statusMessage": {
          "status": "Failed",
          "error": {
            "code": "BadRequest",
            "message": "Bad JSON content found in the request."
          }
        },
        "targetResource": {
          "id": "subscriptions/subscriptionId/resourcegroups/resourcegroupname/providers/Microsoft.KeyVault/vaults/psmccom-ti-cred",
          "resourceType": "Microsoft.KeyVault/vaults",
          "resourceName": "kvname"
        }
      }
    }
  ]
}

Bestätigung
Vorgang fortsetzen?
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): J
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions/subscriptionId/resourcegroups/resourcegroupname/providers/Microsoft.Resources/deployments/addKeyVault?api-version=2020-06-01

Headers:
x-ms-client-request-id        : 7d2a911a-32f6-4419-a5ba-8c47525a94f3
accept-language               : en-US

Body:

Bestätigung
Vorgang fortsetzen?
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): J
DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
x-ms-ratelimit-remaining-subscription-reads: 11981
x-ms-request-id               : 34572e39-4ca3-4cf0-af8d-fb8487c16f0a
x-ms-correlation-request-id   : 34572e39-4ca3-4cf0-af8d-fb8487c16f0a
x-ms-routing-request-id       : GERMANYWESTCENTRAL:20201201T102519Z:34572e39-4ca3-4cf0-af8d-fb8487c16f0a
Strict-Transport-Security     : max-age=31536000; includeSubDomains
X-Content-Type-Options        : nosniff
Cache-Control                 : no-cache
Date                          : Tue, 01 Dec 2020 10:25:19 GMT

Body:
{
  "id": "/subscriptions/subscriptionId/resourcegroups/resourcegroupname/providers/Microsoft.Resources/deployments/addKeyVault",
  "name": "addKeyVault",
  "type": "Microsoft.Resources/deployments",
  "properties": {
    "templateHash": "9468291095648279112",
    "parameters": {
      "name": {
        "type": "String",
        "value": "kvname"
      },
      "location": {
        "type": "String",
        "value": "westeurope"
      },
      "sku": {
        "type": "String",
        "value": "Standard"
      },
      "accessPolicies": {
        "type": "Array",
        "value": [
          {
            "objectId": "objId",
            "tenantId": "tenantId",
            "permissions": {
              "keys": "",
              "secrets": "Get List Set Delete Recover Backup Restore",
              "certificates": ""
            },
            "applicationId": null
          }
        ]
      },
      "tenantId": {
        "type": "String",
        "value": "tenantId"
      }
    },
    "mode": "Incremental",
    "provisioningState": "Failed",
    "timestamp": "2020-12-01T10:25:13.2609024Z",
    "duration": "PT1.6366124S",
    "correlationId": "fc6451a2-6540-46b2-88d1-a936dd626ca3",
    "providers": [
      {
        "namespace": "Microsoft.KeyVault",
        "resourceTypes": [
          {
            "resourceType": "vaults",
            "locations": [
              "westeurope"
            ]
          }
        ]
      }
    ],
    "dependencies": [],
    "error": {
      "code": "DeploymentFailed",
      "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
      "details": [
        {
          "code": "BadRequest",
          "message": "Bad JSON content found in the request."
        }
      ]
    }
  }
}

Bestätigung
Vorgang fortsetzen?
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): J
Bestätigung
11:25:20 - The deployment 'addKeyVault' failed with error(s). Showing 1 out of 1 error(s).
Status Message: Bad JSON content found in the request. (Code:BadRequest)

CorrelationId: fc6451a2-6540-46b2-88d1-a936dd626ca3
[J] Ja [A] Ja, alle [B] Befehl anhalten [H] Anhalten [?] Help (default is "Ja"): J
New-AzResourceGroupDeployment : 11:25:20 - The deployment 'addKeyVault' failed with error(s). Showing 1 out of 1 error(s).
Status Message: Bad JSON content found in the request. (Code:BadRequest)
CorrelationId: fc6451a2-6540-46b2-88d1-a936dd626ca3
In C:\_dev\CANCOM%20Teams%20Intelligence\runbooks\createResources.ps1:182 Zeichen:23
+ ... loyResult = New-AzResourceGroupDeployment -Name "addKeyVault" -Resour ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-AzResourceGroupDeployment], Exception
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet

DEBUG: AzureQoSEvent: CommandName - New-AzResourceGroupDeployment; IsSuccess - False; Duration - 00:05:32.0699732;; Exception - System.Exception: 11:25:20 - The deployment 'addKeyVault' failed with error(s). Showing 1 out of 1 error(s).    
Status Message: Bad JSON content found in the request. (Code:BadRequest)`
arjgupta commented 3 years ago

@RedmanAC I am closing this issue. The action is working correctly, in that it is able to execute the script you are providing it. the issue seems to be with the template you are using. If you deploy directly from the azure portal, you will encounter the same issue. You should refer to keyvault templates in the azure-quickstart-templates repo or try raising an issue there.