[x] bug report -> please search issues before submitting
[ ] documentation issue or request
[ ] regression (a behavior that used to work and stopped in a new release)
Issue description
I am trying to use the preview feature for importing a certificate from Azure Key Vault with Bicep. I wish to dynamically pass the URI to the Key Vault Secret as a property (keyVaultUrl: certsecret.properties.secretUriWithVersion):
When I try to deploy the Certificate this way, the deployment fails with the following error:
{
"code": "InvalidTemplateDeployment",
"message": "The template deployment 'Deploy-ContainerAppEnv-20240605T111846Z' is not valid according to the validation procedure. The tracking id is 'fbd225e2-cd87-4b85-863b-5b11ad8ba5c6'. See inner errors for details.",
"details": [
{
"code": "ValidationForResourceFailed",
"message": "Validation failed for a resource. Check 'Error.Details[0]' for more information.",
"details": [
{
"code": "CertificateKeyVaultUrlInvalid",
"message": "Certificate key vault url '[reference(resourceId('Microsoft.KeyVault/vaults/secrets', parameters('keyvaultName'), parameters('certificateName')), '2023-07-01').secretUriWithVersion]' is invalid. Should be a valid URL pointing to the Azure Key Vault secret that holds the certificate."
}
]
}
]
}
When I pass the actual value of the Secret URI, instead of certsecret.properties.secretUriWithVersion, the deployment works. Another workaround is to put the Certificate deployment in a module with the keyVaultUrl as a parameter, and do the evaluation of certsecret.properties.secretUriWithVersion in the parent bicep file.
Steps to reproduce
Use the bicep content above to deploy a Container Apps Env Certificate with Key Vault reference.
Expected behavior [What you expected to happen.]
The dynamic property (ARM: [reference(resourceId('Microsoft.KeyVault/vaults/secrets', parameters('keyvaultName'), parameters('certificateName')), '2023-07-01').secretUriWithVersion]) gets evaluated by the API, like everywhere else in ARM/Bicep deployments.
Actual behavior [What actually happened.]
The dynamic property (ARM: [reference(resourceId('Microsoft.KeyVault/vaults/secrets', parameters('keyvaultName'), parameters('certificateName')), '2023-07-01').secretUriWithVersion]) is taken as a literary value by the API.
Additional context
I'm using Azure Devops pipelines for deployment, which uses az-cli as the underlying tool for deployment.
This issue is a: (mark with an x)
Issue description
I am trying to use the preview feature for importing a certificate from Azure Key Vault with Bicep. I wish to dynamically pass the URI to the Key Vault Secret as a property (
keyVaultUrl: certsecret.properties.secretUriWithVersion
):When I try to deploy the Certificate this way, the deployment fails with the following error:
When I pass the actual value of the Secret URI, instead of
certsecret.properties.secretUriWithVersion
, the deployment works. Another workaround is to put the Certificate deployment in a module with thekeyVaultUrl
as a parameter, and do the evaluation ofcertsecret.properties.secretUriWithVersion
in the parent bicep file.Steps to reproduce
Expected behavior [What you expected to happen.] The dynamic property (ARM:
[reference(resourceId('Microsoft.KeyVault/vaults/secrets', parameters('keyvaultName'), parameters('certificateName')), '2023-07-01').secretUriWithVersion]
) gets evaluated by the API, like everywhere else in ARM/Bicep deployments.Actual behavior [What actually happened.] The dynamic property (ARM:
[reference(resourceId('Microsoft.KeyVault/vaults/secrets', parameters('keyvaultName'), parameters('certificateName')), '2023-07-01').secretUriWithVersion]
) is taken as a literary value by the API.Additional context
I'm using Azure Devops pipelines for deployment, which uses az-cli as the underlying tool for deployment.