Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to deploy custom domain for front door #14370

Closed
Tracked by #14190
AndriyDmytrenko opened this issue Jun 19, 2024 · 5 comments
Closed
Tracked by #14190

Unable to deploy custom domain for front door #14370

AndriyDmytrenko opened this issue Jun 19, 2024 · 5 comments
Assignees
@anthony-c-martin
Labels
bug Something isn't working story: symbolic names
Milestone
v1.0

Comments

@AndriyDmytrenko
Copy link

AndriyDmytrenko commented Jun 19, 2024
edited by anthony-c-martin
Loading

Bicep version
Bicep CLI version 0.28.1 (ba1e9f8)

Describe the bug
Unable to deploy custom domain for front door using customer managed certificate from key vault

To Reproduce

resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
  scope: resourceGroup(certificateKeyVaultResourceGroupName)
  name: certificateKeyVaultName

  resource secret 'secrets' existing = {
    name: certificateKeyVaultSecretName
  }
}

resource frontDoorSecret 'Microsoft.Cdn/profiles/secrets@2023-05-01' = {
  name: '${environmentName}-secret'
  parent: existingFrontDoor
  properties: {
    parameters: {
      secretSource: {
        id: keyVault::secret.id
      }
      type: 'CustomerCertificate'
      useLatestVersion: true
    }
  }
}

resource customDomain 'Microsoft.Cdn/profiles/customDomains@2023-05-01' = {
  parent: existingFrontDoor
  name: customDomainResourceName
  properties: {
    hostName: customDomainName
    tlsSettings: {
      certificateType: 'CustomerCertificate'
      secret: frontDoorSecret
      minimumTlsVersion: 'TLS12'
    }
  }
}

The error message is:
"message": "Could not find member 'scope' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.scope', line 1, position 1125. Could not find member 'existing' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.existing', line 1, position 1258. Could not find member 'isAction' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.isAction', line 1, position 1302. Could not find member 'condition' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.condition', line 1, position 921. Could not find member 'apiVersion' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.apiVersion', line 1, position 148. Could not find member 'properties' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.properties', line 1, position 174. Could not find member 'resourceId' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.resourceId', line 1, position 1141. Could not find member 'subscriptionId' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.subscriptionId', line 1, position 1032. Could not find member 'isConditionTrue' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.isConditionTrue', line 1, position 1010. Could not find member 'resourceGroupName' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.resourceGroupName', line 1, position 1091. Could not find member 'isTemplateResource' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.isTemplateResource', line 1, position 1285. Could not find member 'referenceApiVersion' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.referenceApiVersion', line 1, position 1234. Could not find member 'provisioningOperation' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.provisioningOperation', line 1, position 1370. Could not find member 'deploymentResourceLineInfo' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.deploymentResourceLineInfo', line 1, position 955. Could not find member 'isExtensibleResourceReference' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.isExtensibleResourceReference', line 1, position 1340."

Commenting out the customDomain resource leads to successful deployment.

Additional context
Also tried with existent front door secret with the same issue.
@anthony-c-martin anthony-c-martin mentioned this issue Jun 19, 2024
Open
@anthony-c-martin anthony-c-martin added bug Something isn't working and removed Needs: Triage 🔍 labels Jun 19, 2024
@anthony-c-martin anthony-c-martin added this to the v1.0 milestone Jun 19, 2024
@anthony-c-martin anthony-c-martin self-assigned this Jun 19, 2024
@anthony-c-martin
Copy link
Member

@AndriyDmytrenko I couldn't reproduce this with the sample that you shared. Would you mind sharing the full .bicep file as well as the command you are using to deploy it?

If you see a correlationId in the error message, it would also be really helpful to share this - that'll help us understand where the failure happened in the service.

@AndriyDmytrenko
Copy link
Author

@AndriyDmytrenko I couldn't reproduce this with the sample that you shared. Would you mind sharing the full .bicep file as well as the command you are using to deploy it?

If you see a correlationId in the error message, it would also be really helpful to share this - that'll help us understand where the failure happened in the service.

Sure, I will need to prepare an example to remove sensitive information and minimize the case.
I have found some Deployment Correlation ID related to the error, maybe it helps - be89984e-fdf4-4aae-857d-f7e142f38d3b

@AndriyDmytrenko
Copy link
Author

AndriyDmytrenko commented Jun 22, 2024
edited
Loading

Full sample main.bicep file

@description('Certificates key vault resource group name')
param certificateKeyVaultResourceGroupName string

@description('Certificate key vault name')
param certificateKeyVaultName string

@description('Certificate key vault secret name')
param certificateKeyVaultSecretName string

@description('Environment name')
param environmentName string

@description('Custom domain name')
param customDomainName string

@description('Front door name')
param frontDoorName string

var customDomainResourceName = replace(customDomainName, '.', '-')

resource existingFrontDoor 'Microsoft.Cdn/profiles@2024-02-01' existing = {
  name: frontDoorName
}

resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
  scope: resourceGroup(certificateKeyVaultResourceGroupName)
  name: certificateKeyVaultName

  resource secret 'secrets' existing = {
    name: certificateKeyVaultSecretName
  }
}

resource frontDoorSecret 'Microsoft.Cdn/profiles/secrets@2023-05-01' = {
  name: '${environmentName}-secret'
  parent: existingFrontDoor
  properties: {
    parameters: {
      secretSource: {
        id: keyVault::secret.id
      }
      type: 'CustomerCertificate'
      useLatestVersion: true
    }
  }
}

resource customDomain 'Microsoft.Cdn/profiles/customDomains@2023-05-01' = {
  parent: existingFrontDoor
  name: customDomainResourceName
  properties: {
    hostName: customDomainName
    tlsSettings: {
      certificateType: 'CustomerCertificate'
      secret: frontDoorSecret
      minimumTlsVersion: 'TLS12'
    }
  }
}

main.bicepparam template

using './main.bicep'

param certificateKeyVaultResourceGroupName = ''
param certificateKeyVaultName = ''
param certificateKeyVaultSecretName = ''
param environmentName = ''
param customDomainName = ''
param frontDoorName = ''

the command to deploy

az deployment group create --template-file main.bicep --resource-group frontdoor-rg --parameters main.bicepparam

I used another subscription and another resource instances, the error is the same
{"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/***********/resourceGroups/frontdoor-rg/providers/Microsoft.Resources/deployments/main","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"InvalidResource","message":"Could not find member 'scope' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.scope', line 1, position 979. Could not find member 'existing' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.existing', line 1, position 1105. Could not find member 'isAction' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.isAction', line 1, position 1149. Could not find member 'condition' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.condition', line 1, position 784. Could not find member 'apiVersion' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.apiVersion', line 1, position 129. Could not find member 'properties' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.properties', line 1, position 155. Could not find member 'resourceId' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.resourceId', line 1, position 995. Could not find member 'subscriptionId' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.subscriptionId', line 1, position 893. Could not find member 'isConditionTrue' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.isConditionTrue', line 1, position 871. Could not find member 'resourceGroupName' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.resourceGroupName', line 1, position 952. Could not find member 'isTemplateResource' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.isTemplateResource', line 1, position 1132. Could not find member 'referenceApiVersion' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.referenceApiVersion', line 1, position 1081. Could not find member 'provisioningOperation' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.provisioningOperation', line 1, position 1217. Could not find member 'deploymentResourceLineInfo' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.deploymentResourceLineInfo', line 1, position 818. Could not find member 'isExtensibleResourceReference' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.isExtensibleResourceReference', line 1, position 1187."}]}}

correlation id: c960a685-67e1-4d7e-90f2-12bc833cddff

@hljstevens
Copy link

Hey there! I think that secret in customDomains is like this:

resource customDomain 'Microsoft.Cdn/profiles/customDomains@2023-05-01' = {
  parent: existingFrontDoor
  name: customDomainResourceName
  properties: {
    hostName: customDomainName
    tlsSettings: {
      certificateType: 'CustomerCertificate'
      secret: {
        id: frontDoorSecret.id
      }
      minimumTlsVersion: 'TLS12'
    }
  }
}

https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/customdomains?pivots=deployment-language-bicep#resource-format

Hope this helps!

@AndriyDmytrenko
Copy link
Author

@hljstevens , you're totally right, thanks for pointing it. Dumb issue.
Closing it, thanks everyone.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@anthony-c-martin anthony-c-martin

Labels
bug Something isn't working story: symbolic names
Projects
Bicep
Status: Done
Milestone
v1.0
Development

No branches or pull requests
3 participants
@anthony-c-martin @AndriyDmytrenko @hljstevens