-
Notifications
You must be signed in to change notification settings - Fork 730
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to deploy custom domain for front door #14370
Comments
@AndriyDmytrenko I couldn't reproduce this with the sample that you shared. Would you mind sharing the full If you see a correlationId in the error message, it would also be really helpful to share this - that'll help us understand where the failure happened in the service. |
Sure, I will need to prepare an example to remove sensitive information and minimize the case. |
Full sample main.bicep file @description('Certificates key vault resource group name')
param certificateKeyVaultResourceGroupName string
@description('Certificate key vault name')
param certificateKeyVaultName string
@description('Certificate key vault secret name')
param certificateKeyVaultSecretName string
@description('Environment name')
param environmentName string
@description('Custom domain name')
param customDomainName string
@description('Front door name')
param frontDoorName string
var customDomainResourceName = replace(customDomainName, '.', '-')
resource existingFrontDoor 'Microsoft.Cdn/profiles@2024-02-01' existing = {
name: frontDoorName
}
resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
scope: resourceGroup(certificateKeyVaultResourceGroupName)
name: certificateKeyVaultName
resource secret 'secrets' existing = {
name: certificateKeyVaultSecretName
}
}
resource frontDoorSecret 'Microsoft.Cdn/profiles/secrets@2023-05-01' = {
name: '${environmentName}-secret'
parent: existingFrontDoor
properties: {
parameters: {
secretSource: {
id: keyVault::secret.id
}
type: 'CustomerCertificate'
useLatestVersion: true
}
}
}
resource customDomain 'Microsoft.Cdn/profiles/customDomains@2023-05-01' = {
parent: existingFrontDoor
name: customDomainResourceName
properties: {
hostName: customDomainName
tlsSettings: {
certificateType: 'CustomerCertificate'
secret: frontDoorSecret
minimumTlsVersion: 'TLS12'
}
}
}
main.bicepparam template using './main.bicep'
param certificateKeyVaultResourceGroupName = ''
param certificateKeyVaultName = ''
param certificateKeyVaultSecretName = ''
param environmentName = ''
param customDomainName = ''
param frontDoorName = '' the command to deploy az deployment group create --template-file main.bicep --resource-group frontdoor-rg --parameters main.bicepparam I used another subscription and another resource instances, the error is the same correlation id: c960a685-67e1-4d7e-90f2-12bc833cddff |
Hey there! I think that secret in customDomains is like this:
Hope this helps! |
@hljstevens , you're totally right, thanks for pointing it. Dumb issue. |
Bicep version
Bicep CLI version 0.28.1 (ba1e9f8)
Describe the bug
Unable to deploy custom domain for front door using customer managed certificate from key vault
To Reproduce
The error message is:
"message": "Could not find member 'scope' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.scope', line 1, position 1125. Could not find member 'existing' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.existing', line 1, position 1258. Could not find member 'isAction' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.isAction', line 1, position 1302. Could not find member 'condition' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.condition', line 1, position 921. Could not find member 'apiVersion' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.apiVersion', line 1, position 148. Could not find member 'properties' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.properties', line 1, position 174. Could not find member 'resourceId' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.resourceId', line 1, position 1141. Could not find member 'subscriptionId' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.subscriptionId', line 1, position 1032. Could not find member 'isConditionTrue' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.isConditionTrue', line 1, position 1010. Could not find member 'resourceGroupName' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.resourceGroupName', line 1, position 1091. Could not find member 'isTemplateResource' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.isTemplateResource', line 1, position 1285. Could not find member 'referenceApiVersion' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.referenceApiVersion', line 1, position 1234. Could not find member 'provisioningOperation' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.provisioningOperation', line 1, position 1370. Could not find member 'deploymentResourceLineInfo' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.deploymentResourceLineInfo', line 1, position 955. Could not find member 'isExtensibleResourceReference' on object of type 'ResourceReference'. Path 'properties.tlsSettings.secret.isExtensibleResourceReference', line 1, position 1340."
Commenting out the customDomain resource leads to successful deployment.
Additional context
Also tried with existent front door secret with the same issue.
The text was updated successfully, but these errors were encountered: