Skip to content
Advertisement

Azure SQL Password not meet complexity when coming from keyvault but not when coming from variable

I’m trying to create an Azure SQL Server in Azure with json ARM. In my json, when I put a password into a variable, the installation is ok. When I get the same password from a keyvault, it doesn’t meet the complexity policy.

My template is valid but the error message appear when creating sql ressource

Password validation failed. The password does not meet policy requirements because it is not complex enough.

The password I use is: P@ssw0rd01isCompleX

I think I have configured the json properly, it doesn’t work. I have removed the call to the keyvault in the json parameter to let Visual Studio create it for me…same result. I have try different password.

I’m working with Visual Studio, so I have removed the call to the keyvault to let Visual Studio add it for me….same result

The keyvault is set to Enable Access to Azure Resource Manager for Template.

The output of the deploiement show me blank value for the password, maybe it’s normal, maybe it’s the symptom….

17:51:46 – Name Type Value
17:51:46 – ===============
17:51:46 – environmentName String dev
17:51:46 – adminlogin String adminlogin

17:51:46 – apv-eun-dev-sql SecureString
17:51:46 – utcValue String 2019-05-16 T15:51:40 +00:00

Do you have an idea about the cause of this ?

json file:

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "EnvironmentName": {
      "type": "string",
      "allowedValues": [
        "prod",
        "pprd",
        "uat",
        "dev"
      ]
    },
    "adminlogin": {
      "type": "string"
    },
    "apv-eun-dev-sql": {
      "type": "securestring"
    },
    "utcValue": {
      "type": "string",
      "defaultValue": "[utcNow('yyyy-MM-dd THH:mm:ss zzzz')]"
    }
  },
  "variables": {
  },
  "resources": [
    {
      "apiVersion": "2015-05-01-preview",
      "type": "Microsoft.Sql/servers",
      "location": "[resourceGroup().location]",
      "name": "[concat('apv-eun-', parameters('EnvironmentName'),'-sql-001')]",
      "properties": {
        "administratorLogin": "parameters('adminlogin')",
        "administratorLoginPassword": "parameters('apv-eun-dev-sql')",
        "version": "12.0"
      },
      "tags": { "ONEData": "Rules" }
    }
  ],
  "outputs": {}
}

json parameters file:

{

  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",

  "contentVersion": "1.0.0.0",

  "parameters": {
    "EnvironmentName": {
      "value": "dev"
    },
    "adminlogin": {
      "value": "adminlogin"
    },
    "apv-eun-dev-sql": {
      "reference": {
        "keyVault": {
          "id": "/subscriptions/XXX/resourceGroups/XXX/providers/Microsoft.KeyVault/vaults/apv-eun-dev-akv-001"
        },
        "secretName": "apv-eun-dev-sql"
      }
    }
  }
}

Advertisement

Answer

Am not sure but it seems to be a syntax problem.

In your json file, you have : 

"administratorLogin": "parameters('adminlogin')",
"administratorLoginPassword": "parameters('apv-eun-dev-sql')"

While it should be :

"administratorLogin": "[parameters('adminlogin')]",
"administratorLoginPassword": "[parameters('apv-eun-dev-sql')]"

Sources : https://github.com/rjmax/ArmExamples/blob/master/keyvaultexamples/KeyVaultUse.parameters.json

https://github.com/rjmax/ArmExamples/blob/master/keyvaultexamples/KeyVaultUse.json

https://docs.microsoft.com/fr-fr/azure/azure-resource-manager/resource-manager-keyvault-parameter

User contributions licensed under: CC BY-SA
2 People found this is helpful
Advertisement