I’m trying to create an Azure SQL Server in Azure with json ARM. In my json, when I put a password into a variable, the installation is ok. When I get the same password from a keyvault, it doesn’t meet the complexity policy.
My template is valid but the error message appear when creating sql ressource
Password validation failed. The password does not meet policy requirements because it is not complex enough.
The password I use is: P@ssw0rd01isCompleX
I think I have configured the json properly, it doesn’t work. I have removed the call to the keyvault in the json parameter to let Visual Studio create it for me…same result. I have try different password.
I’m working with Visual Studio, so I have removed the call to the keyvault to let Visual Studio add it for me….same result
The keyvault is set to Enable Access to Azure Resource Manager for Template.
The output of the deploiement show me blank value for the password, maybe it’s normal, maybe it’s the symptom….
17:51:46 – Name Type Value
17:51:46 – ===============
17:51:46 – environmentName String dev
17:51:46 – adminlogin String adminlogin
17:51:46 – apv-eun-dev-sql SecureString
17:51:46 – utcValue String 2019-05-16 T15:51:40 +00:00
Do you have an idea about the cause of this ?
json file:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"EnvironmentName": {
"type": "string",
"allowedValues": [
"prod",
"pprd",
"uat",
"dev"
]
},
"adminlogin": {
"type": "string"
},
"apv-eun-dev-sql": {
"type": "securestring"
},
"utcValue": {
"type": "string",
"defaultValue": "[utcNow('yyyy-MM-dd THH:mm:ss zzzz')]"
}
},
"variables": {
},
"resources": [
{
"apiVersion": "2015-05-01-preview",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"name": "[concat('apv-eun-', parameters('EnvironmentName'),'-sql-001')]",
"properties": {
"administratorLogin": "parameters('adminlogin')",
"administratorLoginPassword": "parameters('apv-eun-dev-sql')",
"version": "12.0"
},
"tags": { "ONEData": "Rules" }
}
],
"outputs": {}
}
json parameters file:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"EnvironmentName": {
"value": "dev"
},
"adminlogin": {
"value": "adminlogin"
},
"apv-eun-dev-sql": {
"reference": {
"keyVault": {
"id": "/subscriptions/XXX/resourceGroups/XXX/providers/Microsoft.KeyVault/vaults/apv-eun-dev-akv-001"
},
"secretName": "apv-eun-dev-sql"
}
}
}
}
Advertisement
Answer
Am not sure but it seems to be a syntax problem.
In your json file, you have :
"administratorLogin": "parameters('adminlogin')",
"administratorLoginPassword": "parameters('apv-eun-dev-sql')"
While it should be :
"administratorLogin": "[parameters('adminlogin')]",
"administratorLoginPassword": "[parameters('apv-eun-dev-sql')]"
Sources : https://github.com/rjmax/ArmExamples/blob/master/keyvaultexamples/KeyVaultUse.parameters.json
https://github.com/rjmax/ArmExamples/blob/master/keyvaultexamples/KeyVaultUse.json
https://docs.microsoft.com/fr-fr/azure/azure-resource-manager/resource-manager-keyvault-parameter