ARM Template: Resource Not Found Errors when grabbing outputs from Vault and Secrets

Matthew Pointer 1 Reputation point
2021-05-13T16:03:10.5+00:00

Sample Template to replicate the issue (ID's have been replaced with "redacted-guid"):

   {
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "rgName": {
            "type": "string",
            "defaultValue": "sample"
        },
        "vaultName": {
            "type": "string",
            "defaultValue": "TestVault333555"
        }
    },
    "variables": {

    },
    "resources": [
        {
            "type": "Microsoft.Resources/resourceGroups",
            "apiVersion": "2018-05-01",
            "location": "West US",
            "name": "[parameters('rgName')]",
            "properties": {}
        },
        {
            "type": "Microsoft.Resources/deployments",
            "apiVersion": "2017-05-10",
            "name": "keyVaultsDeployment",
            "resourceGroup": "[parameters('rgName')]",
            "dependsOn": [
                "[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]"
            ],
            "properties": {
                "mode": "Incremental",
                "template": {
                    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                    "contentVersion": "1.0.0.0",
                    "parameters": {},
                    "variables": {},
                    "resources": [
                        {
                            "type": "Microsoft.KeyVault/vaults",
                            "apiVersion": "2020-04-01-preview",
                            "name": "[parameters('vaultName')]",
                            "location": "westus",
                            "tags": {
                                "Environment": "Development",
                                "ResourceType": "Vaults"
                            },
                            "properties": {
                                "sku": {
                                    "family": "A",
                                    "name": "Standard"
                                },
                                "tenantId": "redacted-guid",
                                "accessPolicies": [
                                    {
                                        "tenantId": "redacted-guid",
                                        "objectId": "redacted-guid",
                                        "permissions": {
                                            "keys": [
                                                "Get"
                                            ],
                                            "secrets": [
                                                "Get"
                                            ],
                                            "certificates": []
                                        }
                                    },
                                    {
                                        "tenantId": "redacted-guid",
                                        "objectId": "redacted-guid",
                                        "permissions": {
                                            "keys": [
                                                "Get",
                                                "List",
                                                "Update",
                                                "Create",
                                                "Import",
                                                "Delete",
                                                "Recover",
                                                "Backup",
                                                "Restore"
                                            ],
                                            "secrets": [
                                                "Get",
                                                "List",
                                                "Set",
                                                "Delete",
                                                "Recover",
                                                "Backup",
                                                "Restore"
                                            ],
                                            "certificates": [
                                                "Get",
                                                "List",
                                                "Update",
                                                "Create",
                                                "Import",
                                                "Delete",
                                                "Recover",
                                                "Backup",
                                                "Restore",
                                                "ManageContacts",
                                                "ManageIssuers",
                                                "GetIssuers",
                                                "ListIssuers",
                                                "SetIssuers",
                                                "DeleteIssuers"
                                            ]
                                        }
                                    }
                                ],
                                "enabledForDeployment": false,
                                "enabledForDiskEncryption": false,
                                "enabledForTemplateDeployment": false,
                                "enableSoftDelete": true,
                                "softDeleteRetentionInDays": 90,
                                "enableRbacAuthorization": false,
                                "enablePurgeProtection": true,
                                "provisioningState": "Succeeded"
                            }
                        },
                        {
                            "type": "Microsoft.KeyVault/vaults/secrets",
                            "apiVersion": "2020-04-01-preview",
                            "name": "[concat(parameters('vaultName'), '/SECRET')]",
                            "location": "westus",
                            "dependsOn": [
                                "[resourceId('Microsoft.KeyVault/vaults', parameters('vaultName'))]"
                            ],
                            "properties": {
                                "attributes": {
                                    "enabled": true
                                },
                                "value": "redacted-guid"
                            }
                        }
                    ],
                    "outputs": {
                        "secret": {
                            "type": "string",
                            "value": "[reference(resourceId('Microsoft.KeyVault/vaults/secrets', parameters('vaultName'), 'SECRET'), '2017-05-10', 'Full').secretUri]"
                        },
                        "vaultLocation": {
                            "type": "string",
                            "value": "[reference(resourceId('Microsoft.KeyVault/vaults', parameters('vaultName')), '2017-05-10', 'Full').location]"
                        }
                    }
                }
            }
        }
    ],
    "outputs": {

    }
    }

Errors:

2021-05-11T20:54:39.6696772Z ##[error]NotFound: {
"error": {
"code": "ResourceNotFound",
"message": "The Resource 'Microsoft.KeyVault/vaults/TestVault333555' under resource group '<null>'
was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix"
}
}
2021-05-11T20:54:39.6698437Z ##[error]NotFound: {
"error": {
"code": "ParentResourceNotFound",
"message": "Can not perform requested operation on nested resource. Parent resource 'TestVault333555'
not found."
}
}
I've tried lots of variations of the Output Syntax, as well as trying the other output array, but have come up with nothing. The resources actually do get created (the key Vault, resource group, and secret) but as soon as I try to output data from them, I get these errors.

In DevOps, under the release pipeline, in the "ARM Template Deployment" job, I have set the deployment scope to "Subscription" since I'm trying to create a parameterized Resource Group and deploy the Vaults/Secrets underneath that new resource group. It was my understanding that this is what I want, because in DevOps if I set the Deployment Scope to "Resource Group", it requires me to actually specify the resource group in the pipeline, which isn't what I'm looking for since I want to create a new Resource Group.

Any help or advice on getting past these errors would be hugely appreciated. In general I'm relatively new to ARM. It's my understanding that I should be able to output any data from the resource that shows up in it's "JSON View" in Azure, correct?

I'm primarily looking for 3 pieces of info:

Vault Name (This is easy, I can output the Vault Name parameter as a output, this does not give an error)
Secret Name (In this case: SECRET)
Secret URI (Attempted below)

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
34,867 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. kobulloc-MSFT 21,836 Reputation points Microsoft Employee
    2021-05-13T16:34:56.447+00:00

    Thank you for reaching out! Azure DevOps and its services are not supported in Microsoft Q&A because the Azure DevOps team and DevOps community are actively answering questions here:

    https://developercommunity.visualstudio.com/spaces/21/index.html