New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to import certificate with lifetime actions with AZ cli version 2.51 #27220
Comments
Thank you for opening this issue, we will look into it. |
Thanks for reporting. We will fix this issue in next version. For now, pls manually add
|
@evelyn-ys I spent couple of hours yesterday troubleshooting the issue. The 400 (BadRequest) error when missing content-type is not a PSH but a Service thing. You may see that, no content type returns: On the other hand, when content type is specified, it succeeds. So, it seems that content type is required/enforced by the service so:
What we do not understand is that yesterday, when we found out about the content type, we tried the following command:
With the following policy.json content (which looks pretty similar to what you suggested except for the x-pem-file):
Even with the above, they kept receiving the error. What's was wrong? Final question is:
|
@FabianGonzalez-MSFT For some historical reason CLI allows optional content type in the past and we don't want to bring breaking change so we just keep such behavior. But even me don't know why we allow in the past since I'm the fifth keyvault owner and it has been so long😂 And your policy looks good in general but have one problem, you should use |
@evelyn-ys weird 'cause API spec shows secret_props: https://learn.microsoft.com/en-us/rest/api/keyvault/certificates/import-certificate/import-certificate?tabs=HTTP#certificatepolicy. Does CLI work different? I also noticed you used "lifetimeActions" instead of "lifetime_actions" and "daysBeforeExpiry" instead of "days_before_expiry". Where can I find a reference for policy's properties on CLI? |
…policy issue when no content_type provided (#27225)
CLI can accept both snack case and camel case. You can run |
Describe the bug
Trying to upload a certificate into the KV using the AZ CLI. The format of the command is:
az keyvault certificate import --vault-name $KEY_VAULT_NAME --file testfile.pem --policy @policy.json --name certname
The contents of the policy file is
{
'lifetimeActions': [
{'action':{'actionType':'EmailContacts'},'trigger':{'daysBeforeExpiry': 5}}
]
}
The command works fine with CLI version 2.45, 2.47. On latest Az version 2.51, getting following error:
(BadParameter) Property policy has invalid value
Code: BadParameter
Message: Property policy has invalid value
Related command
az keyvault certificate import
Errors
(BadParameter) Property policy has invalid value
Code: BadParameter
Message: Property policy has invalid value
Issue script & Debug output
urllib3.connectionpool: https://contosokv.vault.azure.net:443 "POST /certificates/contosocert/import?api-version=7.4 HTTP/1.1" 400 83
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/keyvault/_command_type.py", line 112, in keyvault_command_handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/core/tracing/decorator.py", line 78, in wrapper_use_tracer
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/keyvault/certificates/_client.py", line 401, in import_certificate
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/keyvault/certificates/_generated/_operations_mixin.py", line 1947, in import_certificate
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/core/tracing/decorator.py", line 78, in wrapper_use_tracer
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/keyvault/certificates/_generated/v7_4/operations/_key_vault_client_operations.py", line 1947, in import_certificate
azure.core.exceptions.HttpResponseError: (BadParameter) Property policy has invalid value
Code: BadParameter
Message: Property policy has invalid value
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 663, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 697, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 333, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/keyvault/_command_type.py", line 138, in keyvault_command_handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/keyvault/_command_type.py", line 51, in keyvault_exception_handler
knack.util.CLIError: (BadParameter) Property policy has invalid value
Code: BadParameter
Message: Property policy has invalid value
cli.azure.cli.core.azclierror: (BadParameter) Property policy has invalid value
Code: BadParameter
Message: Property policy has invalid value
az_command_data_logger: (BadParameter) Property policy has invalid value
Code: BadParameter
Message: Property policy has invalid value
Expected behavior
Successful certificate import based on previous behavior with older Az CLI versions
Environment Summary
az --version
azure-cli 2.51.0
core 2.51.0
telemetry 1.1.0
Dependencies:
msal 1.24.0b1
azure-mgmt-resource 23.1.0b2
Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\prabh.azure\cliextensions'
Python (Windows) 3.10.10 (tags/v3.10.10:aad5f6a, Feb 7 2023, 17:20:36) [MSC v.1929 64 bit (AMD64)]
Additional context
No response
The text was updated successfully, but these errors were encountered: