Azure-cli: --keyvault-secret not working with app gateway root cert

Created on 23 Jun 2020 · 4Comments · Source: Azure/azure-cli

Describe the bug

Running az network application-gateway root-cert create with the parameter --keyvault-secret doesn't work, although, as per the documentation it should accept the parameter. Looking at the debug trace, I can also observe the possible reason:

msrest.serialization : keyvault_secret_id is not a known attribute of class <class 'azure.mgmt.network.v2020_04_01.models._models.ApplicationGatewayTrustedRootCertificate'> and will be ignored

Command Name
az network application-gateway root-cert create

Errors:

Either Data or KeyVaultSecretId must be specified for Certificate '/subscriptions/<redacted>/resourceGroups/<redacted>/providers/Microsoft.Network/applicationGateways/<redacted>/trustedRootCertificates/<redacted>' in Application Gateway.

To Reproduce:

Run the above command in an attempt to add a trusted root cert from a key vault.

Expected Behavior

The cert from the key vault is added as a trusted root CA.

Environment Summary

Windows-10-10.0.18362-SP0
Python 3.6.6
Installer: MSI

azure-cli 2.8.0

Extensions:
aks-preview 0.4.43

Additional Context

External Dependency Network

Source

pbloigu

👍1

Most helpful comment

I would check this issue today and let you know whether we can fix this in a short time or not. @ckittel

MyronFanQiu on 2 Jul 2020

👍2 ❤1

All 4 comments

add to S172

yonzhan on 23 Jun 2020

@yonzhan The Azure Architecture Center has taken a dependency on az network application-gateway root-cert create with pointing to a keyvault-secret for some of our upcoming guidance. We too are experiencing the same issue, and are needing to implement a workaround. What's the likelyhood that this will complete in this sprint? If the chance is low, we are going to have to implement an az rest workaround for this for our guidance.

cc: @ferantivero @doodlemania2