Key Vault Secret with soft delete wrong error message

Posted: June 8, 2022  |  Categories: Bicep Key Vault
Tags:

ERROR: {“status”:”Failed”,”error”:{“code”:”DeploymentFailed”,”message”:”At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.”,”details”:[{“code”:”Conflict”,”message”:”{\r\n \”status\”: \”Failed\”,\r\n \”error\”: {\r\n \”code\”: \”ResourceDeploymentFailure\”,\r\n \”message\”: \”The resource operation completed with terminal provisioning state ‘Failed’.\”,\r\n \”details\”: [\r\n {\r\n \”code\”: \”DeploymentFailed\”,\r\n \”message\”: \”At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.\”,\r\n \”details\”: [\r\n {\r\n \”code\”: \”Conflict\”,\r\n \”message\”: \”{\\r\\n \\\”error\\\”: {\\r\\n \\\”code\\\”: \\\”ConflictError\\\”,\\r\\n \\\”message\\\”: \\\”A conflict occurred that prevented the operation from completing. The operation failed because the Key Vault ‘xxx-kv-ae-dev’ changed from the point the operation began. This can happen if parallel operations are being performed on the Key Vault. To prevent this error, serialize the operations so that only one operation is performed on the Key Vault at a time. Follow this link for more information: https://go.microsoft.com/fwlink/?linkid=2147741\\\”\\r\\n }\\r\\n}\”\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}”}]}}

This is the error message that I got when trying to deploy a bicep template that among a few other things wanted to create a secret in key vault.

As you can see, the error message states that “The Key Vault changed from the point the operation began”. So I spent some time an a few pull requests trying to create a sequence in the bicep template to serialize my requests to key vault. It didn’t work!

After doing some research I found this issue in the bicep github project and it’s a known issue that apparently is not fixed yet: Adding secret to key vault fails “because the Key Vault changed from the point the operation began.” · Issue #4364 · Azure/bicep · GitHub

It means that if we delete a secret in a Key Vault with the soft-delete setting enabled, it fails when trying to re-create the secret with the same name. To be able to do so, we need to purge the secret before.

So, after doing the purge of the secret, my bicep finally worked.

Summary

This is one of those problems where the error message takes us on a completely different route of investigation from what the actual problem is. Hopefully Microsoft can fix these error messages problems faster, so less of us have to suffer finding what is the actual problem and have to write a post about it. 😉

Author: Alessandro Moura

Certified BizTalk, Mulesoft, TOGAF and Azure. Integration Specialist. Solutions Architect.

Leave a Reply

turbo360

Back to Top