ERROR: {“status”:”Failed”,”error”:{“code”:”DeploymentFailed”,”message”:”At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.”,”details”:[{“code”:”Conflict”,”message”:”{\r\n \”status\”: \”Failed\”,\r\n \”error\”: {\r\n \”code\”: \”ResourceDeploymentFailure\”,\r\n \”message\”: \”The resource operation completed with terminal provisioning state ‘Failed’.\”,\r\n \”details\”: [\r\n {\r\n \”code\”: \”DeploymentFailed\”,\r\n \”message\”: \”At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.\”,\r\n \”details\”: [\r\n {\r\n \”code\”: \”Conflict\”,\r\n \”message\”: \”{\\r\\n \\\”error\\\”: {\\r\\n \\\”code\\\”: \\\”ConflictError\\\”,\\r\\n \\\”message\\\”: \\\”A conflict occurred that prevented the operation from completing. The operation failed because the Key Vault ‘xxx-kv-ae-dev’ changed from the point the operation began. This can happen if parallel operations are being performed on the Key Vault. To prevent this error, serialize the operations so that only one operation is performed on the Key Vault at a time. Follow this link for more information: https://go.microsoft.com/fwlink/?linkid=2147741\\\”\\r\\n }\\r\\n}\”\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}”}]}}
This is the error message that I got when trying to deploy a bicep template that among a few other things wanted to create a secret in key vault.
As you can see, the error message states that “The Key Vault changed from the point the operation began”. So I spent some time an a few pull requests trying to create a sequence in the bicep template to serialize my requests to key vault. It didn’t work!
After doing some research I found this issue in the bicep github project and it’s a known issue that apparently is not fixed yet: Adding secret to key vault fails “because the Key Vault changed from the point the operation began.” · Issue #4364 · Azure/bicep · GitHub
It means that if we delete a secret in a Key Vault with the soft-delete setting enabled, it fails when trying to re-create the secret with the same name. To be able to do so, we need to purge the secret before.
|
1 2 3 |
az keyvault secret delete --name secret-04 --vault-name KeyVault128463 az keyvault secret purge --name secret-04 --vault-name KeyVault128463 az keyvault secret set --name SECRET-04 --vault-name KeyVault128463 --value 'test' |
So, after doing the purge of the secret, my bicep finally worked.
Summary
This is one of those problems where the error message takes us on a completely different route of investigation from what the actual problem is. Hopefully Microsoft can fix these error messages problems faster, so less of us have to suffer finding what is the actual problem and have to write a post about it. 😉
