azure-cli: Azure Key Vault creation fails when enable soft delete is set to false
Describe the bug
Azure Key Vault creation using az keyvault gives an error when soft delete is disabled and does not create the key vault.
To Reproduce
Running the following command
az keyvault create --resource-group myrg --name mykv \
--location westeurope --sku standard --enable-soft-delete false
returns
The property "enableSoftDelete" must be set to true.
Expected Behavior
Should create the key vault with soft delete disabled.
Environment summary
OS Name: Microsoft Windows 10 Pro OS Version: 10.0.17763 N/A Build 17763
az --version
azure-cli 2.5.0
command-modules-nspkg 2.0.3
core 2.5.0
nspkg 3.0.4
telemetry 1.0.4
Same error also in Cloud Shell environment.
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.6 LTS
Release: 16.04
Codename: xenial
$ az --version
azure-cli 2.4.0 *
command-modules-nspkg 2.0.3
core 2.4.0 *
nspkg 3.0.4
telemetry 1.0.4
Extensions:
application-insights 0.1.6
resource-graph 1.0.0
azure-devops 0.18.0
Additional Context
The reason seems to be the property softDeleteRetentionInDays in the JSON payload the az keyvault command sends to the REST API.
{
"location": "westeurope",
"properties": {
"tenantId": "<removed>",
"sku": {
"family": "A",
"name": "standard"
},
"accessPolicies": [],
"enableSoftDelete": false,
"softDeleteRetentionInDays": 90
// rest of the properties removed
}
}
Everything seems to work correctly if the key vault creation is invoked directly using the az rest command and without the property softDeleteRetentionInDays in the JSON payload.
{
"location": "westeurope",
"properties": {
"tenantId": "<removed>",
"sku": {
"family": "A",
"name": "standard"
},
"accessPolicies": [],
"enableSoftDelete": false,
"enableRbacAuthorization": false
}
}
az rest \
--method PUT \
--uri "https://management.azure.com/subscriptions/<removed>/resourceGroups/my-resource-group/providers/Microsoft.KeyVault/vaults/my-keyvault?api-version=2019-09-01"
--header Content-Type=application/json \
--body <the json playload above>
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 11
- Comments: 28 (2 by maintainers)
It should work now. I just tested in this region.
@bim-msft How to workaround this issue? I am working with
westeuropemainly. Change region for current my deployment is not an option for me.@gregorybleiker You can create a key vault if you include
--enable-soft-delete true. That gives the same result as omitting that parameter used to do.i am getting the same error but without setting the flag (so the default
trueshould be used):it fails to create. this was working as of yesterday afternoon but from last night to today is failing.
Same here. KeyVault creation without this option is also not possible.
Some regions are broken:
@kooditoni This is due to a service side error, all CLI versions/platforms are affected, they are fixing this. No big change on CLI side around soft-delete parameter recently.
@einko exactly… soft delete is a very intrusive feature (and certainly not wished for in my scenario), that’s why I want to create a keyvault without soft delete (which I can’t via cli atm).
but it is not working for
--enable-soft-delete falseso it is not a solution / workaround.I’ve gone back through all the versions of the
az clirelease. Theaz keyvault createcommand works correctly under theazure-cli:2.2.0image, but fails underazure-cli:2.3.0and later.have the same problem
$ az --version azure-cli 2.3.1 *
command-modules-nspkg 2.0.3 core 2.3.1 * nspkg 3.0.4 telemetry 1.0.4
Extensions: azure-firewall 0.3.0 aks-preview 0.4.42 azure-devops 0.12.0