Bug: Application gateway CRD is not having option to use Azure keyvault certificate option
SundarMunichamy opened this issue · 2 comments
ASO V2 2.7.0
issue details : Application gateway CRD is not having option to use Azure keyvault certificate option
Because of this we are not able to attach the certificate from azure keyvault to the application gateway
sslCertificates:
description: >-
SslCertificates: SSL certificates of the application gateway
resource. For default limits, see [Application Gateway
limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits).
type: array
items:
description: SSL certificates of an application gateway.
type: object
properties:
data:
description: >-
Data: Base-64 encoded pfx certificate. Only applicable
in PUT Request.
type: object
required:
- key
- name
properties:
key:
description: >-
Key is the key in the Kubernetes secret being
referenced
type: string
name:
description: >-
Name is the name of the Kubernetes secret being
referenced.
The secret must be in the same namespace as the
resource
type: string
keyVaultSecretId:
description: >-
KeyVaultSecretId: Secret Id of (base-64 encoded
unencrypted pfx) 'Secret' or 'Certificate' object
stored in KeyVault.
type: string
name:
description: >-
Name: Name of the SSL certificate that is unique
within an Application Gateway.
type: string
password:
description: >-
Password: Password for the pfx file specified in data.
Only applicable in PUT request.
type: object
required:
- key
- name
properties:
key:
description: >-
Key is the key in the Kubernetes secret being
referenced
type: string
name:
description: >-
Name is the name of the Kubernetes secret being
referenced.
The secret must be in the same namespace as the
resource
type: string
**Error :**
Warning CreateOrUpdateActionError 25m (x2 over 27m) ApplicationGatewayController Reason: SecretIdSpecifiedIsInvalid, Severity: Error, RetryClassification: RetrySlow, Cause: SecretId 'https://kv-poc-gw.vauified in '/subscriptions/f24d891b-9c08-4e48-a5e3-1686587a3ad2/resourceGroups/aso-sample-rg/providers/Microsoft.Network/applicationGateways/aso-sample-application-gateway/sslCertificates/pfxcrt' is invalid. Reasvalid Key Vault URI should be in the following format: https://{keyvaultname}.{keyvaultdomain}/secrets/{secretname}. A secret version may optionally be appended as well.: PUT https://management.azure.com/subscrrg/providers/Microsoft.Network/applicationGateways/aso-sample-application-gateway
I think the URL you supplied just isn't properly formatted?
The error is:
'https://kv-poc-gw.vauified in '/subscriptions/f24d891b-9c08-4e48-a5e3-1686587a3ad2/resourceGroups/aso-sample-rg/providers/Microsoft.Network/applicationGateways/aso-sample-application-gateway/sslCertificates/pfxcrt' is invalid. Reasvalid Key Vault URI should be in the following format: https://{keyvaultname}.{keyvaultdomain}/secrets/{secretname}.
The URL you must supply is of this format:
https://{keyvaultname}.{keyvaultdomain}/secrets/{secretname}
Closing this because there was no response. Please reply or reopen here if you have further questions.