Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't update Storage Account Key Vault because old one no longer exists #27644

Closed
matheus-fractal-river opened this issue Oct 19, 2023 · 2 comments
Closed

Can't update Storage Account Key Vault because old one no longer exists #27644

matheus-fractal-river opened this issue Oct 19, 2023 · 2 comments
Assignees
@evelyn-ys @calvinhzy
Labels
Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team bug This issue requires a change to an existing behavior in the product in order to be resolved. customer-reported Issues that are reported by GitHub users external to the Azure organization. KeyVault az keyvault question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Storage az storage

Comments

@matheus-fractal-river
Copy link

matheus-fractal-river commented Oct 19, 2023
edited
Loading

Describe the bug

I have some resources managed through Terraform. For this particular bug, I have one Azure Key Vault tied to an Azure Storage Account to create a Customer Managed Key. I deleted the old Azure Key Vault and created a new one with a different name. Still, now I'm locked when trying to update the Azure Storage Account because every time I try to run an update command, I receive a 404 error indicating that the old Key Vault couldn't be found - which is true; it was deleted, but I want to change it to a new one without having to recreate the Azure Storage Account.

Related command

keyVaultUri=$(az keyvault show \
    --name dw-staging-kvault \
    --resource-group staging-dw-group \
    --query properties.vaultUri \
    --output tsv)

keyVersion=$(az keyvault key list-versions \
    --name dw-staging-storage-key \
    --vault-name dw-staging-kvault \
    --query [-1].kid \
    --output tsv | cut -d '/' -f 6)

 az storage account update  --name medefydwstagingstorage  --resource-group staging-dw-group  --encryption-key-name dw-staging-storage-key  --encryption-key-version $keyVersion  --encryption-key-source Microsoft.Keyvault  --encryption-key-vault $keyVaultUri

Errors

(HttpResourceNotFound) The request url https://dw-staging-key-vault.vault.azure.net/keys/dw-staging-storage-key/c9f98f64e1b94b85bb645c04c609ae37?api-version=2016-10-01 is not found.
Code: HttpResourceNotFound
Message: The request url https://dw-staging-key-vault.vault.azure.net/keys/dw-staging-storage-key/c9f98f64e1b94b85bb645c04c609ae37?api-version=2016-10-01 is not found.

Issue script & Debug output

cli.knack.cli: Command arguments: ['storage', 'account', 'update', '--name', 'medefydwstagingstorage', '--resource-group', 'staging-dw-group', '--encryption-key-name', 'dw-staging-storage-key', '--encryption-key-version', '15b06029e7d442dc8b46688fe85d8635', '--encryption-key-source', 'Microsoft.Keyvault', '--encryption-key-vault', 'https://dw-staging-kvault.vault.azure.net/', '--debug']
cli.knack.cli: __init__ debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0xffff9d6d6dd0>, <function OutputProducer.on_global_arguments at 0xffff9d5f3760>, <function CLIQuery.on_global_arguments at 0xffff9d4149d0>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'storage': ['azure.cli.command_modules.storage']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name                  Load Time    Groups  Commands
cli.azure.cli.core: storage                   0.062        58       272
cli.azure.cli.core: Total (1)                 0.062        58       272
cli.azure.cli.core: Loaded 58 groups, 272 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command  : storage account update
cli.azure.cli.core: Command table: storage account update
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0xffff9c7fce50>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home/vscode/.azure/commands/2023-10-19.20-06-29.storage_account_update.57648.log'.
az_command_data_logger: command args: storage account update --name {} --resource-group {} --encryption-key-name {} --encryption-key-version {} --encryption-key-source {} --encryption-key-vault {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0xffff9c81db40>]
cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
  File "/usr/local/pipx/venvs/azure-cli/lib/python3.10/site-packages/azure/cli/core/profiles/_shared.py", line 655, in _get_attr
    op = getattr(op, part)
AttributeError: module 'azure.mgmt.storage.v2022_09_01.models' has no attribute 'ActiveDirectoryPropertiesAccountType'

cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
  File "/usr/local/pipx/venvs/azure-cli/lib/python3.10/site-packages/azure/cli/core/profiles/_shared.py", line 655, in _get_attr
    op = getattr(op, part)
AttributeError: module 'azure.mgmt.storage.v2022_09_01.models' has no attribute 'ListKeyExpand'

cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
  File "/usr/local/pipx/venvs/azure-cli/lib/python3.10/site-packages/azure/cli/core/profiles/_shared.py", line 655, in _get_attr
    op = getattr(op, part)
AttributeError: module 'azure.mgmt.storage.v2022_09_01.models' has no attribute 'CorsRuleAllowedMethodsItem'

cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0xffff9c84dd80>, <function register_cache_arguments.<locals>.add_cache_arguments at 0xffff9c84fd00>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0xffff9d5f37f0>, <function CLIQuery.handle_query_parameter at 0xffff9d414a60>, <function register_ids_argument.<locals>.parse_ids_arguments at 0xffff9c84fc70>]
cli.azure.cli.command_modules.storage._validators: The public access to all blobs or containers in the storage account will be disallowed by default in the future, which means default value for --allow-blob-public-access is still null but will be equivalent to false.
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=StorageManagementClient
cli.azure.cli.core.auth.persistence: build_persistence: location='/home/vscode/.azure/service_principal_entries.json', encrypt=False
cli.azure.cli.core.auth.persistence: build_persistence: location='/home/vscode/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /home/vscode/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/kerberos', 'tenant_region_scope': 'NA', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
msal.application: Region to be used: None
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_authentication: ServicePrincipalCredential.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
msal.telemetry: Generate or reuse correlation_id: a9336042-91f6-4a49-81a3-decf1f65819b
urllib3.connectionpool: Starting new HTTPS connection (1): login.microsoftonline.com:443
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/oauth2/v2.0/token HTTP/1.1" 200 1473
msal.token_cache: event={
    "client_id": "6a1efce6-542b-4cc9-8d6f-ae5ddf48f00c",
    "data": {
        "claims": "{\"access_token\": {\"xms_cc\": {\"values\": [\"CP1\"]}}}",
        "scope": [
            "https://management.core.windows.net//.default"
        ]
    },
    "environment": "login.microsoftonline.com",
    "grant_type": "client_credentials",
    "params": null,
    "response": {
        "access_token": "********",
        "expires_in": 3599,
        "ext_expires_in": 3599,
        "token_type": "Bearer"
    },
    "scope": [
        "https://management.core.windows.net//.default"
    ],
    "token_endpoint": "https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/oauth2/v2.0/token"
}
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/************/resourceGroups/staging-dw-group/providers/Microsoft.Storage/storageAccounts/medefydwstagingstorage?api-version=2022-09-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies:     'Accept': 'application/json'
cli.azure.cli.core.sdk.policies:     'x-ms-client-request-id': 'fda43622-6eba-11ee-a252-0242ac110002'
cli.azure.cli.core.sdk.policies:     'CommandName': 'storage account update'
cli.azure.cli.core.sdk.policies:     'ParameterSetName': '--name --resource-group --encryption-key-name --encryption-key-version --encryption-key-source --encryption-key-vault --debug'
cli.azure.cli.core.sdk.policies:     'User-Agent': 'AZURECLI/2.53.0 (PIP) azsdk-python-azure-mgmt-storage/21.0.0 Python/3.10.12 (Linux-6.4.16-linuxkit-aarch64-with-glibc2.35)'
cli.azure.cli.core.sdk.policies:     'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/**************/resourceGroups/staging-dw-group/providers/Microsoft.Storage/storageAccounts/medefydwstagingstorage?api-version=2022-09-01 HTTP/1.1" 200 None
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies:     'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies:     'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies:     'Transfer-Encoding': 'chunked'
cli.azure.cli.core.sdk.policies:     'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies:     'Content-Encoding': 'gzip'
cli.azure.cli.core.sdk.policies:     'Expires': '-1'
cli.azure.cli.core.sdk.policies:     'Vary': 'Accept-Encoding'
cli.azure.cli.core.sdk.policies:     'x-ms-request-id': 'a0e5467c-a124-4f51-b034-550563e12948'
cli.azure.cli.core.sdk.policies:     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies:     'Server': 'Microsoft-Azure-Storage-Resource-Provider/1.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0'
cli.azure.cli.core.sdk.policies:     'x-ms-ratelimit-remaining-subscription-reads': '11999'
cli.azure.cli.core.sdk.policies:     'x-ms-correlation-request-id': 'b1aea1d3-ec14-4c38-ab37-1a3ccbe78680'
cli.azure.cli.core.sdk.policies:     'x-ms-routing-request-id': 'BRAZILSOUTHEAST:20231019T200631Z:b1aea1d3-ec14-4c38-ab37-1a3ccbe78680'
cli.azure.cli.core.sdk.policies:     'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies:     'Date': 'Thu, 19 Oct 2023 20:06:30 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"identity":{"principalId":"**********","tenantId":"*********","type":"SystemAssigned"},"sku":{"name":"Standard_GRS","tier":"Standard"},"kind":"StorageV2","id":"/subscriptions/******/resourceGroups/staging-dw-group/providers/Microsoft.Storage/storageAccounts/medefydwstagingstorage","name":"medefydwstagingstorage","type":"Microsoft.Storage/storageAccounts","location":"centralus","tags":{"context":"data_intake","environment":"staging","project":"dw"},"properties":{"defaultToOAuthAuthentication":false,"publicNetworkAccess":"Enabled","keyCreationTime":{"key1":"2023-10-05T15:48:24.8972452Z","key2":"2023-10-05T15:48:24.8972452Z"},"allowCrossTenantReplication":true,"privateEndpointConnections":[],"isNfsV3Enabled":false,"isSftpEnabled":false,"minimumTlsVersion":"TLS1_2","allowBlobPublicAccess":true,"allowSharedKeyAccess":true,"isHnsEnabled":false,"networkAcls":{"bypass":"AzureServices","virtualNetworkRules":[],"ipRules":[],"defaultAction":"Allow"},"supportsHttpsTrafficOnly":true,"encryption":{"identity":{"userAssignedIdentity":""},"keyvaultproperties":{"currentVersionedKeyIdentifier":"https://dw-staging-key-vault.vault.azure.net/keys/dw-staging-storage-key/c9f98f64e1b94b85bb645c04c609ae37","lastKeyRotationTimestamp":"2023-10-05T15:48:59.8667170Z","currentVersionedKeyExpirationTimestamp":"2024-01-05T00:00:00.0000000Z","keyvaulturi":"https://dw-staging-key-vault.vault.azure.net/","keyname":"dw-staging-storage-key","keyversion":""},"services":{"file":{"keyType":"Account","enabled":true,"lastEnabledTime":"2023-10-05T15:48:24.9128696Z"},"blob":{"keyType":"Account","enabled":true,"lastEnabledTime":"2023-10-05T15:48:24.9128696Z"}},"keySource":"Microsoft.Keyvault"},"accessTier":"Hot","provisioningState":"Succeeded","creationTime":"2023-10-05T15:48:24.7878720Z","primaryEndpoints":{"dfs":"https://medefydwstagingstorage.dfs.core.windows.net/","web":"https://medefydwstagingstorage.z19.web.core.windows.net/","blob":"https://medefydwstagingstorage.blob.core.windows.net/","queue":"https://medefydwstagingstorage.queue.core.windows.net/","table":"https://medefydwstagingstorage.table.core.windows.net/","file":"https://medefydwstagingstorage.file.core.windows.net/"},"primaryLocation":"centralus","statusOfPrimary":"available","secondaryLocation":"eastus2","statusOfSecondary":"available"}}
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=StorageManagementClient
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/kerberos', 'tenant_region_scope': 'NA', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
msal.application: Region to be used: None
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=StorageManagementClient
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/2d3e0a78-0aeb-470f-87a4-cbb5b8b27360/kerberos', 'tenant_region_scope': 'NA', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
msal.application: Region to be used: None
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_authentication: ServicePrincipalCredential.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: c2129b3c-7ecb-4b45-977d-5720cf1f7db0
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/******/resourceGroups/staging-dw-group/providers/Microsoft.Storage/storageAccounts/medefydwstagingstorage?api-version=2022-09-01'
cli.azure.cli.core.sdk.policies: Request method: 'PATCH'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies:     'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies:     'Content-Length': '672'
cli.azure.cli.core.sdk.policies:     'Accept': 'application/json'
cli.azure.cli.core.sdk.policies:     'x-ms-client-request-id': 'fda43622-6eba-11ee-a252-0242ac110002'
cli.azure.cli.core.sdk.policies:     'CommandName': 'storage account update'
cli.azure.cli.core.sdk.policies:     'ParameterSetName': '--name --resource-group --encryption-key-name --encryption-key-version --encryption-key-source --encryption-key-vault --debug'
cli.azure.cli.core.sdk.policies:     'User-Agent': 'AZURECLI/2.53.0 (PIP) azsdk-python-azure-mgmt-storage/21.0.0 Python/3.10.12 (Linux-6.4.16-linuxkit-aarch64-with-glibc2.35)'
cli.azure.cli.core.sdk.policies:     'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: {"sku": {"name": "Standard_GRS"}, "tags": {"context": "data_intake", "environment": "staging", "project": "dw"}, "properties": {"encryption": {"services": {"blob": {"enabled": true, "keyType": "Account"}, "file": {"enabled": true, "keyType": "Account"}}, "keySource": "Microsoft.Keyvault", "keyvaultproperties": {"keyname": "dw-staging-storage-key", "keyversion": "15b06029e7d442dc8b46688fe85d8635", "keyvaulturi": "https://dw-staging-kvault.vault.azure.net/"}, "identity": {"userAssignedIdentity": ""}}, "accessTier": "Hot", "supportsHttpsTrafficOnly": true, "networkAcls": {"bypass": "AzureServices", "virtualNetworkRules": [], "ipRules": [], "defaultAction": "Allow"}}}
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "PATCH /subscriptions/*****/resourceGroups/staging-dw-group/providers/Microsoft.Storage/storageAccounts/medefydwstagingstorage?api-version=2022-09-01 HTTP/1.1" 404 212
cli.azure.cli.core.sdk.policies: Response status: 404
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies:     'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies:     'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies:     'Content-Length': '212'
cli.azure.cli.core.sdk.policies:     'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies:     'Expires': '-1'
cli.azure.cli.core.sdk.policies:     'x-ms-request-id': 'ac65646a-0eb8-4832-bf15-cce249c879be'
cli.azure.cli.core.sdk.policies:     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies:     'Server': 'Microsoft-Azure-Storage-Resource-Provider/1.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0'
cli.azure.cli.core.sdk.policies:     'x-ms-ratelimit-remaining-subscription-writes': '1199'
cli.azure.cli.core.sdk.policies:     'x-ms-correlation-request-id': '9d67133a-6b7c-490a-a486-668e10958730'
cli.azure.cli.core.sdk.policies:     'x-ms-routing-request-id': 'BRAZILSOUTHEAST:20231019T200634Z:9d67133a-6b7c-490a-a486-668e10958730'
cli.azure.cli.core.sdk.policies:     'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies:     'Date': 'Thu, 19 Oct 2023 20:06:33 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"error":{"code":"HttpResourceNotFound","message":"The request url https://dw-staging-key-vault.vault.azure.net/keys/dw-staging-storage-key/c9f98f64e1b94b85bb645c04c609ae37?api-version=2016-10-01 is not found."}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
  File "/usr/local/pipx/venvs/azure-cli/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/usr/local/pipx/venvs/azure-cli/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/usr/local/pipx/venvs/azure-cli/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/usr/local/pipx/venvs/azure-cli/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/usr/local/pipx/venvs/azure-cli/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 333, in __call__
    return self.handler(*args, **kwargs)
  File "/usr/local/pipx/venvs/azure-cli/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 240, in handler
    result = cached_put(self.cmd, setter, **setterargs)
  File "/usr/local/pipx/venvs/azure-cli/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 452, in cached_put
    return _put_operation()
  File "/usr/local/pipx/venvs/azure-cli/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 446, in _put_operation
    result = operation(**kwargs)
  File "/usr/local/pipx/venvs/azure-cli/lib/python3.10/site-packages/azure/core/tracing/decorator.py", line 78, in wrapper_use_tracer
    return func(*args, **kwargs)
  File "/usr/local/pipx/venvs/azure-cli/lib/python3.10/site-packages/azure/mgmt/storage/v2022_09_01/operations/_storage_accounts_operations.py", line 1237, in update
    map_error(status_code=response.status_code, response=response, error_map=error_map)
  File "/usr/local/pipx/venvs/azure-cli/lib/python3.10/site-packages/azure/core/exceptions.py", line 165, in map_error
    raise error
azure.core.exceptions.ResourceNotFoundError: (HttpResourceNotFound) The request url https://dw-staging-key-vault.vault.azure.net/keys/dw-staging-storage-key/c9f98f64e1b94b85bb645c04c609ae37?api-version=2016-10-01 is not found.
Code: HttpResourceNotFound
Message: The request url https://dw-staging-key-vault.vault.azure.net/keys/dw-staging-storage-key/c9f98f64e1b94b85bb645c04c609ae37?api-version=2016-10-01 is not found.

cli.azure.cli.core.azclierror: (HttpResourceNotFound) The request url https://dw-staging-key-vault.vault.azure.net/keys/dw-staging-storage-key/c9f98f64e1b94b85bb645c04c609ae37?api-version=2016-10-01 is not found.
Code: HttpResourceNotFound
Message: The request url https://dw-staging-key-vault.vault.azure.net/keys/dw-staging-storage-key/c9f98f64e1b94b85bb645c04c609ae37?api-version=2016-10-01 is not found.
az_command_data_logger: (HttpResourceNotFound) The request url https://dw-staging-key-vault.vault.azure.net/keys/dw-staging-storage-key/c9f98f64e1b94b85bb645c04c609ae37?api-version=2016-10-01 is not found.
Code: HttpResourceNotFound
Message: The request url https://dw-staging-key-vault.vault.azure.net/keys/dw-staging-storage-key/c9f98f64e1b94b85bb645c04c609ae37?api-version=2016-10-01 is not found.
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0xffff9c7fd090>]
az_command_data_logger: exit code: 3
cli.__main__: Command ran in 5.198 seconds (init: 0.322, invoke: 4.876)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3970 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/usr/local/pipx/venvs/azure-cli/bin/python /usr/local/pipx/venvs/azure-cli/lib/python3.10/site-packages/azure/cli/telemetry/__init__.py /home/vscode/.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.

Expected behavior

I would expect the Storage Account to be updated to reference the new Key Vault with its new key instead of the old one. I also don't know why the Storage Account would try to gather the old Key Vault in a request if the old one was deleted.

Environment Summary

azure-cli                         2.53.0

core                              2.53.0
telemetry                          1.1.0

Dependencies:
msal                            1.24.0b2
azure-mgmt-resource             23.1.0b2

Python location '/usr/local/pipx/venvs/azure-cli/bin/python'
Extensions directory '/home/vscode/.azure/cliextensions'

Python (Linux) 3.10.12 (main, Jun 11 2023, 05:26:28) [GCC 11.4.0]

Legal docs and information: aka.ms/AzureCliLegal


Your CLI is up-to-date.

Additional context

No response
@matheus-fractal-river matheus-fractal-river added the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Oct 19, 2023
@microsoft-github-policy-service microsoft-github-policy-service bot added customer-reported Issues that are reported by GitHub users external to the Azure organization. Storage az storage labels Oct 19, 2023
@microsoft-github-policy-service microsoft-github-policy-service bot added Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that KeyVault az keyvault labels Oct 19, 2023
@yonzhan
Copy link
Collaborator

yonzhan commented Oct 19, 2023

Thank you for opening this issue, we will look into it.

@calvinhzy
Copy link
Member

Hi @matheus-fractal-river
Does this update operation work in portal, if so, the key update might be required before the old key is deleted.

@yonzhan yonzhan closed this as completed Nov 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@evelyn-ys evelyn-ys

@calvinhzy calvinhzy

Labels
Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team bug This issue requires a change to an existing behavior in the product in order to be resolved. customer-reported Issues that are reported by GitHub users external to the Azure organization. KeyVault az keyvault question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Storage az storage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@evelyn-ys @calvinhzy @yonzhan @matheus-fractal-river