I am trying to generate a SAS token from an ARM template, to allow my template to subsequently access resources in a blob storage (including linked templates)
However, I get the following error:
{
"code": "InvalidValuesForRequestParameters",
"message": "Values for request parameters are invalid: signedPermission,signedExpiry,signedResourceTypes,signedServices."
}
My template had this variable and line to generate the SAS token:
"variables": {
"vaultName": "[concat('hpc',uniqueString(resourceGroup().id, parameters('keyVaultName')))]",
"accountSasProperties": {
"type": "object",
"defaultValue": {
"signedServices": "fb",
"signedPermission": "rwdlacup",
"signedExpiry": "2021-11-30T00:00:00Z",
"signedResourceTypes": "co"
}
}
},
(...)
{
"apiVersion": "2018-02-14",
"type": "Microsoft.KeyVault/vaults/secrets",
"dependsOn": [
"[concat('Microsoft.KeyVault/vaults/', variables('vaultName'))]"
],
"name": "[concat(variables('vaultName'), '/', 'StorageSaSToken')]",
"properties": {
"value": "[listAccountSas(resourceId(parameters('StorageAccountRg'),'Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2018-07-01', variables('accountSasProperties')).accountSasToken]"
}
}
the idea is to generate a SAS token and put it in a vault (I create it in the same template).
As a side note, the storage account for which I generate a SAS token is in another resource group
I tried several variation of the parameters, but could not find what's wrong, and the error is not really helping