Describe the bug
I’m attempting to deploy an Azure Container App using an ARM template that:
Assigns a User Assigned Managed Identity (UAMI) to the Container App.
Uses that UAMI to pull multiple PEM files from Key Vault.
Mounts those PEM files into the container via a volume.
My configuration.secrets section looks like this:
"configuration": {
"secrets": [
{
"name": "acr-token-password",
"value": "...static value..."
},
{
"name": "mytruststore-pem",
"valueFrom": {
"secretRef": {
"keyVaultId": "/subscriptions/.../vaults/mykv/secrets/mytruststore-pem",
"credentialId": "/subscriptions/.../userAssignedIdentities/myUami"
}
}
}
],
...
"volumeMounts": [
{ "volumeName": "certs-volume", "mountPath": "/app/certificates" }
]
}
],
"volumes": [
{
"name": "certs-volume",
"storageType": "Secret",
"secrets": [
{ "secretName": "mytruststore-pem", "path": "mytruststore.pem" }
]
}
],
...
}
Related command
az deployment group create --resource-group resource-group-test-bravo --template-file banking-replication-app-volume.json --debug
Errors
Invalid request body for container app. Path: $[1]. Does not conform to Container App schema
Issue script & Debug output
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.12/site-packages/azure/core/polling/base_polling.py", line XXX, in initialize
_raise_if_bad_http_status_and_method(self._initial_response.http_response)
File "/usr/lib64/az/lib/python3.12/site-packages/azure/core/polling/base_polling.py", line YYY, in _raise_if_bad_http_status_and_method
raise BadStatus("Invalid return status {!r} for {!r} operation".format(code, response.request.method))
azure.core.polling.base_polling.BadStatus: Invalid return status 400 for 'POST' operation
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.12/site-packages/azure/cli/command_modules/resource/custom.py", line AAA, in _deploy_arm_template_at_resource_group
validation_poller = mgmt_client.begin_validate(, , )
File "/usr/lib64/az/lib/python3.12/site-packages/azure/core/tracing/decorator.py", line BBB, in wrapper_use_tracer
return func(*args, **kwargs)
File "/usr/lib64/az/lib/python3.12/site-packages/azure/mgmt/resource/resources/v2024_11_01/operations/_operations.py", line CCC, in begin_validate
return LROPoller(...)
azure.core.exceptions.HttpResponseError: (InvalidTemplateDeployment) The template deployment '' is not valid according to the validation procedure. The tracking id is ''. See inner errors for details.
Code: InvalidTemplateDeployment
Message: The template deployment '' is not valid according to the validation procedure. The tracking id is ''. See inner errors for details.
Exception Details:
(ValidationForResourceFailed) Validation failed for a resource. Check 'Error.Details[0]' for more information.
Code: ValidationForResourceFailed
Message: Validation failed for a resource. Check 'Error.Details[0]' for more information.
Exception Details:
(ContainerAppInvalidSchema) Invalid request body for container app. Path: $[1]. Does not conform to Container App schema...
Code: ContainerAppInvalidSchema
Message: Invalid request body for container app. Path: $[1]. Does not conform to Container App schema...
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.12/site-packages/azure/cli/core/commands/init.py", line DDD, in _run_job
result = cmd_copy(params)
File "/usr/lib64/az/lib/python3.12/site-packages/azure/cli/core/commands/command_operation.py", line EEE, in handler
return op(**command_args)
File "/usr/lib64/az/lib/python3.12/site-packages/azure/cli/command_modules/resource/custom.py", line FFF, in deploy_arm_template_at_resource_group
return _deploy_arm_template_at_resource_group(cmd=cmd)
RuntimeError: The content for this response was already consumed
cli.azure.cli.core.azclierror: The content for this response was already consumed
Expected behavior
The ARM deployment should succeed, resulting in a Container App named my-service with:
All required environment variables (including database credentials and connection strings) loaded from Key Vault via the assigned User-Assigned Managed Identity.
A volume mount (certs-volume) inside the container at /app/certificates containing the PEM certificate file (mytruststore.pem) retrieved from Key Vault.
Environment Summary
ARM API Version: 2025-01-01
Azure CLI Version: 2.74.0
Attempted with both inline and parameterized valueFrom.secretRef
Additional context
No response
Describe the bug
I’m attempting to deploy an Azure Container App using an ARM template that:
Assigns a User Assigned Managed Identity (UAMI) to the Container App.
Uses that UAMI to pull multiple PEM files from Key Vault.
Mounts those PEM files into the container via a volume.
My configuration.secrets section looks like this:
"configuration": {
"secrets": [
{
"name": "acr-token-password",
"value": "...static value..."
},
{
"name": "mytruststore-pem",
"valueFrom": {
"secretRef": {
"keyVaultId": "/subscriptions/.../vaults/mykv/secrets/mytruststore-pem",
"credentialId": "/subscriptions/.../userAssignedIdentities/myUami"
}
}
}
],
...
"volumeMounts": [
{ "volumeName": "certs-volume", "mountPath": "/app/certificates" }
]
}
],
"volumes": [
{
"name": "certs-volume",
"storageType": "Secret",
"secrets": [
{ "secretName": "mytruststore-pem", "path": "mytruststore.pem" }
]
}
],
...
}
Related command
az deployment group create --resource-group resource-group-test-bravo --template-file banking-replication-app-volume.json --debug
Errors
Invalid request body for container app. Path: $[1]. Does not conform to Container App schema
Issue script & Debug output
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.12/site-packages/azure/core/polling/base_polling.py", line XXX, in initialize
_raise_if_bad_http_status_and_method(self._initial_response.http_response)
File "/usr/lib64/az/lib/python3.12/site-packages/azure/core/polling/base_polling.py", line YYY, in _raise_if_bad_http_status_and_method
raise BadStatus("Invalid return status {!r} for {!r} operation".format(code, response.request.method))
azure.core.polling.base_polling.BadStatus: Invalid return status 400 for 'POST' operation
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.12/site-packages/azure/cli/command_modules/resource/custom.py", line AAA, in _deploy_arm_template_at_resource_group
validation_poller = mgmt_client.begin_validate(, , )
File "/usr/lib64/az/lib/python3.12/site-packages/azure/core/tracing/decorator.py", line BBB, in wrapper_use_tracer
return func(*args, **kwargs)
File "/usr/lib64/az/lib/python3.12/site-packages/azure/mgmt/resource/resources/v2024_11_01/operations/_operations.py", line CCC, in begin_validate
return LROPoller(...)
azure.core.exceptions.HttpResponseError: (InvalidTemplateDeployment) The template deployment '' is not valid according to the validation procedure. The tracking id is ''. See inner errors for details.
Code: InvalidTemplateDeployment
Message: The template deployment '' is not valid according to the validation procedure. The tracking id is ''. See inner errors for details.
Exception Details:
(ValidationForResourceFailed) Validation failed for a resource. Check 'Error.Details[0]' for more information.
Code: ValidationForResourceFailed
Message: Validation failed for a resource. Check 'Error.Details[0]' for more information.
Exception Details:
(ContainerAppInvalidSchema) Invalid request body for container app. Path: $[1]. Does not conform to Container App schema...
Code: ContainerAppInvalidSchema
Message: Invalid request body for container app. Path: $[1]. Does not conform to Container App schema...
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.12/site-packages/azure/cli/core/commands/init.py", line DDD, in _run_job
result = cmd_copy(params)
File "/usr/lib64/az/lib/python3.12/site-packages/azure/cli/core/commands/command_operation.py", line EEE, in handler
return op(**command_args)
File "/usr/lib64/az/lib/python3.12/site-packages/azure/cli/command_modules/resource/custom.py", line FFF, in deploy_arm_template_at_resource_group
return _deploy_arm_template_at_resource_group(cmd=cmd)
RuntimeError: The content for this response was already consumed
cli.azure.cli.core.azclierror: The content for this response was already consumed
Expected behavior
The ARM deployment should succeed, resulting in a Container App named my-service with:
All required environment variables (including database credentials and connection strings) loaded from Key Vault via the assigned User-Assigned Managed Identity.
A volume mount (certs-volume) inside the container at /app/certificates containing the PEM certificate file (mytruststore.pem) retrieved from Key Vault.
Environment Summary
ARM API Version: 2025-01-01
Azure CLI Version: 2.74.0
Attempted with both inline and parameterized valueFrom.secretRef
Additional context
No response