1

I'm trying to work with the AZ CLI.

I need to create a certificate, and I'm having trouble with the JSON that needs to be passed into the Policy parameter. (I've been wrestling with string escapes and now an "unterminated string" that starts about halfway through the JSON)

The az keyvault certificate create documentation has the following explanation for the --policy/-p parameter:

JSON encoded policy definition. Use @{file} to load from a file(e.g. @my_policy.json).

I thought I would save my policy to a file (named .\policy.json) and use it with the following syntax:

az keyvault certificate create  --vault-name $kvDest `
                                -p @policy.json `
                                -n $cert.name;

However when I do this, I get an error that I can't use the splat operator like that.

The splatting operator '@' cannot be used to reference variables in an expression. '@policy' can be used only as an argument to a command. To reference variables in an expression use '$policy'.

Why can't I use @ to load the file like the documentation tells me that I can?

I'm using Powershell 5.1 on Window 10.

The documentation I'm referencing is here: https://learn.microsoft.com/en-us/cli/azure/keyvault/certificate?view=azure-cli-latest#az_keyvault_certificate_create

I've also found a blog post from 2018 where a guy demonstrates exactly what I'm trying to do and his syntax looks identical to mine here: https://techblog.hobor.hu/2018/08/26/self-signed-certificate-with-sans-using-azure-cli-keyvault/

I'm not sure if changing my PowerShell version is an option, so if the cause is that the syntax I'm trying to use is not available in Powershell 5.1, can you please help me find a fix for my unterminated string problem?

mklement0
  • 382,024
  • 64
  • 607
  • 775
Catachan
  • 190
  • 2
  • 12
  • Move `-p @policy.json` to the end of the argument list, then add `--%` just before it to prevent PowerShell from parsing it – Mathias R. Jessen Feb 03 '21 at 19:35
  • 1
    `@var` is PowerShell syntax to expand arguments stored in array or hashtable. Quoting should also work: `-p '@policy.json'` – zett42 Feb 03 '21 at 19:35
  • In short: Unlike in other common shells, `@` is a _metacharacter_ in PowerShell (a character with special syntactic meaning). To use it _verbatim_, use it inside of a _quoted string_ or individually escape it as `\`@` - see [this answer](https://stackoverflow.com/a/60852270/45375) to the linked duplicate for more information. – mklement0 Feb 03 '21 at 20:20
  • 1
    So, the @ symbol in this command is intended to be processed by the az cli, and NOT by PowerShell, which means that it needs to be escaped! That makes everything make sense now! Thank you! (I would have liked to add this as an answer to the question, but since it was closed with a link to a broadly similar question I can't. I hope anyone confused by the az cli docs finds this comment!) – Catachan Feb 03 '21 at 20:38
  • Thanks for adding that clarifying comment, @Catachan. I'm thinking the combination of the comments here and the linked duplicate will be enough to help future readers. The fundamental problem is the same, and there can be infinite variations of it. Most documentation isn't written with PowerShell in mind, which causes problems with characters that other shells leave alone. It is unfortunate, but the unavoidable price to pay for PowerShell's superior capabilities. Let's hope that, over time, various CLI documentation will cover PowerShell too, especially now that it is cross-platform. – mklement0 Feb 03 '21 at 21:10

0 Answers0