400客户端错误：使用嵌套的ARM模板对URL的错误请求

Question

我创建了一个模板文件keyvaultdeploy.json，下面是代码：

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "Project": {
      "type": "string",
      "metadata": {
        "description": "Project name"
      }
    },
    "Environment": {
      "type": "string",
      "metadata": {
        "description": "Project name"
      }
    },
    "location": {
      "type": "string",
      "metadata": {
        "description": "Location for all resources."
      }
    },
    "principalId": {
      "type": "string",
      "metadata": {
        "description": "PrincipalId is Object Id of MSi created. Check Azure Active Directory. Ref https://stackoverflow.com/questions/56440883/arm-template-looking-up-a-user-object-id."
      }
    }
  },
  "variables": {
    "tenantId": "[subscription().tenantId]",
    "keyVaultName": "[concat(toLower(parameters('Project')), parameters('Environment'), uniqueString(resourceGroup().id))]"
  },
  "resources": [
    {
      "type": "Microsoft.KeyVault/vaults",
      "apiVersion": "2016-10-01",
      "name": "[variables('keyVaultName')]",
      "location": "[parameters('location')]",
      "properties": {
        "sku": {
          "family": "A",
          "name": "Standard"
        },
        "tenantId": "[variables('tenantId')]",
        "accessPolicies": [
          {
            "tenantId": "[variables('tenantId')]",
            "objectId": "[parameters('principalId')]",
            "permissions": {
              "keys": [
                "Get",
                "List",
                "Update",
                "Create",
                "Import",
                "Delete",
                "Recover",
                "Backup",
                "Restore",
                "Decrypt",
                "Encrypt",
                "Sign",
                "Verify"
              ],
              "secrets": [
                "Get",
                "List",
                "Set",
                "Delete",
                "Recover",
                "Backup",
                "Restore"
              ],
              "certificates": [
                "get",
                "list",
                "update",
                "create",
                "import",
                "delete",
                "recover"
              ]
            }
          }
        ],
        "enableSoftDelete": true,
        "enabledForDeployment": true,
        "enabledForTemplateDeployment": true,
        "enabledForDiskEncryption": false
      }
    },
    {
      "type": "Microsoft.Authorization/roleAssignments",
      "name": "[guid(resourceGroup().id)]",
      "apiVersion": "2019-04-01-preview",
      "dependsOn": [
        "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]"
      ],
      "properties": {
        "roleDefinitionId": "[concat(resourceGroup().id, '/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395')]",
        "principalId": "[parameters('principalId')]",
        "scope": "[resourceGroup().Id]"
      }
    }
  ]
}

在命令行中，其工作正常：

az group deployment create --resource-group ans-devops --template-file .\keyvaultdeploy.json

现在，我创建了masterdeploy.json，以便具有嵌套的天蓝色资源链接模板，而我最初只是在其中尝试部署密钥库资源。下面是代码：

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {},
    "variables": {
      "templateBaseUrl": "[deployment().properties.templateLink.uri]",
      "keyVaultDeployTemplateUrl": "[uri(variables('templateBaseUrl'), '/resourcetemplates/staticresources/keyvaultdeploy.json')]",
      "cosmosdbDeployTemplateUrl": "[uri(variables('templateBaseUrl'), '/resourcetemplates/staticresources/cosmosdeploy.json')]",
      "dnszoneDeployTemplateUrl": "[uri(variables('templateBaseUrl'), '/resourcetemplates/staticresources/dnszonedeploy.json')]",
      "managedidentityDeployTemplateUrl": "[uri(variables('templateBaseUrl'), '/resourcetemplates/staticresources/managedidentitydeploy.json')]",
      "aurorapostgresDeployTemplateUrl": "[uri(variables('templateBaseUrl'), '/resourcetemplates/staticresources/aurorapostgresdeploy.json')]",
      "redisDeployTemplateUrl": "[uri(variables('templateBaseUrl'), 'resourcetemplates/staticresources/redisdeploy.json')]",
      "storageDeployTemplateUrl": "[uri(variables('templateBaseUrl'), 'resourcetemplates/staticresources/storagedeploy.json')]",
      "resourcegroupDeployTemplateUrl": "[uri(variables('templateBaseUrl'), 'resourcetemplates/staticresources/resourcegroupdeploy.json')]",
      "bhnsgDeployTemplateUrl": "[uri(variables('templateBaseUrl'), 'resourcetemplates/nsgresources/bhnsgdeploy.json')]",
      "dbnsgDeployTemplateUrl": "[uri(variables('templateBaseUrl'), 'resourcetemplates/nsgresources/dbnsgdeploy.json')]",
      "rdnsgDeployTemplateUrl": "[uri(variables('templateBaseUrl'), '/resourcetemplates/vnetresources/rdnsgdeploy.json')]",
      "apiVersionResourceDeployment": "[providers('Microsoft.Resources', 'deployments').apiVersions[0]]",
      "parameterFileUrl": "[uri(variables('templateBaseUrl'), 'devops.parameters.json')]"
    },
    "resources": [
      {
        "apiVersion": "[variables('apiVersionResourceDeployment')]",
        "name": "keyVaulteployment",
        "type": "Microsoft.Resources/deployments",
        "properties": {
          "mode": "Incremental",
          "templateLink": {
            "uri": "[variables('keyVaultDeployTemplateUrl')]"
          },
          "parameters": {
            "uri": {
              "value": "[variables('parameterFileUrl')]"
            }
          }
        }
      }
    ]
  }

从git提交后，我使用jenkins执行了此代码。所有詹金斯配置均正确。下面是命令：

az group deployment create --resource-group ans-devops --template-file .\masterazuredeploy.json

我遇到以下错误：

400 Client Error: Bad Request for url: https://management.azure.com/subscriptions/xxxxxx/resourcegroups/ans-devops/providers/Microsoft.Resources/deployments/masterazuredeploy?api-version=2018-05-01

我没有得到，我到底在哪里失踪。在本地也尝试过，遇到相同的错误。