Develop Reference

Arm Template - Why am I getting an error saying resource is not defined in template?

I have a parent arm template that uses various linked component templates. The webApp I am creating requires a dependency on a service plan but after adding a dependency like the one in the dependencies section of the documentation I keep getting an error: 'The resource 'Microsoft.Resources/deployments/NovaArmTestDev' is not defined in the template.
The parent template: (top two deployments are the ones causing issue)
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourcegroupName": {
"type": "string",
"metadata": {
"description": "The name given to the group and all resources it contains by default"
}
},
"templateFolderUri": {
"type": "string",
"metadata": {
"description": "The URI of the template component folder"
}
}
},
"functions": [],
"variables": {},
"resources": [
{
"name": "[parameters('resourceGroupName')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('resourcegroupName')]",
"apiVersion": "2021-04-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/servicePlanCreator.json')]",
"contentVersion": "1.0.0.0"
}
}
},
{
"name": "[concat(parameters('resourceGroupName'), 'App')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('resourcegroupName')]",
"apiVersion": "2021-04-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/dualSlotWebApp.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', parameters('resourceGroupName'))]"
]
},
{
"name": "[concat(parameters('resourceGroupName'), 'Storage')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('resourcegroupName')]",
"apiVersion": "2021-04-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/storageAccountTemplate.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {}
}
},
{
"name": "[concat(parameters('resourceGroupName'), 'Vault')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('resourcegroupName')]",
"apiVersion": "2021-04-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/keyVaultCreator.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {}
}
}
],
"outputs": {}
}
servicePlanCreator:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"servicePlanName": {
"defaultValue": "[resourceGroup().name]",
"type": "string",
"metadata": {
"description": "The name of the newly created resource"
}
},
"operatingSystem": {
"type": "string",
"defaultValue": "windows",
"metadata": {
"description": "The Operating system the the newly created resource will use"
}
},
"sku": {
"type": "string",
"defaultValue": "S1",
"metadata": {
"description": "The sku (pricing tier) the resource group the service plan will use"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().Location]",
"metadata": {
"description": "(Optional) The location og the resource. Will default to the location of the resource group if not set."
}
}
},
"functions": [],
"variables": {},
"resources": [
{
"name": "[parameters('servicePlanName')]",
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2020-12-01",
"location": "[parameters('location')]",
"kind": "[parameters('operatingSystem')]",
"sku": {
"name": "[parameters('sku')]"
},
"tags": {},
"properties": {
"name": "[parameters('servicePlanName')]"
}
}
],
"outputs": {}
}
dualSlotWebApp template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"webAppName": {
"type": "string",
"defaultValue": "[concat(resourceGroup().name)]",
"metadata": {
"description": "(Optional) Web App name. Defaults to '<ResourceGroupName>Plane' if not supplied"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "(Optional) Web App name. Defaults to Resource group location if not supplied"
}
},
"appServicePlan": {
"type": "string",
"defaultValue": "[resourceGroup().name]",
"metadata": {
"description": "name of the Service plan the app will be assigned to"
}
}
},
"functions": [],
"variables": {},
"resources": [
{
"name": "[parameters('webAppName')]",
"type": "Microsoft.Web/sites",
"apiVersion": "2020-12-01",
"location": "[parameters('location')]",
"properties": {
"name": "[parameters('webAppName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('appServicePlan'))]"
},
"resources": [
{
"name": "[concat(parameters('webAppName'), '/Slot1')]",
"type": "Microsoft.Web/sites/slots",
"apiVersion": "2021-03-01",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('webAppName'))]"
],
"tags": {
"displayName": "Web Deploy for webApp1"
},
"properties": {
"packageUri": "[concat('artifactsLocation', '/WebPackages/webApp1.zip', 'artifactsLocationSasToken')]",
"dbType": "None",
"connectionString": "",
"setParameters": {
"IIS Web Application Name": "webApp1"
}
}
}
]
}
],
"outputs": {}
}

Referencing the templates from your earlier question, it appeared that the dependsOn was not configured correctly.
Originally, it was setup incorrectly with:
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]"
I updated in two places to use the same deployment name:
"[concat(parameters('resourceGroupName'), 'ServicePlan')]"
The two sections look like:
"resources": [
...
{
"name": "[concat(parameters('resourceGroupName'), 'ServicePlan')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('resourcegroupName')]",
"apiVersion": "2021-04-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/servicePlanCreator.json')]",
"contentVersion": "1.0.0.0"
}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]"
]
},
...
{
"name": "[concat(parameters('resourceGroupName'), 'App')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('resourcegroupName')]",
"apiVersion": "2021-04-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/dualSlotWebApp.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {}
},
"dependsOn": [
"[concat(parameters('resourceGroupName'), 'ServicePlan')]"
]
}
],
Setting the dependency as I have ensures that the service plan completes deployment before the app begins deployment.

Reference listKeys() in nested templates

I am creating an ARM template that deploys a lot of resources in different resource groups. Actually, the resource groups themselves are part of the deployment. In a simple version, I create only two resource groups (masterRG and dependentRG), and then create two nested (inline) deployments. The first inline deployment puts a storage account (testsadj1604) in masterRG. This deployment is dependent on masterRG.
The second deployment creates a keyvault and tries to store a connectionstring from testsadj1604 in that vault.
In my real case, I have more resourceGroups and I actually try deploy a Function App that has the connectionstring as 'appsetting'. The methodology is the same though.
The error I get is the following:
Deployment failed. Correlation ID: 9c359e8e-8657-4756-a5a3-f9c5698fbb46. {
"error": {
"code": "ResourceNotFound",
"message": "The Resource 'Microsoft.Storage/storageAccounts/testsadj1604' under resource group '<null>' was not found."
}
}
This is my code:
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"name": "masterRG",
"location": "West Europe",
"properties": {}
},
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"name": "dependentRG",
"location": "West Europe",
"properties": {}
},
{
"name": "masterRgDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"resourceGroup": "masterRG",
"dependsOn": [
"masterRG"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2019-06-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "testsadj1604",
"location": "West Europe",
"sku": {
"name": "Standard_GRS"
},
"kind": "StorageV2",
"properties": {
"supportsHttpsTrafficOnly": true
}
}
]
}
}
},
{
"name": "dependentRgDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"resourceGroup": "dependentRG",
"dependsOn": [
"dependentRG",
"masterRgDeployment"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"name": "kvaNameTest1604",
"apiVersion": "2015-06-01",
"location": "West Europe",
"properties": {
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": true,
"tenantId": "[subscription().tenantId]",
"accessPolicies": [
{
"objectId": "fc05639d-70eb-4175-a89b-eab7f883c691",
"tenantId": "[subscription().tenantId]",
"permissions": {
"keys": [
"get",
"list",
"update"
],
"secrets": [
"get",
"list",
"update"
]
}
}
],
"sku": {
"name": "Standard",
"family": "A"
},
"networkAcls": {
"defaultAction": "Allow",
"bypass": "AzureServices"
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "kvaNameTest1604/saConnectionString",
"apiVersion": "2018-02-14",
"location": "West Europe",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', 'kvaNameTest1604')]"
],
"properties": {
"value": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', 'testsadj1604'), '2019-06-01').keys[0].value]"
}
}
]
}
}
}
]
}
I am pretty sure the error comes from the listKeys() at the bottom, going on my daylong trial-and-error (and Google frenzy) in my real template. Using listKeys() and nested deployments is a drag, but I really don't see why it shouldn't work. I made sure there is a dependsOn in the second deployment.
This is wrecking my brain, is there any way I can use nested (inline) templates and reference the storage account keys that are in a different resourcegroup (but part of the overall deployment)? I also tried to create an output in the first deployment and reference that in the second but that had no effect. I am at a total loss, any help is welcome!

There are a few things you need to do for this to work in a single template:
on your keyvault secret deployment set this property:
"expressionEvaluationOptions": {
"scope": "inner"
},
That will delay evaluation of the expression until that deployment begins.
when you set #1, you need to define parameters for the values you need (you can no longer use "global" params/vars), you could hardcode all the strings like in your example, but I'm guessing that's not what you do in the "real" deployment. Define the params and pass the values into that deployment.
your listKeys() call needs to include the full resourceId of the storageAccount, since it is in a separate/distinct deployment - so you need to provide the resourceGroup name param - if you cross subscriptions in the deployment (your sample didn't) you need to provide the subscriptionId param.
Below is a working example...
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string",
"defaultValue": "[concat('scratch', uniqueString(newGuid()))]"
}
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"name": "masterRG",
"location": "West Europe",
"properties": {
}
},
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"name": "dependentRG",
"location": "West Europe",
"properties": {
}
},
{
"name": "masterRgDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"resourceGroup": "masterRG",
"dependsOn": [
"masterRG"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2019-06-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"location": "West Europe",
"sku": {
"name": "Standard_GRS"
},
"kind": "StorageV2",
"properties": {
"supportsHttpsTrafficOnly": true
}
}
]
}
}
},
{
"name": "dependentRgDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"resourceGroup": "dependentRG",
"dependsOn": [
"dependentRG",
"masterRgDeployment"
],
"properties": {
"mode": "Incremental",
"expressionEvaluationOptions": {
"scope": "inner"
},
"parameters":{
"storageAccountName": {
"value": "[parameters('storageAccountName')]"
},
"storageAccountResourceGroupName": {
"value": "masterRG"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string"
},
"storageAccountResourceGroupName": {
"type": "string"
}
},
"variables": {
"vaultName": "[concat('kv-', parameters('storageAccountName'))]"
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"name": "[variables('vaultName')]",
"apiVersion": "2019-09-01",
"location": "West Europe",
"properties": {
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": true,
"tenantId": "[subscription().tenantId]",
"accessPolicies": [ ],
"sku": {
"name": "Standard",
"family": "A"
},
"networkAcls": {
"defaultAction": "Allow",
"bypass": "AzureServices"
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('vaultName'), '/saConnectionString')]",
"apiVersion": "2019-09-01",
"location": "West Europe",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', variables('vaultName'))]"
],
"properties": {
"value": "[listKeys(resourceId(parameters('storageAccountResourceGroupName'),'Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2019-06-01').keys[0].value]"
}
}
]
}
}
}
]
}

Creation of Microsoft.Network/networkInterfaces resource fails with Bad request in nested arm template

I am trying to deploy to a nested template, in which I am creating a virtual network with two subnets and a network interface card. Though the virtual network is created successfully but the network interface card creation fails and deployment errors out with following message.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"rgPrefix": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {
"rgName": "[parameters('rgPrefix')]",
"VNet": "[concat(variables('rgName'), '-Vnet')]",
"vmName": "[concat(variables('rgName'), 'Vm1')]",
"networkInterfaceName": "[concat(variables('vmName'), 'nic1')]"
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"location": "[parameters('location')]",
"name": "[variables('rgName')]",
"properties": {
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"name": "vmDeployment",
"resourceGroup": "[variables('rgName')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', variables('rgName'))]"
],
"properties": {
"expressionEvaluationOptions": {
"scope": "outer"
},
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('VNet')]",
"apiVersion": "2019-11-01",
"location": "[parameters('location')]",
"tags": {
"displayName": "[variables('VNet')]"
},
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.0.0.0/16"
]
},
"subnets": [
{
"name": "subnet-1",
"properties": {
"addressPrefix": "10.0.0.0/24"
}
},
{
"name": "subnet-2",
"properties": {
"addressPrefix": "10.0.1.0/24"
}
}
]
},
"resources": [
{
"type": "subnets",
"apiVersion": "2019-11-01",
"name": "subnet-1",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', variables('VNet'))]"
],
"properties": {
"addressPrefix": "10.0.0.0/24",
"delegations": [
],
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
}
},
{
"type": "subnets",
"apiVersion": "2019-11-01",
"name": "subnet-2",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', variables('VNet'))]"
],
"properties": {
"addressPrefix": "10.0.1.0/24",
"delegations": [
],
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
}
}
]
},
{
"name": "[variables('networkInterfaceName')]",
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2019-07-01",
"location": "[parameters('location')]",
"dependsOn": [
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIpAddressVersion": "IPv4",
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('VNet'), 'subnet-1')]"
}
}
}
]
}
}
],
"outputs": {
}
}
}
}
],
"outputs": {
}
}
When I run the deployment, I get the following error
Resource Microsoft.Network/networkInterfaces 'vssRGVm1nic1' failed with message '{ "error": { "code": "InvalidRequestFormat",
| "message": "Cannot parse the request.

the error comes from the usage of resourceId() function. It behaves differently on the subscription level deployment. You should replace it with concat functions:
"[concat(subscription().id, '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/virtualNetworks/', variables('VNet'), '/subnets/subnet-1')]"
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-functions-resource#return-value-5

Conditionally deploy a route table with subnet using ARM template

I am trying to conditionally deploy a route template when deploying a subnet resource using an ARM template, however, I am not able to do so using the if condition. Would anyone know the correct syntax or what am I doing wrong?
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"routeTableConfigurationObject": {
"type": "object",
"defaultValue": null
},
"vnetConfigurationObject": {
"type": "object"
},
"Tags": {
"type": "object"
}
},
"resources": [
{
"type": "Microsoft.Network/virtualNetworks/Subnets",
"name": "[concat(parameters('vnetConfigurationObject').name,'/',parameters('vnetConfigurationObject').subnets[copyIndex()].name)]",
"location": "[parameters('vnetConfigurationObject').location]",
"apiVersion": "2018-08-01",
"copy": {
"name": "vnet",
"count": "[length(parameters('vnetConfigurationObject').subnets)]",
"mode": "serial"
},
"properties": {
"addressPrefix": "[parameters('vnetConfigurationObject').subnets[copyIndex()].addressPrefix]",
"routeTable": "[if(empty('routeTableConfigurationObject'), json('null'), json(concat('{\"id\": \"', '/subscriptions/', parameters('routeTableConfigurationObject').subscriptionId, '/resourceGroups/', parameters('routeTableConfigurationObject').resourceGroupName, '/providers/Microsoft.Network/routeTables/', parameters('vnetConfigurationObject').subnets[copyIndex()].routeTable,'\"}')))]"
}
}
]
}

try this:
"variables": [
"copy": [
{
"name": "route",
"count": "[length(parameters('vnetConfigurationObject').subnets)]",
"input": {
"id": "[resourceId(parameters('routeTableConfigurationObject').subscriptionId, parameters('routeTableConfigurationObject').resourceGroupName, 'Microsoft.Network/routeTables', parameters('vnetConfigurationObject').subnets[copyIndex('route')].routeTable)]"
}
}
]
],
"resources": [
{
"type": "Microsoft.Network/virtualNetworks/Subnets",
"name": "[concat(parameters('vnetConfigurationObject').name,'/',parameters('vnetConfigurationObject').subnets[copyIndex()].name)]",
"location": "[parameters('vnetConfigurationObject').location]",
"apiVersion": "2018-08-01",
"copy": {
"name": "vnet",
"count": "[length(parameters('vnetConfigurationObject').subnets)]",
"mode": "serial"
},
"properties": {
"addressPrefix": "[parameters('vnetConfigurationObject').subnets[copyIndex()].addressPrefix]",
"routeTable": "[if(empty('routeTableConfigurationObject'), json('null'), variables('route')[copyIndex()])]"
}
}
]
I dont have time\ability to test it, but it should be pretty close

Azure ServiceBus - Queue - Authorization rule creation error

I'm creating Azure resource manager template with ServiceBus, queue and couple shared access rules. I'm creating the namespace and the queue correctly but when I try to add authorization rule I get:
Resource Microsoft.ServiceBus/namespaces/authorizationRules
'myservicebusnamespace/SendOnlyKey' failed with message 'Request
payload is not in the expected format.
First of all is this possible? There's no samples out there and do documentation either..
Since this is quite generic message I was wondering if anyone else has encountered similar issues using ARM Template for creating Queues?
This is what I have so far:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sbNamespace": {
"type": "string",
"metadata": {
"description": "The service bus namespace"
}
}
},
"variables": {
"location": "[resourceGroup().location]",
"sbVersion": "[providers('Microsoft.ServiceBus', 'namespaces').apiVersions[0]]",
"queueName": "testQueue",
"defaultSASKeyName": "RootManageSharedAccessKey",
"authRuleResourceId": "[resourceId('Microsoft.ServiceBus/namespaces/authorizationRules', parameters('sbNamespace'), variables('defaultSASKeyName'))]",
"sendAuthRuleResourceId": "[resourceId('Microsoft.ServiceBus/namespaces/authorizationRules', parameters('sbNamespace'), 'SendOnlyKey')]",
"keyGeneratorTemplateUri": "https://raw.githubusercontent.com/sjkp/Azure.ARM.ServiceBus/master/Azure.ARM.ServiceBus/Templates/keygenerator.json"
},
"resources": [
{
"apiVersion": "2015-01-01",
"name": "primaryKey",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "incremental",
"templateLink": {
"uri": "[variables('keyGeneratorTemplateUri')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"seed": { "value": "1234a5" }
}
}
},
{
"apiVersion": "2015-01-01",
"name": "secondaryKey",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "incremental",
"templateLink": {
"uri": "[variables('keyGeneratorTemplateUri')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"seed": { "value": "ac34a5" }
}
}
},
{
//namespace
"apiVersion": "[variables('sbVersion')]",
"name": "[parameters('sbNamespace')]",
"type": "Microsoft.ServiceBus/namespaces",
"location": "[variables('location')]",
"properties": {
"messagingSku": 2
},
"resources": [
{
//queue
"apiVersion": "[variables('sbVersion')]",
"name": "[variables('queueName')]",
"type": "Queues",
"dependsOn": [
"[concat('Microsoft.ServiceBus/namespaces/', parameters('sbNamespace'))]"
],
"properties": {
"path": "[variables('queueName')]",
"defaultMessageTimeToLive": "14.0:0:0",
"maxQueueSizeInMegaBytes": "1024",
"maxDeliveryCount": "10"
}
}
,{
//auth rule 1
"apiVersion": "[variables('sbVersion')]",
"name": "[concat(parameters('sbNamespace'),'/SendOnlyKey')]",
"type": "Microsoft.ServiceBus/namespaces/authorizationRules",
"dependsOn": [
"[concat('Microsoft.ServiceBus/namespaces/', parameters('sbNamespace'))]",
"[concat('Microsoft.Resources/deployments/', 'primaryKey')]",
"[concat('Microsoft.Resources/deployments/', 'secondaryKey')]"
],
"location": "[variables('location')]",
"properties": {
"keyName": "SendOnlyKey",
"PrimaryKey": "[reference('primaryKey').outputs.key.value]",
"SecondaryKey": "[reference('secondaryKey').outputs.key.value]"
}
}
]
}
],
"outputs": {
"NamespaceDefaultConnectionString": {
"type": "string",
"value": "[listkeys(variables('authRuleResourceId'), variables('sbVersion')).primaryConnectionString]"
}
}
}

Sounds like something is failing with the sub template that should generate the keys.
Could you try to generate they keys with e.g. powershell instead:
$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$key = [System.Convert]::ToBase64String($bytes)
To see if that fixes the error.

Difficult stuff, that's for sure. Have a look at
Service Bus ARM Templates
No Service Bus Provider for ARM yet