Skip to content

[BUG] Virtual Network Gateway Connections - Get Shared Key @2024-05-01 intermittently returns a list of value in ConnectionSharedKey instead of string #36537

New issue
New issue
Open
Open
[BUG] Virtual Network Gateway Connections - Get Shared Key @2024-05-01 intermittently returns a list of value in ConnectionSharedKey instead of string#36537
Labels
bugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedIssues that are reported by GitHub users external to the Azure organization.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
@QixiaLu

Description

@QixiaLu
QixiaLu
opened on Aug 7, 2025

API Spec link

https://github.com/Azure/azure-rest-api-specs/blob/main/specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/virtualNetworkGateway.json#L1830-L1878

API Spec version

2024-05-01 and 2023-11-01

Describe the bug

Spec defines the following response type from VirtualNetworkGatewayConnections_GetSharedKey:

Name Type Description
id string Resource ID.
value string The virtual network connection shared key value.

However when users call this API for connections of type "ExpressRoute", the API intermittently returns:
{"value":[]}
This violates the API spec and causes downstream tools (such as Terraform) to crash due to JSON unmarshal errors. (Issue: hashicorp/terraform-provider-azurerm#30322)

One user has reported that adding extra permissions can avoid this issue, suggesting it may be permission-related. If this is a permission issue, the API should return an appropriate error rather than returning malformed JSON with a list instead of a string.

Expected behavior

The API should return a valid schema-compliant response: the value field should conform to the API spec and be a string when present.

If it's because of lacking permissions, the api call should fail.

Actual behavior

Api succeeds with status code 200 and returns {"value":[]}

Reproduction Steps

Created an ExpressRoute connection without a shared key and called the GET /sharedkey endpoint for multiple times without sufficient permissions.
My response is {}, which is correct. It might because the connection is in failed status. However, some other users have reported that they received{"value":[]}.
One response reported by user: (from hashicorp/terraform-provider-azurerm#30322)

AzureRM Response for https://management.azure.com/subscriptions/***/resourceGroups/bots-vwan/providers/Microsoft.Network/connections/ergw-icetrace-gateway-prod-uks.erc-bots-prod-uks-lon-megaport-icetrace.v1/sharedkey?api-version=2024-05-01:
HTTP/2.0 200 OK
Content-Length: 12
Cache-Control: no-cache
Content-Type: application/json; charset=utf-8
Date: Tue, 05 Aug 2025 13:54:20 GMT
Expires: -1
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: CONFIG_NOCACHE
X-Content-Type-Options: nosniff
X-Ms-Correlation-Request-Id: b6d1c7ac-c971-5609-3d1c-d47fbea40b33
X-Ms-Request-Id: f460a324-f209-4975-9c6e-772d6c40a0a2
X-Ms-Routing-Request-Id: UKSOUTH:20250805T135420Z:f460a324-f209-4975-9c6e-772d6c40a0a2
X-Msedge-Ref: Ref A: 4FB18ABEE5604F7F99674FE2B6586051 Ref B: BN1AA2051014033 Ref C: 2025-08-05T13:54:20Z
{"value":[]}

The X-Ms-Correlation-Request-Id for another request is b5703de5-d20f-41bf-a061-49978bea0781

Environment

terraform

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedIssues that are reported by GitHub users external to the Azure organization.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions