"Cannot read properties of undefined" when using ResourceSelector on UIDefinition - azure

I'm building an ARM template that deploys some variables and runbooks to the automation account that the user selects.
To guide the user, I use a
{
"name": "AutomationAccount",
"type": "Microsoft.Solutions.ResourceSelector",
"resourceType": "Microsoft.Automation/automationAccounts",
"label": "Automation Account",
"toolTip": "The Automation Account that will host these runbooks.",
"filter": {
"subscription": "onBasics",
"location": "onBasics"
},
"visible": true
}
This correctly displays a dropdown that allows me to select the Automation Account filtered to the subscription and the resource group.
At the end of the UIDefinition.json file, I output the selected value like so:
"outputs": {
"parameters": {
...
"AutomationAccountId": "[steps('basics').AutomationAccount.id]",
...
}
}
(based on the sample output from the documentation for the ResourceSelector)
My ARM template is then supposed to use this value as a parameter:
"parameters": {
...
"AutomationAccountId": {
"type": "string",
"metadata": {
"description": "The resourceId of the Automation Account that will host this runbook."
}
},
...
}
which I then use as part of the name for a new variable:
"resources": [
...
{
"name": "[concat(parameters('AutomationAccountId'), '/MyVariableName')]",
"type": "Microsoft.Automation/automationAccounts/variables",
"apiVersion": "2019-06-01",
"dependsOn": [ ],
"properties": {
"value": "[parameters('SomeVariableValueParameter')]",
"description": "Some description')",
"isEncrypted": false
}
...
The UI displays correctly, allowing me to pick an Automation Account, but when I get to the Review & Create stage, validation fails with the following error message:
with the following error detail:
ERROR TYPE
Cannot read properties of undefined (reading 'subscriptionId')
Can anyone help out?

Related

Action Groups to Resource Owners

When creating an Action Group on the Azure Portal, you have the option to create an action on an action group to Email an Azure Resource Manager Role like Owner.
Trying to Automate the action groups per subscription/resource group, I can't find any documentation on how to create such a receiver via Powershell or CLI. There is the standard EmailReceiver and others, but nothing that is specific to the Role of the specific Resource group.
The intention is to create an Action Group that sends an email to everybody in the Owner group. Looking at the templates, it also is blank for all receivers with no indication on actually where it defines the "role" it needs to send to.
Any help will be appreciated.
If I am correctly understanding you. You could try to create an Email ARM Role by using armRoleReceivers parameter. When you do this, you could set the name value as the same as the name for emailReceivers and a specific roleId in the action group. For example, If you want to set a built-in owner role of this, you should set roleId 8e3af657-a8ff-443c-a75c-2fe8c4bcb635.
Something should be like:
"armRoleReceivers": [
{
"name": "string",
"roleId": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635"
}
]
You could find microsoft.insights actionGroups template reference, Here is a template working on my side.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"actionGroupName": {
"type": "string",
"metadata": {
"description": "Unique name (within the Resource Group) for the Action group."
}
},
"actionGroupShortName": {
"type": "string",
"metadata": {
"description": "Short name (maximum 12 characters) for the Action group."
}
}
},
"resources": [
{
"name": "[parameters('actionGroupName')]",
"type": "microsoft.insights/actionGroups",
"apiVersion": "2018-09-01",
"location": "Global",
"properties": {
"groupShortName": "[parameters('actionGroupShortName')]",
"enabled": true,
"emailReceivers": [
{
"name": "contosoEmail",
"emailAddress": "devops#contoso.com"
}
],
"smsReceivers": [
{
"name": "contosoSMS",
"countryCode": "1",
"phoneNumber": "555555"
}
],
"armRoleReceivers": [
{
"name": "contosoEmail",
"roleId": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635"
}
]
}
}
]
}

ARM deployment fails when properties are passed an an object

When deploying an ARM template using resource iteration, I'd like to pass the resource properties as an object.
Doing this would allow for a different set of parameters to exist within each element the copy array. The reason for this is because some properties may need to be conditionally included or excluded depending on the values of others. For example, in the case of an API Management product, the documentation states the following with regard to the subscriptionsLimit property -
Can be present only if subscriptionRequired property is present and has a value of false.
However, when deploying the example template below the deployment hangs in Azure. Looking in to the related events, I can see that the action the deploy the resource keeps failing with an Internal Server Error (500), but there are no additional details.
If I refer to each parameter in the properties object using variables('productsJArray')[copyIndex()].whatever then the deployment succeeds. However, this is undesirable as it means that every properties object would have to contain identical parameters, which is not always permissible and may cause the deployment to fail.
Example template
Note that I've output variables('productsJArray')[copyIndex()] and it is a valid object. I've even copied the output in to the template and deployed it successfully.
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"apiManagementServiceName": {
"type": "string",
"metadata": {
"description": "The name of the API Management instance."
}
},
"productsJson": {
"type": "string",
"metadata": {
"description": "A JSON representation of the Products to add."
}
}
},
"variables": {
"productsJArray": "[json(parameters('productsJson'))]"
},
"resources": [
{
"condition": "[greater(length(variables('productsJArray')), 0)]",
"type": "Microsoft.ApiManagement/service/products",
"name": "[concat(parameters('apiManagementServiceName'), '/', variables('productsJArray')[copyIndex()].name)]",
"apiVersion": "2018-06-01-preview",
"properties": "[variables('productsJArray')[copyIndex()]]",
"copy": {
"name": "productscopy",
"count": "[if(greater(length(variables('productsJArray')), 0), length(variables('productsJArray')), 1)]"
}
}
]
}
Example parameters
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"apiManagementServiceName": {
"value": "my-api-management"
},
"productsJson": {
"value": "[{\"name\":\"my-product\",\"displayName\":\"My Product\",\"description\":\"My product is awesome.\",\"state\":\"published\",\"subscriptionRequired\":true,\"approvalRequired\":false}]"
}
}
}
Output of variable 'productsJArray[0]'
"outputs": {
"properties": {
"type": "Object",
"value": {
"approvalRequired": false,
"description": "My product is awesome.",
"displayName": "My Product",
"name": "my-product",
"state": "published",
"subscriptionRequired": true
}
}
}
The issue here was that I was passing including name parameter along with other parameters when setting resource properties. This is obviously wrong, but it would have been helpful if MS had handled the error in a more human friendly way (guess they can't think of everything).
I've updated my incoming productsJson parameter -
[{\"name\":\"cs-automation\",\"properties\":{\"displayName\":\"CS Automation Subscription\",\"state\":\"published\",\"description\":\"Allows access to the ConveyorBot v1 API.\",\"subscriptionRequired\":true,\"approvalRequired\":false}}]
And I'm now passing only the required 'properties' -
"resources": [
{
"type": "Microsoft.ApiManagement/service/products",
"name": "[concat(parameters('apiManagementServiceName'), '/', variables('productsJArray')[copyIndex()].name)]",
"apiVersion": "2018-06-01-preview",
"properties": "[variables('productsJArray')[copyIndex()].properties]"
}
]

I want to create a runbook on an automation account with a shedule already connected to it through arm

With my ARM template I want to create an automation account with a runbook and a shedule , so far so good. But if i want to connect my shedule to my runbook through the template I can't seem to find the working way to do this.
First try (working) : create automation account with a runbook and a shedule
"variables": {
"name": "StartAllVM",
"url": "https://gallery.technet.microsoft.com/scriptcenter/Start-Azure-V2-VMs-6352312e/file/147007/1/Start-AzureV2VMs.ps1",
"version": "1.0.0.0",
"type": "PowerShell",
"description": "This PowerShell script runbook connects to Azure and starts all VMs in an Azure subscription or cloud service"
},
"resources": [
{
"name": "AutomationDev",
"type": "Microsoft.Automation/automationAccounts",
"apiVersion": "2015-10-31",
"properties": {
"sku": {
"name": "Free"
}
},
"location": "[parameters('location')]",
"tags": {},
"resources": [
{
"name": "[variables('name')]",
"type": "runbooks",
"apiVersion": "2015-01-01-preview",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', 'AutomationDev')]"
],
"properties": {
"runbookType": "PowerShell",
"logProgress": false,
"logVerbose": true,
"publishContentLink": {
"uri": "[variables('url')]",
"version": "[variables('version')]"
}
}
},
{
"comments": "",
"type": "schedules",
"name": "shedule1",
"apiVersion": "2015-10-31",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', 'AutomationDev')]",
"[variables('name')]"
],
"properties": {
"description": "VM Patch Automation Schedule",
"startTime": "06:00PM",
"expiryTime": "",
"isEnabled": true,
"interval": 1,
"frequency": "Week",
"timeZone": "UTC",
"advancedSchedule": {
"weekDays": [
"Monday"
]
}
}
}
]
}
]
Second try here i don't get errors but the shedule is not connected to the runbook
- I added "runbook": "variables('name')", to the shedule properties
third try (here i get errors that my dependes on is not right configured
i tried to add the shedule block inside a resource value of the runbook like this
{
"name": "[variables('name')]",
"type": "runbooks",
"apiVersion": "2015-01-01-preview",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', 'AutomationDev')]"
],
"properties": {
"runbookType": "PowerShell",
"logProgress": false,
"logVerbose": true,
"publishContentLink": {
"uri": "[variables('url')]",
"version": "[variables('version')]"
}
},
"resources": [
{
"comments": "",
"type": "schedules",
"name": "shedule1",
"apiVersion": "2015-10-31",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', 'AutomationDev' , variables('name'))]",
],
"properties": {
"description": "VM Patch Automation Schedule",
"runbook": "variables('name')",
"startTime": "06:00PM",
"expiryTime": "",
"isEnabled": true,
"interval": 1,
"frequency": "Week",
"timeZone": "UTC",
"advancedSchedule": {
"weekDays": [
"Monday"
]
}
}
}
]
}
The error i got is as followed:
New-AzureRmResourceGroupDeployment : 16:43:44 - Error: Code=InvalidTemplate; Message=Deployment template validation fai
led: 'The resource '/subscriptions/xxxxxxxx/resourceGroups/xxxx/providers/Microsoft.Automa
tion/automationAccounts/AutomationDev/runbooks/StartAllVM/schedules/shedule1' at line '54' and column '17' doesn't depe
nd on parent resource '/subscriptions/xxxxxxxx/resourceGroups/xxx/providers/Microsoft.Aut
omation/automationAccounts/AutomationDev/runbooks/StartAllVM'. Please add dependency explicitly using the 'dependsOn' s
yntax. Please see https://aka.ms/arm-template/#resources for usage details.'.
I have no clue which option is the right one, i think my third try is the right way to add a shedule to a runbook but i can't seem to find the right way to use the right depends on
[Edit]
Like the answers mentioned my depends on structure was not good , after I changed this I keep getting following error. And I am looking some time now for a solution but can't seem to find which resource they are mentioning that is missing
I used following depends on :
"[resourceId('Microsoft.Automation/automationAccounts/runbooks', 'AutomationDev' , variables('name'))]"
And got this error.
New-AzureRmResourceGroupDeployment : 9:03:47 - Resource Microsoft.Automation/automationAccounts/runbooks/schedules 'AutomationDev/StartAllVM/shedule1' failed with message '{
"error": {
"code": "BadRequest",
"message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\
r\n<title>404 - File or directory not found.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:
#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#cont
ent{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"con
tent-container\"><fieldset>\r\n <h2>404 - File or directory not found.</h2>\r\n <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n"
}
I know this question was asked a while ago, but I just worked out how to do this for myself and thought I'd post in case it can help anyone else:
Adding a schedule block inside the template will create the schedule but not connect it to the runbook. To connect the two together, you have to create a job schedule as well.
The steps I took to fix this are as follows:
1. Add the runbook block as a child resource of the Automation Account
2. Add the schedule block as a child resource of the Automation Account (not as a child of the runbook - this is what threw the last error)
3. Add a job schedule block as a child resource of the Automation Account, and pass in the name of the runbook and the name of the schedule:
{
"name": "string",
"type": "Microsoft.Automation/automationAccounts/jobSchedules",
"apiVersion": "2015-10-31",
"properties": {
"schedule": {
"name": "string"
},
"runbook": {
"name": "string"
}
}
}
Obviously you might need to mess around a bit more to get yours working properly but these are the general steps I took :)
-NOTE- don't forget to add dependencies where necessary (e.g. job schedule will depend on the runbook and the schedule already existing)
References:
jobSchedules
Dependencies
Your depends on should be:
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', 'AutomationDev/runbooks/' , variables('name'))]",
],
Alternatively, you can use resourceId() function, which gives a more readable result:
"dependsOn": [
"[resourceId('Microsoft.Automation/automationAccounts/runbooks', 'AutomationDev' , variables('name'))]",
]
with resourceId you can, also, construct resourceId for resources in other subscriptions \ resourcegroups easily.
resourceId([subscriptionId], [resourceGroupName], resourceType, resourceName1, [resourceName2]...)
https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-functions-resource#resourceid
Using Bicep this is a lot simpler.
Create a schedules.bicep file with the following content:
param guidValue string = newGuid()
var aaName = 'your-automation-account-name'
var runbookName = 'your-runbook-name'
var scheduleName = 'the-desired-schedule-name'
var scheduleFullName = '${aaName}/${scheduleName}'
var scheduleAssignment = '${aaName}/${guidValue}'
resource schedule 'Microsoft.Automation/automationAccounts/schedules#2020-01-13-preview' = {
name: scheduleFullName
properties: {
frequency: 'Day'
interval: any(6)
startTime: '2021-10-10'
}
}
resource jobSchedule 'Microsoft.Automation/automationAccounts/jobSchedules#2020-01-13-preview' = {
name: scheduleAssignment
properties: {
runbook: {
name: runbookName
}
schedule: {
name: scheduleName
}
}
}
Then using Azure CLI just run az deployment group create -f schedules.bicep -g your-resourcegroup-name.
Note: I was referencing an existing Automation Account and Runbook but you could add those resources to the template as well. Also to generate the classic JSON ARM Templates you could run az bicep build -f schedules.bicep.

Stream Analytics Job deployed as Azure Resource Manager (ARM) template

I am trying to setup an output EventHub for a Stream Analytics Job defined as a JSON template. Without the output bit the template is successfully deployed, however when adding the output definition it fails with:
Deployment failed. Correlation ID: <SOME_UUID>. {
"code": "BadRequest",
"message": "The JSON provided in the request body is invalid. Property 'eventHubName' value 'parameters('eh_name')' is not acceptable.",
"details": {
"code": "400",
"message": "The JSON provided in the request body is invalid. Property 'eventHubName' value 'parameters('eh_name')' is not acceptable.",
"correlationId": "<SOME_UUID>",
"requestId": "<SOME_UUID>"
}
}
I've defined the ARM template as:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "westeurope"
},
"hubName": {
"type": "string",
"defaultValue": "fooIotHub"
},
"eh_name": {
"defaultValue": "fooEhName",
"type": "String"
},
"eh_namespace": {
"defaultValue": "fooEhNamespace",
"type": "String"
},
"streamAnalyticsJobName": {
"type": "string",
"defaultValue": "fooStreamAnalyticsJobName"
}
},
"resources": [{
"type": "Microsoft.StreamAnalytics/StreamingJobs",
"apiVersion": "2016-03-01",
"name": "[parameters('streamAnalyticsJobName')]",
"location": "[resourceGroup().location]",
"properties": {
"sku": {
"name": "standard"
},
"outputErrorPolicy": "Drop",
"eventsOutOfOrderPolicy": "adjust",
"eventsOutOfOrderMaxDelayInSeconds": 0,
"eventsLateArrivalMaxDelayInSeconds": 86400,
"inputs": [{
"Name": "IoTHubInputLable",
"Properties": {
"DataSource": {
"Properties": {
"iotHubNamespace": "[parameters('hubName')]",
"sharedAccessPolicyKey": "[listkeys(resourceId('Microsoft.Devices/IotHubs/IotHubKeys',parameters('hubName'), 'iothubowner'),'2016-02-03').primaryKey]",
"sharedAccessPolicyName": "iothubowner",
"endpoint": "messages/events"
},
"Type": "Microsoft.Devices/IotHubs"
},
"Serialization": {
"Properties": {
"Encoding": "UTF8"
},
"Type": "Json"
},
"Type": "Stream"
}
}],
"transformation": {
"name": "Transformation",
"properties": {
"streamingUnits": 1,
"query": "<THE SQL-LIKE CODE FOR THE JOB QUERY>"
}
},
"outputs": [{
"name": "EventHubOutputLable",
"properties": {
"dataSource": {
"type": "Microsoft.ServiceBus/EventHub",
"properties": {
"eventHubName": "parameters('eh_name')",
"serviceBusNamespace": "parameters('eh_namespace')",
"sharedAccessPolicyName": "RootManageSharedAccessKey"
}
},
"serialization": {
"Properties": {
"Encoding": "UTF8"
}
}
}
}]
}
}]
}
Checking here https://learn.microsoft.com/en-us/azure/templates/microsoft.streamanalytics/streamingjobs
it looks like the structure of the JSON for the output is as the expected one (with the properties field along with the type).
I've figured out those "Event Hub properties" from the Chrome browser using Developer Tools and checking the details of the HTTP request "GetOutputs", otherwise I am not sure where I could see how to specify those properties? The structure looks quite similar to the one for the input IoT Hub (which is working), in that case using different lables for the properties related to the IoT Hub details.
Checking this blog post https://blogs.msdn.microsoft.com/david/2017/07/20/building-azure-stream-analytics-resources-via-arm-templates-part-2-the-template/
the output part is related to PowerBI and it looks like a different structure is used for the properties: outputPowerBISource, so I've tried to use for the Event Hub the field outputEventHubSource (from the checks using Chrome Developer Tools) instead of properties, but then I get this error:
Deployment failed. Correlation ID: <SOME_UUID>. {
"code": "BadRequest",
"message": "The JSON provided in the request body is invalid. Required property 'properties' not found in JSON. Path '', line 1, position 1419.",
"details": {
"code": "400",
"message": "The JSON provided in the request body is invalid. Required property 'properties' not found in JSON. Path '', line 1, position 1419.",
"correlationId": "<SOME_UUID>",
"requestId": "<SOME_UUID>"
}
}
The command I am using to deploy this template is the Azure CLI (from a Linux Debian machine):
az group deployment create \
--name "deployStreamAnalyticsJobs" \
--resource-group "MyRGName" \
--template-file ./templates/stream-analytics-jobs.json
How do I specify an output in an Azure Resource Manager (ARM) template for a Stream Analytics Job?
Any property that contains a parameter (or any expression that needs to be evaluated must contain square brackets, e.g.
"eventHubName": "[parameters('eh_name')]",
"serviceBusNamespace": "[parameters('eh_namespace')]",
Otherwise the literal value in the quotes is used.
That help?
I found out all parameters need to be wrapped in square brakets (as pointed out in the other answer to this question).
Also to dynamically retrieve the shared access policy key (or any other parameter for an existing resource like the Event Hub) a combination of functions like listKeys and resourceId etc must be used, see below for a full example of an Event Hub described as an output for a Stream Analytics Job.
In details:
the parameters defined for eventHubName and serviceBusNamespace must be evaluated using square brackets (see how I defined those parameters in the JSON example in the body of the question I asked above),
the shared access policy could be either an hardcoded string (or a parameter as before) like sharedAccessPolicyName or dynamically retrieved using "sharedAccessPolicyKey": "[listKeys(resourceId('Microsoft.EventHub/namespaces/eventhubs/authorizationRules', parameters('eh_namespace'), parameters('eh_name'), 'RootManageSharedAccessKey'),'2017-04-01').primaryKey]" for the sharedAccessPolicyKey (this is sensitive data and it should be protected avoiding hardcoding information as a plain string)
The following JSON configuration shows an existing Event Hub defined as an output defined for the Stream Analytics Job:
"outputs": [{
"Name": "EventHubOutputLable",
"Properties": {
"DataSource": {
"Type": "Microsoft.ServiceBus/EventHub",
"Properties": {
"eventHubName": "[parameters('eh_name')]",
"serviceBusNamespace": "[parameters('eh_namespace')]",
"sharedAccessPolicyKey": "[listKeys(resourceId('Microsoft.EventHub/namespaces/eventhubs/authorizationRules', parameters('eh_namespace'), parameters('eh_name'), 'RootManageSharedAccessKey'),'2017-04-01').primaryKey]",
"sharedAccessPolicyName": "RootManageSharedAccessKey"
}
},
"Serialization": {
"Properties": {
"Encoding": "UTF8"
},
"Type": "Json"
}
}
}]

How do I use Azure Key Vault secret in linked template

I'm trying to create automation variable off KeyVault secret. I assume I can probably do the same thing what is currently done in main template for retrieving windows password but it fails with non-descriptive error below. Not sure what shall be done next to troubleshoot.
Error
{
"code": "BadRequest",
"message": "{\"Message\":\"The request is invalid.\",\"ModelState\":{\"variable.properties.value\":[\"An error has occurred.\"]}}"
}
Template
{
"name": "mystring",
"type": "variables",
"apiVersion": "2015-10-31",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', parameters('AutomationAccountName'))]"
],
"properties": {
"value": {
"reference": {
"keyVault": {
"id": "[resourceId(subscription().subscriptionId, 'Utility-RG', 'Microsoft.KeyVault/vaults', 'MyKeyVault')]"
},
"secretName": "WindowsPasswordSecret"
}
},
"description": "test var",
"isEncrypted": false
}
}
That error is indeed helpful, while I have no idea what went wrong there, I can tell you how to work around that, you need to pass the data from the KV to the template (as input parameter) not to the resource. And in the template use parameter to assign value to the object in question.
Reference: https://github.com/4c74356b41/bbbb-is-the-word/blob/master/_arm/parent.json#L151

Resources