Azure ARM Deployment Error Missing master - azure

I am working on setting up 3 resource groups dev/uat/prod and was looking for a way to use ARM deployment to keep the environments the same. I export the ARM template and export and I get the following error as my first error.
'edapdserver/master/Default' failed with message '{
11:23:06 - "error": {
11:23:06 - "code": "ParentResourceNotFound",
11:23:06 - "message": "Can not perform requested operation on nested resource. Parent resource 'dserver/master' not
11:23:06 - found."
11:23:06 - }
11:23:06 - }'
Then when I look at the json it exports I can only see the database that I created there not master.
{
"type": "Microsoft.Sql/servers/databases",
"apiVersion": "2022-02-01-preview",
"name": "[concat(parameters('servers_edapdserver_name'), '/my-database')]",
"location": "eastus",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('servers_dserver_name'))]"
],
"sku": {
"name": "Basic",
"tier": "Basic",
"capacity": 5
},
"kind": "v12.0,user",
"properties": {
"collation": "SQL_Latin1_General_CP1_CI_AS",
"maxSizeBytes": 2147483648,
"catalogCollation": "SQL_Latin1_General_CP1_CI_AS",
"zoneRedundant": false,
"readScale": "Disabled",
"requestedBackupStorageRedundancy": "Geo",
"maintenanceConfigurationId": "/subscriptions/??/providers/Microsoft.Maintenance/publicMaintenanceConfigurations/SQL_Default",
"isLedgerOn": false
}
}
This is where the code fails
{
"type": "Microsoft.Sql/servers/databases/securityAlertPolicies",
"apiVersion": "2022-02-01-preview",
"name": "[concat(parameters('servers_edapdserver_name'), '/master/Default')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('servers_edapdserver_name'))]"
],
"properties": {
"state": "Disabled",
"disabledAlerts": [
""
],
"emailAddresses": [
""
],
"emailAccountAdmins": false,
"retentionDays": 0
}
},
edit this is the server part:
{
"type": "Microsoft.Sql/servers",
"apiVersion": "2022-02-01-preview",
"name": "[parameters('servers_edapdserver_name')]",
"location": "eastus",
"kind": "v12.0",
"properties": {
"administratorLogin": "??",
"administratorLoginPassword": "??",
"version": "12.0",
"minimalTlsVersion": "1.2",
"publicNetworkAccess": "Enabled",
"restrictOutboundNetworkAccess": "Disabled"
}
},

Related

ARM template error while deploying azure function app

2021-01-04T11:03:16.0647360Z ##[error]At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.
2021-01-04T11:03:16.0659882Z ##[error]Details:
2021-01-04T11:03:16.0662124Z ##[error]InternalServerError: There was an unexpected InternalServerError. Please try again later. x-ms-correlation-request-id: 78006c94-253a-4b3f-8407-0d7690a7ca5d
2021-01-04T11:03:16.0663958Z ##[error]InternalServerError: There was an unexpected InternalServerError. Please try again later. x-ms-correlation-request-id: 78006c94-253a-4b3f-8407-0d7690a7ca5d
2021-01-04T11:03:16.0665674Z ##[error]InternalServerError: There was an unexpected InternalServerError. Please try again later. x-ms-correlation-request-id: 78006c94-253a-4b3f-8407-0d7690a7ca5d
2021-01-04T11:03:16.0667350Z ##[error]InternalServerError: There was an unexpected InternalServerError. Please try again later. x-ms-correlation-request-id: 78006c94-253a-4b3f-8407-0d7690a7ca5d
2021-01-04T11:03:16.0669314Z ##[error]InternalServerError: There was an unexpected InternalServerError. Please try again later. x-ms-correlation-request-id: 78006c94-253a-4b3f-8407-0d7690a7ca5d
2021-01-04T11:03:16.0671142Z ##[error]Check out the troubleshooting guide to see if your issue is addressed: https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-resource-group-deployment?view=azure-devops#troubleshooting
2021-01-04T11:03:16.0672521Z ##[error]Task failed while creating or updating the template deployment.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"current_environment": {
"type": "string"
},
"instanceNo": {
"type": "string"
},
"current_app_name": {
"type": "string"
},
"current_app_name_short": {
"type": "string",
"defaultValue":"66"
// "maxLength": 4
},
"functionName": {
"type": "array",
"defaultValue": [
"searchindex",
"delta",
"product",
"catalog",
"category"
]
},
"vnetName": {
"type": "string",
"defaultValue":"networking-001"
},
"existingVirtualNetworkResourceGroup": {
"type": "string",
"defaultValue": "rg-networking-001"
}
},
"functions": [],
"variables": {
"commonprefix": "[concat(parameters('current_app_name'),'-',parameters('current_environment'),'-',parameters('instanceNo'))]",
"commonprefix1":"[concat(parameters('current_app_name_short'),parameters('current_environment'),parameters('instanceNo'))]"
},
"resources": [
{
"apiVersion": "2018-02-01",
"name": "[concat('plan-',parameters('functionName')[copyIndex('')],'-',variables('commonprefix'))]",
"type": "Microsoft.Web/serverfarms",
"location": "[resourceGroup().location]",
"kind": "linux",
"dependsOn": [],
"properties": {
"name": "[concat('plan-',parameters('functionName')[copyIndex('')],'-',variables('commonprefix'))]",
"workerSize": "3",
"workerSizeId": "3",
"numberOfWorkers": "1",
"reserved": true
},
"sku": {
"Tier": "PremiumV2",
"Name": "P1v2"
},
"copy": {
"name": "appplancopy",
"count": "[length(parameters('functionName'))]"
}
},
{
"type": "microsoft.insights/components",
"apiVersion": "2018-05-01-preview",
"name": "[concat('appi-',parameters('functionName')[copyIndex('')],'-',variables('commonprefix'))]",
"kind": "web",
"location": "[resourceGroup().location]",
"dependsOn": [],
"properties": {
"Application_Type": "web",
"RetentionInDays": 90,
"publicNetworkAccessForIngestion": "enabled",
"publicNetworkAccessForQuery": "enabled"
},
"copy": {
"name": "componentcopy",
"count": "[length(parameters('functionName'))]"
}
},
{
"apiVersion": "2019-06-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "[concat('st',parameters('functionName')[copyIndex('')],variables('commonprefix1'))]",
"location": "[resourceGroup().location]",
"kind": "Storage",
"sku": {
"name": "Standard_LRS"
},
"properties": {
"supportsHttpsTrafficOnly": true
},
"copy": {
"name": "storagecopy",
"count": "[length(parameters('functionName'))]"
}
},
{
"apiVersion": "2018-11-01",
"name": "[concat('func-',parameters('functionName')[copyIndex('')],'-',variables('commonprefix'))]",
"type": "Microsoft.Web/sites",
"kind": "functionapp,linux",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('microsoft.insights/components', concat('appi-',parameters('functionName')[copyIndex('')],'-',variables('commonprefix')))]",
"[resourceId('Microsoft.Web/serverfarms', concat('plan-',parameters('functionName')[copyIndex('')],'-',variables('commonprefix')))]",
"[resourceId('Microsoft.Storage/storageAccounts', concat('st',parameters('functionName')[copyIndex('')],variables('commonprefix1')))]"
],
"properties": {
"name": "[concat('func-',parameters('functionName')[copyIndex('')],'-',variables('commonprefix'))]",
"clientAffinityEnabled": false,
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', concat('plan-',parameters('functionName')[copyIndex('')],'-',variables('commonprefix')))]"
},
"resources": [
{
"type": "networkConfig",
"apiVersion": "2019-08-01",
"name": "virtualNetwork",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', concat('func-',parameters('functionName')[copyIndex('')],'-',variables('commonprefix')))]"
],
"properties": {
"subnetResourceId": "[resourceId(parameters('existingVirtualNetworkResourceGroup'),'Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'),concat('subnet-',parameters('functionName')[copyIndex('')],'-',variables('commonprefix')))]"
}
}
],
"copy": {
"name": "apppservicecopy",
"count": "[length(parameters('functionName'))]"
}
}
],
"outputs": {}}

According to the doc, we could see multiple reasons for this type of error:
The resource type you're trying to deploy isn't yet available in that region.
Downtime of either the service you're deploying to in the region you're deploying to.
Downtime of Azure DevOps itself.
You could switch the region and then try it again.
In addition, We could create ARM templates by using the Azure portal and then deploy azure function app via the template.

I can reproduce the same issue with your template. Please note that there is no networkConfig type and subnetResourceId properties in the template-Microsoft.Web sites/virtualNetworkConnections 2019-08-01, you could change the type to virtualNetworkConnections and properties to vnetResourceId like this:
{
"type": "virtualNetworkConnections",
"apiVersion": "2019-08-01",
"name": "virtualNetwork",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', concat('func-',parameters('functionName')[copyIndex('')],'-',variables('commonprefix')))]"
],
"properties": {
"vnetResourceId": "[resourceId(parameters('existingVirtualNetworkResourceGroup'),'Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'),concat('subnet-',parameters('functionName')[copyIndex('')],'-',variables('commonprefix')))]"
}
}

How to enable using arm template vulnerabilityAssessments for sql server with storage account behind firewall

When enabling sql server vulnerabilityAssessments feature using arm template, following error is thrown when storage account has a firewall on.
"error": {
"code": "InvalidStorageAccountCredentials",
"message": "The provided storage account shared access signature or account storage key is not valid."
}
}
Template part:
{
"type": "Microsoft.Sql/servers/securityAlertPolicies",
"apiVersion": "2017-03-01-preview",
"name": "[concat(variables('sqls01Name'), '/Default')]",
"dependsOn": [
],
"properties": {
"state": "Enabled",
"emailAddresses": "[variables('emailActionGroupAddresses')]",
"emailAccountAdmins": false
}
},
{
"type": "Microsoft.Sql/servers/vulnerabilityAssessments",
"apiVersion": "2018-06-01-preview",
"location": "westeurope",
"name": "[concat(variables('sqls01Name'), '/Default')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('defenderSa'))]"
],
"properties": {
"storageContainerPath": "[concat('https://',variables('defenderSa'),'.blob.core.windows.net/vulnerability-assessment/')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('defenderSa')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": false,
"emails": "[variables('emailActionGroupAddresses')]"
}
}
},
{
"name": "[variables('defenderSA')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
"location": "westeurope",
"properties": {
"accessTier": "Cool",
"allowBlobPublicAccess": false,
"supportsHttpsTrafficOnly": true,
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [{
"id": "[variables('subnetId')]",
"action": "Allow"
}],
"ipRules": [
],
"defaultAction": "Deny"
}
},
"dependsOn": [
],
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"tags": {
}
}
I notices that when enabling the feature from portal following communicate is displayed:
You have selected a storage that is behind a firewall or in a virtual network. Please be aware that using this storage will create a managed identity for the server and it will be granted 'storage blob data contributor' role on the selected storage.
The assignment is indeed created and the assessment works, however when I try to replicate this in arm template with following code it still fails.
{
"type": "Microsoft.Storage/storageAccounts/providers/roleAssignments",
"name": "[concat(variables('defenderSA'),'/Microsoft.Authorization/',guid(variables('sqls01Name')))]",
"apiVersion": "2018-09-01-preview",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts',variables('defenderSA'))]"
],
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]",
"principalId": "[reference(resourceId('Microsoft.Sql/servers',variables('sqls01Name')),providers('Microsoft.Sql', 'servers').apiVersions[0],'Full').identity.principalId]"
}
}

Regarding the issue, please refer to the following template
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"clientIp": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "allow you client to access Azure storage "
}
},
"virtualNetworksName": {
"defaultValue": "testsql09",
"type": "String"
},
"serverName": {
"type": "string",
"defaultValue": "[uniqueString('sql', resourceGroup().id)]",
"metadata": {
"description": "The name of the SQL logical server."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
},
"administratorLogin": {
"type": "string",
"defaultValue": "sqladmin",
"metadata": {
"description": "The administrator username of the SQL logical server."
}
},
"administratorLoginPassword": {
"type": "securestring",
"defaultValue": "Password0123!",
"metadata": {
"description": "The administrator password of the SQL logical server."
}
},
"connectionType": {
"defaultValue": "Default",
"allowedValues": [ "Default", "Redirect", "Proxy" ],
"type": "string",
"metadata": {
"description": "SQL logical server connection type."
}
}
},
"variables": {
"serverResourceGroupName": "[resourceGroup().name]",
"subscriptionId": "[subscription().subscriptionId]",
"uniqueStorage": "[uniqueString(variables('subscriptionId'), variables('serverResourceGroupName'), parameters('location'))]",
"storageName": "[tolower(concat('sqlva', variables('uniqueStorage')))]",
"roleAssignmentName": "[guid(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), variables('storageBlobContributor'), resourceId('Microsoft.Sql/servers', parameters('serverName')))]",
"StorageBlobContributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]"
},
"resources": [
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2020-05-01",
"name": "[parameters('virtualNetworksName')]",
"location": "southeastasia",
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.18.0.0/24"
]
},
"subnets": [
{
"name": "default",
"properties": {
"addressPrefix": "10.18.0.0/24",
"serviceEndpoints": [
{
"service": "Microsoft.Storage"
}
],
"delegations": [],
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
}
}
],
"virtualNetworkPeerings": [],
"enableDdosProtection": false,
"enableVmProtection": false
}
},
{
"type": "Microsoft.Network/virtualNetworks/subnets",
"apiVersion": "2020-05-01",
"name": "[concat(parameters('virtualNetworksName'), '/default')]",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworksName'))]"
],
"properties": {
"addressPrefix": "10.18.0.0/24",
"serviceEndpoints": [
{
"service": "Microsoft.Storage"
}
],
"delegations": [],
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
}
},
{
"type": "Microsoft.Sql/servers",
"apiVersion": "2019-06-01-preview",
"name": "[parameters('serverName')]",
"location": "[parameters('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"version": "12.0"
}
},
{
"type": "Microsoft.Sql/servers/databases",
"apiVersion": "2019-06-01-preview",
"name": "[concat(parameters('serverName'), '/test')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"
],
"sku": {
"name": "Basic",
"tier": "Basic",
"capacity": 5
},
"kind": "v12.0,user",
"properties": {
"collation": "SQL_Latin1_General_CP1_CI_AS",
"maxSizeBytes": 2147483648,
"catalogCollation": "SQL_Latin1_General_CP1_CI_AS",
"zoneRedundant": false,
"readScale": "Disabled",
"storageAccountType": "LRS"
}
},
{
"type": "Microsoft.Sql/servers/securityAlertPolicies",
"apiVersion": "2020-02-02-preview",
"name": "[concat(parameters('serverName'), '/Default')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"
],
"properties": {
"state": "Enabled",
"emailAccountAdmins": false
}
},
{
"type": "Microsoft.Sql/servers/vulnerabilityAssessments",
"apiVersion": "2018-06-01-preview",
"name": "[concat(parameters('serverName'), '/Default')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]",
"[resourceId('Microsoft.Sql/servers/securityAlertPolicies', parameters('serverName'), 'Default')]",
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageName'))]",
"[extensionResourceId(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), 'Microsoft.Authorization/roleAssignments', variables('roleAssignmentName'))]"
],
"properties": {
"storageContainerPath": "[concat(reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageName'))).primaryEndpoints.blob, 'vulnerability-assessment')]",
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": false
}
}
},
{
"type": "Microsoft.Sql/servers/connectionPolicies",
"apiVersion": "2014-04-01",
"name": "[concat(parameters('serverName'), '/Default')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"
],
"properties": {
"connectionType": "[parameters('connectionType')]"
}
},
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
"name": "[variables('storageName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworksName'), 'default')]"
],
"sku": {
"name": "Standard_LRS"
},
"kind": "StorageV2",
"properties": {
"minimumTlsVersion": "TLS1_2",
"allowBlobPublicAccess": true,
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [
{
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworksName'), 'default')]",
"action": "Allow",
"state": "Succeeded"
}
],
"ipRules": [
{
"value": "[parameters('clientIp')]",
"action": "Allow"
}
],
"defaultAction": "Deny"
}
}
},
{
"type": "Microsoft.Storage/storageAccounts/providers/roleAssignments",
"apiVersion": "2020-04-01-preview",
"name": "[concat(variables('storageName'), '/Microsoft.Authorization/', variables('roleAssignmentName'))]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]",
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageName'))]"
],
"properties": {
"roleDefinitionId": "[variables('StorageBlobContributor')]",
"principalId": "[reference(resourceId('Microsoft.Sql/servers', parameters('serverName')), '2020-02-02-preview', 'Full').identity.principalId]",
"scope": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageName'))]",
"principalType": "ServicePrincipal"
}
}
]
}

Not able to add autoscaleout property for appservice plan using ARM template

I have created ARM template to add scale out property as per below using above template as reference
{
"type": "Microsoft.Web/serverfarms",
"sku": {
"name": "S1",
"tier": "Standard",
"size": "S1",
"family": "S",
"capacity": 1
},
"kind": "app",
"name": "[variables('ServerFarm_gateway_name')]",
"apiVersion": "2016-09-01",
"location": "[resourceGroup().location]",
"resources": [
{
"name": "[concat(variables('ServerFarm_gateway_name'),'-autoscaleout')]",
"type": "Microsoft.Insights/autoscaleSettings",
"apiVersion": "2015-04-01",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', variables('ServerFarm_gateway_name'))]"
],
"properties": {
"name": "[concat(variables('ServerFarm_gateway_name'),'-autoscaleout')]",
"enabled": true,
"targetResourceLocation": "[resourceGroup().location]",
"profiles": [
{
"name": "Auto created scale condition 1",
"capacity": {
"minimum": "1",
"maximum": "5",
"default": "1"
}
},
{
"name": "{\"name\":\"Auto created scale condition\",\"for\":\"Auto created scale condition 1\"}",
"capacity": {
"minimum": "1",
"maximum": "5",
"default": "1"
}
}
]
}
}
],
"dependsOn": []
}
It is throwing error while deploy using VSTS pipeline.
##[error]At least one resource deployment operation failed. Please list deployment operations for
Please see https://aka.ms/DeployOperations for usage details.
##[error]Details:
##[error]BadRequest: {
"code": "UnsupportedRequestContent",
"message": "Request content is not well formed or supported."
}
##[error]Task failed while creating or updating the template deployment.
When I remove the resource part from template then no issue.

I believe your issue is with your understanding of how autoscaling arm template works. These should be defined as a top-level resource and reference the resource it applies to.
Your template should look something like this:
{
"type": "microsoft.insights/autoscalesettings",
"name": "[concat(variables('ServerFarm_gateway_name'),'-autoscaleout')]",
"apiVersion": "2015-04-01",
"location": "[resourceGroup().location]",
"properties": {
"profiles": [
{
"name": "Auto created scale condition 1",
"capacity": {
"minimum": "1",
"maximum": "5",
"default": "1"
}
}
],
"enabled": true,
"targetResourceUri": "[resourceId('Microsoft.Web/serverfarms', variables('ServerFarm_gateway_name'))]"
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('ServerFarm_gateway_name'))]"
]
}

Using CopyIndex and listKeys in outputs section

I'm trying to get the primaryConnectionStrings from an aRM template that creates multiple notification hubs
But I get this error
Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'The template output 'connectionStrings' at line '291' and column '30' is not valid: The
template function 'copyIndex' is not expected at this location. The function can only be used in a resource with copy specified. Please see https://aka.ms/arm-copy for usage details.. Please see
https://aka.ms/arm-template-expressions for usage details.'.
I am clearly missing what this actually means as I've tried various incarnations of the template all of which have a copy for the resource.
I've tried this with a nested template (apologies if i've mangled the template, just removed some extraneous items):
"resources": [
{
"type": "Microsoft.NotificationHubs/namespaces",
"apiVersion": "2017-04-01",
"name": "[parameters('notificationHubName')]",
"location": "[resourceGroup().location]",
"tags": {
"Environment": "[parameters('environment')]",
"DisplayName": "Notification Hub Namespace"
},
"sku": {
"name": "[parameters('notificationHubSku')]"
},
"kind": "NotificationHub",
"properties": {
"namespaceType": "NotificationHub"
}
},
{
"type": "Microsoft.NotificationHubs/namespaces/AuthorizationRules",
"apiVersion": "2017-04-01",
"name": "[concat(parameters('notificationHubName'), '/RootManageSharedAccessKey')]",
"tags": {
"Environment": "[parameters('environment')]",
"DisplayName": "Notification Hub Namespace Auth Rules"
},
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('notificationHubName'))]"
],
"properties": {
"rights": [
"Listen",
"Manage",
"Send"
]
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "[concat('nestedTemplate', copyIndex('notificationHubEntities'))]",
"copy": {
"name": "notificationHubEntities",
"count": "[length(parameters('notificationHubEntities'))]"
},
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.NotificationHubs/namespaces/notificationHubs",
"apiVersion": "2017-04-01",
"name": "[concat(parameters('notificationHubName'), '/', parameters('notificationHubEntities')[copyIndex('notificationHubEntities')])]",
"location": "[resourceGroup().location]",
"tags": {
"Environment": "[parameters('environment')]",
"DisplayName": "Notification Hubs"
},
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('notificationHubName'))]"
],
"properties": {
"authorizationRules": []
}
},
{
"type": "Microsoft.NotificationHubs/namespaces/notificationHubs/authorizationRules",
"apiVersion": "2017-04-01",
"name": "[concat(parameters('notificationHubName'), '/',parameters('notificationHubEntities')[copyIndex('notificationHubEntities')],'/DefaultFullSharedAccessSignature')]",
"tags": {
"Environment": "[parameters('environment')]",
"DisplayName": "Notification Hub Auth Rules"
},
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces/notificationHubs',parameters('notificationHubName'), parameters('notificationHubEntities')[copyIndex('notificationHubEntities')])]",
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('notificationHubName'))]"
],
"properties": {
"rights": [
"Listen",
"Manage",
"Send"
]
}
},
],
"outputs" : {
"connectionString" : {
"type" : "object",
"value": "[listKeys(resourceId('Microsoft.NotificationHubs/namespaces/NotificationHubs/AuthorizationRules',parameters('notificationHubName'), parameters('notificationHubEntities')[copyIndex('notificationHubEntities')], 'DefaultFullSharedAccessSignature'),'2016-03-01').primaryConnectionString]"
}
}
}
}
}
],
"outputs": {
"connectionStrings" :
{
"type": "array",
"value": "[reference(concat('nestedTemplate', copyIndex('notificationHubEntities'))).outputs.connectionString.value]"
}
}
}
I've also tried with this:
"resources": [
{
"type": "Microsoft.NotificationHubs/namespaces",
"apiVersion": "2017-04-01",
"name": "[parameters('notificationHubName')]",
"location": "[resourceGroup().location]",
"tags": {
"Environment": "[parameters('environment')]",
"DisplayName": "Notification Hub Namespace"
},
"sku": {
"name": "[parameters('notificationHubSku')]"
},
"kind": "NotificationHub",
"properties": {
"namespaceType": "NotificationHub"
}
},
{
"type": "Microsoft.NotificationHubs/namespaces/AuthorizationRules",
"apiVersion": "2017-04-01",
"name": "[concat(parameters('notificationHubName'), '/RootManageSharedAccessKey')]",
"tags": {
"Environment": "[parameters('environment')]",
"DisplayName": "Notification Hub Namespace Auth Rules"
},
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('notificationHubName'))]"
],
"properties": {
"rights": [
"Listen",
"Manage",
"Send"
]
}
},
{
"type": "Microsoft.NotificationHubs/namespaces/notificationHubs",
"apiVersion": "2017-04-01",
"name": "[concat(parameters('notificationHubName'), '/', parameters('notificationHubEntities')[copyIndex()])]",
"location": "[resourceGroup().location]",
"tags": {
"Environment": "[parameters('environment')]",
"DisplayName": "Notification Hubs"
},
"copy": {
"name": "addNotificationHub",
"count": "[length(parameters('notificationHubEntities'))]"
},
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('notificationHubName'))]"
],
"properties": {
"authorizationRules": []
}
},
{
"type": "Microsoft.NotificationHubs/namespaces/notificationHubs/authorizationRules",
"apiVersion": "2017-04-01",
"name": "[concat(parameters('notificationHubName'), '/',parameters('notificationHubEntities')[copyIndex()],'/DefaultFullSharedAccessSignature')]",
"copy": {
"name": "addNotificationHub",
"count": "[length(parameters('notificationHubEntities'))]"
},
"tags": {
"Environment": "[parameters('environment')]",
"DisplayName": "Notification Hub Auth Rules"
},
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces/notificationHubs',parameters('notificationHubName'), parameters('notificationHubEntities')[copyIndex()])]",
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('notificationHubName'))]"
],
"properties": {
"rights": [
"Listen",
"Manage",
"Send"
]
}
}
],
"outputs": {
"connectionStrings" :
{
"type": "array",
"value": "[listKeys(resourceId('Microsoft.NotificationHubs/namespaces/NotificationHubs/AuthorizationRules',parameters('notificationHubName'), parameters('notificationHubEntities')[copyIndex()], 'DefaultFullSharedAccessSignature'),'2016-03-01').primaryConnectionString]"
}
}
I've tried using object instead of array but to no avail, so I'm a bit confused, any help would be appreciated as the error message seems misleading to me or I'm just not interpreting it correctly.

To accomplish requirement of creating multiple notification hubs and it's authorization rules, you can use below ARM template.
Template Parameter File (notificationhub.parameters.json):
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"namespaceName": {
"value": "mm-namespace"
},
"notificationhubNamePrefix": {
"value": "mm-notificationhub"
},
"notificationhubAuthorizationruleNamePrefix": {
"value": "mm-notificationhubAuthorizationrule"
}
}
}
Template File (notificationhub.json):
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"namespaceName": {
"type": "string",
"defaultValue": "mm-namespace",
"metadata": {
"description": "namespaceName sample description"
}
},
"notificationhubNamePrefix": {
"type": "string",
"defaultValue": "mm-notificationhub",
"metadata": {
"description": "notificationhubName sample description"
}
},
"notificationhubAuthorizationruleNamePrefix": {
"type": "string",
"defaultValue": "mm-notificationhubAuthorizationrule",
"metadata": {
"description": "notificationhubAuthorizationruleName sample description"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "The location in which the resources should be deployed."
}
},
"notificationhubNameSuffix": {
"type": "array",
"defaultValue": [
"00",
"01",
"02"
]
},
"notificationhubAuthorizationruleNameSuffix": {
"type": "array",
"defaultValue": [
"00",
"01",
"02"
]
}
},
"variables": {},
"resources": [
{
"name": "[parameters('namespaceName')]",
"type": "Microsoft.NotificationHubs/namespaces",
"apiVersion": "2017-04-01",
"location": "[parameters('location')]",
"tags": {},
"sku": {
"name": "Free"
},
"properties": {
"namespaceType": "NotificationHub"
}
},
{
"name": "[concat(parameters('namespaceName'), '/', parameters('notificationhubNamePrefix'), parameters('notificationhubNameSuffix')[copyIndex()])]",
"type": "Microsoft.NotificationHubs/namespaces/notificationHubs",
"apiVersion": "2017-04-01",
"location": "[parameters('location')]",
"sku": {
"name": "Free"
},
"copy": {
"name": "notificationhubscopy",
"count": "[length(parameters('notificationhubNameSuffix'))]"
},
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaceName'))]"
]
},
{
"name": "[concat(parameters('namespaceName'), '/', parameters('notificationhubNamePrefix'), parameters('notificationhubNameSuffix')[copyIndex()], '/', parameters('notificationhubAuthorizationruleNamePrefix'), parameters('notificationhubAuthorizationruleNameSuffix')[copyIndex()])]",
"type": "Microsoft.NotificationHubs/namespaces/notificationHubs/AuthorizationRules",
"apiVersion": "2017-04-01",
"properties": {
"rights": [
"Listen",
"Manage",
"Send"
]
},
"copy": {
"name": "notificationhubsauthroizationrulescopy",
"count": "[length(parameters('notificationhubAuthorizationruleNameSuffix'))]"
},
"dependsOn": [
"notificationhubscopy"
]
}
]
}
Deployment:
AFAIK, to accomplish requirement of getting output (in this case primaryConnectionStrings of multiple notification hubs' authorization rules) from ARM template is currently an unsupported feature. I already see related feature requests / feedback here and here. I would recommend you to up-vote these feature requests / feedback or create a new feature request / feedback explaining your use case and requirement. Azure feature team would consider and work on the feature request / feedback based on the votes, visibility and priority on it.
Azure document references:
ARM template reference for NotificationHubs
Resolve Invalid Template errors
Create multiple instances of a resource using copy and copyIndex
ARM template functions like list (ListKeys)
ARM template structure
Defining order for deploying resources in ARM templates
Hope this helps!! Cheers!!

You can't use a copy loop in outputs today - listing the keys is fine, but you have to know how many you need at design time and hardcode each output. We're working on a fix for that but not there yet.
You could emulate this by using your second option - deploying in a nested deployment and outputting each key in it's own deployment, but then you have to iterate through all the deployments to get all the outputs.

Rerunning ARM template cause error

I have a very simple ARM template which spins up an app service plan and a website. When I delete plan or resource group it works fine and creates new plan and website. Following is the template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"environment": {
"type": "string",
"metadata": {
"comments": "The environment to suffix to distinguish resources in different groups"
}
"allowedValues": ["Test","Uat","Stage"]
},
"planName": {
"type": "string"
},
/*Other Parameters*/
}
},
"variables": {
"planNameFull": /*expression*/,
"siteTestNameFull": /*expression*/,
"appDomainName": /*expression*/
},
"resources": [
{
"comments": "Application Plan (Serverfarm)",
"type": "Microsoft.Web/serverfarms",
"sku": {
"name": "S1",
"tier": "Standard",
"Size": "S1",
"family": "S",
"capacity": "1"
},
"kind": "app",
"name": "[variables('planNameFull')]",
"apiVersion": "2016-09-01",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', variables('planNameFull'))]": "empty",
"displayName": "[variables('planNameFull')]"
},
"properties": {
"name": "[variables('planNameFull')]",
"workerTierName": null,
"adminSiteName": null,
"hostingEnvironmentProfile": null,
"perSiteScaling": false,
"reserved": false,
"targetWorkerCount": 0,
"targetWorkerSizeId": 0
}
},
{
"comments": "Test Web Site",
"type": "Microsoft.Web/sites",
"kind": "app",
"name": "[variables('siteTestNameFull')]",
"apiVersion": "2016-08-01",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', variables('planNameFull'))]": "empty",
"displayName": "[variables('siteTestNameFull')]"
},
"properties": {
"clientAffinityEnabled": true,
"enabled": true,
"hostNameSslStates": [
{
"name:": "[concat(variables('siteTestNameFull') ,'.azurewebsites.net')]",
"sslState": "Disabled",
"hostType": "Standard"
},
{
"name:": "[concat(variables('siteTestNameFull') ,'scm.azurewebsites.net')]",
"sslState": "Disabled",
"hostType": "Repository"
}
],
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms',variables('planNameFull'))]"
},
"dependsOn": [ "[resourceId('Microsoft.Web/serverfarms',variables('planNameFull'))]" ],
"resources": [
{
"comments": "Test Web Site Config.",
"type": "Microsoft.Web/sites/config",
"name": "[concat(variables('siteTestNameFull'),'/web')]",
"apiVersion": "2015-08-01",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', variables('planNameFull'))]": "empty",
"description": "[concat('Moula ', variables('siteTestNameFull'),' Settings')]",
"displayName": "[concat(variables('siteTestNameFull'),' App Settings')]"
},
"properties": {
"numberOfWorkers": 1,
"defaultDocuments": [ "index.html" ],
"netFrameworkVersion": "v4.7",
"publishingUsername": "[parameters('webPublishingUser')]",
"publishingPassword": "[parameters('webPublishingPwd')]",
"siteAuthSettings": { "isAadAutoProvisioned": false },
"ipSecurityRestrictions": [
{
"ipAddress": "115.xx.xxx.27",
"subnetMask": null
},
{
"ipAddress": "34.xxx.xx.90",
"subnetMask": null
}
],
"appSettings": {
"WEBSITE_TIME_ZONE": "[parameters('websiteTimezone')]",
"WEBSITE_LOAD_CERTIFICATES": "[parameters('testCertificate')]"
},
"use32BitWorkerProcess": false,
"managedPipelineMode": "Integrated",
"virtualApplications": [
{
"virtualPath": "/",
"physicalPath": "site\\wwwroot",
"preloadEnabled": false,
"vitualDirectories": null
}
],
"loadBalancingRules": [ "LeastRequests" ]
},
"dependsOn": [ "[resourceId('Microsoft.Web/sites',variables('siteTestNameFull'))]" ]
}
]
}
],
"outputs": {
"planId": {
"type": "string",
"value": "[resourceId('Microsoft.Web/serverfarms', variables('planNameFull'))]"
},
"TestAppId": {
"type": "string",
"value": "[resourceId('Microsoft.Web/sites',variables('siteTestNameFull'))]"
}
}
}
My problem is that I want to run this template as VSTS build pipeline step. When I try to run template again without making any changes, it causes following error always:
Template deployment returned the following errors:
1:09:17 PM - Resource Microsoft.Web/sites 'TestWebsite' failed with message '{
"error": {
"code": "InternalServerError",
"message": "There was an unexpected InternalServerError. Please try again later. x-ms-correlation-request-id: 8cd06d54-vvvv-wwww-xxxx-5e55029fc640"
}
}'
What I'm doing wrong?

There are multiple reasons for this type of error. This is the official documenation.
Downtime of either the service you're deploying to in the region you're deploying to.
Downtime of Azure DevOps itself.
The resource type you're trying to deploy isn't yet available in that region.

Resources