I am trying to create DataFactory SelfHosted Runtime using bicep
I am trying to follow
https://learn.microsoft.com/en-us/azure/templates/microsoft.datafactory/2018-06-01/factories/integrationruntimes?pivots=deployment-language-bicep
There is ambiguity what all property needed to create SHIR. I need key based autorization.
Because to deploy IR msi on a VM we need Authkey which will be generated by above operation
https://learn.microsoft.com/en-us/azure/data-factory/self-hosted-integration-runtime-automation-scripts
var parentName = 'someuniqueadfname'
resource SelfHostedIR 'Microsoft.DataFactory/factories/integrationRuntimes#2018-06-01' = {
name : '${parentName}/SelfHostedIR'
properties : {
description : 'My Desc'
type : 'SelfHosted'
typeProperties : {
linkedInfo : {
authorizationType : 'Key'
key : {
type : 'SecureString'
value : 'string'
}
}
}
}
}
You can use the below code. This will be sufficient to create an IR which will be generating key for installation of IR agent in the Azure VM.
resource SelfHostedIR 'Microsoft.DataFactory/factories/integrationRuntimes#2018-06-01' = {
name: '${parentName}/SelfHostedIR'
parent: someuniqueadfname
properties: {
description: 'string'
type: 'SelfHosted'
typeProperties: {}
}
}
Related
I have this bicep file that deploys an Azure B2C tenant in location: 'Australia'
resource b2cDirectory 'Microsoft.AzureActiveDirectory/b2cDirectories#2021-04-01' = {
location: 'Australia'
name: 'tenantname1.onmicrosoft.com'
sku: {
name: 'PremiumP2'
tier: 'A0'
}
properties: {
createTenantProperties: {
countryCode: 'AU'
displayName: 'tenantname1 B1Cd223'
}
}
tags: {
Department: 'Dev'
}
}
This works fine. but it doesn't work for location: 'Europe' even though they say they support it.
This is the error I'm getting when I try to deploy this in location: 'Europe'.
Is this a temporary thing or am I missing something?
I tried in my environment and got below results:
Initially, I got same error in my environment.
{"status":"Failed","error":{"code":"Deployment Failed", "message":"Atleast one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"InternalSer verError", "message":"{\r\n"error"; {\r\n" "code":
"ResourceDeploymentFailure",\r\n"message": "The response for resou rce had empty or invalid content."\r\n }\r\n}"}]}}_
I tried with some changes in bicep code as below :
test.bicep:
resource b2cDirectory 'Microsoft.AzureActiveDirectory/b2cDirectories#2021-04-01' = {
location: 'europe'
name: 'demotenant326.onmicrosoft.com'
sku: {
name: 'Standard'
tier: 'A0'
}
properties: {
createTenantProperties: {
countryCode: 'DE'
displayName: 'demo1tenantv B1Cd223'
}
}
tags: {
Department: 'pro'
}
}
In the above bicep file I changed sku, country code = 'DE' indicates **Germany**and it deploys an Azure B2C tenant with location: 'europe' successfully.
Console:
New-AzResourceGroupDeployment -TemplateFile test.bicep -ResourceGroupName <your resource grp>
WARNING: /home/venkatesan/test.bicep(2,15) : Warning no-hardcoded-location: A resource location should not use a hard-coded string or variable value. Please use a parameter value, an expression, or the string 'global'. Found: 'europe' [https://aka.ms/bicep/linter/no-hardcoded-location]
DeploymentName : test
ResourceGroupName : <your resource grp>
ProvisioningState : Succeeded
Timestamp : 2/17/2023 8:08:56 AM
Mode : Incremental
TemplateLink :
Parameters :
Outputs :
DeploymentDebugLogLevel :
Reference:
Region availability and data residency - Azure AD B2C | Microsoft Learn
I'm having a heck of a time trying to deploy a simple Azure BlobFS linked service into an ADF using Bicep (which I have only really started to learn).
The bicep I have thus far is:
//---Data Factory
resource datafactory 'Microsoft.DataFactory/factories#2018-06-01' = {
name: adf_name
location: loc_name
identity: {
type: 'SystemAssigned'
}
properties: {
globalParameters: {}
publicNetworkAccess: 'Enabled'
}
}
//--- Data Factory Linked Service
resource adls_linked_service 'Microsoft.DataFactory/factories/linkedservices#2018-06-01' = {
name: 'ls_adf_to_adls'
parent: datafactory
properties: {
annotations: []
connectVia: {
parameters: {}
referenceName: 'AutoResolveIntegrationRuntime'
type: 'IntegrationRuntimeReference'
}
description: 'linked_service_for_adls'
parameters: {}
type: 'AzureBlobFS'
typeProperties: {
accountKey: datafactory.identity.principalId
azureCloudType: 'AzurePublic'
credential: {
referenceName: 'string'
type: 'CredentialReference'
}
servicePrincipalCredentialType: 'SecureString'
servicePrincipalId: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
servicePrincipalKey: {
type: 'SecureString'
value: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
}
tenant: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
url: bicepstorage.properties.primaryEndpoints.blob
}
}
}
The ADF resource deploys fine by itself as does the ADLS (symbolic name is: bicepstorage). The issue is when I added the linkedservice resource block. I get:
New-AzResourceGroupDeployment: /home/vsts/work/1/s/psh/deploy_main.ps1:12
Line |
12 | New-AzResourceGroupDeployment `
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| 22:46:27 - The deployment 'main' failed with error(s). Showing 1 out of
| 1 error(s). Status Message: Input is malformed. Reason: Could not get
| integration runtime details for AutoResolveIntegrationRuntime
| (Code:InputIsMalformedDetailed) CorrelationId:
| f77ef878-5314-46ea-9de6-65807845a104
The only integration runtime in the ADF is the 'AutoResolveIntegrationRuntime'. When I inspect it in the portal it's green, running and healthy.
I'm using task: AzurePowerShell#5 on ubuntu-latest in ADF, but I get the same error when I try to deploy the template directly from vscode.
I'm out of ideas and would really appreciate some assistance. I found the documentation for the 'connectVia' block (actually all the documentation on bicep linked services!) to be really confusing; if anyone could tell me exactly what is supposed to go in there, I'd really appreciate it.
Thanks.
As mentioned in this documentation, If you want to create a linked service to adls(blobfs) with default Azure IR (autoresolveintegrationruntime) then you can remove the ConnectionVia property in linked service block in your bicep template.
To test this I have created a bicep template which will deploy adlsgen2 storage account, data factory and a linked service to it using the service principal based authentication.
Here is the sample template for your reference:
param location string='westus'
//---Data Factory
resource storage 'Microsoft.Storage/storageAccounts#2022-09-01'={
name:'<storageAccountName>'
location:location
kind:'StorageV2'
sku:{
name:'Standard_GRS'
}
properties:{
accessTier:'Hot'
supportsHttpsTrafficOnly:true
isHnsEnabled:true
}
}
resource datafactory 'Microsoft.DataFactory/factories#2018-06-01' = {
name: '<AdfName>'
location: location
identity: {
type: 'SystemAssigned'
}
properties: {
globalParameters: {}
publicNetworkAccess: 'Enabled'
}
}
//--- Data Factory Linked Service
resource adls_linked_service 'Microsoft.DataFactory/factories/linkedservices#2018-06-01' = {
name: '<linkedserviceName>'
parent: datafactory
properties: {
annotations: []
description: 'linked_service_for_adls'
parameters: {}
type: 'AzureBlobFS'
typeProperties: {
url: storage.properties.primaryEndpoints.dfs
//encryptedCredential:storage.listKeys(storage.id).keys[0].value
servicePrincipalCredential: {
type: 'SecureString'
value: '<serviceprincipalKey>'
}
servicePrincipalId:'<serviceprincipalappId>'
servicePrincipalCredentialType:'ServicePrincipalKey'
azureCloudType:'AzurePublic'
servicePrincipalKey: {
type: 'SecureString'
value: '<serviceprincipalKey>'
}
tenant: '<tenantId>'
}
}
}
I'm deploying Azure services by using Bicep. The property 'identity type system assigned' creates an enterprise application/service principal with a name, object id and app id. This is required to be able to process Azure Analysis Services from a Synapse pipeline.
//Create Synapse Analytics
resource synapseAnalytics 'Microsoft.Synapse/workspaces#2021-06-01' = {
name: synapse_name
location: region
identity: {
type: 'SystemAssigned'
}
properties: {
defaultDataLakeStorage: {
filesystem: storage_account_fileshare_name
resourceId: storageAccount.id
accountUrl: storage_account_url
createManagedPrivateEndpoint: true
}
managedVirtualNetwork: 'default'
publicNetworkAccess: 'Enabled'
managedResourceGroupName: synapse_workspace_name
azureADOnlyAuthentication: false
cspWorkspaceAdminProperties: {
initialWorkspaceAdminObjectId: xxxx
}
}
dependsOn: [
storageAccountFileshare
]
}
I need to retrieve the app id of the created resource to add to Azure Analysis Service as an administrator.
resource analysisServices 'Microsoft.AnalysisServices/servers#2017-08-01' = {
name: anaylsis_services_name
location: region
sku: {
name: 'B1'
tier: 'Basic'
capacity: 1
}
properties: {
asAdministrators: {
members: [
'obj:xxxxxx-xxxxxx-xxxxx-xxxxx#xxxxx-xxx-xxxxx-xxxxx'
'app:{GET APP ID OF SYNAPSE}' <------------------
]
}
managedMode: 1
}
}
How can I access the app id in my Bicep code?
I'm able to retrieve the app id by using a powershell command. Unfortunately this command needs an object id which I'm not able to retrieve by using powershell commands.
az ad sp show --id {object-id} --query appId
Using a system-assigned identity, you can't get the appId directly from bicep.
But you could output the principalId
//Create Synapse Analytics
resource synapseAnalytics 'Microsoft.Synapse/workspaces#2021-06-01' = {
name: synapse_name
...
}
// return the principalId to query the appId
output principalId string = synapseAnalytics.identity.principalId
You can then use the principalId to get the appId
az ad sp show --id <principalId from bicep> --query appId
Using a user-assigned identity, you would be able to do it all in bicep:
// Create a user identity for synapse
resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities#2018-11-30' = {
name: userAssignedIdentityName
location: region
}
//Create Synapse Analytics
resource synapseAnalytics 'Microsoft.Synapse/workspaces#2021-06-01' = {
name: synapse_name
identity: {
type: 'SystemAssigned,UserAssigned'
userAssignedIdentities: {
// assign the managed identity
'${userAssignedIdentity.id}': {}
}
}
...
}
// Create the analysis service
resource analysisServices 'Microsoft.AnalysisServices/servers#2017-08-01' = {
name: anaylsis_services_name
...
properties: {
asAdministrators: {
members: [
...
// Set app id and tenantid as per documentation
'app:${userAssignedIdentity.properties.clientId}#${userAssignedIdentity.properties.tenantId}'
]
}
...
}
}
I am trying to deploy an Azure Policy Assignment with Bicep.
resource policy_assignment 'Microsoft.Authorization/policyAssignments#2021-06-01' = {
name: 'my_policy'
location: 'westus'
scope: subscriptionResourceId('Microsoft.Resources/resourceGroups', resourceGroup().name)
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'/subscriptions/xxxxxxx-xxxxxx-xxxx-xxx/resourceGroups/my-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/mymi': {}
}
}
properties: {
parameters: {
MyParamKey: '/subscriptions/xxxxx-xxx-xxxx-xxx-xxx/resourcegroups/my-rg2/providers/microsoft.network/virtualnetworks/vnetmy/subnets/default'
}
policyDefinitionId: '/subscriptions/xxxxx-xxx-xxxx-xxx-xxx//providers/Microsoft.Authorization/policyDefinitions/my-policy-def'
}
}
When I check it with az bicep build --file .\policy_assignment.bicep , I get the error below:
C:$Path.bicep(4,10) : Error BCP036: The property "scope" expected a value of type "resource | tenant" but the provided value is of type "string".
C:$Path.bicep(13,32) : Warning BCP036: The property "MyParamKey" expected a value of type "ParameterValuesValue" but the provided value is of type "'/subscriptions/xxxxx-xxx/resourcegroups/my-rg2/providers/microsoft.network/virtualnetworks/vnetmy/subnets/default'".
I have two problems:
Definition of the scope of the policy assignment.
Definition of the parameter of the assignment
I couldn't find much example on the internet. The documentation of the Policy Assignment for Bicep is here.
Do you have any idea how can I correct these errors?
This resource type most probably expects parameter values to be wrapped in objects with a value like :
parameters: {
MyParamKey: {
value: '/subscriptions/xxxxx-xxx-xxxx-xxx-xxx/resourcegroups/my-rg2/providers/microsoft.network/virtualnetworks/vnetmy/subnets/default'
}
}
There are some other use cases like this one.
EDIT : As stated by #Thomas, the scope should be referred as scope: resourceGroup() since this is dynamically retrieved by your client with the right type Bicep is waiting for.
I am trying to create a bicep template to deploy a VM with either 1 or 2 NICs depending on a conditional.
Anyone know if there is a way to deploy a VM NIC using conditional statements inside a property definition? Seems an if function is not permitted inside a resource definition and a ternary errors out due to invalid ID.
Just trying to avoid having 2 dupicate VM resource definitions using resource = if (bool) {}
networkProfile: {
networkInterfaces: [
{
id: nic_wan.id
properties: {
primary: true
}
}
{
id: bool ? nic_lan.id : '' #Trying to deploy this as a conditional if bool = true.
properties: {
primary: false
}
}
]
}
The above code errors out because as soon as you define a NIC, it needs a valid ID.
'properties.networkProfile.networkInterfaces[1].id' is invalid. Expect fully qualified resource Id that start with '/subscriptions/{subscriptionId}' or
'/providers/{resourceProviderNamespace}/'. (Code:LinkedInvalidPropertyId)
You can create some variables to handle that:
// Define the default nic
var defaultNic = [
{
id: nic_wan.id
properties: {
primary: true
}
}
]
// Add second nic if required
var nics = concat(defaultNic, bool ? [
{
id: nic_lan.id
properties: {
primary: false
}
}
] : [])
// Deploy the VM
resource vm 'Microsoft.Compute/virtualMachines#2020-12-01' = {
...
properties: {
...
networkProfile: {
networkInterfaces: nics
}
}
}