I'm trying to create multiple values using "az apim nv create" command using loop, but its not working.
with the single command (without using variable in --value) we can able to create, but the same is not working when we use variable in --value.
demo="fromkey fromkey1"
for list in $demo
do
az apim nv create --service-name ABC -g XYZ --secret true --named-value-id $list --display-name $list --value $list
done
Can someone please help on this.
Azure DevOps (az apim nv create) cant able to create variable dynamically
You could try below scripts in the bash task:
- bash: |
demo=( "fromkey" "fromkey1" )
for list in ${demo[#]}; do
az apim nv create --service-name ABC -g XYZ --secret true --named-value-id $list --display-name $list --value $list
done
displayName: 'az apim nv create'
env:
AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
Update:
I this can be possible with Shell script ? if Yes then can you please
share shell script commands
declare -a demo=("fromkey1" "fromkey2" "fromkey3")
for list in "${demo[#]}"
do
az apim nv create --service-name ABC -g XYZ --secret true --named-value-id $list --display-name $list --value $list
done
Related
Alerts can be listed like that with az cli like that
$activities = az monitor activity-log list -g $ResourceGroup
which produces in PowerShell a string but is a list of JSON's.
Any one knows why $activities is not a PSCustomObject which I could use ?
I do agree with #Mathias R. Jessen that
az is an executable and executables return strings, not objects
$activities = az monitor activity-log list -g "Resourcegroup"
$res=$activities | ConvertFrom-Json
$res
Output:
Now you can use Dot Operator as below:
I am new to ARM templates and Azure CLI
This may seem a really stupid question, but I am using the tutorial here
It contains the following command
templateFile="my template file"
az deployment group create \
--name blanktemplate \
--resource-group myResourceGroup \
--template-file $templateFile
I am running Azure Cli via a command prompt
How can I run this? As there are multiple lines
Paul
Replace the backslashs ( \ ) with backticks ( ` ) at the end of each line and you should be able to run it. Your sample code with the backticks:
templateFile="my template file" `
az deployment group create `
--name blanktemplate `
--resource-group myResourceGroup `
--template-file $templateFile
for example, the following code will execute in the cloud shell if you just copy paste
Write-Host `
Hello, `
World!
There's another way. You can create a temporary PowerShell script file in cloud shell. Paste all the commands there as necessary and run the script file from the cloud shell.
I am running a script that requires the resource group and name of current AKS client config. Previously configured with az aks get-credentials ...
Current script:
(I type AKS=something and RG=SOMETHING before running)
az aks update -g $RG -n $AKSNAME ...
Wanted script:
(I type nothing before running)
AKSNAME=$(what goes here?)
RG=$(what goes here?)
az aks update -g $RG -n $AKSNAME ...
How can I load RG and AKSNAME values automatically through a shell script?
EDIT: I current assign the values to those variables by hand. I want the script to find the values automatically, corresponding to the cluster in the current context e.g. which kubectl is using.
If you just get the credential via the command az aks get-credentials .... without parameter --admin, then you can get the cluster name like this:
AKSNAME=$(kubectl config current-context)
And if you use the parameter --admin, then you need to change the command like this:
AKSNAME=$(kubectl config view --minify -o jsonpath='{.contexts[0].context.cluster}')
Then you can get the group name like this:
RG=$(az aks list --query "[?name == '$AKSNAME'].resourceGroup" -o tsv)
I'd like to gather a list of all of the File Shares under every storage account we have in Azure. Most of the scripts i'm seeing show how to gather the file shares for an individual storage account. Is there a way to gather the info for all of them at once?
Here's a quick bash script and one-liner using azure-cli 2.0.79 that might help you get started with iterating over all storage accounts under a single subscription.
From a bash script:
#!/bin/bash
#get a list of storage accounts
for account in `az storage account list --query '[].{Name:name}' --output tsv`
#iterate over storage accounts
do
echo $account $(az storage share list --account-name $account --output tsv | awk '{print $2}')
done
One liner:
for account in `az storage account list --query '[].{Name:name}' --output tsv`; do echo $account $(az storage share list --account-name $account --output tsv | awk '{print $2}') ; done
This should output:
storageaccountname1 <share1> <share2> <share3>
storageaccountname2 <share1> <share2>
To get the Azure File Share through PowerShell, you'd better use the Azure PowerShell instead of the Azure CLI, I think the CLI is not suitable for Linux. You can install the Azure PowerShell module and then use the script like this:
$storageAccount = Get-AzStorageAccount
foreach ($storage in $storageAccount) {
if($storage.PrimaryEndpoints.File -ne $null){
Get-AzRmStorageShare -ResourceGroupName $storage.ResourceGroupName
}
}
Here's a PowerShell script to output much the same as the bash script. The bash script uses a for loop in bash shell with the azure-cli. This one uses foreach loop in powershell with the azure-cli. Native powershell with the AZ commandlets doesn't seem to provide an easy way to do this (that I am aware of). Essentially both of these are using two tools to get the job done i.e. 1) Powershell or bash as the shell to loop and 2) azure-cli as the query method.
#Get storageaccount names
$SAname=Get-AzStorageAccount
#Now iterate over the storageaccounts
foreach ( $storageaccount in $SAname.StorageAccountName)
{ write-output $storageaccount $(az storage share list --account-name $storageaccount --output tsv).replace("None","")}
It isn't pretty but it should give you an idea where to start.
I'm starting to write a bash script to provision a VM in a new or existing resource group so that we can enforce naming convention and configuration.
In a bash script how can I check that a resource already exists so I don't try to create it again?
# 1. If a new resource group is desired, create it now. Microsoft Docs
az group create --name $RESOURCEGROUPNAME --location $LOCATION
# 2. Create a virtual network and subnet if one has not already been created. Microsoft Docs
# Consider a separate VNet for each resource group.
# az network vnet list -output table
az network vnet create \
--resource-group $RESOURCEGROUPNAME \
--name $RESOURCEGROUPNAME-vnet \
--address-prefix 10.0.x.0/24 \
--subnet-name default \
--subnet-prefix 10.0.x.0/24
# x is the next available 3rd octet value
# 3. Create a public IP Address. Microsoft Docs
az network public-ip create \
--resource-group $RESOURCEGROUPNAME \
--name $VMNAME-ip \
--dns-name $DNSNAME
# 4. Create a network security group. Microsoft Docs
az network nsg create \
--resource-group $RESOURCEGROUPNAME \
--name $VMNAME-nsg
# 5. Create a rule to allow SSH to the machine. Microsoft Docs
az network nsg rule create \
--resource-group $RESOURCEGROUPNAME \
--nsg-name $VMNAME-nsg \
--name allow-ssh \
--protocol tcp \
--priority 1000 \
--destination-port-range 22 \
--access allow
# 6. Create a virtual NIC. Microsoft Docs
az network nic create \
--resource-group $RESOURCEGROUPNAME \
--name $VMNAME-nic \
--vnet-name $RESOURCEGROUPNAME-vnet \
--subnet default \
--public-ip-address $VMNAME-ip \
--network-security-group $VMNAME-nsg
# 7. Create an availability set, if redundancy is required. Microsoft Docs
az vm availability-set create \
--resource-group $RESOURCEGROUPNAME \
--name $AVSETNAME-as
# 8. Create the VM. Microsoft Docs
az vm create \
--resource-group $RESOURCEGROUPNAME \
--location $LOCATION \
--name $VMNAME \
--image UbuntuLTS \
--size $VMSIZE \
--availability-set $AVSETNAME-as \
--nics $VMNAME-nic \
--admin-username $ADMINUSERNAME \
--authentication-type ssh
--ssh-key-value #$SSHPUBLICKEYFILE \
--os-disk-name $VMNAME-osdisk
This should work in bash script:
if [ $(az group exists --name $RESOURCEGROUPNAME) = false ]; then
az group create --name $RESOURCEGROUPNAME --location $LOCATION
fi
In a bash script how can I check that a resource already exists so I
don't try to create it again?
We can use CLI 2.0 command az group exists to test the resource group exist or not, like this:
C:\Users\user>az group exists -n jasontest
false
In this way, before we create it, we can test the name available or not. In new resource group, we can create new Vnet and other resources.
For now, there is no CLI 2.0 command to test other resource exist or not. If you want to create resource in an existing resource group, maybe we should use CLI 2.0 command to list the resources, and use bash to make sure the resource exist or not.
You can use JMESPath queries to do this. All resource types support this, AFAIK.
For example, for VMs:
az vm list --resource-group $RESOURCEGROUPNAME --query "[?name=='$VMNAME'] | length(#)"
This will output the number of matching VMs - either 1 or 0.
You can use this to create if/else logic in bash as follows.
if [[ $(az vm list --resource-group $RESOURCEGROUPNAME --query "[?name=='$VMNAME'] | length(#)") > 0 ]]
then
echo "VM exists"
else
echo "VM doesn't exist"
fi
If a resource show command returns an empty string and a success status code (0), then the resource does not exist.
Edit: ChrisWue pointed out that this is no longer true. It must have changed since I left the Azure CLI team (it used to be a requirement that all commands worked like this). Or it may be that there is a bug for the key vault commands he mentioned below.
this work for my batch commands
call az webapp show --subscription <yoursubs> --resource-group <yourrg> --name <yourappname> -query name
if %errorlevel% == 1 (
az webapp create ...
)
As mentioned in another answer - there is no generic "exists" command. One line of reasoning I've found was that "create" is meant to be idem potent - therefor if you have a script that creates resources (for example as part of a build pipeline) it doesn't matter how often you execute it since "it will do the right thing".
If you still need to do this you can do it in shell like this (the example is for keyvault but it should work for all resource types that have a show command)
if az keyvault show -n my-keyvault -o none; then
echo "keyvault exists"
else
echo "keyvault doesn't exist"
fi
It should be noted that az will output an error message to stderr if the resource doesn't exists - this doesn't affect the check but if it bothers you then you can redirect stderr to /dev/null
In our case we needed this because we don't run the infra scripts if the setup hasn't changed (cuts our build time in half). We dectect this by creating a hash of the infra-scripts and store it in a keyvault. When the script runs it creates the keyvault (to make sure it exists) and then tries to check the secret that contains the hash. If the hash is still the same then don't run the rest of the script.
Catch is that keyvault create nukes the access policies which also includes the web-app managed identity access policy which won't get added if the rest of the script doesn't run ... so the fix is to check if the keyvault exists first and to not create it if it does.