When I deploy this template via Terraform and Azure Devops, I get an Invalid template error while the template deploys normally on the portal. This is the error:
'The template resource '' of type 'microsoft.insights/workbooks' at
line '1' and column '1512' is not valid. The name property cannot be
null or empty. Please see https://aka.ms/arm-template/#resources for
usage details.'."
AdditionalInfo=[{"info":{"lineNumber":1,"linePosition":1512,"path":"properties.template.resources[0]"},"type":"TemplateViolation"}]
What modification should I make to deploy via Terraform?
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
"defaultValue": "Azure Firewall Workbook",
"metadata": {
"description": "The friendly name for the workbook that is used in the Gallery or Saved List. This name must be unique within a resource group."
}
},
"workbookType": {
"type": "string",
"allowedValues": [
"workbook",
"sentinel"
],
"defaultValue": "workbook",
"metadata": {
"description": "The gallery that the workbook will been shown under. Supported values include workbook, tsg, etc. Usually, this is 'workbook'"
}
},
"DiagnosticsWorkspaceName": {
"type": "string",
"defaultValue": "WorkspaceName",
"metadata": {
"description": "Provide the workspace name for your Network Diagnostic logs"
}
},
"DiagnosticsWorkspaceSubscription": {
"type": "string",
"defaultValue": "WorkspaceSubscriptionID",
"metadata": {
"description": "Provide the workspace subscription GUID for your Network Diagnostic logs"
}
},
"DiagnosticsWorkspaceResourceGroup": {
"type": "string",
"defaultValue": "ResourceGroupName",
"metadata": {
"description": "Provide the workspace resourcegroupname for your Network Diagnostic logs"
}
},
"workbookId": {
"type": "string",
"defaultValue": "[newGuid()]",
"metadata": {
"description": "The unique guid for this workbook instance"
}
}
},
"variables": {
"workbookSourceId": "[concat('/subscriptions/',parameters('DiagnosticsWorkspaceSubscription'),'/resourcegroups/', parameters('DiagnosticsWorkspaceResourceGroup'), '/providers/Microsoft.OperationalInsights/workspaces/',parameters('DiagnosticsWorkspaceName'))]"
},
"resources": [
{
"name": "[parameters('workbookId')]",
"type": "microsoft.insights/workbooks",
"location": "[resourceGroup().location]",
"apiVersion": "2018-06-17-preview",
"dependsOn": [],
"kind": "shared",
"properties": {
"displayName": "[parameters('workbookDisplayName')]"}",
"version": "1.0",
"sourceId": "[variables('workbookSourceId')]",
"category": "[parameters('workbookType')]"
}
}
],
"outputs": {
"workbookId": {
"type": "string",
"value": "[resourceId( 'microsoft.insights/workbooks', parameters('workbookId'))]"
}
},
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#"
}
I don't know ARM templates but I have really good experience on Terraform AWS & Terraform Azure providers.
First of all, you better take a look Terraform resource page which is here. That would be helpful in understanding resource needs and outcomes.
I might be wrong, because your Terraform script is not visible in the question section. Nevertheless, I guess you might have an issue in Terraform side. As I understood, you are getting error from ARM templates. It is complaining about missing name parameter which is mandatory. You may forget passing parameter names from Terraform to ARM template. I might be wrong, this is just a suggestion, the correct way would be reviewing Terraform azurerm_template_deployment resource.
// ARM Template part
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_ZRS"
],
"metadata": {
"description": "Storage Account type"
}
}
},
// Terraform resource provisioning
parameters = {
"storageAccountType" = "Standard_GRS"
}
Related
I'm trying to manage CA certificates in Azure APIM through ARM but everything I tried gave no positive result.
For visualization, this is what I'm talking about:
When I look at the schema Microsoft.ApiManagement/service, there's a section for certificates where I can set the storeName variable but without results.
For sanity, I tried to upload it though Powershell plus manually and both option worked but that CA Certificate got wiped from the APIM at each deployment of my ARM template even if I used the "Incremental" option.
First I tried to modify the APIM ARM template by adding that block to the "properties" section:
"certificates": [
{
"encodedCertificate": "[parameters('RootCertificateBase64Content')]",
"certificatePassword": "[parameters('RootCertificatePassword')]",
"storeName": "Root"
}]
Here's my first test snippet for complete traceability:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"apimName": {
"type": "string",
"metadata": {
"description": "Name of the apimanagement"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
},
"sku": {
"type": "string",
"allowedValues": [
"Developer",
"Standard",
"Premium"
],
"defaultValue": "Developer",
"metadata": {
"description": "The pricing tier of this API Management service"
}
},
"skuCapacity": {
"type": "string",
"allowedValues": [
"1",
"2"
],
"defaultValue": "1",
"metadata": {
"description": "The instance size of this API Management service."
}
},
"subnetResourceId": {
"type": "string",
"metadata": {
"description": ""
}
},
"RootCertificateBase64Content": {
"type": "string",
"metadata": {
"description": "The Root certificate content"
}
},
"RootCertificatePassword": {
"type": "string",
"metadata": {
"description": "The Root certificate password"
}
}
},
"variables": {
"publisherEmail": "whatever#heyho.com",
"publisherName": "Whatever Team",
"notificationSenderEmail": "whatever#heygo.com"
},
"resources": [
{
"apiVersion": "2019-12-01",
"name": "[parameters('apimName')]",
"type": "Microsoft.ApiManagement/service",
"location": "[parameters('location')]",
"sku": {
"name": "[parameters('sku')]",
"capacity": "[parameters('skuCapacity')]"
},
"properties": {
"notificationSenderEmail": "[variables('notificationSenderEmail')]",
"publisherEmail": "[variables('publisherEmail')]",
"publisherName": "[variables('publisherName')]",
"virtualNetworkConfiguration": {
"subnetResourceId": "[parameters('subnetResourceId')]"
},
"virtualNetworkType": "Internal",
"certificates": [
{
"encodedCertificate": "[parameters('RootCertificateBase64Content')]",
"certificatePassword": "[parameters('RootCertificatePassword')]",
"storeName": "Root"
}]
},
"identity": {
"type": "SystemAssigned"
}
}
],
"outputs": {
"apiManagementPrivateHostIp": {
"type": "string",
"value": "[reference(concat(resourceId('Microsoft.ApiManagement/service', parameters('apimName')))).privateIPAddresses[0]]"
}
}
}
Second alternative I tried was to use the Microsoft.ApiManagement/service/certificates schema. There is no option there to specify the StoreName so I assumed it wasn't the right schema but I tried anyway. All attempts generated a certificate in the built-in Certificates store instead of the CA Certificates store.
Here's my second attempt's snippet:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"apimName": {
"type": "string",
"metadata": {
"description": "The parent APIM name"
}
},
"certificateName": {
"type": "string",
"metadata": {
"description": "The certificate name"
}
},
"CertificateBase64Content": {
"type": "string",
"metadata": {
"description": "The content of the certificate"
}
},
"CertificatePassword": {
"type": "string",
"metadata": {
"description": "The certificate password"
}
}
},
"resources": [
{
"name": "[concat(parameters('apimName'), '/Root/', parameters('certificateName'))]",
"type": "Microsoft.ApiManagement/service/certificates",
"apiVersion": "2019-01-01",
"properties": {
"data": "[parameters('CertificateBase64Content')]",
"password": "[parameters('CertificatePassword')]"
}
}
],
"outputs": {}
}
While looking at terraform documentation, it seems that it's possible to manage these certificates through the base schema and I confirmed that through the terraform azurerm provider source code (Unfortunately I cannot use Terraform and I MUST use ARM in that scenario).
Any clues on how to manage CA certificates in Azure APIM through ARM?
I assume you want to update CA certificate authority sections of already existing APIM? If yes then just provide all required properties for Microsoft.ApiManagement/service but for name use already existing APIM name that you want to update and choose the same resource group.
Thanks to this, it will just update existing APIM with properties you provided, instead of creating new APIM. The required properties are name, type, apiVersion, location, sku, properties. For properties you need to provide publisherEmail and publisherName, and of course certificates - this is what you want to update after all. So the absolute minimum for update will look like this:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters":{
"base64EncodedCertificate":{
"defaultValue":"base64 encoded certificate",
"type":"String"
},
"certificatePassword":{
"defaultValue":"certificate password",
"type":"String"
}
},
"variables": {},
"resources": [
{
"name": "existing-apim-name",
"type": "Microsoft.ApiManagement/service",
"apiVersion": "2021-01-01-preview",
"location": "West Europe",
"sku": {
"name": "Developer",
"capacity": 1
},
"properties": {
"publisherEmail": "publisher#gmail.com",
"publisherName": "Publisher Name",
"certificates": [
{
"encodedCertificate": "[parameters('base64EncodedCertificate')]",
"certificatePassword": "[parameters('certificatePassword')]",
"storeName": "Root"
}
]
}
}
]
}
Watch out. certificates array must contain all certificates that you want to have on this APIM. All existing CA certs that are not in this array will be deleted.
I was trying to deploy queue service as optional parameter with default blank value, template first create storage account then queue service as nested resource. template throwing error Message=Deployment template validation failed: 'The template resource '[concat(parameters('storageName'),'/default/',parameters('storagequeues')[copyIndex()])]'
at line '91' and column '9' is not valid: The language expression property array index '0' is out of bounds.
for some reason schema validating nested resource name before condition evaluation. Is this expected behavior ? if not please suggest work around.
I have tried with condition "condition": "[not(contains(parameters('storagequeues'),'none'))]", and Having defaultvalue="none" then it won\t create queue. it works fine but this is not desired way of doing.
This template creating a queue under a storage account may meet you need.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Storage account."
}
},
"queueName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the blob container."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location in which the Azure Storage resources should be deployed."
}
}
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
"name": "[parameters('storageAccountName')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"properties": {
"accessTier": "Hot"
},
"resources": [
{
"type": "queueServices/queues",
"apiVersion": "2019-06-01",
"name": "[parameters('queueName')]",
"dependsOn": [
"[parameters('storageAccountName')]"
]
}
]
}
]
}
I have seen this 'The language expression property array index '0' is out of bounds.' error before, but the reason may different. I cannot see your defaultValue in 'storagequeue', maybe the null array cause this issue. You can refer to this.
I am working to build a ci/cd pipeline for AKS. the first task set is "Azure resource group deployment" which is used for creating vnet /subnet for the AKS .
The intention is to skip the task next time onwards since the vnet and subnet are already in place. Second time onwards getting the following error -
BadRequest: { "error": { "code": "InUseSubnetCannotBeDeleted", "message": "Subnet AKSSubnet is in use by /subscriptions/***************************************/resourceGroups/MC_**************-CLUSTER_eastus/providers/Microsoft.Network/networkInterfaces/aks-agentpool-
########-nic-0/ipConfigurations/ipconfig1 and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet.", "details": [] } }
Error: Task failed while creating or updating the template deployment.
Looks like the task is trying to delete the subnet instead of skipping it. What is the resolution?
It is using following arm templates : azuredeploy.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vnetName": {
"type": "string",
"defaultValue": "GEN-VNET-NAME",
"metadata": {
"description": "Name of the virtual Network"
}
},
"vnetAddressPrefix": {
"type": "string",
"defaultValue": "10.10.0.0/16",
"metadata": {
"description": "Address prefix"
}
},
"subnetPrefix": {
"type": "string",
"defaultValue": "10.10.0.0/24",
"metadata": {
"description": "Subnet Prefix"
}
},
"subnetName": {
"type": "string",
"defaultValue": "Subnet",
"metadata": {
"description": "GEN-SUBNET-NAME"
}
}
},
"variables": {},
"resources": [
{
"apiVersion": "2018-06-01",
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('vnetName')]",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetAddressPrefix')]"
]
}
},
"resources": [
{
"apiVersion": "2018-06-01",
"type": "subnets",
"location": "[resourceGroup().location]",
"name": "[parameters('subnetName')]",
"dependsOn": [
"[parameters('vnetName')]"
],
"properties": {
"addressPrefix": "[parameters('subnetPrefix')]"
}
}
]
}
],
"outputs": {
"vnetName": {
"type": "string",
"value": "[parameters('vnetName')]"
},
"subnetName": {
"type": "string",
"value": "[parameters('subnetName')]"
}
}
}
azuredeploy.parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vnetName": {
"value": "###########"
},
"vnetAddressPrefix": {
"value": "10.10.0.0/16"
},
"subnetPrefix": {
"value": "10.10.0.0/24"
},
"subnetName": {
"value": "######"
}
}
}
What is happening right here - your template is coded in such a fashion:
vnet resources
empty subnets property
subnet resource(s)
bla-bla-bla
and what is happening here it is trying to coerce the vnet to have 0 subnets, due to how you authored your template. you have 2 options:
put a condition on the vnet resource definition and pass a parameter to it if the build number is greater than 1 (or just manually specify at build time whether to skip it or not).
modify your template to look like so:
vnet resource
subnets property populated with subnets
bla-bla-bla
essentially, this has nothing to do with Azure Devops.
I am using an ARM template to deploy an ILB ASE which works fine but I am now trying to put a self-signed certificate on the ILB ASE as part of that deployment and it keeps failing with the error The specified network password is not correct.
I am actually applying the ARM template via Terraform. I store the certificate and the password in Key Vault. I pull the certificate from Key Vault using the PowerShell line below and then pass it into Terraform as a variable. This is the cert in Base64 encoded format:
$aseCertBase64 = (Get-AzureKeyVaultSecret -VaultName $kvName -Name $kvASECertName).SecretValueText
I first tried obtaining the Cert password using a Terraform data resource but that deployment failed with the The specified network password is not correct error. In an attempt to troubleshoot the password issue, I put the clear text password into the ARM template directly and re-ran the deployment. The deployment failed again with the same error so now I am not sure what it is looking for.
I validated that the password was correct by pulling the cert and password from Key Vault with PowerShell, converting the cert and then importing it into my local store successfully.
Below is the ARM Template I am using:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"ilbase_name": {
"type": "string",
"metadata": {
"description": "The name of the ILBASE"
}
},
"ilbase_domain_name": {
"type": "string",
"metadata": {
"description": "The prviate domain name inside ILBASE"
}
},
"ilbase_subnet_name": {
"type": "string",
"metadata": {
"description": "The name of the subnet assigned to the ILBASE"
}
},
"ilbase_rglocation": {
"defaultValue": "East US",
"type": "string",
"metadata": {
"description": "The region where the ILBASE will be deployed"
}
},
"vnet_name": {
"type": "string",
"metadata": {
"description": "The name of the vnet the ILBASE subnet is part of"
}
},
"vnet_rg": {
"type": "string",
"metadata": {
"description": "The name of the resource group the ILBASE vnet is in"
}
},
"vnet_id": {
"type": "string",
"metadata": {
"description": "The resource id of the ILBASE vnet"
}
},
"aseCert": {
"type": "string",
"metadata": {
"description": "The Base64 encoded string containing the cert to be applied to the ILBASE"
}
},
"aseCertPwd": {
"defaultValue": "XNKVTzCell637BNl",
"type": "string",
"metadata": {
"description": "The password for the ILBASE certificate"
}
},
"aseCertName": {
"defaultValue": "aseCert",
"type": "string",
"metadata": {
"description": "The password for the ILBASE certificate"
}
}
},
"resources": [
{
"apiVersion": "2015-08-01",
"type": "Microsoft.Web/certificates",
"name": "[parameters('aseCertName')]",
"location": "[parameters('ilbase_rglocation')]",
"properties": {
"pfxBlob": "[parameters('aseCert')]",
"password": "[parameters('aseCertPwd')]",
"hostingEnvironmentProfile": {
"id": "[resourceId('Microsoft.Web/hostingEnvironments',parameters('ilbase_name'))]"
}
},
"dependsOn": [
"[concat('Microsoft.Web/hostingEnvironments/',parameters('ilbase_name'))]"
]
},
{
"apiVersion": "2018-02-01",
"type": "Microsoft.Web/hostingEnvironments",
"name": "[parameters('ilbase_name')]",
"kind": "ASEV2",
"location": "[parameters('ilbase_rglocation')]",
"properties": {
"name": "[parameters('ilbase_name')]",
"location": "[parameters('ilbase_rglocation')]",
"vnetName": "[parameters('vnet_name')]",
"vnetResourceGroup": "[parameters('vnet_rg')]",
"vnetSubnetName": "[parameters('ilbase_subnet_name')]",
"virtualNetwork": {
"Id": "[parameters('vnet_id')]",
"Subnet": "[parameters('ilbase_subnet_name')]"
},
"dnsSuffix": "[parameters('ilbase_domain_name')]",
"internalLoadBalancingMode": "Web, Publishing",
"multiSize": "Medium",
"multiRoleCount": 2,
"ipsslAddressCount": 0,
"networkAccessControlList": [],
"frontEndScaleFactor": 15,
"suspended": false
}
}
]
}
Consider looking at calling the thumbPrint parameter for the cert. I believe that's required based on the default ARM template Microsoft have on GitHub here. Some further reference here at learn.microsoft.com.
I have an existing Service Bus with one queue and event hub deployed using Azure Resource Manager.
Now I am interested to retrieve the primary key and connection string using Azure PowerShell wiithout using the ServiceBus.dll. Is it possible??
As a workaround I have created an ARM template which does not deploy anything but just query the existing resource and retrieve the information I need. The below template retrieves the connection string and primary key of an event hub/queue for a specific service bus namespace
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"serviceBusNamespace": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "The name of the service bus namespace to create."
}
},
"resourceName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "The name of the resource to be retreived."
}
},
"resourceType": {
"type": "string",
"minLength": 1,
"allowedValues": [
"queues",
"eventhubs"
],
"metadata": {
"description": "The type of the resource"
}
},
"policy": {
"type": "string",
"minLength": 1,
"defaultValue": "ManagePolicy",
"allowedValues": [
"ManagePolicy",
"SendPolicy",
"ListenPolicy"
],
"metadata": {
"description": "The type of the resource"
}
}
},
"variables": {
},
"resources": [ ],
"outputs": {
"connectionString": {
"type": "string",
"value": "[listKeys(resourceId(concat('Microsoft.ServiceBus/namespaces/',parameters('resourceType'),'/authorizationRules'),parameters('serviceBusNamespace'),parameters('resourceName'),parameters('policy')),'2015-08-01').primaryConnectionString]"
},
"primaryKey": {
"type": "string",
"value": "[listKeys(resourceId(concat('Microsoft.ServiceBus/namespaces/',parameters('resourceType'),'/authorizationRules'),parameters('serviceBusNamespace'),parameters('resourceName'),parameters('policy')),'2015-08-01').primaryKey]"
}
}
}
Is it abusing to use ARM template to query for a resource and not actually deploy anything?
EDIT
To capture the output of the ARM template within PowerShell use the below code
$ep = New-AzureRmResourceGroupDeployment -Name "getEventHub" -ResourceGroupName myResourceGroup -Mode Incremental -TemplateFile getEventHub.json -TemplateParameterFile getEventHub.param.json
$RuleConnString = $ep.Outputs.connectionString.value
$RulePrimaryKey = $ep.Outputs.primaryKey.value
Note that the property names connectionString and primaryKey are same as defined in my template file
EDIT 2
If I re-run the ARM template to deploy the event hub second time I get the below error.
I din't find any option other than to use the ARM template to query the details.
I don’t see what’s wrong with what you’re doing. In my view Resource Manager templates in their nature are incremental. So you could author a template to create your existing service bus with the same resources. If the properties are the same then it will leave the existing resources intact and return you the connection string and primary key of the relevant resource.
I have a need to automate the creation of a service bus and queue and separate send/listen shared access policies. You can retrieve the connection string on the service bus itself using PowerShell natively without using the .Net ServiceBus.dll assembly by using Get-AzureSBAuthorizationRule but due to a still current bug this doesn’t work at the queue level.
I tried using the ServiceBus.dll to create the shared access policies but sometimes it would randomly fail but subsequently work if you ran it a second time immediately afterwards. I also tried Resource Manager templates but previously you had to pass in the keys you’d generated yourself. Now I see Microsoft generate those for you but you’re still left trying to get the key in an automated fashion so I like your solution.
One question though, can you capture the Resource Manager template outputs and pass them back to a PowerShell script, do you know?
Cheers
Rob
{ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": {
"servicebusNamespace": {
"type": "string",
"metadata": {
"description": "The service bus namespace"
}
},
"notificationssmsqueue": {
"type": "string",
"metadata": {
"description": "Notifications SMS queue"
}
} }, "variables": {
"location": "[resourceGroup().location]", }, "resources": [
{
"apiVersion": "2015-08-01",
"name": "[parameters('servicebusNamespace')]",
"type": "Microsoft.ServiceBus/namespaces",
"location": "[variables('location')]",
"properties": {
"messagingSku": 2
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "[parameters('notificationssmsqueue')]",
"type": "Queues",
"dependsOn": [
"[concat('Microsoft.ServiceBus/namespaces/', parameters('servicebusNamespace'))]"
],
"properties": {
"path": "[parameters('notificationssmsqueue')]"
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "[concat(parameters('notificationssmsqueue'),'.listen')]",
"type": "AuthorizationRules",
"dependsOn": [
"[parameters('notificationssmsqueue')]"
],
"properties": {
"keyName": "[concat(parameters('notificationssmsqueue'),'.listen')]",
"claimType": "SharedAccessKey",
"claimValue": "None",
"rights": [ "Listen" ],
"revision": -1
}
},
{
"apiVersion": "2015-08-01",
"name": "[concat(parameters('notificationssmsqueue'),'.send')]",
"type": "AuthorizationRules",
"dependsOn": [
"[parameters('notificationssmsqueue')]"
],
"properties": {
"keyName": "[concat(parameters('notificationssmsqueue'),'.send')]",
"claimType": "SharedAccessKey",
"claimValue": "None",
"rights": [ "Send" ],
"revision": -1
}
}
]
}
]
} ], "outputs": {
"connectionString": {
"type": "string",
"value": "[listKeys(resourceId(concat('Microsoft.ServiceBus/namespaces/AuthorizationRules'),parameters('serviceBusNamespace'),'RootManageSharedAccessKey'),'2015-08-01').primaryConnectionString]"
},
"smsSendPrimaryKey": {
"type": "string",
"value": "[listKeys(resourceId(concat('Microsoft.ServiceBus/namespaces/Queues/AuthorizationRules'),parameters('serviceBusNamespace'),parameters('notificationssmsqueue'),concat(parameters('notificationssmsqueue'),'.send')),'2015-08-01').PrimaryKey]"
},
"smsListenPrimaryKey": {
"type": "string",
"value": "[listKeys(resourceId(concat('Microsoft.ServiceBus/namespaces/Queues/AuthorizationRules'),parameters('serviceBusNamespace'),parameters('notificationssmsqueue'),concat(parameters('notificationssmsqueue'),'.listen')),'2015-08-01').PrimaryKey]"
} } }
But I call my templates like this:
New-AzureRMResourceGroupDeployment -ResourceGroupName $ResourceGroupName -TemplateFile "$scripts_folder$SB_create_script" -TemplateParameterObject `
#{ servicebusNamespace = $servicebusNamespace;
notificationssmsqueue = $NotificationSMSqueue }
This is the correct way to get the information you are seeking. The Resource Manager provides a common interface to interact with all the services. It is how the Portal access the services, and each of the language SDKs are just wrappers for similar requests to the one you have created.
I usually use the Python or java SDKs, but I have been told that NodeJS is a very easy way to wrap the Web APIs that ARM calls to construct similar calls like the one you made, if you are looking for a none ARM way to do this.