Bash Error while calling ARM template in Azure Devops - azure

I am trying to do an ARM deployment using bash but getting this error
ArgumentUsageError: argument --template-uri/-u: expected one argument
What am I doing wrong here?
- task: AzureCLI#2
inputs:
azureSubscription: 'Pay-As-You-Go'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
armTemplateURI=$('https://xxxx.blob.core.windows.net/temp/Function-Deployment.json?'$(SASTOKEN))
packageURI=$('https://xxxxx.blob.core.windows.net/fileupload/PrdFunctions.zip?'$(SASTOKEN))
output=$(az deployment group create --name "Function-Deployment" --resource-group "rg-dev-xxxx" --template-uri $armTemplateURI --parameters appName="fapp-dev-xxxx" storageName="stgdevxxxx" location="Australia East" cosmosName="cosmos-xxxx" msdeployPackageUrl=$packageURI)

As I see, the document Set secret variables shows the way to set the secret in a secure way. And in bash, you do not need to use the $() to set a string as the value of a variable. So the right way for you should like this:
- task: AzureCLI#2
inputs:
azureSubscription: 'Pay-As-You-Go'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
armTemplateURI='https://xxxx.blob.core.windows.net/temp/Function-Deployment.json?'$MY_SASTOKEN
packageURI='https://xxxxx.blob.core.windows.net/fileupload/PrdFunctions.zip?'$MY_SASTOKEN
output=$(az deployment group create --name "Function-Deployment" --resource-group "rg-dev-xxxx" --template-uri $armTemplateURI --parameters appName="fapp-dev-xxxx" storageName="stgdevxxxx" location="Australia East" cosmosName="cosmos-xxxx" msdeployPackageUrl=$packageURI)
env:
MY_SASTOKEN: $(SASTOKEN)

Related

Change ARR affinity property from General Settings with Azure Devops pipeline

I'm trying to modify the "ARR affinity" (clientAffinityEnabled) property in App Service General Settings with a pipeline task but it doesn't work, the value doesn't change.
This pipeline works OK with other General Settings properties.
Another approach to solve this?
Azure DevOps pipeline task:
- task: AzureAppServiceSettings#1
inputs:
azureSubscription: XXXXXXX
ResourceGroupName: XXXXXXX
appName: XXXXXXX
generalSettings: |
[
{
"clientAffinityEnabled": false
}
]
Test the same settings in the AzureAppServiceSettings task, I can reproduce the same situation. It seems that the AzureAppServiceSettings task is not able to update the ARR affinity value.
For a workaround, you can change to use Azure CLI Task to run the Azure CLI: az webapp update to update the ARR affinity value.
For example:
steps:
- task: AzureCLI#2
displayName: 'Azure CLI '
inputs:
azureSubscription: xx
scriptType: ps
scriptLocation: inlineScript
inlineScript: 'az webapp update --name xx --resource-group xx --client-affinity-enabled false'

azure cli command 'az functionapp create' - App Keys not generated

Do I miss something how to create a function using azure cli? How can I add a key to my function?
Steps to reproduce:
az storage account create --name $(StorageAccountName) --resource-group $(StorageResourceGroupName)
az appservice plan create --name $(AppServicePlanName) --resource-group $(AppServicePlanResourceGroupName) --sku $(AppServicePlanSku) --location $(AppServicePlanLocation)
az functionapp create --resource-group $(FunctionResourceGroupName) --plan $(AppServicePlanPath) --name $(FunctionName) --storage-account $(StorageAccountPath) --functions-version $(FunctionVersion) --os-type $(FunctionOs) --runtime dotnet --disable-app-insights true --app-insights-key $(ApplicationInsightsImbasKey) --subnet $(FunctionSubnetPath)
az functionapp keys list --name $(FunctionName) --resource-group $(FunctionResourceGroupName)
Last command returns: Operation returned an invalid status 'Bad Request'
az rest command returns:
az rest --method post --uri "/subscriptions/xyz/resourceGroups/rg-func/providers/Microsoft.Web/sites/func-test/host/default/listKeys?api-version=2022-03-01" --query functionKeys.default --output tsv
Bad Request({"Code":"BadRequest","Message":"Encountered an error (InternalServerError) from host runtime.","Target":null,"Details":[{"Message":"Encountered an error (InternalServerError) from host runtime."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","Message":"Encountered an error (InternalServerError) from host runtime."}}],"Innererror":null})
Also in the Azure Portal the App Key are not shown and cannot be set
Do I miss something how to create a function using azure cli? How can I add a key to my function?
I was able to successfully create the function app and plan with your code, and obtain the keys, with only a few minor changes made.
Could you verify your permissions perhaps, and use the MS Docs for further command argument references?
az function app create
az appservice plan create
I've removed
--runtime dotnet
--runtime-version is not supported for --runtime dotnet. Dotnet version is determined by --functions-version. Dotnet version will be
6.0 for this function app.
--app-insights-key
you disabled insights, so this was redundant
--subnet
this needed the --vnet argument, which you didn't use
Hope this helps. It is a Azure DevOps build task, but you can use the az cli commands out of it:
trigger: none
pool:
vmImage: "ubuntu-latest"
# For more information see https://learn.microsoft.com/en-us/cli/azure/what-is-azure-cli?view=azure-cli-latest
variables:
AzureSubscription: xyz
StorageAccountName: someName
StorageAccountResourceID: /subscriptions/xyz/resourceGroups/rg-storage...
StorageResourceGroupName: rg-storage...
AppServicePlanResourceGroupName: rg-plan...
AppServicePlanSku: S1
AppServicePlanName: plan-app-test
AppServicePlanResourceID: /subscriptions/xyz/resourceGroups/rg-plan....
AppServicePlanLocation: centralus
FunctionResourceGroupName: rg-func
FunctionName: func-name...
FunctionOs: Windows
FunctionVersion: 4
FunctionVnetResourceID: /subscriptions/xyz/resourceGroups/...
FunctionSubnetResourceID: /subscriptions/xyz/resourceGroups/...
ApplicationInsightsImbasKey: yourKey
KeyVaultName: yourKeyVault
KeyVaultResourceGroupName: rg-kv....
steps:
# Create Azure Function
- task: AzureCLI#2
displayName: "Create Azure Storage Account $(StorageAccountName)"
inputs:
azureSubscription: '$(AzureSubscription)'
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
az storage account create `
--name $(StorageAccountName) `
--resource-group $(StorageResourceGroupName)
- task: AzureCLI#2
displayName: "Create Azure App Service Plan $(AppServicePlanName)"
inputs:
azureSubscription: '$(AzureSubscription)'
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
az appservice plan create `
--name $(AppServicePlanName) `
--resource-group $(AppServicePlanResourceGroupName) `
--sku $(AppServicePlanSku) `
--location $(AppServicePlanLocation)
- task: AzureCLI#2
displayName: "Create and configure Azure Function $(FunctionName)"
inputs:
azureSubscription: '$(AzureSubscription)'
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
az functionapp create `
--resource-group $(FunctionResourceGroupName) `
--plan $(AppServicePlanResourceID) `
--name $(FunctionName) `
--storage-account $(StorageAccountResourceID) `
--functions-version $(FunctionVersion) `
--os-type $(FunctionOs) `
--app-insights-key $(ApplicationInsightsImbasKey) `
--vnet $(FunctionVnetResourceID) `
--subnet $(FunctionSubnetResourceID)
az functionapp config set `
--name $(FunctionName) `
--resource-group $(FunctionResourceGroupName) `
--ftps-state Disabled
az functionapp update `
--name $(FunctionName) `
--resource-group $(FunctionResourceGroupName) `
--set httpsOnly=true
## https://markheath.net/post/managed-identity-key-vault-azure-functions
- task: AzureCLI#2
displayName: "Assign a managed identity $(FunctionName)"
inputs:
azureSubscription: '$(AzureSubscription)'
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
az functionapp identity assign `
-n $(FunctionName) `
-g $(FunctionResourceGroupName)
- task: AzureCLI#2
name: GetPrincipalId
displayName: "Query PrincipalId and grant managed identity read access to Key Vault $(KeyVaultName)"
inputs:
azureSubscription: '$(AzureSubscription)'
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
$queryPrincipalId= $(az functionapp identity show -n $(FunctionName) -g $(FunctionResourceGroupName) --query principalId -o tsv)
az keyvault set-policy -n $(KeyVaultName) -g $(KeyVaultResourceGroupName) `
--object-id $queryPrincipalId `
--secret-permissions get
- task: AzureCLI#2
displayName: "Configure function $(FunctionName)"
inputs:
azureSubscription: '$(AzureSubscription)'
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
az functionapp config appsettings set -n $(FunctionName) -g $(FunctionResourceGroupName) --settings "FUNCTIONS_WORKER_RUNTIME=dotnet-isolated"
I set the "dotnet-isolated" FUNCTIONS_WORKER_RUNTIME setting using 'az functionapp config appsettings set':
az functionapp config appsettings set -n $(FunctionName) -g $(FunctionResourceGroupName) --settings "FUNCTIONS_WORKER_RUNTIME=dotnet-isolated"
And to set the APPLICATIONINSIGHTS_CONNECTION_STRING:
az functionapp config appsettings set -n $(FunctionName) -g $(FunctionResourceGroupName) --settings "APPLICATIONINSIGHTS_CONNECTION_STRING=$(ApplicationInsightsImbasConnectionString)"

helm registry login --password-stdin in Azure DevOps pipeline

I am trying to login to my private ACR using azure DevOps pipeline.
I tried it this way:
- task: AzureCLI#2
inputs:
azureSubscription: $(azureSubscriptionForACR)
scriptType: 'ps'
scriptLocation: 'inlineScript'
inlineScript: |
$password = az acr credential show -n $(azureAcrName) --query passwords[0].value
helm registry login $(azureContainerRegistry) --username $(azureAcrUserName) --password $password
which works, but there is a warning when I run the pipeline:
"WARNING: Using --password via the CLI is insecure. Use --password-stdin."
I would like to avoid the warning, so I tried many variant of this, but no success:
- task: AzureCLI#2
inputs:
azureSubscription: $(azureSubscriptionForACR)
scriptType: 'ps'
scriptLocation: 'inlineScript'
inlineScript: |
$password = az acr credential show -n $(azureAcrName) --query passwords[0].value
echo $password | helm registry login $(azureContainerRegistry) --username $(azureAcrName) --password-stdin
It always end up with:
Error: Get "https://azureacr.azurecr.io/v2/": unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information.
I am using new helm 3.8.0
Is there a way to do it with --password-stdin?
You can store the $password value as an Environment Variable in Azure Devops , the same way you are doing for the ACR username and other values and then use echo command .
Example:
First get the password for the ACR using the below command and then store it in Environment Variable registryPassword .
az acr credential show -n $(azureAcrName) --query passwords[0].value
Then use the below to login:
- task: AzureCLI#2
inputs:
azureSubscription: $(azureSubscriptionForACR)
scriptType: 'ps'
scriptLocation: 'inlineScript'
inlineScript: |
echo $(registryPassword) | helm registry login $(azureContainerRegistry) --username $(azureAcrName) --password-stdin
For more information you can refer this Blog by Abhith Rajan or
this SO thread.

I cannot work out why this Azure CLI wont work in my Azure Pipeline

I keep getting the following problem in my pipeline when passing a runtime variable into the following two CLI commands.
az webapp create --resource-group $(RG) --plan $(azureSubscription) --name "%APPNAME%"'
az webapp config appsettings set --name "%APPNAME%"' --resource-group $(RG) --settings '/home/vsts/work/1/s/studentsettings.json' --subscription $(azureSubscription)
This is the Error:
/home/vsts/work/_temp/azureclitaskscript1617264397722.sh: line 1: syntax error near unexpected token `('
I have attached a snippet of the code that I have made please can someone help me. I have spent 8 hours trying to fix this and a late night. I need this to work...
- job: job2
displayName: 'Get Variable Value for Student Env'
dependsOn: job1
steps:
- task: AzureCLI#1
displayName: 'Azure CLI '
inputs:
azureSubscription: $(azureSubscription)
scriptLocation: inlineScript
inlineScript: |
mkdir $(Pipeline.Workspace)\BlobFile
az storage blob download --container-name $(containername) --file '$(Pipeline.Workspace)/s/student.json' --name 'student.json' --connection-string 'MY VALUE'
az storage blob download --container-name 'private' --file '$(Pipeline.Workspace)/s/studentsettings.json' --name 'studentappsettings.json' --connection-string 'MY VALUE'
- pwsh: |
cd '/home/vsts/work/1/s/'
ls
$armOutput = Get-Content '/home/vsts/work/1/s/student.json' | convertfrom-json
$student = $armOutput.studentvalue #use student not studentvalue
$type = $armOutput.type
$appservice = $armOutput.appservicevalue
Write-Host "The value of [$student] is [$appservice]"
Write-Host "##vso[task.setvariable variable=studentvalue;isOutput=true]$student" #use studentvalue not $studentvalue
Write-Host "##vso[task.setvariable variable=appservicevalue;isOutput=true]$appservice" #use appservicevalue not $appservice
name: setvarStep
- script: echo $(setvarStep.studentvalue)
- script: echo $(setvarStep.appservicevalue)
name: echovar
- job: job3
displayName: Create Web App
dependsOn: job2
variables:
webappname: $[ dependencies.job2.outputs['setvarStep.studentvalue'] ]
appservicename: $[ dependencies.job2.outputs['setvarStep.appservicevalue'] ]
steps:
- script: export APPNAME=webappname
- script: echo %APPNAME%
- script: export APPPLAN=appservicename
- script: echo %APPPLAN%
# Create Web App
- task: AzureCLI#1
displayName: 'Create Web App in $(appservicename)'
inputs:
azureSubscription: $(azureSubscription)
scriptLocation: inlineScript
inlineScript: |
az webapp create --resource-group $(RG) --plan $(azureSubscription) --name "%APPNAME%"'
# Download Artifact File
- download: none
- task: DownloadPipelineArtifact#2
displayName: 'Download Build Artifacts'
inputs:
patterns: '**/*.zip'
path: '$(Build.ArtifactStagingDirectory)'
# deploy to Azure Web App
- task: AzureWebApp#1
displayName: 'Azure Web App Deploy: $(webappname)'
inputs:
package: $(Build.ArtifactStagingDirectory)/**/*.zip
azureSubscription: $(appconnectionname)
ConnectedServiceName: $(appconnectionname)
appName: '$(webappname)'
ResourceGroupName: $(RG)
# Change App Settings
- task: AzureCLI#1
displayName: 'Change WebApp Settings'
inputs:
azureSubscription: $(azureSubscription)
scriptLocation: inlineScript
inlineScript: |
az webapp config appsettings set --name "%APPNAME%"' --resource-group $(RG) --settings '/home/vsts/work/1/s/studentsettings.json' --subscription $(azureSubscription)
/home/vsts/work/_temp/azureclitaskscript1617264397722.sh: line 1: syntax error near unexpected token `('
From the error messages, it seems that there are some issue with the format of Azure Cli command.
There are two points you need to check:
1.In the Azure CLI command, It contains an extra character ' at the end of the command.
2.You could try to use the format $(webappname) to call the variable instead of %APPNAME%
Here is an example:
- job: job3
displayName: Create Web App
dependsOn: job2
variables:
webappname: $[ dependencies.job2.outputs['setvarStep.studentvalue'] ]
appservicename: $[ dependencies.job2.outputs['setvarStep.appservicevalue'] ]
steps:
- script: |
set APPNAME=webappname
- script: echo %APPNAME%
- script: export APPPLAN=appservicename
- script: echo %APPPLAN%
# Create Web App
- task: AzureCLI#1
inputs:
azureSubscription: $(azureSubscription)
scriptLocation: 'inlineScript'
inlineScript: |
az webapp create --resource-group $(RG) --plan $(azureSubscription) --name $(webappname)

InvalidDeploymentParameterKey when using overrideParameters on an ARM deployment from Azure Pipelines

Here is an extract from a YAML pipeline in Azure DevOps:
- task: AzureCLI#2
name: GetAppInsightsConnString
displayName: 'Get AppInsights ConnectionString'
inputs:
azureSubscription: ${{ parameters.TelemetryAzureSubscription }}
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
az extension add -n application-insights
az feature register --name AIWorkspacePreview --namespace microsoft.insights
$resourceInfo = az monitor app-insights component show --app ${{ parameters.AppInsightsResourceName }} --resource-group ${{ parameters.AppInsightsResourceGroupName }}
$instrumentationKey = ($resourceInfo | ConvertFrom-Json).InstrumentationKey
echo "##vso[task.setvariable variable=ApplicationInsightsInstrumentationKey]$instrumentationKey"
- task: FileTransform#2
displayName: "Replace Parameters From Variables"
inputs:
folderPath: '$(Pipeline.Workspace)'
xmlTransformationRules: ''
jsonTargetFiles: '**/${{ parameters.ArmTemplateParameters }}'
- powershell: 'Get-Content $(Pipeline.Workspace)/${{ parameters.ArtifactName }}-provisioning/${{ parameters.ArmTemplateParameters }}'
displayName: 'Preview Arm Template Parameters File'
- task: PowerShell#2
displayName: "TEMP: Test new variable values"
inputs:
targetType: 'inline'
script: |
Write-Host "ApplicationInsightsInstrumentationKey: $(ApplicationInsightsInstrumentationKey)"
- task: AzureResourceManagerTemplateDeployment#3
inputs:
deploymentScope: 'Resource Group'
ConnectedServiceName: ${{ parameters.AzureSubscription }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ parameters.ResourceGroupName }}
location: $(locationLong)
templateLocation: 'Linked artifact'
csmFile: '$(Pipeline.Workspace)/${{ parameters.ArtifactName }}-provisioning/${{ parameters.ArmTemplate }}'
csmParametersFile: '$(Pipeline.Workspace)/${{ parameters.ArtifactName }}-provisioning/${{ parameters.ArmTemplateParameters }}'
overrideParameters: '–applicationInsightsInstrumentationKey "$(ApplicationInsightsInstrumentationKey)"'
deploymentMode: 'Incremental'
This is connecting to an App Insights instance, getting the instrumentation key, then doing a variable replacement on an ARM parameters file before previewing it and deploying it.
The instrumentation key is writtent to a ApplicationInsightsInstrumentationKey pipeline variable, and you can see a later task which previews this in the pipeline logs so I can confirm the variable is being set as expected.
On the final task I'm using an overrideParameters option to feed this key into the deployment as the value of the applicationInsightsInstrumentationKey parameter. This is where the pipeline fails, with the error:
##[error]One of the deployment parameters has an empty key. Please see https://aka.ms/resource-manager-parameter-files for details.
My web searching tells me this can occur when the value has spaces and isn't enclosed in double-quotes, but neither of those are the case here. In fact I can even replace that line with a hard-coded value and I still get the same issue.
If I remove that overrideParameters line the deployment succeeds, but obviously the parameter I want isn't included.
Anyone know how to solve this?
As shown by the help dialog on ARM template deployment ADO task:
Since, applicationInsightsInstrumentationKey will not have multiple words, try changing line like below:
overrideParameters: '–applicationInsightsInstrumentationKey $(ApplicationInsightsInstrumentationKey)'

Resources