Develop Reference

How can I use dependsOn on copy resources in nested deployment?

I'm trying to deploy a RG tag for saving the roleAssignments version. I want that the tag deployment will be depended on the creation of the roleassignments. the roleassignments are created by using "copy" and the deployment is nested (since I need to change the scope to another RG and subscription).
I'm getting the following error message: {"code":"InvalidTemplate","message":"Deployment template validation failed: 'The template resource '[uniqueString(concat('nonRegionalRoleAssignments-', parameters('resourceId'), variables('roleAssignmentsToCreate')[copyIndex()].roleDefinitionId))]' at line '82' and column '9' is not valid: The template function 'copyIndex' is not expected at this location. The function can only be used in a resource with copy specified. Please see https://aka.ms/arm-copy for usage details.. Please see https://aka.ms/arm-template-expressions for usage details.'."}
How can I resolve it?
The template:
{
"$schema": https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#,
"contentVersion": "1.0.0.0",
"parameters": {
"managedIdentityName": {
"type": "String",
"metadata": {
"description": "The name of the managed identity resource."
}
},
"roleAssignmentsDefinitionIds": {
"type": "Array"
},
"roleAssignmentsVersion": {
"defaultValue": 0,
"type": "Int"
},
"resourceId": {
"type": "String"
},
"rolesAssignmentsResourceGroup": {
"type": "String"
},
"rolesAssignmentSubscriptionID": {
"type": "String"
}
},
"variables": {
"copy": [
{
"name": "roleAssignmentsToCreate",
"count": "[length(parameters('roleAssignmentsDefinitionIds'))]",
"input": {
"name": "[guid(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('managedIdentityName')), resourceGroup().id, parameters('roleAssignmentsDefinitionIds')[copyIndex('roleAssignmentsToCreate')])]",
"roleDefinitionId": "[parameters('roleAssignmentsDefinitionIds')[copyIndex('roleAssignmentsToCreate')]]"
}
}
],
"roleAssignmentVersionTagName": "[concat(parameters('managedIdentityName'), 'RoleAssignmentVersion')]",
"roleAssignmentsVersionTags": {
"tags": {
"[variables('roleAssignmentVersionTagName')]": "[parameters('roleAssignmentsVersion')]"
}
},
"updatedResourceGroupTags": "[union(resourceGroup(), variables('roleAssignmentsVersionTags')).tags]",
"roleAssignmentsDefaultVersion": {
"tags": {
"[variables('roleAssignmentVersionTagName')]": 0
}
}
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-05-01",
"name": "[uniqueString(concat('nonRegionalRoleAssignments-', parameters('resourceId'), variables('roleAssignmentsToCreate')[copyIndex()].roleDefinitionId))]",
"properties": {
"mode": "Incremental",
"parameters": {},
"copy": {
"name": "roleAssignment",
"count": "[length(variables('roleAssignmentsToCreate'))]",
"mode": "serial",
"batchSize": 1
},
"template": {
"$schema": https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#,
"contentVersion": "1.0.0.0",
"variables": {},
"resources": [
{
"name": "[guid(parameters('resourceId'), 'Microsoft.Authorization/roleDefinitions', variables('roleAssignmentsToCreate')[copyIndex()].roleDefinitionId, resourceGroup().id)]",
"type": "Microsoft.Authorization/roleAssignments",
"condition": "[less(int(union(variables('RoleAssignmentsDefaultVersion'), resourceGroup()).tags[variables('roleAssignmentVersionTagName')]), parameters('roleAssignmentsVersion'))]",
"apiVersion": "2020-04-01-preview",
"properties": {
"principalId": "[reference(parameters('resourceId'), '2018-11-30').principalId]",
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', variables('roleAssignmentsToCreate')[copyIndex()].roleDefinitionId)]",
"principalType": "ServicePrincipal"
}
}
]
}
},
"subscriptionId": "[parameters('rolesAssignmentSubscriptionID')]",
"resourceGroup": "[parameters('rolesAssignmentsResourceGroup')]"
}
Thanks

Remove:
"dependsOn": [
"roleAssignment"
],
From the tags resource - it's not needed.

How to create ARM template for logic App with API connection to Gmail?

{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"logicAppName": {
"type": "string",
"defaultValue": "la-send-mail",
"metadata": {
"description": "Name of the Logic App."
}
},
"logicAppLocation": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location of the Logic App."
}
},
"gmail_name": {
"type": "string",
"defaultValue": "gmail"
},
"gmail_displayName": {
"type": "string",
"defaultValue": "roman.dovhanyk#gmail.com"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2016-06-01",
"name": "[parameters('logicAppName')]",
"location": "[parameters('logicAppLocation')]",
"dependsOn": [
"[resourceId('Microsoft.Web/connections', parameters('gmail_name'))]"
],
"properties": {
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"manual": {
"type": "Request",
"kind": "Http",
"inputs": {
"schema": {
"properties": {
"body": {
"type": "string"
},
"bodyHTML": {
"type": "string"
},
"ccAddress": {
"type": "string"
},
"color": {
"type": "string"
},
"datafactoryName": {
"type": "string"
},
"pipelineName": {
"type": "string"
},
"pipelineRunId": {
"type": "string"
},
"time": {
"type": "string"
},
"title": {
"type": "string"
},
"toAddress": {
"type": "string"
}
},
"type": "object"
}
}
}
},
"actions": {
"Initialize_variable": {
"runAfter": {},
"type": "InitializeVariable",
"inputs": {
"variables": [
{
"name": "HTMLBody",
"type": "string",
"value": "<div>\n<h1 style=\"Color:#{triggerBody()?['color']};\"> Executed successfully </h1>\n<hr/>\nData Factory Name: <b>#{triggerBody()?['datafactoryName']}</b><br/>\nPipeline Name: <b>#{triggerBody()?['pipelineName']}</b><br/>\nPipeline Run Id<b>#{triggerBody()?['pipelineRunId']}</b><br/>\nTime: <b>#{triggerBody()?['time']}</b><br/>\n<hr/>\n<p>#{triggerBody()?['body']}</p>\n<div>#{triggerBody()?['bodyHTML']}</div>\n</div>"
}
]
}
},
"Send_email_(V2)": {
"runAfter": {
"Initialize_variable": [
"Succeeded"
]
},
"type": "ApiConnection",
"inputs": {
"body": {
"Body": "<p>#{variables('HTMLBody')}</p>",
"Cc": "#triggerBody()?['ccAddress']",
"Subject": "#triggerBody()?['title']",
"To": "#triggerBody()?['toAddress']"
},
"host": {
"connection": {
"name": "#parameters('$connections')['gmail']['connectionId']"
}
},
"method": "post",
"path": "/v2/Mail"
}
}
},
"outputs": {}
},
"parameters": {
"$connections": {
"value": {
"gmail": {
"id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',parameters('logicAppLocation'),'/managedApis/gmail')]",
"connectionId": "[resourceId('Microsoft.Web/connections', parameters('gmail_name'))]",
"connectionName": "[parameters('gmail_name')]"
}
}
}
}
}
},
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"location": "[parameters('logicAppLocation')]",
"name": "[parameters('gmail_name')]",
"properties": {
"api": {
"id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',parameters('logicAppLocation'),'/managedApis/gmail')]"
},
"displayName": "[parameters('gmail_displayName')]"
}
}
],
"outputs": {}
}
This is the template I use, it always gives the
"The deployment 'la-send-mail-1_2' failed with error(s). Showing 1 out of 1 error(s). Status Message: The operation on workflow 'la-send-mail' cannot be completed because it contains connections to 'gmail' connector which are not valid. Please re-authorize the connections and try again. (Code:GmailConnectorPolicyViolation)" error
I am run deployment from simple PowerShell script.
Could someone help me to fix this issue

Thank you Thomas. Posting your suggestions as an answer to help other community members.
The Authorize document will help you in authorizing the OAuth connections.
Manually authorize OAuth connections by opening your logic app in Logic App Designer, either in the Azure portal or in Visual Studio. When you authorize your connection, a confirmation page might appear for you to allow access.
For Oauth connection to ARM template you need to script it. But the easiest way is to create manually these connection then deploy ARM.
Refer Logic App Connection Auth Document for further information.
This script will retrieve a consent link for a connection (and can also create the connection at the same time) for an OAuth Logic Apps connector. It will then open the consent link and complete authorization to enable a connection. This can be used after deployment of connections to make sure a Logic App is working end-to-end.

ARM template : Provisioning of Event grid subscription is failing for storage account function app as event handler

Event Grid deployment is failing for below ARM template with internal server error.
Tried steps that mentioned in this link Event subscription by ARM template for topic with EndpointType as AzureFunction
But still facing the same issue.
ARM Template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"appName": {
"type": "string",
"defaultValue": "harshitk-FA",
"metadata": {
"description": "The name of the function app that you wish to create."
}
},
"eventTopicName": {
"type": "String",
"defaultValue": "harshitTopic",
"metadata": {
"description": "Name for the system topic."
}
},
"eventSubName": {
"type": "string",
"defaultValue": "devharshitktest123sub",
"metadata": {
"description": "Name for the Event Grid subscription."
}
},
"functionName": {
"type": "string",
"defaultValue": "ArmFunctionApp",
"metadata": {
"description": "Function to be triggered by event grid topic"
}
},
"location": {
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
},
"type": "string"
},
"storageAccountName": {
"defaultValue": "harshitarmtest",
"type": "string"
}
},
"variables": {
"functionAppName": "[parameters('appName')]",
"eventTopicName": "[parameters('eventTopicName')]",
"eventSubscriptionName": "[parameters('eventSubName')]",
"eventHandler": "[parameters('functionName')]",
"storageAccountName": "[parameters('storageAccountName')]"
},
"resources": [
{
"type": "Microsoft.EventGrid/systemTopics",
"apiVersion": "2020-04-01-preview",
"name": "[variables('eventTopicName')]",
"location": "[parameters('location')]",
"properties": {
"source": "[resourceId('Microsoft.Storage/storageAccounts',variables('storageAccountName'))]",
"topicType": "Microsoft.Storage.StorageAccounts"
}
},
{
"type": "Microsoft.EventGrid/systemTopics/eventSubscriptions",
"apiVersion": "2020-04-01-preview",
"name": "[concat(variables('eventTopicName'), '/', variables('eventSubscriptionName'))]",
"dependsOn": [
"[resourceId('Microsoft.EventGrid/systemTopics', variables('eventTopicName'))]"
],
"properties": {
"destination": {
"endpointType": "AzureFunction",
"properties": {
//"resourceId": "[concat('/subscriptions/',subscription().subscriptionId,'/resourceGroups/',resourceGroup().name,'/providers/Microsoft.Web/sites/',variables('functionAppName'),'/functions/',variables('eventHandler'))]",
"resourceId": "[resourceId('Microsoft.Web/sites/functions/', variables('functionAppName'), variables('eventHandler'))]",
"maxEventsPerBatch": 10,
"preferredBatchSizeInKilobytes": 64
}
},
"filter": {
"includedEventTypes": [
"Microsoft.Storage.BlobCreated"
]
},
"eventDeliverySchema": "EventGridSchema"
}
}
enter code here
],
"outputs": {}
}
Error Message in powershell:
"error": {
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
"details": [
{
"code": "Internal error",
"message": "The operation failed due to an internal server error. The initial state of the impacted resources (if any) are restored. Please try again in few minutes. If error still persists, report XXXXXXXXXXXXXXXXX`enter code here`:11/26/2020 6:01:09 PM (UTC) to our forums for assistance or raise a support ticket ."
}
]
}

Azure ARM Deployment what is the hostingEnvironment?

I'm attempting to deploy to a new resource group containing an existing app service plan in Azure using an ARM script. If I run the deployment through the Azure Portal UI, it is successful. The issue happens when I try to download the template ARM script for the deployment and use that.
I'm attempting to create a Web app and associated application insights instance.
Here is my template.json
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"subscriptionId": {
"type": "string"
},
"name": {
"type": "string"
},
"location": {
"type": "string"
},
"hostingEnvironment": {
"type": "string"
},
"hostingPlanName": {
"type": "string"
},
"serverFarmResourceGroup": {
"type": "string"
},
"alwaysOn": {
"type": "bool"
},
"currentStack": {
"type": "string"
}
},
"resources": [
{
"apiVersion": "2018-02-01",
"name": "[parameters('name')]",
"type": "Microsoft.Web/sites",
"location": "[parameters('location')]",
"tags": {},
"dependsOn": [
"microsoft.insights/components/LicensingService-API"
],
"properties": {
"name": "[parameters('name')]",
"siteConfig": {
"appSettings": [
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference('microsoft.insights/components/LicensingService-API', '2015-05-01').InstrumentationKey]"
},
{
"name": "ApplicationInsightsAgent_EXTENSION_VERSION",
"value": "~2"
},
{
"name": "XDT_MicrosoftApplicationInsights_Mode",
"value": "default"
},
{
"name": "DiagnosticServices_EXTENSION_VERSION",
"value": "disabled"
},
{
"name": "APPINSIGHTS_PROFILERFEATURE_VERSION",
"value": "disabled"
},
{
"name": "APPINSIGHTS_SNAPSHOTFEATURE_VERSION",
"value": "disabled"
},
{
"name": "InstrumentationEngine_EXTENSION_VERSION",
"value": "disabled"
},
{
"name": "SnapshotDebugger_EXTENSION_VERSION",
"value": "disabled"
},
{
"name": "XDT_MicrosoftApplicationInsights_BaseExtensions",
"value": "disabled"
}
],
"metadata": [
{
"name": "CURRENT_STACK",
"value": "[parameters('currentStack')]"
}
],
"alwaysOn": "[parameters('alwaysOn')]"
},
"serverFarmId": "[concat('/subscriptions/', parameters('subscriptionId'),'/resourcegroups/', parameters('serverFarmResourceGroup'), '/providers/Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]",
"hostingEnvironment": "[parameters('hostingEnvironment')]",
"clientAffinityEnabled": true
}
},
{
"apiVersion": "2015-05-01",
"name": "LicensingService-API",
"type": "microsoft.insights/components",
"location": "westus2",
"tags": {},
"properties": {
"ApplicationId": "[parameters('name')]",
"Request_Source": "IbizaWebAppExtensionCreate"
}
}
]
}
And my parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"subscriptionId": {
"value": "REMOVED"
},
"name": {
"value": "LicensingService-API"
},
"location": {
"value": "West US 2"
},
"hostingEnvironment": {
"value": ""
},
"hostingPlanName": {
"value": "LicensingServiceProductionAppServicePlan"
},
"serverFarmResourceGroup": {
"value": "LicensingServicePROD"
},
"alwaysOn": {
"value": true
},
"currentStack": {
"value": "dotnetcore"
}
}
}
There is one particular parameter that I'm having issues with. It is the "hostingEnvironment" parameter. I am unable to determine what should be placed in that field, as the default template provided by Azure leaves this blank. If I enter a value here (LicensingServiceProductionAppServicePlan for example), I get an error on the deployment of the web app that reads:
{
"Code": "NotFound",
"Message": "Cannot find Stamp with name LicensingServiceProductionAppServicePlan.",
"Target": null,
"Details": [
{
"Message": "Cannot find Stamp with name LicensingServiceProductionAppServicePlan."
},
{
"Code": "NotFound"
},
{
"ErrorEntity": {
"ExtendedCode": "51004",
"MessageTemplate": "Cannot find {0} with name {1}.",
"Parameters": [
"Stamp",
"LicensingServiceProductionAppServicePlan"
],
"Code": "NotFound",
"Message": "Cannot find Stamp with name LicensingServiceProductionAppServicePlan."
}
}
],
"Innererror": null
}
If I instead remove the parameter from both the template and the parameters files, as suggested in this answer, I get a BadRequest error that reads:
{
"error": {
"code": "InvalidTemplate",
"message": "Unable to process template language expressions for resource '/subscriptions/REMOVED/resourceGroups/LicensingServicePROD/providers/Microsoft.Web/serverfarms/LicensingServicePROD' at line '151' and column '9'. 'The template parameter 'hostingEnvironment' is not found. Please see https://aka.ms/arm-template/#parameters for usage details.'",
"additionalInfo": [
{
"type": "TemplateViolation",
"info": {
"lineNumber": 151,
"linePosition": 9,
"path": ""
}
}
]
}
}
Likely this is because I can see that the "hostingEnvironment" parameter is used in the template script.
So I'm left wondering why this works when done through the Azure UI but not from the script generated from the UI. My final question that I'm looking to solve is what is the value that should be provided for the "hostingEnvironment" parameter?

First hostingEnvironment is not required. It is required if you have an App Service Environment and you want to deploy the site on it.
You can leave it empty the value or remove it from the template.
See the details from the template reference site Web Site template reference

The solution is to make the following changes:
template.json:
"hostingEnvironment": {
"type": "string",
"defaultValue": ""
},
parameters.json
"hostingEnvironment": {
"value": ""
},

using linkedtemplate to retrieve password from Keyvault

After reading some article from here and here and here and looking at this example
I have tried to retrieve a password from KeyValut with LinkedTemplate.
To achieve this aim I have create such a Linked arm template azuredeploy.json:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"type": "string",
"metadata": {
"description": "The name of the keyvault that contains the secret."
}
},
"secretName": {
"type": "string",
"metadata": {
"description": "The name of the secret."
}
},
"vaultResourceGroupName": {
"type": "string",
"metadata": {
"description": "The name of the resource group that contains the keyvault."
}
},
"vaultSubscription": {
"type": "string",
"defaultValue": "[subscription().subscriptionId]",
"metadata": {
"description": "The name of the subscription that contains the keyvault."
}
}
},
"resources":
[
{
"apiVersion": "2018-05-01",
"name": "dynamicSecret",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"templateLink": {
"contentVersion": "1.0.0.0",
"uri": "https://arm0storage.blob.core.windows.net/linkedtemplate/azuredeploy.json?sp=r&st=2019-07-17T13:28:26Z&se=2019-07-16T21:28:26Z&spr=https&sv=2018-03-28&sig=xxxv%2xxxxxxxxxxxxxxx%2FHmg9Yxxxxxxxxxxxxxxxxxxxxxxx%3D&sr=b"
},
"parameters": {
"adminPassword": {
"reference": {
"keyVault": {
"id": "[resourceId(parameters('vaultSubscription'), parameters('vaultResourceGroupName'), 'Microsoft.KeyVault/vaults', parameters('vaultName'))]"
},
"secretName": "[parameters('secretName')]"
}
}
}
}
}
],
"outputs": {
"SQLPassword": {
"type": "string",
"value": "[reference('dynamicSecret').outputs.value]"
}
}
}
If I try to validate this template, I get this error message:
Deployment template validation failed: 'The template parameters 'adminPassword' in the parameters file are not valid; they are not present in the original template and can therefore not be provided at deployment time. The only supported parameters for this template are 'vaultName, secretName, vaultResourceGroupName, vaultSubscription'. Please see https://aka.ms/arm-deploy/#parameter-file for usage details.'.
and in my azuredeploy.parameters.json I have:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"value": "kvnamer"
},
"secretName": {
"value": "ExamplePassword"
},
"vaultResourceGroupName": {
"value": "rgname"
}
}
}
Do you have any Idea how can I solve my problem?

Regarding the issue, please check if your linked template has the parameter "adminPassword". For more details, please refer to the document. You also can refer to my JSON file.
1.Create azuredeploy.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"type": "string",
"metadata": {
"description": "The name of the keyvault that contains the secret."
}
},
"secretName": {
"type": "string",
"metadata": {
"description": "The name of the secret."
}
},
"vaultResourceGroupName": {
"type": "string",
"metadata": {
"description": "The name of the resource group that contains the keyvault."
}
},
"vaultSubscription": {
"type": "string",
"defaultValue": "[subscription()]",
"metadata": {
"description": "The name of the subscription that contains the keyvault."
}
}
},
"resources": [{
"apiVersion": "2015-01-01",
"name": "linkedTemplate",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "incremental",
"templateLink": {
"uri": "https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/keyvaultparameter/sqlserver.json",
"contentVersion": "1.0.0.0"
},
"parameters": {
"adminPassword": {
"reference": {
"keyVault": {
"id": "[resourceId(parameters('vaultSubscription'), parameters('vaultResourceGroupName'), 'Microsoft.KeyVault/vaults', parameters('vaultName'))]"
},
"secretName": "[parameters('secretName')]"
}
},
"adminLogin": {
"value": "jimtest"
},
"sqlServerName": {"value": "jimteste12378902"}
}
}
}],
"outputs": {
"SQLPassword": {
"type": "string",
"value": "[reference('linkedTemplate').outputs.value]"
}
}
}
2.Create azuredeploy.parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"value": ""
},
"secretName": {
"value": ""
},
"vaultResourceGroupName": {
"value": ""
},
"vaultSubscription": {
"value": ""
}
}
}

The template, you're using in the nested deployment here:
"https://arm0storage.blob.core.windows.net/linkedtemplate/azuredeploy.json?sp=r&st=2019-07-17T13:28:26Z&se=2019-07-16T21:28:26Z&spr=https&sv=2018-03-28&sig=xxxv%2xxxxxxxxxxxxxxx%2FHmg9Yxxxxxxxxxxxxxxxxxxxxxxx%3D&sr=b"
What does that template look like? The error message you're getting says that it does not have a parameter in it, named "adminPassword" - but your nested deployment resource is trying to pass it in.
The output you have in the template above is called "SQLPassword", they aren't necessarily related, but I'm guessing since we can't see the template you're linking to.