How to test within Azure - Azure Resource Manager (ARM Templates) - azure

Assume we have a Checkpoint Firewall Template created on Azure Portal. Is there a way to test the Template within Azure? Also if the Template is modified, is there a way to Test that new modified Template within Azure?

You can test an ARM Template by using it in a deployment. You can also use the what-if setting to produce hypothetical output without actually deploying anything.
Microsoft Azure Docs for What-If
To create a What-If deployment you can proceed a number of ways; Azure CLI, PowerShell, REST, etc. Here is an example using REST (Postman).
Use the endpoint
POST https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Resources/deployments/{deploymentName}/whatIf?api-version=2020-06-01
Provide a body payload:
{
"location": "westus2",
"properties": {
"mode": "Incremental",
"parameters": {},
"template": {}
}
}
Add your template and parameters. Supply a bearer token for authentication and deploy.
You can check the Azure What-If REST API docs here.

Related

Azure SQL Server Backup: Need to UnRegister Containers and Redisover DBs in Azure SQL Server Backup using ARM templates

I have performed discovery operations for listing protectable items in Azure Backup: 'SQL in Azure VM'.
I am able to perform 'Disovery' using the following template
"resources": [
{
"type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers",
"apiVersion": "2016-12-01",
"name": "[concat(parameters('vaultName'), '/', parameters('fabricName'), '/',parameters('protectionContainers')[copyIndex()])]",
"properties": {
"backupManagementType": "[parameters('backupManagementType')]",
"workloadType": "[parameters('workloadType')]",
"containerType": "[parameters('protectionContainerTypes')[copyIndex()]]",
"sourceResourceId": "[parameters('sourceResourceIds')[copyIndex()]]",
"operationType": "Register"
},
"copy": {
"name": "protectionContainersCopy",
"count": "[length(parameters('protectionContainers'))]"
}
}
]
I similarly tried the following operation types:
"Reregister": Works as expected.
"Invalid: Did not perform any operation.
Could someone guide me with unregistering of containers using the ARM template?
(I already have the API to do it, but I need it with an ARM template).
Similarly is there any way to rediscover DBs within a registered container using an ARM template?
Any help is much appriceiated.
Looking at the Register API for Protection Containers, it looks like the supported values for OperationType are: Invalid, Register and Reregister. The Unregister API fires a HTTP DELETE request that is not straightforward to simulate with an ARM template. ARM Templates are primarily meant to be used for creating and managing your Azure resources as an IaC solution.
That said, if you have ARM templates as your only option, you could try deploying it in Complete mode. In complete mode, Resource Manager deletes resources that exist in the resource group but aren't specified in the template.
To deploy a template in Complete mode, you'd have to set it explicitly using the Mode parameter since the default mode is incremental. Be sure to use the what-if operation before deploying a template in complete mode to avoid unintentionally deleting resources.

How do I create an Azure API Management instance via C#?

I've been using the Microsoft.Azure.Management.Fluent packages to create a tool that will build out my environment and do some additional setup. Now, I need to add an API Management instance. I don't see anything related to API Management in the Fluent SDK. I'm assuming there's no SDK wrapper for it and I just need to make the REST calls myself. I'm looking for a guide.
Currently, API Management is not supported in the Fluent api. Here is an issue about this.
Instead, there is another package Microsoft.Azure.Management.ApiManagement 6.0.0-preview, you can use it to create API Management instance. The code like below:
// you should provide the real credentialhere.
ApiManagementClient client = new ApiManagementClient(the_credential);
//provide the neccesary parameters to create the APIM instance.
client.ApiManagementService.CreateOrUpdate(the_parameters);
Another way to create API Management is by using this api: Api Management Service - Create Or Update. You can read the api doc for its usage and examples.
You can do it with REST:
Deployments - Create Or Update
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Resources/deployments/{deploymentName}?api-version=2020-06-01
You have to pass the link to your ARM Template in the Request-Body:
{
"properties": {
"templateLink": {
"uri": "https://example.com/exampleTemplate.json"
},
"parameters": {},
"mode": "Complete",
"onErrorDeployment": {
"type": "SpecificDeployment",
"deploymentName": "name-of-deployment-to-use"
}
}
}
You can store the ARM Template in Blob Storage and reference it in the Body.
Please find a sample API-Management ARM Template on GitHub - azure-quickstart-templates

Enable API Management access to the REST API with ARM template

I've created the ARM template for Azure API Management deployment. In order to enable its REST API I need to select the Enable API Management REST API checkbox in Azure Portal as explained here. I'd like to activate this option within the ARM template but I'm unable to find which resource to add/modify in my template to achieve it.
This one https://learn.microsoft.com/en-us/rest/api/apimanagement/2019-01-01/tenantaccess/update. In general whatever Azure portal does it does through same public API used by templates. So usually you can open browser dev console and see what call is being made behind the scenes.
If anyone is still looking for an answer, the below template does the job of enabling Management REST API in Azure APIM
{
"type": "Microsoft.ApiManagement/service/tenant",
"apiVersion": "2020-06-01-preview",
"name": "[concat(parameters('ApimServiceName'), '/access')]",
"dependsOn": [
"[resourceId('Microsoft.ApiManagement/service', parameters('ApimServiceName'))]"
],
"properties": {
"enabled": true
}
}

Azure Functions: how to set CORS via automation?

I have an azure function app that I would like to set up in repeatable (automated) manner so that I can duplicate it in different environments/resource groups. I'm able to create the function app via the azure cli, but I also need to configure the CORS options such that I can call it from a browser.
I've found where to do that in the azure portal web ui,
in the 'Platform Features' tab(https://learn.microsoft.com/en-us/azure/azure-functions/functions-how-to-use-azure-function-app-settings#cors), but I can't find anything about modifying that setting via azure cli, or by the VSTS deployment task that I've set up to do releases when I change the functions in the app.
It seems you can even specify the CORS setting for local development via the local.settisg.json, but that only applies locally (https://learn.microsoft.com/en-us/azure/azure-functions/functions-run-local#local-settings). Were I deploying the app via the azure function tools cli I could supposedly specify the --publish-local-settings flag when I deploy, but I'm not deploying that way.
It seems like there must be a way to modify the CORS configuration without using the web UI, am I just not finding it?
Fabio's answer is correct, Azure Resource Manager templates work for this. Since the example he linked to was about logic apps and not azure functions, the getting the template right required a few changes and I wanted to add some detail that may help others get there faster.
To craft the template I ended up downloading the automation template from the function app that I created manually, and then deleting stuff until I got to what I think is the minimum. Here's what I'm using:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"function_app_name": {
"defaultValue": "my-function-app",
"type": "string"
}
},
"variables": {},
"resources": [
{
"comments": "CORS allow origins *.",
"type": "Microsoft.Web/sites/config",
"name": "[concat(parameters('function_app_name'), '/web')]",
"apiVersion": "2016-08-01",
"properties": {
"cors": {
"allowedOrigins": [
"*"
]
}
},
"dependsOn": []
}
]
}
I also have a parameters file that goes with this that looks like this:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"function_app_name": {
"value": null
}
}
}
and then I have an Azure Resource Group Deployment step in my release definition that deploys this and substitutes the desired function app name depending on the environment I'm deploying to.
To set CORS settings programatically, you want to use ARM.
Here's an example you can follow: https://msftplayground.com/2016/08/setting-api-definition-url-cors-value-arm/
I tend to favour automating the fucntion CORS entries as part of the deployment (after function app resource has already been built with an ARM template earlier in the pipeline or another pipeline).
Since you can have multiple functions within a function app, I consider the CORS requirements specific to the function being deployed within a function app and I feel any CORS entries should be part of the actual function deployment process.
I use Azure CLI to automate the CORS setup. Please refer to How to set CORS via Automation for Azure Functions
az functionapp cors add --allowed-origins
[--ids]
[--name]
[--resource-group]
[--slot]
[--subscription]
You can also check/display existing entries like this:
az functionapp cors show --name MyFunctionApp --resource-group MyResourceGroup

Configuring Azure Batch using an Azure Resource Manager template

I'm looking for any examples of configuring Azure Batch using an Azure Resource Manager template. Googling yielded nothing, and the Azure QuickStart Templates do not yet have any Batch examples, however this SO question implies that it has been done.
What I would like to achieve is, via an ARM template, to create a Batch account and configure a pool (with a minimum number of compute nodes, auto expanding to a maximum number of nodes), and then set the resulting pool ID into my API server's appsettings resource.
I'm about to start reverse engineering it using the Azure Resource Explorer, but any pre-existing examples would be very much appreciated.
Update
So far I've managed to create the resource:
{
"name": "[variables('batchAccountName')]",
"type": "Microsoft.Batch/batchAccounts",
"location": "[resourceGroup().location]",
"apiVersion": "2015-07-01",
"dependsOn": [ ],
"tags": {
"displayName": "BatchInstance"
}
}
And to configure the account settings in the appsettings of my API server:
"BATCH_ACCOUNT_URL": "[concat('https://', reference(concat('Microsoft.Batch/batchAccounts/', variables('batchAccountName'))).accountEndpoint)]",
"BATCH_ACCOUNT_KEY": "[listKeys(resourceId('Microsoft.Batch/batchAccounts', variables('batchAccountName')), providers('Microsoft.Batch', 'batchAccounts').apiVersions[0]).primary]",
"BATCH_ACCOUNT_NAME": "[variables('batchAccountName')]"
I still haven't managed to create a pool and fetch the pool ID via ARM, mainly because the pool I created using Batch Explorer never showed up in either the Azure Portal or the Azure Resource Explorer. I'll update this if I find the solution.
Unfortunately we don't have a way today to create a pool using ARM templates. The Azure Portal should show the pools created under your account (even if you didn't created them using ARM).
This is supported, please see the reference docs here: https://learn.microsoft.com/azure/templates/microsoft.batch/2019-04-01/batchaccounts/pools

Resources