I am using Azure CLI (Linux host) to deploy Infra as code, I am having different deployment files and parameter files,
My goal is to avoid duplicate input parameters,
main_parameters.json:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"artifactLocation": {
"value": "xxxx_xxxx_path"
}
}
}
main.deploy:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"artifactLocation": {
"type": "string",
"metadata": {
"description": "artifactLocation path"
}
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"name": "linkedTemplate",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri":"[parameters('artifactLocation')]",
"contentVersion":"1.0.0.0"
}
}
}
],
"outputs": {
}
}
sub_parameters.json:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"artifactLocation": {
"value": "xxxx_xxxx_path"
},
"customName": {
"value": "Name"
}
}
}
sub_deploy.json:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"artifactLocation": {
"type": "string",
"metadata": {
"description": "artifactLocation path"
}
},
"customName": {
"type": "string",
"metadata": {
"description": "some name"
}
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"name": "[parameters('customName')]",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri":"[parameters('artifactLocation')]",
"contentVersion":"1.0.0.0"
}
}
}
],
"outputs": {
}
}
Both main.parameters and sub.parameters has input parameter "artifactLocation", Is there a way i Can import parameters from main_parameters to sub_deploy.json. so that I will avoid adding same parameters in multiple parameter files.
I am fine to create resources main_deploy and sub_deploy together, but I want to keep main_deploy and sub_deploy files separately for easy readability
Related
I have an Azure deploy button for a logic app with this template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"logic_app_name": {
"defaultValue": "logic_app_name",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2017-07-01",
"name": "[parameters('logic_app_name')]",
"location": "[resourceGroup().location]",
"properties": {
"state": "Enabled",
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"manual": {
"type": "Request",
"kind": "Http",
"inputs": {
"schema": {
"properties": {
"data": {
"type": "string"
}
},
"type": "object"
}
}
}
},
"actions": {
"Initialize_variables": {
"inputs": {
"variables": [
{
"name": "var-1",
"type": "object",
"value": {
"alert_id": "#{triggerOutputs()['headers']['var-1']}"
}
}
]
},
"runAfter": {},
"type": "InitializeVariable"
}
},
"outputs": {}
}
}
}
]
}
After deployment, access Logic app/ Logic app designer in the UI, I can get the trigger Http request URL which will use for sending data to that webhook.
My question is how can I make a callback request to my application (let say I have /azurecallback route) with created trigger URL as parameter after deployment so I can set it automatically?
I created linked ARM template and trying to deploy but I am getting below error.
I am deploying Sql Server and Server Database using linked templates. Individual ARM (Sql Server and sql database is working fine).
Error: InvalidDeployment;
Message=The 'location' property is not allowed for a deployment at resource
group scope. Please see https://aka.ms/deploy-to-subscription for usage
details.
If I remove location and trying to deploy I am getting below error.
The location property is required for this definition
Is my mistake is in Schema version or api version or something?
New-AzResourceGroupDeployment -Name "ARMLinkedDeployment" -ResourceGroupName "Test-POC-RG" -TemplateFile ".......\MainTemplates\SqlApp\azuredeploy.json" -TemplateParameterFile ".....\MainTemplates\SqlApp\parameters.json"
parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sqlserver_linkedTemplatepath": {
"value": "https://stvirtuosotest.blob.core.windows.net/armlinkedtemplates/azuredeploysql.json"
},
"sqldb_linkedTemplatepath": {
"value": "https://stvirtuosotest.blob.core.windows.net/armlinkedtemplates/azuredeploysqldb.json"
},
"sqlserver_parameters_linkedTemplatepath": {
"value": "https://stvirtuosotest.blob.core.windows.net/armlinkedtemplates/azuredeploy.sqlparameters.json"
},
"sqldb_parameters_linkedTemplatepath": {
"value": "https://stvirtuosotest.blob.core.windows.net/armlinkedtemplates/azuredeploy.sqldbparameters.json"
}
}
}
azuredeploy.json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sqlserver_linkedTemplatepath": {
"type": "string",
"metadata": {
"description": "The sql server arm template json file path from storage account.."
}
},
"sqldb_linkedTemplatepath": {
"type": "string",
"metadata": {
"description": "The sql database deploy arm template json file path from storage account."
}
},
"sqldb_parameters_linkedTemplatepath": {
"type": "string",
"metadata": {
"description": "The sql database arm parameters file json file path from storage account."
}
},
"sqlserver_parameters_linkedTemplatepath": {
"type": "string",
"metadata": {
"description": "The sql server arm parameters json file path from storage account."
}
}
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "sqlDbDeployment",
"resourceGroup": "[resourceGroup().name]",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[parameters('sqldb_linkedTemplatepath')]",
"contentVersion": "1.0.0.0"
},
"parametersLink": {
"contentVersion": "1.0.0.0",
"uri": "[parameters('sqldb_parameters_linkedTemplatepath')]"
}
},
"dependsOn": [
"sqlServerDeployment"
]
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "sqlServerDeployment",
"resourceGroup": "[resourceGroup().name]",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[parameters('sqlserver_linkedTemplatepath')]",
"contentVersion": "1.0.0.0"
},
"parametersLink": {
"contentVersion": "1.0.0.0",
"uri": "[parameters('sqlserver_parameters_linkedTemplatepath')]"
}
}
}
],
"outputs": {
"sqldbresourceid": {
"type": "object",
"value": "[reference('sqlDbDeployment').outputs.resourceGroup.resourceId]"
},
"sqlserverresourceid": {
"type": "object",
"value": "[reference('sqlServerDeployment').outputs.resourceGroup.resourceId]"
}
}
}
Here is how I fixed the same issue.
parameters.json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "eastus2"
}
}
}
azuredeploy.json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2021-04-01",
"name": "deployment1",
"resourceGroup": "[resourceGroup().name]",
"properties": {
"mode": "Incremental",
"templateLink": {
"relativePath": "templates/template.json"
},
"parameters": {
"location": {
"value" : "[parameters('location')]"
}
}
}
}
]
}
So the location can be used from the template.json as required.
Reference: https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-test-cases#location-uses-parameter
After reading some article from here and here and here and looking at this example
I have tried to retrieve a password from KeyValut with LinkedTemplate.
To achieve this aim I have create such a Linked arm template azuredeploy.json:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"type": "string",
"metadata": {
"description": "The name of the keyvault that contains the secret."
}
},
"secretName": {
"type": "string",
"metadata": {
"description": "The name of the secret."
}
},
"vaultResourceGroupName": {
"type": "string",
"metadata": {
"description": "The name of the resource group that contains the keyvault."
}
},
"vaultSubscription": {
"type": "string",
"defaultValue": "[subscription().subscriptionId]",
"metadata": {
"description": "The name of the subscription that contains the keyvault."
}
}
},
"resources":
[
{
"apiVersion": "2018-05-01",
"name": "dynamicSecret",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"templateLink": {
"contentVersion": "1.0.0.0",
"uri": "https://arm0storage.blob.core.windows.net/linkedtemplate/azuredeploy.json?sp=r&st=2019-07-17T13:28:26Z&se=2019-07-16T21:28:26Z&spr=https&sv=2018-03-28&sig=xxxv%2xxxxxxxxxxxxxxx%2FHmg9Yxxxxxxxxxxxxxxxxxxxxxxx%3D&sr=b"
},
"parameters": {
"adminPassword": {
"reference": {
"keyVault": {
"id": "[resourceId(parameters('vaultSubscription'), parameters('vaultResourceGroupName'), 'Microsoft.KeyVault/vaults', parameters('vaultName'))]"
},
"secretName": "[parameters('secretName')]"
}
}
}
}
}
],
"outputs": {
"SQLPassword": {
"type": "string",
"value": "[reference('dynamicSecret').outputs.value]"
}
}
}
If I try to validate this template, I get this error message:
Deployment template validation failed: 'The template parameters 'adminPassword' in the parameters file are not valid; they are not present in the original template and can therefore not be provided at deployment time. The only supported parameters for this template are 'vaultName, secretName, vaultResourceGroupName, vaultSubscription'. Please see https://aka.ms/arm-deploy/#parameter-file for usage details.'.
and in my azuredeploy.parameters.json I have:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"value": "kvnamer"
},
"secretName": {
"value": "ExamplePassword"
},
"vaultResourceGroupName": {
"value": "rgname"
}
}
}
Do you have any Idea how can I solve my problem?
Regarding the issue, please check if your linked template has the parameter "adminPassword". For more details, please refer to the document. You also can refer to my JSON file.
1.Create azuredeploy.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"type": "string",
"metadata": {
"description": "The name of the keyvault that contains the secret."
}
},
"secretName": {
"type": "string",
"metadata": {
"description": "The name of the secret."
}
},
"vaultResourceGroupName": {
"type": "string",
"metadata": {
"description": "The name of the resource group that contains the keyvault."
}
},
"vaultSubscription": {
"type": "string",
"defaultValue": "[subscription()]",
"metadata": {
"description": "The name of the subscription that contains the keyvault."
}
}
},
"resources": [{
"apiVersion": "2015-01-01",
"name": "linkedTemplate",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "incremental",
"templateLink": {
"uri": "https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/keyvaultparameter/sqlserver.json",
"contentVersion": "1.0.0.0"
},
"parameters": {
"adminPassword": {
"reference": {
"keyVault": {
"id": "[resourceId(parameters('vaultSubscription'), parameters('vaultResourceGroupName'), 'Microsoft.KeyVault/vaults', parameters('vaultName'))]"
},
"secretName": "[parameters('secretName')]"
}
},
"adminLogin": {
"value": "jimtest"
},
"sqlServerName": {"value": "jimteste12378902"}
}
}
}],
"outputs": {
"SQLPassword": {
"type": "string",
"value": "[reference('linkedTemplate').outputs.value]"
}
}
}
2.Create azuredeploy.parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"value": ""
},
"secretName": {
"value": ""
},
"vaultResourceGroupName": {
"value": ""
},
"vaultSubscription": {
"value": ""
}
}
}
The template, you're using in the nested deployment here:
"https://arm0storage.blob.core.windows.net/linkedtemplate/azuredeploy.json?sp=r&st=2019-07-17T13:28:26Z&se=2019-07-16T21:28:26Z&spr=https&sv=2018-03-28&sig=xxxv%2xxxxxxxxxxxxxxx%2FHmg9Yxxxxxxxxxxxxxxxxxxxxxxx%3D&sr=b"
What does that template look like? The error message you're getting says that it does not have a parameter in it, named "adminPassword" - but your nested deployment resource is trying to pass it in.
The output you have in the template above is called "SQLPassword", they aren't necessarily related, but I'm guessing since we can't see the template you're linking to.
I am receiving an error:
"The value of deployment parameter 'appServiceName' is null."
Even though it is defined in the file obtained via parametersLink. I am never prompted so null is expected, but why am I never prompted? How do I properly pass parameters from a parametersLink file to a templateLink?
Master Template:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"rgName": {
"type": "string",
"metadata": {
"description": "Resource Group required in which to create App Service"
}
}
},
"variables": {},
"resources": [
{
"name": "LinkedAppServiceTemplate",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"resourceGroup": "[parameters('rgName')]",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "uri_to_template_file",
"contentVersion": "1.0.0.0"
},
"parametersLink": {
"uri": "uri_to_params_file",
"contentVersion": "1.0.0.0"
}
}
}
]
}
Linked Template:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"name": "[parameters('appServiceName')]",
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2015-05-01",
"location": "[parameters('rgLocation')]"
}
]
}
Linked Params:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"appServiceName": {
"metadata": {
"description": "Name of the App Service to be created"
}
},
"rgLocation": {
"defaultValue": "eastus",
"metadata": {
"description": "Location of the resource group to be created"
}
}
}
}
You need to define the parameters in the file you've referred to as Linked Template:
Follow the tutorial on how to create linked templates as it will also show you how to pass the parameter from the main template to the linked template.
In this case, your Linked Template requires a parameter declaration in the parameters object.
"parameters": {
"appServiceName" : {
"type": "string",
"metadata" : {
"description": "This parameter needs to exist to pass from the link file"
}
}
}
I am trying to output a secret created in one linked template and reference this as a parameter in another.
Test scenario:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"templateBaseUrl": {
"type": "string"
}
},
"variables": {
"deployment1url": "[concat(parameters('templateBaseUrl'), '/deployment1.json')]",
"deployment2url": "[concat(parameters('templateBaseUrl'), '/deployment2.json')]"
},
"resources": [
{
"apiVersion": "2017-08-01",
"name": "deployment1",
"dependsOn": [],
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployment1url')]",
"contentVersion": "1.0.0.0"
},
"parameters": {}
}
},
{
"apiVersion": "2017-08-01",
"name": "deployment2",
"dependsOn": [],
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployment2url')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"testInput2": {
"value": "[reference('deployment1').outputs.testOutput1.value]"
}
}
}
}
],
"outputs": {}
}
Deployment1:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"resources": [],
"outputs": {
"testOutput1": {
"type": "securestring",
"value": "thisisapassword"
}
}
}
Deployment2:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"testInput2": {
"type": "securestring"
}
},
"resources": [],
"outputs": {}
}
Running this scenario throws the error
"Unable to process template language expressions for resource
'/subscriptions//resourceGroups/testrg1/providers/Microsoft.Resources/deployments/deployment2' at line '34' and column '9'.
'The language expression property 'value' doesn't exist, available properties are 'type'.'"
So '.value' on the securestring output doesn't work, if I change the reference parameter to
"testInput2": {
"value": "[reference('deployment1').outputs.testOutput1]"
}
the errors changes to 'Deployment template validation failed: 'The provided value for the template parameter 'testInput2' at line '5' and column '23' is not valid.'.'
Is it possible to achieve what I am doing?
Thanks in advance
I think the only way to pass secureStrings across deployments is using a KeyVault reference. The secureString output isn't very useful in that securestrings are masked by ARM at the deployment level.
That help?