Azure integration account creation/update using ARM Templates - azure

I am using the below templates to create and update the integration account:
We are able to create the new integration account using the ARM template
We are able to add the Partners to the integration account using the same template.
But when we try to add additional Identifiers to the existing partner the template replaces the existing Identifiers in the integration account.
Integration account template:
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"integrationaccountname": {
"type": "string",
"minLength": 1,
"maxLength": 80,
"metadata": {
"description": "Name of the Integration Account."
}
},
"integrationaccountpartnername": {
"type": "string",
"minLength": 1,
"maxLength": 80,
"metadata": {
"description": "Name of the Integration Account Partner Name."
}
},
"partnerqualifier": {
"type": "string",
"minLength": 1,
"maxLength": 4,
"metadata": {
"description": "Provide the Partner Qualifier."
}
},
"partnerqualifiervalue": {
"type": "string",
"minLength": 1,
"maxLength": 80,
"metadata": {
"description": "Provide the Partner Qualifier Value."
}
},
"integrationaccountlocation": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"allowedValues": [
"[resourceGroup().location]",
"eastasia",
"southeastasia",
"centralus",
"eastus",
"eastus2",
"westus",
"northcentralus",
"southcentralus",
"northeurope",
"westeurope",
"japanwest",
"japaneast",
"brazilsouth",
"australiaeast",
"australiasoutheast",
"southindia",
"centralindia",
"westindia",
"canadacentral",
"canadaeast",
"uksouth",
"ukwest",
"westcentralus",
"westus2",
"koreacentral",
"koreasouth",
"francecentral",
"francesouth"
],
"metadata": {
"description": "Location of the Integration Account."
}
},
"sku": {
"type": "string",
"defaultValue": "Free",
"allowedValues": [
"Free",
"Basic",
"Standard"
],
"metadata": {
"description": "Specify the Pricing Tier of the Integration Account."
}
},
"integrationAccountApiVersion": {
"type": "string",
"defaultValue": "2016-06-01"
}
},
"resources": [
{
"apiVersion": "[parameters('integrationAccountApiVersion')]",
"name": "[parameters('integrationaccountname')]",
"location": "[parameters('integrationaccountlocation')]",
"type": "Microsoft.Logic/IntegrationAccounts",
"sku": {
"name": "[parameters('sku')]"
},
"properties": {
"state": "Enabled"
}
},
{
"type": "Microsoft.Logic/integrationAccounts/partners",
"apiVersion": "2016-06-01",
"name": "[concat(parameters('integrationaccountname'), '/',parameters('integrationaccountpartnername'))]",
"dependsOn": [
"[resourceId('Microsoft.Logic/integrationAccounts', parameters('integrationaccountname'))]"
],
"properties": {
"partnerType": "B2B",
"content": {
"b2b": {
"businessIdentities": [
{
"qualifier": "[parameters('partnerqualifier')]",
"value": "[parameters('partnerqualifiervalue')]"
}
],
"partnerClassification": "NotSpecified"
}
}
}
}
]
}
Parameters template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"integrationaccountname": {
"value": "viswa-int"
},
"integrationaccountpartnername": {
"value": "treasury"
},
"partnerqualifier": {
"value": "ZZZ"
},
"partnerqualifiervalue": {
"value": "Test007"
},
"integrationaccountlocation": {
"value": "eastus"
},
"sku": {
"value": "Free"
},
"integrationAccountApiVersion": {
"value": "2016-06-01"
}
}
}

Related

Only one SFTP Server for one Azure Resource group possible?

Is it only possible to create one on-demand SFPT Server with one Resource group in Azure?
This is a link regards to SFPT on Azure. https://learn.microsoft.com/en-us/samples/azure-samples/sftp-creation-template/sftp-on-azure/
I tried to create a second SFPT in the same Resource group, but previous SFPT got replaced with the new one.
I tried Goolging on this one, but I was not able to find the answer, so I am posting this question here.

Yes we can deploy multiple SFTP server to our Azure resource group.
But the template you are using already they have declare default variables ,Instead of that we need to declare parameters as shown in below template, So that you can use the same template multiple times.
TEMPLATE:-
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.4.63.48766",
"templateHash": "17013458610905703770"
}
},
"parameters": {
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"metadata": {
"description": "Storage account type"
},
"allowedValues": [
"Standard_LRS",
"Standard_ZRS",
"Standard_GRS"
]
},
"storageAccountPrefix": {
"type": "string",
"defaultValue": "sftpstg",
"metadata": {
"description": "Prefix for new storage account"
}
},
"fileShareName": {
"type": "string",
"defaultValue": "sftpfileshare",
"metadata": {
"description": "Name of file share to be created"
}
},
"sftpUser": {
"type": "string",
"defaultValue": "sftp",
"metadata": {
"description": "Username to use for SFTP access"
}
},
"sftpPassword": {
"type": "securestring",
"metadata": {
"description": "Password to use for SFTP access"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Primary location for resources"
}
},
"containerGroupDNSLabel": {
"type": "string",
"defaultValue": "[uniqueString(resourceGroup().id, deployment().name)]",
"metadata": {
"description": "DNS label for container group"
}
},
"sftpContainerGroupName": {
"type": "string",
"metadata": {
"description": "cngroup for container group"
}
},
"sftpContainerName": {
"type": "string",
"metadata": {
"description": "container name"
}
}
},
"functions": [],
"variables": {
"sftpContainerImage": "atmoz/sftp:debian",
"sftpEnvVariable": "[format('{0}:{1}:1001', parameters('sftpUser'), parameters('sftpPassword'))]",
"storageAccountName": "[take(toLower(format('{0}{1}', parameters('storageAccountPrefix'), uniqueString(resourceGroup().id))), 24)]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
"name": "[variables('storageAccountName')]",
"location": "[parameters('location')]",
"kind": "StorageV2",
"sku": {
"name": "[parameters('storageAccountType')]"
}
},
{
"type": "Microsoft.Storage/storageAccounts/fileServices/shares",
"apiVersion": "2019-06-01",
"name": "[toLower(format('{0}/default/{1}', variables('storageAccountName'), parameters('fileShareName')))]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
]
},
{
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2019-12-01",
"name": "[parameters('sftpContainerGroupName')]",
"location": "[parameters('location')]",
"properties": {
"containers": [
{
"name": "[parameters('sftpContainerName')]",
"properties": {
"image": "[variables('sftpContainerImage')]",
"environmentVariables": [
{
"name": "SFTP_USERS",
"secureValue": "[variables('sftpEnvVariable')]"
}
],
"resources": {
"requests": {
"cpu": 1,
"memoryInGB": 1
}
},
"ports": [
{
"port": 22,
"protocol": "TCP"
}
],
"volumeMounts": [
{
"mountPath": "[format('/home/{0}/upload', parameters('sftpUser'))]",
"name": "sftpvolume",
"readOnly": false
}
]
}
}
],
"osType": "Linux",
"ipAddress": {
"type": "Public",
"ports": [
{
"port": 22,
"protocol": "TCP"
}
],
"dnsNameLabel": "[parameters('containerGroupDNSLabel')]"
},
"restartPolicy": "OnFailure",
"volumes": [
{
"name": "sftpvolume",
"azureFile": {
"readOnly": false,
"shareName": "[parameters('fileShareName')]",
"storageAccountName": "[variables('storageAccountName')]",
"storageAccountKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2019-06-01').keys[0].value]"
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
]
}
],
"outputs": {
"containerDNSLabel": {
"type": "string",
"value": "[format('{0}.{1}.azurecontainer.io', reference(resourceId('Microsoft.ContainerInstance/containerGroups', parameters('sftpContainerGroupName'))).ipAddress.dnsNameLabel, reference(resourceId('Microsoft.ContainerInstance/containerGroups', parameters('sftpContainerGroupName')), '2019-12-01', 'full').location)]"
}
}
}
Deployment details:-

Deployment template validation failed template parameters 'scriptUrldsc' in the parameters file are not valid they are not present in the original

I'm receiving the error mentioned on the subject, and I'm struggling to fix it.
I'm using an ARM template with several nested ARM templates, the deployment is being done using Azure DevOps.
Below the templates.
This first template is the one calling the nested ones:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"existingDataFactoryName": {
"type": "string",
"metadata": {
"description": "Existing Data Factory name"
}
},
"existingDataFactoryResourceGroup": {
"type": "string",
"metadata": {
"description": "Existing Data Factory resource group"
}
},
"existingDataFactoryVersion": {
"type": "string",
"metadata": {
"description": "Select the existing Data Factory version"
},
"allowedValues": [
"V1",
"V2"
]
},
"virtualMachineName": {
"type": "string",
"metadata": {
"description": "Virtual Machine Name where the runtime will run. Please don't provide the last numbers of the VM E.g: EUWE01PROJNIR "
}
},
"IntegrationRuntimeName": {
"type": "string",
"metadata": {
"description": "IR name must be unique in subscription"
}
},
"NodeCount": {
"type": "int",
"maxValue": 4,
"minValue": 1,
"metadata": {
"description": "the node count is between 1 and 4."
}
},
"vmSize": {
"type": "string",
"defaultValue": "Standard_A4_v2"
},
"adminUserName": {
"type": "string",
"metadata": {
"description": "User name for the virtual machine"
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Password for the virtual machine"
}
},
"existingVirtualNetworkName": {
"type": "string",
"metadata": {
"description": "Existing vnet name"
}
},
"existingVnetLocation": {
"type": "string",
"metadata": {
"description": "Virtual machine will be create in the same datacenter with VNET"
}
},
"existingVnetResourceGroupName": {
"type": "string",
"metadata": {
"description": "Name of the existing VNET resource group"
}
},
"existingSubnetInYourVnet": {
"type": "string",
"metadata": {
"description": "Name of the subnet in the virtual network you want to use"
}
},
"_artifactsLocation": {
"type": "string",
"metadata": {
"description": "The base URI where artifacts required by this template are located."
},
"defaultValue": "[deployment().properties.templateLink.uri]"
},
"_artifactsLocationSasToken": {
"type": "securestring",
"metadata": {
"description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated."
},
"defaultValue": ""
},
"diagnosticsStorageAccountName": {
"type": "string",
"metadata": {
"description": "Diagnostic storage account name"
},
"defaultValue": ""
},
"storageAccountNameRG": {
"type": "string",
"metadata": {
"description": "Diagnostic Resource Group of the Diagnostic storage account"
},
"defaultValue": ""
},
"availabilitySetName": {
"type": "string",
"metadata": {
"description": "Availability Set Name"
},
"defaultValue": ""
}
},
"variables": {
"delimiters": [
"-",
"_"
],
"prefix": "[split(parameters('IntegrationRuntimeName'), variables('delimiters'))[0]]",
"vmTemplateLink": "[uri(parameters('_artifactsLocation'), concat('nested/VMtemplate.json', parameters('_artifactsLocationSasToken')))]",
"irInstallTemplateLink": "[uri(parameters('_artifactsLocation'), concat('nested/IRInstall.json', parameters('_artifactsLocationSasToken')))]",
"IRtemplateLink": "[uri(parameters('_artifactsLocation'), concat('nested/IRtemplate.json', parameters('_artifactsLocationSasToken')))]",
"subnetId": "[resourceId(parameters('existingVnetResourceGroupName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('existingVirtualNetworkName'), parameters('existingSubnetInYourVnet'))]",
"scriptURL": "[uri(parameters('_artifactsLocation'), concat('gatewayInstall.ps1', parameters('_artifactsLocationSasToken')))]",
"scriptURLdsc": "[uri(parameters('_artifactsLocation'), concat('DscMetaConfigs.ps1', parameters('_artifactsLocationSasToken')))]"
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-09-01",
"name": "nestedTemplate",
"resourceGroup": "[parameters('existingDataFactoryResourceGroup')]",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('IRtemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"existingDataFactoryName": {
"value": "[parameters('existingDataFactoryName')]"
},
"existingDataFactoryVersion": {
"value": "[parameters('existingDataFactoryVersion')]"
},
"IntegrationRuntimeName": {
"value": "[parameters('IntegrationRuntimeName')]"
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-09-01",
"name": "[concat('VMtemplate-', copyIndex())]",
"dependsOn": [
"[resourceId(parameters('existingDataFactoryResourceGroup'), 'Microsoft.Resources/deployments', 'nestedTemplate')]"
],
"copy": {
"name": "vmcopy",
"count": "[parameters('NodeCount')]"
},
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('vmTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"virtualMachineName": {
"value": "[take(concat(parameters('virtualMachineName'),'0',copyIndex(1)), 15)]"
},
"vmSize": {
"value": "[parameters('vmSize')]"
},
"adminUserName": {
"value": "[parameters('adminUserName')]"
},
"adminPassword": {
"value": "[parameters('adminPassword')]"
},
"existingVnetLocation": {
"value": "[parameters('existingVnetLocation')]"
},
"subnetId": {
"value": "[variables('subnetId')]"
},
"diagnosticsStorageAccountName": {
"value": "[parameters('diagnosticsStorageAccountName')]"
},
"availabilitySetName": {
"value": "[parameters('availabilitySetName')]"
},
"storageAccountNameRG": {
"value": "[parameters('storageAccountNameRG')]"
}
}
}
},
{
"apiVersion": "2019-09-01",
"type": "Microsoft.Resources/deployments",
"name": "[concat('IRInstalltemplate-', copyIndex())]",
"dependsOn": [
"vmcopy"
],
"copy": {
"name": "irinstallcopy",
"count": "[parameters('NodeCount')]",
"mode": "serial"
},
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('irInstallTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"existingDataFactoryVersion": {
"value": "[parameters('existingDataFactoryVersion')]"
},
"datafactoryId": {
"value": "[reference(resourceId(parameters('existingDataFactoryResourceGroup'), 'Microsoft.Resources/deployments', 'nestedTemplate')).outputs.irId.value]"
},
"virtualMachineName": {
"value": "[take(concat(parameters('virtualMachineName'),'0',copyIndex(1)), 15)]"
},
"existingVnetLocation": {
"value": "[parameters('existingVnetLocation')]"
},
"scriptUrl": {
"value": "[variables('scriptURL')]"
},
"scriptUrldsc": {
"value": "[variables('scriptURLdsc')]"
}
}
}
}
]
}
And this one is where "scriptUrldsc" parameter is being used inside of the nested template.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"existingDataFactoryVersion": {
"type": "string"
},
"datafactoryId": {
"type": "string"
},
"virtualMachineName": {
"type": "string"
},
"existingVnetLocation": {
"type": "string"
},
"scriptUrl": {
"type": "string"
},
"scriptUrldsc": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(parameters('virtualMachineName'), '/' ,parameters('virtualMachineName'), '-installGW')]",
"apiVersion": "2019-07-01",
"location": "[parameters('existingVnetLocation')]",
"tags": {
"virtualMachineName": "[parameters('virtualMachineName')]"
},
"properties": {
"publisher": "Microsoft.Compute",
"type": "CustomScriptExtension",
"typeHandlerVersion": "1.7",
"autoUpgradeMinorVersion": true,
"settings": {
"fileUris": [
"[parameters('scriptURL')]",
"[parameters('scripturldsc')]"
]
},
"protectedSettings": {
"commandToExecute": "[concat('powershell.exe -ExecutionPolicy Unrestricted -File gatewayInstall.ps1', if(equals(parameters('existingDataFactoryVersion'), 'V2'), listAuthKeys(parameters('datafactoryId'), '2017-09-01-preview').authKey1, listAuthKeys(parameters('datafactoryId'), '2015-10-01').key1))]"
}
}
}
]
}

The error message says that the ARM template in the storage blob is missing the parameter scriptUrldsc. Assuming the parameter scriptUrldsc was added recently, perhaps the template has been updated locally to add the parameter but somehow the version in the storage blob did not get updated with the new parameter.
The error message says the ARM template from storage has the following parameters:
...
"parameters": {
"existingDataFactoryVersion": {
"type": "string"
},
"datafactoryId": {
"type": "string"
},
"virtualMachineName": {
"type": "string"
},
"existingVnetLocation": {
"type": "string"
},
"scriptUrl": {
"type": "string"
}
},
"variables": {},
...
It's difficult for me to debug and know for certain, but double check the ARM template file in the storage blob to ensure it has the additional parameter.

Azure Databricks with custom vnet arm template won't connect to the custom vnet

With the following ARM template, I deploy an Azure Databricks with a custom managed Resource Group Name and add the workers to a custom VNET. In the portal this works fine. But When I try to do this inside an ARM template the managed resource groups keep deploying a workers vnet for the workers. I am thinking that I am on the right track but missing one setting. But can't figure it out. Is there anyone who can see what I am missing ?
Source ARM: https://github.com/Azure/azure-quickstart-templates/tree/master/101-databricks-workspace-with-vnet-injection
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"databricksName": {
"type": "string",
"metadata": {
"description": "The name of the databricks workspace"
}
},
"pricingTier": {
"type": "string",
"allowedValues": [
"trial",
"standard",
"premium"
],
"metadata": {
"description": "The pricing tier of workspace."
}
},
"managedResourceGroupName": {
"type": "string",
"metadata": {
"description": "The name of the managed resource group that databricks will create"
}
},
"Location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "The Location of the deployment"
}
},
"vnetName": {
"type": "string",
"metadata": {
"description": "The Name of the virtual network where the Workers would be connected to"
}
},
"privateSubnetName": {
"defaultValue": "public-subnet",
"type": "string",
"metadata": {
"description": "The name of the private subnet to create."
}
},
"publicSubnetName": {
"defaultValue": "private-subnet",
"type": "string",
"metadata": {
"description": "The name of the public subnet to create."
}
}
},
"variables": {
"ManagedResourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('managedResourceGroupName'))]",
"vnetId": "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))]"
},
"resources": [
{
"name": "[parameters('databricksName')]",
"type": "Microsoft.Databricks/workspaces",
"apiVersion": "2018-04-01",
"tags": {
"description": "MIG6 databricks workspace",
"costCenter": "WPIPM12SG552"
},
"location": "[parameters('Location')]",
"properties": {
"managedResourceGroupId": "[variables('managedResourceGroupId')]",
"parameters": {
"customVirtualNetworkId": {
"value": "[variables('vnetId')]"
},
"customPublicSubnetName": {
"value": "[parameters('publicSubnetName')]"
},
"customPrivateSubnetName": {
"value": "[parameters('privateSubnetName')]"
}
}
},
"sku": {
"name": "[parameters('pricingTier')]"
}
}
]
}

You need to nest the vnet in the template, this works for me:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vnetName": {
"type": "string"
},
"vnetRG": {
"type": "string"
},
"publicSubnetName": {
"type": "string"
},
"publicSubnetCIDR": {
"type": "string"
},
"privateSubnetName": {
"type": "string"
},
"privateSubnetCIDR": {
"type": "string"
},
"workspaceName": {
"type": "string"
},
"tier": {
"type": "string"
},
"location": {
"type": "string"
},
"nsgName": {
"defaultValue": "databricks-nsg",
"type": "string"
},
"environment": {
"type": "string"
}
},
"resources": [
{
"apiVersion": "2017-05-10",
"name": "nestedTemplate",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('vnetRG')]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"apiVersion": "2018-04-01",
"type": "Microsoft.Network/virtualNetworks/subnets",
"name": "[concat(parameters('vnetName'), '/', parameters('publicSubnetName'))]",
"location": "[parameters('location')]",
"properties": {
"addressPrefix": "[parameters('publicSubnetCIDR')]",
"networkSecurityGroup": {
"id": "[variables('nsgId')]"
}
}
},
{
"apiVersion": "2018-04-01",
"type": "Microsoft.Network/virtualNetworks/subnets",
"name": "[concat(parameters('vnetName'), '/', parameters('privateSubnetName'))]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', parameters('vnetName'), '/subnets/', parameters('publicSubnetName'))]"
],
"properties": {
"addressPrefix": "[parameters('privateSubnetCIDR')]",
"networkSecurityGroup": {
"id": "[variables('nsgId')]"
}
}
}
]
},
"parameters": {}
}
},
{
"apiVersion": "2018-04-01",
"type": "Microsoft.Databricks/workspaces",
"location": "[parameters('location')]",
"name": "[parameters('workspaceName')]",
"dependsOn": [
"['Microsoft.Resources/deployments/nestedTemplate']"
],
"sku": {
"name": "[parameters('tier')]"
},
"comments": "Please do not use an existing resource group for ManagedResourceGroupId.",
"properties": {
"ManagedResourceGroupId": "[variables('managedResourceGroupId')]",
"parameters": {
"customVirtualNetworkId": {
"value": "[variables('vnetId')]"
},
"customPublicSubnetName": {
"value": "[parameters('publicSubnetName')]"
},
"customPrivateSubnetName": {
"value": "[parameters('privateSubnetName')]"
}
}
}
}
],
"variables": {
"managedResourceGroupId": "[concat(subscription().id, '/resourceGroups/', variables('managedResourceGroupName'))]",
"managedResourceGroupName": "[concat(resourceGroup().name,'-DATABRICKS-MANAGED')]",
"vnetId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('vnetRG'), '/providers/Microsoft.Network/virtualNetworks/', parameters('vnetName'))]",
"nsgId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('vnetRG'), '/providers/Microsoft.Network/networkSecurityGroups/', parameters('nsgName'))]"
},
"outputs": {}
}

How to Create Azure Kubernetes Service (AKS) using ARM Templates

I've written an ARM template to deploy Azure Kubernetes Service (AKS). However, I'm unable to find a way to automate the creation of the service principal client ID and secret.
Is there a way I can create the service principal in an ARM template and store the client ID and secret in Azure Key Vault, as I've learned to do here?
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"environment": {
"metadata": {
"description": "The name of the environment."
},
"type": "string"
},
// Azure Kubernetes Service
"kubernetes_name": {
"metadata": {
"description": "The name of the Managed Cluster resource."
},
"type": "string"
},
"kubernetes_location": {
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "The location of AKS resource."
},
"type": "string"
},
"kubernetes_dnsPrefix": {
"metadata": {
"description": "Optional DNS prefix to use with hosted Kubernetes API server FQDN."
},
"type": "string"
},
"kubernetes_osDiskSizeGB": {
"defaultValue": 0,
"metadata": {
"description": "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 will apply the default disk size for that agentVMSize."
},
"maxValue": 1023,
"minValue": 0,
"type": "int"
},
"kubernetes_osType": {
"allowedValues": [
"Linux"
],
"defaultValue": "Linux",
"metadata": {
"description": "The type of operating system."
},
"type": "string"
},
"kubernetes_agentCount": {
"defaultValue": 3,
"metadata": {
"description": "The number of agent nodes for the cluster."
},
"maxValue": 50,
"minValue": 1,
"type": "int"
},
"kubernetes_agentVMSize": {
"defaultValue": "Standard_D2_v2",
"metadata": {
"description": "The size of the Virtual Machine."
},
"type": "string"
},
"kubernetes_maxPods": {
"defaultValue": 30,
"metadata": {
"description": "Maximum number of pods that can run on a node."
},
"type": "int"
},
"kubernetes_servicePrincipalClientId": {
"defaultValue": null,
"metadata": {
"description": "Client ID (used by cloudprovider)"
},
"type": "securestring"
},
"kubernetes_servicePrincipalClientSecret": {
"defaultValue": null,
"metadata": {
"description": "The Service Principal Client Secret."
},
"type": "securestring"
},
"kubernetes_kubernetesVersion": {
"defaultValue": "1.7.7",
"metadata": {
"description": "The version of Kubernetes."
},
"type": "string"
},
"kubernetes_enableHttpApplicationRouting": {
"defaultValue": false,
"metadata": {
"description": "boolean flag to turn on and off of http application routing"
},
"type": "bool"
},
"kubernetes_networkPlugin": {
"allowedValues": [
"azure",
"kubenet"
],
"defaultValue": "kubenet",
"metadata": {
"description": "Network plugin used for building Kubernetes network."
},
"type": "string"
},
"kubernetes_enableRBAC": {
"defaultValue": true,
"metadata": {
"description": "boolean flag to turn on and off of RBAC"
},
"type": "bool"
},
"kubernetes_enableOmsAgent": {
"defaultValue": true,
"metadata": {
"description": "boolean flag to turn on and off of omsagent addon"
},
"type": "bool"
},
// Azure Log Analytics
"log_analytics_location": {
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specify the region for your OMS workspace"
},
"type": "string"
},
"log_analytics_workspaceName": {
"metadata": {
"description": "Specify the name of the OMS workspace"
},
"type": "string"
},
"log_analytics_workspaceId": {
"metadata": {
"description": "Specify the resource id of the OMS workspace"
},
"type": "string"
},
"log_analytics_sku": {
"allowedValues": [
"free",
"standalone",
"pernode"
],
"defaultValue": "free",
"metadata": {
"description": "Select the SKU for your workspace"
},
"type": "string"
}
},
"resources": [
{
"comments": "Azure Kubernetes Service",
"apiVersion": "2018-03-31",
"dependsOn": [
"[concat('Microsoft.Resources/deployments/', 'WorkspaceDeployment')]"
],
"type": "Microsoft.ContainerService/managedClusters",
"location": "[parameters('kubernetes_location')]",
"name": "[parameters('kubernetes_name')]",
"properties": {
"kubernetesVersion": "[parameters('kubernetes_kubernetesVersion')]",
"enableRBAC": "[parameters('kubernetes_enableRBAC')]",
"dnsPrefix": "[parameters('kubernetes_dnsPrefix')]",
"addonProfiles": {
"httpApplicationRouting": {
"enabled": "[parameters('kubernetes_enableHttpApplicationRouting')]"
},
"omsagent": {
"enabled": "[parameters('kubernetes_enableOmsAgent')]",
"config": {
"logAnalyticsWorkspaceResourceID": "[parameters('log_analytics_workspaceId')]"
}
}
},
"agentPoolProfiles": [
{
"name": "agentpool",
"osDiskSizeGB": "[parameters('kubernetes_osDiskSizeGB')]",
"osType": "[parameters('kubernetes_osType')]",
"count": "[parameters('kubernetes_agentCount')]",
"vmSize": "[parameters('kubernetes_agentVMSize')]",
"storageProfile": "ManagedDisks",
"maxPods": "[parameters('kubernetes_maxPods')]"
}
],
"servicePrincipalProfile": {
"ClientId": "[parameters('kubernetes_servicePrincipalClientId')]",
"Secret": "[parameters('kubernetes_servicePrincipalClientSecret')]"
},
"networkProfile": {
"networkPlugin": "[parameters('kubernetes_networkPlugin')]"
}
},
"tags": {
"Environment": "[parameters('environment')]"
}
},
{
"comments": "Azure Log Analytics (Container Insights)",
"type": "Microsoft.Resources/deployments",
"name": "SolutionDeployment",
"apiVersion": "2017-05-10",
"resourceGroup": "[split(parameters('log_analytics_workspaceId'),'/')[4]]",
"subscriptionId": "[split(parameters('log_analytics_workspaceId'),'/')[2]]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"apiVersion": "2015-11-01-preview",
"type": "Microsoft.OperationsManagement/solutions",
"location": "[parameters('log_analytics_location')]",
"name": "[concat('ContainerInsights', '(', split(parameters('log_analytics_workspaceId'),'/')[8], ')')]",
"properties": {
"workspaceResourceId": "[parameters('log_analytics_workspaceId')]"
},
"plan": {
"name": "[concat('ContainerInsights', '(', split(parameters('log_analytics_workspaceId'),'/')[8], ')')]",
"product": "[concat('OMSGallery/', 'ContainerInsights')]",
"promotionCode": "",
"publisher": "Microsoft"
}
}
]
}
},
"dependsOn": [
"[concat('Microsoft.Resources/deployments/', 'WorkspaceDeployment')]"
],
"tags": {
"Environment": "[parameters('environment')]"
}
},
{
"comments": "Azure Log Analytics",
"type": "Microsoft.Resources/deployments",
"name": "WorkspaceDeployment",
"apiVersion": "2017-05-10",
"resourceGroup": "[split(parameters('log_analytics_workspaceId'),'/')[4]]",
"subscriptionId": "[split(parameters('log_analytics_workspaceId'),'/')[2]]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"apiVersion": "2015-11-01-preview",
"type": "Microsoft.OperationalInsights/workspaces",
"location": "[parameters('log_analytics_location')]",
"name": "[parameters('log_analytics_workspaceName')]",
"properties": {
"sku": {
"name": "[parameters('log_analytics_sku')]"
}
}
}
]
}
},
"tags": {
"Environment": "[parameters('environment')]"
}
}
],
"outputs": {
"controlPlaneFQDN": {
"type": "string",
"value": "[reference(concat('Microsoft.ContainerService/managedClusters/', parameters('kubernetes_name'))).fqdn]"
}
}
}

Unfortunately you cannot create Service Principals in ARM templates.
I create them using PowerShell scripts and then either pass the relevant properties in to the ARM Template as parameters, or push them in to KeyVault and reference them from KeyVault where supported by the relevant ARM Template.

LogicApp via ARM to Listen Dropbox ( trigger ) to FTP ( action )

Would there be any ARM template for listening to a dropbox folder and creating file in FTP. I do find templates in azure on blob to FTP.
Also, what would be the Dropbox connection resource be in the deploy template? From where could i get these details in documentaion.
Please find my deploy json as below
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"dropboxconnectionaccountname": {
"type": "string",
"metadata": {
"description": "Account name of the dropbox."
}
},
"dropboxpassword": {
"type": "securestring",
"metadata": {
"description": "Password for the dropbox account"
}
},
"dropboxconnectionname": {
"type": "string",
"metadata": {
"description": "The name of the Dropbox connection being created."
}
},
"ftpServerAddress": {
"type": "string",
"metadata": {
"description": "The address of the FTP server."
}
},
"ftpUsername": {
"type": "string",
"metadata": {
"description": "The username for the FTP server."
}
},
"ftpPassword": {
"type": "securestring",
"metadata": {
"description": "The password for the FTP server."
}
},
"ftpServerPort": {
"type": "int",
"defaultvalue": 21,
"metadata": {
"description": "The port for the FTP server."
}
},
"ftpconnectionname": {
"type": "string",
"metadata": {
"description": "The name of the FTP connection being created."
}
},
"logicAppName": {
"type": "string",
"metadata": {
"description": "The name of the logic app to create."
}
},
"flowSkuName": {
"type": "string",
"defaultValue": "Standard",
"allowedValues": [
"Free",
"Basic",
"Standard",
"Premium"
],
"metadata": {
"description": "The pricing tier for the logic app."
}
},
"hostingPlanName": {
"type": "string",
"metadata": {
"description": "The name of the App Service plan to create for hosting the logic app."
}
},
"hostingSkuName": {
"type": "string",
"defaultValue": "S1",
"allowedValues": [
"F1",
"D1",
"B1",
"B2",
"B3",
"S1",
"S2",
"S3",
"P1",
"P2",
"P3",
"P4"
],
"metadata": {
"description": "Describes plan's pricing tier and instance size."
}
},
"hostingSkuCapacity": {
"type": "int",
"defaultValue": 1,
"minValue": 1,
"metadata": {
"description": "Describes plan's instance count"
}
},
"testUri": {
"type": "string",
"defaultValue": "http://azure.microsoft.com/en-us/status/feed/",
"metadata": {
"description": "A test URI"
}
}
},
"variables": {
"$ftpisssl": true,
"$ftpisBinaryTransport": true,
"$ftpdisableCertificateValidation": true
},
"resources": [
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"location": "[resourceGroup().location]",
"name": "[parameters('dropboxconnectionname')]",
"properties": {
"api": {
"id": "[concat(subscription().id,'/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/dropbox')]"
},
"displayName": "dropbox",
"parameterValues": {
"email": "[parameters('dropboxconnectionaccountname')]",
"password": "[parameters('dropboxpassword')]"
}
}
},
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"location": "[resourceGroup().location]",
"name": "[parameters('ftpconnectionname')]",
"properties": {
"api": {
"id": "[concat(subscription().id,'/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/ftp')]"
},
"displayName": "ftp",
"parameterValues": {
"serverAddress": "[parameters('ftpServerAddress')]",
"userName": "[parameters('ftpUsername')]",
"password": "[parameters('ftpPassword')]",
"serverPort": "[parameters('ftpServerPort')]",
"isssl": "[variables('$ftpisssl')]",
"isBinaryTransport": "[variables('$ftpisBinaryTransport')]",
"disableCertificateValidation": "[variables('$ftpdisableCertificateValidation')]"
}
}
},
{
"apiVersion": "2015-08-01",
"name": "[parameters('hostingPlanName')]",
"type": "Microsoft.Web/serverfarms",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "HostingPlan"
},
"sku": {
"name": "[parameters('hostingSkuName')]",
"capacity": "[parameters('hostingSkuCapacity')]"
},
"properties": {
"name": "[parameters('hostingPlanName')]"
}
},
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2015-08-01-preview",
"name": "[parameters('logicAppName')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/connections', parameters('dropboxconnectionname'))]",
"[resourceId('Microsoft.Web/connections', parameters('ftpconnectionname'))]"
],
"tags": {
"displayName": "LogicApp"
},
"properties": {
"sku": {
"name": "[parameters('flowSkuName')]",
"plan": {
"id": "[concat(resourceGroup().id, '/providers/Microsoft.Web/serverfarms/',parameters('hostingPlanName'))]"
}
},
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"actions": {
"Create_file": {
"inputs": {
"body": "#triggerBody()",
"host": {
"api": {
"runtimeUrl": "[concat('https://logic-apis-', resourceGroup().location, '.azure-apim.net/apim/ftp')]"
},
"connection": {
"name": "#parameters('$connections')['ftp']['connectionId']"
}
},
"method": "post",
"path": "/datasets/default/files",
"queries": {
"folderPath": "/site/wwwroot/",
"name": "#{triggerOutputs()['headers']?['x-ms-file-name']}"
}
},
"runAfter": {},
"type": "ApiConnection"
}
},
"contentVersion": "1.0.0.0",
"outputs": {},
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"When_a_file_is_added_or_modified": {
"inputs": {
"host": {
"api": {
"runtimeUrl": "[concat('https://logic-apis-', resourceGroup().location, '.azure-apim.net/apim/dropbox')]"
},
"connection": {
"name": "#parameters('$connections')['dropbox']['connectionId']"
}
},
"method": "get",
"path": "/datasets/default/triggers/onupdatedfile",
"queries": {
"folderId": "/site/wwwroot"
}
},
"recurrence": {
"frequency": "Second",
"interval": 15
},
"type": "ApiConnection"
}
}
},
"parameters": {
"$connections": {
"value": {
"ftp": {
"id": "[reference(concat('Microsoft.Web/connections/', parameters('ftpconnectionname')), '2015-08-01-preview').api.id]",
"connectionName": "[parameters('ftpconnectionname')]",
"connectionId": "[resourceId('Microsoft.Web/connections', parameters('ftpconnectionname'))]"
},
"dropbox": {
"id": "[reference(concat('Microsoft.Web/connections/', parameters('dropboxconnectionname')), '2015-08-01-preview').api.id]",
"connectionName": "[parameters('dropboxconnectionname')]",
"connectionId": "[resourceId('Microsoft.Web/connections', parameters('dropboxconnectionname'))]"
}
}
}
}
}
}
],
"outputs": {}
}

Resources