Develop Reference

How can I use dependsOn on copy resources in nested deployment?

I'm trying to deploy a RG tag for saving the roleAssignments version. I want that the tag deployment will be depended on the creation of the roleassignments. the roleassignments are created by using "copy" and the deployment is nested (since I need to change the scope to another RG and subscription).
I'm getting the following error message: {"code":"InvalidTemplate","message":"Deployment template validation failed: 'The template resource '[uniqueString(concat('nonRegionalRoleAssignments-', parameters('resourceId'), variables('roleAssignmentsToCreate')[copyIndex()].roleDefinitionId))]' at line '82' and column '9' is not valid: The template function 'copyIndex' is not expected at this location. The function can only be used in a resource with copy specified. Please see https://aka.ms/arm-copy for usage details.. Please see https://aka.ms/arm-template-expressions for usage details.'."}
How can I resolve it?
The template:
{
"$schema": https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#,
"contentVersion": "1.0.0.0",
"parameters": {
"managedIdentityName": {
"type": "String",
"metadata": {
"description": "The name of the managed identity resource."
}
},
"roleAssignmentsDefinitionIds": {
"type": "Array"
},
"roleAssignmentsVersion": {
"defaultValue": 0,
"type": "Int"
},
"resourceId": {
"type": "String"
},
"rolesAssignmentsResourceGroup": {
"type": "String"
},
"rolesAssignmentSubscriptionID": {
"type": "String"
}
},
"variables": {
"copy": [
{
"name": "roleAssignmentsToCreate",
"count": "[length(parameters('roleAssignmentsDefinitionIds'))]",
"input": {
"name": "[guid(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('managedIdentityName')), resourceGroup().id, parameters('roleAssignmentsDefinitionIds')[copyIndex('roleAssignmentsToCreate')])]",
"roleDefinitionId": "[parameters('roleAssignmentsDefinitionIds')[copyIndex('roleAssignmentsToCreate')]]"
}
}
],
"roleAssignmentVersionTagName": "[concat(parameters('managedIdentityName'), 'RoleAssignmentVersion')]",
"roleAssignmentsVersionTags": {
"tags": {
"[variables('roleAssignmentVersionTagName')]": "[parameters('roleAssignmentsVersion')]"
}
},
"updatedResourceGroupTags": "[union(resourceGroup(), variables('roleAssignmentsVersionTags')).tags]",
"roleAssignmentsDefaultVersion": {
"tags": {
"[variables('roleAssignmentVersionTagName')]": 0
}
}
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-05-01",
"name": "[uniqueString(concat('nonRegionalRoleAssignments-', parameters('resourceId'), variables('roleAssignmentsToCreate')[copyIndex()].roleDefinitionId))]",
"properties": {
"mode": "Incremental",
"parameters": {},
"copy": {
"name": "roleAssignment",
"count": "[length(variables('roleAssignmentsToCreate'))]",
"mode": "serial",
"batchSize": 1
},
"template": {
"$schema": https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#,
"contentVersion": "1.0.0.0",
"variables": {},
"resources": [
{
"name": "[guid(parameters('resourceId'), 'Microsoft.Authorization/roleDefinitions', variables('roleAssignmentsToCreate')[copyIndex()].roleDefinitionId, resourceGroup().id)]",
"type": "Microsoft.Authorization/roleAssignments",
"condition": "[less(int(union(variables('RoleAssignmentsDefaultVersion'), resourceGroup()).tags[variables('roleAssignmentVersionTagName')]), parameters('roleAssignmentsVersion'))]",
"apiVersion": "2020-04-01-preview",
"properties": {
"principalId": "[reference(parameters('resourceId'), '2018-11-30').principalId]",
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', variables('roleAssignmentsToCreate')[copyIndex()].roleDefinitionId)]",
"principalType": "ServicePrincipal"
}
}
]
}
},
"subscriptionId": "[parameters('rolesAssignmentSubscriptionID')]",
"resourceGroup": "[parameters('rolesAssignmentsResourceGroup')]"
}
Thanks

Remove:
"dependsOn": [
"roleAssignment"
],
From the tags resource - it's not needed.

How to deploy a Arm template with Linked template that contains a resource group and resources

I have a 'grandparent' master template that deploys another linked 'parent' template 4 times, each time with different group name (I've only shown the first resource):
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourcegroupName": {
"type": "string",
"metadata": {
"description": "The name given to the group and all resources it contains by default"
}
},
"resourceGroupLocation": {
"type": "string",
"metadata": {
"description": "The Location of the resource group"
}
},
"templateFolderUri": {
"type": "string",
"metadata": {
"description": "The URI of the template component folder"
}
}
},
"functions": [],
"variables": {},
"resources": [
{
"name": "[concat(parameters('resourceGroupName'), 'Dev')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2021-04-01",
"location": "[parameters('resourceGroupLocation')]",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/completeNovaRssDeploy.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"resourcegroupName": "[concat(parameters('resourcegroupName'), 'Dev')]",
"resourceGroupLocation": "[parameters('resourceGroupLocation')]",
"templateFolderUri": "[concat(parameters('resourcegroupName'), '/Components')]"
}
}
},
<resource repeated 3 times>
],
"outputs": {}
}
The 'parent' template, also links other 'child' templates and looks like so:
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourcegroupName": {
"type": "string",
"metadata": {
"description": "The name given to the group and all resources it contains by default"
}
},
"resourceGroupLocation": {
"type": "string",
"metadata": {
"description": "The Location of the resource group"
}
},
"templateFolderUri": {
"type": "string",
"metadata": {
"description": "The URI of the template component folder"
}
}
},
"functions": [],
"variables": {},
"resources": [
{
"comments": "Template for creating the resource group",
"name": "[parameters('resourcegroupName')]",
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2021-04-01",
"location": "[parameters('resourceGroupLocation')]",
"properties": {}
},
{
"name": "[parameters('resourceGroupName')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('resourcegroupName')]",
"apiVersion": "2021-04-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/servicePlanCreator.json')]",
"contentVersion": "1.0.0.0"
}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]"
]
},
{
"name": "[concat(parameters('resourceGroupName'), 'Storage')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('resourcegroupName')]",
"apiVersion": "2021-04-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/storageAccountTemplate.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]"
]
},
{
"name": "[concat(parameters('resourceGroupName'), 'Vault')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('resourcegroupName')]",
"apiVersion": "2021-04-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/keyVaultCreator.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]"
]
},
{
"name": "[concat(parameters('resourceGroupName'), 'App')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('resourcegroupName')]",
"apiVersion": "2021-04-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/dualSlotWebApp.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]",
"[resourceId('Microsoft.Resources/deployments', parameters('resourceGroupName'))]"
]
}
],
"outputs": {}
}
The 'parent' template works when ran on its own, the parent template does not. I get an error for the type of each resource in the grandparent template:
##[error]Multiple error occurred: BadRequest,BadRequest,BadRequest,BadRequest. Please see details.
##[error]Details:
##[error]InvalidTemplate: The nested deployment 'NovaArmTestDev' failed validation: 'Error converting value "NovaArmTestDev" to type 'Azure.Deployments.Core.Definitions.DeploymentParameterDefinition'. Path 'properties.parameters.resourcegroupName', line 1, position 476.'.
##[error]InvalidTemplate: The nested deployment 'NovaArmTestTest' failed validation: 'Error converting value "NovaArmTestTest" to type 'Azure.Deployments.Core.Definitions.DeploymentParameterDefinition'. Path 'properties.parameters.resourcegroupName', line 1, position 479.'.
##[error]InvalidTemplate: The nested deployment 'NovaArmTestCat' failed validation: 'Error converting value "NovaArmTestCat" to type 'Azure.Deployments.Core.Definitions.DeploymentParameterDefinition'. Path 'properties.parameters.resourcegroupName', line 1, position 476.'.
##[error]InvalidTemplate: The nested deployment 'NovaArmTest' failed validation: 'Error converting value "NovaArmTest" to type 'Azure.Deployments.Core.Definitions.DeploymentParameterDefinition'. Path 'properties.parameters.resourcegroupName', line 1, position 467.'.
##[warning]Validation errors were found in the Azure Resource Manager template. This can potentially cause template deployment to fail. Task failed while creating or updating the template deployment.. Please follow https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-syntax
Starting Deployment.
Deployment name is completeNovaRssDeploy-20220527-130154-2824
There were errors in your deployment. Error code: DeploymentFailed.
##[error]At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.
##[error]Details:
##[error]InvalidRequestContent: The request content was invalid and could not be deserialized: 'Error converting value "NovaArmTest" to type 'Azure.Deployments.Core.Definitions.DeploymentParameterDefinition'. Path 'properties.parameters.resourcegroupName', line 1, position 266.'.
##[error]InvalidRequestContent: The request content was invalid and could not be deserialized: 'Error converting value "NovaArmTestCat" to type 'Azure.Deployments.Core.Definitions.DeploymentParameterDefinition'. Path 'properties.parameters.resourcegroupName', line 1, position 269.'.
##[error]InvalidRequestContent: The request content was invalid and could not be deserialized: 'Error converting value "NovaArmTestDev" to type 'Azure.Deployments.Core.Definitions.DeploymentParameterDefinition'. Path 'properties.parameters.resourcegroupName', line 1, position 269.'.
##[error]InvalidRequestContent: The request content was invalid and could not be deserialized: 'Error converting value "NovaArmTestTest" to type 'Azure.Deployments.Core.Definitions.DeploymentParameterDefinition'. Path 'properties.parameters.resourcegroupName', line 1, position 270.'.
##[error]Check out the troubleshooting guide to see if your issue is addressed: https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-resource-group-deployment?view=azure-devops#troubleshooting
##[error]Task failed while creating or updating the template deployment.
I believe I understand why this is happening as in the 'grandparent' template I am linking the 'parent' as "type": "Microsoft.Resources/deployments" when the 'parent' template deploys a resource group and operates on the subscription scope. I also tried setting the type to "type": "Microsoft.Resources/resourceGroups" but that also did not work. I believe this can be fixed by moving the resource group from the 'parent' template to the 'grandparent' but I am wondering if there is a resource type that can more easily accommodate both these types in the same linked template.

When passing parameters to the linked templates, the parameters need an additional property added called "value": ....
Fixing a portion of the example provided, the result would look like
...
"parameters": {
"resourcegroupName": {
"value": "[concat(parameters('resourcegroupName'), 'Dev')]"
},
"resourceGroupLocation": {
"value": "[parameters('resourceGroupLocation')]"
},
"templateFolderUri": {
"value": "[concat(parameters('templateFolderUri'), '/Components')]"
}
}
...
Reference: https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/linked-templates?tabs=azure-powershell#:~:text=To%20pass%20parameter%20values%20inline

How to wait for deploying a resource in another ResourceGroup in Arm template

We want to have two resource group, 1- shared-resource group for shared resources like app service plan, ...
2- another resource-group for other resources like web-app.
We are using nested link template which contains three level:
highest level is main deployment template file which contains everything.
next level is for calling all resource templates for each resource-group, e.g we have two template file in this level one for shared resource-group and two other resource-group, so for-example first file will call some link template to create app service plan, elastic pool and ....
second file will call link templates for deploying web-app, network and ....
last level is our generic resource templates, in this level for each resource we have a template file e.g for web-app we have a generic template which deploy web-app with some parameters.
Now the question is how we can use 'dependson' to create all shared-Resources first after that deploy all other resources?
*please note: shared resources are in different resource-group and other resources are in another resource-group so we have two resource-group which both and all included resources are deploying in main template file.
My main deployment template file is this:
// Include rg-CockpitShared and app specific resources - and share parameters
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-
01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"cockpitEnvironment": {
"type": "string"
}
},
"variables": {
"currentTemplateUri": "[deployment().properties.templateLink.uri]",
"rgCockpitSharedUrl": "[concat(uri(variables('currentTemplateUri'), 'rg-CockpitShared/rg-CockpitShared.json'))]",
"rgCockpitSharedParametersUrl": "[concat(uri(variables('currentTemplateUri'), concat('rg-CockpitShared/rg-CockpitShared.parameters.', parameters('cockpitEnvironment'), '.json')))]",
"rgClientCmdbTemplateUrl": "[concat(uri(variables('currentTemplateUri'), 'rg-ClientCmdb/rg-ClientCmdb.json'))]",
"rgClientCmdbParametersUrl": "[concat(uri(variables('currentTemplateUri'), concat('rg-ClientCmdb/rg-ClientCmdb.parameters.', parameters('cockpitEnvironment'), '.json')))]"
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"location": "[parameters('location')]",
"apiVersion": "2019-10-01",
"name": "CockpitShared",
"tags": {
"devOwner": "aspBuild"
},
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('rgCockpitSharedUrl')]",
"contentVersion": "1.0.0.0"
},
"parametersLink": {
"uri": "[variables('rgCockpitSharedParametersUrl')]",
"contentVersion": "1.0.0.0"
}
}
},
{
"type": "Microsoft.Resources/deployments",
"location": "[parameters('location')]",
"apiVersion": "2019-10-01",
"name": "otherResources",
"tags": {
"devOwner": "aspBuild"
},
"dependsOn": [
"CockpitShared"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('rgClientCmdbTemplateUrl')]",
"contentVersion": "1.0.0.0"
},
"parametersLink": {
"uri": "[variables('rgClientCmdbParametersUrl')]",
"contentVersion": "1.0.0.0"
}
}
}
],
"outputs": {
"rgCockpitSharedUrl": {
"type": "string",
"value": "[variables('rgCockpitSharedUrl')]"
},
"rgCockpitSharedParametersUrl": {
"type": "string",
"value": "[variables('rgCockpitSharedParametersUrl')]"
}
}
}
So What I have done here is using dependsOn = "CockpitShared" and expected that first it deploys shared resources and after that start to deploy 'otherResources', but I got error that app-service-plan is not found which means it's not wait to shared resources be deployed and I don't understand why? :(

Finally I found a solution:
I used 'reference' instead of 'dependson'.
So in my shared-Resources arm template I return app service plan name as output and used it from my main deployment file so it wait for finishing shared resources deployment first and after that start to deploy web app ...
for more detail see below code:
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"cockpitEnvironment": {
"type": "string"
},
"storageAccountUri": {
"type": "string"
}
},
"variables": {
"rgCockpitSharedUrl": "[concat(uri(parameters('storageAccountUri'), 'rg-CockpitShared/rg-CockpitShared.json'))]",
"rgClientCmdbTemplateUrl": "[concat(uri(parameters('storageAccountUri'), 'ClientCmdb/rg-ClientCmdb/rg-ClientCmdb.json'))]"
},
"functions": [
{
"namespace": "ClientCmdb",
"members": {
"SelectValueByEnv": {
"parameters": [
{
"name": "Environment",
"type": "string"
},
{
"name": "prodValue",
"type": "string"
},
{
"name": "devValue",
"type": "string"
},
{
"name": "testValue",
"type": "string"
}
],
"output": {
"type": "string",
"value": "[if(equals(parameters('Environment'),'prod'),parameters('prodValue'),if(equals(parameters('Environment'),'dev'),parameters('devValue'),parameters('testValue')))]"
}
}
}
}
],
"resources": [
{
"type": "Microsoft.Resources/deployments",
"location": "[parameters('location')]",
"apiVersion": "2019-10-01",
"name": "CockpitShared",
"tags": {
"devOwner": "aspBuild"
},
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('rgCockpitSharedUrl')]"
},
"parameters": {
"rgName": {
"value": "[ClientCmdb.SelectValueByEnv(parameters('cockpitEnvironment'),'rg-CockpitShared','rg-CockpitShared','rg-CockpitShared')]"
},
"location": {
"value": "[parameters('location')]"
},
"cockpitEnvironment": {
"value": "[parameters('cockpitEnvironment')]"
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"location": "[parameters('location')]",
"apiVersion": "2019-10-01",
"name": "ClientCmdb",
"tags": {
"devOwner": "aspBuild"
},
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('rgClientCmdbTemplateUrl')]"
},
"parameters": {
"rgName": {
"value": "[ClientCmdb.SelectValueByEnv(parameters('cockpitEnvironment'),'rg-ClientCmdb','rg-ClientCmdb','rg-ClientCmdb')]"
},
"location": {
"value": "[ClientCmdb.SelectValueByEnv(parameters('cockpitEnvironment'),'northeurope','northeurope','northeurope')]"
},
"cockpitEnvironment": {
"value": "[parameters('cockpitEnvironment')]"
},
"planName": {
// Here__________________________________________________________________________________
"value": "[reference('CockpitShared').outputs.planName.value]"
}
}
}
}
],
}
so basically I pass my app service plan name from shared resource template to main template and main template gets it by 'reference' and pass it to other resources template via parameter.
Regarding to do that I had to use inline params as I was using params in seperated files...
Hope it's useful for someone else :)

ARM template: issue with output in nested templates

I'm currently facing an issue with nested template.
When I'm applying my template (detail below), I get this answer from Azure:
Azure Error: InvalidTemplate
Message: Deployment template validation failed: 'The template reference 'sandbox.test.portal' is not valid: could not find template resource or resource copy with this name. Please see https://aka.ms/arm-template-expressions/#reference for usage details.'.
However, I don't really understand why I get this issue, because for the content inside the nested template, I used what they provide in the documentation here: https://github.com/Azure/azure-quickstart-templates/blob/master/101-azure-dns-new-zone/azuredeploy.json
My ARM template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
},
"newZoneName": {
"type": "string",
"defaultValue": "sandbox.test.portal",
"metadata": {
"description": "The name of the DNS zone to be created. Must have at least 2 segements, e.g. hostname.org"
}
},
"newRecordName": {
"type": "string",
"defaultValue": "www",
"metadata": {
"description": "The name of the DNS record to be created. The name is relative to the zone, not the FQDN."
}
}
},
"variables": {
"publicIPAddressName": "[concat(resourceGroup().name, '-pip')]",
},
"resources": [
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"location": "[parameters('location')]",
"properties": {
"publicIPAllocationMethod": "Dynamic",
"dnsSettings": {
"domainNameLabel": "[parameters('dnsLabelPrefix')]"
}
}
},
{
"apiVersion": "2017-05-10",
"name": "nestedTemplate",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "my-rg",
"subscriptionId": "[subscription().subscriptionId]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {
},
"resources": [
{
"type": "Microsoft.Network/dnszones",
"name": "[parameters('newZoneName')]",
"apiVersion": "2016-04-01",
"location": "global",
"properties": {
}
},
{
"type": "Microsoft.Network/dnszones/a",
"name": "[concat(parameters('newZoneName'), '/', parameters('newRecordName'))]",
"apiVersion": "2016-04-01",
"location": "global",
"dependsOn": [
"[parameters('newZoneName')]"
],
"properties": {
"TTL": 3600,
"ARecords": [
{
"ipv4Address": "1.2.3.4"
},
{
"ipv4Address": "1.2.3.5"
}
]
}
}
],
"outputs": {
"nameServers": {
"type": "array",
"value": "[reference(parameters('newZoneName')).nameServers]"
}
}
}
}
}
]
}

basically, you need to remove the outputs from the nested inline template, so remove this bit:
"outputs": {
"nameServers": {
"type": "array",
"value": "[reference(parameters('newZoneName')).nameServers]"
}
}
long story short, nested inline deployments are bad. dont use them.
alternatively move those to the parent template and do a real lookup:
reference(resourceId('Microsoft.Network/dnszones', parameters('newZoneName')))

You have several minor mistakes in your template:
Comma in variables '-pip')]",
Undefined parameter dnsLabelPrefix
The general mistake in nested outputs. When you use nested templates azure don't find it in your main template. Therefore you must use a reference function with identifier and API: "[reference(resourceId('Microsoft.Network/dnszones', parameters('newZoneName')), '2016-04-01').nameServers]".
I modified your template and validate in my subscription.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"newZoneName": {
"type": "string",
"defaultValue": "sandbox.test.portal",
"metadata": {
"description": "The name of the DNS zone to be created. Must have at least 2 segements, e.g. hostname.org"
}
},
"newRecordName": {
"type": "string",
"defaultValue": "www",
"metadata": {
"description": "The name of the DNS record to be created. The name is relative to the zone, not the FQDN."
}
},
"dnsLabelPrefix": {
"type": "string",
"defaultValue": "[concat('dns',uniqueString(resourceGroup().name))]"
},
"nestedResourceGroup": {
"type": "string",
"defaultValue": "my-rg",
"metadata": {
"description": "my-rg"
}
}
},
"variables": {
"publicIPAddressName": "[concat(resourceGroup().name, '-pip')]"
},
"resources": [
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"location": "[resourceGroup().location]",
"properties": {
"publicIPAllocationMethod": "Dynamic",
"dnsSettings": {
"domainNameLabel": "[parameters('dnsLabelPrefix')]"
}
}
},
{
"apiVersion": "2017-05-10",
"name": "nestedTemplate",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('nestedResourceGroup')]",
"subscriptionId": "[subscription().subscriptionId]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {
},
"resources": [
{
"type": "Microsoft.Network/dnszones",
"name": "[parameters('newZoneName')]",
"apiVersion": "2016-04-01",
"location": "global",
"properties": {
}
},
{
"type": "Microsoft.Network/dnszones/a",
"name": "[concat(parameters('newZoneName'), '/', parameters('newRecordName'))]",
"apiVersion": "2016-04-01",
"location": "global",
"dependsOn": [
"[resourceId('Microsoft.Network/dnszones', parameters('newZoneName'))]"
],
"properties": {
"TTL": 3600,
"ARecords": [
{
"ipv4Address": "1.2.3.4"
},
{
"ipv4Address": "1.2.3.5"
}
]
}
}
],
"outputs": {
"nameServers": {
"type": "array",
"value": "[reference(resourceId('Microsoft.Network/dnszones', parameters('newZoneName')), '2016-04-01').nameServers]"
}
}
}
}
}
]
}
Have a nice day!

Azure ServiceBus - Queue - Authorization rule creation error

I'm creating Azure resource manager template with ServiceBus, queue and couple shared access rules. I'm creating the namespace and the queue correctly but when I try to add authorization rule I get:
Resource Microsoft.ServiceBus/namespaces/authorizationRules
'myservicebusnamespace/SendOnlyKey' failed with message 'Request
payload is not in the expected format.
First of all is this possible? There's no samples out there and do documentation either..
Since this is quite generic message I was wondering if anyone else has encountered similar issues using ARM Template for creating Queues?
This is what I have so far:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sbNamespace": {
"type": "string",
"metadata": {
"description": "The service bus namespace"
}
}
},
"variables": {
"location": "[resourceGroup().location]",
"sbVersion": "[providers('Microsoft.ServiceBus', 'namespaces').apiVersions[0]]",
"queueName": "testQueue",
"defaultSASKeyName": "RootManageSharedAccessKey",
"authRuleResourceId": "[resourceId('Microsoft.ServiceBus/namespaces/authorizationRules', parameters('sbNamespace'), variables('defaultSASKeyName'))]",
"sendAuthRuleResourceId": "[resourceId('Microsoft.ServiceBus/namespaces/authorizationRules', parameters('sbNamespace'), 'SendOnlyKey')]",
"keyGeneratorTemplateUri": "https://raw.githubusercontent.com/sjkp/Azure.ARM.ServiceBus/master/Azure.ARM.ServiceBus/Templates/keygenerator.json"
},
"resources": [
{
"apiVersion": "2015-01-01",
"name": "primaryKey",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "incremental",
"templateLink": {
"uri": "[variables('keyGeneratorTemplateUri')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"seed": { "value": "1234a5" }
}
}
},
{
"apiVersion": "2015-01-01",
"name": "secondaryKey",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "incremental",
"templateLink": {
"uri": "[variables('keyGeneratorTemplateUri')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"seed": { "value": "ac34a5" }
}
}
},
{
//namespace
"apiVersion": "[variables('sbVersion')]",
"name": "[parameters('sbNamespace')]",
"type": "Microsoft.ServiceBus/namespaces",
"location": "[variables('location')]",
"properties": {
"messagingSku": 2
},
"resources": [
{
//queue
"apiVersion": "[variables('sbVersion')]",
"name": "[variables('queueName')]",
"type": "Queues",
"dependsOn": [
"[concat('Microsoft.ServiceBus/namespaces/', parameters('sbNamespace'))]"
],
"properties": {
"path": "[variables('queueName')]",
"defaultMessageTimeToLive": "14.0:0:0",
"maxQueueSizeInMegaBytes": "1024",
"maxDeliveryCount": "10"
}
}
,{
//auth rule 1
"apiVersion": "[variables('sbVersion')]",
"name": "[concat(parameters('sbNamespace'),'/SendOnlyKey')]",
"type": "Microsoft.ServiceBus/namespaces/authorizationRules",
"dependsOn": [
"[concat('Microsoft.ServiceBus/namespaces/', parameters('sbNamespace'))]",
"[concat('Microsoft.Resources/deployments/', 'primaryKey')]",
"[concat('Microsoft.Resources/deployments/', 'secondaryKey')]"
],
"location": "[variables('location')]",
"properties": {
"keyName": "SendOnlyKey",
"PrimaryKey": "[reference('primaryKey').outputs.key.value]",
"SecondaryKey": "[reference('secondaryKey').outputs.key.value]"
}
}
]
}
],
"outputs": {
"NamespaceDefaultConnectionString": {
"type": "string",
"value": "[listkeys(variables('authRuleResourceId'), variables('sbVersion')).primaryConnectionString]"
}
}
}

Sounds like something is failing with the sub template that should generate the keys.
Could you try to generate they keys with e.g. powershell instead:
$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$key = [System.Convert]::ToBase64String($bytes)
To see if that fixes the error.

Difficult stuff, that's for sure. Have a look at
Service Bus ARM Templates
No Service Bus Provider for ARM yet