I have an arm template which creates 2 document db servers.
The section of the ARM template looks like this:
{
"name": "[variables('sqlServerName')]",
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2019-12-12",
"location": "[parameters('location')]",
"tags": {
"name": "Cosmos DB Account"
},
"properties": {
"locations": "[variables('locations')]",
"databaseAccountOfferType": "Standard"
}
},
{
"name": "[variables('sqlServerDevelopmentName')]",
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2019-12-12",
"location": "[parameters('location')]",
"tags": {
"name": "Cosmos Development DB Account"
},
"properties": {
"locations": "[variables('locations')]",
"databaseAccountOfferType": "Standard"
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/apis/databases",
"name": "[concat(variables('sqlServerName'), '/sql/', variables('name'))]",
"apiVersion": "2016-03-31",
"dependsOn": ["[resourceId('Microsoft.DocumentDB/databaseAccounts/', variables('sqlServerName'))]"],
"properties": {
"resource": {
"name": "[variables('liveName')]"
},
"options": {
"throughput": "[variables('cosmosThroughPut')]"
}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/apis/databases",
"name": "[concat(variables('sqlServerDevelopmentName'), '/sql/', variables('name'))]",
"apiVersion": "2016-03-31",
"dependsOn": ["[resourceId('Microsoft.DocumentDB/databaseAccounts/', variables('sqlServerDevelopmentName'))]"],
"properties": {
"resource": {
"name": "[variables('developmentName')]"
},
"options": {
"throughput": "[variables('cosmosDevelopThroughPut')]"
}
}
},
{
"name": "[concat(variables('sqlServerName'), '/sql/', variables('name'), '/', variables('cosmosContainerName'))]",
"type": "Microsoft.DocumentDb/databaseAccounts/apis/databases/containers",
"apiVersion": "2016-03-31",
"dependsOn": ["[resourceId('Microsoft.DocumentDB/databaseAccounts/apis/databases', variables('sqlServerName'), 'sql', variables('name'))]"],
"properties": {
"resource": {
"name": "[variables('cosmosContainerName')]",
"partitionKey": {
"paths": [
"/categoryId"
],
"kind": "Hash"
},
"indexingPolicy": {
"indexingMode": "consistent",
"includedPaths": [{
"path": "/*"
}]
}
}
}
},
{
"name": "[concat(variables('sqlServerDevelopmentName'), '/sql/', variables('name'), '/', variables('cosmosContainerName'))]",
"type": "Microsoft.DocumentDb/databaseAccounts/apis/databases/containers",
"apiVersion": "2016-03-31",
"dependsOn": ["[resourceId('Microsoft.DocumentDB/databaseAccounts/apis/databases', variables('sqlServerDevelopmentName'), 'sql', variables('name'))]"],
"properties": {
"resource": {
"name": "[variables('cosmosContainerName')]",
"partitionKey": {
"paths": [
"/categoryId"
],
"kind": "Hash"
},
"indexingPolicy": {
"indexingMode": "consistent",
"includedPaths": [{
"path": "/*"
}]
}
}
}
}
And the variables look like this:
"name": "sxp",
"sqlServerName": "[variables('liveName')]",
"sqlServerDevelopmentName": "[variables('developmentName')]",
"sxpDatabaseName": "[variables('name')]",
"cosmosContainerName": "products",
"cosmosThroughPut": "400",
"cosmosDevelopThroughPut": "400",
When I run my release I get this error (for both DocumentDb servers):
{
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "BadRequest",
"message": "Message: {\"code\":\"BadRequest\",\"message\":\"Message: {\\\"partitionCount\\\":1}\\r\\nActivityId: b0751976-2076-4f29-93ab-b3d5849390b8, Request URI: /apps/0ccd856f-da7a-4ff9-a530-88ce0dbfd50c/services/b3350877-fd5e-4ea1-b6ee-41ecb9fb2540/partitions/14300278-223a-4614-afca-48f66e186695/replicas/132272757678585484p, RequestStats: , SDK: Microsoft.Azure.Documents.Common/2.9.2\"}, Request URI: /dbs, RequestStats: , SDK: Microsoft.Azure.Documents.Common/2.9.2, Microsoft.Azure.Documents.Common/2.9.2, Microsoft.Azure.Documents.Common/2.9.2, Microsoft.Azure.Documents.Common/2.9.2, Microsoft.Azure.Documents.Common/2.9.2, Microsoft.Azure.Documents.Common/2.9.2, Microsoft.Azure.Documents.Common/2.9.2, Microsoft.Azure.Documents.Common/2.9.2, Microsoft.Azure.Documents.Common/2.9.2"
}
]
}
}
Which means absolutely nothing to me. I have tried googling it, but I can't find any reference to the error. The strange thing is, it creates the resources and they are usable, but the deployment says it has failed.
Has anyone seen this issue before?
I have figured this out.
It's to do with the id property. You must have one. If you use the arm-ttk-master it will tell you that not using the resourceId function is not valid, but in the case for cosmos databases and containers, it is wrong.....
So, it should look like this:
{
"type": "Microsoft.DocumentDB/databaseAccounts/apis/databases",
"name": "[concat(variables('sqlServerDevelopmentName'), '/sql/', variables('name'))]",
"apiVersion": "2016-03-31",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('sqlServerDevelopmentName'))]"
],
"properties": {
"resource": {
"id": "[variables('name')]"
},
"options": {
"throughput": "[variables('cosmosDevelopThroughPut')]"
}
}
},
{
"name": "[concat(variables('sqlServerName'), '/sql/', variables('name'), '/', variables('cosmosContainerName'))]",
"type": "Microsoft.DocumentDb/databaseAccounts/apis/databases/containers",
"apiVersion": "2016-03-31",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/apis/databases', variables('sqlServerName'), 'sql', variables('name'))]"
],
"properties": {
"resource": {
"id": "[variables('cosmosContainerName')]",
"partitionKey": {
"paths": [
"/categoryId"
],
"kind": "Hash"
},
"indexingPolicy": {
"indexingMode": "consistent",
"includedPaths": [{
"path": "/*"
}]
}
}
}
},
take note of the id properties:
"id": "[variables('cosmosContainerName')]",
Related
I am trying to set diagnostic settings for my Azure sql database via ARM template, However the diagnostic part (nested under database resource) is failing because the type 'providers/diagnosticsetting' is invalid.
Error:
New-AzResourceGroupDeployment : 4:56:26 AM - Resource providers/diagnosticSettings 'monitor' failed with message '{
"error": {
"code": "InvalidResourceNamespace",
"message": "The resource namespace 'providers' is invalid."
}
}'
ARM Template snippet:
"resources": [
{
"type": "Microsoft.Sql/servers",
"apiVersion": "2020-02-02-preview",
"name": "[parameters('serverName')]",
"location": "[parameters('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"version": "12.0"
},
"resources": [
{
"type": "databases",
"apiVersion": "2020-02-02-preview",
"name": "[parameters('sqlDBName')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard",
"tier": "Standard"
},
"properties": {
"collation": "SQL_Latin1_General_CP1_CI_AS"
},
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', concat(parameters('serverName')))]"
],
"resources": [
{
"type": "transparentDataEncryption",
"apiVersion": "2017-03-01-preview",
"name": "current",
"dependsOn": [
"[parameters('sqlDBName')]"
],
"properties": {
"status": "Enabled"
}
},
{
"type": "providers/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "monitor",
"dependsOn": [
"[parameters('sqlDBName')]"
],
"properties": {
"workspaceId": "[parameters('logAnalyticsWorkspaceIdForGlobalDiagnosticSetting')]",
"logs": [
],
"metrics": [
]
}
},
{
"type": "vulnerabilityAssessments",
"apiVersion": "2020-02-02-preview",
"name": "default",
"dependsOn": [
"[parameters('sqlDBName')]"
],
"properties": {
"storageContainerPath": "[parameters('storageContainerPathForVulnerabilityAssesment')]",
"storageAccountAccessKey": "[parameters('storageAccountAccessKeyForVulnerabilityAssesment')]",
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": false,
"emails": []
}
}
}
]
}
]
},
{
"type": "Microsoft.Sql/servers/firewallRules",
"apiVersion": "2020-02-02-preview",
"name": "[concat(parameters('serverName'), '/AllowAzureIPs')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"
],
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
}
},
{
"type": "Microsoft.Sql/servers/administrators",
"apiVersion": "2020-08-01-preview",
"name": "[concat(parameters('serverName'), '/ActiveDirectory')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"
],
"properties": {
"administratorType": "ActiveDirectory",
"login": "[parameters('azureActiveDirectoryAdminLogin')]",
"sid": "[parameters('azureActiveDirectoryAdminSid')]",
"tenantId": "[parameters('azureActiveDirectoryAdminTenantId')]"
}
},
{
"type": "Microsoft.Sql/servers/securityAlertPolicies",
"apiVersion": "2020-08-01-preview",
"name": "[concat(parameters('serverName'), '/Default')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"
],
"properties": {
"state": "Enabled",
"emailAccountAdmins": false
}
},
{
"type": "Microsoft.Sql/servers/auditingSettings",
"apiVersion": "2020-08-01-preview",
"name": "[concat(parameters('serverName'), '/Default')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"
],
"properties": {
"isDevopsAuditEnabled": false,
"retentionDays": 0,
"auditActionsAndGroups": [
"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP",
"FAILED_DATABASE_AUTHENTICATION_GROUP",
"BATCH_COMPLETED_GROUP"
],
"isStorageSecondaryKeyInUse": false,
"isAzureMonitorTargetEnabled": false,
"state": "Enabled",
"storageEndpoint": "[reference(resourceId(parameters('centralMonitoringResourceGroup'), 'Microsoft.Storage/storageAccounts', parameters('centralMonitoringStorageAccountName')), '2019-06-01').PrimaryEndpoints.Blob]",
"storageAccountAccessKey": "[parameters('centralMonitoringStorageAccountAccessKey')]",
"storageAccountSubscriptionId": "[parameters('centralMonitoringStorageAccountSubscriptionId')]"
}
},
{
"type": "Microsoft.Sql/servers/vulnerabilityAssessments",
"apiVersion": "2020-08-01-preview",
"name": "[concat(parameters('serverName'), '/Default')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/securityAlertPolicies/Default')]"
],
"properties": {
"storageContainerPath": "[parameters('storageContainerPathForVulnerabilityAssesment')]",
"storageAccountAccessKey": "[parameters('storageAccountAccessKeyForVulnerabilityAssesment')]",
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": false,
"emails": []
}
}
},
{
"type": "Microsoft.Sql/servers/encryptionProtector",
"apiVersion": "2020-08-01-preview",
"name": "[concat(parameters('serverName'), '/current')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"
],
"kind": "servicemanaged",
"properties": {
"serverKeyName": "ServiceManaged",
"serverKeyType": "ServiceManaged",
"autoRotationEnabled": false
}
},
{
"type": "Microsoft.Sql/servers/connectionPolicies",
"apiVersion": "2014-04-01",
"name": "[concat(parameters('serverName'), '/ConnectionPolicies')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"
],
"properties": {
"connectionType": "[parameters('connectionType')]"
}
}
]
When enabling sql server vulnerabilityAssessments feature using arm template, following error is thrown when storage account has a firewall on.
"error": {
"code": "InvalidStorageAccountCredentials",
"message": "The provided storage account shared access signature or account storage key is not valid."
}
}
Template part:
{
"type": "Microsoft.Sql/servers/securityAlertPolicies",
"apiVersion": "2017-03-01-preview",
"name": "[concat(variables('sqls01Name'), '/Default')]",
"dependsOn": [
],
"properties": {
"state": "Enabled",
"emailAddresses": "[variables('emailActionGroupAddresses')]",
"emailAccountAdmins": false
}
},
{
"type": "Microsoft.Sql/servers/vulnerabilityAssessments",
"apiVersion": "2018-06-01-preview",
"location": "westeurope",
"name": "[concat(variables('sqls01Name'), '/Default')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('defenderSa'))]"
],
"properties": {
"storageContainerPath": "[concat('https://',variables('defenderSa'),'.blob.core.windows.net/vulnerability-assessment/')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('defenderSa')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": false,
"emails": "[variables('emailActionGroupAddresses')]"
}
}
},
{
"name": "[variables('defenderSA')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
"location": "westeurope",
"properties": {
"accessTier": "Cool",
"allowBlobPublicAccess": false,
"supportsHttpsTrafficOnly": true,
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [{
"id": "[variables('subnetId')]",
"action": "Allow"
}],
"ipRules": [
],
"defaultAction": "Deny"
}
},
"dependsOn": [
],
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"tags": {
}
}
I notices that when enabling the feature from portal following communicate is displayed:
You have selected a storage that is behind a firewall or in a virtual network. Please be aware that using this storage will create a managed identity for the server and it will be granted 'storage blob data contributor' role on the selected storage.
The assignment is indeed created and the assessment works, however when I try to replicate this in arm template with following code it still fails.
{
"type": "Microsoft.Storage/storageAccounts/providers/roleAssignments",
"name": "[concat(variables('defenderSA'),'/Microsoft.Authorization/',guid(variables('sqls01Name')))]",
"apiVersion": "2018-09-01-preview",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts',variables('defenderSA'))]"
],
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]",
"principalId": "[reference(resourceId('Microsoft.Sql/servers',variables('sqls01Name')),providers('Microsoft.Sql', 'servers').apiVersions[0],'Full').identity.principalId]"
}
}
Regarding the issue, please refer to the following template
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"clientIp": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "allow you client to access Azure storage "
}
},
"virtualNetworksName": {
"defaultValue": "testsql09",
"type": "String"
},
"serverName": {
"type": "string",
"defaultValue": "[uniqueString('sql', resourceGroup().id)]",
"metadata": {
"description": "The name of the SQL logical server."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
},
"administratorLogin": {
"type": "string",
"defaultValue": "sqladmin",
"metadata": {
"description": "The administrator username of the SQL logical server."
}
},
"administratorLoginPassword": {
"type": "securestring",
"defaultValue": "Password0123!",
"metadata": {
"description": "The administrator password of the SQL logical server."
}
},
"connectionType": {
"defaultValue": "Default",
"allowedValues": [ "Default", "Redirect", "Proxy" ],
"type": "string",
"metadata": {
"description": "SQL logical server connection type."
}
}
},
"variables": {
"serverResourceGroupName": "[resourceGroup().name]",
"subscriptionId": "[subscription().subscriptionId]",
"uniqueStorage": "[uniqueString(variables('subscriptionId'), variables('serverResourceGroupName'), parameters('location'))]",
"storageName": "[tolower(concat('sqlva', variables('uniqueStorage')))]",
"roleAssignmentName": "[guid(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), variables('storageBlobContributor'), resourceId('Microsoft.Sql/servers', parameters('serverName')))]",
"StorageBlobContributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]"
},
"resources": [
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2020-05-01",
"name": "[parameters('virtualNetworksName')]",
"location": "southeastasia",
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.18.0.0/24"
]
},
"subnets": [
{
"name": "default",
"properties": {
"addressPrefix": "10.18.0.0/24",
"serviceEndpoints": [
{
"service": "Microsoft.Storage"
}
],
"delegations": [],
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
}
}
],
"virtualNetworkPeerings": [],
"enableDdosProtection": false,
"enableVmProtection": false
}
},
{
"type": "Microsoft.Network/virtualNetworks/subnets",
"apiVersion": "2020-05-01",
"name": "[concat(parameters('virtualNetworksName'), '/default')]",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworksName'))]"
],
"properties": {
"addressPrefix": "10.18.0.0/24",
"serviceEndpoints": [
{
"service": "Microsoft.Storage"
}
],
"delegations": [],
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
}
},
{
"type": "Microsoft.Sql/servers",
"apiVersion": "2019-06-01-preview",
"name": "[parameters('serverName')]",
"location": "[parameters('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"version": "12.0"
}
},
{
"type": "Microsoft.Sql/servers/databases",
"apiVersion": "2019-06-01-preview",
"name": "[concat(parameters('serverName'), '/test')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"
],
"sku": {
"name": "Basic",
"tier": "Basic",
"capacity": 5
},
"kind": "v12.0,user",
"properties": {
"collation": "SQL_Latin1_General_CP1_CI_AS",
"maxSizeBytes": 2147483648,
"catalogCollation": "SQL_Latin1_General_CP1_CI_AS",
"zoneRedundant": false,
"readScale": "Disabled",
"storageAccountType": "LRS"
}
},
{
"type": "Microsoft.Sql/servers/securityAlertPolicies",
"apiVersion": "2020-02-02-preview",
"name": "[concat(parameters('serverName'), '/Default')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"
],
"properties": {
"state": "Enabled",
"emailAccountAdmins": false
}
},
{
"type": "Microsoft.Sql/servers/vulnerabilityAssessments",
"apiVersion": "2018-06-01-preview",
"name": "[concat(parameters('serverName'), '/Default')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]",
"[resourceId('Microsoft.Sql/servers/securityAlertPolicies', parameters('serverName'), 'Default')]",
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageName'))]",
"[extensionResourceId(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), 'Microsoft.Authorization/roleAssignments', variables('roleAssignmentName'))]"
],
"properties": {
"storageContainerPath": "[concat(reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageName'))).primaryEndpoints.blob, 'vulnerability-assessment')]",
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": false
}
}
},
{
"type": "Microsoft.Sql/servers/connectionPolicies",
"apiVersion": "2014-04-01",
"name": "[concat(parameters('serverName'), '/Default')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"
],
"properties": {
"connectionType": "[parameters('connectionType')]"
}
},
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
"name": "[variables('storageName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworksName'), 'default')]"
],
"sku": {
"name": "Standard_LRS"
},
"kind": "StorageV2",
"properties": {
"minimumTlsVersion": "TLS1_2",
"allowBlobPublicAccess": true,
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [
{
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworksName'), 'default')]",
"action": "Allow",
"state": "Succeeded"
}
],
"ipRules": [
{
"value": "[parameters('clientIp')]",
"action": "Allow"
}
],
"defaultAction": "Deny"
}
}
},
{
"type": "Microsoft.Storage/storageAccounts/providers/roleAssignments",
"apiVersion": "2020-04-01-preview",
"name": "[concat(variables('storageName'), '/Microsoft.Authorization/', variables('roleAssignmentName'))]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]",
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageName'))]"
],
"properties": {
"roleDefinitionId": "[variables('StorageBlobContributor')]",
"principalId": "[reference(resourceId('Microsoft.Sql/servers', parameters('serverName')), '2020-02-02-preview', 'Full').identity.principalId]",
"scope": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageName'))]",
"principalType": "ServicePrincipal"
}
}
]
}
While trying to deploy a CosmosDB instance with 2 collections ("MyCollection1", "MyCollection2") I keep getting the error:
NotFound: Entity with the specified id does not exist in the system
So I keep searching for "resourceId" in my custom ARM template (please see below) but cannot find the erorr cause.
I don't understand, why does not the pipeline at least print the line number for me?
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"accountName": {
"defaultValue": "my-cosmosdb",
"type": "String"
}
},
"variables": {
"resourceName": "[concat(resourceGroup().name, '-', parameters('accountName'))]",
"resourceId": "[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]",
"apiVersion": "[providers('Microsoft.DocumentDB', 'databaseAccounts').apiVersions[0]]"
},
"outputs": {
"CosmosDbConnectionString": {
"type": "string",
"value": "[concat('AccountEndpoint=https://', variables('resourceName'), '.documents.azure.com:443/;AccountKey=', listKeys(variables('resourceId'), variables('apiVersion')).primaryMasterKey, ';')]"
},
"DatabaseName": {
"type": "string",
"value": "MyDB"
},
"CollectionName1": {
"type": "string",
"value": "MyCollection1"
},
"CollectionName2": {
"type": "string",
"value": "MyCollection2"
}
},
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2020-03-01",
"name": "[variables('resourceName')]",
"location": "[resourceGroup().location]",
"tags": {
"defaultExperience": "DocumentDB"
},
"kind": "GlobalDocumentDB",
"properties": {
"publicNetworkAccess": "Enabled",
"enableAutomaticFailover": false,
"enableMultipleWriteLocations": false,
"isVirtualNetworkFilterEnabled": false,
"virtualNetworkRules": [],
"disableKeyBasedMetadataWriteAccess": false,
"databaseAccountOfferType": "Standard",
"consistencyPolicy": {
"defaultConsistencyLevel": "Session",
"maxIntervalInSeconds": 5,
"maxStalenessPrefix": 100
},
"locations": [
{
"locationName": "[resourceGroup().location]",
"provisioningState": "Succeeded",
"failoverPriority": 0,
"isZoneRedundant": false
}
],
"capabilities": []
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"id": "MyDB"
},
"options": {}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB/MyCollection1')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), 'MyDB')]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"id": "MyCollection1",
"indexingPolicy": {
"indexingMode": "consistent",
"automatic": true,
"includedPaths": [
{
"path": "/*"
}
],
"excludedPaths": [
{
"path": "/\"_etag\"/?"
}
]
},
"partitionKey": {
"paths": [
"/partitionKey"
],
"kind": "Hash"
},
"uniqueKeyPolicy": {
"uniqueKeys": []
},
"conflictResolutionPolicy": {
"mode": "LastWriterWins",
"conflictResolutionPath": "/_ts"
}
},
"options": {}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB/MyCollection2')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), 'MyDB')]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"id": "MyCollection2",
"indexingPolicy": {
"indexingMode": "consistent",
"automatic": true,
"includedPaths": [
{
"path": "/*"
}
],
"excludedPaths": [
{
"path": "/\"_etag\"/?"
}
]
},
"partitionKey": {
"paths": [
"/partitionKey"
],
"kind": "Hash"
},
"uniqueKeyPolicy": {
"uniqueKeys": []
},
"conflictResolutionPolicy": {
"mode": "LastWriterWins",
"conflictResolutionPath": "/_ts"
}
},
"options": {}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/throughputSettings",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB/default')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), 'MyDB')]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"throughput": 400
}
}
}
]
}
UPDATE:
I have removed the part creating collections and the error is still there.
UPDATE 2:
The following part seemingly causes the error, but why?
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/throughputSettings",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB/default')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), 'MyDB')]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"throughput": 400
}
}
}
What is wrong with the dependsOn entry "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), 'MyDB')]?
UPDATE 3:
Trying to deploy the complete ARM template listed above manually results in:
Try setting your throughput in the options for your database.
UPDATE: You cannot specify throughput on a resource that did not have it when initially provisioned. Databases and containers provisioned without throughput cannot be updated later to have it. Conversely, a resource provisioned with throughput, cannot be updated to remove. You must delete and recreate the resource. This will require migrating your data.
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"id": "MyDB"
},
"options": { "throughput": "[parameters('throughput')]" }
}
},
btw, there are lots of samples you can use to start with here Cosmos DB templates
The following has worked for me, I had to replace "sqlDatabases/throughputSettings" by "sqlDatabases/containers/throughputSettings":
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/throughputSettings",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/', variables('DatabaseName'), '/', variables('CollectionName1'), '/default')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers', variables('resourceName'), variables('databaseName'), variables('CollectionName1'))]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), variables('databaseName'))]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"throughput": 400
}
}
}
And then similar entry for CollectionName2
I hope someone knows how to do this.
I have setup an ARM template which creates my resources when I do CI/CD which is great.
I have even managed to set up a connection string:
"ConnectionStrings:ConnectionString": "[concat('Data Source=tcp:', reference(concat('Microsoft.Sql/servers/', variables('name'))).fullyQualifiedDomainName, ',1433;Initial Catalog=', variables('sqlMasterName'), ';User Id=', variables('sqlServerUser'), '#', reference(concat('Microsoft.Sql/servers/', variables('name'))).fullyQualifiedDomainName, ';Password=', variables('sqlServerPassword'), ';')]",
the variable sqlServerPassword is randomly generated by this:
"sqlServerPassword": "[concat('P', uniqueString(resourceGroup().id, '224F5A8B-51DB-46A3-A7C8-59B0DD584A41'), 'x', '!')]",
With that in mind does anyone know how I can do the same for the storage account and for an azure cosmos db?
It doesn't seem to be the same.
My template for creating my storage account looks like this:
{
"apiVersion": "2018-11-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('name')]",
"location": "[variables('location')]",
"tags": {
"displayName": "SXP storage"
},
"kind": "Storage",
"sku": {
"name": "Standard_LRS"
}
},
Which doesn't mention a password, etc.
Also, for my CosmosDb I have the same issue:
{
"name": "[variables('name')]",
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2015-04-08",
"location": "[variables('location')]",
"tags": {
"displayName": "Cosmos DB Account"
},
"properties": {
"locations": "[variables('locations')]",
"databaseAccountOfferType": "Standard"
}
},
{
"name": "[concat(variables('name'), '/sql/', variables('cosmosMasterName'))]",
"type": "Microsoft.DocumentDB/databaseAccounts/apis/databases",
"apiVersion": "2016-03-31",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/', variables('name'))]"
],
"properties": {
"resource": {
"id": "[variables('cosmosMasterName')]"
},
"options": { "throughput": "[variables('cosmosMasterThroughPut')]" }
}
},
{
"name": "[concat(variables('name'), '/sql/', variables('cosmosMasterName'), '/', variables('cosmosContainerName'))]",
"type": "Microsoft.DocumentDb/databaseAccounts/apis/databases/containers",
"apiVersion": "2016-03-31",
"dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/apis/databases', variables('name'), 'sql', variables('cosmosMasterName'))]" ],
"properties": {
"resource": {
"id": "[variables('cosmosContainerName')]",
"partitionKey": {
"paths": [
"/gtin"
],
"kind": "Hash"
},
"indexingPolicy": {
"indexingMode": "consistent",
"includedPaths": [
{
"path": "/*"
}
]
}
}
}
},
{
"name": "[concat(variables('name'), '/sql/', variables('cosmosDevelopName'))]",
"type": "Microsoft.DocumentDB/databaseAccounts/apis/databases",
"apiVersion": "2016-03-31",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/', variables('name'))]"
],
"properties": {
"resource": {
"id": "[variables('cosmosDevelopName')]"
},
"options": { "throughput": "[variables('cosmosDevelopThroughPut')]" }
}
},
{
"name": "[concat(variables('name'), '/sql/', variables('cosmosDevelopName'), '/', variables('cosmosContainerName'))]",
"type": "Microsoft.DocumentDb/databaseAccounts/apis/databases/containers",
"apiVersion": "2016-03-31",
"dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/apis/databases', variables('name'), 'sql', variables('cosmosDevelopName'))]" ],
"properties": {
"resource": {
"id": "[variables('cosmosContainerName')]",
"partitionKey": {
"paths": [
"/gtin"
],
"kind": "Hash"
},
"indexingPolicy": {
"indexingMode": "consistent",
"includedPaths": [
{
"path": "/*"
}
]
}
}
}
}
If anyone can help, that would be great.
David Makogon is spot on, but there is a way to retrieve the Storage Account and CosmosDB generated keys and connection strings within an ARM template. Use the ARM ListKeys function.
Here's an example from one of my own ARM templates. This is an app setting in an Azure Function where I reference a storage account's generated key:
{
"name": "StorageConnectionString",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(resourceId(variables('InfrastructureResourceGroupName'), 'Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2015-05-01-preview').key1)]"
},
Note that if your storage account is in the same resource group, I believe you can omit the first argument to ListKeys.
It's very similar for getting the key to a CosmosDB database. If you get stuck, let me know and I'll dig up that example too.
With the Cosmos DB 2019-08-01 template listKeys returns an object like this;
{
"primaryMasterKey": "...==",
"secondaryMasterKey": "...==",
"primaryReadonlyMasterKey": "...==",
"secondaryReadonlyMasterKey": "...=="
}
This gives the option of a read-only or a read/write connection. You can build a connection like this;
{
"name": "DatabaseConnectionString",
"value": "[concat('AccountEndpoint=https://', variables('accountName'),'.documents.azure.com:443/;AccountKey=', listKeys(resourceId('Microsoft.DocumentDB/databaseAccounts', variables('accountName')), '2019-08-01').primaryMasterKey, ';')]"
},
I am encountering strange behavior when deploying an ARM template.
I have the following template: (Note that sasUrl value 'xxx' has a real, working value in my file)
{
"name": "[variables('webAppServiceName')]",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"apiVersion": "2016-08-01",
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
],
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', variables('appServicePlanName'))]": "Resource",
"displayName": "[variables('webAppServiceName')]"
},
"properties": {
"name": "[variables('webAppServiceName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]"
},
"resources": [
{
"apiVersion": "2014-11-01",
"name": "appsettings",
"type": "config",
"dependsOn": [
"[concat('Microsoft.Web/sites/', variables('webAppServiceName'))]",
"[concat('Microsoft.Web/certificates/', variables('certificateName'))]"
],
"tags": {
"displayName": "WebAppSettings"
},
"properties": {
"WEBSITE_LOAD_CERTIFICATES": "[reference(resourceId('Microsoft.Web/certificates', variables('certificateName')), providers('Microsoft.Web', 'certificates').apiVersions[0]).thumbprint]"
}
},
{
"apiVersion": "2016-08-01",
"name": "Microsoft.ApplicationInsights.Profiler.AzureWebApps",
"type": "siteextensions",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webAppServiceName'))]"
],
"properties": {}
},
{
"apiVersion": "2015-08-01",
"name": "logs",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webAppServiceName'))]"
],
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Off"
},
"azureTableStorage": {
"level": "Off"
},
"azureBlobStorage": {
"level": "[parameters('applicationLogLevel')]",
"sasUrl": "xxx"
}
},
"httpLogs": {
"fileSystem": {
"enabled": false
},
"azureBlobStorage": {
"enabled": true,
"sasUrl": "xxx"
}
},
"failedRequestsTracing": {
"enabled": "[parameters('enableFailedRequestTracing')]"
},
"detailedErrorMessages": {
"enabled": "[parameters('enableDetailedErrorMessages')]"
}
}
}
]
}
When deploying this template without modifying anything, the config section 'logs' is not deployed correctly +- 1 on 2 times. I have just tested the ARM template again, and the first deployment, the web app had not the correct settings for diagnostics logging. The second time neither, but the third time they were ok. But the fourth time, the settings were not correct anymore. It looks like this part of the template has no consistent behavior.
Am I overseeing something?
I try to create WebApp with the appsetting and logs, it works correctly for me. I created the project using Visual Studio. The following is my detail steps.
1.Create the Azure Resource Project
2.Select the WebApp template
3.Click the deploy file then right click and remove the unnecessary resource
4.Add the Appsetting Resource for the WebApp
5.Add the logs code for the Azure WebApp
{
"apiVersion": "2015-08-01",
"name": "logs",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]"
],
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Off"
},
"azureTableStorage": {
"level": "Off"
},
"azureBlobStorage": {
"level": "[variables('Level')]",
"sasUrl": "xxxx"
}
},
"httpLogs": {
"fileSystem": {
"enabled": false
},
"azureBlobStorage": {
"enabled": true,
"sasUrl": "xxxxxx"
}
},
"failedRequestsTracing": {
"enabled": "[parameters('enableFailedRequestTracing')]"
},
"detailedErrorMessages": {
"enabled": "[parameters('enableDetailedErrorMessages')]"
}
}
}
6.Right click the project and select the deploy
7.Check the result from the Output and Azure portal
The whole arm template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"hostingPlanName": {
"type": "string",
"minLength": 1
},
"enableFailedRequestTracing": {
"type": "bool"
},
"enableDetailedErrorMessages": {
"type": "bool"
},
"skuName": {
"type": "string",
"defaultValue": "F1",
"allowedValues": [
"F1",
"D1",
"B1",
"B2",
"B3",
"S1",
"S2",
"S3",
"P1",
"P2",
"P3",
"P4"
],
"metadata": {
"description": "Describes plan's pricing tier and capacity. Check details at https://azure.microsoft.com/en-us/pricing/details/app-service/"
}
},
"skuCapacity": {
"type": "int",
"defaultValue": 1,
"minValue": 1,
"metadata": {
"description": "Describes plan's instance count"
}
}
},
"variables": {
"webSiteName": "[concat('webSite', uniqueString(resourceGroup().id))]",
"Level": "Error"
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "[parameters('hostingPlanName')]",
"type": "Microsoft.Web/serverfarms",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "HostingPlan"
},
"sku": {
"name": "[parameters('skuName')]",
"capacity": "[parameters('skuCapacity')]"
},
"properties": {
"name": "[parameters('hostingPlanName')]"
}
},
{
"apiVersion": "2015-08-01",
"name": "[variables('webSiteName')]",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]": "Resource",
"displayName": "Website"
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]"
],
"properties": {
"name": "[variables('webSiteName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('hostingPlanName'))]"
},
"resources": [
{
"name": "appsettings",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('webSiteName'))]"
],
"tags": {
"displayName": "appsettings"
},
"properties": {
"key1": "value1",
"key2": "value2"
}
},
{
"apiVersion": "2015-08-01",
"name": "logs",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]"
],
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Off"
},
"azureTableStorage": {
"level": "Off"
},
"azureBlobStorage": {
"level": "[variables('Level')]",
"sasUrl": "xxxxx"
}
},
"httpLogs": {
"fileSystem": {
"enabled": false
},
"azureBlobStorage": {
"enabled": true,
"sasUrl": "xxxx"
}
},
"failedRequestsTracing": {
"enabled": "[parameters('enableFailedRequestTracing')]"
},
"detailedErrorMessages": {
"enabled": "[parameters('enableDetailedErrorMessages')]"
}
}
}
]
}
]
}
I have experienced similar issues. We fixed this using dependsOn rules.
You should add dependsOn rules to split the processing of each config section.
It seems like otherwise there can occur problems, for instance ...missing settings.
Arm snippet:
{
"name": "[variables('ExampleAppName')]",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"apiVersion": "2015-08-01",
"kind": "api",
"dependsOn": ["[resourceId('Microsoft.Web/serverfarms', variables('applicationPlanName'))]"],
"tags": {
"displayName": "Example App"
},
"properties": {
"name": "[variables('ExampleAppName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms/', variables('applicationPlanName'))]",
"clientAffinityEnabled": "false"
},
"resources": [{
"name": "web",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": ["[resourceId('Microsoft.Web/sites', variables('ExampleAppName'))]"],
"tags": {
"displayName": "webconfig Example App"
},
"properties": {
"alwaysOn": "true"
}
},
{
"apiVersion": "2015-08-01",
"name": "appsettings",
"type": "config",
"dependsOn": ["[resourceId('Microsoft.Web/sites', variables('ExampleAppName'))]",
"[resourceId('Microsoft.Web/sites/config', variables('ExampleAppName'), 'web')]"],
"tags": {
"displayName": "appsettings Example App"
},
"properties": {
"EXAMPLE1": "[parameters('EXAMPLE1')]",
"EXAMPLE2": "[parameters('EXAMPLE2')]"
}
},
{
"name": "logs",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": ["[concat('Microsoft.Web/sites/', variables('ExampleAppName'))]",
"[resourceId('Microsoft.Web/sites/config', variables('ExampleAppName'), 'appsettings')]"],
"tags": {
"displayName": "logs Example App"
},
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Warning"
}
},
"httpLogs": {
"fileSystem": {
"retentionInMb": "35",
"enabled": true
}
},
"detailedErrorMessages": {
"enabled": false
}
}
}]
}
For additional information you can read my post:
Click here!