If I try to deploy my arm Template (Something like this)
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {
"AAS": "TestAAS",
"AFU": "TestAFU",
},
"resources": [
//define some resource here
],
"outputs": {
"asName": {
"type": "string",
"value": "[variables('AAS')]"
},
"azureFunctionName": {
"type": "string",
"value": "[variables('AFU')]"
}}
}
if for any reason this isn't going well, I can not read output in Powershell. and I get the following message:
Template output evaluation skipped: at least one resource deployment operation failed. Please list deployment operations for details
what should I do so that the output parameters are passed to powershell script despite faulty execution
My Powershell code:
//Standard PowerShell code for Deploying ARM Template
try
{
Stop-AzureRmWebApp -ResourceGroupName $ResourceGroupName -Name $deployment.Outputs.item("AFU").value
Suspend-AzureRmAnalysisServicesServer -Name $deployment.Outputs.item("AAS").value -ResourceGroupName $ResourceGroupName
}
catch
{
Write-Host "error here"
}
You cant do anything here. Outputs are only being generated if there were no errors in the ARM Template flow. So you need your ARM Template to succeed to be able to retrieve those (doesn't matter which tool you use, API behind those is always the same one).
Related
I am trying to create a Resource Group using the below ARM template.
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.1",
"parameters": {
"rgName": {
"type": "string"
},
"rgLocation": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"location": "[parameters('rgLocation')]",
"name": "[parameters('rgName')]",
"properties": {}
}
],
"outputs": {}
}
And the Parameter file is
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"rgName": {
"value": "sriram"
},
"rgLocation": {
"value": "southcentralus"
}
}
}
Is there any mistake in the above json files. Because am getting the following error.
Unable to load schema from 'https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json'. No schema request service available(768)
I ignored this error and tried running these templates in the Azure pipeline and got the following error.
"No HTTP resource was found that matches the request URI 'https://management.azure.com/subscriptions/****-****-*****-****/resourcegroups/<Rsource Group Name>/providers/Microsoft.Resources/resourceGroups/<new RG name>?api-version=2018-05-01'
Can anyone help me out? Thank you.
Your parameters file should use this https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentParameters.json# as a schema reference.
The schema your parameter file are using does not has affect on the creation of resource groups. With the command and your original script
az deployment create --template-file tem.json --parameters #para.json --location southcentralus
I could create the new resource group:
The error you are facing just caused by you are trying to create a new resource group within a exists resource group. This does not allowed.
Here suggest you using Command line task to achieve what you want, by using the command I show you above.
az deployment create --template-file $(Build.SourcesDirectory)/{Template}.json --parameters #$(Build.SourcesDirectory)/{parameter}.json --location southcentralus
I have extracted the ARM template belonging to the preview version of Azure App Configuration, and am setting it into our IaC repository - so far so good.
Our next logical step is to include insertion of the AppConfiguration.PrimaryKey into our Key Vault. However I do not know the name of this property, and I can not find any information on the subject online. Also I can not see the AppConfiguration/configurationStores type listed in resources.azure.com (assuming its because its still in public preview).
Does anyone know how to reference the primary key (and possibly the read-only primary key), so i can reference them through a "outputs" variable in my arm template?
Then I can let Az Cli/Az Powershell insert the secret into our Key Vault, and we obtain full automation of our IaC
I was not able to figure this out.
However by using az cli commands in a IaC script (which anyways invokes the arm template residing in a azure blob store) I circumvented the problem:
$connStrings = az appconfig credential list -n $configName| ConvertFrom-Json
$readOnlyConnString = ($connStrings | Where {$_.name -eq "Primary Read Only"}).connectionString
$primaryConnString = ($connStrings | Where {$_.name -eq "Primary"}).connectionString
#then
az keyvault secret set --vault-name $kvName --name $keyNameRO --value $readOnlyConnString
az keyvault secret set --vault-name $kvName --name $keyNamePrimary --value $primaryConnString
For an ARM template I did the following. The listkeys function returns a full list of all the values that have to do with the keys. This was hard to figure out. I hope it helps.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"configurationStores_instance_name": {
"defaultValue": "ac-instance",
"type": "String"
}
},
"variables": {
"apiVersionVar": "[providers('Microsoft.AppConfiguration', 'configurationStores').apiVersions[0]]",
"resourceId": "[resourceId('Microsoft.AppConfiguration/configurationStores', parameters('configurationStores_instance_name'))]",
},
"resources": [
{
"type": "Microsoft.AppConfiguration/configurationStores",
"apiVersion": "2019-10-01",
"name": "[parameters('configurationStores_instance_name')]",
"location": "northcentralus",
"sku": {
"name": "standard"
},
"properties": {}
}
],
"outputs": {
"AppConfigEndpoint": {
"type": "string",
"value": "[reference(parameters('configurationStores_instance_name')).endpoint]"
},
"AppConfigKeys": {
"type": "Array",
"value": "[listkeys(variables('resourceId'), variables('apiVersionVar')).value]"
}
}
}
hope this helps!
Context
I've downloaded the automation script of my running Azure Windows VM.
I decided to use the Powershell script to automate the deployment.
The VM part of the json schema requires the "adminPassword". It was missing, so I added it, and introduced a parameter both in the template, and both in the parameter file:
template.json
"parameters": {
"adminPassword": { "type": "securestring" },
...
...
"resources": [
...
...
"osProfile": {
"computerName": "[parameters('virtualMachines_name')]",
"adminUsername": "myname",
"adminPassword": "[parameters('adminPassword')]",
"windowsConfiguration": {
"provisionVMAgent": true,
"enableAutomaticUpdates": true
},
"secrets": [],
"allowExtensionOperations": true
},
parameters.json
"parameters": {
"adminPassword": { "type": "securestring" }
Nice try, but somehow in deep I knew it will do nothing, I mean will ask interactively nothing. One or more step is missing... but I stuck here...
In "official" MS doc the author simply put the clear password into the parameters.json, what is a quite disturbing. see: placing the clear password into the paramters.json?
I just tested it and it work just like that, can you update your azure powershell, its probably badly outdated.
param:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"test": {
"value": "1"
}
}
}
template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"test": {
"type": "string"
},
"testo": {
"type": "string"
}
},
"resources": []
}
powershell:
New-AzResourceGroupDeployment -ResourceGroupName NetworkWatcherRG -TemplateUri 'https://paste.ee/d/S2wJm/0' -TemplateParameterUri 'https://paste.ee/d/8rW6k/0'
it will prompt you for the missing parameter. same will happen if you use TemplateParameterFile
Just remove a parameter from *.parameters.json file in order to get prompt. e.g
template.json file
{
"$schema":"https://schema.management.azure.com/schemas/2015-01-
01/deploymentTemplate.json#",
"contentVersion":"1.0.0.0",
"parameters":{
"alertName":{
"minLength":1,
"type":"String",
"metadata":{
"description":"CPU Percentage alert verifies the cpu usage of virtual machine
and intimates to action group if threshold goes beyond that"
}
},
"alertDescription":{
"defaultValue":"Virtual Machines alert for CPU Percentage",
"type":"String",
"metadata":{
"description":"Virtual Machines alert for CPU Percentage"
}
}
}
}
parameters.json
{
"$schema":"https://schema.management.azure.com/schemas/2015-01-
01/deploymentParameters.json#",
"contentVersion":"1.0.0.0",
"parameters":{
"alertName":{
"value":"CPU% Measurement"
}
}
}
New-AzResourceGroupDeployment -name "CustomDeployment" -ResourceGroupName test -TemplateFile "C:\Users\sachin.kalia\template.json" -TemplateParameterFile "
C:\Users\sachin.kalia\parameters.json"
Once you execute an above command it will ask you for prompt to provide alertDescription.
I hope it will help you.
I've searched online and browsed the available powershell cmdlets to try and find a solution for this problem but have been unsuccessful. Essentially, I have a few Data Factory pipelines that copy/archive incoming files and will use a web http post component that will invoke a Logic App that connects to a Blob container and will delete the incoming file. The issue I'm facing is that we have several automation runbooks that will rest Blob access keys every X days. When the Blob keys get reset the Logic App will fail whenever this happens because the connection is manually created in the designer itself and I can't specify a connection string that could pull from the Keyvault, as an example. Inside of the {Logic App > API Connections > Edit API Connection} we can manually update the connection string/key but obviously for an automated process we should be able to do this programmatically.
Is there a powershell cmdlet or other method I'm not seeing that would allow me to update/edit the API Connections that get created when using and Blob component inside a Logic App?
Any insights is appreciated!
Once you've rotated your key in the storage account, you can use an ARM template to update your connection API. In this ARM template, the connection api is created referencing the storage account internally so you don't have to provide the key:
azuredeploy.json file:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"azureBlobConnectionAPIName": {
"type": "string",
"metadata": {
"description": "The name of the connection api to access the azure blob storage."
}
},
"storageAccountName": {
"type": "string",
"metadata": {
"description": "The Storage Account Name."
}
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Web/connections",
"name": "[parameters('azureBlobConnectionAPIName')]",
"apiVersion": "2016-06-01",
"location": "[resourceGroup().location]",
"scale": null,
"properties": {
"displayName": "[parameters('azureBlobConnectionAPIName')]",
"parameterValues": {
"accountName": "[parameters('storageAccountName')]",
"accessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')),'2015-05-01-preview').key1]"
},
"api": {
"id": "[concat('subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azureblob')]"
}
},
"dependsOn": []
}
]
}
azuredeploy.parameters.json file:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"azureBlobConnectionAPIName": {
"value": "myblobConnectionApiName"
},
"storageAccountName": {
"value": "myStorageAccountName"
}
}
}
You can them execute the arm template like that:
Connect-AzureRmAccount
Select-AzureRmSubscription -SubscriptionName <yourSubscriptionName>
New-AzureRmResourceGroupDeployment -Name "ExampleDeployment" -ResourceGroupName "MyResourceGroupName" `
-TemplateFile "D:\Azure\Templates\azuredeploy.json" `
-TemplateParameterFile "D:\Azure\Templates\azuredeploy.parameters.json"
to get started with ARM template and powerhsell, you cam have a look at this article:
Deploy resources with Resource Manager templates and Azure PowerShell
How do I get a secret from an azure Vault using an ARM template?
My template:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"resources": [],
"outputs": {
"referenceOutput": {
"type": "object",
"value": "[listSecrets(resourceId('my-resource-group', 'Microsoft.KeyVault/vaults/secrets', 'myKeyVault','mySecret'), '2016-10-01')]"
}
}
}
And then run with:
az group deployment create -g some-rg --template-file ./arm.json
Error:
Deployment failed. Correlation ID: f76de3f2-a9ff-427c-9ae0-b7b24c3fde5d. {
"error": { "code": "BadRequest", "message": "<!DOCTYPE html P
....
<h2>404 - File or directory not found.</h2>\r\n <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</ht
ml>\r\n"
There is no way of doing that with an ARM Template, but you can refecence secrets in an ARM Template to pass those as values.
"password": {
"reference": {
"keyVault": {
"id": "vaultId"
},
"secretName": "secretName"
}
}
But you have to know that this expression cannot be used directly in the template. You can use this in the parameters file and\or when invoking a nested template.
Also, you can use similar expressions for some of the properties of some of the resources (like VM password)