Passing additional parameters apart from parameter file in arm template - azure

I have some arm template where creation of subnet resource is dependent on creation of VNet. Below is the code:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vnetName": {
"type": "string",
"metadata": {
"description": "Name of the Virtual Network"
}
},
"vnetAddressPrefix": {
"type": "string",
"metadata": {
"description": "The IP Address pool for the virtual network in CIDR format."
}
},
"subnetPrefix": {
"type": "string",
"metadata": {
"description": "The IP Address pool for the Subnet in CIDR format."
}
},
"subnetName": {
"type": "string",
"metadata": {
"description": "Name of the Subnet"
}
}
},
"variables": {
"templateBaseUrl": "[deployment().properties.templateLink.uri]",
"virtualNetworkTemplateUrl": "[uri(variables('templateBaseUrl'), 'VirtualNetwork.json')]",
"subnetTemplateUrl": "[uri(variables('templateBaseUrl'), 'Subnet.json')]",
"parametersUrl": "[uri(variables('templateBaseUrl'), 'networksubnetnsgtest.parameters.json')]"
},
"resources": [
{
"apiVersion": "2017-05-10",
"name": "VnetDeployment",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('virtualNetworkTemplateUrl')]"
},
"parameters": {
"uri": {
"value": "[variables('parametersUrl')]"
}
}
}
},
{
"apiVersion": "2017-05-10",
"name": "SubnetDeployment",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('subnetTemplateUrl')]"
},
"parameters": {
"uri": {
"value": "[variables('parametersUrl')]"
}
}
},
"dependsOn": [
"VnetDeployment"
]
}
],
"outputs": {
"returnedVnetName": {
"type": "string",
"value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))]"
},
"returnedVnetAddressPrefix": {
"type": "string",
"value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetAddressPrefix'))]"
}
}
}
Few parameters are saved in parameter file referred by parameterUrl variable, as you can see. But apart from this, i need to pass additional parameters say like password or any required parameter , which i may be reading from external sources like vault, and need to pass from commandline.
How will i pass this in parameters section within resources.
Command i am using to deploy azure template is below:
az group deployment create --resource-group testrg --template-file ${WORKSPACE}/azuredeploy.json --parameters #${WORKSPACE}/networksubnetnsgtest.parameters.json --parameters DBMasterUserPassword=${DBMasterUserPassword}

excerpt from official documentation:
az group deployment create -g MyResourceGroup --template-file azuredeploy.json \
--parameters #params.json --parameters https://mysite/params.json --parameters MyValue=This MyArray=#array.json
https://learn.microsoft.com/en-us/cli/azure/group/deployment?view=azure-cli-latest#examples

Related

Azure template how do we change the resource name based on resource group location?

I am working on a common template where it uses different vnet in each Region. How do we change the template based on location, set vnet name.
Can we use if (resourcegroup.location) ?
I think that I know what it's happening to you, you are not comparing against a valid value, "EastUs" it's not the resourceGroup().location, in this case is "eastus". You can make a test deployment ande see the output to check that kind of values.
I have modified the template that you have passed in the comments to do what you wanted.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_ZRS",
"Premium_LRS"
],
"metadata": {
"description": "Storage Account type"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"storageAccountName": "[if(equals(resourceGroup().location,'eastus'),'eastusstorageaccount','noteastusstorageaccount')]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2018-07-01",
"name": "[variables('storageAccountName')]",
"location": "[parameters('location')]",
"sku": {
"name": "[parameters('storageAccountType')]"
},
"kind": "StorageV2",
"properties": {}
}
],
"outputs": {
"storageAccountName": {
"type": "string",
"value": "[variables('storageAccountName')]"
},
"location": {
"type": "string",
"value": "[resourceGroup().location]"
}
}
}
To do what you want in a dynamic way, I would try to encode the name of the vbnet. Something like this:
eastusvbnet
westeuropevbnet
uksouthvbnet
And in the variable I will put this:
"variables": {
"storageAccountName": "[concat(resourceGroup().location,'vbnet')]"
}

The template reference 'not valid error in arm template

I am deploying resource group using arm templates
Below is the command and error I am getting
az deployment create --name test-deployment --template-file azuredeploy.json --parameters azuredeploy.parameters.json -l westus2
This command has been deprecated and will be removed in a future release. Use 'deployment sub create' instead.
{'additionalProperties': {}, 'code': 'InvalidTemplate', 'message': "Deployment template validation failed: 'The template reference 'DEV-AI-POC-WESTUS2-RG' is not valid: could not find template resource or resource copy with this name. Please see https://aka.ms/arm-template-expressions/#reference for usage details.'.", 'target': None, 'details': None, 'additionalInfo': [{'additionalProperties': {}, 'type': 'TemplateViolation', 'info': {'lineNumber': 0, 'linePosition': 0, 'path': ''}}]}
azuredeploy.json:
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"enviroment": {
"type": "string",
"defaultValue": "poc"
},
"location": {
"type": "string",
"defaultValue": "West US"
},
"depattmentName": {
"type": "string"
},
"project": {
"type": "string"
}
},
"variables": {
"rgName": "[concat(toupper(parameters('depattmentName')), '-', toupper(parameters('project')), '-', toupper(parameters('enviroment')), '-', toupper(replace(parameters('location'), ' ', '')), '-', 'RG')]",
"rgDeploymentName": "[concat(deployment().name, '-rg')]",
"_artifactsLocation": "https://xxxxxxx/xxxxxx"
},
"resources": [
{
"name": "[variables('rgDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"ResourceGroup": "[variables('rgName')]",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(variables('_artifactsLocation'),'/src/arm/templates/resourcegroup.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"rgName": {
"value": "[variables('rgName')]"
},
"rgLocation": {
"value": "[parameters('location')]"
}
}
}
}
],
"outputs": {
"resourceGroups": {
"type": "object",
"value": "[reference(variables('rgName'))]"
}
}
}
azuredeploy.parameters.json:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "westus2"
},
"depattmentName": {
"value": "Dev"
},
"project": {
"value": "AI"
},
"enviroment": {
"value": "poc"
}
}
}
resourcegroup.json(calling template)
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string"
}
},
"variables": {
"storageAccountType": "Standard_LRS"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"apiVersion": "2018-02-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "[variables('storageAccountType')]"
},
"kind": "Storage"
}
],
"outputs": {
"storageDetails": {
"type": "string",
"value": "[concat(parameters('storageAccountName'), '-', variables('storageAccountType'))]"
}
}
}
Can anyone please help me to fix,
I have to deploy/crease resource group if not exist in azure portal using arm template. arm template should be called through uri in blob storage.
what it tells you is that your output is not valid, you dont have a resource or resource copy with that name, because you are attempting to create a deployment (not a resource group) in another resource group, so the reference function doesnt know about that and hence fails.
So you need to first create the resource group and then create a deployment to that group

Vnet creation task skip the task if it is run once

I am working to build a ci/cd pipeline for AKS. the first task set is "Azure resource group deployment" which is used for creating vnet /subnet for the AKS .
The intention is to skip the task next time onwards since the vnet and subnet are already in place. Second time onwards getting the following error -
BadRequest: { "error": { "code": "InUseSubnetCannotBeDeleted", "message": "Subnet AKSSubnet is in use by /subscriptions/***************************************/resourceGroups/MC_**************-CLUSTER_eastus/providers/Microsoft.Network/networkInterfaces/aks-agentpool-
########-nic-0/ipConfigurations/ipconfig1 and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet.", "details": [] } }
Error: Task failed while creating or updating the template deployment.
Looks like the task is trying to delete the subnet instead of skipping it. What is the resolution?
It is using following arm templates : azuredeploy.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vnetName": {
"type": "string",
"defaultValue": "GEN-VNET-NAME",
"metadata": {
"description": "Name of the virtual Network"
}
},
"vnetAddressPrefix": {
"type": "string",
"defaultValue": "10.10.0.0/16",
"metadata": {
"description": "Address prefix"
}
},
"subnetPrefix": {
"type": "string",
"defaultValue": "10.10.0.0/24",
"metadata": {
"description": "Subnet Prefix"
}
},
"subnetName": {
"type": "string",
"defaultValue": "Subnet",
"metadata": {
"description": "GEN-SUBNET-NAME"
}
}
},
"variables": {},
"resources": [
{
"apiVersion": "2018-06-01",
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('vnetName')]",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetAddressPrefix')]"
]
}
},
"resources": [
{
"apiVersion": "2018-06-01",
"type": "subnets",
"location": "[resourceGroup().location]",
"name": "[parameters('subnetName')]",
"dependsOn": [
"[parameters('vnetName')]"
],
"properties": {
"addressPrefix": "[parameters('subnetPrefix')]"
}
}
]
}
],
"outputs": {
"vnetName": {
"type": "string",
"value": "[parameters('vnetName')]"
},
"subnetName": {
"type": "string",
"value": "[parameters('subnetName')]"
}
}
}
azuredeploy.parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vnetName": {
"value": "###########"
},
"vnetAddressPrefix": {
"value": "10.10.0.0/16"
},
"subnetPrefix": {
"value": "10.10.0.0/24"
},
"subnetName": {
"value": "######"
}
}
}
What is happening right here - your template is coded in such a fashion:
vnet resources
empty subnets property
subnet resource(s)
bla-bla-bla
and what is happening here it is trying to coerce the vnet to have 0 subnets, due to how you authored your template. you have 2 options:
put a condition on the vnet resource definition and pass a parameter to it if the build number is greater than 1 (or just manually specify at build time whether to skip it or not).
modify your template to look like so:
vnet resource
subnets property populated with subnets
bla-bla-bla
essentially, this has nothing to do with Azure Devops.

using linkedtemplate to retrieve password from Keyvault

After reading some article from here and here and here and looking at this example
I have tried to retrieve a password from KeyValut with LinkedTemplate.
To achieve this aim I have create such a Linked arm template azuredeploy.json:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"type": "string",
"metadata": {
"description": "The name of the keyvault that contains the secret."
}
},
"secretName": {
"type": "string",
"metadata": {
"description": "The name of the secret."
}
},
"vaultResourceGroupName": {
"type": "string",
"metadata": {
"description": "The name of the resource group that contains the keyvault."
}
},
"vaultSubscription": {
"type": "string",
"defaultValue": "[subscription().subscriptionId]",
"metadata": {
"description": "The name of the subscription that contains the keyvault."
}
}
},
"resources":
[
{
"apiVersion": "2018-05-01",
"name": "dynamicSecret",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"templateLink": {
"contentVersion": "1.0.0.0",
"uri": "https://arm0storage.blob.core.windows.net/linkedtemplate/azuredeploy.json?sp=r&st=2019-07-17T13:28:26Z&se=2019-07-16T21:28:26Z&spr=https&sv=2018-03-28&sig=xxxv%2xxxxxxxxxxxxxxx%2FHmg9Yxxxxxxxxxxxxxxxxxxxxxxx%3D&sr=b"
},
"parameters": {
"adminPassword": {
"reference": {
"keyVault": {
"id": "[resourceId(parameters('vaultSubscription'), parameters('vaultResourceGroupName'), 'Microsoft.KeyVault/vaults', parameters('vaultName'))]"
},
"secretName": "[parameters('secretName')]"
}
}
}
}
}
],
"outputs": {
"SQLPassword": {
"type": "string",
"value": "[reference('dynamicSecret').outputs.value]"
}
}
}
If I try to validate this template, I get this error message:
Deployment template validation failed: 'The template parameters 'adminPassword' in the parameters file are not valid; they are not present in the original template and can therefore not be provided at deployment time. The only supported parameters for this template are 'vaultName, secretName, vaultResourceGroupName, vaultSubscription'. Please see https://aka.ms/arm-deploy/#parameter-file for usage details.'.
and in my azuredeploy.parameters.json I have:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"value": "kvnamer"
},
"secretName": {
"value": "ExamplePassword"
},
"vaultResourceGroupName": {
"value": "rgname"
}
}
}
Do you have any Idea how can I solve my problem?
Regarding the issue, please check if your linked template has the parameter "adminPassword". For more details, please refer to the document. You also can refer to my JSON file.
1.Create azuredeploy.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"type": "string",
"metadata": {
"description": "The name of the keyvault that contains the secret."
}
},
"secretName": {
"type": "string",
"metadata": {
"description": "The name of the secret."
}
},
"vaultResourceGroupName": {
"type": "string",
"metadata": {
"description": "The name of the resource group that contains the keyvault."
}
},
"vaultSubscription": {
"type": "string",
"defaultValue": "[subscription()]",
"metadata": {
"description": "The name of the subscription that contains the keyvault."
}
}
},
"resources": [{
"apiVersion": "2015-01-01",
"name": "linkedTemplate",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "incremental",
"templateLink": {
"uri": "https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/keyvaultparameter/sqlserver.json",
"contentVersion": "1.0.0.0"
},
"parameters": {
"adminPassword": {
"reference": {
"keyVault": {
"id": "[resourceId(parameters('vaultSubscription'), parameters('vaultResourceGroupName'), 'Microsoft.KeyVault/vaults', parameters('vaultName'))]"
},
"secretName": "[parameters('secretName')]"
}
},
"adminLogin": {
"value": "jimtest"
},
"sqlServerName": {"value": "jimteste12378902"}
}
}
}],
"outputs": {
"SQLPassword": {
"type": "string",
"value": "[reference('linkedTemplate').outputs.value]"
}
}
}
2.Create azuredeploy.parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"value": ""
},
"secretName": {
"value": ""
},
"vaultResourceGroupName": {
"value": ""
},
"vaultSubscription": {
"value": ""
}
}
}
The template, you're using in the nested deployment here:
"https://arm0storage.blob.core.windows.net/linkedtemplate/azuredeploy.json?sp=r&st=2019-07-17T13:28:26Z&se=2019-07-16T21:28:26Z&spr=https&sv=2018-03-28&sig=xxxv%2xxxxxxxxxxxxxxx%2FHmg9Yxxxxxxxxxxxxxxxxxxxxxxx%3D&sr=b"
What does that template look like? The error message you're getting says that it does not have a parameter in it, named "adminPassword" - but your nested deployment resource is trying to pass it in.
The output you have in the template above is called "SQLPassword", they aren't necessarily related, but I'm guessing since we can't see the template you're linking to.

How to apply a NSG to an existing subnet using ARM Template

I am creating new NSG with ARM template and updating the subnets at the same ARM template. I would like to be able to get subnets addressprefix with "reference" but when doing so I always get the circular dependency detected. Is there any way around it? My subnet arm template section looks like this:
{
"name": "[parameters('subnetName')]",
"properties": {
"addressPrefix": "[reference(resourceId(variables('ResourceGroupName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName')), '2018-03-01').addressPrefix]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('NSGName'))]"
}
}
},
Here is a link on how to apply a NSG to an existing subnet:
Apply a NSG to an existing subnet
This template uses a link template to workaround the circular reference but you can also use a nested template to do the same in the same ARM template (see Using linked and nested templates when deploying Azure resources)
Here is an ARM template that do the same using a nested template:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.1",
"parameters": {
"virtualNetworkName": {
"type": "string",
"metadata": {
"description": "The name of the existing VNet"
}
},
"subnetName": {
"type": "string",
"defaultValue": "default",
"metadata": {
"description": "The name of the existing subnet."
}
},
"nsgName": {
"type": "string",
"metadata": {
"description": "The name of the new nsg."
}
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[parameters('nsgName')]",
"location": "[resourceGroup().location]",
"apiVersion": "2018-03-01",
"properties": {
}
},
{
"apiVersion": "2017-08-01",
"name": "apply-nsg-to-subnet",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[resourceGroup().name]",
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2018-03-01",
"type": "Microsoft.Network/virtualNetworks/subnets",
"name": "[concat(parameters('virtualNetworkName'), '/', parameters('subnetName'))]",
"location": "[resourceGroup().location]",
"properties": {
"addressPrefix": "[reference(resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName')), '2018-03-01').addressPrefix]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]"
}
}
}
]
}
}
}
],
"outputs": {}
}

Resources