Azure ARM template vnet peering - subnets deleting - azure

This is a known 'issue' from what I've gathered (https://github.com/Azure/azure-quickstart-templates/issues/2786)
I've build a python script that takes in a .csv and builds out an environment. All works fine. I have a second .csv that does peering, it works but making any changes to virtualNetworks after the fact (and not again specifying the subnets) deletes all subnets that were already there. You'd think I could just update my code to create the peerings on the fly in the same script, but I can't...incremental mode doesn't work. I'd like it to be a more dynamic and separate process.
Note: I'm also doing this across subscriptions, so that adds a bit of fun to the mix
Need some help understanding how I can go in after the fact and setup peerings:
Options I see:
Specify again the subnets when doing the peerings - issue with this is that my code will end up getting a lot larger AND the .csv files will be ugly. Not very efficient but it'll work, I think.
Use some kind of conditional in Python that'll perform the peerings at the time of initial build -- chicken and egg issue here and I still can't go back in and peer after the fact. Not to mention that I have a hub/spoke situation going on... so that'll be a lot to work through.
Can you even do this with nesting?
Also, a 'feature' of my script is that it'll spit out all of the completed ARM templates and parameters files when it is done. The whole idea is to make the initiator only have to fill out the .csv to make it all go.
Hopefully I'm missing something. Can post code but there is a lot and it's fairly straight forward.
EDIT: Remove child-parent comment I made which seemed to make it difficult to understand the issue.

this is how you create a peering without modifying other vnet properties:
{
"apiVersion": "2017-04-01",
"name": "%vnetname%/%peeringName%",
"location": "%location%",
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"properties": {
"remoteVirtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', '%vnetName%')]"
},
"allowVirtualNetworkAccess": true,
"allowForwardedTraffic": false,
"allowGatewayTransit": false,
"useRemoteGateways": false
}
}
note, you need to do this twice, one time for each vnet. doing it only on one vnets doesnt achieve anything really.

Related

Logic App error - ActionFailed. An action failed. No dependent actions succeeded

I'm running into this error - ActionFailed. An action failed. No dependent actions succeeded - when trying to run this logic app to add an IP to be blocked.
Error
I'm not sure where to start. The input looks ok. Help? Thanks in advance!
p.s. - sorry, it won't allow me to post the pics due to not having enough points.
Tried changing some parts of the body. Not sure what to change really.
According to Microsoft's documentation on Submit or Update Indicator API the request body should be as follows:
{
"indicatorValue": "220e7d15b011d7fac48f2bd61114db1022197f7f",
"indicatorType": "FileSha1",
"title": "test",
"application": "demo-test",
"expirationTime": "2020-12-12T00:00:00Z",
"action": "AlertAndBlock",
"severity": "Informational",
"description": "test",
"recommendedActions": "nothing",
"rbacGroupNames": ["group1", "group2"]
}
Since the error you get is too generic, it isn't clear enough to know exactly.
You are not passing in recommendedActions and rbacGroupNames, they may not be required but may want to pass the column even if no value is included.
I would also validate calling this API using manual values (even the exact value from their documentation) and if that does work, use process of elimination to figure out which property is giving you the trouble.
i.e. application might not accept a space value or combining the two values for description should be done outside of the HTTP call using compose and then passed as a single value of the output.

Azure availability zone ARM A parameter syntax

I am attempting to add availability zone into my VM arm template.
Majority of times I don't want the VM to be in a zone as it is a single VM.
So in my ARM template, I have defined the zone section as:
"zones":[
"[if(greaterOrEquals(parameters('availabilityZone'), 1),parameters('availabilityZone'),json('null'))]"
],
this works fine if I set a value of 1 or higher but fails if I leave as blank.
failed validation with message: 'The zone(s) '' for resource
'Microsoft.Compute/virtualMachines/XXX' is not supported.
if I remove the if condition then hard code in the blank it works:
"zones": "",
I appreciate your help in advance.
Stu
we found the following solution that worked:
"zones":
"if(empty(parameters('availabilityZone')),parameters('availabilityZone'),array(parameters('availabilityZone')))]"
Please try something like this, if your parameter doesn't contain then it will pass the empty value,
"zones": "[if(empty(parameters('availabilityZone')),'', parameters('availabilityZone'))]",
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-functions-string?tabs=json#empty

if condition in ARM Template resource

I have a resource in my Arm Template as follows:
parameters:
env
prodparam
nonprodparam
resources:
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"url": "[if(equals(parameters('env'),'prod'), parameters('prodparam'), parameters('nonprodparam'))]"
}
I see the url is always set to parameters('nonprodparam') even if parameters('env') = 'prod'. Is this if condition correct? Am I missing something?
Your if condition statement is correct, I tested it and got the correct result successfully.
You need to do the following steps to check where your problem is:
1. Check if your parameter definition is correct, especially as Stringfellow mentioned in the comment, to be case sensitive. It should be defined as follows.
2. Pay attention to whether to save after editing arm templates in the azure portal.
You can check the value of the parameter during the deployment process:

Azure Resource Manager - Compare Two Parameters for Equality

Is it possible to perform custom validation on two parameters and ensure they are equal?
I want to have something like password and password_confirm that must be equal before deploying any of the resources.
yeah, you can hack something like that, just create a resource that will fail and all the other resources would depend on it and then on the resource condition do:
"condition": "[not(equals(parameters('password'), parameters('password_confirm'))]"
that way if they are not equal fake resource would start getting deployed and would blow up (make sure you code it to blow up) and nothing would get deployed
now that I think of it, instead of creating a resource, just put a condition on all of the resources in the template:
"condition": "[equals(parameters('password'), parameters('password_confirm')]"
that way they will only get deployed if these match, but you won't have a failure.
Another option would be to add a parameter to do the validation... this is simpler but not as robust because the user could override the defaultValue of the parameter:
"validatePasswords": {
"type": "bool",
"allowedValues": [
true
],
"defaultValue": "[equals(parameters('password'), parameters('password_confirm'))]",
"metadata": {
"description": "Check to see if the 2 passwords match."
}
},
Putting a condition on each resource will work (and is harder to fool), but the deployment may succeed even though nothing is deployed.

Is it possible to create a CompositeIndex of CosmosDB with ARM template

I find instructions for using ARM templates to create or make changes to CosmosDB, but none of them contain instructions on how to add a CompositeIndex to the template. I have also heard it is not supported in the template and has to be done with PowerShell or Azure CLI script, but have not been able to find a supporting content on the net. Can someone please shed light on this?
I've not tested this but according to the Microsoft.DocumentDB resource provider docs / template reference there is a Microsoft.DocumentDB/databaseAccounts/apis/databases/containers resource which may give you what you need.
Every container has an IndexingPolicy in the template schema, which has an array of IncludedPath objects which themselves have an array of Index objects as follows:
"includedPaths": [
{
"path": "string",
"indexes": [
{
"dataType": "string",
"precision": "integer",
"kind": "string"
}
]
}
]
It's treated as a separate resource from the database / account altogether. You may want to add this resource to your template with an appropriate dependsOn value to ensure it's deployed after your database.
You can add multiple paths therefore making a composite index.
Full schema is here:
https://learn.microsoft.com/en-us/azure/templates/microsoft.documentdb/2015-04-08/databaseaccounts/apis/databases/containers
If this doesn't do it, you may want to look at this too as the schema docs may be out of date and compositeIndexes may be supported:
https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-manage-indexing-policy#composite-indexing-policy-examples

Resources