Develop Reference

ARM template for API Connection to Service Bus using Managed Identity

To create an API Connection to Azure Service Bus using Managed Identity I'm using the following template:
"resources": [
{
"type": "MICROSOFT.WEB/CONNECTIONS",
"apiVersion": "2018-07-01-preview",
"name": "[parameters('connections_servicebus_name')]",
"location": "[parameters('connections_servicebus_location')]",
"kind": "V1",
"properties": {
"alternativeParameterValues": {},
"displayName": "[parameters('connections_servicebus_displayname')]",
"api": {
"name": "[parameters('connections_servicebus_name')]",
"displayName": "[parameters('connections_servicebus_displayname')]",
"id": "[concat(subscription().id, '/providers/Microsoft.Web/locations/', parameters('connections_servicebus_location'), '/managedApis/', 'servicebus')]",
"type": "Microsoft.Web/locations/managedApis"
},
"customParameterValues": {},
"parameterValueSet": {
"name": "managedIdentityAuth",
"values": {}
}
}
}
]
that is actually working except for the fact that the 'NamespaceEndpoint' information (like: sb://mySBNS.servicebus.windows.net) is not provided anywhere and so the field appear empty on Azure portal:
After adding it manually, the connection and the LogicApp that is using it, start to work.
What is the json field to provide that information??

You can refer to this question for full details:
"parameterValueSet": {
"name": "managedIdentityAuth",
"values": {
"namespaceEndpoint": {
"value": "sb://<servicebus-namespace-name>.servicebus.windows.net/"
}
}
}

adding bing maps in arm template azure

I want to add a bing map resource to my arm template, however I get this error :
"STATUS BadRequest
STATUS MESSAGE {
"error": {
"code": "ResourcePurchaseValidationFailed",
"message": "User failed validation to purchase resources. Error message: 'Offer with PublisherId: bingmaps and OfferId: bingmapsapiforenterprise not found.
If this offer has been created recently, please allow up to 30 minutes for this offer to be available for Purchase. If error persists, contact support.'"
}
}
PROVISIONING STATE Failed
"
here is part of my code :
"resources": [
{
"name": "bingmapsARM",
"type": "Microsoft.BingMaps/mapApis",
"apiVersion": "2016-08-18",
"location": "westus",
"plan": {
"publisher": "bingmaps",
"product": "bingmapsapiforenterprise",
"promotionCode": null,
"name": "internal1"
}
},
Any help is much appreciated..

here's what I got from the portal:
{
"type": "Microsoft.BingMaps/mapApis",
"apiVersion": "2016-08-18",
"name": "yyy",
"location": "xxx",
"plan": {
"publisher": "bingmaps",
"product": "mapapis",
"name": "public1",
"promotionCode": ""
},
"properties": {}
}

Is it possible to upload APNS Certificates to the azure notification hub programatically or via the CLI

We are investigating the azure notification hub, and while we have had success sending/receiving messages from it, we also require programatic configuration of the hub.
It seems that the only way possible to create the notification hub is via the azure cli with an azuredeploy.json ARM template like this one. However, I can't find any information about adding an APNS certificate to that.
Looking at the Automation Script generated from our hub, there is no evidence of the google firebase API key or the APNS certificate. Is this possible or do these need to be done through the azure portal at all times.
UPDATED: I have managed to create a notification hub namespace using the arm template with little issue, however I am getting a "bad request" (correlation id - 3faee649-7084-436d-8d7e-4a9c6f79cc4e) when trying to create the notification hub itself with the apns certificate.
this post is someone having a similar problem, however their key for the apns is a lot shorter than mine. I literally created a base64 string from the certificate file which is 5000+ characters wrong, I assume that is incorrect, but I can't figure out what value from apple is meant to go in here.
My template looks like this:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"Gcm.GoogleApiKey": {
"type": "string",
"metadata": {
"description": "Google Cloud Messaging API Key"
},
"defaultValue": ""
},
"Apns.apnsCertificate": {
"type": "string",
"metadata": {
"description": "A certificate (in base 64 format) provided by Apple on the iOS Provisioning Portal"
}
},
"Apns.certificateKey": {
"type": "string",
"metadata": {
"description": "The Certificate Key provided by the iOS Provisioning Portal when registering the application"
},
"defaultValue": ""
},
"Apns.endpoint": {
"type": "string",
"metadata": {
"description": "The APNS endpoint to which our service connects. This is one of two values: gateway.sandbox.push.apple.com for the sandbox endpoint or gateway.push.apple.com, for the production endpoint. Any other value is invalid"
},
"defaultValue": "gateway.sandbox.push.apple.com"
}
},
"variables": {
"hubVersion": "[providers('Microsoft.NotificationHubs', 'namespaces').apiVersions[0]]",
"notificationHubNamespace": "[concat('hubv2', uniqueString(resourceGroup().id))]",
"notificationHubName": "notificationhub"
},
"resources": [
{
"name": "[variables('NotificationHubNamespace')]",
"location": "[resourceGroup().location]",
"type": "Microsoft.NotificationHubs/namespaces",
"apiVersion": "2017-04-01",
"comments": "Notification hub namespace",
"properties": {
"namespaceType": "NotificationHub"
},
"resources": [
{
"name": "[concat(variables('NotificationHubNamespace'),'/',variables('NotificationHubName'))]",
"location": "[resourceGroup().location]",
"type": "Microsoft.NotificationHubs/namespaces/notificationHubs",
"apiVersion": "2017-04-01",
"properties": {
"GcmCredential": {
"properties": {
"googleApiKey": "[parameters('Gcm.GoogleApiKey')]",
"gcmEndpoint": "https://android.googleapis.com/gcm/send"
}
},
"apnsCredential": {
"properties": {
"apnsCertificate" : "[parameters('Apns.apnsCertificate')]",
"certificateKey" : "[parameters('Apns.certificateKey')]",
"endpoint" : "[parameters('Apns.endpoint')]"
}
}
},
"dependsOn": [
"[concat('Microsoft.NotificationHubs/namespaces/', variables('NotificationHubNamespace'))]"
]
}
]
}
],
"outputs": {
}
}

In the apnsCredentials property, the apsnCertificate is the base64 string from file and the certificatekey is your certificate password which needs to be a strong password. Are you following the same?
Also, is there an inner error message you see. If yes, what is it?
Thanks,
Amol

Azure Container Service using Rest API

I would like to create azure container with resource group and cluster of specific Orchestrator Kubernetes cluster.
I know by using CLI its possible but I want to do this using Azure Rest API's for Container service from link given here
learn.microsoft.com/en-us/rest/api/container-service/containerservices/createorupdate
Registered my app in AAD and gave required permissions.
Got access token and making request to below api as per link
PUT management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/containerServices/{containerServiceName}?api-version=2017-01-31
but I am getting error as
{
"error": {
"code": "InvalidResource"
"message": "The resource definition is invalid."
}
}
I understand we get this error when there is nothing in request body.
So my real question here is if I want to create container service with resource group and cluster using API request.
Request Body
{
"id": "myCluster",
"name": "myCluster",
"type": "Microsoft.ContainerService/containerServices",
"location": "southindia",
"tags": {
"tag": "test"
},
"properties": {
"orchestratorProfile": {
"orchestratorType": "Kubernetes"
},
"servicePrincipalProfile": {
"clientId": "<clientid>,
"secret": "<secret>"
},
"masterProfile": {
"count": 1,
"dnsPrefix": "testabc"
},
"agentPoolProfiles": {
"name": "agentPool1234",
"count": 2,
"vmSize": "Standard_A1",
"dnsPrefix": "testabcagents"
},
"linuxProfile": {
"adminUsername": "kubeadmin",
"ssh": {
"publicKeys": [
{
"keyData": "sshkey"
}
]
}
}
}
}
Response getting
{
"code": "BadRequest",
"message": "An error has occurred in subscription <subscriptionid>, resourceGroup: tobeDeletedResourceGroup request: OrchestratorType has unknown orchestrator: ."
}
Please help me out on this

Two things are missing from Azure REST API documentation.
1) It requires version of orchestratorRelease with orchestratorType like this. "orchestratorProfile": {
"orchestratorType": "Kubernetes",
"orchestratorRelease": "1.7"
}
2) Next error i got about missing vmSize in Properties.MasterProfile.VMSize.
So I have added following updates to json
"masterProfile": {
"count": 1,
"dnsPrefix": "testabc",
"vmSize": "Standard_D2_v2"
}
Its very surprising and annoying that documentation is missing these 2 important json parameters.

agentPoolProfiles should be an array of json objects. I pulled this example from azure-cli's mock unit tests to help give you a frame of reference.
https://gist.github.com/bacongobbler/470b8d139536144edf91174916ec4036

VSTS deployment fails with "Authorization failed for ... of type 'Microsoft.Storage/storageAccounts/providers/locks'"

I'm deploying an ARM template with VSTS which contains a lock (in my case lock on a Storage Account for a Function App)
{
"parameters": {
"name": {
"type": "string"
},
"storageName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"resources": [
{
"apiVersion": "2015-05-01-preview",
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageName')]",
"location": "[parameters('location')]",
"properties": {
"accountType": "Standard_LRS"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts/providers/locks",
"name": "[concat(parameters('storageName'), '/Microsoft.Authorization/', parameters('storageName'))]",
"apiVersion": "2015-01-01",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', parameters('storageName'))]"
],
"properties": {
"level": "CannotDelete",
"notes": "One or more function apps were linked to this storage account. You can see all the function apps linked to the account under 'files' or 'shares'."
}
}
]
},...
That just works fine when deploying from VS or from command line with my credentials.
However when deploying from a VSTS release definition, the deployment fails with:
Resource Microsoft.Resources/deployments 'myFunctionApp' failed with message '{
"error": {
"code": "InvalidTemplateDeployment",
"message": "The template deployment failed with error: 'Authorization failed for template resource 'myFunctionAppStorage/Microsoft.Authorization/myFunctionAppStorage' of type 'Microsoft.Storage/storageAccounts/providers/locks'. The client '***VSTS service principal Id***' with object id '***VSTS service principal Id***' does not have permission to perform action 'Microsoft.Authorization/locks/write' at scope '/subscriptions/*** subscription ***/resourceGroups/*** resource group ***/providers/Microsoft.Storage/storageAccounts/myFunctionAppStorage/providers/Microsoft.Authorization/locks/myFunctionAppStorage'.'."
}
}
When I remove the Microsoft.Storage/storageAccounts/providers/locks section from the template, the VSTS deployment works. But then the storage account would bear no lock preventing a deletion.

Contributor role - which is assigned when VSTS creates the Service Principal in the AAD connected to the Resource Groups Subscription - is not sufficient for placing the lock. Assign Owner and the lock can be placed with the VSTS deployment process.