I know that I can get the host key and trigger_url of an Azure Function in an ARM template by using the listKeys/listSecrets method.
But I need the systemkey, I'm deploying an Event Grid Subscription and it needs the Azure Function endpoint url which contains the system key:
"resources": [
{
"type": "Microsoft.Storage/StorageAccounts/providers/eventSubscriptions",
"name": "[concat(concat(parameters('publisherName'), '/Microsoft.EventGrid/'), parameters('name'))]",
"apiVersion": "2018-01-01",
"properties": {
"destination": {
"endpointType": "[parameters('endpointType')]",
"properties": {
"endpointUrl": "[parameters('endpointUrl')]"
}
},
"filter": {
"subjectBeginsWith": "[parameters('subjectBeginsWith')]",
"subjectEndsWith": "[parameters('subjectEndsWith')]",
"subjectIsCaseSensitive": "[parameters('subjectIsCaseSensitive')]",
"includedEventTypes": "[parameters('includedEventTypes')]"
},
"labels": "[parameters('labels')]"
}
}
]
where endpointUrl is in the form of:
https://<function-app-name>.azurewebsites.net/admin/extensions/EventGridExtensionConfig?functionName=<function-name>&code=XZvGU0ROPxxxxxxxxxxxxxxxxxxxxxxxxxxxxaaieD89gPQ==
The parameter named 'code' is the systemkey, which can be retrieved by doing a GET on
http://<function-app-name>.azurewebsites.net/admin/host/systemkeys/eventgridextensionconfig_extension?code=<master_key>
Is there a way to retrieve this systemkey (or the entire endpointurl) in the ARM template without resorting to bash scripts that inject it or other external systems?
The documentation does say: "However, you cannot use list operations that require values in the request body." So I don't think I'll be able to with a 'list' operation.
Yes, it is now possible:
"destination": {
"endpointType": "WebHook",
"properties": {
"endpointUrl": "[concat(variables('functionUrl'), listKeys(resourceId(variables('functionResourceGroupName'), 'Microsoft.Web/sites/host/', variables('functionAppName'), 'default'),'2016-08-01').systemkeys.eventgrid_extension)]"
}
},
Where functionUrl ends with &code=. Tested that on runtime ~2.
This is not possible right now. You can return only function keys using the ARM template.
Same described here:
https://blog.mexia.com.au/list-of-access-keys-from-output-values-after-arm-template-deployment#functions
Related
I can successfully deploy a Custom Event Grid Topic and Azure Function app via ARM templates.
After that, in a separate ARM deployment, an Azure Function Event Grid Subscription to this custom topic fails at validation stage with the following error:
The template resource 'Microsoft.EventGrid/topics/EventGridCustomTopicName/providers/Microsoft.EventGrid/eventSubscriptions/EventGridSubscriptionName' cannot reference itself.
'EventGridSubscriptionName' is the same as the name of my function app, if that matters.
Again: I have a Topic and a Function app already created.
I have gone through the official examples and documentation, but it does not work for me nevertheless.
Here is my template defined as a root resource:
{
"name": "[concat(parameters('EventGridCustomTopicName'), '/Microsoft.EventGrid/', variables('EventGridSubscriptionName'))]",
"type": "Microsoft.EventGrid/topics/providers/eventSubscriptions",
"location": "[resourceGroup().location]",
"apiVersion": "2018-01-01",
"dependsOn": [
"[parameters('FunctionAppName')]"
],
"properties": {
"destination": {
"endpointType": "WebHook",
"properties": {
"endpointUrl": "[concat('https://', parameters('FunctionAppName'), '.azurewebsites.net/admin/extensions/EventGridExtensionConfig?functionName=TopicSubscriber&code=', variables('funcCode'))]"
}
},
"filter": {
"includedEventTypes": [
"All"
]
}
}
}
Any help is highly appreciated!
i think whats happening the name is ambiguous and it cannot understand what to depends on. try doing something like this:
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('FunctionAppName'))]"
],
I have a VMSS deployed with am ARM template.
I want add it's first VM's IP address to the output.
In the Azure Resource Explorer - I see resource as:
...
"ipConfigurations": [
{
"name": "jm-website-script-4-master-ip",
"id": "/subscriptions/0a4f2b9c-***-40b17ef8c3ab/resourceGroups/jm-website-script-4/providers/Microsoft.Compute/virtualMachineScaleSets/jm-website-script-4-master-vmss/virtualMachines/1/networkInterfaces/jm-website-script-4-master-nic/ipConfigurations/jm-website-script-4-master-ip",
"etag": "W/\"09be80d2-76f5-49fc-ad47-0ef836a3799a\"",
"properties": {
"provisioningState": "Succeeded",
"privateIPAddress": "10.0.0.5",
...
So I tried to add to the variables:
"masterVM": "[concat('Microsoft.Compute/virtualMachineScaleSets/jm-website-script-4-master-vmss/virtualMachines/1/networkInterfaces/jm-website-script-4-master-nic/ipConfigurations/jm-website-script-4-master-ip')]",
And then call in outputs:
"outputs": {
"MasterFirstIPConfig": {
"type": "string",
"value": "[reference(variables('masterVM').properties.privateIPAddress)]"
}
}
Which returns me an error:
The language expression property 'Microsoft.WindowsAzure.ResourceStack.Frontdoor.Expression.Expressions.JTokenExpression' can't be evaluated..
I guess something is completely wrong with my masterVM variable definition here, but can't get it.
UPD The solution
Thanks for the answer by 4c74356b41.
The solution looks like next:
variable definition:
"masterVM": "Microsoft.Compute/virtualMachineScaleSets/jm-website-script-4-master-vmss/virtualMachines/1/networkInterfaces/jm-website-script-4-master-nic"
outputs:
"outputs": {
"MasterFirstIPConfig": {
"type": "string",
"value": "[reference(variables('masterVM'),'2016-09-01').ipConfigurations[0].properties.privateIPAddress]"
}
}
Well, you are targeting the wrong resource. You should be targeting the networkInterface (and you don't need to concat in this case), you also have to reference it properly:
"masterVM": "Microsoft.Compute/virtualMachineScaleSets/jm-website-script-4-master-vmss/virtualMachines/1/networkInterfaces/jm-website-script-4-master-nic]"
And reference like so
"value": "[reference(variables('masterVM'),'2016-09-01').ipConfigurations[0].properties.privateIPAddress]"
Not sure if it is supported in ARM. I could find power-shell references only.
You cannot currently deploy a dacpac with an ARM template. The link above uses PowerShell but not ARM. You can create however create a database from a source database as a copy using an ARM template.
A simple way to find an example template for any Azure action is to perform the action in the portal - in this case, copy a database - and then open the appropriate resource group blade in the portal, list the deployments, locate the deployment just submitted and open it. Then select ViewTemplate from the menu bar and examine both the Template tab and the Parameters tab. These show you the full template and the parameter values actually used. You can then download the template, with accompanying Powershell script.
For database copy, here is the template:
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"databaseName": {
"type": "string"
},
"serverName": {
"type": "string"
},
"location": {
"type": "string"
},
"createMode": {
"type": "string"
},
"sourceDatabaseId": {
"type": "string"
},
"requestedServiceObjectiveName": {
"type": "string"
}
},
"resources": [
{
"apiVersion": "2014-04-01-preview",
"location": "[parameters('location')]",
"name": "[concat(parameters('serverName'), '/', parameters('databaseName'))]",
"properties": {
"createMode": "[parameters('createMode')]",
"sourceDatabaseId": "[parameters('sourceDatabaseId')]",
"requestedServiceObjectiveName": "[parameters('requestedServiceObjectiveName')]"
},
"type": "Microsoft.Sql/servers/databases"
}
]
}
For database copy createMode = 'Copy'
And be sure to provide a fully qualified resourceId formatted as follows:
"/subscriptions/<sub-id>/resourceGroups/<resourceGroupName>/providers/Microsoft.Sql/Servers/<server-name>/databases/<database-name>"
Make sure the resource group name capitalization is correct and that the server name is all lower case.
You can use the sourceDatabaseId property to reference another database. Then you can specify various createModes depending on what type of database you would like to create:
{
"properties": {
"createMode": "OnlineSecondary",
"sourceDatabaseId": "[resourceId('Microsoft.Sql/servers/databases', variables('sql01Name'), 'databasename')]"
}
}
http://msdn.microsoft.com/en-us/library/azure/mt163685.aspx
The answer above from #Bill Gibson - MSFT works if you are using a Microsoft.Sql/servers resource, however if you're using a Microsoft.Sql/managedInstances resource you'll need to use the appropriate Microsoft.Sql/managedInstance/databases - ARM Template.
The following works for me to perform a PointInTimeRestore accessing a source database that lives in another resource group (the variables and parameters are left as an exercise to the reader):
{
"type": "Microsoft.Sql/managedInstances/databases",
"name": "[concat(variables('destinationSqlManagedInstanceName'), '/', 'AdventureWorks')]",
"apiVersion": "2021-11-01",
"location": "[parameters('location')]",
"properties": {
"createMode": "PointInTimeRestore",
"restorePointInTime": "2022-12-14T12:00:00Z",
"sourceDatabaseId": "[resourceId(variables('sourceResourceGroupName'), 'Microsoft.Sql/managedInstances/databases', variables('sourceSqlManagedInstanceName'), 'AdventureWorks')]"
}
}
The documentation is broken in a few ways:
When attempting to perform a PointInTimeRestore the properties referenced (SourceDatabaseName, SourceManagedInstanceName, PointInTime) do not exist. Rather the following properties are used: restorePointInTime and sourceDatabaseId which are documented in the documentation.
Additionally, the restorePointInTime indicates that the time should be in ISO8601 format, however this is not the same as what is returned by utcNow(). Testing has shown that you must provide it in this version of the ISO8601 format: yyyy-MM-ddTHH:mm:ssZ which can be done using utcNow('yyyy-MM-ddTHH:mm:ssZ').
I have created an issue to try and get the documentation fixed up here: https://github.com/MicrosoftDocs/azure-docs/issues/102717
I'm attempting to deploy an Azure Logic App that includes an action to Send a message on a Service Bus using an ARM template.
In addition to deploying the Logic App, the ARM template deploys a Service Bus Namespace, a Queue and two AuthorizationRule (one for sending and one for listening).
I want to dynamically set the connection information for the Send Service Bus Message action to use the Connection string generated for the AuthorizationRule that supports sending.
When I create this in the portal editor (specifying the connection string for sending), I noticed the following is generated in code view...
"Send_message.": {
"conditions": [
{
"dependsOn": "<previous action>"
}
],
"inputs": {
"body": {
"ContentData": "#{encodeBase64(triggerBody())}"
},
"host": {
"api": {
"runtimeUrl": "https://logic-apis-westus.azure-apim.net/apim/servicebus"
},
"connection": {
"name": "#parameters('$connections')['servicebus']['connectionId']"
}
},
"method": "post",
"path": "/#{encodeURIComponent(string('<queuename>'))}/messages"
},
"type": "apiconnection"
}
},
I assume that the connection information is somehow buried in #parameters('$connections')['servicebus']['connectionId']"
I then used resources.azure.com to navigate to the logic app to see if I could get more details as to how #parameters('$connections')['servicebus']['connectionId']" is defined.
I found this:
"parameters": {
"$connections": {
"value": {
"servicebus": {
"connectionId": "/subscriptions/<subguid>/resourceGroups/<rgname>/providers/Microsoft.Web/connections/servicebus",
"connectionName": "servicebus",
"id": "/subscriptions/<subguid>/providers/Microsoft.Web/locations/westus/managedApis/servicebus"
}
}
}
}
But I still don't see where the connection string is set.
Where can I set the connection string for the service bus action in an ARM template using something like the following?
[listkeys(variables('sendAuthRuleResourceId'), variables('sbVersion')).primaryConnectionString]
EDIT: Also, I've referred to was seems to be a promising Azure quick start on github (based on the title), but I can't make any sense of it. It appears to use an older schema 2014-12-01-preview, and the "queueconnector" references an Api Gateway. If there is a newer example out there for this scenario, I'd love to see it.
I've recently worked on an ARM Template for the deployment of logic apps and service bus connection. Here is the sample template for configuring service bus connection string within the type "Microsoft.Web/connections". Hope it helps.
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('connections_servicebus_name')]",
"location": "centralus",
"dependsOn": [
"[resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', parameters('ServiceBusNamespace'), 'RootManageSharedAccessKey')]"
],
"properties": {
"displayName": "ServiceBusConnection",
"customParameterValues": {},
"api": {
"id": "[concat(subscription().id, '/providers/Microsoft.Web/locations/centralus/managedApis/servicebus')]"
},
"parameterValues": {
"connectionString": "[listKeys(resourceId('Microsoft.ServiceBus/namespaces/authorizationRules', parameters('ServiceBusNamespace'), 'RootManageSharedAccessKey'), '2017-04-01').primaryConnectionString]"
}
}
}
As you know connections is a resource so it needs to be created first did you refer this https://blogs.msdn.microsoft.com/logicapps/2016/02/23/deploying-in-the-logic-apps-preview-refresh/. Quick start link you are referring is for older schema.
I want to create a virtual machine that anyone can launch using the ARM REST API.
How do I do that? I cannot find instructions.
Apparently it is possible to create public virtual machine images here: https://vmdepot.msopentech.com/help/contribute/vhd.html/
There are a couple of ways you could do this. Presuming you have got a website / application etc at the frontend, and it is simply the backend communication you're looking for.
Prerequisites
The option here presumes that you have an active Microsoft Azure account, and are able to create a VM there via the portal. Once you are at a stage that you can do that, you can use the REST API to create a machine instead.
Option 1
You can either use the REST API to directly create a VM by PUTing a request to this URI -
https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/Microsoft.Compute/virtualMachines/{vm-name}?validating={true|false}&api-version={api-version}
You would need to attach a JSON document to that request that would define the machine you are creating.
{
"id":"/subscriptions/{subscription-id}/resourceGroups/myresourcegroup1/providers/Microsoft.Compute/virtualMachines/myvm1",
"name":"myvm1",
"type":"Microsoft.Compute/virtualMachines",
"location":"westus",
"tags": {
"department":"finance"
},
"properties": {
"availabilitySet": {
"id":"/subscriptions/{subscription-id}/resourceGroups/myresourcegroup1/providers/Microsoft.Compute/availabilitySets/myav1"
},
"hardwareProfile": {
"vmSize":"Standard_A0"
},
"storageProfile": {
"imageReference": {
"publisher":"MicrosoftWindowsServerEssentials",
"offer":"WindowsServerEssentials",
"sku":"WindowsServerEssentials",
"version":"latest"
},
"osDisk": {
"name":"myosdisk1",
"vhd": {
"uri":"http://mystorage1.blob.core.windows.net/vhds/myosdisk1.vhd"
},
"caching":"ReadWrite",
"createOption":"FromImage"
},
"dataDisks": [ {
"name":"mydatadisk1",
"diskSizeGB":"1",
"lun": 0,
"vhd": {
"uri" : "http://mystorage1.blob.core.windows.net/vhds/mydatadisk1.vhd"
},
"createOption":"Empty"
} ]
},
"osProfile": {
"computerName":"myvm1",
"adminUsername":"username",
"adminPassword":"password",
"customData":"",
"windowsConfiguration": {
"provisionVMAgent":true,
"winRM": {
"listeners": [ {
"protocol": "https",
"certificateUrl": "url-to-certificate"
} ]
},
"additionalUnattendContent": {
"pass":"oobesystem",
"component":"Microsoft-Windows-Shell-Setup",
"settingName":"FirstLogonCommands|AutoLogon",
"content":"<XML unattend content>"
}
"enableAutomaticUpdates":true
},
"secrets":[ {
"sourceVault": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myresourcegroup1/providers/Microsoft.KeyVault/vaults/myvault1"
},
"vaultCertificates": [ {
"certificateUrl": "https://myvault1.vault.azure.net/secrets/{secretName}/{secretVersion}"
"certificateStore": "{certificateStoreName}"
} ]
} ]
},
"networkProfile": {
"networkInterfaces": [ {
"id":"/subscriptions/{subscription-id}/resourceGroups/myresourceGroup1/providers /Microsoft.Network/networkInterfaces/mynic1"
} ]
}
}
}
More details about the authentication and parameters can be found at the Azure Virtual Machine Rest documentation - Create or update a virtual machine
Option 2
Alternatively you can create an Azure Resource Manager Template, such as 101-vm-simple-linux on Azure's Github template repository
Once you have a template defined for the VM you want to deploy you can PUT another request to this URI
https://management.azure.com/subscriptions/{subscription-id}/resourcegroups/{resource-group-name}/providers/microsoft.resources/deployments/{deployment-name}?api-version={api-version}
If you copy that template file to an Azure blob, along with another file specifying any parameters it needs, and send this JSON document with the PUT request
{
"properties": {
"templateLink": {
"uri": "http://mystorageaccount.blob.core.windows.net/templates/template.json",
"contentVersion": "1.0.0.0",
},
"mode": "Incremental",
"parametersLink": {
"uri": "http://mystorageaccount.blob.core.windows.net/templates/parameters.json",
"contentVersion": "1.0.0.0",
}
}
}
You can find the documentation for this at - Create a template deployment
This is to elaborate on #Michael B's answer: To discover what images are available, you can use the VMDepot -- of course -- or you can query for all the marketplace images. Look at the publishers list first, and then from there you can decide which images you would like.
The URN value you discover will be the one you want to use in your REST call. Hope this helps...