I am building an Web Application and deploy it into Azure using ARM Templates. I am creating and deploying them without any problem. I am trying to access contentVersion in output session. But, I am receiving an message
Unable to evaluate template outputs
I tried it in following ways:
"outputs": {
"Contentoutput": {
"type": "string",
"value": "[reference('contentVersion')]" //First case
"value": "[reference('contentVersion').value]" //Second case
"value": "['contentVersion']" //Third case
"value": "[contains('contentVersion','contentVersion')]" //Fourth case
}
}
How to access the contentVersion in output session?
A better way of outputting the content version would be to use the deployment function (see documentation).
Your workaround solution would then translate to:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [],
"outputs": {
"contentVersion": {
"type": "string",
"value": "[deployment().properties.template.contentVersion]"
}
}
}
I also can't find a way to get it in the outputs. According to the azure official document, we could know that contentVersion could the value you supplied.
contentVersion: Version of the template (such as 1.0.0.0). You can provide any value for this element. When deploying resources using the template, this value can be used to make sure that the right template is being used.
So my workaround is that you could define it as a parameter then you could get it from outputs. The following is the demo code. You also could give your idea to Azure team
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"contentVersion": {
"type": "string",
"defaultValue": "1.0.0.0",
"metadata": {
"description": "contentVersion"
}
}
},
"variables": {
},
"resources": [
],
"outputs": {
"contentVersion": {
"type": "string",
"value": "[parameters('contentVersion')]"
}
}
}
Related
I've set up the problem in the these two files. The template is simply POSTing the parameter with a fake url to check the value.
read_secret_params.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"ftpPrivateKey": {
"reference": {
"keyVault": {
"id": "/subscriptions/dummyid/resourceGroups/dummyrg/providers/Microsoft.KeyVault/vaults/myvault"
},
"secretName": "mysecret"
}
}
}
}
read_secret_template.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"ftpPrivateKey": {
"type": "securestring"
}
},
"resources": [
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2019-05-01",
"name": "read-secret",
"location": "East US",
"properties": {
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"triggers": {
"Recurrence": {
"recurrence": {
"frequency": "Week",
"interval": 1
},
"type": "Recurrence"
}
},
"actions": {
"HTTP": {
"inputs": {
"body": "[parameters('ftpPrivateKey')]",
"method": "POST",
"uri": "https://dummysite.com"
},
"runAfter": {},
"type": "Http"
}
},
"outputs": {}
},
"parameters": {}
}
}
]
}
The first issue is, when I try to deploy via the portal, no value comes thru for the parameter so it can't create it due to the validation error "Validation failed. Required information is missing or not valid.". Is this because it's not able to read the secret, permissions thing? NOTE: the key vault is also created by myself so I am the owner.
I can get around the validation error and successfully deploy by adding a default value as follows:-
"parameters": {
"ftpPrivateKey": {
"type": "securestring",
"defaultValue": "privateKeyDefault"
}
},
But when I run the logic app, it's using the default value in the POST command so it seems like it's not pulling the secret out of the key vault.
So in summary I have 2 questions:-
Has this test proved that the logic app is not reading the secret OR might it have successfully read the secret but is for some reason displaying the default value in the POST command?
If it is not reading the secret, can anyone suggest a cause + fix?
If I deploy using the Azure CLI then it works i.e. gets the secret from Azure Key Vault. If deployed in the portal then it always uses the default value.
I am fetching value from key vault but it my secure string is visible in parameter windows in azure logic app. how can I hide it from this window?
dev.logic.parameters.json File:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"logicAppName": {
"value": "gaf-ir-dev-publisheventtosfplatform-logicapp"
},
"salesforce-client-secret": {
"reference": {
"keyVault": {
"id": "/subscriptions/42187cc7-b2ae-423a-9039-00298be79cdf/resourceGroups/ir-dev-use-rg/providers/Microsoft.KeyVault/vaults/ir-dev-use-kv"
},
"secretName": "SalesforceClientSecret"
}
}
}
}
LogicApp.json File
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"logicAppName": {
"type": "string",
"minLength": 1,
"maxLength": 80,
"metadata": {
"description": "Name of the Logic App."
}
},
"salesforce-client-secret": {
"type": "securestring",
"metadata": {
"description": "salesforce-client-secret"
}
}
}
},
"variables": {},
"resources": [
{
"name": "[parameters('logicAppName')]",
"type": "Microsoft.Logic/workflows",
"location": "[parameters('logicAppLocation')]",
"tags": {
"displayName": "LogicApp"
},
"apiVersion": "2016-06-01",
"properties": {
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"actions": "..."
"parameters": {
"salesforce-client-secret": {
"type": "securestring",
"defaultValue": "[parameters('salesforce-client-secret')]"
}
},
"triggers": {
"manual": {
"type": "Request",
"kind": "Http",
"inputs": {
"schema": {}
}
}
},
"contentVersion": "1.0.0.0",
"outputs": {}
},
"parameters": {}
}
}
],
"outputs": {}
}
Parameters Window:
As you can see it is showing secret value in default value text box. It should not be visible in the parameters window.
Storing secret values and secret objects in a parameter is not suggested as mentioned in MS document.
Check if below scenario helps in your case,
Created logic app as shown below,
I have secret stored in azure key vault and retrieving the value using Get secret action and I have enabled secure input and output so that it will not show in run history window.
Using the secret value in http action and getting data.
The secret value will not be visible in run history window,
Note: As mentioned by #Skin, you can use built in actions like variables and assign secret value to variable. So that you can use value throughout logic app using variable and you can secure it using settings option.
I'm trying to use different templates for creating a NSG and then for a spoke. I don't want to use nested template, instead I want the out of NSG template as resource ID and give reference to spoke template as a parameter. Can this be achieved or is it just the case for nested template also the parameters in the spoke template where NSG resource ID is needed is in a array as I have used copy function.
"outputs": {"resourceID": {
"type": "string",
"value": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]"}}
This output is to be used here
"subnetsConfiguration": {
"value": [
{
"name": "app-subnet",
"addressPrefix": "10.112.0.0/20",
"networkSecurityGroupName": "set the resource ID as a reference here",
To get an output value from a linked template, retrieve the property value with syntax like: [reference('deploymentName').outputs.propertyName.value]
First, the linked template- helloworld.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [],
"outputs": {
"greetingMessage": {
"value": "Hello World",
"type" : "string"
}
}
}
The main template deploys the linked template and gets the returned value -
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "linkedTemplate",
"properties": {
"mode": "incremental",
"templateLink": {
"uri": "[uri(deployment().properties.templateLink.uri, 'helloworld.json')]",
"contentVersion": "1.0.0.0"
}
}
}
],
"outputs": {
"messageFromLinkedTemplate": {
"type": "string",
"value": "[reference('linkedTemplate').outputs.greetingMessage.value]"
}
}
}
Please refer this documentation for more details.
I have a solution consisting of different services I need to deploy in my Azure account:
global_params.json:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"globalParam1": {
"value": "v1"
},
"globalParam2": {
"value": "v2"
}
}
}
myservice_params.json:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"svcParam1": {
"value": "v1"
},
"svcParam2": {
"value": "v2"
},
"svcParam3": {
"value": "v3"
}
}
}
In my ARM template azuredeploy.json I need to get both groups of parameters:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"globalParam1": {...}
},
"globalParam2": {...}
},
"svcParam1": {...}
},
"svcParam2": {...}
},
"svcParam3": {...}
}
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2020-08-01",
"name": "[parameters('storageAccountName')]",
"location": "[parameters('globalParam1')]",
"sku": {
"name": "[parameters('svcParam1')]",
"tier": "[parameters('svcParam2')]"
},
"kind": "[parameters('svcParam3')]",
"properties": {
"accessTier": "[parameters('globalParam2')]"
}
}
]
}
How do I use the Azure CLI to make sure I pass parameters merged from both parameters file? I know one parameter file can be passed as follow (see doc):
az deployment group create ... --template-file ./azuredeploy.json --parameters #myservice_params.json
But how to specify two parameters files and get them merged?
The CLI (nor Azure itself) support this - you would have to do the merge yourself prior to calling into Azure.
You could use defaultValues on the parameters in the template to come close to replicating.
Although article is few months old, I tested it by adding second parameters file using #.
So command will be:
az deployment group create -g resourceGroup --template-file template.json --parameters #parameters1.json #parameters2.json
I am fetching messages from service bus topic.
I want to parameterize the topic name here.
I tried
"path": /#{encodeURIComponent(encodeURIComponent('[parameters('topicname')]'))}/messages",
And concat() also I have tried but nothing is working.
Can someone please help me on this?
If you don't want to deal with concat(), you should have a look at this article:
Schema reference for Workflow Definition Language in Azure Logic Apps
You can specify Logic App parameters which are different from ARM Template parameters.
So to summarize, you create an ARM parameter, a Logic App parameter then you map the ARM parameter to the Logic App parameter. It is a little bit complicated but you avoid using concat function.
So an ARM template should look like this:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"topicname": {
"type": "string",
"metadata": {
"description": "The name of the topic."
}
}
...
},
"variables": {
...
},
"resources": [
{
"type": "Microsoft.Logic/workflows",
"properties": {
"definition": {
...
"path": "/#{encodeURIComponent(encodeURIComponent(parameters('topicname')))}/messages",
...
},
"contentVersion": "1.0.0.0",
"outputs": {},
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
},
"topicname": {
"type": "String"
}
}
},
"parameters": {
"$connections": {
...
},
"topicname": {
"value": "[parameters('topicname')]"
},
}
},
"dependsOn": [
]
}
]
}