We have an Azure ARM template, which is adding appsettings for a Microsoft.Web/site.
"resources": [
{
"apiVersion": "2016-03-01",
"name": "myazurefunction",
"type": "Microsoft.Web/sites",
"properties": {
"name": "myazurefunction",
"siteConfig": {
"appSettings": [
{
"name": "MY_SERVICE_URL",
"value": "[concat('https://myservice-', parameters('env'), '.domain.ca')]"
}
]
}
}
}
]
We also have four parameters.environment.json files. For instance, this is the content of parameters.dev.json.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01...",
"contentVersion": "1.0.0.0",
"parameters": {
"env": {
"value": "dev"
}
}
}
The template and its parameters favor convention over configuration. This is working nicely for the most part, and leads to the following MY_SERVICE_URL values.
https://myservice-dev.domain.ca
https://myservice-qa.domain.ca
https://myservice-ci.domain.ca
https://myservice-prod.domain.ca
The problem is that we want to break the convention for the dev environment. That is, we want it to have a MY_SERVICE_URL that looks something like this:
https://abc123.foo.bar.baz.ca
How can we configure the ARM template to break the convention for only one environment?
My first though is to use a conditional like this, but such an ARM function appears not to be available.
"name": "MY_SERVICE_URL",
"value": "[parameters('env') -eq 'dev'
? 'https://abc123.foo.bar.baz.ca'
: concat('https://myservice-', parameters('env'), '.domain.ca')]"
just create a variable that would depend on the parameter:
"parameters": {
...
"DeploymentType": {
"type": "string",
"allowedValues": [
"Dev",
"Prod"
]
}
...
"variables": {
"Dev": "https://some_service-ci.domain.com",
"Prod": "https://abc123.foo.bar.baz.com",
"DeploymentVariable": "[variables(parameters('DeploymentType'))]",
...
"appSettings": [
"name": "MY_SERVICE_URL",
"value": "[variables('DeploymentVariable')]"
]
...
Ok, so how does this work. you pass in the parameter 'DeploymentType', it can be PROD or DEV. If you pass DEV "DeploymentVariable": "[variables(parameters('DeploymentType'))]", - this evaluates to "[variables('Dev')]" and gets the value of "Dev": "https://some_service-ci.domain.com",
For the example in the question, the answer ended up looking like this:
"variables": {
"myServiceUrl_default": "[concat('https://myservice-', parameters('env'), '.domain.ca')]",
"myServiceUrl_dev": "https://abc123.foo.bar.baz.ca",
"myServiceUrl_ci": "[variables('myServiceUrl_default')]",
"myServiceUrl_qa": "[variables('myServiceUrl_default')]",
"myServiceUrl_prod": "[variables('myServiceUrl_default')]",
"myServiceUrl": "[variables(concat('myServiceUrl_', 'parameters('env')'))]"
},
...
"appSettings: [
{
"name": "MY_SERVICE_URL",
"value": "[variables('myServiceUrl')]"
}
]
Related
I have a VMSS which I deployed using ARM templates. This is the networkProfile block under VMSS resource section.
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "[variables('nicName')]",
"properties": {
"primary": true,
"ipConfigurations": [
{
"name": "[concat(variables('VMSSName'), '-ipconfig')]",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
},
"applicationGatewayBackendAddressPools": "[variables('AppGatewayBackendAddressPool')]"
}
}
]
}
}
]
},
In Variable section, if I use resourceId() function and provide values from parameters then it does not apply the configuration in VMSS. for example:
"AppGatewayBackendAddressPool": "[resourceId(parameters('VirtualNetworkResourceGroup'),'Microsoft.Network/applicationGateways/backendAddressPools', parameters('ApplicationGatewayName'), parameters('BackendAddressPool'))]",
I've also tried adding parameters('SubscriptionName') but the result is same.
"AppGatewayBackendAddressPool": "[resourceId(parameters('SubscriptionName') ,parameters('VirtualNetworkResourceGroup'),'Microsoft.Network/applicationGateways/backendAddressPools', parameters('ApplicationGatewayName'), parameters('BackendAddressPool'))]",
When I declare variable like below then it applies backendAddressPool configuration in Networking -> Load Balancing.
"AppGatewayBackendAddressPool": [
{ "id": "/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/applicationGateways/<applicationGatewayName>/backendAddressPools/<backendAddressPool>" }
],
Similar I'm doing with subnetRef like below and that is working fine.
"subnetRef": "[resourceId(parameters('VirtualNetworkResourceGroup'), 'Microsoft.Network/virtualNetworks/subnets', parameters('VirtualNetworkName'), parameters('SubnetName'))]",
I want to parametrize the deployment by defining separate parameters.json file so I can attach applicationGatewayBackendAddressPools with different virtual machine scale sets.
This is how I achieved it by following Ked Mardemootoo answer.
IP configuration section under networkProfile of VMSS resource.
"ipConfigurations": [
{
"name": "[concat(variables('VMSSName'), '-ipconfig')]",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
},
"applicationGatewayBackendAddressPools": [
{ "id": "[concat(parameters('AapplicationGatewayExternalid'), '/backendAddressPools/', parameters('BackendAddressPool'))]" }
]
}
}
]
Template file parameters:
"BackendAddressPool": {
"type": "string",
"metadata": {
"description": "Backend pool to host blue/green vmss."
}
},
"AapplicationGatewayExternalid": {
"type": "string",
"metadata": {
"description": "Application Gateway Id."
}
}
Now, ARM template is calling and referencing applicationGatewayBackendAddressPools attribute dynamically under VMSS' resource section.
I have these two parameters in parameters.json file where I can define values according to environment.
"BackendAddressPool": {
"value": "<backendPoolName>"
},
"AapplicationGatewayExternalid": {
"value": "/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/applicationGateways/<ApplicationGatewayName>"
}
Overriding template variables in release pipeline vars:
overriding template vars
Defining in pipeline vars
pipeline var
You seem to be missing the concat in the variables. Looking at the raw json on my end, this is how it's configured. See if you can do something similar, and convert the subnet name and backend address pool to variables.
"ipConfigurations": [
{
"name": "ip-vmss-name",
"properties": {
"primary": true,
"subnet": {
"id": "[concat(parameters('virtualNetworks_vnet_externalid'), '/subnets/snet-vm')]"
},
"privateIPAddressVersion": "IPv4",
"applicationGatewayBackendAddressPools": [
{
"id": "[concat(parameters('applicationGateways_agw_1_externalid'), '/backendAddressPools/be-addr-pool-vmss-1')]"
}
]
}
}
]
Nothing seems wrong with your variables/parameters call but applicationGatewayBackendAddressPools is not a valid attribute for neither VMSS nor Application Gateway.
You can do it check AKS and Application Gateway documentations. I achieve the same goal by setting backendAddressPools, which is in Application Gateway section, in different parameters.json files.
I suspect it's not possible to do what I'm looking for but it's worth a shot!
I have a pipeline for provisioning Azure log query alert rules. The individual alert rules are defined as ARM parameter files, and I use a shared ARM template file to deploy them.
Here's a stripped down version of my template file with most of the parameters omitted.
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"logQuery": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Query to execute against the AI resource"
}
}
},
"variables": {
"appInsightsResourceId": "[concat(resourceGroup().id,'/providers/','microsoft.insights/components/', parameters('appInsightsResourceName'))]",
"actionGroupId": "[concat(resourceGroup().id,'/providers/','microsoft.insights/actionGroups/', parameters('actionGroupName'))]",
"linkToAiResource" : "[concat('hidden-link:', variables('appInsightsResourceId'))]"
},
"resources":[{
"name":"[parameters('alertName')]",
"type":"Microsoft.Insights/scheduledQueryRules",
"location": "northeurope",
"apiVersion": "2018-04-16",
"tags": {
"[variables('linkToAiResource')]": "Resource"
},
"properties":{
"description": "[parameters('alertDescription')]",
"enabled": "[parameters('isEnabled')]",
"source": {
"query": "[parameters('logQuery')]",
"dataSourceId": "[variables('appInsightsResourceId')]",
"queryType":"[parameters('logQueryType')]"
},
"schedule":{
"frequencyInMinutes": "[parameters('alertSchedule').Frequency]",
"timeWindowInMinutes": "[parameters('alertSchedule').Time]"
},
"action":{
"odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
"severity": "[parameters('alertSeverity')]",
"aznsAction":{
"actionGroup":"[array(variables('actionGroupId'))]"
},
"trigger":{
"thresholdOperator":"[parameters('alertTrigger').Operator]",
"threshold":"[parameters('alertTrigger').Threshold]"
}
}
}
}
]
}
You can see how I'm providing the App Insights query as a parameter, so my parameters file could look something like:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"logQuery": {
"value": "requests | where resultCode >= 500"
}
}
}
However, these queries can be very long and hard to understand when viewing as an unbreakable JSON string. So I want to parametize this parameter (if you know what I mean) so that the key variables are defined and supplied separately. I was thinking about changing the parameters to something like this, introducing a new parameter holding an array of placeholder replacements for the parametized query...
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"logQueryVariables": [
{ "{minCode}": "500" }
],
"logQuery": {
"value": "requests | where resultCode >= {minCode}"
}
}
}
...then finding a way to iterate over the variables array and replace the placeholders in the logQuery parameter, I thought maybe I could use an ARM function or something. But I'm afraid to admit I'm stuck with this part. Is it possible to use the copy syntax to do something like this?
depends on what the end result should look like you can do this different ways, but I'd suggest against doing this in the template and suggest you do this outside of the template and feed in the result. If you really want to achieve exactly what you describe you can do that** with nested deployments. I dont think there is any other way of iterating through an array to build a string in ARM Templates.
This is the closest I could come. We do the input looping in powershell for secretObjects.
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('KeyVaultName'), '/',
variables('secretsObject').secrets[copyIndex()].secretName)]",
"apiVersion": "2018-02-14",
"dependsOn": [
"[concat('Microsoft.KeyVault/vaults/', variables('KeyVaultName'))]"
],
"copy": {
"name": "secretsCopy",
"count": "[length(variables('secretsObject').secrets)]"
},
"properties": {
"value": "[variables('secretsObject').secrets[copyIndex()].secretValue]"
}
}
When deploying an ARM template using resource iteration, I'd like to pass the resource properties as an object.
Doing this would allow for a different set of parameters to exist within each element the copy array. The reason for this is because some properties may need to be conditionally included or excluded depending on the values of others. For example, in the case of an API Management product, the documentation states the following with regard to the subscriptionsLimit property -
Can be present only if subscriptionRequired property is present and has a value of false.
However, when deploying the example template below the deployment hangs in Azure. Looking in to the related events, I can see that the action the deploy the resource keeps failing with an Internal Server Error (500), but there are no additional details.
If I refer to each parameter in the properties object using variables('productsJArray')[copyIndex()].whatever then the deployment succeeds. However, this is undesirable as it means that every properties object would have to contain identical parameters, which is not always permissible and may cause the deployment to fail.
Example template
Note that I've output variables('productsJArray')[copyIndex()] and it is a valid object. I've even copied the output in to the template and deployed it successfully.
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"apiManagementServiceName": {
"type": "string",
"metadata": {
"description": "The name of the API Management instance."
}
},
"productsJson": {
"type": "string",
"metadata": {
"description": "A JSON representation of the Products to add."
}
}
},
"variables": {
"productsJArray": "[json(parameters('productsJson'))]"
},
"resources": [
{
"condition": "[greater(length(variables('productsJArray')), 0)]",
"type": "Microsoft.ApiManagement/service/products",
"name": "[concat(parameters('apiManagementServiceName'), '/', variables('productsJArray')[copyIndex()].name)]",
"apiVersion": "2018-06-01-preview",
"properties": "[variables('productsJArray')[copyIndex()]]",
"copy": {
"name": "productscopy",
"count": "[if(greater(length(variables('productsJArray')), 0), length(variables('productsJArray')), 1)]"
}
}
]
}
Example parameters
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"apiManagementServiceName": {
"value": "my-api-management"
},
"productsJson": {
"value": "[{\"name\":\"my-product\",\"displayName\":\"My Product\",\"description\":\"My product is awesome.\",\"state\":\"published\",\"subscriptionRequired\":true,\"approvalRequired\":false}]"
}
}
}
Output of variable 'productsJArray[0]'
"outputs": {
"properties": {
"type": "Object",
"value": {
"approvalRequired": false,
"description": "My product is awesome.",
"displayName": "My Product",
"name": "my-product",
"state": "published",
"subscriptionRequired": true
}
}
}
The issue here was that I was passing including name parameter along with other parameters when setting resource properties. This is obviously wrong, but it would have been helpful if MS had handled the error in a more human friendly way (guess they can't think of everything).
I've updated my incoming productsJson parameter -
[{\"name\":\"cs-automation\",\"properties\":{\"displayName\":\"CS Automation Subscription\",\"state\":\"published\",\"description\":\"Allows access to the ConveyorBot v1 API.\",\"subscriptionRequired\":true,\"approvalRequired\":false}}]
And I'm now passing only the required 'properties' -
"resources": [
{
"type": "Microsoft.ApiManagement/service/products",
"name": "[concat(parameters('apiManagementServiceName'), '/', variables('productsJArray')[copyIndex()].name)]",
"apiVersion": "2018-06-01-preview",
"properties": "[variables('productsJArray')[copyIndex()].properties]"
}
]
I need to get the URL (or code used in URL) of a HTTP Trigger based function in a staging slot.
I'm able to get the trigger_url variable value of the functionapp in the production slot (web/sites/functions). But i'm not able to get the trigger_url value of the functionapp that is in the staging slot.
Example template gets the value of production instead of staging for app setting 'PostUrl'.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"functionAppName": {
"defaultValue": "functionAppName",
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.Web/sites/slots",
"name": "[concat(parameters('functionAppName'), '/staging')]",
"apiVersion": "2016-08-01",
"location": "West Europe",
"properties": {
"siteConfig": {
"appSettings" : [
{
"name": "PostUrl",
"value": "[listSecrets(resourceId('Microsoft.Web/sites/functions', parameters('functionAppName'), 'RequestName'),'2015-08-01').trigger_url]"
}
]
}
}
}
]
}
The url should is always pretty static by default, just "https://myfunction-myslotname.azurewebsites.net". However, you do need different keys for the slot.
Did you try passing the slot name into the "resourceId" template?
resourceId('Microsoft.Web/sites/functions', parameters('functionAppName'), 'RequestName')
try something like this (replace with your slot name)
[resourceId('Microsoft.Web/sites/slots', parameters('functionAppName'), 'slotname')]
[resourceId('Microsoft.Web/sites/slots', parameters('functionAppName'), 'RequestName', 'slotname')]
Your resourceId currently always looks like this, maybe this will also help:
/subscriptions/<subscriptionid>/resourceGroups/<functionname>/providers/Microsoft.Web/sites/<functionname>/slots/<slotname>
I have written a ARM template that dynamically builds out the app settings based on a JSON object parameter. This allows for adding any app setting without having to modify the template:
parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"app_settings": {
"value": {
"keyvalue_pairs": [
{
"name": "appsetting1",
"value": "value"
},
{
"name": "ApplicationInsights:InstrumentationKey",
"value": ""
}
]
}
}
}
}
chopped down working template.json file
"resources": [
{
"comments": "",
"type": "microsoft.insights/components",
"kind": "web",
"name": "[variables('app_service_name')]",
"apiVersion": "2014-04-01",
"location": "[resourceGroup().location]",
"tags": {
"[variables('hiddenlink_app_service')]": "Resource"
},
"scale": null,
"properties": {
"ApplicationId": "[variables('app_service_name')]"
}
},
{
"apiVersion": "2015-08-01",
"name": "[concat(variables('app_service_name'),'/stage-slot')]",
"type": "Microsoft.Web/sites/slots",
"tags": {
"displayName": "stage-slot"
},
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('app_service_name'))]"
],
"properties": {
"clientAffinityEnabled": false,
"siteConfig": {
"copy": [
{
"name": "appSettings",
"count": "[length(parameters('app_settings').keyvalue_pairs)]",
"input": {
"name": "[parameters('app_settings').keyvalue_pairs[copyIndex('appSettings')].name]",
"value": "[parameters('app_settings').keyvalue_pairs[copyIndex('appSettings')].value]"
}
}
]
}
}
}
I now try and conditionally reference the app insights instrumentation key on my app settings hoping to override the app insights instrumentationkey from the resource.
"siteConfig": {
"copy": [
{
"name": "appSettings",
"count": "[length(parameters('app_settings').keyvalue_pairs)]",
"input": {
"name": "[parameters('app_settings').keyvalue_pairs[copyIndex('appSettings')].name]",
"value": "[if(equals(parameters('app_settings').keyvalue_pairs[copyIndex('appSettings')].name,'ApplicationInsights:InstrumentationKey'),reference(variables('appInsightsResource')).InstrumentationKey,parameters('app_settings').keyvalue_pairs[copyIndex('appSettings')].value)]"
}
}
]
}
This started throwing errors saying the if statement needs a boolean first parameter, but I didnt see anything wrong with it so I tried the following snippet and it worked so it leads me to believe that the use of the "reference()" inside a conditional isnt valid:
"siteConfig": {
"copy": [
{
"name": "appSettings",
"count": "[length(parameters('app_settings').keyvalue_pairs)]",
"input": {
"name": "[parameters('app_settings').keyvalue_pairs[copyIndex('appSettings')].name]",
"value": "[if(equals(parameters('app_settings').keyvalue_pairs[copyIndex('appSettings')].name,'ApplicationInsights:InstrumentationKey'),'testvalue',parameters('app_settings').keyvalue_pairs[copyIndex('appSettings')].value)]"
}
}
]
}
Additionally if I remove the whole "if()" and explicitly put "reference(variables('appInsightsResource')).InstrumentationKey" into the value, it outputs the right value so I know that this reference() call works but seems to break down when added inside an "if()" conditional statement.
The question is, is there any way to get this to work? I am trying to dynamically set the Instrumentation key while keeping in tact the ability to pass in a JSON object for my app settings
I'm seeing extremely confusing results with copy properties construct in general. most of the times is blows up with absolutely cryptic errors.
You won’t be able to use the reference() function in the count property – the copy loop is expanded at compile time – reference is evaluated at run-time. also, today I cant reproduce my working example, but i had a working example of reference function working in a copy properties, without if() though. You might want to create a bare minimum example showing how this doesnt work (so only 1 resource ideally). If that doesnt work you might want to raise an issue on github and\or azure feedback
You might be able to work around this by using nested deployments. but generally using properties copy in a clever way is a bit of a pain, due to compile\runtime issues.