I am extending one of the Azure quick start template to deploy Azure Web App with VNET integration. The RG, network components and App Service plan are already created (using powershell). I am using the ARM template to deploy the Web App. But I am getting the below error while performing the deployment.
I used JSON Lint, to validate the JSON and looks like it is fine. The error code tells me that there is an issue with the parameter file's syntax, but I am not able to pinpoint it. I tried many things to debug this but not able to fix it.
Error:
PS C:\Users\manjug\Desktop> New-AzResourceGroupDeployment `
-Name 'test01' `
-ResourceGroupName ITQIG-eu-manjug-windows-app `
-TemplateParameterUri C:\Users\manjug\Desktop\azuredeploy_webapp.parameters.json `
-TemplateUri C:\Users\manjug\Desktop\azuredeploy_webapp.json `
-Verbose
VERBOSE: Performing the operation "Creating Deployment" on target "ITQIG-eu-manjug-windows-app".
New-AzResourceGroupDeployment : 2:22:59 PM - Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'The value for the template parameter 'appName' at line '7' and
column '20' is not provided. Please see https://aka.ms/resource-manager-parameter-files for usage details.'.
At line:1 char:1
+ New-AzResourceGroupDeployment `
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzResourceGroupDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet
New-AzResourceGroupDeployment : The deployment validation failed
At line:1 char:1
+ New-AzResourceGroupDeployment `
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzResourceGroupDeployment], InvalidOperationException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet
azuredeploy_webapp.parameter.json:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"appName": {
"value": "ITQIG-eu-web-manju123"
},
"kind": {
"value": "app"
},
"location": {
"value": "west europe"
},
"subnetResourceID": {
"value": "/subscriptions/7e7f55d3-4bfd-a6be-1c59594b8592/resourceGroups/ITQIG-eu-network-dev/providers/Microsoft.Network/virtualNetworks/ITQIG-eu-vnet-dev/subnets/subnet7-AWmanjug"
},
"appServicePlanResourceID": {
"value": "/subscriptions/7e7f55d3-4bfd-a6be-1c59594b8592/resourceGroups/ITQIG-eu-manjug-windows-app/providers/microsoft.web/serverFarms/eu-manjug-windows-plan"
}
}
}
azuredeploy_webapp.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"appName": {
"type": "string",
"metadata": {
"description": "The name of the app to create."
}
},
"kind": {
"type": "string",
"metadata": {
"description": "Web app kind. OS type -> Windows / Linux."
}
},
"appServicePlanResourceID": {
"metadata": {
"description": "The resource ID of the app service plan."
},
"type": "string"
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "The location in which all resources should be deployed."
}
},
"subnetResourceID": {
"type": "string",
"metadata": {
"description": "The subnet resource ID created for app service plan which contains this web app."
}
}
},
"resources": [
{
"type": "Microsoft.Web/sites",
"apiVersion": "2019-08-01",
"name": "[parameters('appName')]",
"location": "[parameters('location')]",
"kind": "[parameters('kind')]",
"properties": {
"serverFarmId": "[parameters('appServicePlanResourceID')]"
},
"resources": [
{
"name": "virtualNetwork",
"type": "networkConfig",
"apiVersion": "2019-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('appName'))]"
],
"properties": {
"subnetResourceId": "[parameters('subnetResourceId')]",
"swiftSupported": true
}
}
]
}
]
}
I deleted the old file and re-created a new JSON file with the same contents. It is working now. I do not know what caused the issue with the old file though..
It looks like the issue is a result of the powershell cmdlet parameters you were using and not your templates/parameters. Try the following:
Use TemplateParameterFile instead of TemplateParameterUri
Use TemplateFile instead of TemplateUri
Use the file parameters for non uri based arm deployments and this should fix your issue. https://learn.microsoft.com/en-us/powershell/module/az.resources/new-azresourcegroupdeployment?view=azps-4.5.0
Your problem I think is because you are providing dependencies on an existing resource. Remove the "serverFarmId": "[parameters('appServicePlanResourceID')]".
Also another to fix is the hardcoding values of the resourceId you have in parameters file.
Related
I have a Logic App that uses the Azure Data Factory action "Create a pipeline run" that works perfectly.
This is how the Logic App looks like
The authentication method to Azure Data Factory that I use is "System assigned" managed identity.
After creating and testing the Logic App, I now want to create an ARM template to save it in the code repository for deployment, however I'm struggling to get the authentication part of the ARM template to work. I'm not sure how the syntax should be and I don't find anything in the Microsoft documentation.
In the Logic App resource I have added:
"identity": {
"type": "SystemAssigned"
}
This is how the connections part of the Logic app resource looks like:
"$connections": {
"value": {
"azuredatafactory": {
"connectionId": "[parameters('connections_azuredatafactory_externalid')]",
"connectionName": "[parameters('connections_azuredatafactory_name')]",
"connectionProperties": {
"authentication": {
"type": "ManagedServiceIdentity"
}
},
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/francecentral/managedApis/azuredatafactory')]"
}
}
}
And this is how the connector resource look like (I think I'm missing something here (?)):
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('connections_azuredatafactory_name')]",
"location": "francecentral",
"kind": "V1",
"properties": {
"displayName": "[parameters('connections_azuredatafactory_displayname')]",
"alternativeParameterValues": {},
"parameterValueSet": {
"name": "managedIdentityAuth",
"values": {}
},
"statuses": [
{
"status": "Ready"
}
],
"api": {
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/francecentral/managedApis/azuredatafactory')]"
}
}
}
The error message I get when trying to deploy this through Visual studio 2022 is:
Template deployment returned the following errors:
Resource Microsoft.Logic/workflows 'logic-d365-dwh-01-ip-dev-rxlse' failed with message '{
"error": {
"code": "WorkflowManagedIdentityConfigurationInvalid",
"message": "The workflow connection parameter 'azuredatafactory' is not valid. The API connection 'azuredatafactory' is not configured to support managed identity."
}
}'
Anyone who knows what the problem could be?
1)I have created azure logic App with 3 actions (http request, create ADF pipeline, response).
Here is the reference image:
2)Then to connect to ADF used system assigned managed identity & I have given access for logic App to create pipeline in ADF.
Here is the reference image:
Then I have tested in portal & it is succussed
Then I have exported ARM Template & downloaded.
Then in visual studio I have created new project of type Azure resource group then I have edited logicapp.json & logic app parameters file based on template.
Then I have deployed it and it is succussed.
ARM template code which I have used for reference:
{
"$schema": "[https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#"](https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#%22 "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#%22"),
"contentVersion": "1.0.0.0",
"parameters": {
"workflows_so1LP_name": {
"defaultValue": "so1LP",
"type": "String"
},
"connections_azuredatafactory_1_externalid": {
"defaultValue": "/subscriptions/<subscription-id>/resourceGroups/so1/providers/Microsoft.Web/connections/azuredatafactory-1",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2017-07-01",
"name": "[parameters('workflows_so1LP_name')]",
"location": "centralus",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"state": "Enabled",
"definition": {
"$schema": "[https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#"](https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#%22 "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#%22"),
"contentVersion": "1.0.0.0",
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"manual": {
"type": "Request",
"kind": "Http",
"inputs": {}
}
},
"actions": {
"Create_a_pipeline_run": {
"runAfter": {},
"type": "ApiConnection",
"inputs": {
"host": {
"connection": {
"name": "#parameters('$connections')['azuredatafactory_1']['connectionId']"
}
},
"method": "post",
"path": "/subscriptions/#{encodeURIComponent('<subscription id>')}/resourcegroups/#{encodeURIComponent('so1')}/providers/Microsoft.DataFactory/factories/#{encodeURIComponent('sodf1')}/pipelines/#{encodeURIComponent('sopipeline')}/CreateRun",
"queries": {
"x-ms-api-version": "2017-09-01-preview"
}
}
},
"Response": {
"runAfter": {
"Create_a_pipeline_run": [
"Succeeded"
]
},
"type": "Response",
"kind": "Http",
"inputs": {
"statusCode": 200
}
}
},
"outputs": {}
},
"parameters": {
"$connections": {
"value": {
"azuredatafactory_1": {
"connectionId": "[parameters('connections_azuredatafactory_1_externalid')]",
"connectionName": "azuredatafactory-1",
"connectionProperties": {
"authentication": {
"type": "ManagedServiceIdentity"
}
},
"id": "/subscriptions/<subscription-id>/<Subscriotion id>providers/Microsoft.Web/locations/centralus/managedApis/azuredatafactory"
}
}
}
}
}
}
],
"outputs": {}
}
Here is the reference image:
NOTE: I am using free subscription, so I don't have any restrictions but, in your case, maybe you have some restrictions that's why maybe your facing issue.
The second reasons may be your using system assigned access after creating logic app to give access to ADF & once check are you giving managed identity after creating ADF give access to logic app also. so maybe you are skipping one of managed identity that's why getting error in ARM template deployment. So, give access to both from ADF to logic app and logic app to ADF.
Here are some images for reference for logic app to ADF:
Go to "access control" of logic app.
Select owner as role.
Select managed identity as data factory.
Here are some images for reference for ADF to logic app:
Go to "access control" of data factory.
Select owner as role.
Select managed identity as logic app.
Did you try using "parameterValueType": "Alternative" instead of "parameterValueSet"?
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('connections_azuredatafactory_name')]",
"location": "francecentral",
"kind": "V1",
"properties": {
"displayName": "[parameters('connections_azuredatafactory_displayname')]",
"customParameterValues": {},
"parameterValueType": "Alternative"
"api": {
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/francecentral/managedApis/azuredatafactory')]"
}
}
}
I created a Azure Template for an alert, because i want to upload the script (.json) with the new microservice the same time. But if I deploy this .json file it creates a new storage, not an alert. I used the Powershell commands New-AzureRmResourceGroupDeployment -Name ExampleDeployment -ResourceGroupName ExampleResourceGroup -TemplateFile c:\MyTemplates\storage.json -storageAccountType Standard_GRS. In my template i need to define the parameter kind, which is only acceptable with a value of Storage or Blobstorage, but i want non of these two. So how can i create an alert by using a script .json file and does anybody have a template, because MS isn't providing the correct one.
EDIT: Here is the .json file:
{
"$schema":
"http://schema.management.azure.com/schemas/2015-01-
01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "[concat('storage', uniqueString(resourceGroup().id))]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2016-01-01",
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"id":
"/subscriptions/subscriptionID/resourceGroups/resourceGroupName/providers/Microsoft.Storage/storageAccounts/storageName",
"location": "westeurope",
"properties": {
"name": "tryAgain",
"description": null,
"isEnabled": true,
"condition": {
"$type":
"Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.ThresholdRuleCondition, Microsoft.WindowsAzure.Management.Mon.Client",
"odata.type":
"Microsoft.Azure.Management.Insights.Models.ThresholdRuleCondition",
"dataSource": {
"$type":
"Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.RuleMetricDataSource, Microsoft.WindowsAzure.Management.Mon.Client",
"odata.type":
"Microsoft.Azure.Management.Insights.Models.RuleMetricDataSource",
"resourceUri":
"/subscriptions/subscriptionID/resourcegroups/resourceGroupName/providers/microsoft.web/sites/name",
"resourceLocation": null,
"metricNamespace": null,
"metricName": "AverageMemoryWorkingSet",
"legacyResourceId": null
},
"operator": "GreaterThanOrEqual",
"threshold": 120000000,
"windowSize": "PT10M",
"timeAggregation": "Average"
},
"actions": [
{
"$type":
"Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.RuleWebhookAction, Microsoft.WindowsAzure.Management.Mon.Client",
"odata.type":
"Microsoft.Azure.Management.Insights.Models.RuleWebhookAction",
"serviceUri":
"Logic-app URL",
"properties": {
"$type":
"Microsoft.WindowsAzure.Management.Common.Storage.CasePreservedDictionary`1[[System.String, mscorlib]], Microsoft.WindowsAzure.Management.Common.Storage",
"logicAppResourceId":
"/subscriptions/subscriptionID/resourceGroups/Default-Storage-WestEurope/providers/Microsoft.Logic/workflows/Microsoft-Teams-Notifier"
}
}
]
}
}
]
}
Please refer to the following reference for creating a metric alert via Azure Resource Manager template. If you want to create a single ARM template which creates a storage account and then a metric alert to monitor the created storage account, you should make sure you have a dependsOn so that the alert rule is only created after the storage account. The following document references the newer metric alerts, as opposed to the classic metric alerts.
https://learn.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-create-metric-alerts-with-templates
I am trying to deploy a documentDb from the Azure-Cli (version 0.10.2) and so I exported the template directly from azure portal.
This resulted in an error of:
InvalidRequestContent : The request content was invalid and could not be deserialized: 'Could not find member 'defaultValue' on object of type 'DeploymentParameterDefinition'. Path 'properties.parameters.arm_document_db.defaultValue'
Changing those to "value" results in:
InvalidDeploymentParameterType : The type of deployment parameter 'arm_document_db' should not be specified. Please see https://aka.ms/arm-deploy/#parameter-file for details.
checking this page indicates that type is required, but is all in lowercase. This gave the same error.
removing "type" then gives me this error:
InvalidRequestContent : The request content was invalid and could not be deserialized: 'Required property 'type' not found in JSON. Path 'properties.template.parameters.arm_document_db'
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"arm_document_db": {
"defaultValue": null,
"type": "SecureString"
},
"arm_document_db01": {
"defaultValue": "arm-document-db01",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"kind": "DocumentDB",
"name": "[parameters('arm_document_db01')]",
"apiVersion": "2015-04-08",
"location": "Japan West",
"tags": {},
"properties": {
"databaseAccountOfferType": "Standard",
"name": "[parameters('arm_document_db')]"
},
"dependsOn": []
}
]
}
The aka.ms link shows that 'type' is required, however the error says that it isn't. Many thanks in advance!
The error is not for azuredeploy.json. It's for azuredeploy.parameters.json.
Remove the "type" field from your parameters file.
I'm trying to conditionally provide resource property values through translation of runtime resource properties within a copyIndex loop..
Upon deploying the following ARM template, I receive the error:
Unable to process template language expressions for resource '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vm-name}/extensions/Microsoft.EnterpriseCloud.Monitoring' at line '30' and column '10'. 'The template resource '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vm-name}' is not found.' (Code: InvalidTemplate)
"type": "[variables('extensionType')[reference(concat('Microsoft.Compute/virtualMachines/', parameters('virtualMachines')[copyIndex()].name)).storageProfile.osDisk.osType]]",
However, the VM exists with the ID it provides, so it doesn't make sense that the engine cannot find it. If I hard-code the Extension Type, there are no errors and the Extension is installed on the VM with the same ID.
Unfortunately, I don't know if this is a bug within ARM or if I'm just doing something wrong..
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceResourceId": { "type": "string" },
"virtualMachines": { "type": "array" }
},
"variables": {
"extensionType": {
"Windows": "MicrosoftMonitoringAgent",
"Linux": "OmsAgentForLinux"
}
},
"resources": [
{
"copy": {
"name": "VMMonitoringExtensionsCopy",
"count": "[length(parameters('virtualMachines'))]"
},
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2015-05-01-preview",
"location": "[parameters('virtualMachines')[copyIndex()].location]",
"name": "[concat(parameters('virtualMachines')[copyIndex()].name, '/Microsoft.EnterpriseCloud.Monitoring')]",
"properties": {
"publisher": "Microsoft.EnterpriseCloud.Monitoring",
"type": "[variables('extensionType')[reference(concat('Microsoft.Compute/virtualMachines/', parameters('virtualMachines')[copyIndex()].name)).storageProfile.osDisk.osType]]",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": true,
"settings": {
"workspaceId": "[reference(parameters('workspaceResourceId'), '2015-11-01-preview').customerId]"
},
"protectedSettings": {
"workspaceKey": "[listKeys(parameters('workspaceResourceId'), '2015-11-01-preview').primarySharedKey]"
}
}
}
]
}
The object array being passed in for virtualMachines looks like this:
[
{ "name": "vm-name", "location": "azure-region" }
]
A couple things you can try:
1) Assuming the VM is not defined in the same template try using the "full" resourceId in the reference function. See the last example in this doc:
https://azure.microsoft.com/en-us/documentation/articles/resource-group-template-functions/#reference - it seems like the error already knows the full resourceId, but it's worth trying
2) the other thought is that the reference function is evaluated at runtime and the resource provider doesn't like the expression but that's a swag.
I will do some more poking and see if we can't nail this down.
As part of a template I want to retrieve the SharedKeys of an OMS / Operational Insights Workspace, rather than having to pass it in as a parameter.
Is this possible? I'm following the documentation here
It does not appear that the Microsoft.OperationalInsights/workspaces/ resource provider has any list* provider operations, and I can't find any reference for other:
Get-AzureRmProviderOperation -OperationSearchString * | where {$_.Operation -like "*operational*sharedkeys*"} | FT Operation
Microsoft.OperationalInsights/workspaces/sharedKeys/action
My desired usage:
"variables": { workspaceKey: "[listKeys(parameters('workspaceResourceId'), '2015-05-01-preview').primarySharedKey]" }
In the meantime, assuming this isn't actually supported, I added a request for it on the Log Analytics UserVoice site
Per Ryan Jones, [listKeys()] against the OMS Workspace will work as expected and return a JSON object with primarySharedKey & secondarySharedKey properties:
"outputs": {
"listKeys": {
"value": "[listKeys(parameters('workspaceResourceId'), '2015-11-01-preview')]",
"type": "object"
}
}
yields:
{
"primarySharedKey":"",
"secondarySharedKey":""
}
Important Caveat:
listKeys() can not be specified in the variables section of an ARM template, since it derives its value from a runtime state.
See this blog post for how to use a Linked Template, specified as a resource, in order to retrieve the output value and assign it to a property in another resource.
Alternatively, you can use it directly. Here is my final template:
(don't actually keep the keys in the output!)
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceResourceId": { "type": "string" },
"virtualMachines": { "type": "array" }
},
"variables": {
"extensionType": {
"Windows": "MicrosoftMonitoringAgent",
"Linux": "OmsAgentForLinux"
}
},
"resources": [
{
"copy": {
"name": "VMMonitoringExtensionsCopy",
"count": "[length(parameters('virtualMachines'))]"
},
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2015-05-01-preview",
"location": "[parameters('virtualMachines')[copyIndex()].location]",
"name": "[concat(parameters('virtualMachines')[copyIndex()].name, '/Microsoft.EnterpriseCloud.Monitoring')]",
"properties": {
"publisher": "Microsoft.EnterpriseCloud.Monitoring",
"type": "[variables('extensionType')[parameters('virtualMachines')[copyIndex()].osType]]",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": true,
"settings": {
"workspaceId": "[reference(parameters('workspaceResourceId'), '2015-11-01-preview').customerId]"
},
"protectedSettings": {
"workspaceKey": "[listKeys(parameters('workspaceResourceId'), '2015-11-01-preview').primarySharedKey]"
}
}
}
],
"outputs": {
"workspaceCustomerId": {
"value": "[reference(parameters('workspaceResourceId'), '2015-11-01-preview').customerId]",
"type": "string"
},
"workspacePrimarySharedKey": {
"value": "[listKeys(parameters('workspaceResourceId'), '2015-11-01-preview').primarySharedKey]",
"type": "securestring"
},
"workspaceSecondarySharedKey": {
"value": "[listKeys(parameters('workspaceResourceId'), '2015-11-01-preview').secondarySharedKey]",
"type": "securestring"
}
}
}
The array parameter virtualMachines follows this schema:
[
{ "name": "", "location": "", "osType": "" }
]
listKeys requires that you put the resource type in. So have you tried this?
"variables": { workspaceKey: "[listKeys(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceResourceId'), '2015-05-01-preview').primarySharedKey]" }
Unfortunately, atm there is nothing at all in the Azure quickstart repo on that resource so I'm not 100% sure...
But passing it in as a parameter would be fine. You could do this... In your deployment script, before you run New-AzureRmResourceGroupDeployment, create/use existing workspace, get key, pass in as param, create primarySharedKey as a param in the template:
$workSpace = Get-AzureRmOperationalInsightsWorkspace -ResourceGroupName $RGName -Name $workSpaceName -ErrorAction SilentlyContinue
if($workSpace -eq $null){
New-AzureRmOperationalInsightsWorkspace -ResourceGroupName $RGName -Name $workSpaceName -Location $Location
}
$keys = Get-AzureRmOperationalInsightsWorkspaceSharedKeys -ResourceGroupName $RGName -Name $workSpaceName
New-AzureRmResourceGroupDeployment <other stuff here> -primarySharedKey $keys.PrimarySharedKey