Card image cap

Deploying an ARM template with PowerShell in Azure DevOps

Deploying an ARM template with PowerShell in Azure DevOps

# Login with service principal
az login --service-principal --username $env:APPID --password $env:TENANTPASSWORD --tenant $env:TENANTID
A Service Principal is good idea if don't want to tie the deployment to a user's authentication while keeping control with the Subscription owner. It's easier to login with and get revoked by the Subscription owner after the work is done. for Quick Ref:
az ad sp create-for-rbac --name DevOpsSP az role assignment create --assignee --role Owner

$json = Get-Content '$(System.DefaultWorkingDirectory)/ci/drop/blob/blobParameters.json' | Out-String | ConvertFrom-Json

#Create using ARM template and parameters then override with new parameter values after second --parameters $deploymentResult = az group deployment create --resource-group $env:RESOURCEGROUPNAME --template-file $(System.DefaultWorkingDirectory)/ci/drop/blob/template.json --parameters $(System.DefaultWorkingDirectory)/ci/drop/blob/parameters.json --parameters location=$location storageAccountName=$storageAccountName accountType=$accountType kind=$kind supportsHttpsTrafficOnly=$supportsHttpsTrafficOnly

We used 2 --parameters options. The first one feeds in the parameters.json file whereas the second overwrites the parameters.json file. The logic behind it is that we can grab the ARM template and it's corresponding parameters file and deploy them without ADO or we can feed the parameters into ADO from an external source like an API call and both ways would result in the same deployment

#Write-Host $deploymentResult
$resultJsonToObject = $deploymentResult | convertfrom-json
$storageAccountKey = $
Write-Host "##vso[task.setvariable variable=StorageKey]$storageAccountKey"

az keyvault secret set --vault-name "emiratesds-keyvault" --name "ExamplePassword" --value $storageAccountKey
We grab the result of the ARM template deployment to parse it and get out the outputs field to store the result. Here we are setting the storageAccountKey into a pipeline variable and we are also setting it in Azure Key Vault.
This is my personal blog. I learn stuff and I write about them, for personal reference. All opinions expressed here are my own and do not represent the thoughts, intentions, plans, or strategies of my employer.