Reputation: 2793
ARM listKeys() Function - How to retrieve OMS/OpsInsight Workspace keys?
As part of a template I want to retrieve the SharedKeys of an OMS / Operational Insights Workspace, rather than having to pass it in as a parameter.
Is this possible? I'm following the documentation here
It does not appear that the Microsoft.OperationalInsights/workspaces/ resource provider has any list* provider operations, and I can't find any reference for other:
Get-AzureRmProviderOperation -OperationSearchString * | where {$_.Operation -like "*operational*sharedkeys*"} | FT Operation
Microsoft.OperationalInsights/workspaces/sharedKeys/action
My desired usage:
"variables": { workspaceKey: "[listKeys(parameters('workspaceResourceId'), '2015-05-01-preview').primarySharedKey]" }
In the meantime, assuming this isn't actually supported, I added a request for it on the Log Analytics UserVoice site
Upvotes: 6
Views: 3564
Answers (2)
Reputation: 2793
Per Ryan Jones, [listKeys()] against the OMS Workspace will work as expected and return a JSON object with primarySharedKey & secondarySharedKey properties:
"outputs": {
"listKeys": {
"value": "[listKeys(parameters('workspaceResourceId'), '2015-11-01-preview')]",
"type": "object"
}
}
yields:
{
"primarySharedKey":"",
"secondarySharedKey":""
}
Important Caveat:
listKeys() can not be specified in the
variablessection of an ARM template, since it derives its value from a runtime state.See this blog post for how to use a Linked Template, specified as a resource, in order to retrieve the output value and assign it to a property in another resource.
Alternatively, you can use it directly. Here is my final template:
(don't actually keep the keys in the output!)
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceResourceId": { "type": "string" },
"virtualMachines": { "type": "array" }
},
"variables": {
"extensionType": {
"Windows": "MicrosoftMonitoringAgent",
"Linux": "OmsAgentForLinux"
}
},
"resources": [
{
"copy": {
"name": "VMMonitoringExtensionsCopy",
"count": "[length(parameters('virtualMachines'))]"
},
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2015-05-01-preview",
"location": "[parameters('virtualMachines')[copyIndex()].location]",
"name": "[concat(parameters('virtualMachines')[copyIndex()].name, '/Microsoft.EnterpriseCloud.Monitoring')]",
"properties": {
"publisher": "Microsoft.EnterpriseCloud.Monitoring",
"type": "[variables('extensionType')[parameters('virtualMachines')[copyIndex()].osType]]",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": true,
"settings": {
"workspaceId": "[reference(parameters('workspaceResourceId'), '2015-11-01-preview').customerId]"
},
"protectedSettings": {
"workspaceKey": "[listKeys(parameters('workspaceResourceId'), '2015-11-01-preview').primarySharedKey]"
}
}
}
],
"outputs": {
"workspaceCustomerId": {
"value": "[reference(parameters('workspaceResourceId'), '2015-11-01-preview').customerId]",
"type": "string"
},
"workspacePrimarySharedKey": {
"value": "[listKeys(parameters('workspaceResourceId'), '2015-11-01-preview').primarySharedKey]",
"type": "securestring"
},
"workspaceSecondarySharedKey": {
"value": "[listKeys(parameters('workspaceResourceId'), '2015-11-01-preview').secondarySharedKey]",
"type": "securestring"
}
}
}
The array parameter virtualMachines follows this schema:
[
{ "name": "", "location": "", "osType": "" }
]
Upvotes: 6
Reputation: 1269
listKeys requires that you put the resource type in. So have you tried this?
"variables": { workspaceKey: "[listKeys(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceResourceId'), '2015-05-01-preview').primarySharedKey]" }
Unfortunately, atm there is nothing at all in the Azure quickstart repo on that resource so I'm not 100% sure...
But passing it in as a parameter would be fine. You could do this... In your deployment script, before you run New-AzureRmResourceGroupDeployment, create/use existing workspace, get key, pass in as param, create primarySharedKey as a param in the template:
$workSpace = Get-AzureRmOperationalInsightsWorkspace -ResourceGroupName $RGName -Name $workSpaceName -ErrorAction SilentlyContinue
if($workSpace -eq $null){
New-AzureRmOperationalInsightsWorkspace -ResourceGroupName $RGName -Name $workSpaceName -Location $Location
}
$keys = Get-AzureRmOperationalInsightsWorkspaceSharedKeys -ResourceGroupName $RGName -Name $workSpaceName
New-AzureRmResourceGroupDeployment <other stuff here> -primarySharedKey $keys.PrimarySharedKey
Upvotes: -1
Related Questions
- How to configure Daily Cap on Application Insights in ARM or bicep?
- How can I retrieve the instrumentation key for an Application Insights instance in an Azure Resource Group Template?
- Bicep log analytics re-deployment
- ARM Template - Get specific host key of a function
- NoRegisteredProviderFound while deploying the azure sql server
- ResourceID function not generating correct resource ID?
- How to integrate AppService with Subnet through ARM template
- Azure Monitor... or is it Log Analytics? Or Application Insights? Or Operational Insights? Or
- Is there an ARM template solution for binding a Logic App to an OMS workspace?