Joshua Martin
Reputation: 3
ARM template deploying an azureKeyVault and retrieving an objectId using an inline Powershell script. Not happening for me
I'm thinking this is the best place to post this as you guys are the cream of the crop. I'm very new to azure Devops and I am playing around ARM templates and have created a relatively simple azurekeyvault. In my code I am trying to create an inline PowerShell script that will grab someone deploying the ARM templates ObjectId and storing it into the parameter, as opposed to entering it in manually or having to deploy it from the azure portal. I just cannot seem to get it to work, and it is quite frustrating. I was wondering if someone could take a quick look and maybe explain what I am doing wrong. Very Kind regards.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaults_azurekeyvault_vault_name": {
"type": "String"
},
"tenantId": {
"type": "String"
},
"objectId": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2022-07-01",
"name": "[parameters('vaults_azurekeyvault_vault_name')]",
"location": "[resourceGroup().location]",
"properties": {
"sku": {
"family": "A",
"name": "Standard"
},
"tenantId": "[parameters('tenantId')]",
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Deny",
"ipRules": [],
"virtualNetworkRules": []
},
"accessPolicies": [
{
"tenantId": "[parameters('tenantId')]",
"objectId": "[parameters('objectId')]",
//"objectId": "[if(equals(parameters('objectId'), ''), reference('getUserObjectId').outputs.result.value, parameters('objectId'))]",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create"
],
"secrets": [
"Get",
"List",
"Set"
],
"certificates": [
"Get",
"List",
"Update",
"Create"
]
}
}
],
"enabledForDeployment": true,
"enabledForDiskEncryption": true,
"enabledForTemplateDeployment": true,
"enableSoftDelete": false,
//"softDeleteRetentionInDays": 7,
"enableRbacAuthorization": false,
"vaultUri": "[concat('https://', parameters('vaults_azurekeyvault_vault_name'), '.vault.azure.net/')]",
"provisioningState": "Succeeded",
"publicNetworkAccess": "Enabled"
}
},
{
"type": "Microsoft.Resources/deploymentScripts",
"apiVersion": "2020-10-01",
"name": "getUserObjectId",
"location": "[resourceGroup().location]",
"kind": "AzurePowerShell",
"properties": {
"azPowerShellVersion": "3.0",
"arguments": "",
"scriptContent": "Get-AzContext | Select-Object -ExpandProperty Account | Select-Object -ExpandProperty Id",
"cleanupPreference": "OnSuccess",
"timeout": "PT1H",
"retentionInterval": "P1D"
}
},
{
"type": "Microsoft.KeyVault/vaults/keys",
"apiVersion": "2022-07-01",
"name": "[concat(parameters('vaults_azurekeyvault_vault_name'), '/azurekeyvault-certificate')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_azurekeyvault_vault_name'))]"
],
"properties": {
"attributes": {
"enabled": true,
"nbf": 1676439340,
"exp": 1707975940
}
}
},
{
"type": "Microsoft.KeyVault/vaults/keys",
"apiVersion": "2022-07-01",
"name": "[concat(parameters('vaults_azurekeyvault_vault_name'), '/azurevault')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_azurekeyvault_vault_name'))]"
],
"properties": {
"attributes": {
"enabled": true,
"exportable": false
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"apiVersion": "2022-07-01",
"name": "[concat(parameters('vaults_azurekeyvault_vault_name'), '/azurekeyvault-certificate')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_azurekeyvault_vault_name'))]"
],
"properties": {
"contentType": "application/x-pkcs12"
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"apiVersion": "2022-07-01",
"name": "[concat(parameters('vaults_azurekeyvault_vault_name'), '/azurekeyvault-secret')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_azurekeyvault_vault_name'))]"
],
"properties": {
"contentType": "text/plain"
}
}
],
"outputs": {
"objectId": {
"type": "string",
"value": "[reference('getUserObjectId').outputs.result.value]"
}
}
}
Upvotes: 0
Views: 323
Answers (1)
4c74356b41
Reputation: 72191
ah okay, forgot one obvious thing you are doing wrong:
$output = (Get-AzContext).Account.Id
Write-Output $output
$DeploymentScriptOutputs = @{}
$DeploymentScriptOutputs['accountId'] = $output
also, check you've grant all the needed permissions to run deploymentScripts
Upvotes: 0
Related Questions
- Can't find XDocument and XElement
- How to test methods with XDocument.Load()
- C# XDocument.Load could not find file?
- Unit test : assembly missing but don't see which one
- Unexpected exception from XDocument constructor
- Trouble referencing a file in a visual studio project on a unit test
- XDocument declaration fails
- object reference not set to an instance of an object xdocument
- Object reference not set to an instance of an object with XDocument
- NullRefernceException when adding XElement to a XDocument