Error when JASON parses sasTolken #5176
-
|
I have the following PS script to deploy mysolution cd C:\repo\Templates The value of $sasToken is The error I'm receiving is: So How do pass in the token without having the & breaking the token into separate values? |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 4 replies
-
|
Here are some sample deploy script that performs all of the deployment tasks such as generate the SAS token and also upload the artifacts. https://github.com/brwilkinson/AzureDeploymentFramework/blob/main/ADF/release-az/Deploy.ps1 The sample is slightly different to yours, however the main component is passing in a securestring $queryString = (New-AzStorageContainerSASToken @SASParams).Substring(1)
$OptionalParameters = @{ }
$OptionalParameters.Add('_artifactsLocation', $TemplateURIBase)
$OptionalParameters.Add('_artifactsLocationSasToken', ("?${queryString}" | ConvertTo-SecureString -AsPlainText -Force) )So from your example it would be: cd C:\repo\Templates
#get Storage blob SAS token
$context = (get-azstorageaccount -ResourceGroupName 'Dev_group' -AccountName 'mimartifacts').Context
$sasToken = New-AZstorageAccountSASToken -Context $context -Service Blob -ResourceType Container,Service,Object -Permission rl
$sasTokenbits = $sasToken | ConvertTo-SecureString -AsPlainText -Force
#az group create --name MIM-rg --location eastus
#deploy Bastion and Domain Controller
az deployment group create --resource-group MIM-rg --name MIM-Deployment --template-file Bastion.bicep --parameters Bastion.Parameters.json --parameters adminPassword="1qazXSW@3edcVFR$" sasTokenbits=$sasTokenbitsYou may prefer to update the variable names, however I left |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
|
There is 1 more part to the change, that I mentioned.
"_artifactsLocation": {
"type": "string",
"defaultValue": "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/application-workloads/sas/sas9.4-viya/",
"metadata": {
"description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated."
}
},
"_artifactsLocationSasToken": {
"type": "securestring",
"defaultValue": "",
"metadata": {
"description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured."
}
} |
Beta Was this translation helpful? Give feedback.
-
|
cd C:\repo\Templates\
#get Storage blob SAS token
$context = (get-azstorageaccount -ResourceGroupName 'Dev_group' -AccountName 'mimartifacts').Context
$sasPlainToken = New-AZstorageAccountSASToken -Context $context -Service Blob -ResourceType Container,Service,Object -Permission rl
az group ceate --name MIM-rg --location eastus
$sasToken = $sasPlainToken | ConvertTo-SecureString -AsPlainText -Force
#deploy Bastion and Domain Controller
az deployment group create --resource-group MIM-rg --name MIM-Deployment --template-file Bastion.bicep --parameters Bastion.Parameters.json --parameters ***@***.***$" --% --parameters sasToken=$sasToken
sasToken is declared in both the Bastion.bicep and Domain-Controller.bicep files as
@secure
param sasToken string =''
which I believe makes them secured strings. So something else is wrong.
Customer Engineer
Microsoft Corporation
Office: +1 (703) 466-2887
Mobile: +1 (703) 217-2492
***@***.******@***.***>
[MSFT_logo]
From: Ben Wilkinson ***@***.***>
Sent: Tuesday, November 16, 2021 1:58 PM
To: Azure/bicep ***@***.***>
Cc: Joe Bothwell (PFE) ***@***.***>; Author ***@***.***>
Subject: Re: [Azure/bicep] Error when JASON parses sasTolken (Discussion #5176)
There is 1 more part to the change, that I mentioned.
* Ensuring the _artifactsLocationSasToken is a securestring instead of a string
"_artifactsLocation": {
"type": "string",
"defaultValue": "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/application-workloads/sas/sas9.4-viya/",
"metadata": {
"description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated."
}
},
"_artifactsLocationSasToken": {
"type": "securestring",
"defaultValue": "",
"metadata": {
"description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured."
}
}
-
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2Fbicep%2Fdiscussions%2F5176%23discussioncomment-1653535&data=04%7C01%7CJoe.Bothwell%40microsoft.com%7Ce6eb0a2106d949d122b508d9a93306be%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637726858933335105%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=a7t8LfqVLPDJf9qoyBTsvNTlPwN%2FfvWnXmrjO2zMsKg%3D&reserved=0>, or unsubscribe<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAJ2MBFBDCYK7ERN6VJEVGVLUMKST5ANCNFSM5IEWNLCQ&data=04%7C01%7CJoe.Bothwell%40microsoft.com%7Ce6eb0a2106d949d122b508d9a93306be%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637726858933335105%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=wkyg3nqaQJDRn2D4ussjnAEKWb3uNoZnKiO5V81cOPk%3D&reserved=0>.
Triage notifications on the go with GitHub Mobile for iOS<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fapple-store%2Fid1477376905%3Fct%3Dnotification-email%26mt%3D8%26pt%3D524675&data=04%7C01%7CJoe.Bothwell%40microsoft.com%7Ce6eb0a2106d949d122b508d9a93306be%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637726858933345062%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=LPmTs1qUD%2FlmxdielRrYxNiq3k6RtTEeXYHhAV7knXI%3D&reserved=0> or Android<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.github.android%26referrer%3Dutm_campaign%253Dnotification-email%2526utm_medium%253Demail%2526utm_source%253Dgithub&data=04%7C01%7CJoe.Bothwell%40microsoft.com%7Ce6eb0a2106d949d122b508d9a93306be%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637726858933345062%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=INnEMtv5ixY3OHPaPgNigGvZKgq1Mc3r%2FX6xfIb4Ow0%3D&reserved=0>.
|
Beta Was this translation helpful? Give feedback.
-
|
It's likely the However, I would recommend to update all of the code in This is the new schema The old format is documented here: it's simple to update it As you transition to the new schema you will have slightly different settings for the modulesurl... it will now look like below You no longer have to combine the path for the module with the sastoken, they are different settings and the extension takes care of the rest for you.
Also you don't need that uri( ) method at all.
|
Beta Was this translation helpful? Give feedback.
-
|
FYI protected settings are handled differently, so here is a samele. there no no more: https://github.com/brwilkinson/AzureDeploymentFramework/blob/main/ADF/bicep/VMSS-VM.bicep#L415 |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
Great, thanks for letting us know ✅ |
Beta Was this translation helpful? Give feedback.
Here are some sample deploy script that performs all of the deployment tasks such as generate the SAS token and also upload the artifacts.
https://github.com/brwilkinson/AzureDeploymentFramework/blob/main/ADF/release-az/Deploy.ps1
https://github.com/Azure/azure-quickstart-templates/blob/master/Deploy-AzTemplate.psm1#L201
The sample is slightly different to yours, however the main component is passing in a securestring