Skip to content

Commit 768709e

Browse files
authored
Merge pull request #104857 from mumian/0203-ds-cli
0203 ds cli
2 parents ecd0ec9 + f790302 commit 768709e

File tree

2 files changed

+59
-22
lines changed

2 files changed

+59
-22
lines changed

articles/azure-resource-manager/templates/deployment-script-template.md

Lines changed: 57 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ services: azure-resource-manager
55
author: mumian
66
ms.service: azure-resource-manager
77
ms.topic: conceptual
8-
ms.date: 01/24/2020
8+
ms.date: 02/20/2020
99
ms.author: jgao
1010

1111
---
@@ -24,7 +24,7 @@ Learn how to use deployment scripts in Azure Resource templates. With a new reso
2424
The benefits of deployment script:
2525

2626
- Easy to code, use, and debug. You can develop deployment scripts in your favorite development environments. The scripts can be embedded in templates or in external script files.
27-
- You can specify the script language and platform. Currently, only Azure PowerShell deployment scripts on the Linux environment are supported.
27+
- You can specify the script language and platform. Currently, Azure PowerShell and Azure CLI deployment scripts on the Linux environment are supported.
2828
- Allow specifying the identities that are used to execute the scripts. Currently, only [Azure user-assigned managed identity](../../active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal.md) is supported.
2929
- Allow passing command-line arguments to the script.
3030
- Can specify script outputs and pass them back to the deployment.
@@ -43,16 +43,29 @@ The benefits of deployment script:
4343
/subscriptions/<SubscriptionID>/resourcegroups/<ResourceGroupName>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<IdentityID>
4444
```
4545

46-
Use the following PowerShell script to get the ID by providing the resource group name and the identity name.
46+
Use the following CLI or PowerShell script to get the ID by providing the resource group name and the identity name.
47+
48+
# [CLI](#tab/CLI)
49+
50+
```azurecli-interactive
51+
echo "Enter the Resource Group name:" &&
52+
read resourceGroupName &&
53+
echo "Enter the managed identity name:" &&
54+
read idName &&
55+
az identity show -g jgaoidentity1008rg -n jgaouami --query id
56+
```
57+
58+
# [PowerShell](#tab/PowerShell)
4759

4860
```azurepowershell-interactive
4961
$idGroup = Read-Host -Prompt "Enter the resource group name for the managed identity"
5062
$idName = Read-Host -Prompt "Enter the name of the managed identity"
5163
52-
$id = (Get-AzUserAssignedIdentity -resourcegroupname $idGroup -Name idName).Id
64+
(Get-AzUserAssignedIdentity -resourcegroupname $idGroup -Name $idName).Id
5365
```
66+
---
5467

55-
- **Azure PowerShell version 2.7.0, 2.8.0 or 3.0.0**. You don't need these versions for deploying templates. But these versions are needed for testing deployment scripts locally. See [Install the Azure PowerShell module](/powershell/azure/install-az-ps). You can use a preconfigured Docker image. See [Configure development environment](#configure-development-environment).
68+
- **Azure PowerShell version 3.0.0, 2.8.0 or 2.7.0** or **Azure CLI version 2.0.80, 2.0.79, 2.0.78 or 2.0.77**. You don't need these versions for deploying templates. But these versions are needed for testing deployment scripts locally. See [Install the Azure PowerShell module](/powershell/azure/install-az-ps). You can use a preconfigured Docker image. See [Configure development environment](#configure-development-environment).
5669

5770
## Sample template
5871

@@ -62,9 +75,9 @@ The following json is an example. The latest template schema can be found [here
6275
{
6376
"type": "Microsoft.Resources/deploymentScripts",
6477
"apiVersion": "2019-10-01-preview",
65-
"name": "myDeploymentScript",
78+
"name": "runPowerShellInline",
6679
"location": "[resourceGroup().location]",
67-
"kind": "AzurePowerShell",
80+
"kind": "AzurePowerShell", // or "AzureCLI"
6881
"identity": {
6982
"type": "userAssigned",
7083
"userAssignedIdentities": {
@@ -73,7 +86,7 @@ The following json is an example. The latest template schema can be found [here
7386
},
7487
"properties": {
7588
"forceUpdateTag": 1,
76-
"azPowerShellVersion": "3.0",
89+
"azPowerShellVersion": "3.0", // or "azCliVersion": "2.0.80"
7790
"arguments": "[concat('-name ', parameters('name'))]",
7891
"scriptContent": "
7992
param([string] $name)
@@ -97,13 +110,13 @@ The following json is an example. The latest template schema can be found [here
97110
Property value details:
98111

99112
- **Identity**: The deployment script service uses a user-assigned managed identity to execute the scripts. Currently, only user-assigned managed identity is supported.
100-
- **kind**: Specify the type of script. Currently, only Azure PowerShell script is support. The value is **AzurePowerShell**.
113+
- **kind**: Specify the type of script. Currently, Azure PowerShell and Azure CLI scripts are support. The values are **AzurePowerShell** and **AzureCLI**.
101114
- **forceUpdateTag**: Changing this value between template deployments forces the deployment script to re-execute. Use the newGuid() or utcNow() function that needs to be set as the defaultValue of a parameter. To learn more, see [Run script more than once](#run-script-more-than-once).
102-
- **azPowerShellVersion**: Specify the Azure PowerShell module version to be used. Deployment script currently supports version 2.7.0, 2.8.0, and 3.0.0.
115+
- **azPowerShellVersion**/**azCliVersion**: Specify the module version to be used. Deployment script currently supports Azure PowerShell version 2.7.0, 2.8.0, 3.0.0 and Azure CLI version 2.0.80, 2.0.79, 2.0.78, 2.0.77.
103116
- **arguments**: Specify the parameter values. The values are separated by spaces.
104117
- **scriptContent**: Specify the script content. To run an external script, use `primaryScriptUri` instead. For examples, see [Use inline script](#use-inline-scripts) and [Use external script](#use-external-scripts).
105-
- **primaryScriptUri**: Specify a publicly accessible Url to the primary powershell script with supported PowerShell file extension.
106-
- **supportingScriptUris**: Specify an array of publicly accessible Urls to supporting powershell files that will be called in either `ScriptContent` or `PrimaryScriptUri`.
118+
- **primaryScriptUri**: Specify a publicly accessible Url to the primary deployment script with supported file extensions.
119+
- **supportingScriptUris**: Specify an array of publicly accessible Urls to supporting files that are called in either `ScriptContent` or `PrimaryScriptUri`.
107120
- **timeout**: Specify the maximum allowed script execution time specified in the [ISO 8601 format](https://en.wikipedia.org/wiki/ISO_8601). Default value is **P1D**.
108121
- **cleanupPreference**. Specify the preference of cleaning up deployment resources when the script execution gets in a terminal state. Default setting is **Always**, which means deleting the resources despite the terminal state (Succeeded, Failed, Canceled). To learn more, see [Clean up deployment script resources](#clean-up-deployment-script-resources).
109122
- **retentionInterval**: Specify the interval for which the service retains the deployment script resources after the deployment script execution reaches a terminal state. The deployment script resources will be deleted when this duration expires. Duration is based on the [ISO 8601 pattern](https://en.wikipedia.org/wiki/ISO_8601). The default value is **P1D**, which means seven days. This property is used when cleanupPreference is set to *OnExpiration*. The *OnExpiration* property is not enabled currently. To learn more, see [Clean up deployment script resources](#clean-up-deployment-script-resources).
@@ -119,7 +132,7 @@ The following template has one resource defined with the `Microsoft.Resources/de
119132
120133
The script takes one parameter, and output the parameter value. **DeploymentScriptOutputs** is used for storing outputs. In the outputs section, the **value** line shows how to access the stored values. `Write-Output` is used for debugging purpose. To learn how to access the output file, see [Debug deployment scripts](#debug-deployment-scripts). For the property descriptions, see [Sample template](#sample-template).
121134

122-
To run the script, select **Try it** to open the Cloud shell, and then paste the following code into the shell pane.
135+
To run the script, select **Try it** to open Azure Cloud Shell, and then paste the following code into the shell pane.
123136

124137
```azurepowershell-interactive
125138
$resourceGroupName = Read-Host -Prompt "Enter the name of the resource group to be created"
@@ -139,7 +152,7 @@ The output looks like:
139152

140153
## Use external scripts
141154

142-
In addition to inline scripts, you can also use external script files. Currently only PowerShell scripts with the **ps1** file extension are supported. To use external script files, replace `scriptContent` with `primaryScriptUri`. For example:
155+
In addition to inline scripts, you can also use external script files. Only primary PowerShell scripts with the **ps1** file extension are supported. For CLI scripts, the primary scripts can have any extensions (or without an extension), as long as the scripts are valid bash scripts. To use external script files, replace `scriptContent` with `primaryScriptUri`. For example:
143156

144157
```json
145158
"primaryScriptURI": "https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/deployment-script/deploymentscript-helloworld.ps1",
@@ -165,11 +178,11 @@ You can separate complicated logics into one or more supporting script files. Th
165178
],
166179
```
167180

168-
Supporting script files can be called from both inline scripts and primary script files.
181+
Supporting script files can be called from both inline scripts and primary script files. Supporting script files have no restrictions on the file extension.
169182

170183
The supporting files are copied to azscripts/azscriptinput at the runtime. Use relative path to reference the supporting files from inline scripts and primary script files.
171184

172-
## Work with outputs from deployment scripts
185+
## Work with outputs from PowerShell script
173186

174187
The following template shows how to pass values between two deploymentScripts resources:
175188

@@ -181,6 +194,16 @@ In the first resource, you define a variable called **$DeploymentScriptOutputs**
181194
reference('<ResourceName>').output.text
182195
```
183196

197+
## Work with outputs from CLI script
198+
199+
Different from the PowerShell deployment script, CLI/bash support does not expose a common variable to store script outputs, instead, there is an environment variable called **AZ_SCRIPTS_OUTPUT_PATH** that stores the location where the script outputs file resides. If a deployment script is run from a Resource Manager template, this environment variable is set automatically for you by the Bash shell.
200+
201+
Deployment script outputs must be saved in the AZ_SCRIPTS_OUTPUT_PATH location, and the outputs must be a valid JSON string object. The contents of the file must be saved as a key-value pair. For example, an array of strings is stored as { “MyResult”: [ “foo”, “bar”] }. Storing just the array results, for example [ “foo”, “bar” ], is invalid.
202+
203+
[!code-json[](~/resourcemanager-templates/deployment-script/deploymentscript-basic-cli.json?range=1-44)]
204+
205+
[jq](https://stedolan.github.io/jq/) is used in the previous sample. It comes with the container images. See [Configure development environment](#configure-development-environment).
206+
184207
## Debug deployment scripts
185208

186209
The script service creates a [storage account](../../storage/common/storage-account-overview.md) and a [container instance](../../container-instances/container-instances-overview.md) for script execution. Both resources have the **azscripts** suffix in the resource names.
@@ -259,7 +282,7 @@ Deployment script execution is an idempotent operation. If none of the deploymen
259282
260283
## Configure development environment
261284

262-
Currently, deployment script supports Azure PowerShell version 2.7.0, 2.8.0, and 3.0.0. If you have a Windows computer, you can install one of the supported Azure PowerShell versions and start developing and testing deployment scripts. If you don't have a Windows computer or you don't have one of these Azure PowerShell versions installed, you can use a pre-configured docker container image. The following procedure shows you how to configure the docker image on Windows. For Linux and Mac, you can find the information on the Internet.
285+
You can use a pre-configured docker container image as your deployment script development environment. The following procedure shows you how to configure the docker image on Windows. For Linux and Mac, you can find the information on the Internet.
263286

264287
1. Install [Docker Desktop](https://www.docker.com/products/docker-desktop) on your development computer.
265288
1. Open Docker Desktop.
@@ -276,7 +299,15 @@ Currently, deployment script supports Azure PowerShell version 2.7.0, 2.8.0, and
276299
docker pull mcr.microsoft.com/azuredeploymentscripts-powershell:az2.7
277300
```
278301

279-
The example uses version 2.7.0.
302+
The example uses version PowerShell 2.7.0.
303+
304+
To pull a CLI image from a Microsoft Container Registry (MCR):
305+
306+
```command
307+
docker pull mcr.microsoft.com/azure-cli:2.0.80
308+
```
309+
310+
This example uses version CLI 2.0.80. Deployment script uses the default CLI containers images found [here](https://hub.docker.com/_/microsoft-azure-cli).
280311

281312
1. Run the docker image locally.
282313

@@ -292,12 +323,18 @@ Currently, deployment script supports Azure PowerShell version 2.7.0, 2.8.0, and
292323

293324
**-it** means keeping the container image alive.
294325

326+
A CLI example:
327+
328+
```command
329+
docker run -v d:/docker:/data -it mcr.microsoft.com/azure-cli:2.0.80
330+
```
331+
295332
1. Select **Share it** when you get a prompt.
296-
1. Run a PowerShell script as shown in the following screenshot (given that you have a helloworld.ps1 file in d:\docker folder.)
333+
1. The following screenshot shows how to run a PowerShell script, given that you have a helloworld.ps1 file in d:\docker folder.
297334

298335
![Resource Manager template deployment script docker cmd](./media/deployment-script-template/resource-manager-deployment-script-docker-cmd.png)
299336

300-
After the PowerShell script is tested successfully, you can use it as a deployment script.
337+
After the script is tested successfully, you can use it as a deployment script.
301338

302339
## Next steps
303340

articles/azure-resource-manager/templates/template-tutorial-deployment-script.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -262,13 +262,13 @@ The deployment script adds a certificate to the key vault. Configure the key vau
262262
* **timeout**: Specify the maximum allowed script execution time specified in the [ISO 8601 format](https://en.wikipedia.org/wiki/ISO_8601). Default value is **P1D**.
263263
* **arguments**: Specify the parameter values. The values are separated by spaces.
264264
* **scriptContent**: Specify the script content. To run an external script, use **primaryScriptURI** instead. For more information, see [Use external script](./deployment-script-template.md#use-external-scripts).
265-
Declaring **$DeploymentScriptOutputs** is only required when testing the script on a local machine. Declaring the variable allows the script to be run on a local machine and in a deploymentScript resource without having to make changes. The value assigned to $DeploymentScriptOutputs is available as outputs in the deployments. For more information, see [Work with outputs from deployment scripts](./deployment-script-template.md#work-with-outputs-from-deployment-scripts).
265+
Declaring **$DeploymentScriptOutputs** is only required when testing the script on a local machine. Declaring the variable allows the script to be run on a local machine and in a deploymentScript resource without having to make changes. The value assigned to $DeploymentScriptOutputs is available as outputs in the deployments. For more information, see [Work with outputs from PowerShell deployment scripts](./deployment-script-template.md#work-with-outputs-from-powershell-script) or [Work with outputs from CLI deployment scripts](./deployment-script-template.md#work-with-outputs-from-cli-script).
266266
* **cleanupPreference**: Specify the preference on when to delete the deployment script resources. The default value is **Always**, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled). In this tutorial, **OnSuccess** is used so that you get a chance to view the script execution results.
267267
* **retentionInterval**: Specify the interval for which the service retains the script resources after it reaches a terminal state. Resources will be deleted when this duration expires. Duration is based on ISO 8601 pattern. This tutorial uses P1D, which means one day. This property is used when **cleanupPreference** is set to **OnExpiration**. This property is not enabled currently.
268268
269269
The deployment script takes three parameters: key vault name, certificate name, and subject name. It creates a certificate, and then adds the certificate to the key vault.
270270
271-
**$DeploymentScriptOutputs** is used to store output value. To learn more, see [Work with outputs from deployment scripts](./deployment-script-template.md#work-with-outputs-from-deployment-scripts).
271+
**$DeploymentScriptOutputs** is used to store output value. To learn more, see [Work with outputs from PowerShell deployment scripts](./deployment-script-template.md#work-with-outputs-from-powershell-script) or [Work with outputs from CLI deployment scripts](./deployment-script-template.md#work-with-outputs-from-cli-script).
272272
273273
The completed template can be found [here](https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/deployment-script/deploymentscript-keyvault.json).
274274

0 commit comments

Comments
 (0)