Skip to content

Commit e631f1a

Browse files
v-shilsv-shils
authored
Merge pull request #101415 from mumian/0116-order-cicd
order the elements
2 parents 5262f6f + f20e8e0 commit e631f1a

File tree

2 files changed

+212
-212
lines changed

2 files changed

+212
-212
lines changed

articles/azure-resource-manager/templates/key-vault-parameter.md

Lines changed: 118 additions & 118 deletions
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,7 @@ The following procedure shows how to create a role with the minimum permission,
141141

142142
---
143143

144-
The samples assign the custom role to the user on the resource group level.
144+
The samples assign the custom role to the user on the resource group level.
145145

146146
When using a Key Vault with the template for a [Managed Application](../managed-applications/overview.md), you must grant access to the **Appliance Resource Provider** service principal. For more information, see [Access Key Vault secret when deploying Azure Managed Applications](../managed-applications/key-vault-access.md).
147147

@@ -172,9 +172,9 @@ The following template deploys a SQL server that includes an administrator passw
172172
},
173173
"resources": [
174174
{
175-
"name": "[parameters('sqlServerName')]",
176175
"type": "Microsoft.Sql/servers",
177176
"apiVersion": "2015-05-01-preview",
177+
"name": "[parameters('sqlServerName')]",
178178
"location": "[resourceGroup().location]",
179179
"tags": {},
180180
"properties": {
@@ -195,24 +195,24 @@ In the following parameter file, the key vault secret must already exist, and yo
195195

196196
```json
197197
{
198-
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
199-
"contentVersion": "1.0.0.0",
200-
"parameters": {
201-
"adminLogin": {
202-
"value": "exampleadmin"
203-
},
204-
"adminPassword": {
205-
"reference": {
206-
"keyVault": {
207-
"id": "/subscriptions/<subscription-id>/resourceGroups/<rg-name>/providers/Microsoft.KeyVault/vaults/<vault-name>"
208-
},
209-
"secretName": "ExamplePassword"
210-
}
211-
},
212-
"sqlServerName": {
213-
"value": "<your-server-name>"
198+
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
199+
"contentVersion": "1.0.0.0",
200+
"parameters": {
201+
"adminLogin": {
202+
"value": "exampleadmin"
203+
},
204+
"adminPassword": {
205+
"reference": {
206+
"keyVault": {
207+
"id": "/subscriptions/<subscription-id>/resourceGroups/<rg-name>/providers/Microsoft.KeyVault/vaults/<vault-name>"
208+
},
209+
"secretName": "ExamplePassword"
214210
}
215-
}
211+
},
212+
"sqlServerName": {
213+
"value": "<your-server-name>"
214+
}
215+
}
216216
}
217217
```
218218

@@ -230,9 +230,9 @@ Deploy the template and pass in the parameter file:
230230
```azurecli-interactive
231231
az group create --name SqlGroup --location westus2
232232
az group deployment create \
233-
--resource-group SqlGroup \
234-
--template-uri <template-file-URI> \
235-
--parameters <parameter-file>
233+
--resource-group SqlGroup \
234+
--template-uri <template-file-URI> \
235+
--parameters <parameter-file>
236236
```
237237

238238
# [PowerShell](#tab/azure-powershell)
@@ -251,7 +251,7 @@ New-AzResourceGroupDeployment `
251251

252252
The previous section showed how to pass a static resource ID for the key vault secret from the parameter. However, in some scenarios, you need to reference a key vault secret that varies based on the current deployment. Or, you may want to pass parameter values to the template rather than create a reference parameter in the parameter file. In either case, you can dynamically generate the resource ID for a key vault secret by using a linked template.
253253

254-
You can't dynamically generate the resource ID in the parameters file because template expressions aren't allowed in the parameters file.
254+
You can't dynamically generate the resource ID in the parameters file because template expressions aren't allowed in the parameters file.
255255

256256
In your parent template, you add the nested template and pass in a parameter that contains the dynamically generated resource ID. The following image shows how a parameter in the linked template references the secret.
257257

@@ -261,109 +261,109 @@ The following template dynamically creates the key vault ID and passes it as a p
261261

262262
```json
263263
{
264-
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
265-
"contentVersion": "1.0.0.0",
266-
"parameters": {
267-
"location": {
268-
"type": "string",
269-
"defaultValue": "[resourceGroup().location]",
270-
"metadata": {
271-
"description": "The location where the resources will be deployed."
272-
}
264+
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
265+
"contentVersion": "1.0.0.0",
266+
"parameters": {
267+
"location": {
268+
"type": "string",
269+
"defaultValue": "[resourceGroup().location]",
270+
"metadata": {
271+
"description": "The location where the resources will be deployed."
272+
}
273+
},
274+
"vaultName": {
275+
"type": "string",
276+
"metadata": {
277+
"description": "The name of the keyvault that contains the secret."
278+
}
279+
},
280+
"secretName": {
281+
"type": "string",
282+
"metadata": {
283+
"description": "The name of the secret."
284+
}
285+
},
286+
"vaultResourceGroupName": {
287+
"type": "string",
288+
"metadata": {
289+
"description": "The name of the resource group that contains the keyvault."
290+
}
291+
},
292+
"vaultSubscription": {
293+
"type": "string",
294+
"defaultValue": "[subscription().subscriptionId]",
295+
"metadata": {
296+
"description": "The name of the subscription that contains the keyvault."
297+
}
298+
}
299+
},
300+
"resources": [
301+
{
302+
"type": "Microsoft.Resources/deployments",
303+
"apiVersion": "2018-05-01",
304+
"name": "dynamicSecret",
305+
"properties": {
306+
"mode": "Incremental",
307+
"expressionEvaluationOptions": {
308+
"scope": "inner"
273309
},
274-
"vaultName": {
275-
"type": "string",
276-
"metadata": {
277-
"description": "The name of the keyvault that contains the secret."
310+
"template": {
311+
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
312+
"contentVersion": "1.0.0.0",
313+
"parameters": {
314+
"adminLogin": {
315+
"type": "string"
316+
},
317+
"adminPassword": {
318+
"type": "securestring"
319+
},
320+
"location": {
321+
"type": "string"
278322
}
279-
},
280-
"secretName": {
281-
"type": "string",
282-
"metadata": {
283-
"description": "The name of the secret."
323+
},
324+
"variables": {
325+
"sqlServerName": "[concat('sql-', uniqueString(resourceGroup().id, 'sql'))]"
326+
},
327+
"resources": [
328+
{
329+
"type": "Microsoft.Sql/servers",
330+
"apiVersion": "2018-06-01-preview",
331+
"name": "[variables('sqlServerName')]",
332+
"location": "[parameters('location')]",
333+
"properties": {
334+
"administratorLogin": "[parameters('adminLogin')]",
335+
"administratorLoginPassword": "[parameters('adminPassword')]"
336+
}
284337
}
285-
},
286-
"vaultResourceGroupName": {
287-
"type": "string",
288-
"metadata": {
289-
"description": "The name of the resource group that contains the keyvault."
338+
],
339+
"outputs": {
340+
"sqlFQDN": {
341+
"type": "string",
342+
"value": "[reference(variables('sqlServerName')).fullyQualifiedDomainName]"
290343
}
344+
}
291345
},
292-
"vaultSubscription": {
293-
"type": "string",
294-
"defaultValue": "[subscription().subscriptionId]",
295-
"metadata": {
296-
"description": "The name of the subscription that contains the keyvault."
297-
}
298-
}
299-
},
300-
"resources": [
301-
{
302-
"apiVersion": "2018-05-01",
303-
"name": "dynamicSecret",
304-
"type": "Microsoft.Resources/deployments",
305-
"properties": {
306-
"mode": "Incremental",
307-
"expressionEvaluationOptions": {
308-
"scope": "inner"
309-
},
310-
"template": {
311-
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
312-
"contentVersion": "1.0.0.0",
313-
"parameters": {
314-
"adminLogin": {
315-
"type": "string"
316-
},
317-
"adminPassword": {
318-
"type": "securestring"
319-
},
320-
"location": {
321-
"type": "string"
322-
}
323-
},
324-
"variables": {
325-
"sqlServerName": "[concat('sql-', uniqueString(resourceGroup().id, 'sql'))]"
326-
},
327-
"resources": [
328-
{
329-
"name": "[variables('sqlServerName')]",
330-
"type": "Microsoft.Sql/servers",
331-
"apiVersion": "2018-06-01-preview",
332-
"location": "[parameters('location')]",
333-
"properties": {
334-
"administratorLogin": "[parameters('adminLogin')]",
335-
"administratorLoginPassword": "[parameters('adminPassword')]"
336-
}
337-
}
338-
],
339-
"outputs": {
340-
"sqlFQDN": {
341-
"type": "string",
342-
"value": "[reference(variables('sqlServerName')).fullyQualifiedDomainName]"
343-
}
344-
}
345-
},
346-
"parameters": {
347-
"location": {
348-
"value": "[parameters('location')]"
349-
},
350-
"adminLogin": {
351-
"value": "ghuser"
352-
},
353-
"adminPassword": {
354-
"reference": {
355-
"keyVault": {
356-
"id": "[resourceId(parameters('vaultSubscription'), parameters('vaultResourceGroupName'), 'Microsoft.KeyVault/vaults', parameters('vaultName'))]"
357-
},
358-
"secretName": "[parameters('secretName')]"
359-
}
360-
}
361-
}
346+
"parameters": {
347+
"location": {
348+
"value": "[parameters('location')]"
349+
},
350+
"adminLogin": {
351+
"value": "ghuser"
352+
},
353+
"adminPassword": {
354+
"reference": {
355+
"keyVault": {
356+
"id": "[resourceId(parameters('vaultSubscription'), parameters('vaultResourceGroupName'), 'Microsoft.KeyVault/vaults', parameters('vaultName'))]"
357+
},
358+
"secretName": "[parameters('secretName')]"
362359
}
360+
}
363361
}
364-
],
365-
"outputs": {
362+
}
366363
}
364+
],
365+
"outputs": {
366+
}
367367
}
368368
```
369369

0 commit comments

Comments
 (0)