SQL Server creation failing on Azure due to policies in place - azure-sql-database

We are in the process of creating SQL Server using ARM Template but since there are policies in place we are unable to get SQL Server created following are the 2 policy exceptions:
##[error]Resource 'xxxxx' was disallowed by policy. Error Type: PolicyViolation, Policy Definition Name : SQL Server should use a virtual network service endpoint (NPD), Policy Assignment Name : NPD1a8a9dc8-aef3-421a-93. Error Type: PolicyViolation, Policy Definition Name : Auditing on SQL server should be enabled (NPD), Policy Assignment Name : NPD7885d0ef-a3de-44a3-9a.
Following is the ARM Template we are using and I am not sure why its failing as now we have VNet rules and auditing also enabled as part of the SQL Server creation:
{
"$schema": http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#,
"contentVersion": "1.0.0.0",
"parameters": {
"serverName": {
"type": "string",
"metadata": {
"description": "The name of the new database server to create."
}
},
"location": {
"type": "string",
"metadata": {
"description": "The location of the database server."
}
},
"serverVersion": {
"type": "string",
"defaultValue" : "12.0"
},
"administratorLogin": {
"type": "string",
"metadata": {
"description": "The account name to use for the database server administrator."
}
},
"administratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "The password to use for the database server administrator."
}
},
"storageAccountName": {
"type": "string",
"metadata": {
"description": "The name of the new storage account to create."
}
},
"emailAddresses": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Email address for alerts."
}
},
"privateEndpointName": {
"type": "string"
},
"vnetName": {
"type": "string"
},
"vnetRg": {
"type": "string",
"metadata": {
"description": "Resource Group Name of VNet"
}
},
"subnet1Name": {
"type": "string"
},
"storageType": {
"type": "string",
"defaultValue": "Standard_GRS",
"allowedValues": [
"Standard_LRS",
"Standard_ZRS",
"Standard_GRS",
"Standard_RAGRS",
"Premium_LRS"
]
},
"BUSINESS-OWNER": {
"type": "string"
},
"COST-CENTER": {
"type": "int"
},
"LIFECYCLE": {
"type": "string"
},
"APPLICATION": {
"type": "string"
},
"PROJECT-CODE": {
"type": "string"
},
"TECHNICAL-OWNER": {
"type": "string"
},
"GL-CODE": {
"type": "string"
}
},
"resources": [
{
"name": "[parameters('serverName')]",
"type": "Microsoft.Sql/servers",
"location": "[parameters('location')]",
"apiVersion": "2014-04-01-preview",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"version": "[parameters('serverVersion')]",
"minimalTlsVersion": "1.2",
"publicNetworkAccess": "Disabled"
},
"tags": {
"BUSINESS-OWNER": "[parameters('BUSINESS-OWNER')]",
"COST-CENTER": "[parameters('COST-CENTER')]",
"LIFECYCLE": "[parameters('LIFECYCLE')]",
"APPLICATION": "[parameters('APPLICATION')]",
"PROJECT-CODE": "[parameters('PROJECT-CODE')]",
"TECHNICAL-OWNER": "[parameters('TECHNICAL-OWNER')]",
"GL-CODE": "[parameters('GL-CODE')]"
},
"resources": [
{
"name": "sergiodb1",
"type": "databases",
"location": "[parameters('location')]",
"tags": {
"BUSINESS-OWNER": "[parameters('BUSINESS-OWNER')]",
"COST-CENTER": "[parameters('COST-CENTER')]",
"LIFECYCLE": "[parameters('LIFECYCLE')]",
"APPLICATION": "[parameters('APPLICATION')]",
"PROJECT-CODE": "[parameters('PROJECT-CODE')]",
"TECHNICAL-OWNER": "[parameters('TECHNICAL-OWNER')]",
"GL-CODE": "[parameters('GL-CODE')]"
},
"apiVersion": "2015-05-01-preview",
"dependsOn": [
"[parameters('serverName')]"
],
"properties": {
"edition": "Basic",
"collation": "SQL_Latin1_General_CP1_CI_AS"
}
},
{
"type": "Microsoft.Sql/servers/virtualNetworkRules",
"apiVersion": "2020-08-01-preview",
"name": "[concat(parameters('serverName'), '/allow-', parameters('subnet1Name'))]",
"dependsOn": [ "[resourceId('Microsoft.Sql/servers', parameters('serverName'))]" ],
"properties": {
"virtualNetworkSubnetId": "[resourceId(parameters('vnetRg'), 'Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnet1Name'))]",
"ignoreMissingVnetServiceEndpoint": false
}
},
{
"apiVersion": "2014-04-01-preview",
"type": "firewallrules",
"location": "[parameters('location')]",
"name": "AllowAllWindowsAzureIps",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
],
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
}
},
{
"name": "Default",
"type": "auditingSettings",
"apiVersion": "2017-03-01-preview",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
],
"properties": {
"State": "Enabled",
"storageEndpoint": "[concat('https://',parameters('storageAccountName'),'.blob.core.windows.net')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
"retentionDays": 365,
"auditActionsAndGroups": null,
"storageAccountSubscriptionId": "[subscription().subscriptionId]",
"isStorageSecondaryKeyInUse": false,
"isAzureMonitorTargetEnabled": false
}
},
{
"name": "DefaultSAP",
"type": "securityAlertPolicies",
"apiVersion": "2017-03-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/auditingSettings/Default')]"
],
"properties": {
"state": "Enabled",
"disabledAlerts": null,
"emailAddresses": "[array(parameters('emailAddresses'))]",
"emailAccountAdmins": true,
"storageEndpoint": "[concat('https://',parameters('storageAccountName'),'.blob.core.windows.net')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
"retentionDays": 365
}
},
{
"name": "VulnerabilityAssessment",
"type": "vulnerabilityAssessments",
"apiVersion": "2018-06-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/auditingSettings/Default')]",
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/securityAlertPolicies/DefaultSAP')]"
],
"properties": {
"storageContainerPath": "[concat('https://',parameters('storageAccountName'),'.blob.core.windows.net','/vulnerability-assessment')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": true,
"emails": []
}
}
}
]
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-06-01",
"name": "[parameters('privateEndpointName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[parameters('serverName')]"
],
"properties": {
"subnet": {
"id": "[resourceId(parameters('vnetRg'), 'Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnet1Name'))]"
},
"privateLinkServiceConnections": [
{
"name": "[parameters('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Sql/servers',parameters('serverName'))]",
"groupIds": [
"sqlServer"
]
}
}
]
},
"tags": {
"BUSINESS-OWNER": "[parameters('BUSINESS-OWNER')]",
"COST-CENTER": "[parameters('COST-CENTER')]",
"LIFECYCLE": "[parameters('LIFECYCLE')]",
"APPLICATION": "[parameters('APPLICATION')]",
"PROJECT-CODE": "[parameters('PROJECT-CODE')]",
"TECHNICAL-OWNER": "[parameters('TECHNICAL-OWNER')]",
"GL-CODE": "[parameters('GL-CODE')]"
}
}
],
"outputs": {
}
}

Resolved: My ARM Template formatting had issues but most important was the REGION for VNet in which the Pvt endpoint was getting created was set to EASTUS2 while the SQL Server was was getting provisioned in EASTUS. After fixing the regions and the ARM template I was able to successfully deploy it. Following is the corrected ARM Template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters":{
"serverName": {
"type": "string",
"metadata": {
"description": "The name of the new database server to create."
}
},
"location": {
"type": "string",
"metadata": {
"description": "The location of the database server."
}
},
"serverVersion": {
"type": "string",
"defaultValue" : "12.0"
},
"administratorLogin": {
"type": "string",
"metadata": {
"description": "The account name to use for the database server administrator."
}
},
"administratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "The password to use for the database server administrator."
}
},
"storageAccountName": {
"type": "string",
"metadata": {
"description": "The name of the new storage account to create."
}
},
"emailAddresses": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Email address for alerts."
}
},
"privateEndpointName": {
"type": "string"
},
"vnetName": {
"type": "string"
},
"vnetRg": {
"type": "string",
"metadata": {
"description": "Resource Group Name of VNet"
}
},
"subnet1Name": {
"type": "string"
},
"storageType": {
"type": "string",
"defaultValue": "Standard_GRS",
"allowedValues": [
"Standard_LRS",
"Standard_ZRS",
"Standard_GRS",
"Standard_RAGRS",
"Premium_LRS"
]
},
"BUSINESS-OWNER": {
"type": "string"
},
"COST-CENTER": {
"type": "int"
},
"LIFECYCLE": {
"type": "string"
},
"APPLICATION": {
"type": "string"
},
"PROJECT-CODE": {
"type": "string"
},
"TECHNICAL-OWNER": {
"type": "string"
},
"GL-CODE": {
"type": "string"
}
},
"variables": {
"databaseName": "[concat(parameters('serverName'),'/sample-db')]"
},
"resources": [
{
"type": "Microsoft.Sql/servers",
"apiVersion": "2020-02-02-preview",
"name": "[parameters('serverName')]",
"location": "[parameters('location')]",
"tags": {
"displayName": "[parameters('serverName')]",
"BUSINESS-OWNER": "xxx",
"COST-CENTER": "11",
"LIFECYCLE": "xx",
"APPLICATION": "xx",
"PROJECT-CODE": "xx",
"TECHNICAL-OWNER": "xxx",
"GL-CODE": "111"
},
"kind": "v12.0",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"version": "12.0",
"minimalTlsVersion": "1.2",
"publicNetworkAccess": "Disabled"
},
"resources": [
{
"type": "Microsoft.Sql/servers/databases",
"apiVersion": "2020-02-02-preview",
"name": "[variables('databaseName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"
],
"tags": {
"displayName": "[variables('databaseName')]",
"BUSINESS-OWNER": "xxx",
"COST-CENTER": "11",
"LIFECYCLE": "xx",
"APPLICATION": "xx",
"PROJECT-CODE": "xx",
"TECHNICAL-OWNER": "xxx",
"GL-CODE": "111"
},
"sku": {
"name": "Basic",
"tier": "Basic",
"capacity": 5
},
"properties": {
"collation": "SQL_Latin1_General_CP1_CI_AS",
"edition": "Basic",
"maxSizeBytes": 104857600,
"requestedServiceObjectiveName": "Basic",
"sampleName": "AdventureWorksLT"
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-06-01",
"name": "[parameters('privateEndpointName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"
],
"tags": {
"BUSINESS-OWNER": "xxx",
"COST-CENTER": "11",
"LIFECYCLE": "xx",
"APPLICATION": "xx",
"PROJECT-CODE": "xx",
"TECHNICAL-OWNER": "xxx",
"GL-CODE": "111"
},
"properties": {
"subnet": {
"id": "[resourceId(parameters('vnetRg'), 'Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnet1Name'))]"
},
"privateLinkServiceConnections": [
{
"name": "[parameters('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Sql/servers',parameters('serverName'))]",
"groupIds": [
"sqlServer"
]
}
}
]
}
},
{
"name": "Default",
"type": "auditingSettings",
"apiVersion": "2017-03-01-preview",
"location": "[parameters('location')]",
"dependsOn": ["[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"],
"properties": {
"State": "Enabled",
"storageEndpoint": "[concat('https://',parameters('storageAccountName'),'.blob.core.windows.net')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
"retentionDays": 365,
"auditActionsAndGroups": null,
"storageAccountSubscriptionId": "[subscription().subscriptionId]",
"isStorageSecondaryKeyInUse": false,
"isAzureMonitorTargetEnabled": false
}
},
{
"name": "DefaultSAP",
"type": "securityAlertPolicies",
"apiVersion": "2017-03-01-preview",
"dependsOn": ["[resourceId('Microsoft.Sql/servers', parameters('serverName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/auditingSettings/Default')]"
],
"properties": {
"state": "Enabled",
"disabledAlerts": null,
"emailAddresses": "[array(parameters('emailAddresses'))]",
"emailAccountAdmins": true,
"storageEndpoint": "[concat('https://',parameters('storageAccountName'),'.blob.core.windows.net')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
"retentionDays": 365
}
}
]
}
]
}

Please make sure the subnet you are using on the template has assigned the Microsoft.Sql type name, meaning it is already a Virtual Service endpoint.
The following script can add the type name Microsoft.Sql to your subnet. But the script tries the add only if your subnet lacks the type name.
### 1. LOG into to your Azure account, needed only once per PS session. Assign variables.
$yesno = Read-Host 'Do you need to log into Azure (only one time per powershell.exe session)? [yes/no]'
if ('yes' -eq $yesno) { Connect-AzAccount }
# Assignments to variables used by the later scripts.
# You can EDIT these values, if necessary.
$SubscriptionName = 'yourSubscriptionName'
Select-AzSubscription -SubscriptionName "$SubscriptionName"
$ResourceGroupName = 'yourRGName'
$VNetName = 'yourVNetName'
$SubnetName = 'yourSubnetName'
$SubnetAddressPrefix = 'Obtain this value from the Azure portal.' # Looks roughly like: '10.0.0.0/24'
$ServiceEndpointTypeName_SqlDb = 'Microsoft.Sql' # Do NOT edit. Is official value.
### 2. Search for your virtual network, and then for your subnet.
# Search for the virtual network.
$vnet = $null
$vnet = Get-AzVirtualNetwork -ResourceGroupName $ResourceGroupName -Name $VNetName
if ($vnet -eq $null) {
Write-Host "Caution: No virtual network found by the name '$VNetName'."
return
}
$subnet = $null
for ($nn = 0; $nn -lt $vnet.Subnets.Count; $nn++) {
$subnet = $vnet.Subnets[$nn]
if ($subnet.Name -eq $SubnetName) { break }
$subnet = $null
}
if ($null -eq $subnet) {
Write-Host "Caution: No subnet found by the name '$SubnetName'"
Return
}
### 3. Is your subnet tagged as 'Microsoft.Sql' endpoint server type?
$endpointMsSql = $null
for ($nn = 0; $nn -lt $subnet.ServiceEndpoints.Count; $nn++) {
$endpointMsSql = $subnet.ServiceEndpoints[$nn]
if ($endpointMsSql.Service -eq $ServiceEndpointTypeName_SqlDb) {
$endpointMsSql
break
}
$endpointMsSql = $null
}
if ($null -eq $endpointMsSql) {
Write-Host "Good: Subnet found, and is already tagged as an endpoint of type '$ServiceEndpointTypeName_SqlDb'."
return
} else {
Write-Host "Caution: Subnet found, but not yet tagged as an endpoint of type '$ServiceEndpointTypeName_SqlDb'."
# Ask the user for confirmation.
$yesno = Read-Host 'Do you want the PS script to apply the endpoint type name to your subnet? [yes/no]'
if ('no' -eq $yesno) { return }
}
### 4. Add a Virtual Service endpoint of type name 'Microsoft.Sql', on your subnet.
$setParams = #{
Name = $SubnetName
AddressPrefix = $SubnetAddressPrefix
VirtualNetwork = $vnet
ServiceEndpoint = $ServiceEndpointTypeName_SqlDb
}
$vnet = Set-AzVirtualNetworkSubnetConfig #setParams
# Persist the subnet update.
$vnet = Set-AzVirtualNetwork -VirtualNetwork $vnet
for ($nn = 0; $nn -lt $vnet.Subnets.Count; $nn++) {
$vnet.Subnets[0].ServiceEndpoints # Display.
}

Related

Generate JSON Schema with nested dependencies

I'm trying to generate a JSON schema with nested dependencies via https://rjsf-team.github.io/react-jsonschema-form/, here's what I came up with:
{
"type": "object",
"title": "Jira schema",
"properties": {
"summary": {
"type": "string"
},
"description": {
"type": "string"
},
"project": {
"type": "string",
"enum": [
"BE",
"FE"
],
"enumNames": [
"Backend Sprint",
"Frontend Sprint"
],
"default": "BE"
}
},
"required": ["project"],
"dependencies": {
"project": {
"oneOf": [
{
"properties": {
"project": {
"enum": ["BE"]
},
"issuetype": {
"enum": ["10001", "10002"],
"enumNames": ["Task", "Story"],
"default": "10001"
}
},
"required": ["issuetype"]
},
{
"properties": {
"project": {
"enum": ["FE"]
},
"issuetype": {
"enum": ["10003", "10004"],
"enumNames": ["Epic", "Bug"],
"default": "10003"
}
},
"required": ["issuetype"]
}
]
},
"issuetype": {
"oneOf": [
{
"properties":
{
"issuetype": {
"enum": ["10001"],
"enumNames": ["Task"]
},
"priority": {
"enum": ["1", "2", "3"],
"enumNames": ["High", "Medium", "Low"],
"default": "2"
}
}
},
{
"properties":
{
"issuetype": {
"enum": ["10002"],
"enumNames": ["Story"]
},
"priority": {
"enum": ["2", "3"],
"enumNames": ["Medium", "Low"],
"default": "2"
}
}
},
{
"properties":
{
"issuetype": {
"enum": ["10003"],
"enumNames": ["Epic"]
},
"priority": {
"enum": ["3"],
"enumNames": ["Low"],
"default": "3"
}
}
},
{
"properties":
{
"issuetype": {
"enum": ["10004"],
"enumNames": ["Bug"]
},
"priority": {
"enum": ["2", "3"],
"enumNames": ["Medium", "Low"],
"default": "2"
}
}
}
]
}
}
}
Ideally, when I select a project, both issuetype and priority should be updated, same applies to issuetype - when an issuetype is selected, priority should be updated.
Currently, I'm able to update priority by updating issuetype,not by updating project.
Any thoughts/ideas is highly appreciated!

Function App with VNet Integration Failing Deployment When Setting WEBSITE_CONTENTAZUREFILECONNECTIONSTRING to Storage Behind Firewall

The following ARM template deploys: Virtual Network, Network Security Group, Storage Account, App Service Plan, Function App
When the settings for WEBSITE_CONTENTAZUREFILECONNECTIONSTRING and WEBSITE_CONTENTSHARE are omitted (commented out) the deployment succeeds but the function app configuration shows a warning.
When enabling the two settings, the deployment fails with a 403 Forbidden message.
New-AzResourceGroupDeployment : 17:04:05 - The deployment '20201209-170356' failed with error(s). Showing 1 out of 1 error(s).
Status Message: There was a conflict. The remote server returned an error: (403) Forbidden. (Code: BadRequest)
- There was a conflict. The remote server returned an error: (403) Forbidden. (Code:)
- (Code:BadRequest)
- (Code:)
CorrelationId: ec11767b-9f8f-4722-acca-e751e5c1bbe8
I have tried numerous settings on the NSG, adding service tags, allowing IPs associated with the function app. I have also tried allowing IPRules on the storage account firewall. The only setting that worked was to entirely disable the storage account firewall with 'Allow access from all networks', which is not an acceptable setting for the network.
The ARM template to demonstrate the error:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {
"vnetName": "vnet1a",
"addressPrefixVnet": "10.17.0.0/20",
"addressPrefixSubnet": "10.17.4.0/24",
"nsgName_sb_functionapp": "[concat(variables('vnetName'), '-sb-functionapp-nsg')]",
"storageAccountName": "[concat(uniquestring(resourceGroup().id), 'sa1a')]",
"appServicePlanName": "[concat(uniquestring(resourceGroup().id), 'asp1a')]",
"functionAppName": "[concat(uniquestring(resourceGroup().id), 'asp1a')]"
},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2019-11-01",
"name": "[variables('nsgName_sb_functionapp')]",
"location": "[resourceGroup().location]",
"tags": {
"Purpose": "Function App"
},
"properties": {
"securityRules": []
}
},
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2019-11-01",
"name": "[variables('vnetName')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName_sb_functionapp'))]"
],
"tags": {
"Purpose": "Debug Function App and Storage Account Connectivity"
},
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('addressPrefixVnet')]"
]
},
"subnets": [
{
"name": "sb-functionapp",
"properties": {
"addressPrefix": "[variables('addressPrefixSubnet')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName_sb_functionapp'))]"
},
"serviceEndpoints": [
{
"service": "Microsoft.Storage",
"locations": [
"*"
]
}
],
"delegations": [
{
"name": "delegation",
"properties": {
"serviceName": "Microsoft.Web/serverFarms"
}
}
],
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
}
}
],
"enableDdosProtection": false,
"enableVmProtection": false
}
},
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-04-01",
"name": "[variables('storageAccountName')]",
"location": "[resourceGroup().location]",
"tags": {
"Purpose": "Debug Function App and Storage Account Connectivity"
},
"kind": "StorageV2",
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"properties": {
"networkAcls": {
"defaultAction": "Deny",
"bypass": "AzureServices",
"supportsHttpsTrafficOnly": true,
"ipRules": [],
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"file": {
"enabled": true
},
"blob": {
"enabled": true
}
}
},
"accessTier": "Hot",
"virtualNetworkRules": [
{
"id": "[concat(resourceId('Microsoft.Network/virtualNetworks', variables('vnetName')), '/subnets/sb-functionapp')]",
"ignoreMissingVNetServiceEndpoint": false
}
]
}
}
},
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2018-02-01",
"name": "[variables('appServicePlanName')]",
"location": "[resourceGroup().location]",
"tags": {
"Purpose": "Debug Function App and Storage Account Connectivity"
},
"sku": {
"name": "EP1",
"tier": "ElasticPremium",
"size": "EP1",
"family": "EP",
"capacity": 1
},
"kind": "elastic",
"properties": {
"perSiteScaling": false,
"maximumElasticWorkerCount": 20,
"isSpot": false,
"reserved": false,
"isXenon": false,
"hyperV": false,
"targetWorkerCount": 0,
"targetWorkerSizeId": 0
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2018-11-01",
"name": "[variables('functionAppName')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]"
],
"tags": {
"Purpose": "Debug Function App and Storage Account Connectivity"
},
"kind": "functionapp",
"properties": {
"enabled": true,
"hostNameSslStates": [
{
"name": "[concat(variables('functionAppName'), '.azurewebsites.net')]",
"sslState": "Disabled",
"hostType": "Standard"
},
{
"name": "[concat(variables('functionAppName'), '.scm.azurewebsites.net')]",
"sslState": "Disabled",
"hostType": "Repository"
}
],
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
"reserved": false,
"isXenon": false,
"hyperV": false,
"scmSiteAlsoStopped": false,
"clientAffinityEnabled": true,
"clientCertEnabled": false,
"hostNamesDisabled": false,
"containerSize": 1536,
"dailyMemoryTimeQuota": 0,
"httpsOnly": true,
"redundancyMode": "None",
"siteConfig": {
"appSettings": [
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~1"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2019-04-01').keys[0].value)]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[variables('functionAppName')]"
},
{
"name": "WEBSITE_DNS_SERVER",
"value": "168.63.129.16"
},
{
"name": "WEBSITE_VNET_ROUTE_ALL",
"value": "1"
}
]
}
},
"resources": [
{
"type": "networkConfig",
"apiVersion": "2018-11-01",
"name": "virtualNetwork",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('functionAppName'))]"
],
"properties": {
"subnetResourceId": "[concat(resourceId('Microsoft.Network/virtualNetworks', variables('vnetName')), '/subnets/sb-functionapp')]",
"swiftSupported": true
}
}
]
},
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2018-11-01",
"name": "[concat(variables('functionAppName'), '/web')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('functionAppName'))]"
],
"tags": {
"Purpose": "Debug Function App and Storage Account Connectivity"
},
"properties": {
"numberOfWorkers": 1,
"defaultDocuments": [
"Default.htm",
"Default.html",
"Default.asp",
"index.htm",
"index.html",
"iisstart.htm",
"default.aspx",
"index.php"
],
"netFrameworkVersion": "v4.0",
"phpVersion": "5.6",
"requestTracingEnabled": false,
"remoteDebuggingEnabled": false,
"remoteDebuggingVersion": "VS2019",
"httpLoggingEnabled": false,
"logsDirectorySizeLimit": 35,
"detailedErrorLoggingEnabled": false,
"publishingUsername": "[concat('$', variables('functionAppName'))]",
"scmType": "VSTSRM",
"use32BitWorkerProcess": true,
"webSocketsEnabled": false,
"alwaysOn": false,
"managedPipelineMode": "Integrated",
"virtualApplications": [
{
"virtualPath": "/",
"physicalPath": "site\\wwwroot",
"preloadEnabled": true
}
],
"loadBalancing": "LeastRequests",
"experiments": {
"rampUpRules": [
]
},
"autoHealEnabled": false,
"cors": {
"allowedOrigins": [],
"supportCredentials": false
},
"localMySqlEnabled": false,
"ipSecurityRestrictions": [],
"scmIpSecurityRestrictions": [
{
"ipAddress": "Any",
"action": "Allow",
"priority": 1,
"name": "Allow all",
"description": "Allow all access"
}
],
"scmIpSecurityRestrictionsUseMain": false,
"http20Enabled": false,
"minTlsVersion": "1.2",
"ftpsState": "AllAllowed",
"reservedInstanceCount": 1
}
}
]
}
Command to deploy to existing resource group:
New-AzResourceGroupDeployment -Name (Get-Date).ToString('yyyyMMdd-HHmmss') -ResourceGroupName 'Test-FunctionApp-Storage-VNet' -TemplateFile .\DebugFunctionApp.json -Verbose
I have seen the question/answer at Function App Deployment Failed - The remote server returned an error: (403) Forbidden but it doesn't solve the problem I see.
The solution is to add another setting named WEBSITE_CONTENTOVERVNET and to set the value to "1".
The updated appSettings section looks like:
"siteConfig": {
"appSettings": [
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~1"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2019-04-01').keys[0].value)]"
},
{
"name": "WEBSITE_CONTENTOVERVNET",
"value": "1"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[variables('functionAppName')]"
},
{
"name": "WEBSITE_DNS_SERVER",
"value": "168.63.129.16"
},
{
"name": "WEBSITE_VNET_ROUTE_ALL",
"value": "1"
}
]
}
The setting is document at https://learn.microsoft.com/en-us/azure/azure-functions/functions-app-settings#website_contentovervnet
For Premium plans only. A value of 1 enables your function app to scale when you have your storage account restricted to a virtual network. You should enable this setting when restricting your storage account to a virtual network.

How to add data gateway to SQL connector with ARM template

I'm trying to connect to a database through a data gateway (SQL Server Connector) with ARM templates. But I'm not sure if I miss something because I'm getting connection error with the gateway.
This is what I have so far in my api connection:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"connections_sql_name": {
"defaultValue": "sql",
"type": "String"
},
"connections_sql_displayName": {
"defaultValue": "displaynameDB",
"type": "String"
},
"server": {
"defaultValue": "SERV01",
"type": "String"
},
"database": {
"defaultValue": "DB01",
"type": "String"
},
"authType": {
"defaultValue": "windows",
"type": "String"
},
"username": {
"defaultValue": "USER01",
"type": "String"
},
"password": {
"defaultValue": "PASS123",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('connections_sql_name')]",
"location": "northeurope",
"properties": {
"displayName": "[parameters('connections_sql_displayName')]",
"customParameterValues": {},
"parameterValues": {
"server": "[parameters('server')]",
"database": "[parameters('database')]",
"authType": "[parameters('authType')]",
"username": "[parameters('username')]",
"password": "[parameters('password')]"
},
"api": {
"id": "[concat('/subscriptions/{sub-id}/providers/Microsoft.Web/locations/northeurope/managedApis/', parameters('connections_sql_name'))]"
}
}
}
]
}
And this is a part of my logic app under inputs:
"gateway": {
"gatewaySettings": {
"connectionDetails": [
"[parameters('gatewayServer')]",
"[parameters('gatewayDatabase')]"
],
"credentialType": "Windows",
"dataSourceType": "sql"
},
"type": "gatewaySetting"
},
Any help is appreciated! :)
Try removing the gateway block from the Logic App definition and changing the connection definition to this:
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('connections_sql_name')]",
"location": "northeurope",
"properties": {
"displayName": "[parameters('connections_sql_displayName')]",
"customParameterValues": {
},
"parameterValues": {
"server": "[parameters('server')]",
"database": "[parameters('database')]",
"authType": "[parameters('authType')]",
"username": "[parameters('username')]",
"password": "[parameters('password')]",
"gateway": {
"id": "/subscriptions/{sub-id}/resourceGroups/{gateway-resource-group-name}/providers/Microsoft.Web/connectionGateways/{gateway-name}"
}
},
"api": {
"id": "[concat('/subscriptions/{sub-id}/providers/Microsoft.Web/locations/northeurope/managedApis/', parameters('connections_sql_name'))]"
}
}
}
The documentation isn't very helpful regarding the gateway property in connection resources.

How to add Azure AD groups via ARM script to a Azure SQL database

I am creating a new Azure SQL with two databses and an elastic pool via ARM script. These are my scripts
azure.deploy.ps1
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"administratorLogin": {
"type": "string",
"metadata": {
"description": "The SQL Server administrator login"
}
},
"administratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "The SQL Server administrator login password."
}
},
"serverName": {
"type": "string",
"metadata": {
"description": "The SQL Server name."
}
},
"elasticPoolName": {
"type": "string",
"metadata": {
"description": "The Elastic Pool name."
}
},
"edition": {
"type": "string",
"defaultValue": "Standard",
"allowedValues": [
"Basic",
"Standard",
"Premium"
],
"metadata": {
"description": "The Elastic Pool edition."
}
},
"poolDtu": {
"type": "int",
"metadata": {
"description": "The Elastic Pool DTU."
}
},
"databaseDtuMin": {
"type": "int",
"defaultValue": 0,
"metadata": {
"description": "The Elastic Pool database DTU min."
}
},
"databaseDtuMax": {
"type": "int",
"metadata": {
"description": "The Elastic Pool database DTU max."
}
},
"databasesNames": {
"type": "array",
"defaultValue": [
"db1",
"db2"
],
"metadata": {
"description": "The SQL Databases names."
}
},
"databaseCollation": {
"type": "string",
"defaultValue": "SQL_Latin1_General_CP1_CI_AS",
"metadata": {
"description": "The SQL Database collation."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {},
"resources": [
{
"apiVersion": "2014-04-01-preview",
"location": "[parameters('location')]",
"name": "[parameters('serverName')]",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"version": "12.0"
},
"type": "Microsoft.Sql/servers"
},
{
"apiVersion": "2014-04-01",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
],
"location": "[parameters('location')]",
"name": "[concat(parameters('serverName'), '/', parameters('elasticPoolName'))]",
"properties": {
"edition": "[parameters('edition')]",
"dtu": "[parameters('poolDtu')]",
"databaseDtuMin": "[parameters('databaseDtuMin')]",
"databaseDtuMax": "[parameters('databaseDtuMax')]"
},
"type": "Microsoft.Sql/servers/elasticPools"
},
{
"type": "Microsoft.Sql/servers/databases",
"name": "[concat(parameters('serverName'), '/', parameters('databasesNames')[copyIndex()])]",
"location": "[parameters('location')]",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName') ,'/elasticpools/', parameters('elasticPoolName'))]"
],
"properties": {
"collation": "[parameters('databaseCollation')]",
"requestedServiceObjectiveName": "ElasticPool",
"elasticPoolName": "[parameters('elasticPoolName')]"
},
"copy": {
"name": "addDatabasesInElasticPool",
"count": "[length(parameters('databasesNames'))]"
}
},
{
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
],
"location": "[parameters('location')]",
"name": "[concat(parameters('serverName'), '/', 'AllowAllWindowsAzureIps')]",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
},
"type": "Microsoft.Sql/servers/firewallrules"
}
]
}
an this is the parameters file:
azure.deploy.parameters.ps1
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"administratorLogin": {
"value": "bogblogsqldbadmin"
},
"serverName": {
"value": "azrsqlsrv1"
},
"elasticPoolName": {
"value": "azrsqlsrve1"
},
"poolDtu": {
"value": 100
},
"databaseDtuMax": {
"value": 100
},
"databasesNames": {
"value": [ "asqldb11", "asqldb12" ]
}
}
}
I would like to use Azure AD and groups to authenticate users on these database. I would like to add those groups and the configuration for the use of Azure AD directly in my ARM scripts. How can i do that? Is that possible?
Below example may help:
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"SQL Administrator Login": {
"type": "String"
},
"SQL Administrator Password": {
"type": "SecureString"
},
"AAD Admin Login": {
"type": "String"
},
"AAD Admin ObjectID": {
"type": "String"
},
"AAD TenantId": {
"type": "String"
},
"Location (Region)": {
"type": "String"
},
"Server Name": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Sql/servers",
"name": "[parameters('Server Name')]",
"apiVersion": "2014-04-01-preview",
"location": "[parameters('Location (Region)')]",
"properties": {
"administratorLogin": "[parameters('SQL Administrator Login')]",
"administratorLoginPassword": "[parameters('SQL Administrator Password')]",
"version": "12.0"
},
"resources": [
{
"type": "firewallrules",
"name": "AllowAllWindowsAzureIps",
"apiVersion": "2014-04-01-preview",
"location": "[parameters('Location (Region)')]",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
},
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('Server Name'))]"
]
},
{
"type": "administrators",
"name": "activeDirectory",
"apiVersion": "2014-04-01-preview",
"location": "[parameters('Location (Region)')]",
"properties": {
"administratorType": "ActiveDirectory",
"login": "[parameters('AAD Admin Login')]",
"sid": "[parameters('AAD Admin ObjectID')]",
"tenantId": "[parameters('AAD TenantID')]"
},
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('Server Name'))]"
]
}
]
}
]
}

Deploying a marketplace Connector from Azure Resource Group template

I'm using the Azure Resource Group project template in Visual studio to deploy two API Apps and a Logic App. I want one of those API Apps to be a Blob Connector from the marketplace. What I need is the uri of the .zip package for the connector, as shown here:
{
"apiVersion": "2014-06-01",
"name": "MSDeploy",
"type": "Extensions",
"dependsOn": [
//........
],
"properties": {
"packageUri": "https://auxmktplceprod.blob.core.windows.net/packages/UmbracoCms.WebPI.7.2.5.zip",
"dbType": "SQL",
(source)
I tried this solution, but that cmdlet is now deprecated. Is there any way to get these URIs?
-Thanks!
I found a way of deploying custom api app with Marketplace apps.
Below is a sample script to just guide you
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"blobConnectorName": {
"type": "string",
"minLength": 1,
"defaultValue" : "mytestblobconnector"
},
"blobStorageAccount": {
"type": "string",
"minLength": 1,
"defaultValue" : "mystorage.blob.core.windows.net"
},
"blobStorageKey": {
"type": "securestring",
"minLength": 1,
"defaultValue" : "storgekey"
},
"blobContainerName": {
"type": "string",
"minLength": 1,
"defaultValue" : "mycontainer"
},
"gatewayName": {
"type": "string",
"minLength": 1,
"defaultValue" : "myblobconnectorgateway"
},
"logicAppName": {
"type": "string",
"minLength": 1,
"defaultValue" : "testinglogicapp"
},
"svcPlanName": {
"type": "string",
"minLength": 1,
"defaultValue" : "myresourcegrpserviceplan"
},
"sku": {
"type": "string",
"defaultValue": "Basic",
"allowedValues": [
"Free",
"Basic",
"Standard",
"Premium"
]
},
"svcPlanSize": {
"defaultValue": "0",
"type": "string",
"allowedValues": [
"0",
"1",
"2"
]
},
"gatewayToApiAppSecret": {
"defaultValue": "0000000000000000000000000000000000000000000000000000000000000000",
"type": "securestring"
}
},
"variables": {
"$packageId": "Microsoft.ApiApp",
"$nugetFeed": "http://apiapps-preview.nuget.org/api/v2/"
},
"resources": [
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2015-04-01",
"name": "[parameters('svcPlanName')]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "AppServicePlan"
},
"properties": {
"name": "[parameters('svcPlanName')]",
"sku": "[parameters('sku')]",
"workerSize": "[parameters('svcPlanSize')]",
"numberOfWorkers": 1
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2015-04-01",
"name": "[parameters('gatewayName')]",
"location": "[resourceGroup().location]",
"kind": "gateway",
"tags": {
"displayName": "GatewayHost"
},
"resources": [
{
"type": "providers/links",
"apiVersion": "2015-01-01",
"name": "Microsoft.Resources/gateway",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('gatewayName'))]"
],
"properties": {
"targetId": "[resourceId('Microsoft.AppService/gateways', parameters('gatewayName'))]"
}
}
],
"dependsOn": [
"[concat(resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', parameters('svcPlanName'))]"
],
"properties": {
"name": "[parameters('gatewayName')]",
"gatewaySiteName": "[parameters('gatewayName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('svcPlanName'))]",
"siteConfig": {
"appSettings": [
{
"name": "ApiAppsGateway_EXTENSION_VERSION",
"value": "latest"
},
{
"name": "EmaStorage",
"value": "D:\\home\\data\\apiapps"
},
{
"name": "WEBSITE_START_SCM_ON_SITE_CREATION",
"value": "1"
}
]
}
}
},
{
"type": "Microsoft.AppService/gateways",
"apiVersion": "2015-03-01-preview",
"name": "[parameters('gatewayName')]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "Gateway"
},
"resources": [
{
"type": "providers/links",
"apiVersion": "2015-01-01",
"name": "Microsoft.Resources/gatewaySite",
"dependsOn": [
"[resourceId('Microsoft.AppService/gateways', parameters('gatewayName'))]"
],
"properties": {
"targetId": "[resourceId('Microsoft.Web/sites', parameters('gatewayName'))]"
}
},
{
"type": "tokens",
"apiVersion": "2015-03-01-preview",
"location": "[resourceGroup().location]",
"name": "[parameters('logicAppName')]",
"tags": {
"displayName": "AuthenticationToken"
},
"dependsOn": [
"[resourceId('Microsoft.AppService/gateways', parameters('gatewayName'))]"
]
}
],
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('gatewayName'))]"
],
"properties": {
"host": {
"resourceName": "[parameters('gatewayName')]"
}
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2015-04-01",
"name": "[parameters('blobConnectorName')]",
"location": "[resourceGroup().location]",
"kind": "apiApp",
"tags": {
"displayName": "APIAppHost",
"packageId": "AzureStorageBlobConnector"
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', parameters('svcPlanName'))]",
"[resourceId('Microsoft.AppService/gateways', parameters('gatewayName'))]"
],
"resources": [
{
"type": "siteextensions",
"tags": {
"displayName": "APIAppExtension"
},
"apiVersion": "2015-02-01",
"name": "AzureStorageBlobConnector",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('blobConnectorName'))]"
],
"properties": {
"type": "WebRoot",
"feed_url": "[variables('$nugetFeed')]"
}
},
{
"type": "providers/links",
"apiVersion": "2015-01-01",
"name": "Microsoft.Resources/apiApp",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('blobConnectorName'))]"
],
"properties": {
"targetId": "[resourceId('Microsoft.AppService/apiapps', parameters('blobConnectorName'))]"
}
}
],
"properties": {
"gatewaySiteName": "[parameters('gatewayName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('svcPlanName'))]",
"siteConfig": {
"appSettings": [
{
"name": "EMA_MicroserviceId",
"value": "[parameters('blobConnectorName')]"
},
{
"name": "EMA_Secret",
"value": "[parameters('gatewayToAPIappSecret')]"
},
{
"name": "EMA_RuntimeUrl",
"value": "[concat('https://', reference(resourceId('Microsoft.Web/sites', parameters('gatewayName'))).hostNames[0])]"
},
{
"name": "WEBSITE_START_SCM_ON_SITE_CREATION",
"value": "1"
},
{
"name": "BlobConnector_ContainerUrl",
"value": "[concat('https://', parameters('blobStorageAccount'),'/',parameters('blobContainerName'))]"
},
{
"name": "BlobConnector_AccessKey",
"value": "[parameters('blobStorageKey')]"
}
],
"applicationLogs": {
"filesystem": {
"level": "Verbose"
},
"azureTableStorage": {
"level": "Off",
"sasUrl": null
},
"azureBlobStorage": {
"level": "Off",
"sasUrl": null,
"retentionInDays": null
}
}
}
}
},
{
"type": "Microsoft.AppService/apiapps",
"apiVersion": "2015-03-01-preview",
"name": "[parameters('blobConnectorName')]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "BlobConnector"
},
"resources": [
{
"type": "providers/links",
"apiVersion": "2015-01-01",
"name": "Microsoft.Resources/apiAppSite",
"dependsOn": [
"[resourceId('Microsoft.AppService/apiapps', parameters('blobConnectorName'))]"
],
"properties": {
"targetId": "[resourceId('Microsoft.Web/sites', parameters('blobConnectorName'))]"
}
}
],
"dependsOn": [
"[resourceId('Microsoft.Web/sites/siteextensions', parameters('blobConnectorName'), 'AzureStorageBlobConnector')]"
],
"properties": {
"package": {
"id": "AzureStorageBlobConnector"
},
"host": {
"resourceName": "[parameters('blobConnectorName')]"
},
"gateway": {
"resourceName": "[parameters('gatewayName')]"
},
"dependencies": [ ]
}
},
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2015-02-01-preview",
"name": "[parameters('logicAppName')]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "LogicApp"
},
"dependsOn": [
"[resourceId('Microsoft.AppService/apiApps', parameters('blobConnectorName'))]"
],
"properties": {
"sku": {
"name": "[parameters('sku')]",
"plan": {
"id": "[concat(resourceGroup().id, '/providers/Microsoft.Web/serverfarms/',parameters('svcPlanName'))]"
}
},
"definition": {
"$schema": "http://schema.management.azure.com/providers/Microsoft.Logic/schemas/2014-12-01-preview/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"token": {
"defaultValue": "[reference(resourceId('Microsoft.AppService/gateways/tokens', parameters('gatewayName'), parameters('logicAppName'))).token]",
"type": "String",
"metadata": {
"token": {
"name": "token"
}
}
},
"runworkflowmanually": {
"defaultValue": true,
"type": "Bool"
}
},
"triggers": { },
"actions": {
"azurestorageblobconnector": {
"type": "ApiApp",
"inputs": {
"apiVersion": "2015-01-14",
"host": {
"id": "[concat(resourceGroup().id, '/providers/Microsoft.AppService/apiApps/',parameters('blobConnectorName'))]",
"gateway": "[concat('https://', reference(resourceId('Microsoft.Web/sites', parameters('gatewayName'))).hostNames[0])]"
},
"operation": "UploadBlob",
"parameters": {
"BlobPath": "myfolder/test.txt",
"BlobContent": {
"Content": "TestMessage",
"ContentTransferEncoding": "None"
},
"Overwrite": true
},
"authentication": {
"type": "Raw",
"scheme": "Zumo",
"parameter": "#parameters('token')"
}
},
"conditions": [ ]
}
},
"outputs": {
}
},
"parameters": { }
}
}
]
}
Just search for "AzureStorageBlobConnector" in the above json to observe the usage which is the package id of the blob connector from marketplace. I found the package id for the blob connector from azure portal by deploying one manually and then checking its settings. Please feel free to post a comment for package id for other market place apps if you face any difficulty.