Test Azure deployments in your VSTS Release Pipeline

pesterWhen deploying Azure Resources you want to know if all resources are deployed as expected. To check if the resources are correctly deployed you can open the portal and visually inspect the deployed recourses or you can also run some powershell to validate the resources. Why not automate these checks and add them to your deployment pipeline. To validate the resources, I extended the Pester Build Task to connect to Azure. A test that checks the deployment of a VM can look like:

Continue reading “Test Azure deployments in your VSTS Release Pipeline”


Serial copies in ARM Templates

You can now make copies in serial mode. That means that the copies are created after each other instead of parallel. This can be a good idea when you update a live resource. The resources will go down and up after each other.

A sample of this:

            "apiVersion": "2015-01-01",
            "name": "[concat('nestedDeployment',copyIndex())]",
            "type": "Microsoft.Resources/deployments",
            "copy": {
                "name": "myCopySet",
                "count": 4,
                "mode": "serial",
                "batchSize": 2

The mode and batchSize are new. Mode can be serial or parallel. The batchSize configures how many objects are created at the same time in serial mode.

New ways to support conditions in ARM Templates

Condition did in ARM templates where not that easy to implement. In the new Azure RM APIs a property condition is added. This condition makes many scenarios a lot easier to implement.

Add condition property to a resource object, the resource object will only be deployed when the condition is met. The following sample code will show this:

    "resources": [
            "condition": "[equals(parameters('newOrExisting'),'new')]",
            "type": "Microsoft.Storage/storageAccounts",
            "name": "[variables('storageAccountName')]",
            "apiVersion": "2017-06-01",
            "location": "[resourceGroup().location]",
            "sku": {
                "name": "[variables('storageAccountType')]"
            "kind": "Storage",
            "properties": {}

The full code sample can be found at Ryan Jones GitHub.

The equals function will return a Boolean that is used as input for the condition.

This new feature in ARM Templates will make templates more readable, faster to develop and less need to copy one version of a template to different files to implement a condition.

Versioning ARM Template deployments

Getting control over your deployment pipelines to Microsoft Azure Resources Manager with VSTS

When deploying resources on Azure with Azure Resource Manager you want to be in control of which resources are deployed and control their life span. To get the control you need to do deploy in a tested, standardized and reusable manner. This can be done by managing your resource creation as Infrastructure as Code.
Continue reading “Versioning ARM Template deployments”

Azure Functions imperative bindings

Creating multiple blobs, move/rename blobs and delete blobs with advanced runtime bindings in Azure Functions.

The standard input and output bindings in Azure Functions are written in a declarative pattern using the function.json. When defining input and output declarative, you do not have the option to change some of the bindings properties like the name or make multiple outputs from one input. An imperative binding can do this for you. In this blog post I’ll show how to use imperative blob bindings.
Continue reading “Azure Functions imperative bindings”

Remove locks from Azure resources

In my previous blog post Lock Azure resources to prevent accidental deletion, I showed how to add a lock to a resource with an ARM template to protect it from accidental deletion. When you want to delete the resource, you first need to remove the lock. A lock cannot be removed with an ARM template. To remove the lock you can use:

  • Powershell
  • Rest API
  • Portal

Continue reading “Remove locks from Azure resources”

Lock Azure resources to prevent accidental deletion

How a lock can prevent user from accidental deletion of a resource.

In some cases you want to protect critical resources from accidental deletion. Some examples are a storage account with source data for processing, a Key Vault with disk encryption keys, or another key component in your infrastructure. When losing some resources that are key in your infrastructure, recovery can be dramatic. Resource Manager locks will enable you to protect these critical resources from deletion.

Resource Manager locks
Resource Manager locks apply to the management function of the locked resources. The locks do not have any impact the normal functions of the resource. You have two possible types of locks on a resource:

Locking down a resource can save your contributors from accidently delete a critical resources. An ‘oeps… I deleted the wrong resources’ moment should be a thing of the past.

CannotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.
ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
Continue reading “Lock Azure resources to prevent accidental deletion”