acr
acr copied to clipboard
Azure
Can't add token in ARM template
Describe the bug When adding a token in ARM I cannot generate a password, but when generating a token password in the portal the ARM template will delete it.
Expected behavior The ARM template to leave the passwords alone or be able to generate token passwords in ARM.
Hey there, so I took a look into this. Not generating the token is by design, and the ARM template will only delete it if you try to redeploy, without adding the credential object that you've generated to the template.
After you generate the password in the portal, if you go to "Export template" under Automation, the resource for tokens should have filled out "credentials", so for example for a password without an expiration, it would look like this:
"credentials": {
"passwords": [
{
"creationTime": "2022-04-20T20:13:40.0277998+00:00",
"name": "password1"
}
]
},
If you include this in your template, then the next time you deploy it will not clear out the password. By design ARM templates deployments are idempotent so, re-deploying a template will set it to the state declared in the template. In your case it would clear the credentials since they weren't filled out.
It might make sense to have one template for creating new resources, and another for updating. There are also deployment manager steps you can add as a wait step:
https://docs.microsoft.com/en-us/cli/azure/deploymentmanager/step?view=azure-cli-latest#az-deploymentmanager-step-create
And also, a --what-if feature so that you can ensure you're not accidently clearing out passwords:
https://techcommunity.microsoft.com/t5/azure-governance-and-management/what-if-for-arm-template-deployments-is-now-generally-available/ba-p/1989268#:~:text=What-if%20is%20available%20as%20part%20of%20the%20deployment,and%20version%202.5%20or%20later%20for%20Az%20CLI.
Closing as this has been inactive for over three months. Please open a support ticket with our team for assistance.
