What I'm trying to do is deploying an ARM template using the Azure CLI on my local system, because I want to try out my changes local first, before pushing it to the repository.
We're using Linked Templates, which means I have to specify a URL where the linked templates are located and a SAS token in order to get access to these files.
The script I'm trying to execute looks like the following
az group deployment create --resource-group myResourceGroupName `
--template-file azuredeploy.json `
--parameters azuredeploy.d.parameters.json `
--parameters local.parameters.json
The azuredeploy.json file contains the main template with the references to the other, linked, templates.
The azuredeploy.d.parameters.json file contains all of the regular environment parameters (like pricing tier, etc.).
The local.parameters.json contains 2 parameters called deploymentContainerSasToken and deploymentContainerUri (the SAS token and the location of the linked templates).
What I'm doing to create the SAS token is the following.
$end=date -u -d "30 minutes" '+%Y-%m-%dT%H:%MZ'
$start=date '+%Y-%m-%dT00:00Z'
az storage container generate-sas `
--account-name "mydeploymentfiles" `
--account-key "[thePrimaryKey]" `
--name "the/subfolder/buildversion.1+52/templates" `
--start $start `
--expiry $end `
--permissions lr `
--output tsv
This outputs a nice SAS token I can use.
st=2019-11-18T00%3A00Z&se=2019-11-18T14%3A30Z&sp=rl&sv=2018-03-28&sr=c&sig=aZn3cx%2BNCnN2YhXD9%2AeTJa6TQL/pUIpbsbP4HKtFN/4%3D
When running the deployment via Azure CLI I get the message the linked templates (the/subfolder/buildversion.1+52/templates/function-app.json, the/subfolder/buildversion.1+52/templates/storage.json) can't be reached.
So I've tried downloading them from the browser, with the generated SAS token and got the following.
<?xml version="1.0" encoding="utf-8"?>
<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly
including the signature.
RequestId:2c0412dc-201e-0038-6b97-9e01ef000000
Time:2019-11-19T05:11:12.2088927Z</Message>
<AuthenticationErrorDetail>Signature not valid in the specified time frame: Start [Mon, 18 Nov 2019 00:00:00 GMT] -
Expiry [Mon, 18 Nov 2019 14:30:00 GMT] - Current [Tue, 19 Nov 2019 05:11:12 GMT]</AuthenticationErrorDetail>
</Error>
I think this has something to do because I'm creating a SAS token for the container the files are in, but with the List and Read permission I should have access to it, right?
The release pipeline is working fine, I'm using the Azure Blob file copy over there in order to set the appropriate parameters.
I'm a bit lost at this point.
What is the proper way to get a working SAS token to use for linked templates when running from the local system, where the linked templates reside in some sub-container.
https://myStorageAccount.blob.core.windows.net/artifacts/someSubfolder/0.1.0-branch-name.1+52/templates/function-app.json?st=2019-11-18T00%3A00Z&se=2019-11-18T14%3A30Z&sp=rl&sv=2018-03-28&sr=c&sig=aZn3cx%2BYCmN2MhXA9%2BnTJa6TQL/pMIpbsbD4HPtFN/4%3R. So the folder structure is/artifacts/someSubfolder/0.1.0-branch-name.1+52/templates/– Jan_V+to a%2Bto no avail. – Jan_V