2
votes

I had created resources including storage account using ARM template. Now i want to delete that storage account using arm template, and not other resource. I am using Linked Template design. Below is my masterAzureDeploy.json:

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "templateBaseUrl": {
      "type": "string"
    },
    "parameterBaseUrl": {
      "type": "string"
    },
   "storageAccessToken": {
      "type": "string"
    }
  },
  "variables": {
    "templateBaseUrl": "[parameters('templateBaseUrl')]",
    "parameterBaseUrl": "[parameters('parameterBaseUrl')]",
    "keyVaultDeployTemplateUrl": "[uri(variables('templateBaseUrl'), 'keyvaultdeploy.json')]",
    "cosmosdbDeployTemplateUrl": "[uri(variables('templateBaseUrl'), 'cosmosdeploy.json')]",
    "managedidentityDeployTemplateUrl": "[uri(variables('templateBaseUrl'), 'managedidentitydeploy.json')]",
    "aurorapostgresDeployTemplateUrl": "[uri(variables('templateBaseUrl'), 'aurorapostgresdeploy.json')]",
    "redisDeployTemplateUrl": "[uri(variables('templateBaseUrl'), 'redisdeploy.json')]",
    "storageDeployTemplateUrl": "[uri(variables('templateBaseUrl'), 'storagedeploy.json')]",
    "dnszoneDeployTemplateUrl": "[uri(variables('templateBaseUrl'), 'dnszonedeploy.json')]",
    "bhnsgDeployTemplateUrl": "[uri(variables('templateBaseUrl'), 'bhnsgdeploy.json')]",
    "rdnsgDeployTemplateUrl": "[uri(variables('templateBaseUrl'), 'rdnsgdeploy.json')]",
    "dbnsgDeployTemplateUrl": "[uri(variables('templateBaseUrl'), 'dbnsgdeploy.json')]",
    "apiVersionResourceDeployment": "[providers('Microsoft.Resources', 'deployments').apiVersions[0]]",
    "keyVaultparameterFileUrl": "[uri(variables('parameterBaseUrl'), 'keyvaultdeploy.parameters.json')]",
    "cosmosdbparameterFileUrl": "[uri(variables('parameterBaseUrl'), 'cosmosdeploy.parameters.json')]",
    "managedidentityparameterFileUrl": "[uri(variables('parameterBaseUrl'), 'managedidentitydeploy.parameters.json')]",
    "aurorapostgresparameterFileUrl": "[uri(variables('parameterBaseUrl'), 'aurorapostgresdeploy.parameters.json')]",
    "redisparameterFileUrl": "[uri(variables('parameterBaseUrl'), 'redisdeploy.parameters.json')]",
    "storageparameterFileUrl": "[uri(variables('parameterBaseUrl'), 'storagedeploy.parameters.json')]",
    "dnszoneparameterFileUrl": "[uri(variables('parameterBaseUrl'), 'dnszonedeploy.parameters.json')]",
    "bhnsgparameterFileUrl": "[uri(variables('parameterBaseUrl'), 'bhnsgdeploy.parameters.json')]",
    "rdnsgparameterFileUrl": "[uri(variables('parameterBaseUrl'), 'rdnsgdeploy.parameters.json')]",
    "dbnsgparameterFileUrl": "[uri(variables('parameterBaseUrl'), 'dbnsgdeploy.parameters.json')]"
  },
  "resources": [
    {
      "apiVersion": "[variables('apiVersionResourceDeployment')]",
      "name": "keyVaultDeployment",
      "type": "Microsoft.Resources/deployments",
      "properties": {
        "templateLink": {
          "uri": "[concat(variables('keyVaultDeployTemplateUrl'), parameters('storageAccessToken'))]"
        },
        "parametersLink": {
          "uri": "[concat(variables('keyVaultparameterFileUrl'), parameters('storageAccessToken'))]"
        }
      }
    },
    {
      "apiVersion": "[variables('apiVersionResourceDeployment')]",
      "name": "cosmosDBDeployment",
      "type": "Microsoft.Resources/deployments",
      "properties": {
          "templateLink": {
          "uri": "[concat(variables('cosmosdbDeployTemplateUrl'), parameters('storageAccessToken'))]"
        },
        "parametersLink": {
          "uri": "[concat(variables('cosmosdbparameterFileUrl'), parameters('storageAccessToken'))]"
        }
      }
    },
    {
      "apiVersion": "[variables('apiVersionResourceDeployment')]",
      "name": "storageDeployment",
      "type": "Microsoft.Resources/deployments",
      "properties": {
        "templateLink": {
          "uri": "[concat(variables('storageDeployTemplateUrl'), parameters('storageAccessToken'))]"
        },
        "parametersLink": {
          "uri": "[concat(variables('storageparameterFileUrl'), parameters('storageAccessToken'))]"
        }
      }
    },
    {
      "apiVersion": "[variables('apiVersionResourceDeployment')]",
      "name": "redisDeployment",
      "type": "Microsoft.Resources/deployments",
      "properties": {
        "templateLink": {
          "uri": "[concat(variables('redisDeployTemplateUrl'), parameters('storageAccessToken'))]"
        },
        "parametersLink": {
          "uri": "[concat(variables('redisparameterFileUrl'), parameters('storageAccessToken'))]"
        }
      }
    },
    {
      "apiVersion": "[variables('apiVersionResourceDeployment')]",
      "name": "aurorapostgresDeploy",
      "type": "Microsoft.Resources/deployments",
      "properties": {
        "templateLink": {
          "uri": "[concat(variables('aurorapostgresDeployTemplateUrl'), parameters('storageAccessToken'))]"
        },
        "parametersLink": {
          "uri": "[concat(variables('aurorapostgresparameterFileUrl'), parameters('storageAccessToken'))]"
        }
      }
    },
    {
      "apiVersion": "[variables('apiVersionResourceDeployment')]",
      "name": "managedIdentityDeployment",
      "type": "Microsoft.Resources/deployments",
      "properties": {
        "templateLink": {
          "uri": "[concat(variables('managedidentityDeployTemplateUrl'), parameters('storageAccessToken'))]"
        },
        "parametersLink": {
          "uri": "[concat(variables('managedidentityparameterFileUrl'), parameters('storageAccessToken'))]"
        }
      }
    },
    {
      "apiVersion": "[variables('apiVersionResourceDeployment')]",
      "name": "dnszoneDeployment",
      "type": "Microsoft.Resources/deployments",
      "properties": {
        "templateLink": {
          "uri": "[concat(variables('dnszoneDeployTemplateUrl'), parameters('storageAccessToken'))]"
        },
        "parametersLink": {
          "uri": "[concat(variables('dnszoneparameterFileUrl'), parameters('storageAccessToken'))]"
        }
      }
    },
    {
      "apiVersion": "[variables('apiVersionResourceDeployment')]",
      "name": "bhnsgDeployment",
      "type": "Microsoft.Resources/deployments",
      "properties": {
        "templateLink": {
          "uri": "[concat(variables('bhnsgDeployTemplateUrl'), parameters('storageAccessToken'))]"
        },
        "parametersLink": {
          "uri": "[concat(variables('bhnsgparameterFileUrl'), parameters('storageAccessToken'))]"
        }
      }
    },
    {
      "apiVersion": "[variables('apiVersionResourceDeployment')]",
      "name": "rdnsgDeployment",
      "type": "Microsoft.Resources/deployments",
      "properties": {
        "templateLink": {
          "uri": "[concat(variables('rdnsgDeployTemplateUrl'), parameters('storageAccessToken'))]"
        },
        "parametersLink": {
          "uri": "[concat(variables('rdnsgparameterFileUrl'), parameters('storageAccessToken'))]"
        }
      }
    },
    {
      "apiVersion": "[variables('apiVersionResourceDeployment')]",
      "name": "dbnsgDeployment",
      "type": "Microsoft.Resources/deployments",
      "properties": {
        "templateLink": {
          "uri": "[concat(variables('dbnsgDeployTemplateUrl'), parameters('storageAccessToken'))]"
        },
        "parametersLink": {
          "uri": "[concat(variables('dbnsgparameterFileUrl'), parameters('storageAccessToken'))]"
        }
      }
    }
  ]
}

And this is my storagedeploy.json

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "Project": {
      "type": "string",
      "metadata": {
        "description": "Project name"
      }
    },
    "Environment": {
      "type": "string",
      "metadata": {
        "description": "Project name"
      }
    },
    "location": {
      "type": "string",
      "metadata": {
        "description": "Location for all resources."
      }
    },
    "principalId": {
      "type": "string",
      "metadata": {
        "description": "PrincipalId is Object Id of MSi created. Check Azure Active Directory. Ref https://stackguides.com/questions/56440883/arm-template-looking-up-a-user-object-id."
      }
    }
  },
  "variables": {
    "storageAccountName": "[toLower(concat(parameters('Project'), parameters('Environment'), uniqueString(resourceGroup().id)))]"
  },
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2019-04-01",
      "name": "[variables('storageAccountName')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard_LRS",
        "tier": "Standard"
      },
      "kind": "StorageV2",
      "properties": {
        "networkAcls": {
          "bypass": "AzureServices",
          "virtualNetworkRules": [],
          "ipRules": [],
          "defaultAction": "Allow"
        },
        "supportsHttpsTrafficOnly": true,
        "encryption": {
          "services": {
            "file": {
              "enabled": true
            },
            "blob": {
              "enabled": true
            }
          },
          "keySource": "Microsoft.Storage"
        },
        "accessTier": "Hot"
      }
    },
    {
      "type": "Microsoft.Storage/storageAccounts/blobServices",
      "apiVersion": "2019-04-01",
      "name": "[concat(variables('storageAccountName'), '/default')]",
      "dependsOn": [
        "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
      ],
      "properties": {
        "cors": {
          "corsRules": []
        },
        "deleteRetentionPolicy": {
          "enabled": false
        }
      }
    },
    {
      "type": "Microsoft.Storage/storageAccounts/blobServices/containers",
      "apiVersion": "2019-04-01",
      "name": "[concat(variables('storageAccountName'), '/default/project-test-dev-data-store-ue1')]",
      "dependsOn": [
        "[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('storageAccountName'), 'default')]",
        "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
      ],
      "properties": {
        "publicAccess": "None"
      }
    },
    {
      "type": "Microsoft.Storage/storageAccounts/providers/roleAssignments",
      "name": "[concat(variables('storageAccountName'),'/Microsoft.Authorization/',guid(subscription().subscriptionId))]",
      "apiVersion": "2019-04-01-preview",
      "dependsOn": [
        "[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('storageAccountName'), 'default')]",
        "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
      ],
      "properties": {
        "roleDefinitionId": "[concat(resourceGroup().id, '/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab')]",
        "principalId": "[parameters('principalId')]",
        "scope": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
      }
    }
  ]
}

in command line , i am using --mode complete.

I tried with modifying the storagedeploy.json template, but it didn't worked:

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "Project": {
      "type": "string",
      "metadata": {
        "description": "Project name"
      }
    },
    "Environment": {
      "type": "string",
      "metadata": {
        "description": "Project name"
      }
    },
    "location": {
      "type": "string",
      "metadata": {
        "description": "Location for all resources."
      }
    },
    "principalId": {
      "type": "string",
      "metadata": {
        "description": "PrincipalId is Object Id of MSi created. Check Azure Active Directory. Ref https://stackguides.com/questions/56440883/arm-template-looking-up-a-user-object-id."
      }
    }
  },
  "variables": {
    "storageAccountName": "[toLower(concat(parameters('Project'), parameters('Environment'), uniqueString(resourceGroup().id)))]"
  },
  "resources": []
}

How to do it.

1

1 Answers

2
votes

I believe the reason for the kind of behavior you are observing is because only root-level templates support the complete deployment mode. For linked or nested templates, you must use incremental mode. Subscription level deployments don't support complete mode. Currently, the portal doesn't support complete mode.

For more information, refer note available in this document.

So to accomplish your requirement you may have to not use linked or nested templates.

Hope this helps!