Azure ARM Template: add NSG or Route Table to dynamic vnet/subnet template

0
votes

I have a template that deploys several vnets and several subnets in each vnets. it doesn't have to be the same number of subnets in all vnets. That works great. But now I want to add a NSG to one of the subnets and a route table to another subnet. I don't get that to work - can any of you help me.

The template file looks like this:

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "VNET": {
            "type": "array"
        }
    },
    "variables": {},
    "resources": [
        {
            "apiVersion": "2017-05-10",
            "name": "[concat('Deploy-',parameters('VNET')[copyIndex('Vnets')].VnetName)]",
            "type": "Microsoft.Resources/deployments",
            "copy": {
                "name": "Vnets",
                "count": "[length(parameters('VNET'))]"
            },
            "properties": {
                "mode": "Incremental",
                "template": {
                    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                    "contentVersion": "1.0.0.0",
                    "parameters": {},
                    "variables": {},
                    "resources": [
                        {
                            "apiVersion": "2017-10-01",
                            "type": "Microsoft.Network/virtualNetworks/",
                            "name": "[parameters('VNET')[copyIndex('Vnets')].VnetName]",
                            "location": "[resourceGroup().location]",
                            "tags": "[resourceGroup().tags]",
                            "properties": {
                                "addressSpace": {
                                    "addressPrefixes": [
                                        "[parameters('VNET')[copyIndex('Vnets')].VnetAddressSpace]"
                                    ]
                                },
                                "copy": [
                                    {
                                        "name": "subnets",
                                        "count": "[length(parameters('VNET')[copyIndex('Vnets')].Subnets)]",
                                        "input": {
                                            "name": "[parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].name]",
                                            "properties": {
                                                "addressPrefix": "[parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].addressPrefix]"
                                            }
                                        }
                                    }
                                ]
                            }
                        }
                    ]
                }
            }
        }
    ],
    "outputs": {}
}

The parameters file looks like this:

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "VNET": {
            "value": [
                {
                    "VnetName": "Vnet-01",
                    "VnetAddressSpace": "10.11.0.0/16",
                    "Subnets": [
                        {
                            "name": "subnet-10-11-1-0-24",
                            "addressPrefix": "10.11.1.0/24"
                        },
                        {
                            "name": "subnet-10-11-2-0-24",
                            "addressPrefix": "10.11.2.0/24"
                        },
                        {
                            "name": "subnet-10-11-3-0-24",
                            "addressPrefix": "10.11.3.0/24"
                        }
                    ]
                },
                {
                    "VnetName": "Vnet-02",
                    "VnetAddressSpace": "10.12.0.0/16",
                    "Subnets": [
                        {
                            "name": "subnet-10-12-1-0-24",
                            "addressPrefix": "10.12.1.0/24"
                        },
                        {
                            "name": "subnet-10-12-2-0-24",
                            "addressPrefix": "10.12.2.0/24"
                        }
                    ]
                }
            ]
        }
    }
}

EDIT: After adding the row for networkSecurityGroup (see below) I get it to work as long as I set the parameter value to null But how should I enter the parameter? See error message below.

"copy": [
                                    {
                                        "name": "subnets",
                                        "count": "[length(parameters('VNET')[copyIndex('Vnets')].Subnets)]",
                                        "input": {
                                            "name": "[parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].name]",
                                            "properties": {
                                                "addressPrefix": "[parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].addressPrefix]",
                                                "networkSecurityGroup": "[if(equals(json('null'), parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].networkSecurityGroup), json('null'), resourceId('Microsoft.Network/networkSecurityGroups/',parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].networkSecurityGroup))]"
                                            }
                                        }
                                    }
                                ]

"Subnets": [
                        {
                            "name": "subnet-10-11-1-0-24",
                            "addressPrefix": "10.11.1.0/24",
                            "networkSecurityGroup": "nsg-test"
                        },
                        {
                            "name": "subnet-10-11-2-0-24",
                            "addressPrefix": "10.11.2.0/24",
                            "networkSecurityGroup": null
                        },

Error message:

"error": {
    "code": "InvalidRequestFormat",
    "message": "Cannot parse the request.",
    "details": [
      {
        "code": "MissingJsonReferenceId",
        "message": "Value for reference id is missing. Path properties.subnets[0].properties.networkSecurityGroup."
      }
    ]
  }

EDIT 2: If I specify a NSG name on all subnets, the above code works. So what is left to do is to get it to accept null as a value if I don't want a NSG on one of the subnets...

EDIT 3: Done some more testing. With this template it works when I set the parameters to "name-of-nsg" but not to null:

"networkSecurityGroup": {
    "id": "[if(equals(json('null'), parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].networkSecurityGroup), json('null'), resourceId('Microsoft.Network/networkSecurityGroups/',parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].networkSecurityGroup))]"
}

With this template it works when I set the parameters to null but not to "name-of-nsg":

"networkSecurityGroup": "[if(equals(json('null'), parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].networkSecurityGroup), json('null'), resourceId('Microsoft.Network/networkSecurityGroups/',parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].networkSecurityGroup))]"

How can I do to make it work with both null AND "name-of-nsg"?

1
azurearm-template
so where exactly your problem lies?4c74356b41
@4c74356b41, the question is how to add a NSG or route table to one of the subnets but not the othersSanta
i can read, whats the actual question? add them to your parameter file and conditions to your template?4c74356b41
@4c74356b41, well... that's what I've tried to do but don't get it to work. Can you show me how you would do it?Santa
well, you have to give a resource id, not "nsg-test"4c74356b41

1 Answers

0
votes

I dont have a readymade example, but it would look something like this:

subnets:
- name: xxx-1
  addressPrefix: yyy
  nsg: < resourceId or something >
- name: xxx-2
  addressPrefix: yyy
  nsg: null

and then in your template:

"copy": [
    {
        "name": "subnets",
        "count": "[length(parameters('VNET')[copyIndex('Vnets')].Subnets)]",
        "input": {
            "name": "[parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].name]",
            "properties": {
                "addressPrefix": "[parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].addressPrefix]"
                "networkSecurityGroup": "[if(eq(null, parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].nsg), json('null'), parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].nsg)]
            }
        }
    }
]

so after some trial and error:

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "VNET": {
            "type": "Array"
        }
    },
    "resources": [
        {
            "type": "Microsoft.Resources/deployments",
            "apiVersion": "2017-05-10",
            "name": "[concat('Deploy-',parameters('VNET')[copyIndex('Vnets')].VnetName)]",
            "properties": {
                "mode": "Incremental",
                "template": {
                    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                    "contentVersion": "1.0.0.0",
                    "resources": [
                        {
                            "apiVersion": "2017-10-01",
                            "type": "Microsoft.Network/virtualNetworks/",
                            "name": "[parameters('VNET')[copyIndex('Vnets')].VnetName]",
                            "location": "eastus",
                            "properties": {
                                "addressSpace": {
                                    "addressPrefixes": [
                                        "[parameters('VNET')[copyIndex('Vnets')].VnetAddressSpace]"
                                    ]
                                },
                                "copy": [
                                    {
                                        "name": "subnets",
                                        "count": "[length(parameters('VNET')[copyIndex('Vnets')].Subnets)]",
                                        "input": {
                                            "name": "[parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].name]",
                                            "properties": {
                                                "addressPrefix": "[parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].addressPrefix]",
                                                "networkSecurityGroup": "[if(equals(parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].networkSecurityGroup, json('null')), json('null'), json(concat('{\"id\": \"', resourceId('Microsoft.Network/networkSecurityGroups', parameters('VNET')[copyIndex('Vnets')].Subnets[copyIndex('subnets')].networkSecurityGroup), '\"}')))]"
                                            }
                                        }
                                    }
                                ]
                            }
                        }
                    ]
                }
            },
            "copy": {
                "name": "Vnets",
                "count": "[length(parameters('VNET'))]"
            }
        }
    ]
}

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "VNET": {
            "value": [
                {
                    "VnetName": "Vnet-01",
                    "VnetAddressSpace": "10.11.0.0/16",
                    "Subnets": [
                        {
                            "name": "subnet-10-11-1-0-24",
                            "addressPrefix": "10.11.1.0/24",
                            "networkSecurityGroup": "nsg-test"
                        },
                        {
                            "name": "subnet-10-11-2-0-24",
                            "addressPrefix": "10.11.2.0/24",
                            "networkSecurityGroup": null
                        }
                    ]
                },
                {
                    "VnetName": "Vnet-02",
                    "VnetAddressSpace": "10.12.0.0/16",
                    "Subnets": [
                        {
                            "name": "subnet-10-12-1-0-24",
                            "addressPrefix": "10.12.1.0/24",
                            "networkSecurityGroup": "nsg-test"
                        }
                    ]
                }
            ]
        }
    }
}