Azure Resource Locks Removal Delay from CLI script

0
votes

I have a DevOps pipeline that I use to deploy my resource group (with an ARM template).

I have a readonly lock on my resource group. At the beginning of my pipeline, I run a Azure CLI script task to remove the locks. It runs fine.

Right after, in the same pipeline, I have an ARM template deployment task.

When my ARM template deployment task runs, it fails, saying that my resource group is still locked.

If I wait a certain time (a few minutes) and re-run the ARM template deployment task, it runs fine.

It seems there is a delay in the lock deletion task. Is there such a thing? I can't find any mention of a lock deletion delay in the documentation.

What would be the best approach to this?

1
azureazure-devops
Hi Did get a chance to check out below answer, Please let me know if it helped you to fix this issue.Levi Lu-MSFT

1 Answers

1
votes

I didnot encounter the delay in the lock deletion using az lock delete command.

You can write a few more lines of script to check if the lock still exists after you delete it. See below example:

- task: AzureCLI@2
  displayName: 'Azure CLI '
  inputs:
    azureSubscription: 'Azure'
    scriptType: ps
    scriptLocation: inlineScript
    inlineScript: |
     #delete the lock
     az lock delete --name lockname --resource-group group --resource-name appname --resource-type  Microsoft.Web/sites
     # check if the deletion is finished, wait for 5s if not.
     While(
      $(az lock list --resource-group group --resource-name appname --resource-type  Microsoft.Web/sites --output tsv --query "[?name=='lockname'].id")
     ){
       Start-Sleep -s 5
     }

In above inlineScript, az lock delete command deletes the lock. Then az lock list --query "[?name=='lockname'].id" command will check if the lock still exists. If the lock is successfully deleted. Then the following task will continue to run.