0

I hope someone knows how to do this. I have setup an ARM template which creates my resources when I do CI/CD which is great. I have even managed to set up a connection string:

"ConnectionStrings:ConnectionString": "[concat('Data Source=tcp:', reference(concat('Microsoft.Sql/servers/', variables('name'))).fullyQualifiedDomainName, ',1433;Initial Catalog=', variables('sqlMasterName'), ';User Id=', variables('sqlServerUser'), '@', reference(concat('Microsoft.Sql/servers/', variables('name'))).fullyQualifiedDomainName, ';Password=', variables('sqlServerPassword'), ';')]",

the variable sqlServerPassword is randomly generated by this:

"sqlServerPassword": "[concat('P', uniqueString(resourceGroup().id, '224F5A8B-51DB-46A3-A7C8-59B0DD584A41'), 'x', '!')]",

With that in mind does anyone know how I can do the same for the storage account and for an azure cosmos db? It doesn't seem to be the same.

My template for creating my storage account looks like this:

{
  "apiVersion": "2018-11-01",
  "type": "Microsoft.Storage/storageAccounts",
  "name": "[variables('name')]",
  "location": "[variables('location')]",
  "tags": {
    "displayName": "SXP storage"
  },
  "kind": "Storage",
  "sku": {
    "name": "Standard_LRS"
  }
},

Which doesn't mention a password, etc. Also, for my CosmosDb I have the same issue:

{
  "name": "[variables('name')]",
  "type": "Microsoft.DocumentDB/databaseAccounts",
  "apiVersion": "2015-04-08",
  "location": "[variables('location')]",
  "tags": {
    "displayName": "Cosmos DB Account"
  },
  "properties": {
    "locations": "[variables('locations')]",
    "databaseAccountOfferType": "Standard"
  }
},
{
  "name": "[concat(variables('name'), '/sql/', variables('cosmosMasterName'))]",
  "type": "Microsoft.DocumentDB/databaseAccounts/apis/databases",
  "apiVersion": "2016-03-31",
  "dependsOn": [
    "[resourceId('Microsoft.DocumentDB/databaseAccounts/', variables('name'))]"
  ],
  "properties": {
    "resource": {
      "id": "[variables('cosmosMasterName')]"
    },
    "options": { "throughput": "[variables('cosmosMasterThroughPut')]" }
  }
},
{
  "name": "[concat(variables('name'), '/sql/', variables('cosmosMasterName'), '/', variables('cosmosContainerName'))]",
  "type": "Microsoft.DocumentDb/databaseAccounts/apis/databases/containers",
  "apiVersion": "2016-03-31",
  "dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/apis/databases', variables('name'), 'sql', variables('cosmosMasterName'))]" ],
  "properties": {
    "resource": {
      "id": "[variables('cosmosContainerName')]",
      "partitionKey": {
        "paths": [
          "/gtin"
        ],
        "kind": "Hash"
      },
      "indexingPolicy": {
        "indexingMode": "consistent",
        "includedPaths": [
          {
            "path": "/*"
          }
        ]
      }
    }
  }
},
{
  "name": "[concat(variables('name'), '/sql/', variables('cosmosDevelopName'))]",
  "type": "Microsoft.DocumentDB/databaseAccounts/apis/databases",
  "apiVersion": "2016-03-31",
  "dependsOn": [
    "[resourceId('Microsoft.DocumentDB/databaseAccounts/', variables('name'))]"
  ],
  "properties": {
    "resource": {
      "id": "[variables('cosmosDevelopName')]"
    },
    "options": { "throughput": "[variables('cosmosDevelopThroughPut')]" }
  }
},
{
  "name": "[concat(variables('name'), '/sql/', variables('cosmosDevelopName'), '/', variables('cosmosContainerName'))]",
  "type": "Microsoft.DocumentDb/databaseAccounts/apis/databases/containers",
  "apiVersion": "2016-03-31",
  "dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/apis/databases', variables('name'), 'sql', variables('cosmosDevelopName'))]" ],
  "properties": {
    "resource": {
      "id": "[variables('cosmosContainerName')]",
      "partitionKey": {
        "paths": [
          "/gtin"
        ],
        "kind": "Hash"
      },
      "indexingPolicy": {
        "indexingMode": "consistent",
        "includedPaths": [
          {
            "path": "/*"
          }
        ]
      }
    }
  }
}

If anyone can help, that would be great.

Stringfellow
  • 2,788
  • 2
  • 21
  • 36
r3plica
  • 13,017
  • 23
  • 128
  • 290
  • 1
    Azure Storage and Cosmos DB don't let you set a password; both resources generate keys for you, which you can then retrieve (via authenticated CLI/PowerShell/SDK/REST calls). – David Makogon Sep 25 '19 at 12:34

2 Answers2

1

David Makogon is spot on, but there is a way to retrieve the Storage Account and CosmosDB generated keys and connection strings within an ARM template. Use the ARM ListKeys function.

Here's an example from one of my own ARM templates. This is an app setting in an Azure Function where I reference a storage account's generated key:

{
   "name": "StorageConnectionString",
   "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(resourceId(variables('InfrastructureResourceGroupName'), 'Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2015-05-01-preview').key1)]"
},

Note that if your storage account is in the same resource group, I believe you can omit the first argument to ListKeys.

It's very similar for getting the key to a CosmosDB database. If you get stuck, let me know and I'll dig up that example too.

Rob Reagan
  • 7,313
  • 3
  • 20
  • 49
0

With the Cosmos DB 2019-08-01 template listKeys returns an object like this;

{
    "primaryMasterKey": "...==",
    "secondaryMasterKey": "...==",
    "primaryReadonlyMasterKey": "...==",
    "secondaryReadonlyMasterKey": "...=="
}

This gives the option of a read-only or a read/write connection. You can build a connection like this;

{
    "name": "DatabaseConnectionString",
    "value": "[concat('AccountEndpoint=https://', variables('accountName'),'.documents.azure.com:443/;AccountKey=', listKeys(resourceId('Microsoft.DocumentDB/databaseAccounts', variables('accountName')), '2019-08-01').primaryMasterKey, ';')]"
},
Stuart Hallows
  • 8,795
  • 5
  • 45
  • 57