How to load multiple template parameter files in BICEP

Murali R 245 Reputation points
2024-02-06T12:23:13.3733333+00:00

Hi Team, Iam currently trying to deploy Multiple parameter files with loadjsoncontext for creation of NSG flow with Traffic Analytics in Azure with BICEP. Below is the template i have used currently to load two parameter files for a BICEP. One with pipeline parameter file to collect the value of Existing NSG and other parameter file Iam using as a loadjsoncontext in BICEP instead of the Pipeline variable for the values of networkWatcherName, networkWatcherLocation, storageId, nsgResourceGroupName, workspaceId, workspaceRegion and workspaceResourceId

param nsgs array = []
param allowedVNetPrefixes array = []
param logRetentionDays int = 0
param subscriptionId string = subscription().subscriptionId

var nsgFlowLog = json(loadTextContent('./nsgFlowLogParameters/nsgFlowLogCLE_WESTEUROPE.json'))
var networkWatcherName = '${nsgFlowLog.networkWatcherName}'
var location = '${nsgFlowLog.location}'
var storageId = '${nsgFlowLog.storageId}'
var nsgResourceGroupName = '${nsgFlowLog.nsgResourceGroupName}'
var workspaceId = '${nsgFlowLog.workspaceId}'
var workspaceRegion = '${nsgFlowLog.workspaceRegion}'
var workspaceResourceId = '${nsgFlowLog.workspaceResourceId}'

resource flowLog 'Microsoft.Network/networkWatchers/flowLogs@2022-01-01' = [for nsg in nsgs: {
    name: '${networkWatcherName}/Microsoft.Network${nsgResourceGroupName}NSG_${replace(nsg.subnet, '/', '_')}'
    location: location
    properties: {
    targetResourceId: '/subscriptions/${subscriptionId}/resourceGroups/${nsgResourceGroupName}/providers/Microsoft.Network/networkSecurityGroups/NSG_${replace(nsg.subnet, '/', '_')}'
    storageId: storageId
    enabled: true
    format: {
      type: 'JSON'
      version: 2
    }
    retentionPolicy: {
      days: logRetentionDays
      enabled: true
    }
    flowAnalyticsConfiguration: {
      networkWatcherFlowAnalyticsConfiguration: {
        enabled: true
        workspaceId: workspaceId
        workspaceRegion: workspaceRegion
        workspaceResourceId: workspaceResourceId
      }
    }
}
}]

Currently iam trying to test multiple parameter files with loadjsoncontext for each subscription. Each and every subscription i have a NSG Resource Groups which contains the value of Nsgs and Storage Account. Kindly guide me on how to use all the parameter files in loadjsoncontext in BICEP.

Azure Network Watcher
Azure Network Watcher
An Azure service that is used to monitor, diagnose, and gain insights into network performance and health.
161 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. KapilAnanth-MSFT 39,446 Reputation points Microsoft Employee
    2024-02-09T10:50:22.33+00:00

    @Murali R

    Sure, thanks for sharing the info.

    I am not exactly aware of how the Pipeline works and is configured.

    • However, should different stages for each subscription, wouldn't it be better if you could load Bicep template for each stage pertaining to each subscription? (again, I am not aware of the pipeline configuration and how it works so I may be incorrect)

    I would also suggest you file a support ticket so that the support engineer can have a screen share session to understand the pipeline and suggest alternatives.

    Should you require a one-time free technical support, please do let us know and we will try and help you get one

    Cheers,

    Kapil

    0 comments
  2. Luis Arias 5,901 Reputation points
    2024-02-22T10:18:38.8566667+00:00

    Hi Murali R, As per the other response you have some options that Isn't fit with your environment, and without make many change in your code and taking in consideration that Bicep does not support dynamic file paths in the loadTextContent function. Here a workaround:

    1. Create a script in the same job pipeline where you deploy bicep: This script would dynamically generate the file paths based on your variables (like subscription ID) and then replace a placeholder in the Bicep file with the generated file paths.
    2. Use a placeholder in the Bicep file: In your Bicep file main.bicep , you could use a placeholder for the file paths. For example:
    param filePaths array = __FILE_PATHS_PLACEHOLDER__
    1. Replace the placeholder: In your script or pipeline, you would read the Bicep file as a text file, replace __FILE_PATHS_PLACEHOLDER__ with the generated file paths, and then write the updated content back to the Bicep file. Here an example on powershell also you can use bash :
    # Get the subscription ID
$subscriptionId = (Get-AzContext).Subscription.Id

# Build the file paths
$filePaths = @(
    "'./nsgFlowLogParameters/${subscriptionId}_nsg_ids.yaml'",
    "'./nsgFlowLogParameters/${subscriptionId}_other_ids.yaml'"
)

# Convert the array to a string
$filePathsString = $filePaths -join ', '

# Load the Bicep file
$bicepFileContent = Get-Content -Path './main.bicep' -Raw

# Replace the placeholder
$bicepFileContent = $bicepFileContent -replace '__FILE_PATHS_PLACEHOLDER__', $filePathsString

# Save the updated Bicep file
Set-Content -Path './main.bicep' -Value $bicepFileContent
    1. Deploy the updated Bicep file: Finally, you would call the Bicep CLI to compile and deploy the updated Bicep file.

    I hope this additional workaround can help you .

    Luis

    0 comments