Saturday, November 12, 2016

Adding an ARM Template Validation step to VSTS Build Pipeline

Just wanted to make a quick note on how to add a VSTS ARM template validation step to a build pipeline.

If you are using the Azure Resource Group project template from visual studio, you will notice that as part of the template there is a "Deploy-AzureResourceGroup.ps1" script file in the project root.

 This deploy script has a handy "ValidateOnly" switch which essentially runs the template you have created using the Test-AzureRmResourceGroupDeployment.

In VSTS, you can create an Azure Powershell tasks (target Azure ARM) to run the validate process.

Remember to pass in the "validate only flag".  You can add this step to either the build or release pipeline, but I think it makes more sense as part of the build pipeline as you would want the build to fail of the template was in some way corrupt.

One key point to note is that the powershell command simply validates the elements against a template, and even then, it doesn't do a great job!  This is probably more due to how the schema is enforced than the command itself.  Take this example from an Azure DNS creation (which I ran into).  The following snipit is incorrect as it is missing a required parameter (cname) under the "CNAMERecord" element (line 77).  You'll notice that the test passed validation.

Just keep that in mind when you are using this test method.