Saturday, November 12, 2016

Adding an ARM Template Validation step to VSTS Build Pipeline

Just wanted to make a quick note on how to add a VSTS ARM template validation step to a build pipeline.

If you are using the Azure Resource Group project template from visual studio, you will notice that as part of the template there is a "Deploy-AzureResourceGroup.ps1" script file in the project root.



 This deploy script has a handy "ValidateOnly" switch which essentially runs the template you have created using the Test-AzureRmResourceGroupDeployment.

In VSTS, you can create an Azure Powershell tasks (target Azure ARM) to run the validate process.



Remember to pass in the "validate only flag".  You can add this step to either the build or release pipeline, but I think it makes more sense as part of the build pipeline as you would want the build to fail of the template was in some way corrupt.

One key point to note is that the powershell command simply validates the elements against a template, and even then, it doesn't do a great job!  This is probably more due to how the schema is enforced than the command itself.  Take this example from an Azure DNS creation (which I ran into).  The following snipit is incorrect as it is missing a required parameter (cname) under the "CNAMERecord" element (line 77).  You'll notice that the test passed validation.




Just keep that in mind when you are using this test method.


Rebuilding the news: Azure DNS Deployment

A long time back, when Azure DNS was first release, I moved the shamirc.com domain over to it.  You can read a little bit about my thoughts on that process here.  At the time, however, 5 letter domain names were not supported, and I couldn't switch my news domain over.  That is no longer the case.

Building on the first post in this series, I am going to augment my existing resource group to now also deploy the required DNS zone and records.  This will obviously make for some fun times when it comes to using this template for dev, and so I will have to make note of that for the future.

The documentation for Azure DNS can be found here.  Unfortunately, there is no documentation on how to create a DNS zone via arm template.  After doing some googling, I did find a quick start template that I used as a base.

You can read about the DNS schema here.

The following snipit shows my DNS configuration for both an A record and a CNAME record.



A couple of notes about the process:

- The quick start template only shows an A record, so you will have to rely on the schema for most things
- The record sets are defined under a "definitions" element (line 494).  Review these and ensure you are using the right elements and names
- Naming of resources is important and must follow the domain.name/sub format
- You will still have to change over your name servers at your DNS host
- location is specified as global in the quickstart template (for the a record), but doesn't seem to be a required field in the schema.
- You can always export a template of an already created DNS zone if following the schema is too difficult

I will have to wait a few hours to see the results, but initial testing is proving okay.