Forum Discussion

Petri-X's avatar
Petri-X
Bronze Contributor
Nov 16, 2024

ARM template and how to test it partially

Hi all,

If you have a long deployment template and performing that takes 10 - 15 minutes, what would be the best option for troubleshooting the process if that e.g fail at the end?

At the moment I'm failing to the Access Denied (I believe so) when the deployment is trying to use ARM Function: Reference to get the Key Vault SecretURI. Of course there is lot of different parameters on it to get that information, but the error message is "AccesstoKeyVaultDenied (code:BadRequest)". So far I have not been able get knowledge where the access denied is coming nor what resource that is trying to get.

It is possible to manually test those ARM functions somehow, like with PS command? Or is the only option to Enable ARM debugging, and hope the best? It is just a bit hard to wait over 10min to see if the actions has been helpful or (as too often now) not :D

 

  • Hey,

    that's definitely a problem I'd tackle at the root.

    That means breaking the ARM template into several parts. 

     

    This simplifies troubleshooting the individual templates significantly. 

     

    Here's a good starting point: Link templates for deployment - Azure Resource Manager | Microsoft Learn

     

    I also found this: Azure 4 Everyone by Adam Marczak

    This blog post and accompanying video tutorial cover the modularization of ARM templates.

     

    By the way, have you set up the appropriate access policy on the Key Vault to ensure you have read permissions?

     

    Here's an example of how you might manually test access to a Key Vault secret using PowerShell:

    # Login to Azure
    Connect-AzAccount
    
    # Set the context to the subscription containing the Key Vault
    Set-AzContext -SubscriptionId "your-subscription-id"
    
    # Get the Key Vault secret
    $secret = Get-AzKeyVaultSecret -VaultName "your-keyvault-name" -Name "your-secret-name"
    
    # Output the secret value
    $secret.SecretValueText

     

    Feel free to reach out if you have any more questions ;)

     

    Good luck and best regards.

    Matthias

     

    • Petri-X's avatar
      Petri-X
      Bronze Contributor

      Hi Kidd_Ip 

      Actually I did not yet did that, just reading how that should work and help in this kind of scenarios. Somehow just I feels it would be 10x easier, if I can break that line into individual requests and debug which part is really failing. But need to test this debug logging. I was just a bit surprise that I can perform the deployment with PS, but for reading the debug logging I need Azure CLI.

Resources