TL;DR – Template Specs is a new resource type for storing ARM templates in your resource groups for faster sharing, deployment, and role-based access control (RBAC) on those Templates shared within an organization. Template Specs addresses today's biggest challenges around ARM template management, storage, and access.
The Problem: Sharing ARM templates across an organization is challenging, requiring more management steps of the external or internal storage from which they are shared.
Sharing: ensuring the right teams within your organization have access becomes very tedious as you cannot leverage Azure RBAC on the ARM templates you want to share.
Management: providing teams with the latest ARM templates in a consistent and versioned way.
Why Template Specs?
As a native solution, Template Specs will enable users to bring all their ARM templates to Azure as a resource and securely store and share them within an Azure tenant.
The Solution: 1st Party secure storage and management of ARM templates within Azure.
Sharing: Who can access a Template Spec can be defined using Azure RBAC.
Management: Template Specs can be versioned within the same resource, ensuring users can always access the latest iterations of an ARM template (or templates) stored in a Template Spec.
A Template Spec is a resource that contains an array of Template Spec versions which consists of a root template and any number of linked templates. A Template Spec can be created using the Portal, PowerShell, Azure CLI, REST API, or ARM Template. To help visualize a Template Spec create, here are some examples of what it would look like in the Azure CLI:
Creating a Template Spec using Azure CLI
To create a Template Spec, use the az ts create command to package an ARM into the Template Spec resource.
--version: The version number or name of the version being created.
--location: The Azure region for the Template Spec resource.
--template-file: The ARM template to be packaged into a template spec.
Creating and Deploying a Template Spec with Linked Templates using Azure CLI
To create a Template Spec with artifacts inside it, we need the following:
Create main template (e.g. azuredeploy.json) that deploys linked templates, to be passed into the az ts create command as a template file.
Create N number of deployment resources with linked templates referenced using the relativePath property within the templateLink object.
In this example the linked templates are stored in a subfolder called artifacts, which is in the same path as the main template file. The relativePath property is relative to the template file where relativePath is declared. The relativePath property can take any of the following values:
Note: relativePath can also be used deploy remote linked templates given all template files are staged together and available via remote URI, such as GitHub or Azure storage. The main template is called by using URI and all linked templates referenced as relative to that main template will have a URI constructed using the main template URI and the relativePath specified. This feature requires api version 2020-10-01 or greater. To learn more about this feature, please refer to Link templates for deployment - Azure Resource Manager | Microsoft Docs.
Run the az ts create command to create or update a template spec version. This command packages the linked templates added via templateLink as artifacts in your Template Spec version.
This command packages the template file azuredeploy.json into the main template of the Template Spec version webAppSpec-1.0 and all linked templates specified into the artifacts array of the Template Spec object.
Deploy the Template Spec by passing in its resource ID using the az deployment group create command. First, we need to get the ID of the Template Spec resource created, and this can be done easily in the Azure CLI by using the az ts show command:
Verify the contents of a Template Spec by running the az ts export command that downloads a specified Template Spec version into an --output-folder in your local file system.
az ts export --output-folder "C:\\exported-template-specs" -s "template-spec-version-ID"
This command exports the specified Template Spec’s main template (e.g. webAppSpec.JSON) and an artifacts folder with all of its corresponding template artifacts. You can also view the contents of a Template Spec version can also be seen using the Azure Portal.
Deploying a Template Spec as Linked Template using ARM Template with ID Reference
A Template Spec resource can also be referenced using the templateLink property and specifying the id of the template spec: