Azure-docs: How can we selectively deploy properties inside copy loop
How can we selectively deploy properties inside copy loop?
I am using Copy to iterate through an input list for subnet parameters and deploy them through template. Template as follow.
The challenge is that some of the subnets are not associated with a NSG and thus if we pass empty string the following template will error out. How can we put condition into the template to deploy the networkSecurityGroup property only if needed?
Thanks
"resources": [
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('vNet').name]",
"apiVersion": "[variables('apiVersion')]",
"location": "[resourceGroup().location]",
"comments": "This will build Shared Services Virtual Network.",
"properties": {
"addressSpace": {
"addressPrefixes": "[variables('vNet').cidr]"
},
"copy": [
{
"name": "subnets",
"count": "[variables('subnets').count]",
"input": {
"name": "[variables('subnets').entries[copyIndex('subnets')].name]",
"properties": {
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('subnets').entries[copyIndex('subnets')].nsg)]"
},
"addressPrefix": "[variables('subnets').entries[copyIndex('subnets')].cidr]"
}
}
}
]
}
}
]
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 7e71b5b6-0a86-b261-4fb3-e31ca6a12ec3
- Version Independent ID: ab404f2d-5eb8-4e7e-fc37-ad785dcf852f
- Content: Deploy multiple instances of Azure resources
- Content Source: articles/azure-resource-manager/resource-group-create-multiple.md
- Service: azure-resource-manager
- GitHub Login: @tfitzmac
- Microsoft Alias: tomfitz
CharmanderJieniJieni
All 6 comments
@Charmendar Thanks for the question! We will investigate on this and get back to you soon.
@tfitzmac Your insights please?
SadiqhAhmed-MSFT
on 10 Apr 2019
@Charmendar - this is a tricky scenario but there are a couple of approaches you could try.
I tried setting the id under networkSecurityGroup to null, but that produced an error. However, you can set the networkSecurityGroup object to null for items that don't have an nsg. Like:
"networkSecurityGroup": "[json('null')]"
To make that make, you would need to add the if function to test if the variable has an empty object for the nsg. It looks like you would also need to change your variable to store the full nsg object. Depending on the result, you either pass in the object or null. You'll see a similar example for a conditional resource in the if function.
The other approach would involve breaking the subnets out as a separate resource, instead of a property. You could keep two variables for subnets, one with nsg and one without. Then, use copy with the subnet to iterate over subnets with nsg and without.
tfitzmac
on 11 Apr 2019
Thank you very much! I will go with the json('null') option. It would be great if we can use if function throughout the template
CharmanderJieniJieni
on 11 Apr 2019
@Charmendar - unless you are still having a problem with this, we will close the issue.
tfitzmac
on 17 Apr 2019
please-close
tfitzmac
on 17 Apr 2019
Sure thanks for the solution!
CharmanderJieniJieni
on 17 Apr 2019
Related issues
behnam89
·
3Comments
JamesDLD
·
3Comments
spottedmahn
·
3Comments
spottedmahn
·
3Comments
jebeld17
·
3Comments
Most helpful comment
@Charmendar - this is a tricky scenario but there are a couple of approaches you could try.
I tried setting the id under networkSecurityGroup to null, but that produced an error. However, you can set the networkSecurityGroup object to null for items that don't have an nsg. Like:
"networkSecurityGroup": "[json('null')]"
To make that make, you would need to add the if function to test if the variable has an empty object for the nsg. It looks like you would also need to change your variable to store the full nsg object. Depending on the result, you either pass in the object or null. You'll see a similar example for a conditional resource in the if function.
The other approach would involve breaking the subnets out as a separate resource, instead of a property. You could keep two variables for subnets, one with nsg and one without. Then, use copy with the subnet to iterate over subnets with nsg and without.