If you are writing and using ARM templates as as a base of your infrastructure as code (IaC) principle, then the next few lines might be interesting to you. If you are new to IaC read this or if you are new to ARM templates read here.
We are using ARM templates with Azure DevOps to deploy resource groups of Virtual machines, databases and Application services. Templates tend to get large and even with a Visual Studio Intellisense which is good by the way, you can make mistakes. What we need is a tool that can validate the whole script before you commit/push to the source control. I was thinking, “is there a way to do this?” and indeed there is.
Microsoft documentation states that there is a tool (PowerShell) that can check your ARM templates for compatibility with Azure Stack in your region of choice. It also checks the JSON syntax and some other goodies (examples below). Let’s get started.
1. Download and install Azure Stack tools.
2. Unpack it to the folder of your choice and “cd” to the Azure Stack Tools folder.
3. Import Cloud capabilities module with the command below. The instructions in the documentation are not very clear, regarding the “<your location>” parameter. But I made some digging and that is of course Azure location (run Get-AzureRMLocation in PowerShell to get your location name). We use westeurope for a location parameter.
//import cloud capabilities module
//Generate capabilities json file
Get-AzureRMCloudCapability -Location "westeurope" -Verbose -IncludeComputeCapabilities -IncludeStorageCapabilities
It takes some time 30 min or so, to generate capabilities JSON file, which will be then used by our next script Template Validator. This JSON file contains all the capabilities (all resources) in the selected region. It’s probably good to update it once in a while.
4. Then import Template validator module and finally run a validation of your ARM templates. You need to specify the -TemplatePath and -CapabilitiesPath parameters:
//Import validate template module
//Validate ARM template
Test-AzureRMTemplate -TemplatePath "c:\Users\MyPC\source\repos\MyARMTemplates\" -CapabilitiesPath ".\CloudCapabilities\AzureCloudCapabilities.Json" -Verbose
Because I set parameter -Verbose in the command above, I get a lot of feedback to the command line.
Below are some examples of validation warnings and errors, that a tool can detect. Tool returns warnings like hardcoded URLs or wrong API version or errors like invalid JSON syntax or misspelled Azure resource type.
Not everything is validated at the moment (like Azure virtual machine type or offer) and this might be an improvement for the future.
There are some things I would like to try/see in the future regarding the ARM templates validation:
- A way to run validation easily inside Visual Studio or Visual Studio Code (if you know how to do it let me know).
- Integrate ARM template validation to Azure DevOps build pipeline.
- Add validation for Azure resource properties like virtual machine types, offers etc. I don’t see any reason why this could not be compiled through Cloud capabilities JSON file.
That’s all for this post. Let me know if you have any comment down below.