This is a mixin for Porter that provides the Azure (az) CLI.
By default, the most recent version of the az CLI is installed.
You can specify a specific version with the clientVersion
setting.
mixins:
- az:
clientVersion: 1.2.3
When you declare the mixin, you can also configure additional extensions to install
Use the vanilla az CLI
mixins:
- az
Install additional extensions
mixins:
- az:
extensions:
- EXTENSION_NAME
When you declare the mixin, you can disable the mixin from customizing the az user agent string
mixins:
- az:
userAgentOptOut: true
By default, the az mixin adds the porter and mixin version to the user agent string used by the az CLI. We use this to understand which version of porter and the mixin are being used by a bundle, and assist with troubleshooting. Below is an example of what the user agent string looks like:
AZURE_HTTP_USER_AGENT="getporter/porter/v1.0.0 getporter/az/v1.2.3"
You can add your own custom strings to the user agent string by editing your template Dockerfile and setting the AZURE_HTTP_USER_AGENT environment variable.
When you declare the mixin, you can also configure Bicep to be install
mixins:
- az:
installBicep: true
This is required if you want to use the az bicep
subcommands.
The format below is for executing any arbitrary az CLI command.
See the az CLI Command Reference for the supported commands.
az:
description: "Description of the command"
arguments: # arguments to pass to the az CLI
- arg1
- arg2
flags: # flags to pass to the az CLI, porter determines if it is a long (--flag) or short flag (-f)
a: flag-value
long-flag: true
repeated-flag:
- flag-value1
- flag-value2
suppress-output: false
ignoreError: # Conditions when execution should continue even if the command fails
all: true # Ignore all errors
exitCodes: # Ignore failed commands that return the following exit codes
- 1
- 2
output: # Ignore failed commands based on the contents of stderr
contains: # Ignore when stderr contains a substring
- "SUBSTRING IN STDERR"
regex: # Ignore when stderr matches a regular expression
- "GOLANG_REGULAR_EXPRESSION"
outputs: # Collect values from the command and make it available as an output
- name: NAME
jsonPath: JSONPATH # Scrape stdout with a json path expression
- name: NAME
regex: GOLANG_REGULAR_EXPRESSION # Scrape stdout with a regular expression
- name: NAME
path: FILEPATH # Save the contents of a file
NOTE: Some commands may not allow a flag to be repeated, and use a different syntax such as packing all the values into a single flag instance. Change Settings for a Web Application demonstrates how to handle inconsistent flags behavior.
The suppress-output
field controls whether output from the mixin should be
prevented from printing to the console. By default this value is false, using
Porter's default behavior of hiding known sensitive values. When
suppress-output: true
all output from the mixin (stderr and stdout) are hidden.
Step outputs (below) are still collected when output is suppressed. This allows you to prevent sensitive data from being exposed while still collecting it from a command and using it in your bundle.
In some cases, you may need to have the bundle continue executing when a command fails. For example when the command fails because the resource already exists.
You can ignore errors based on:
- All - Ignore all errors from the command.
- ExitCodes - Ignore errors when one of the specified exit codes are returned.
- Output Contains - Ignore errors when the command's stderr contains the specified string.
- Output Regex - Ignore errors when the command's stderr matches the specified regular expression (in Go syntax).
Porter only prints out that an error was ignored in debug mode.
The mixin supports jsonpath
and path
outputs.
The jsonPath
output treats stdout like a json document and applies the expression, saving the result to the output.
outputs:
- name: NAME
jsonPath: JSONPATH
For example, if the jsonPath
expression was $[*].id
and the command sent the following to stdout:
[
{
"id": "1085517466897181794",
"name": "my-vm"
}
]
Then then output would have the following contents:
["1085517466897181794"]
The path
output saves the content of the specified file path to an output.
outputs:
- name: kubeconfig
path: /root/.kube/config
The mixin has a custom command to manage a resource group.
When used in any action other than uninstall, the mixin will ensure that the resource group exists.
install:
- az:
description: "Ensure my group exists"
group:
name: mygroup
location: westus
When used in the uninstall action, the mixin ensures that the resource group is deleted.
uninstall:
- az:
description: "Cleanup my group"
group:
name: mygroup
mixins:
- az:
extensions:
- azure-cli-iot-ext
The az mixin supports several authentication methods. All are provided with custom login
command:
install:
- az:
login:
If you have already authenticated using az login
, the mixin will use your
existing credentials. This requires the following files to exist in your
.azure
directory:
azureProfile.json
: Contains your Azure profile information.msal_token_cache.json
: Contains the cached authentication tokens.
To authenticate using a service principal, set the following environment variables:
AZURE_CLIENT_ID
AZURE_CLIENT_SECRET
AZURE_TENANT_ID
When running in Azure, you can authenticate using managed identity. By default,
the system-assigned managed identity is used. To use a user-assigned managed
identity, set the AZURE_CLIENT_ID
environment variable to the client ID of
the managed identity.
Create a VM, ignoring the error if it already exists.
az:
description: "Create VM"
arguments:
- vm
- create
flags:
resource-group: porterci
name: myVM
image: UbuntuLTS
ignoreErrors:
output:
contains: ["already exists"]
Delete a VM, ignoring the error if it has already been removed.
az:
description: "Delete VM"
arguments:
- vm
- delete
flags:
resource-group: porterci
name: myVM
ignoreErrors:
output:
contains: ["not found"]
The --settings
flag for this command does not support being repeated. Instead you must pack all
the setting values into a single flag using space-separated KEY=VALUE pairs.
install:
- az:
description: 'Deploy Web API configurations'
arguments:
- webapp
- config
- appsettings
- set
flags:
ids: '${ bundle.outputs.WEBAPI_ID }'
settings: 'PGHOST=${ bundle.outputs.POSTGRES_HOST } PGUSER=${ bundle.outputs.POSTGRES_USER } PGPASSWORD=${ bundle.outputs.POSTGRES_PASSWORD } PGDB=${ bundle.outputs.POSTGRES_DB }'