JSON array as parameter input

[dpantaz]

Hello.

Is it possible to use a JSON array as a parameter value in the parameters input?
For example
parameters: param1=

Thank you.

[github-actions]

This issue is marked default for generating issues report.

[github-actions]

This issue is stale because it has been open for 7 days with no activity.

[marvinbuss]

@bishal-pdMSFT We are running into issues, when trying to do this. Due to the AZURE_CREDENTIALS, it also seems like that any { and } get replaced with *** in the Actions page and passing a JSON array always fails with Failed to parse JSON. Here are more details:

[github-actions]

This issue is marked default for generating issues report.

[github-actions]

This issue is stale because it has been open for 7 days with no activity.

[t-dedah]

Hi @marvinbuss, will it be possible to share the exact parameter input. Are you passing a json or a json string something like this
'{"costCenter":"ABCD", "owner":"XYZ"}'

[marvinbuss]

Hi @t-dedah, I am passing a JSON string as input (e.g. '{"costCenter":"ABCD", "owner":"XYZ"}'). It seems like { and } get replaced with ***. Using a JSON as secret is also not recommended by the Actions team. We should consider moving to a different authentication method for Azure/login with individual secrets for clientId and clientSecret. See here: https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-secrets

[github-actions]

This issue is marked default for generating issues report.

[t-dedah]

@marvinbuss I am little confused. What secrets are you trying to pass as parameters? shouldn't we use azure login task for that? Also I consoled out '{"costCenter":"ABCD", "owner":"XYZ"}' and everything looks okay to me.

Will it be possible to share repro steps for the issue?

[marvinbuss]

Please try this workflow, then you will see the issue:

name: Deployment

on:
  push:
    branches: [ main ]
    paths:
      - 'infra/**'
  pull_request:
    branches: [ main ]
    paths:
      - 'infra/**'

env:
  AZURE_SUBSCRIPTION_ID: 'your-sub-id'
  AZURE_LOCATION: 'northeurope'
  AZURE_TAGS: '{"costCenter":"ABCD", "owner":"XYZ"}'

jobs:
  create-resource-groups:
    runs-on: ubuntu-latest

    steps:
    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
    - name: Check Out Repository
      id: checkout_repository
      uses: actions/checkout@v2
    
    # Login to Azure
    - name: Azure Login
      id: azure_login
      uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
    
    # Deploy Resource Groups
    - name: Deploy Resource Groups
      id: resource_groups_deployment
      uses: azure/arm-deploy@v1
      with:
        scope: subscription
        subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
        region: ${{ env.AZURE_LOCATION }}
        template: ${{ github.workspace }}/infra/ResourceGroups/deploy.resourceGroups.json
        parameters: ${{ github.workspace }}/infra/ResourceGroups/params.resourceGroups.json tags='${{ env.AZURE_TAGS }}'
    
    # Log out from Azure
    - name: Log out from Azure
      id: azure_logout
      uses: azure/cli@v1
      with:
        azcliversion: latest
        inlineScript: |
          az logout

[github-actions]

This issue is marked default for generating issues report.

[github-actions]

This issue is marked default for generating issues report.

[marvinbuss]

I get same error even without storing any AZURE CREDENTIAL. Just running this command without login gives a 'json parse failed' error. I might be wrong but isnt it the behaviour of az comand?

az deployment group validate --resource-group E2eTestResourceGroupForArmAction --template-uri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/emptyRG.json --parameters tags='${{ env.AZURE_TAGS }}'

@t-dedah No this is not the behavior of az cli. The issue is, that we are storing a JSON as secret (AZURE_CREDENTIALS). If you remove the reference to it, everything will run just fine. The issue is Azure/login. The Action needs to accept individual secrets rather than a json. This requires an improvment.

[github-actions]

This issue is marked default for generating issues report.

[github-actions]

This issue is stale because it has been open for 7 days with no activity.

[github-actions]

This issue is idle because it has been open for 14 days with no activity.

[gummigroda]

Hi,

Are there any updates regarding how to add for example tags as parameters?
Or even more complex structures as objects in an array?

Tried as sugested:

and get the error:

Or is it better to skip this action and run a regular shell with AZ CLI ?

[t-dedah]

Hi @gummigroda Can you please try this?

tags="{\"costCenter\":\"12345\", \"owner\":\"IT\", \"Service\": \"Identity\"}"

[marvinbuss]

I get same error even without storing any AZURE CREDENTIAL. Just running this command without login gives a 'json parse failed' error. I might be wrong but isnt it the behaviour of az comand?

az deployment group validate --resource-group E2eTestResourceGroupForArmAction --template-uri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/emptyRG.json --parameters tags='${{ env.AZURE_TAGS }}'

@t-dedah No this is not the behavior of az cli. The issue is, that we are storing a JSON as secret (AZURE_CREDENTIALS). If you remove the reference to it, everything will run just fine. The issue is Azure/login. The Action needs to accept individual secrets rather than a json. This requires an improvment.

This is the reason why it will not work. If you use the new Workload Identity Federation, this issue will most likely be solved, as you are not storing a JSON as secret then.

[github-actions]

This issue is idle because it has been open for 14 days with no activity.

[github-actions]

This issue is stale because it has been open for 7 days with no activity.

[aavdberg]

Please try this workflow, then you will see the issue:

name: Deployment

on:
  push:
    branches: [ main ]
    paths:
      - 'infra/**'
  pull_request:
    branches: [ main ]
    paths:
      - 'infra/**'

env:
  AZURE_SUBSCRIPTION_ID: 'your-sub-id'
  AZURE_LOCATION: 'northeurope'
  AZURE_TAGS: '{"costCenter":"ABCD", "owner":"XYZ"}'

jobs:
  create-resource-groups:
    runs-on: ubuntu-latest

    steps:
    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
    - name: Check Out Repository
      id: checkout_repository
      uses: actions/checkout@v2
    
    # Login to Azure
    - name: Azure Login
      id: azure_login
      uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
    
    # Deploy Resource Groups
    - name: Deploy Resource Groups
      id: resource_groups_deployment
      uses: azure/arm-deploy@v1
      with:
        scope: subscription
        subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
        region: ${{ env.AZURE_LOCATION }}
        template: ${{ github.workspace }}/infra/ResourceGroups/deploy.resourceGroups.json
        parameters: ${{ github.workspace }}/infra/ResourceGroups/params.resourceGroups.json tags='${{ env.AZURE_TAGS }}'
    
    # Log out from Azure
    - name: Log out from Azure
      id: azure_logout
      uses: azure/cli@v1
      with:
        azcliversion: latest
        inlineScript: |
          az logout

I think you have to put the line between quotes, did you try understanding?

         parameters: "${{ github.workspace }}/infra/ResourceGroups/params.resourceGroups.json tags='${{ env.AZURE_TAGS }}'"

And better to use https://docs.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation

[vRune4]

When googling "azure/arm-deploy json array parameter" this issue is the first hit.

After reading the comments above, I'm none the wiser.

I've tried escaping quotes, encapsulating the whole thing with a single quote and without escapes, and... No go. & gh variable set ELASTIC_POOL_SKU --env dev --body '''{\"name\": \"BasicPool\", \"tier\": \"Basic\", \"capacity\": 50}''' is my last attempt at setting a variable.

 parameters: >
            el_sku=${{vars.ELASTIC_POOL_SKU}}

Result:
Error: ERROR: Failed to parse string as JSON:
'{\maxSizeBytes":5242880000, "perDatabaseSettings":{"maxCapacity": 5, "minCapacity": 0}}' el_sku='{"name": "BasicPool", "tier": "Basic", "capacity": 50}'

Which leads me to believe I should not have escaped the double quotes.

So... Change that so that gh variable list shows:
ELASTIC_POOL_PROPERTIES {"maxSizeBytes":5242880000, "perDatabaseSettings":{"maxCapacity": 5, "minCapacity": 0}}

Error: ERROR: Failed to parse string as JSON:
{maxSizeBytes:5242880000,
Error detail: Expecting property name enclosed in double quotes: line 1 column 2 (char 1)

Wait... What?!? gh variable list clearly disagrees. "maxSizeBytes" is definitively quoted.

[anthony-c-martin]

@vRune4 A shot in the dark, but here's what I would try:

Setting the variable:

& gh variable set ELASTIC_POOL_SKU --env dev --body '{"name": "BasicPool", "tier": "Basic", "capacity": 50}'

Using the variable:

 parameters: >
            el_sku='${{vars.ELASTIC_POOL_SKU}}'

[vRune4]

parameters: >
el_sku='${{vars.ELASTIC_POOL_SKU}}'

Quoting the value is one of the things I tried.

It expands into:

parameters: services.json location=norwayeast environment=dev retention=7 project_name=smartskill ip_list=[] elastic_pool_properties='{"maxSizeBytes":5242880000, "perDatabaseSettings":{"maxCapacity": 5, "minCapacity": 0}}' el_sku='{"name": "BasicPool", "tier": "Basic", "capacity": 50}' adAdminUser='***'

(the last parameter is a secret)

Error: ERROR: Failed to parse string as JSON:
'{maxSizeBytes:5242880000,
Error detail: Expecting value: line 1 column 1 (char 0)

If the error message is to be believed, the double quote goes AWOL somewhere along the way. (I am reworking this to single parameters now)