Share via

how Azure ARM templates process placeholders please?

LXF 180 Reputation points
2024-06-11T02:47:43.6333333+00:00

Could you explain how Azure ARM templates process placeholders and variables during deployment, especially comparing the '[variables]' syntax with templating mechanisms like {{variables}}?

I see some of the codes (from Sentinel Solution folder @ github) put placeholders like:

"""
{
	"type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
	"apiVersion": "2022-09-01-preview",
	"name": "xxxSecurityEvents",
	"location": "{{location}}",
	"kind": "Customizable",
	"properties": {
		"connectorUiConfig": {
			"id": "xxxSecurityEvents",
			"title": "xxx Security Events",
			"publisher": "xxx",
			"descriptionMarkdown": "xxx Security Events",
			"graphQueriesTableName": "xxxSecurityEvents_CL",
			"graphQueries": [
				{
					"metricName": "Total events received",
					"legend": "xxx Events",
					"baseQuery": "{{graphQueriesTableName}}"
				}
			],
			"sampleQueries": [
				{
					"description": "Get Sample of xxx Events",
					"query": "{{graphQueriesTableName}}\n | take 10"
				}
			],
			"dataTypes": [
				{
					"name": "{{graphQueriesTableName}}",
					"lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h) | where name_s == \"no data test\" | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
				}
			],
"""

But I also see others from 'mainTemplate.json" look like:

"""
  "variables": {
    "workspaceName": "[concat('log-SSG', parameters('tenantName'))]",
    "resourceGroupName": "[concat('SSG-',parameters('tenantName'))]",
    "tableName": "xxx_CL",
    "dceName": "[concat(parameters('tenantName'),'-DCE')]",
    "dataConnectorName": "xxx_connector"
  },
  "resources": [
    {
      "type": "Microsoft.OperationalInsights/workspaces",
      "apiVersion": "2021-12-01-preview",
      "name": "[variables('workspaceName')]",
      "location": "[resourceGroup().location]",
      "properties": {
        "retentionInDays": "[parameters('retentionInDays')]"
      }
    },
"""
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,056 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
239 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 17,651 Reputation points Microsoft Employee
    2024-06-11T10:06:35.52+00:00

    @LXF

    Thank you for posting your query on Microsoft Q&A, I am currently reviewing this query and will get back to you with further inputs.

    Update1:

    There is not much detailed information available un public documentation to be consumed however we have a few reference as per: https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/sentinel/data-connector-ui-definitions-reference.md

    graphQueriesTableName : Sets the name of the table the connector inserts data to. This name can be used in other queries by specifying {{graphQueriesTableName}} placeholder in graphQueries and lastDataReceivedQuery values. This placeholder could be further users in GraphQueries fpr example:

    User's image

    ConnectionToggleButton :

    Trigger the deployment of the DCR based on the connection information provided through placeholder parameters. The following parameters are supported:

    1. name : mandatory
    2. disabled
    3. isPrimary
    4. connectLabel
    5. disconnectLabel

    Textbox within Authentication configuration which can have placeholder for "user name" and "secret".

    If you don't have any further queries and the suggestion above answers your ask, please "Accept the answer", This will help us and others in the community as well.

    Thanks,

    Akshay Kaushik

    0 comments