When managing configurations in Azure App Configuration, dynamically identifying and conditionally deploying resources can streamline your infrastructure and reduce manual intervention. In this post, I’ll walk you through how I used Azure deployment scripts and Bicep templates to achieve this. Along the way, I’ll explain the logic behind the deployment and the steps required to ensure everything works seamlessly.
Problem Statement
Azure App Configuration allows us to manage configurations centrally, but as environments and configurations evolve, deploying defaults and ensuring environments are properly configured becomes a challenge. Manual processes are prone to errors and inefficiencies, and hardcoding resources isn’t scalable. We needed a solution that dynamically queried existing configurations and conditionally deployed only what was missing.
Solution Overview
Using Azure deployment scripts within Bicep, we can:
- Query existing labels and keys in Azure App Configuration.
- Conditionally deploy default settings, environments, and configurations based on the query results.
- Automate the entire process while maintaining modularity and reusability.
High-Level Architecture
- Deployment Script Modules: Query existing labels and keys in Azure App Configuration.
- Conditional Logic in Bicep: Deploy resources based on the query results.
- Managed Identity with Role Assignments: Securely enable deployment scripts to access Azure resources.
Step 1: Set Up a Managed Identity with Role Assignments
Deployment scripts require permissions to interact with Azure App Configuration. To enable this, we assign a User-Assigned Managed Identity with the App Configuration Contributor role.
|
|
This Bicep template creates a User-Assigned Managed Identity and assigns the App Configuration Contributor role, granting the identity the necessary permissions to query configuration labels and keys.
Step 2: Query Existing Labels and Keys
Querying Labels
The configurationLabel.bicep
module dynamically retrieves all labels in Azure App Configuration using a deployment script:
|
|
Querying Keys
Similarly, the configurationKey.bicep
module fetches all unique keys:
|
|
The command az appconfig kv list --name $1 --query "[].key" | jq -r .[] | cut -d ":" -f 1 | sort -u | jq -R . | jq -s "{result: .}"
performs several operations to list and process keys from an Azure App Configuration store:
az appconfig kv list --name $1 --query "[].key"
: This Azure CLI command lists all key-value pairs from the specified Azure App Configuration store (using the name provided as the first argument$1
) and extracts only the keys.| jq -r .[]
: The output from the previous command is piped tojq
, a lightweight and flexible command-line JSON processor. The-r
flag outputs raw strings instead of JSON texts, and.[]
iterates over each element in the array, outputting each key on a new line.| cut -d ":" -f 1
: Thecut
command splits each key at the colon (:
) delimiter and extracts the first field. This is useful if the keys have a namespace or prefix separated by a colon.| sort -u
: Thesort
command sorts the keys and the-u
flag ensures that only unique keys are kept.| jq -R .
: The sorted unique keys are then piped back tojq
with the-R
flag, which reads each line of input as a raw string and converts it to a JSON string.| jq -s "{result: .}"
: Finally, thejq -s
command slurps all the input lines into a single JSON array and wraps it in an object with aresult
property.
The final output is a JSON object containing an array of unique keys, which is then stored in the result
variable.
Step 3: Conditionally Deploy Resources
The configuration/environments.bicep
module leverages the queried labels and keys to conditionally deploy resources. For example:
- Defaults: Ensures a default environment is created if the label does not exist.
- Environments: Deploys specific environments for missing labels.
- Settings: Adds configurations if the keys are not present.
|
|
Conclusion
This approach automates the process of identifying missing configurations and deploying only the necessary resources. By combining deployment scripts with Bicep’s conditional logic, we’ve achieved a dynamic and scalable solution for managing Azure App Configuration.
Feel free to try this out in your environment and share your feedback. Let me know if you encounter any challenges or have ideas for further optimization!
References: