Az Cli Core on PowerShell Core – Escaping Parameters

If you are deploying Azure solutions, you face the requirement to do infrastructure as code to create repeatable, idempotent deployments.
These ideally should be parameterized and automated, e.g. using Azure DevopOps pipelines. AZ Cli Core can be a great asset here!
In contrast to ARM templates or Terraform scripts Az Cli Core scripts do not require a steep learning curve, because they look much more familiar to anybody who has ever written a batch script.
I also do appreciate the compactness and the easier handling, which helps a lot to reduce the otherwise steep learning curve into IaC.
In addition, as a developer, I feel much more at home working in a “real” programming/scripting environment, instead of wrapping my mind around JSON templates, which have program workflow assets bolted on as needed.

A few things to keep in mind are:

  • Run Az Cli / PowerShell Core scripts on Linux or IOS build machines – the Windows version is not idempotent!
  • Az Cli is quite new and a lot of commands are still in their early stages (experimental – as the product group calls it).
  • Not all Azure infrastructure areas are covered by Az Cli yet. – This can be mitigated by calling ARM Templates from the Cli script, if required. This is not ideal, but real life seldom is black and white. 🙂 The white areas are also shrinking fast!

One of the largest obstacles getting started with Az Cli Core in combination with PowerShell Core, well, at least to me, was the handling of parameters.
To get over this, it is good to understand that Az Cli Core is written in Python. Due to this, if you need to escape parameters, for example, if you want to install a script extension to a VM, one needs to use Python escape mechanisms not the PowerShell ones, because the Python code is on the receiving end.

az vm extension set -n VMAccessForLinux --publisher Microsoft.OSTCExtensions --version 1.4 \
--vm-name MyVm --resource-group MyResourceGroup \
--protected-settings '{"username":"user1", "ssh_key":"ssh_rsa …"}'

“–protected-settings” expects JSON input with quotation marks, which need to be escaped. And, as stated before, do not use the PowerShell escape tick ‘ , but this template for escaping.

Json escape sequence template for Az Cli

this would read for the sample –protected-settings:

'{\"username\":\"user1\", \"ssh_key\":\"ssh_rsa …\"}'

The backslash will help you out!

If the JSON input gets longer, doing this manually is quite tedious and I am going to show another technique using JSON parameter files in on of my upcoming posts, as well.
That one is also great to handle dynamic input.

Stay tuned. 🙂