Az Cli Core on PowerShell Core – Escaping Parameters

If you are deploying Azure solutions, you face the requirement to do infrastructure as code to create repeatable, idempotent deployments.
These ideally should be parameterized and automated, e.g. using Azure DevopOps pipelines. AZ Cli Core can be a great asset here!
In contrast to ARM templates or Terraform scripts Az Cli Core scripts do not require a steep learning curve, because they look much more familiar to anybody who has ever written a batch script.
I also do appreciate the compactness and the easier handling, which helps a lot to reduce the otherwise steep learning curve into IaC.
In addition, as a developer, I feel much more at home working in a “real” programming/scripting environment, instead of wrapping my mind around JSON templates, which have program workflow assets bolted on as needed.

A few things to keep in mind are:

  • Run Az Cli / PowerShell Core scripts on Linux or IOS build machines – the Windows version is not idempotent!
  • Az Cli is quite new and a lot of commands are still in their early stages (experimental – as the product group calls it).
  • Not all Azure infrastructure areas are covered by Az Cli yet. – This can be mitigated by calling ARM Templates from the Cli script, if required. This is not ideal, but real life seldom is black and white. 🙂 The white areas are also shrinking fast!

One of the largest obstacles getting started with Az Cli Core in combination with PowerShell Core, well, at least to me, was the handling of parameters.
To get over this, it is good to understand that Az Cli Core is written in Python. Due to this, if you need to escape parameters, for example, if you want to install a script extension to a VM, one needs to use Python escape mechanisms not the PowerShell ones, because the Python code is on the receiving end.

az vm extension set -n VMAccessForLinux --publisher Microsoft.OSTCExtensions --version 1.4 \
--vm-name MyVm --resource-group MyResourceGroup \
--protected-settings '{"username":"user1", "ssh_key":"ssh_rsa …"}'

“–protected-settings” expects JSON input with quotation marks, which need to be escaped. And, as stated before, do not use the PowerShell escape tick ‘ , but this template for escaping.

Json escape sequence template for Az Cli

this would read for the sample –protected-settings:

'{\"username\":\"user1\", \"ssh_key\":\"ssh_rsa …\"}'

The backslash will help you out!

If the JSON input gets longer, doing this manually is quite tedious and I am going to show another technique using JSON parameter files in on of my upcoming posts, as well.
That one is also great to handle dynamic input.

Stay tuned. 🙂


Cloud News 2021 / Q1

The Wechsler Consulting Cloud News – 2021 / Q1 – episode tackles newest information originating from Microsoft Ignite 2021 around Azure and Azure IOT. Some very interesting changes regarding local/centralized computing as well as creators/innovators were announced.

Focus Topic this time is Azure IOT Device Update.
A long desired device management capability for Azure IOTHub.


Microsoft Ignite 2021
Decentralized Computing  / Empower creators innovators

Microsoft Mesh
Introducing Microsoft Mesh | Here can be anywhere.

Focus Topic
Azure IOT – Device Update
Introduction to Device Update for Azure IoT Hub | Microsoft Docs

Wechsler Consulting – Cloud Campus
Model your world – with Digital Twins!
Azure IOTHub – time to update endpoint filter

#WechslerConsultingCloudCampus #AzureIOT  #Azure

Model your world – with Digital Twins!

And I mean this literally. What if you can access your town, streets, places, building etc. digitally via a twin? Everything needs to be secure and privacy guaranteed, of course (yes, I am German/European :-)), but, would this not open a lot of possibilities for new solutions and business models?
One would be able to conquer the space around us and easily provide location-based services. Just add a little bit of augmented reality and/or smart screens and science-fiction like scenarios become possible.
Sounds good? Well, than this episode of the Channel 9 IOT Show is a must see for you:

If you also add a spoonful of IOT Plug & Play to the stew, things are really able to take off!

Have a great week

Azure IOTHub – time to update endpoint filter

There is a new and more secure IP-endpoint-filter out! The new one is more secure and the old one will be retired after a while. So, if you are using IOTHub in your solution, you need to upgrade!

Nevertheless, test the filter in your development environment, before rolling it out in production.
It should normally not have any negative effects, if you are using the endpoints in a standard way, but one only ever knows after trying it out.