azure azure-resource-manager azure-rm-template azure-bicep infrastructure-as-code

Invalid Deployment Template Parameter (Bicep/Yaml)

I have two repos one for resources bicep and another which uses the resources as module for reusability. Now I have created a bicep to deploy a sql server and a db

// sqldb.bicep
param name string
param location string = resourceGroup().location
param sqlAdministratorLogin string
@secure()
param sqlAdministratorLoginPassword string
param sqldatabaseNames array
param skuName string
param srvPostFix string = 'ss'

var sqlserverName = '${name}-${srvPostFix}'

resource sqlServer 'Microsoft.Sql/servers@2021-11-01' = {
  name: sqlserverName
  location: location
  properties: {
    administratorLogin: sqlAdministratorLogin
    administratorLoginPassword: sqlAdministratorLoginPassword
    version: '12.0'
  }
}

resource sqlDatabase 'Microsoft.Sql/servers/databases@2021-11-01' = [for item in sqldatabaseNames:{
  parent: sqlServer
  name: '${item}'
  location: location
  sku: {
    name: skuName
  }
  properties: {
    maxSizeBytes: 1073741824
  }
}]

I am calling this from another repo which deploys one azure sql db, below is the main.bicep and parameter json

Key vault is existing I have added the secret SqlAdminPassword

param rgLocation string = resourceGroup().location
param name string
param sqlAdministratorLogin string
param sqlSkuName string
param sqldatabaseNames array = [
  toLower('${name}-db')
]
param keyVaultName string
param keyVaultResourceGroup string

var dbModule = '${name}-DBModule'

resource keyVault 'Microsoft.KeyVault/vaults@2022-11-01' existing = {
  name: keyVaultName
  scope: resourceGroup(keyVaultResourceGroup)
}

module sqlDbModule 'br:myacr.azurecr.io/bicepmodules/sqldb.bicep:2023-03-17-12-15' = {
  name: dbModule
  params: {
    name: prefixRName
    location: rgLocation
    sqlAdministratorLogin: sqlAdministratorLogin
    sqlAdministratorLoginPassword: keyVault.getSecret('SqlAdminPassword')
    sqldatabaseNames: sqldatabaseNames
    skuName: sqlSkuName
  }
}

//parameter file

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
      "name": {
        "value": "my-web"
      },
      "sqlAdministratorLogin": {
        "value": "admin"
      },
      "sqlAdministratorLoginPassword": {
        "reference": {
          "keyVault": {
            "id": "/subscriptions/subid/resourceGroups/my-rg/providers/Microsoft.KeyVault/vaults/my-kv"
          },
          "secretName": "SqlAdminPassword"
        }
      },
      "sqlSkuName": {
        "value": "Basic"
      },
      "keyVaultName": {
        "value": "my-kv"
      },
      "keyVaultResourceGroup": {
        "value": "my-rg"
      }
    }
  }

Now I am getting an error when deploying it through azure pipeline:

Deployment template validation failed: 'The template parameters 'sqlAdministratorLoginPassword' in the parameters file are not valid; they are not present in the original template and can therefore not be provided at deployment time. The only supported parameters for this template are 'name, sqlAdministratorLogin, sqlSkuName, sqldatabaseNames, keyVaultName, keyVaultResourceGroup'.

Solution

You don't have the sqlAdministratorLoginPassword in the parameters of your second template. You're referencing the password secret from a key vault in your bicep. So you should be able to remove the sqlAdministratorLoginPassword from your parameters file.