az group export Azure Firewall and restore issue
I have a pipeline that provisions my clients clients Firewall and all associated Resources. As part of that Pipeline, I am taking a backup of the Firewall and Rule Collections before release and if anything goes wrong, a YAML stage (via a condition) will use the two backup files and restore the Firewall and its Rule Collections to their last known good state.
In my PowerShell within the Pipeline, I used the following command to backup the Firewall:
az group export --name "fw-rg" --resource-ids "/subscriptions/1234/resourceGroups/fw-rg/providers/Microsoft.Network/azureFirewalls/myFirewall" --skip-all-params
And that creates a file, that on the surface looks fine. The Rule Collections Json also looks fine.
The problem arises on the restore. Rule Collections works fine, but the Firewall fails with an error complaining about resourceGroup
is not allowed.
Inspecting the Json, I can see a recurring pattern as such:
"firewallPolicy": {"id": "/subscriptions/1234/resourceGroups/fw-rg/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy", "resourceGroup": "fw-rg"},
Performing an Export Template via the Portal, resourceGroup
isn’t presented as part of that output:
"firewallPolicy": {"id": "[parameters('firewallPolicies_myFirewallPolicy_externalid')]"}
I’ve reviewed the command to export and no argument stands out as a likely candidate to get the Json in a verbatim format like the Portal.
The command I am using to restore is:
az deployment group create --name $jobName --resource-group $resourceGroup --template-file $BackupFileName
Has anyone encountered this before where the export gives Json that isn’t strictly valid for a restore and any suggestions?
The only option that I can think of, which is a hack is to replace “resourceGroup”: “rg” in the Json with an empty string, but then I have to contend with the preceeding ,
on the id
line.
Any help will be appreciated.