Azure ARM Template parameters for parametrized linked service

Question

Please, forgive the confusing tittle, if it is, but it does describe the problem I am having

So, I have a linked service in my Azure Datafactory. It is used for Azure SQL Database connect. The Database name and user name are being taken from the parameters set in linked service itself. Here is a snippet of json config

"typeProperties": {
        "connectionString": "Integrated Security=False;Encrypt=True;Connection Timeout=30;Data Source=myserver.database.windows.net;Initial Catalog=@{linkedService().dbName};User ID=@{linkedService().dbUserName}",
        "password": {
            "type": "AzureKeyVaultSecret",
            "store": {
                "referenceName": "KeyVaultLink",
                "type": "LinkedServiceReference"
            },
            "secretName": "DBPassword"
        },
        "alwaysEncryptedSettings": {
            "alwaysEncryptedAkvAuthType": "ManagedIdentity"
        }
    }

This works fine when in debug in the Azure portal. However, when I get the ARM Template for the whole thing, during ARM Template deployment it asks for input Connection string for the linked service. If I go to the linked service definition, and look up its connection string it will come this way

"connectionString": "Integrated Security=False;Encrypt=True;Connection Timeout=30;Data Source=dmsql.database.windows.net;Initial Catalog=@{linkedService().dbName};User ID=@{linkedService().dbUserName}"

Then when I input it in the ARM Template deployment should I be replacing "@{linkedService().dbName}" and "@{linkedService().dbUserName}" with actual values at the spot when I am entring it ? I am confused because during the ARM Template deployment there are no separate fields for these parameters, and these (parameters specific to linked service itself) are not present as separate parameters in the ARM Template definition.

Answer 1

I created database in my azure portal and enabled system assigned managed Identity for sql db.

Image for reference:

I created azure keywault and created secret. Image for reference:

I have created new access policy for Azure data factory.

Image for reference:

I created Azure data factory and enabled system managed identity.

Image for reference:

I have created new parametrized linked service to connect with database with below parameters dbName and userName. I am taking database name and User name dynamically by using above parameters.

Image for reference:

Linked service is created successfully.

json format of my lined service:

{

    "name": "SqlServer1",
    "properties": {
      "parameters": {
            "dbName": {   
                   "type": "String"
             },
            "userName": {
                  "type": "String"
            }
       },    
      "annotations": [],
      "type": "SqlServer",
      "typeProperties": {
        "connectionString": "Integrated Security=False;Data Source=dbservere;Initial Catalog=@{linkedService().dbName};User ID=@{linkedService().userName}",
         "password": { 
             "type": "AzureKeyVaultSecret",    
             "store": {
                  "referenceName": "AzureKeyVault1",
                  "type": "LinkedServiceReference"
              },
          "secretName": "DBPASSWORD"
          },
          "alwaysEncryptedSettings": {
               "alwaysEncryptedAkvAuthType": "ManagedIdentity"
            }
      }

   }

}

I exported the arm template of data factory.

This is my linked service in my ARM template:

"SqlServer1_connectionString": {
            "type": "secureString",
            "metadata": "Secure string for 'connectionString' of 'SqlServer1'",
            "defaultValue": "Integrated Security=False;Data Source=dbservere;Initial Catalog=@{linkedService().dbName};User ID=@{linkedService().userName}"
        },
        "AzureKeyVault1_properties_typeProperties_baseUrl": {
            "type": "string",
            "defaultValue": "https://keysqlad.vault.azure.net/"
        }

Image for reference:

I have got parameters dbName and userName in my ARM template description.

{
            "name": "[concat(parameters('factoryName'), '/SqlServer1')]",
            "type": "Microsoft.DataFactory/factories/linkedServices",
            "apiVersion": "2018-06-01",
            "properties": {
                "parameters": {
                    "dbName": {
                        "type": "String"
                    },
                    "userName": {
                        "type": "String"
                    }
                },
                "annotations": [],
                "type": "SqlServer",
                "typeProperties": {
                    "connectionString": "[parameters('SqlServer1_connectionString')]",
                    "password": {
                        "type": "AzureKeyVaultSecret",
                        "store": {
                            "referenceName": "AzureKeyVault1",
                            "type": "LinkedServiceReference"
                        },
                        "secretName": "DBPASSWORD"
                    },
                    "alwaysEncryptedSettings": {
                        "alwaysEncryptedAkvAuthType": "ManagedIdentity"
                    }
                }
            },
            "dependsOn": [
                "[concat(variables('factoryId'), '/linkedServices/AzureKeyVault1')]"
            ]
        }

Image for reference:

If you didn't get parameters in ARM template description copy the value of "connectionString" and modified what you needed to and left the parameters in place and added it to the "connectionString" override parameter in my Azure Release Pipeline, and it will work.