search

Azure / ALZ-Bicep

This repository contains the Azure Landing Zones (ALZ) Bicep modules that help deliver and deploy the Azure Landing Zone conceptual architecture in a modular approach. https://aka.ms/alz/docs
MIT License
764 stars 514 forks source link

Error with applying Resource Locks. #756

Closed lakovmartin closed 7 months ago

lakovmartin commented 7 months ago

What happened? Provide a clear and concise description of the bug, including deployment details.

I am using the Bicep templates for a Landing Zone Deployment (latest version 0.17.2) with the provided pipelines for Azure DevOps. I am getting an error when the PowerShell script tries to execute a what if analysis on the logging and sentinel resource group deployment. I have not modified the template and using the default values for the locks.

It seems the issue is with the code on line 50 in the resourceGroup.bicep module file.

Please provide the correlation id associated with your error or bug.

xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

What was the expected outcome?

No response

Relevant log output

New-AzDeployment: /home/vsts/work/1/s/pipeline-scripts/Deploy-ALZLoggingAndSentinelResourceGroup.ps1:30
Line |
  30 |  New-AzSubscriptionDeployment @inputObject
     |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Additional content found in JSON reference object. A JSON reference
     | object should only have a $ref property. Path
     | 'parResourceLockConfig.defaultValue'.

##[error]PowerShell exited with code '1'.

Check previous GitHub issues

Code of Conduct

oZakari commented 7 months ago

Hi @lakovmartin, this is an issue with the Azure PowerShell module version 11.3.1. Please see the Known Issues Wiki which I just published with the context and workaround until the fix is released.

Please re-open if you have any additional questions, and apologies for any frustration from this issue.

lakovmartin commented 7 months ago

Hi @oZakari . Thanks for the info. I have updated the task to use 11.5.0 which is latest however it's still importing 11.3.1 when the pipeline runs (Using Ubuntu Latest MS Agents in ADO):

Generating script. /usr/bin/pwsh -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command . '/home/vsts/work/_temp/80c5845e-48bf-4b7b-b562-3b3e55473e64.ps1' File saved! Import-Module -Name /usr/share/az_11.3.1/Az.Accounts/2.17.0/Az.Accounts.psd1 -Global Clear-AzContext -Scope Process Clear-AzContext -Scope CurrentUser -Force -ErrorAction SilentlyContinue

oZakari commented 7 months ago

Hey @lakovmartin, I added the wrong key value pair for the Azure DevOps instructions in the Wiki, sorry! Will update, but use this task structure as just retested and it worked without issues:

      - task: AzurePowerShell@5
        displayName: "Logging and Sentinel Resource Group Deployment"
        inputs:
          azureSubscription: ${{ variables.SERVICE_CONNECTION_NAME }}
          azurePowerShellVersion: OtherVersion
          preferredAzurePowerShellVersion: 11.5.0
          pwsh: true
          ScriptType: "InlineScript"
          Inline: |
            .\pipeline-scripts\Deploy-ALZLoggingAndSentinelResourceGroup.ps1

It will see that 11.5.0 is missing when running the task and then install it to be used in the same task.