Closed maxricketts closed 1 year ago
@maxricketts Error BCP062
is a Bicep compile error. I would suggest that the reason is your Bicep version (0.4.1124) to too old for the syntax you are using. Map was introduced around 0.10.x.
If you are using a self-hosted agent be sure to update to a newer version of Bicep for this to work.
Also a side note, PSRule for Azure doesn't support lambda syntax for Bicep yet, we plan to but you'll run into this after you upgrade the Bicep CLI version so calling it out.
See #1536
@BernieWhite - I have updated bicep and still getting the same error. But I take it that is because of the Lambda syntax for the map function?
@maxricketts PSRule for Azure will report an expansion error for the Lambda syntax.
If you are still getting a Bicep compile error then there is maybe something wrong with your Bicep code.
Invoke-PSRule: Bicep (0.4.1124) compilation of 'C:\Git\Data-Platform-IAC\core\bicep\main.bicep' failed with: C:\Git\Data-Platform-IAC\core\bicep\main.bicep(326,63) : Error BCP018: Expected the "," character at this location.
C:\Git\Data-Platform-IAC\core\bicep\main.bicep(368,14) : Error BCP062: The referenced declaration with name "keyVaultFirewallRules" is not valid.
C:\Git\Data-Platform-IAC\core\bicep\main.bicep(384,14) : Error BCP062: The referenced declaration with name "keyVaultFirewallRules" is not valid.
These error messages point to line 326, 368, and 384. I'd have a look there.
326 is var keyVaultFirewallRules = map(KVFirewallRules, FirewallRule => FirewallRule.CIDR)
which takes info from the array that I posted earlier
368 is keyVaultFirewallRules being passed to the module for keyvault specifically this part ipRules
networkAcls: {
defaultAction: networkAclsDefaultAction
bypass: networkAclsBypass
ipRules: [for rule in ipRules: {
value: rule
}]
virtualNetworkRules: virtualNetworkRules
}
I can't see how the code is wrong, as the file is deploying a key vault with the ips from the variable that i have made. Its been working for months, and I thought I would run PSRule against it to see how it compared, and PSRule is failing. Not the build.
@maxricketts Thanks for the additional context. If the code is only failing through PSRule then there must be something going on.
Is the same version of Bicep still reported in the error message Invoke-PSRule: Bicep (0.4.1124) compilation
. Or has it updated to the latest version?
@BernieWhite - Invoke-PSRule: Bicep (0.4.1124) compilation of
is still there after the update.
@maxricketts The error message is created by the Bicep CLI so the problem is occurring because an old version is still being used. If you have updated the CLI then there must be two versions installed and PSRule is using the old version.
See Setup Bicep for details on how to set the required environment variables if the default path variable is not working for your configuration.
@BernieWhite - Looks like I had two versions of Bicep installed, and i have now removed the old one.
Invoke-PSRule: Failed to expand bicep source 'C:\Git\Data-Platform-IAC\customerEngagement\bicep\main.bicep'. Exception calling "GetBicepResources" with "3" argument(s): "Unable to expand resources because the source file 'C:\Git\Data-Platform-IAC\customerEngagement\bicep\main.bicep' was not valid. An error occurred evaluating expression '[variables('keyVaultFirewallRules')]' line 772. An error occurred evaluating expression '[map(variables('KVFirewallRules'), lambda('FirewallRule', lambdaVariables('FirewallRule').CIDR))]' line 190. The function "map" was not found."
I am also getting the below. But not sure if this is related
Invoke-PSRule: Failed to expand bicep source 'C:\Git\Data-Platform-IAC\sqlDataStores\bicep\main.bicep'. Exception calling "GetBicepResources" with "3" argument(s): "Unable to expand resources because the source file 'C:\Git\Data-Platform-IAC\sqlDataStores\bicep\main.bicep' was not valid. An error occurred evaluating expression '[reference(resourceId('Microsoft.Resources/deployments', format('azureStorageSqlVADeployment-{0}', parameters('utcDateTime'))), '2020-10-01').outputs.StorageAccountEndpoints.value.blob]' line 726. Cannot access child value on Newtonsoft.Json.Linq.JValue."
Also in some of our deployments we use multiple parameter.json files in the same root as the bicep file used to deploy. We have multi param files for different environments and use the pipelines to use the right one for the deployment. We pass them is an object in the main bicep file, but PSRule is complaining that object has nothing in it. Is there a way in the invoke-psrule command to specify the parameters.josn file to use?
@maxricketts By default PSRule assumes no parameter files are required for Bicep code.
If you are using parameter files you can use metadata to link one or many parameter files to your Bicep module. Then typically you would exclude the Bicep files so they are not evaluated directly.
See using parameter files for details on how to set this up.
In terms of Invoke-PSRule: Failed to expand bicep source 'C:\Git\Data-Platform-IAC\sqlDataStores\bicep\main.bicep'. Exception calling "GetBicepResources" with "3" argument(s): "Unable to expand resources because the source file 'C:\Git\Data-Platform-IAC\sqlDataStores\bicep\main.bicep' was not valid. An error occurred evaluating expression '[reference(resourceId('Microsoft.Resources/deployments', format('azureStorageSqlVADeployment-{0}', parameters('utcDateTime'))), '2020-10-01').outputs.StorageAccountEndpoints.value.blob]' line 726. Cannot access child value on Newtonsoft.Json.Linq.JValue."
I don't think this would be caused by this, but double check and let me know.
If Cannot access child value on Newtonsoft.Json.Linq.JValue.
is a new issue, if you can log this separately that would be great to allow others to find this issue in the future.
Outside of that I think we have resolved the original problem. Are you ok for me to close this issue?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.
This issue was closed because it has not had any recent activity.
Description of the issue
I am using a var array to input IP addresses and names for use in network restrictions in resources (example 1).
Then remap some of it to use in Key vaults that only take a CIDR input (example 2)
This is passed to a module as an array, and the deployed Key Vault has the correct IP's listed in the network restrictions.
I am getting the following error after running
invoke-PSRule -Module 'PSRule.Rules.Azure' -Format File -f .
example1
Module in use and version:
2.5.3 PSRule
1.21.2 PSRule.Rules.Azure
Captured output from
$PSVersionTable
: