search

Azure / PSRule.Rules.Azure

Rules to validate Azure resources and infrastructure as code (IaC) using PSRule.
https://azure.github.io/PSRule.Rules.Azure/
MIT License
394 stars 86 forks source link

Using @batchSize(1) in Bicep causes: Error BCP057: The name "batchSize" does not exist in the current context. #1935

Closed JasonPaape closed 1 year ago

JasonPaape commented 1 year ago

Description of the issue

When using @batchSize (which controls parallelism) in Bicep, as shown in the example below, it will cause PSRule to error with this error message: Error BCP057: The name "batchSize" does not exist in the current context.

To Reproduce

Steps to reproduce the issue:

Create the following batchSizeBug.bicep. This template creates sqlRoleAssignments in Cosmos, but that is irrelevant.

param resourceName string = 'cosmos-repro'
param servicePrincipalIds array = [
  'a'
  'b'
]
var dataContributorRoleId = '00000000-0000-0000-0000-000000000002'

resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-01-15' existing = {
  name: resourceName
}

@batchSize(1)
resource repro 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2021-10-15' = [ for servicePrincipalId in servicePrincipalIds: {
  name: 'repro/${servicePrincipalId}'
  properties: {
    roleDefinitionId: '${subscription().id}/resourceGroups/${resourceGroup().name}/providers/Microsoft.DocumentDB/databaseAccounts/${resourceName}/sqlRoleDefinitions/${dataContributorRoleId}'
    principalId: servicePrincipalId
    scope: databaseAccount.id
  }
}]

Use the following ps-rule.yaml

configuration:
  AZURE_BICEP_FILE_EXPANSION: true

input:
  pathIgnore:
  - '*'
  - '!batchSizeBug.bicep'

Run the following PowerShell command: Assert-PSRule -Module 'PSRule.Rules.Azure' -InputPath '.\batchSizeBug.bicep' -Format File

The error will occur. Comment out the @batchSize(1) and the error will go away.

Module in use and version:

2.6.0               PSRule
1.22.0              PSRule.Rules.Azure
BernieWhite commented 1 year ago

@JasonPaape Thanks for reporting the issue.

This appears to be a Bicep CLI issue as BCP057 is the error code returned from Bicep.

Are you able to confirm you are running the latest version of Bicep, v0.13.1?

Updating the CLI tool should address the issue.

JasonPaape commented 1 year ago

@BernieWhite Yes, I confirm I am on Bicep 0.13.1

az bicep version Bicep CLI version 0.13.1 (e3ac80d678)

I just tried this again with my Bicep that uses @batchSize(1) and the problem still happens.

From my one of my Bicep templates...

... @batchSize(1) resource dataContributorSqlRoleAssignmentServicePrincipal 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2021-10-15' ...

Running: Assert-PSRule -Module 'PSRule.Rules.Azure' -InputPath '.' -Format File -OutputFormat Markdown -OutputPath 'PSRule-results.md'

Produces this error: cosmosRbac.bicep(69,2) : Error BCP057: The name "batchSize" does not exist in the current context.

BernieWhite commented 1 year ago

@JasonPaape Still can't replicate this one.

What I think is happening, is that you have two instances of Bicep installed. One via the az bicep command and the second via the Bicep CLI bicep.

PSRule for Azure defaults to the bicep CLI. I think this version is older then v0.13.1.

As a result, the latest pre-release version (v1.25.0-B0035) introduces some additional options.

configuration:
  # Enable Bicep CLI checks.
  AZURE_BICEP_CHECK_TOOL: true

  # Configure the minimum version of the Bicep CLI.
  AZURE_BICEP_MINIMUM_VERSION: '0.13.0'

Configure these in your environment and see how you go.

If you want to use the Bicep via the Azure CLI set the PSRULE_AZURE_BICEP_USE_AZURE_CLI environment variable to true.

I hope that solves the issue. Let me know.

JasonPaape commented 1 year ago

@BernieWhite Thanks for your response. You were absolutely right. I had an older version of the bicep CLI. I ran "choco upgrade bicep" to get to the latest version:

bicep --version Bicep CLI version 0.14.85 (f4a4d485ba)

Then I ran PSRule and this issue no longer happened. So, closing this bug. Thanks again. :-)