search

Azure / bicep-types-az

Bicep type definitions for ARM resources
MIT License
81 stars 26 forks source link

Bicep Microsoft.Cdn/profiles/securityPolicies Is not idempotent #1754

Open danielciulei opened 1 year ago

danielciulei commented 1 year ago

Bicep version 0.19.5

Describe the bug Rerunning the bicep deployment for a frontdoor security policy I get an error that it's already attached. It's running great the first time but bicep is supposed to be idempotent so this should not fail with an error if it's already attached.

{"code":"BadRequest","message":"Web Application Firewall Policy is already attached to AFDX profile."}

To Reproduce I'm trying to run something like this multiple times without failing the second time it runs:

resource FrontDoorProfile 'Microsoft.Cdn/profiles@2021-06-01' existing = {
  name: parFrontDoorName
}

resource frontDoorWafPolicy 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies@2022-05-01' existing = {
    name: parWafPolicyName
}

resource FrontDoorSecurityPolicy 'Microsoft.Cdn/profiles/securityPolicies@2020-09-01' = {
  parent: FrontDoorProfile
  name: '${deploymentId}-FrontDoorSecurityPolicy'
  properties: {
    parameters: {
      type: 'WebApplicationFirewall'
      wafPolicy: {
        id: frontDoorWafPolicy.id
      }
      associations: [
        {
          domains: [
            {
              id: parPortalCustomDomainId
            }
            {
              id: parPortalCustomUsDomainId
            }
            {
              id: parPortalCustomEuDomainId
            }
            {
              id: parApiCustomDomainId
            }
          ]
          patternsToMatch: [
            '/*'
          ]
        }
      ]
    }
  }
}

Additional context In order for this to work I must delete the policy association and rerun it. As a workaround I could use powershell to remove it beforehand but bicep is supposed to be idempotent.

c0st1nn commented 1 year ago

any update on this?

microsoft-github-policy-service[bot] commented 10 months ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @t-bzhan, @gxue. Please see https://aka.ms/biceptypesinfo for troubleshooting help.

pankajagrawal16 commented 2 months ago

This issue is impacting me as well.

chrisburger90 commented 2 months ago

Same here. Unfortunately even though I can build an array for the existing domains, I can't use that in the domains property because of this:

The enclosing array expected an item of type "ActivatedResourceReference", but the provided item was of type "(object | object)[]

davidnorrishill commented 1 month ago

I also have this same issue!