Open lewismclean opened 1 year ago
alex-frankel
commented
1 year ago This looks like you would like either a new resource type or a modification to an existing resource's API. Moving this to bicep-types-az so it can be routed to the Network team.
microsoft-github-policy-service[bot]
commented
11 months ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub. Please see https://aka.ms/biceptypesinfo for troubleshooting help.
pchettri3
commented
10 months ago any update on this one. This make the resource deployent anti-idempotent
pchettri3
commented
10 months ago Figured out the managed instance by adding all NSG and RT manually after decompilte
riosengineer
commented
10 months ago Figured out the managed instance by adding all NSG and RT manually after decompilte
Yeah this is what I had to do post initial deployment. For anyone who stumbles across this, I’ve uploaded the rules for v11 networking intent here in Bicep:
https://gist.github.com/riosengineer/3cbb4bf725030d0ee54f3944a35427d8
Is your feature request related to a problem? Please describe.
I found it very fiddly to work with SQL Managed Instance, the resource requires a predefined network intent policy, set of rules on the NSG so it can be deployed. The first deployment is usually fine as Azure in the backend will add these SqlManagement rules, but adding your own NSG configuration can prove to be troublesome, and there is often conflicts when deploying.
Having these rules manually configured within my bicep may also cause problems in the future when the rules are updated and no longer match my bicep configuration, leading to my pipeline failing and having to go through and open a PR.
https://learn.microsoft.com/en-gb/azure/azure-sql/managed-instance/connectivity-architecture-overview?view=azuresql&tabs=current#mandatory-security-rules-with-service-aided-subnet-configuration
Describe the solution you'd like
I'd like to see a resource type where I can define a network intent policy for my sepecific resource, whether that's datawarehouse or SQL Managed Instance (eg. Microsoft.Network/NetworkIntentPolicy/SqlManagedInstance) etc that I can concat with the rules I would like to add.