search

Azure / bicep-types-az

Bicep type definitions for ARM resources
MIT License
84 stars 27 forks source link

Unable to rerun code for Microsoft.Network/networkVirtualAppliances and a firewall is connected #2218

Open JonasCordsen opened 2 months ago

JonasCordsen commented 2 months ago

Bicep version Bicep CLI version 0.28.1 (ba1e9f8c1e)

Describe the bug When creating a vWan hub with a secure hub using PaloAlto (PaloAltoNetworks.Cloudngfw/firewalls) it needs a NVA that is required to be created Creating the resource works fine, but rerunning the code will set the deployment to fail with the error "NvaAccessDeniedForTheApp"

To Reproduce Create a vwan with a paloAlto FW and the NVA resource with the following code, when the firewall is deployed

resource firewallNVA 'Microsoft.Network/networkVirtualAppliances@2023-11-01' = if(!existingNVA) {
  name: '${firewallName}-nva'
  location: location
  properties: {
    virtualHub: {
      id: virtualHubId
    }
    delegation: {
      serviceName: 'PaloAltoNetworks.Cloudngfw/firewalls'
    }
  }
}
stephaniezyen commented 2 months ago

This is a Microsoft.Network RP issue - there are several issues with idempotency with this RP. Please open a support ticket with this team and we will try to route it on our end.