stephaniezyen
commented
2 months ago Thanks for sharing - this is an ARM backend change, and we've added the task to our internal work board. We will update this task as the work progresses!
Open maartengo opened 3 months ago
stephaniezyen
commented
2 months ago Thanks for sharing - this is an ARM backend change, and we've added the task to our internal work board. We will update this task as the work progresses!
rouke-broersma
commented
2 months ago Thanks for sharing - this is an ARM backend change, and we've added the task to our internal work board. We will update this task as the work progresses!
Just for additional context, this has worked fine for years and has recently (last month or two) stopped working. This has impacted all our existing deployment scripts. We also have an open support case about this.
alex-frankel
commented
2 months ago @rouke-broersma - if this is still happening for you, can you include me in the email thread with support? (alfran@microsoft.com). If we somehow shipped a breaking change like this, we want to make sure it gets resolved ASAP.
maartengo
commented
2 months ago @rouke-broersma - if this is still happening for you, can you include me in the email thread with support? (alfran@microsoft.com). If we somehow shipped a breaking change like this, we want to make sure it gets resolved ASAP.
I'm in the same team as @rouke-broersma. We can still reproduce the error. I've added you to the mail thread.
monikanagy
commented
1 month ago I also experience the same.
To reproduce I follow the example given in the documentation (Create resource group and resources).
Any progress in resolving this? @alex-frankel
maartengo
commented
1 month ago @monikanagy I can give an update:
The resolution of the support ticket is as follows:
To use the example at the top of this thread;
Update the run.bicep file (can also be done in the sub-module.bicep) to include an output as parameter:
module outputter 'module-with-output.bicep' = {
name: 'output-module'
}
module test 'sub-module.bicep' = {
scope: subscription()
name: 'deploy-sub'
params: {
resourceGroupName: 'my-rg'
unusedParam: outputter.outputs.validationBypass
}
}There are plans to improve the validation of deployments, which is currently aimed to fix that the short-circuiting will occur less. This issue is also taken into account in the validation improvement plans.
TLDR:
monikanagy
commented
1 month ago @maartengo The described workaround works, thank you for sharing it!
But I am confused by the following statement in your reply:
- The case as described in this issue (Validation fails on resource group that doesn't yet exist #14718) is working as intended, for now. That is; it is expected that validation will fail in this scenario, because it cannot currently validate that the resource group will be created.
How can it be expected when it is included in the documentation that this should work and there are code snippets showing how to do it? Of course what's there does not work, but I expect that it did at one point, or why is it documented if it's not an actual feature? I do not expect the answer from you, I guess you also just got this response on your support request.
rouke-broersma
commented
1 month ago @maartengo The described workaround works, thank you for sharing it!
But I am confused by the following statement in your reply:
- The case as described in this issue (Validation fails on resource group that doesn't yet exist #14718) is working as intended, for now. That is; it is expected that validation will fail in this scenario, because it cannot currently validate that the resource group will be created.
How can it be expected when it is included in the documentation that this should work and there are code snippets showing how to do it? Of course what's there does not work, but I expect that it did at one point, or why is it documented if it's not an actual feature? I do not expect the answer from you, I guess you also just got this response on your support request.
The case in the documentation works perfectly fine and was probably migrated from arm docs.
It is not working when using runtime computed parameters, because currently arm validation short circuits when params are computed. This causes the validation to not have the context that the resource groups would be created (since validation on rg creation is not performed). This wasn't really a big problem before bicep because using subdeployments was way too much effort in arm json. They probably decided that the short circuit was an accepted workaround at the time.
The short circuit is intended, so the scenario not working is 'as intended'.
Now that bicep exists where modules are ubiquitous, and since every module is a subdeployment, the validation short circuit workaround needs to be fixed. Which is being worked on.
Note that none of this has been directly communicated to me and that some of the details won't be completely correct but overall I'm pretty sure this is why support calls it intended behavior.
Bicep version Bicep CLI version 0.29.47 (132ade51bc)
Describe the bug
Deployment validation fails when a module has a resourceGroup scope for a resource group that doesn't yet exist, but is created in preceding module.
To Reproduce
run.bicep
sub-module.bicep:
az deployment group create --name 'myDeployment' --resource-group 'myResourceGroup' --template-file run.bicepProduces:
Additional context
This isn't really a bicep issue, but I expect others to first search in the issues here.
What is interesting; this does work when directly calling
az deployment sub create ...on thesub-module.bicep